Google Cybersecurity Professional Certificate Answers – Coursera
Prepare for a career as a cybersecurity analyst with a professional certificate from Google. Learn job-ready skills that are in-demand, like how to identify common risks, threats, and vulnerabilities, as well as the techniques to mitigate them.
Cybersecurity analysts are responsible for monitoring and protecting networks, devices, people, and data. They use a collection of methods and technologies to safeguard against outside threats and unauthorized access — and to create and implement solutions should a threat get through.
This certification is part of Google Career Certificates .
Complete a Google Career Certificate to get exclusive access to CareerCircle, which offers free 1-on-1 coaching, interview and career support, and a job board to connect directly with employers, including over 150 companies in the Google Career Certificates Employer Consortium.
All answers to pass this certification are only in our .PDF file, you can buy and download here:
Questions:
Indice del contenido
Course 1 – Foundations of Cybersecurity
Week 1
Test your knowledge: Introduction to cybersecurity
What are the three key elements of the CIA triad?
- Customer trust, increased revenue, and advancement
- Compliance standards, instructions, and access
- Confidentiality, integrity, and availability of information
- Continuity, invulnerability, and attainment of business goals
What are the primary responsibilities of an entry-level security analyst? Select three answers.
- Create compliance laws
- Protect information
- Search for weaknesses
- Monitor systems
- penetration tests
- software developments
- ethical hacking
- security audits
In what ways do security teams bring value to an organization? Select two answers.
- Protecting against external and internal threats
- Reducing business productivity
- Achieving regulatory compliance
- Increasing operational expenses
Test your knowledge: Core skills for cybersecurity professionals
- Written and verbal communication
- Problem-solving
- Analysis
- Programming
- Regulation writing
- Software development
- Data analysis
- Programming
- Business intelligence professionals
- Digital forensic investigators
- Security operations center analysts
- Ethical hackers
- Bank account numbers
- Email addresses
- Medical records
- Last names
Weekly challenge 1
- changing business priorities
- unauthorized access
- poor financial management
- market shifts
- changing business priorities
- unauthorized access
- poor financial management
- market shifts
or
- Installing prevention software
- Creating organizational policies
- Conducting periodic security audits
- Protecting computer and network systems
or
- Installing prevention software
- Creating organizational policies
- Examining in-house security issues
- Protecting computer and network systems
- Abusive
- Intentional
- Accidental
- Operational
- trade secrets
- hardware
- personal information
- business records
- Avoiding fines
- Recruiting employees
- Upholding ethical obligations
- Increasing productivity
- Having expertise with a specific procedure
- Understanding business standards
- Taking on-the-job training
- Using transferable skills
- employer
- event
- emergency
- enterprise
What do security professionals typically do with SIEM tools?
- Identify threat actors and their locations
- Locate and preserve criminal evidence
- Educate others about potential security threats, risks, and vulnerabilities
- Identify and analyze security threats, risks, and vulnerabilities
- An example of SPII is someone’s financial information.
- The theft of PII is often more damaging than the theft of SPII.
- Both PII and SPII are vulnerable to identity theft.
- An example of PII is someone’s date of birth.
or
- An example of PII is someone’s phone number.
- An example of SPII is someone’s biometric data.
- Only SPII is vulnerable to identity theft.
- PII is any information used to infer an individual’s identity.
or
- SPII is a type of PII that falls under stricter handling guidelines.
- The theft of SPII is often more damaging than the theft of PII.
- An example of SPII is someone’s last name.
- An example of PII is someone’s email address.
- poor financial management
- market shifts
- criminal exploitation
- changing business priorities
Which of the following entities may be an internal threat to an organization? Select three answers.
- Trusted partners
- Vendors
- Employees
- Customers
- Data breach
- Secured customer data
- Network infiltration
- Identity theft
Fill in the blank: An organization that is in regulatory compliance is likely to _____ fines.
- rectify
- avoid
- encounter
- incur
- Gaining new technical skills
- Improving management capabilities
- Understanding different perspectives
- Transferring capabilities from one career to another
- cybersecurity
- change-management
- planning
- business continuity
- Upgrading network capacity
- Installing detection software
- Conducting a security audit
- Ethical hacking
- Internal
- External
- Ethical
- Accidental
- Failing to maintain and secure user, customer, and vendor data
- Trying to gain access to an organization’s private networks
- Stealing personal information to commit fraud while impersonating a victim
- A data breach that affects an entire organization
- Resolving error messages
- Programming with code
- Software upgrades
- Computer forensics
What is regulatory compliance?
