Table of Contents
Network Security & Database Vulnerabilities Coursera Week 01 Quiz Answers
Introduction to the TCP/IP Protocol Framework
Q1. Which four (4) factors does a stateless firewall look at to determine if a packet should be allowed to pass?
- the source IP address
- the destination port
- the destination IP address
- the service or protocol used
Q2. Can a single firewall conduct both a stateless and stateful inspection?
- Yes, the stateless inspection is conducted first and then a stateful inspection is done.
Q3. True or False: An Intrusion Prevention System (IPS) is generally a passive device that listens to network traffic and alerts an administrator when a potential problem is detected?
Q4. Network Address Translation (NAT) typically conducts which of the following translations?
- A private network IP address to a public network IP address and vice versa.
Q5. Which type of NAT routing allows one-to-one mapping between local and global addresses?
Network Protocols over Ethernet and Local Area Networks
Q1. Which network layer do IP addresses belong to?
- The Network Layer
Q2. Which address assures a packet is delivered to a computer on a different network segment from the sender?
- The IP Address
Q3. A network device that is capable of sending and receiving data at the same time is referred to as which of the following?
- Full duplex
Q4. True or False: Collision avoidance protocols are critical to the smooth operation of modern networks.
Q5. Comparing bridges with switches, which are three (3) characteristics specific to a bridge?
- Virtual LANs are not possible.
- End-user devices share bandwidth on each port.
- Half-duplex transmission.
Q6. True or False: Switches solved the problem of network loops and improved the performance of multicast/broadcast traffic.
Basics of Routing and Switching, Network Packets and Structures
Q1. If a network server has four (4) network interface cards, how many MAC addresses will be associated with that server?
Q2. True or False: When you connect your laptop to a new network, a new IP address will be assigned.
Q3. What does the Address Resolution Protocol (ARP) do when it needs to send a message to a location that is outside its broadcast domain?
- ARP sends the message to the MAC address of the default gateway.
Q4. Routing tables are maintained by which of the following devices?
- On any network connected device.
Q5. What is the purpose of a default gateway?
- It forwards messages coming from, or going to, external networks.
Q6. If a message is being sent to a computer that is identified in the computer’s routing table, what type of connection would be established?
TCP/IP Framework ( Main Quiz )
Q1. What is meant by “stateless” packet inspection?
- It is a packet-by-packet inspection with no awareness of previous packets.
Q2. True or False: An Intrusion Detection System (IDS) is generally a passive device that listens to network traffic and alerts an administrator when a potential problem is detected?
Q3. True or False: The primary difference between an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) is that an IDS is designed as a passive system that listens and alerts while an IPS is an active system that is designed to take action when a problem is detected?
Q4. Which intrusion system does not add any delay to network traffic?
- Intrusion Detection System (IDS).
Q5. How does using Network Address Translation (NAT) provide an additional layer of security to your network?
- By hiding the real IP addresses of all the devices on your private network and exposing only a single public IP address.
Q6. Which type of NAT routing maps unregistered IP addresses to a single registered IP address allowing thousands of users to be connected to the Internet using only a single global IP address?
Q7. Which network layer do MAC addresses belong to?
- The Data Link Layer.
Q8. Which address assures a packet is delivered to a computer on the same network segment as the sender?
- The MAC address.
Q9. A network device that cannot send and receive data at the same time is referred to as which of the following?
- Half duplex
Q10. When a NIC reads a packet header and sees the destination address is not its own address, what does it do with the packet?
- It discards the packet.
Q11. Comparing bridges with switches, which are three (3) characteristics specific to a switch?
- Virtual LANs are possible.
- Full-duplex transmission.
- Each port is dedicated to a single device; bandwidth is not shared.
Q12. True or False: Switches can connect two geographically dispersed networks.
Q13. A network interface card’s MAC address is also known by which two (2) of the following? (Select 2)
- The physical address.
- The burn address.
Q14. What is the main function of the Address Resolution Protocol (ARP)?
- To translate a MAC address to an IP address and vice versa.
Q15. What does a router do when it needs to send a packet to an address that is not in its routing table?
- It forwards the packet to the default gateway.
Q16. What happens to messages sent from a computer that has no gateway address specified?
- Messages sent to other computers on the same subnet will be delivered but those destined to computers on other networks will not be delivered.
Q17. Which three (3) are types of routes found in a routing table?
Network Security & Database Vulnerabilities Coursera Week 02 Quiz Answers
Basics of IP Addressing ( Practice Quiz )
Q1. The binary (base 2) number “0101” is how much in decimal (base 10)?
