Securing Software, Data and End Points Coursera Quiz Answers

Get All Weeks Securing Software, Data and End Points Coursera Quiz Answers

Week 01: Securing Software, Data and End Points Coursera Quiz Answers

Knowledge Check: Open Source versus Proprietary Software

Q1. For many years, the debate has raged in the software development community about what software is best: proprietary software or open source software. While there is no authoritative answer to this, it is an opportunity to compare the advantages and disadvantages of both.  Directions: Read each question and determine whether the advantage or disadvantage described applies to either open source or proprietary software.  (D1, L4.1)

More developers are contributing to the development and testing. This is considered an advantage of _____.

  • Open source
  • Proprietary

Q.2. If the vendor makes a mistake (bugs) or decides to add “unknown” features, these are more difficult to detect. This is considered a disadvantage of _____.

  • Open source
  • Proprietary

Q.3. Everyone has the ability to see the source code, including a potential threat actor. This is considered a disadvantage of _____.

  • Proprietary

Q.4. Source code is not available for general consumption. This is considered an advantage of _____.

  • Open source
  • Proprietary

Q.5. How do most vulnerabilities get into software systems?   (D7, L4.1)

  • Malware installation and execution
  • Social engineering manipulation
  • Stress induced by overuse, overheating or electromagnetic interference (EMI) 
  • Errors made by designers, coders, installers and maintainers 

Data Vulnerability Hunting Quiz Answer

Q.1. Organizations are typically in possession of huge amounts of data, much of which is subject to legal and regulatory protection requirements. While we know that an attacker may have many motives and might try to attack an organization in a variety of ways, an organization’s data is still the high-value target that drives many attacks. Different organizations and industries have a variety of valuable data that could potentially be vulnerable to attack.   Consider the following industries:  

  • Healthcare 
  • Finance (Banking)
  • Manufacturing 
  • Legal (Law enforcement) 

Much of the data will actually be common across all sectors such as employee and tax records. Generally speaking, while there is an obvious business need, there is also a legal obligation to protect such records. Look again at each of the industries listed and consider the unique data times and regulations to each by answering the following questions.   Directions: For each question, identify the industry based on the list of vulnerable data provided. (D7, L4.2) 

Statistics on population and wellness, research and development data, as well as administrative enrollment and billing records. 

  • Healthcare
  • Finance (Banking)
  • Manufacturing
  • Legal (Law enforcement)

Q.2. Records including debit or credit card transactions and distribution methods and patterns.

  • Healthcare
  • Finance (Banking) 
  • Manufacturing
  • Legal (Law enforcement) 

Q.3. Sensitive data such as details of ongoing investigations, evidence, criminal record history and case files.

  • Healthcare
  • Finance (Banking)
  • Manufacturing
  • Legal (Law enforcement)

Q.4. Records regarding customers, shipping logs and financial transitions. 

  • Healthcare
  • Finance (Banking) 
  • Manufacturing
  • Legal (Law enforcement)

Q.5 How do most vulnerabilities get into software systems?   (D7, L4.1)

  • Malware installation and execution
  • Social engineering manipulation
  • Stress induced by overuse, overheating or electromagnetic interference (EMI) 
  • Errors made by designers, coders, installers and maintainers 

Q.6. What are view-based access controls (VBACs) an example of? (D7, L4.2) 

  • Audit control 
  • Constrained user interface
  • Temporal constraint
  • Side channel

Week 02: Securing Software, Data and End Points Coursera Quiz Answers

Activity 2: Key Concepts Quiz Answer

Q.1. Directions: Match the type of malware to its description or potential impact.  (D7, L4.3)

The mechanism that the malware uses to target new victims and propagate.

  • Logic Bomb
  • Keylogger
  • Trojan
  • Payload
  • Worm
  • Vector
  • File Infector
  • Dropper

Q.2. The portion of the malware that actually carries out the malicious activity.  

  • Logic Bomb
  • Keylogger
  • Trojan
  • Payload
  • Worm
  • Vector
  • File Infector

Q.3. Malicious code that can release personal data, crash systems, etc.  

  • Logic Bomb
  • Keylogger
  • Trojan
  • Payload
  • Bot
  • Worm
  • Vector
  • File Infector
  • Virus
  • Dropper

Q.4. A form of Trojan that can be used to stop backups and open remote access backdoor. 

