Welcome to your ultimate guide for Real-Time Cyber Threat Detection and Mitigation quiz answers! Whether you’re completing practice quizzes to enhance your skills or preparing for graded quizzes to test your knowledge, this guide has you covered.
Covering all course modules, this resource will teach you essential techniques for detecting and mitigating cyber threats in real-time, using modern tools like intrusion detection systems (IDS), behavioral analysis, threat intelligence, and automated response systems to protect networks and data.
Real-Time Cyber Threat Detection and Mitigation Quiz Answers – Graded Quizzes for All Modules
Table of Contents
Real-Time Cyber Threat Detection and Mitigation Module 01 Quiz Answers
Q1. Security through obscurity implies which of the following?
Correct Answer: Proprietary software might be best kept secret
Explanation: Security through obscurity refers to the practice of keeping the design or implementation of a system secret to avoid attackers discovering its weaknesses. In this case, proprietary software might be kept secret as a means of hiding vulnerabilities.
Q2. Which of the following is a true statement?
Correct Answer: None of the above
Explanation: The statements about TCP/IP interoperability and security are inaccurate. TCP/IP is essential for network communication, and while it supports encryption, it’s not inherently better than analog crypto, nor is interoperability waning. Security designers need to work with TCP/IP, not avoid it.
Q3. The information that comprises a TCP/IP five-tuple includes which of the following?
Correct Answer: One source IP address, one destination IP address, two ports, and one protocol
Explanation: A TCP/IP five-tuple consists of the source IP address, destination IP address, source port, destination port, and the protocol being used.
Q4. IP spoofing is intended to produce which of the following consequences?
Correct Answer: Deceptive sender
Explanation: IP spoofing involves faking the source IP address of a packet to deceive the recipient into thinking the packet is from a trusted source.
Q5. TCP sequence numbers are protected by which of the following means?
Correct Answer: Randomness
Explanation: TCP sequence numbers are typically protected through the use of random values to make it difficult for attackers to predict the sequence and successfully hijack a session.
Q6. Which threats result directly from packet floods?
Correct Answer: Disclosure, Integrity, and Fraud
Explanation: Packet floods, such as DDoS attacks, can compromise the confidentiality, integrity, and availability of a system, leading to disclosure of sensitive information, data integrity issues, and potential fraud.
Q7. Why is the ACK packet so useful in establishing access decisions in a TCP/IP gateway?
Correct Answer: It is 1 when it is the first packet in a TCP session
Explanation: In TCP, the ACK flag is set to 1 during the handshake process, indicating the first packet in a session. This helps in establishing whether the session is valid for further communication.
Q8. Firewalls separate:
Correct Answer: Networks from networks
Explanation: Firewalls act as barriers between different networks, controlling the flow of traffic between them and ensuring that only authorized traffic is allowed.
Q9. Which of the following is a true statement?
Correct Answer: Stateless firewalls forget context
Explanation: Stateless firewalls treat each packet independently, without retaining information about previous packets or sessions, thus “forgetting” context.
Q10. Which of the following is a false statement?
Correct Answer: UDP packets with ACK bit set to 1 are suspicious
Explanation: UDP is a connectionless protocol and does not use the ACK bit. If a UDP packet has an ACK bit, it is unusual, but the statement that it is suspicious is misleading because UDP itself doesn’t use the ACK bit for packet acknowledgment.
Real-Time Cyber Threat Detection and Mitigation Module 02 Quiz Answers
Q1. Packet filtering is used to achieve which of the following?
Correct Answer: None of the above
Explanation: Packet filtering is primarily used to control network traffic based on predefined rules, but it does not directly achieve policy auditing, logging of packets, two-factor authentication, or crypto-protection.
Q2. Which of the following is a true statement?
Correct Answer: None of the above
Explanation: Packet filters do not use the TCP ACK bit to make decisions about policy or blocking. The ACK bit is used in the TCP handshake and connection management, but packet filters typically focus on other aspects such as IP addresses and port numbers.
Q3. Packets coming inbound from an internal (IN) source IP address should be viewed as which of the following?
Correct Answer: Probably spoofed
Explanation: Inbound packets from an internal source IP address may indicate IP spoofing, as legitimate internal traffic typically does not originate from within the network. This could be an attempt to disguise the source.
Q4. Default firewall blocking involves which of the following?
Correct Answer: Includes no rules by default
Explanation: In most firewalls, the default behavior is to allow no traffic until explicit rules are defined. This is a security measure to prevent unauthorized access.
Q5. Enterprise outbound firewall rules to allow port 80 access are designed to do which of the following?
Correct Answer: Keep Web malware contained
Explanation: Allowing port 80 access (HTTP) ensures that users can access websites, but it also helps to control web traffic and contain potential web-based malware by monitoring outbound connections.