Q2. The IP address range goes from 0.0.0.0 to 255.255.255.255 and is known as the “four octets”. Why are these 4 numbers called octets?
- The number 255 in decimal takes up 8 digits in binary.
Q3. How many octets are used to define the network portion of the IP address is a Class C network?
Q4. True or False: A routable protocol is a protocol whose packets may leave your network, pass through your router, and be delivered to a remote network.
Q5. True or False: The destination address is defined in the packet header but the source address is in the packet footer.
Q6. Which network mask belongs to a Class A network?
Q7. IPv6 changes the IP address from a 32-bit address used in IPv4 to a 128-bit address. Does this result in which of the following?
- Many billions of times as many possible IP addresses.
Q8. Which IPv4 addressing schema would you use to send a message to select group systems on the network?
TCP/IP Layer 4, Transport Layer Overview ( Practice Quiz )
Q1. True or False: Utilities such as TFTP, DNS, and SNMP utilize the UDP transport protocol.
Q2. True or False: The UDP transport protocol is faster than the TCP transport protocol.
Q3. Which four (4) of these are characteristic of the UDP transport protocol?
- Unordered data; duplicates possible
- No flow control
TCP/IP Layer 5, Application Layer Overview ( Practice Quiz )
Q1. What is the primary function of DNS?
- To translate domain names to IP addresses and vice versa.
Q2. How does a new endpoint know the address of the DHCP server?
- The endpoint sends a DHCP Discover broadcast request to all endpoints on the local network.
Q3. Which Syslog layer contains the actual message contents ?
- Syslog Content
Q4. True or False: Setting the correct Syslog Severity Level on systems helps keep the Syslog server from being flooded by the millions of messages that could be generated by these systems.
Q5. True or False: The Syslog message typically includes the severity level, facility code, originator process ID, a time stamp, and the hostname or IP address of the originator device.
Q6. Why is port mirroring used ?
- To provide a stream of all data entering or leaving a specific port for debugging or analysis work.
Firewalls, Intrusion Detection and Intrusion Prevention Systems ( Practice Quiz )
Q1. What is the main difference between a Next Generation Firewall (NGFW) and a traditional firewall ?
- NGFW use sessions.
Q2. True or False: Unlike traditional stateful firewalls, next-generation firewalls drill into traffic to identify the applications traversing the network.
Q3. What are the two (2) primary methods used by Intrusion Prevention Systems (IPS) to discover an exploit ?
- Statistical anomaly-based detection.
- Signature-based detection.
Q4. If your nontechnical manager told you that you must configure your traditional second-generation firewalls to block all users on your network from posting messages on Facebook from their office computers, how would you carry out this request ?
- You would have to block any IP addresses used by Facebook.
Clustering and High Availability Systems ( Practice Quiz )
Q1. Which condition should apply in order to achieve effective clustering and failover among your firewalls?
- All of the above.
Basics of IP Addressing and the OSI Model ( Main Quiz )
Q1. How would you express 15 in binary (base 2)?
Q2. How many octets are used to define the network portion of the IP address in a Class A network?
Q3. The device used to separate the network portion of an IP address from the host portion is called what?
- The subnet mask.
Q4. The IP header contains a time-to-live (TTL) value. How is this value expressed?
- The number of Layer 3 devices (hubs, routers, etc.) the packet is allowed to pass through before it is dropped.
Q5. Which is the host portion of this IP address 192.168.52.3/24?
Q6. Which network mask belongs to a Class C network?
Q7. Which IPv4 addressing schema would you use to send a message to all systems on the network?
Q8. Which three (3) of the following are legitimate IPv6 addressing schemas?
Q9. True or False: Utilities such as TFTP, DNS, and SNMP utilize the TCP transport protocol.
Q10. Which two (2) of these fields are included in a UDP header?
- Source Port
- Destination Port
Q11. Which four (4) of these are characteristic of the TCP transport protocol?
- Ordered data; duplicate detection
- Flow control
Q12. How does an endpoint know the address of the DNS server?
- It is manually configured in the network settings by the administrator or obtained from the DHCP server.
Q13. What is the primary function of DHCP?
- To automatically assign IP addresses to systems.
Q14. Which Syslog layer would handle the routing and storage of a Syslog message?
- Syslog Application
Q15. Which of the following flow data are gathered by utilities such as NetFlow?
- All of the above.
Q16. When a network interface card in operating in promiscuous mode, what action does it take?
- The NIC sends all packets to the CPU for processing instead of only those packets indicated for its MAC address.