  • Logic Bomb
  • Keylogger
  • Trojan
  • Payload
  • Bot
  • Worm
  • Vector
  • File Infector
  • Virus
  • Dropper

Q.5 Malware often used in social engineering attacks. 

  • Logic Bomb
  • Keylogger
  • Trojan
  • Payload
  • Bot
  • Worm
  • Vector
  • File Infector
  • Virus
  • Dropper

Q.6. Can be used as a delivery agent for viruses to create “backdoors” into system and software.

  • Logic Bomb
  • Keylogger
  • Trojan
  • Payload
  • Bot
  • Worm
  • File Infector
  • Virus
  • Dropper

Q.7. A form of Trojan that captures, records and forwards all keyboard strokes to an attacker.

  • Logic Bomb
  • Keylogger
  • Trojan
  • Payload
  • Bot
  • Worm
  • Vector
  • File Infector
  • Virus
  • Dropper

Q.8. Used in script viruses to deliver malware. 

  • Logic Bomb
  • Keylogger
  • Trojan
  • Payload
  • Bot
  • Vector
  • File Infector
  • Virus
  • Dropper

Q.9. Can be attached to .exe files to deliver malware payload.

  • Logic Bomb
  • Keylogger
  • Trojan
  • Payload
  • Bot
  • Worm
  • Vector
  • File Infector
  • Virus
  • Dropper

Q.10 Attaches to network-enabled services to rapidly spread.

  • Logic Bomb
  • Keylogger
  • Trojan
  • Payload
  • Bot
  • Worm
  • Vector
  • File Infector
  • Virus
  • Dropper

Knowledge Check: Vulnerable Web Applications Quiz Answer

Q.1. Match the following (D7, L4.3). The table displays the answer option and corresponding description. Refer to this table when answering the questions below.

OptionDescription
AA portion of SQL code. This verbose error message might contain details of the database controlling the logins.
BCraft an attack where incorrect or untrusted data will create an injection attack.
CAn error message, such as an invalid login.
DA security misconfiguration that has occurred because of a lack of output sanitization. 
  • A
  • B
  • C
  • D

What should you see?

Q.2. What are you seeing?

  • A
  • B
  • C
  • D

Q.3. What vulnerability does it indicate?

  • A
  • B
  • C
  • D

Q.4. What might a malicious actor do next?

  • A
  • B
  • C
  • D

Knowledge Check: Malicious Code Countermeasures Quiz Answer

Q.1. Scenario: You are the SSCP for a small engineering company that manufactures parts for the automotive industry. Computerized numerical control (CNC) systems are used in much of the production equipment. You are considering the best way to protect the potential attack surface of the computers and servers that control the CNC machines when a colleague asks if you could answer a few questions regarding malicious code countermeasures. Directions: Provide your colleague with a yes or no answer for each question. (D7, L4.3)

Would hardening the systems be a good starting point?

  • Yes
  • No

Q.2. s there really an advantage to installing antivirus software on the CNC systems?

  • Yes
  • No

Q.3.Patching is an essential step to reduce the possibility of malware attacks. Do we need to wait to apply patches?

  • Yes
  • No

Which statement best describes a zero-day exploit?   (D7, L4.3) 

An attack performed using a vulnerability whose existence has just been published or reported on in CVE databases that day. 

An exploit of a vulnerability not known to the general user community, for which an attacker develops and uses an exploit as part of an attack. 

An exploit that doesn’t use forged security credentials but attempts to use genuine credentials. 

A term overused by news media in sensationalizing ransomware attacks.

Applied Scenario 1: Implement and Operate Endpoint Security Quiz Answer

Q.1. What risks might IMI be exposed to? Select all that apply. (D7, L4.4) 

  • Malware
  • Ransomware
  • Theft of sensitive or confidential data
  • Disruption to building controls
  • Tampering with the production and distribution process

Q.2. What IMI business units must be considered when it comes to implementing endpoint security? Select all that apply. (D7, L4.4)

  • Human Resources (HR)
  • Finance
  • Research and Development (R&D)
  • Design
  • Manufacturing 
  • Testing 
  • Quality Assurance 
  • Warehousing and Shipping
  • Marketing 

Q.3. How do we protect IMI’s systems against these risks? Select all that apply. (D7, L4.4) 