Q6. Which of the following is a true statement?
Correct Answer: Enterprise access to external telnet servers is enabled by firewall rules on port 23
Explanation: Telnet typically operates over port 23, and firewall rules allow or block access to external Telnet servers by controlling traffic on this port.
Q7. The conventional FTP protocol is generally viewed as enabling bad enterprise security by packet filters for which of the following reasons?
Correct Answer: It requires bidirectional session initiation based on ports and addresses.
Explanation: FTP requires both inbound and outbound connections to be established dynamically, making it difficult to secure using packet filtering because it uses multiple ports and addresses for session initiation.
Q8. Which of the following is a true statement?
Correct Answer: All of the above
Explanation: Proxies can enhance security, but bad setup can create vulnerabilities. Proxies operate as man-in-the-middle devices, and their functionality can be complicated by encryption, especially with SSL/TLS traffic.
Q9. Forward proxies protect which of the following?
Correct Answer: Enterprise clients
Explanation: Forward proxies act as intermediaries between enterprise clients (such as users or devices) and the internet, helping to manage and secure outbound traffic.
Q10. Which of the following is a true statement?
Correct Answer: Packet filters are firewalls
Explanation: A packet filter is a fundamental type of firewall that controls traffic based on predefined rules about the headers of packets.
Real-Time Cyber Threat Detection and Mitigation Module 03 Quiz Answers
Q1. Packet filters are often positioned in which of the following locations?
Correct Answer: All of the above
Explanation: Packet filters can be positioned in various places such as the enterprise DMZ, the enterprise perimeter, and between two networks, depending on the desired security architecture.
Q2. The biggest disadvantage of a full DMZ versus a simple packet filter is which of the following?
Correct Answer: Probably more added cost
Explanation: A full DMZ involves more complex network architecture and hardware, which increases the cost compared to a simple packet filter solution.
Q3. Which of the following is a true statement regarding management by exception?
Correct Answer: It involves looking for differences from normal
Explanation: Management by exception focuses on identifying unusual activity or deviations from the norm to detect potential security issues, rather than reviewing all activity.
Q4. System auditing is useful to help avoid which of the following attacks?
Correct Answer: All of the above
Explanation: System auditing helps in identifying and preventing various types of attacks, including insider attacks, outside attacks, automated attacks, and fraud by monitoring and logging system activity.
Q5. HIDS differs from NIDS in what manner?
Correct Answer: One is “host” IDS and the other is “network”
Explanation: HIDS (Host-based Intrusion Detection System) monitors activity on individual hosts or devices, while NIDS (Network-based Intrusion Detection System) monitors network traffic across multiple devices.
Q6. The biggest challenge to signature-based security for detecting malware is which of the following?
Correct Answer: Variants
Explanation: Signature-based security methods struggle to detect new or modified versions of malware (variants) that do not match known signatures in the database.
Q7. Which of the following is a true statement regarding SIEMs?
Correct Answer: SOCs typically use SIEMs
Explanation: Security Information and Event Management (SIEM) systems are typically used by Security Operations Centers (SOCs) to monitor, analyze, and respond to security threats in real time.
Q8. Which of the following is a true statement?
Correct Answer: Perimeter protection works poorly on enterprise networks
Explanation: Perimeter protection is less effective in modern enterprise networks due to factors like mobile devices and cloud services, which often bypass traditional network perimeters.
Q9. Automation in a SOC is a good idea for which of the following?
Correct Answer: It reduces response cycle times
Explanation: Automation in a Security Operations Center (SOC) helps to quickly detect, analyze, and respond to security incidents, reducing the time it takes to address potential threats.
Q10. Which of the following is a true statement?
Correct Answer: SOC is implied by SIEM
Explanation: A Security Operations Center (SOC) often relies on SIEM systems for monitoring and responding to security events. SIEM tools provide the data and insights that SOCs need to perform their tasks.
Real-Time Cyber Threat Detection and Mitigation Module 04 Quiz Answers
Q1. Perimeters exhibit which of the following weaknesses?
Correct Answer: All of the above
Explanation: Perimeter security can have multiple weaknesses, including clashes between management and audit, weak performance, too many rules, and too few policy controls, all of which can undermine its effectiveness.
Q2. Advanced persistent threats (APTs) exfiltrate data through which of the following weaknesses?
Correct Answer: Open remote access into the LAN
Explanation: APTs typically exploit vulnerabilities in remote access into a network (LAN) to exfiltrate data, often bypassing traditional perimeter defenses.
Q3. Third party security is best accomplished through which of the following?
Correct Answer: All of the above
Explanation: Third-party security is best managed through a combination of contracts, service level agreements (SLAs), monitoring, and vetting to ensure the security of external partners and suppliers.