Q17. If a packet is allowed to pass through an NGFW based upon the established firewall rules and a new session is established, how does the NGFW treat the next packet it encounters from the same session?
- Subsequent packets of the same session are automatically allowed.
Q18. If your non-technical manager told you that you must configure your next-generation firewalls (NGFW) to block all users on your network from posting messages on Facebook from their office computers, what would be the consequence of carrying out his order?
- No serious consequence, application-level inspection and blocking can be configured.
Q19. Monitoring network traffic and comparing it against an established baseline for normal use is an example of which form of intrusion detection?
- Statistical anomaly-based detection
Q20. Which are three (3) characteristics of a highly available system?
Network Security & Database Vulnerabilities Coursera Week 03 Quiz Answers
Types of Data ( Practice Quiz )
Q1. True or False: If all of your organization’s data is centralized in a small number of data centers then focusing security on perimeter defense is adequate to assure your data is safe.
Q2. Which two (2) of the following data source types are considered structured data?
- Distributed databases
- Data warehouses
Q3. Data that has not been organized into a specialized repository, but does have associated information, such as metadata that makes it more amenable to processing than raw data, is an example of which data model type?
- Semi-structured data
Q4. How are the tables in a relational database linked together?
- Through the use of primary and foreign keys.
Securing Databases ( Practice Quiz )
Q1. In the video Securing the Crown Jewels, the “Identification and Baseline” phase contains three (3) of the following items?
- Vulnerability Assessment
- Discovery & Classification
- Entitlements Reporting
Q2. In the video Leveraging Security Industry Best Practices, which US Government agency is a co-publisher of the Database Security Requirements Guide (SRG) ?
- Department of Defense (DoD)
Q3. For added security, a firewall is often placed between which of these?
- The database and the hardened data repository.
Q4. True or False: In a vulnerability assessment test, a new commercial database installed on a new instance of a major operating system should pass 80-90% of the vulnerability tests out-of-the-box unless there is a major flaw or breach.
Q5. Which of these hosting environments requires the enterprise to manage the largest number of different data sources?
- On Premises
Q6. While data security is an ongoing process, what is the correct order to consider these steps?
- Discover, Harden, Monitor & Protect, Repeat
A Data Protection Solution Example, IBM Security Guardium Use Cases ( Practice Quiz )
Q1. In setting up policy rules for data monitoring, what is the purpose of “exclude” rules?
- To exclude certain applications or safe activities from being logged.
Q2. True or False: Data monitoring products such as IBM Guardium can send access alerts to Syslog for manual intervention by a security analyst but must be connected to additional applications if automated interventions are desired.
Q3. To create auditable reports of data access using the IBM Guardium product, the administrator would do which of the following?
- Use the Audit Process Builder feature to automate the reporting process.
Q4. True or False: The IBM Guardium monitoring applications are capable of monitoring activities in non-relational databases such as Hadoop, Cognos, and Spark.
Q5. At a minimum, which 3 entities should be captured in any event log?
- Who or what committed the activity.
- When the activity took place.
- What activity took place.
Q6. True of False: In the IBM Guardium data monitoring tool, the number of failed login attempts that would trigger an alert are always counted since the last successful login.
Q7. Which activity should be considered suspicious and might indicate inappropriate activity is being attempted?
- Attempts are made to access data using nonstandard tools, such as MS Excel or MS Access, rather than through the application the data belongs to.
Q8. Which two (2) activities should be considered suspicious and warrant further investigation?
- Use of an Application ID from an IP that is different from what has been specified by the application owner.
- Use of an Application ID from a hostname that is different from what has been specified by the application owner.
Introduction to Databases ( Main Quiz )
Q1. Distributed databases, data warehouses, big data, and File shares are all classified as what?
- Data source types
Q2. Hadoop, MongoDB, and BigTable are all examples of which data source type?
- Big data databases
Q3. Data that has been organized into a formatted repository, typically a database, so its elements can be made addressable, is an example of which data model type?
- Structured data
Q4. Which of the following is the primary difference between a flat file database and a relational database ?
- All the data in a flat file database is stored in a single table.
Q5. In the video Securing the Crown Jewels, the “Real-Time Monitor & Protection” phase contains which three (3) of the following items ?
- Activity Monitoring
- Blocking & Quarantine
- Dynamic Data Masking
Q6. In the video Leveraging Security Industry Best Practices, where would you turn to look for help on establishing security benchmarks for your database ?
- Center for Internet Security (CIS).
Q7. Most of the time, how do users access data ?