- Sites and services that require complex passwords to access
- Laws and guidelines that require implementation of security standards
- Expenses and fines associated with vulnerabilities
- Threats and risks from employees and external vendors
- monitoring
- mitigation
- maturity
- management
Which of the following proficiencies are examples of technical skills? Select two answers.
- Prioritizing collaboration
- Communicating with employees
- Applying computer forensics
- Automating tasks with programming
Week 2
- LoveLetter attack
- Morris worm
- Equifax breach
- Brain virus
- Malicious software being deployed
- Overtaxing systems with too many internal emails
- Theft of the organization’s hardware
- Employees inadvertently revealing sensitive data
Test your knowledge: The history of cybersecurity
- code
- sequencing
- hardware
- formatting
What is one way that the Morris worm helped shape the security industry?
- It prevented the development of illegal copies of software.
- It inspired threat actors to develop new types of social engineering attacks.
- It led to the development of computer emergency response teams.
- It made organizations more aware of the significant financial impact of security incidents.
What were the key impacts of the Equifax breach? Select two answers.
- Millions of customers’ PII was stolen.
- The significant financial consequences of a breach became more apparent.
- Developers were able to track illegal copies of software and prevent pirated licenses.
- Phishing became illegal due to significant public outcry.
- True
- False
Test your knowledge: The eight CISSP security domains
- domains
- data
- networks
- assets
- Security architecture and engineering
- Asset security
- Security and risk management
- Communication and network security
- Software development security
- Security assessment and testing
- Security operations
- Identity and access management
Why is it useful to understand the eight CISSP security domains? Select two answers.
- To develop programming skills
- To identify potential career opportunities
- To better understand your role within an organization
- To improve your communication skills
Weekly challenge 2
What is the term for software that is designed to harm devices or networks?
- Bug
- Social application
- Malware
- Error message
- LoveLetter attack
- Equifax breach
- Morris worm
- Brain virus
- network
- human
- computer
- coding
- type of malware
- replicating virus
- manipulation technique
- business breach
- Training about network optimization
- Training about business continuity
- Training about security architecture
- Training about social engineering
- Security assessment and testing
- Security architecture and engineering
- Identity and access management
- Security and risk management
- Validating the identities of employees
- Configuring a firewall
- Securing hardware
- Ensuring that effective systems and processes are in place
Which of the following tasks may be part of the asset security domain? Select all that apply.
- Ensuring users follow established policies
- Securing digital and physical assets
- Data storage and maintenance
- Proper disposal of digital assets
- Security assessment and testing
- Security and risk management
- Asset security
- Communication and network security
- Identity and access management
- Communication and network security
- Security assessment and testing
- Security and risk management
Which domain involves conducting investigations and implementing preventive measures?
- Security operations
- Security and risk management
- Asset security
- Identity and access management
- Security operations
- Security and risk management
- Asset security
- Identity and access management
Shuffle Q/A
Which of the following threats are examples of malware? Select two answers.
- Viruses
- Bugs
- Worms
- Error messages
- network
- communication
- social
- digital
Which of the following tasks may be part of the security operations domain? Select all that apply.
- Implementing preventive measures
- Investigating an unknown device that has connected to an internal network
- Conducting investigations
- Using coding practices to create secure applications
- Employees inadvertently revealing sensitive data
- Overtaxing systems with too many internal emails
- Phishing attacks
- Malicious software being deployed
- Securing physical assets
- Defining security goals and objectives
- Compliance
- Business continuity
- Communication and network security
- Security and risk management
- Identity and access management
- Security architecture and engineering
- Asset security
- Communication and network security
- Security assessment and testing
- Security operations
- Auditing user permissions
- Securing physical networks and wireless communications
- Conducting security audits
- Collecting and analyzing data
- Identity and access management
- Communication and network security
- Security and risk management
- Security assessment and testing
- Communication and network security
- Security architecture and engineering
- Security and risk management
- Identity and access management
- Conducting security control testing
- Setting up an employee’s access keycard
- Ensuring users follow established policies
- Controlling physical assets
Week 3
Test your knowledge: Frameworks and controls
- control
- framework
- regulation
- lifecycle
- Security control
- Data confidentiality
- Cybersecurity Framework (CSF)
- Personally identifiable information (PII)
- Cybersecurity Framework (CSF)
- Sensitive personally identifiable information (SPII)
- Confidentiality, integrity, and availability (CIA) triad
- General Data Protection Regulation law (GDPR)
- True
- False
Test your knowledge: Ethics in cybersecurity
- Confidentiality
- Laws
- Privacy protections
- Remaining unbiased
Fill in the blank: Privacy protection means safeguarding _____ from unauthorized use.
