May 27, 2022 Last Updated: Jun 4, 2022 Introduction to Cybersecurity
Introduction to Cybersecurity Module 4: Protecting the Organization Quiz Answers
1. What is the correct definition of risk management?
- The process of transferring risks that cannot be eliminated or mitigated
- The process of identifying and assessing risk to determine the severity of threats
- The process of accepting risks that cannot be eliminated, mitigated or transferred
- The process of identifying and assessing risk to reduce the impact of threats and vulnerabilities
Explanation: Risk management is the formal process of continuously identifying and assessing risk in an effort to reduce the impact of threats and vulnerabilities.
2. Which of the following tools can be used to provide a list of open ports on network devices?
- Ping
- Tracert
- Nmap
- Whois
3. Which of the following tools can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks?
- NetFlow
- SIEM
- Nmap
- Snort
4. ‘Today, there are single security appliances that will solve all the network security needs of an organization.’
Is this statement true or false?
- True
- False
Explanation: There is no single security appliance or piece of technology that will solve all the network security needs in an organization.
5. What name is given to a device that controls or filters traffic going in or out of the network?
- Router
- VPN
- Firewall
- IPS
Explanation: A firewall is designed to control or filter which communications are allowed in and which are allowed out of a device or network.
6. What tool can identify malicious traffic by comparing packet contents to known attack signatures?
- IDS
- Zenmap
- Nmap
- NetFlow
7. What protocol is used to collect information about traffic traversing a network?
- HTTPS
- NetFlow
- Telnet
- NAT
Explanation: NetFlow technology is used to gather information about data flowing through a network, including who and what devices are in the network, and when and how users and devices access the network.
8. Behavior-based analysis involves using baseline information to detect what?
- Risk
- Anomalies
- Backdoors
- Vulnerabilities
9. What is the last stage of a pen test?
- Scanning
- Analysis and reporting
- Gathering target information
- Maintaining access
Explanation: The pen tester will provide feedback via a report that recommends updates to products, policies and training to improve an organization’s security.
10. ‘With careful planning and consideration, some risks can be completely eliminated.’
Is this statement true or false?
- True
- False
11. What is a security playbook?
- A collection of security alerts, logs and historical data from the network
- A collection of repeatable queries or reports that outline a standardized process for incident detection and response
- A step-by-step guide on how to carry out IT-related procedures
12. What is the main aim of a Cyber Security Incident Response Team (CSIRT)?
- To help client organizations improve their incident management capabilities
- To help ensure organization, system and data preservation by performing investigations into computer security incidents
- To enforce access to network resources by creating role-based control policies
- To provide guidance on the implementation of safeguards and personnel training
Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Chapter 4 Quiz Answers
Which tool can identify malicious traffic by comparing packet contents to known attack signatures?
- Nmap
- Netflow
- Zenmap
- IDS
Fill in the blank.A botnet is a group of compromised or hacked computers (bots) controlled by an individual with malicious intent.
Refer to the exhibit. Rearrange the letters to fill in the blank.The behavior-based analysis involves using baseline information to detect anomaly that could indicate an attack.
Which tool can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks?
- Netflow
- Snort
- Nmap
- SIEM
What is the last stage of the Cyber Kill Chain framework?
- remote control of the target device
- creation of malicious payload
- gathering target information
- malicious action
Fill in the blank.Any device that controls or filters traffic going in or out of the network is known as a firewall .
What type of attack disrupts services by overwhelming network devices with bogus traffic?
- brute force
- port scans
- zero-day
- DDoS
Which protocol is used by the Cisco Cyberthreat Defense Solution to collect information about the traffic that is traversing the network?
- HTTPS
- Telnet
- NAT
- NetFlow