- Through an application.
Q8. True or False: In a vulnerability assessment test, it is not uncommon to fail more than 50% of the tests before the operating system and database are hardened.
Q9. Which of these hosting environments requires the service provider to manage the largest number of different data sources ?
Q10. While data security is an ongoing process, what is the correct order to consider these steps ?
- Identification & Baseline, Raise the Bar, Real-time Monitor & Protection
Q11. To automatically terminate a session if an attempt is made to access data in a sensitive table, such as Social Security (SSN) ID numbers, you would set up which type of rule ?
- An Access rule.
Q12. True or False: Data monitoring products such as IBM Guarduim are fully capable of blocking access to sensitive data based upon access parameters configured in policy rules.
Q13. In which two (2) ways can security events collected by a data monitoring tool be logged to a security incident and event management (SIEM) system ?
- Configure bidirectional communication between the monitoring and SIEM systems, if available.
- Configure the monitoring system to write to the SIEM systems syslog file.
Q14. True or False: Data monitoring tools such as IBM Guardium are designed to monitor activities within a database, but external products, such as a privileged identity management (PIM) tool would be required to monitor changes to the data monitoring tool itself, such as the addition of new users or the alteration of existing user accounts.
Q15. True or False: In the IBM Guardium data monitoring tool, it is possible to create a report that shows not only how many SQL unauthorized access attempts were made by an individual, but also exactly which SQL statements were disallowed.
Q16. Which activity should be considered suspicious and might indicate inappropriate activity is being attempted ?
- Attempts are made to SELECT lists of usernames and passwords by a non-administrator account.
Q17. Which two (2) activities should be considered suspicious and warrant further investigation ?
- The data monitoring logging system was manually shut down.
- There were attempts to purge event logs.
Network Security & Database Vulnerabilities Coursera Week 04 Quiz Answers
Injection Vulnerability ( Practice Quiz )
Q1. Which operating system is susceptible to OS Command Injection attacks ?
- All operating systems are susceptible.
Q2. What is a possible impact of running commands thought OS shell interpreters such as sh, bash, cmd.exe and powershell.exe ?
- It makes it easier for a hacker to inject additional commands or arguments.
Q3. True or False: Safe coding practice avoides using OS commands when it can be avoided.
Q4. True or False: Safe coding practice always runs commands through a shell interpreter.
Q5. True or False: Safe coding practice uses library functions when running OS commands.
Q6. True or False: Safe coding practice uses blacklists and avoids the use of whitelists.
SQL Injection ( Practice Quiz )
Q1. A hacker tailoring his actions based on the database errors the application displays is an example of which type of SQL Injection attack ?
Q2. True or False: Use of prepared statements is an effective mitigation against SQL Injection attacks because it seperates the query structure from the query parameters.
Q3. True or False: Native database errors should be hidden from the user to prevent hackers from gaining insight into the internal structure of your application.
Q4. True or False: The use of object-relational mapping (ORM) libraries is a dangerous practice that can help hackers conduct successful SQL Injection attacks.
Deep Dive – Injection Vulnerability ( Main Quiz )
Q1. Which of the following statements is True ?
- Injection attacks were ranked #1 on the OWASP Top 10 list in 2013 and again in 2017.
Q2. Which vulnerability is being exploited in an OS Command Injection attack ?
- Poor user input sanitation and unsafe execution of OS commands.
Q3. What is a simple but effective way to protect against DLL hijacking ?
- Always use explicit paths to the commands or library applications.
Q4. True or False: Safe coding practice runs code with the least possible privilege.
Q5. True or False: Safe coding practice always specifies relative paths when running applications or using shared libraries.
Q6. True or False: Safe coding practice does not let user input reach an OS command unchanged.
Q7. A hacker exfiltrating data by injecting an HTTPrequest command is an example of which type of SQL Injection attack ?
- Out of Band
Q8. Protecting against SQL Injection attacks by sanitizing user input can be accomplished by which two (2) of the following techniques ?
- Use of mapping tables.
- Use of whitelists.
Q9. True or False: Limiting database user permissions is an ineffective strategy in preventing SQL Injection attacks since the injected code will run directly against the database regardless of the permission levels that have been set.
Q10. Which of the following will help reduce the SQL Injection attack surface ?
- Use of stored procedures.
Q11. When developing an application, using NoSQL instead of MySQL will have what effect on the applications susceptibility to SQL Injection attacks ?
- It will reduce, but not eliminate, the injection attack surface.
All Course Quiz Answers of IBM Cybersecurity Analyst Professional Certificate