- business networks
- personal information
- documentation
- compliance processes
- Request identification from your manager to ensure the text message is authentic; then, provide the birth date.
- Respectfully decline, then remind your manager of the organization’s guidelines.
- Give your manager the employee’s birth date; a party is a friendly gesture.
- Ask your manager to provide proof of their inability to access the database.
- Escalate the situation by involving other organizations that have been targeted.
- Improve the company’s defenses to help prevent future attacks.
- Target a specific hacktivist group as a warning to the others.
- Conduct cyberattacks against each hacktivist group that claimed responsibility.
Weekly challenge 3
What are some of the primary purposes of security frameworks? Select three answers.
- Protecting PII data
- Managing organizational risks
- Safeguarding specific individuals
- Aligning security with business goals
or
- Protecting PII data
- Managing organizational risks
- Safeguarding specific individuals
- Identifying security weaknesses
Which of the following are core components of security frameworks? Select two answers.
- Managing data requests
- Identifying and documenting security goals
- Monitoring and communicating results
- Monitoring personally identifiable information
or
- Establishing regulatory compliance measures
- Implementing security processes
- Setting guidelines to achieve security goals
- Monitoring personally identifiable information
- security controls
- public websites
- security ethics
- private information
- Integrity
- Information
- Inconsistencies
- Intelligence
Fill in the blank: _____ are items perceived as having value to an organization.
- Incidents
- Lifecycles
- Assets
- Alerts
Which of the following statements accurately describe the NIST CSF? Select all that apply.
- It is only effective at managing long-term risk.
- Its purpose is to help manage cybersecurity risk.
- It is a voluntary framework.
- It consists of standards, guidelines, and best practices.
or
- It is a voluntary framework.
- Security teams use it as a baseline to manage risk.
- It is only effective at managing short-term risk.
- Its purpose is to help manage cybersecurity risk.
- past vendors
- disgruntled employees
- senior partners
- dissatisfied customers
- past vendors
- disgruntled employees
- senior partners
- dissatisfied customers
- Preserving evidence
- Security controls
- Security ethics
- Business email compromise
- Preserving evidence
- Security controls
- Security ethics
- Business email compromise
- honesty
- privacy protection
- unlimited access
- non-bias
- Restrictions
- Laws
- Guidelines
- Investigations
Shuffle Q/A
- Conformity
- Communication
- Confidentiality
- Consent
- authentic
- public
- centralized
- updated
- They know where to find sensitive information.
- They are less productive than other employees.
- They have access to sensitive information.
- They may have malicious intent.
Fill in the blank: The ethical principle of _____ involves adhering to compliance regulations.
- protections
- restrictions
- laws
- guidelines
- Restrictions
- Guidelines
- Protections
- Laws
- Activity
- Applications
- Accuracy
- Availability
Week 4
Test your knowledge: Important cybersecurity tools
What tool is designed to capture and analyze data traffic within a network?
- network protocol analyzer (packet sniffer)
- Structured Query Language (SQL)
- Google Chronicle
- Splunk Enterprise
Which of the following are examples of SIEM tools? Select two answers.
- Python
- Google Chronicle
- Linux
- Splunk Enterprise
How are logs primarily used by security professionals?
- Identify vulnerabilities and potential security breaches
- Collect and analyze data to monitor critical activities in an organization
- Select which security team members will respond to an incident
- Research and optimize processing capabilities within a network
Fill in the blank: A _____ is a manual that provides details about operational actions.
- case history
- directory
- playbook
- checklist
Test your knowledge: Core cybersecurity knowledge and skills
What do security professionals use to interact with and request information from a database?
-
- Confidentiality, integrity, availability (CIA) triad
- Structured Query Language (SQL)
- Linux
- Python
What is programming typically used for? Select two answers.
-
- Enable open-source operations
- Create a specific set of instructions for a computer to execute tasks
- Complete repetitive tasks and processes
- Record events that occur within an organization’s systems
Fill in the blank: Linux is an open-source _____ that can be used to examine logs.