Q4. DDOS attacks at layer 3 are characterized by which of the following?
Correct Answer: Volume
Explanation: Distributed Denial of Service (DDoS) attacks at layer 3 typically rely on high volumes of traffic to overwhelm network resources and cause disruption.
Q5. Which of the following techniques reduce DDOS risk?
Correct Answer: All of the above
Explanation: Techniques such as protocol redesign, network traffic obscuring, and network traffic redirection can all help reduce the risk of DDoS attacks.
Q6. Which is the following is a true statement?
Correct Answer: DDOS might involve spoofed sources
Explanation: DDoS attacks often involve spoofed source addresses to disguise the true origin of the attack and evade detection.
Q7. Third party attacks are tough to mitigate for which of the following reasons?
Correct Answer: All of the above
Explanation: Third-party attacks are difficult to mitigate because they are distributed, centralized, and exploit vulnerabilities that are challenging to manage remotely.
Q8. APTs are best mitigated through which of the following techniques?
Correct Answer: All of the above
Explanation: Mitigating Advanced Persistent Threats (APTs) requires a combination of architectural, policy, and procedural improvements to detect, respond to, and prevent sophisticated attacks.
Q9. Perimeter security exhibits which of the following?
Correct Answer: None of the above
Explanation: Perimeter security does not provide effective mitigation for insiders, and it is typically not sufficient for protecting against advanced persistent threats (APTs). It also does not provide standards-based protection in every case.
Q10. Which of the following is not a true statement?
Correct Answer: None of the above
Explanation: All the listed statements are true. DDoS attacks will increasingly involve cloud services, mobility, IoT devices, and will continue to grow in scale.
Select the Best Migration Choice Quiz Answers
Q1. The malicious client is sending a massive flood of SYN packets to the web server. Which of the following security mitigations choices (or none) is best for the web server administrator to employ to reduce the risk of this attack:
Correct Answer: None of the above.
Explanation: A flood of SYN packets is typically mitigated by techniques like SYN cookies or rate-limiting, rather than the measures listed here, which do not directly address the specific threat.
Q2. The malicious client is sniffing packets on the local LAN to detect any local activity of interest. Which of the following security mitigations would be best for the administrator of the local LAN to employ to reduce the risk of the malicious client inappropriately obtaining information from other LAN users:
Correct Answer: LAN encryption
Explanation: Encrypting traffic on the local LAN helps protect sensitive data from being intercepted by malicious clients sniffing the network.
Q3. The malicious client is sending a massive number of spoofed packets to the web server, resulting in response SYN/ACK packets being sent to the spoofed address, perhaps causing a flood condition for that system. Which of the following security mitigations would be best employed on the web server to deal with the massive number of spoofed packets:
Correct Answer: Running a DOS defense service in front of the web server that detects the flood of spoofed sources
Explanation: A dedicated Denial of Service (DoS) defense service can help mitigate the impact of the attack by detecting and filtering out the spoofed traffic.
Q4. The malicious client is repeatedly trying to use administrative commands to log into the web server. Which of the following security mitigations would be best for the:
Correct Answer: All of the above
Explanation: Positioning a firewall to filter unauthorized commands, improving password strength, and using an Intrusion Detection System (IDS) for detection are all effective measures for preventing or detecting brute force attacks on administrative accounts.
Q5. The malicious client is using a powerful scanning tool to launch scans against the web server. Which of the following security mitigations would be best for the administrator of the web server employ to reduce the risk of the scan:
Correct Answer: Minimizing the inbound services
Explanation: Reducing the number of exposed services on the web server minimizes the attack surface and reduces the opportunities for a scan to identify vulnerable services.
Q6. The malicious client recruits a botnet and launches a massive DDOS attack using a target DNS server that is sent requests spoofed as coming from the web server. Which of the following security mitigations would be best for the DNS administrator to consider using to reduce the risk of this attack:
Correct Answer: None of the above.
Explanation: Mitigating this type of attack typically requires actions like rate-limiting DNS requests, filtering spoofed traffic, or using DNS security features like DNSSEC, none of which are covered in the provided options.
Conclusion
We hope this guide to Real-Time Cyber Threat Detection and Mitigation Quiz Answers helps you master the strategies and tools needed to defend against real-time cyber threats and succeed in your course. Bookmark this page for quick reference and share it with your peers. Ready to enhance your cybersecurity expertise and ace your quizzes? Let’s get started!
Sources: Introduction to Cyber Attacks
Get All Course Quiz Answers of Introduction to Cyber Security Specialization >>
Introduction to Cyber Attacks Quiz Answers
Cyber Attack Countermeasures Quiz Answers
Real-Time Cyber Threat Detection and Mitigation Quiz Answers
Enterprise and Infrastructure Security Quiz Answers