  • Audit IMI’s systems and perform a risk assessment 
  • Harden all endpoints 
  • Increase use of cryptographic protections 
  • Perform a physical risk assessment 
  • Formulate a risk management policy
  • Monitor and log all activity 
  • Establish SLAs with third parties 
  • Move to cloud-based solutions
  • Train users

Q.4. Scenario: You are working for an intercity bus company that provides its passengers with on-bus Wi-Fi service, supported by the same high-capacity link connection that allows the operations managers to monitor the vehicle’s location, speed, conditions, etc. This link also supports CCTV security of the interior and around the bus, and driver and conductor communications with the operations manager.  Which sets of endpoint security problems and solutions do you think are most critical to address?    (D7, L4.4) 

  • MDM, EDR and IoT 
  • ICS, BYOD and MDM 
  • IoT and BYOD 
  • SCADA, ICS and IoT 

Week 03: Securing Software, Data and End Points Coursera Quiz Answers

Chapter 4 Quiz: Securing Software, Data and Endpoints. Quiz Answer

Q.1 This quiz will help you to confirm your understanding and retention of concepts for this chapter. Please complete it by answering all questions, reviewing correct answers and feedback, and revisiting any chapter material you feel you need extra time with.

  1. This Assessment contains 10 objective item questions.
  2. Recommended time limit is 20 minutes, 2 minutes per question.
  3. Choose the best answer(s) for each question.
  4. You have unlimited attempts and may complete this assessment as many times as you would like.
  5. Passing grade for this quiz is 70%.
  6. Score of highest attempt will be calculated.

Your score and quiz report

  1. Each question carries 1 point.
  2. For each question, a 1/1 point indicates correct answer and 0/1 point indicates incorrect answer which you see upon quiz submission.
  3. Upon completion, you will be able to see your total number of attempts along with the score for each attempt.
  4. Your overall grade reflects the score of your highest attempt.
  5. Click on each attempt to view the completed quiz.
  • What is the key difference between a worm and a virus?​ (D7, L4.3)
  • A virus doesn’t require user assistance​ to replicate.
  • A worm doesn’t require user assistance​ to replicate.
  • A virus always causes physical damage​.
  • A worm always causes physical damage.

Q.2. What is software escrow service?​ (D7, L4.1)

  • A third-party contract to hold software source code​
  • A third party who holds decryption keys​
  • A financial agreement
  • A legal process

Q.3. What is the purpose of a software restriction policy?​ (D7, L4.1)

  • To make life harder for remote workers​
  • Because the organization had a purchase agreement with one vendor in place​
  • To prevent unlicensed software from being installed​
  • To support an SaaS agreement

Q.4. Which of the following is NOT a physical mechanism for data deletion? (D7, L4.2)

  • Shredders for paper records
  • Deleting or reformatting
  • Degaussing
  • Crypto-shredding

Q.5. Which of the following is NOT an advantage of application allowed/blocked listing?   (D7, L4.3)

  • Requires very little effort
  • Blocks most current malware
  • Prevents use of unauthorized applications
  • Does not require daily definition updates

Q.6. hy would we use a sandbox?​ (D7, L4.3)

  • It is a useful tool to de-stress in​.
  • It provides an isolated environment for testing.
  • It’s built into most software.
  • It’s required by law.

Q.7. What is a rootkit?​ (D7, L4.3)

  • A dental tool
  • An example of a worm
  • A type of virus
  • A type of remote access Trojan

Q.8. Which of the following is a security strategy for endpoints? (D7, L4.4)

  • Containerization
  • Encryption
  • Mobile application management (MAM)
  • All of these

Q.9 What type of attack is hyperjacking?​  (D7, L4.3)

  • A rootkit
  • A trogon
  • A virus
  • A worm

Q.10. Why is a social engineering attack most often successful?​ (D7, L4.3)

  • People are not interested in security
  • Users are lazy
  • People are too trusting
  • Users lack training
Get All Course Quiz Answers of (ISC)² Systems Security Certified Practitioner (SSCP)

Introducing Security: Aligning Asset and Risk Management Quiz Answers

Risk Management: Use of Access Controls to Protect Assets Quiz Answers

Cryptography Coursera Quiz Answers

Securing Software, Data and End Points Coursera Quiz Answers

Networks and Communications Security Coursera Quiz Answers

Cloud and Wireless Security Coursera Quiz Answers

Incident Detection and Response Coursera Quiz Answers

Maturing Risk Management Coursera Quiz Answers

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!