- operating system
- database
- algorithm
- programming language
A playbook is a manual that provides details about how to respond to an incident only after it has occurred.
-
- True
- False
Weekly challenge 4
Which of the following statements correctly describe logs? Select two answers.
- A business might log each time an employee signs into their computer.
-
- A log is used as a formal guide to incident response.
- Security professionals use logs to visualize data.
- A log is a record of events that occur within an organization’s systems.
Which of the following tasks can be performed using SIEM tools? Select three answers.
- Providing alerts for specific types of risks
- Performing incident analysis
- Proactively searching for threats
- Notifying authorities of illegal activity
What is a benefit of a tool, such as Google’s Chronicle, being cloud-native?
-
- It requires hardware to deploy.
- It is a static resource.
- It allows for fast delivery of new features.
- It performs best when downloaded to a network.
Fill in the blank: A security professional uses a _____ as a manual to guide operational activities.
-
- spreadsheet
- toolkit
- review
- playbook
As a security analyst, you are monitoring network traffic to ensure that SPII data is not being accessed by unauthorized users. What does this scenario describe?
- Using a network protocol analyzer (packet sniffer)
- Programming with code
- Calculating with formulas
- Gathering data in a spreadsheet
Fill in the blank: The wide exposure and immediate access to the source code of open-source tools makes it _____ likely that issues will occur.
-
- very
- more
- less
- equally
What are some key benefits of programming languages? Select all that apply.
-
- They install security hardware.
- They create a specific set of instructions for a computer to execute tasks.
- They execute repetitive processes accurately.
- They filter through data points faster than humans can working manually.
How is an open-source operating system, such as Linux, different from other operating systems?
- It relies on a command line.
- It is only a desktop tool.
- It is proprietary.
- It must be downloaded from the cloud.
Fill in the blank: A database is a _____ of organized data stored in a computer system.
-
- visualization
- collection
- model
- frame
What are some key benefits of using Python to perform security tasks? Select all that apply.
- It is designed for high levels of accuracy.
-
- It makes static data more dynamic.
- It simplifies repetitive tasks.
- It helps security professionals be more accurate.
Shuffle Q/A
Which of the following tasks can be performed using SIEM tools? Select three answers.
- Helping security analysts identify potential breaches
- Collecting and analyzing data
- Providing alerts for specific types of risks and threats
- Requesting security data from government agencies
Why might a security professional choose Google Chronicle to store security data for later analysis?
- It is cloud-native, which means it delivers new features quickly.
- It requires hardware to deploy, so it is more secure.
- It is a static resource, so the user interface never changes.
- It performs best when downloaded to a network, which enables efficient processing.
A security team wants to examine logs to understand what is occurring within their systems. Why might they choose Linux to perform this task? Select two answers.
- It allows for text-based commands by users.
-
- It is an efficient programming language.
- It is proprietary.
- It is open source.
Fill in the blank: Security professionals can use _____ to interact with and request information from a database.
-
- Chronicle
- network protocol analyzers (packet sniffers)
- Splunk Enterprise
- SQL
What are some key benefits of using Python to perform security tasks? Select all that apply.
- It saves time.
-
- It clearly maps data.
- It helps ensure accuracy.
- It uses a command-line interface.
What are some key benefits of using Python to perform security tasks? Select all that apply.
- It helps security professionals work with high levels of detail.
- It enables security professionals to be more accurate.
- It simplifies repetitive tasks.
- It automatically eliminates sensitive information.
As a security analyst, you are monitoring network traffic and detect a large number of failed login attempts. Which of the following tools would help you investigate this incident? Select two answers.
- An intrusion detection system (IDS)
- A network protocol analyzer (packet sniffer)
- A cryptographic encoder
- A command-line interface
What are some key benefits of programming languages? Select all that apply.
- They create a specific set of instructions for a computer to execute tasks.
- They reduce the risk of human error.
-
- They describe how data is organized.
- They complete tasks faster than if working manually.
What are some key benefits of programming languages? Select all that apply.
- Execute repetitive processes very accurately
- Complete repetitive tasks with a high degree of efficiency
-
- Implement security protocols
- Create a specific set of instructions for a computer to execute tasks
Fill in the blank: To request information from a _____, security professionals can use SQL.
-
- spreadsheet
- database
- network
- dashboard
Which of the following tasks can be performed using SIEM tools? Select three answers.
-
- Implementing security software programs
- Saving time by reducing the amount of data to be reviewed
- Analyzing filtered events and patterns
- Monitoring critical activities
What term is used to describe publicly available systems, such as Linux?
- Open-source
- Unregulated
- Restricted
- Free-for-all
A cybersecurity analyst is tasked with proactively searching for threats and performing incident analysis. What type of tool should they use?
-
- Structured Query Language (SQL)
- Chain of custody playbook
- Linux operating system
- Security information and event management (SIEM)
Course 2 – Play It Safe: Manage Security Risks
Week 1
- Fill in the blank: The _____ domain is focused on access and authorization to keep data secure by making sure that users follow established policies to control and manage assets.
- security operations
- identity and access management
- asset security
- communication and network security
- What is the focus of the security and risk management domain?
- Manage and secure wireless communications
- Secure physical networks and wireless communications
- Optimize data security by ensuring effective processes are in place
- Define security goals and objectives, risk mitigation, compliance, business continuity, and regulations
- In which domain would a security professional conduct security control testing; collect and analyze data; and perform security audits to monitor for risks, threats, and vulnerabilities?
- Communication and network engineering
- Security architecture and engineering
- Identity and access management
- Security assessment and testing
- Fill in the blank: The _____ domain concerns conducting investigations and implementing preventive measures.
- security operations
- communications and networking engineering
- asset security
- software development security
Test your knowledge: Navigate threats, risks, and vulnerabilities
- What is a vulnerability?
- An organization’s ability to manage its defense of critical assets and data and react to change
- Anything that can impact the confidentiality, integrity, or availability of an asset
- Any circumstance or event that can negatively impact assets
- A weakness that can be exploited by a threat
- Fill in the blank: Information protected by regulations or laws is a _____. If it is compromised, there is likely to be a severe negative impact on an organization’s finances, operations, or reputation.
- low-risk asset
- new-risk asset
- medium-risk asset
- high-risk asset
- What are the key impacts of threats, risks, and vulnerabilities? Select three answers.
- Damage to reputation
- Employee retention
- Identity theft
- Financial damage
- Fill in the blank: The steps in the Risk Management Framework (RMF) are prepare, _____, select, implement, assess, authorize, and monitor.
- communicate
- categorize
- produce
- reflect
Weekly challenge 1
- Fill in the blank: Security _____ refers to an organization’s ability to manage its defense of critical assets and data, as well as its ability to react to change.
- posture
- architecture
- governance
- hardening
- Which of the following examples are key focus areas of the security and risk management domain? Select three answers.
- Mitigate risk
- Be in compliance
- Secure digital and physical assets
- Define security goals and objectives
Which of the following examples are key focus areas of the security and risk management domain? Select three answers.
- Follow legal regulations
- Conduct control testing
- Define security goals
- Maintain business continuity
- What term describes an organization’s ability to maintain its everyday productivity by establishing risk disaster recovery plans?
- Mitigation
- Daily defense
- Recovery
- Business continuity
- What security concept involves all individuals in an organization taking an active role in reducing risk and maintaining security?
- Shared responsibility
- Remote services
- Secure coding
- Employee retention
- A security analyst researches ways to improve access and authorization at their business. Their primary goal is to keep data secure. Which security domain does this scenario describe?
- Security assessment and testing
- Communication and network security
- Asset security
- Identity and access management
- What are the key areas of focus in the security assessment and testing domain? Select three answers.
- Collect and analyze data
- Perform security audits
- Conduct security control testing
- Use secure coding practices
- Fill in the blank: The software development _____ process may involve penetration testing during the deployment and implementation phase of developing software products.
- positioning
- access
- operational
- lifecycle
- Which of the following statements accurately describe risk? Select all that apply.
- Another way to think of risk is the likelihood of a threat occurring.
- A high-risk asset is any information protected by regulations or laws.
- If compromised, a medium-risk asset may cause some damage to an organization’s ongoing operations.
- If compromised, a low-risk asset would have a severe negative impact on an organization’s ongoing reputation.
Which of the following statements accurately describe risk? Select all that apply.
-
- If compromised, a high-risk asset is unlikely to cause financial damage.
- Website content or published research data are examples of low-risk assets.
- Organizations often rate risks at different levels: low, medium, and high.
- If compromised, a medium-risk asset may cause some damage to an organization’s finances.
- A business experiences an attack. As a result, sensitive personally identifiable information (SPII) is leaked through the dark web. What type of consequence does this scenario describe?
-
- Financial gain
- Identity theft
- Reputation
- Customer
- In the Risk Management Framework (RMF), which step involves knowing how current systems are operating and if they support security goals?
- Monitor
- Assess
- Authorize
- Categorize
Shuffle Q/A
- Fill in the blank: Security posture refers to an organization’s ability to react to _____ and manage its defense of critical assets and data.
- change
- tasks
- sustainability
- competition
- How does business continuity enable an organization to maintain everyday productivity?
- By ensuring return on investment
- By exploiting vulnerabilities
- By outlining faults to business policies
- By establishing risk disaster recovery plans
- Which of the following activities may be part of establishing security controls? Select three answers.
- Monitor and record user requests
- Collect and analyze security data regularly
- Evaluate whether current controls help achieve business goals
- Implement multi-factor authentication
- A business experiences an attack. As a result, a major news outlet reports the attack, which creates bad press for the organization. What type of consequence does this scenario describe?
- Increase in profits
- Damage to reputation
- Loss of identity
- Lack of engagement
- In the Risk Management Framework (RMF), which step involves having effective security and privacy plans in place in order to minimize the impact of ongoing risks?
- Authorize
- Prepare
- Categorize
- Implement
- What is the goal of business continuity?
- Reduce personnel
- Remove access to assets
- Destroy publicly available data
- Maintain everyday productivity
- Shared responsibility is a core concept of which domain?
- Security and risk management
- Security architecture and engineering
- Asset security
- Communication and network security
- How does security control testing enable companies to identify new and better ways to mitigate threats? Select two answers.
- By revising project milestones
- By evaluating whether the current controls help achieve goals
- By granting employee access to physical spaces
- By examining organizational goals and objectives
- A business experiences an attack. As a result, its critical business operations are interrupted and it faces regulatory fines. What type of consequence does this scenario describe?
- Practical
- Reputation
- Financial
- Identity
- In the Risk Management Framework (RMF), which step involves being aware of how systems are operating?
- Monitor
- Categorize
- Implement
- Authorize
A security analyst considers ways to enhance data security at their business. They decide to write a proposal to their supervisor that concerns employee authorization and asset management. Which security domain does this scenario describe?
-
- Software development security
- Security assessment and testing
- Communication and network security
- Identity and access management
Week 2
- How do security frameworks enable security professionals to help mitigate risk?
- They are used to establish laws that reduce a specific security risk.
- They are used to create unique physical characteristics to verify a person’s identity.
- They are used to refine elements of a core security model known as the CIA triad.
- They are used to establish guidelines for building security plans.
- Competitor organizations are the biggest threat to a company’s security.
- True
- False
- Fill in the blank: Security controls are safeguards designed to reduce _____ security risks.
- public
- broadscale
- specific
- general
- A security analyst works on a project designed to reduce the risk of vishing. They develop a plan to protect their organization from attackers who could exploit biometrics. Which type of security control does this scenario describe?
- Authentication
- Encryption
- Authorization
- Ciphertext
Test your knowledge: The CIA triad
- What is the CIA triad?
- Ongoing validation processes involving all employees in an organization
- A foundational security model used to set up security policies and systems
- A set of security controls used to update systems and networks
- A mandatory security framework involving the selection of appropriate controls
- Which element of the CIA triad specifies that only authorized users can access specific information?
- Access
- Confirmation
- Integrity
- Confidentiality
- A security analyst discovers that certain data is inaccessible to authorized users, which is preventing these employees from doing their jobs efficiently. The analyst works to fix the application involved in order to allow for timely and reliable access. Which element of the CIA triad does this scenario describe?
- Applicability
- Capacity
- Integrity
- Availability
- Fill in the blank: According to the CIA triad, _____ refers to ensuring that an organization’s data is verifiably correct, authentic, and reliable.
- Availability
- Credibility
- Accuracy
- Integrity
Test your knowledge: NIST frameworks
- What is the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)?
- A collection of security principles focused on maintaining confidentiality, integrity, and availability
- A required business framework for ensuring security updates and repairs are successful
- A set of security controls that help analysts determine what to do if a data breach occurs
- Standards, guidelines, and best practices that organizations follow voluntarily in order to manage cybersecurity risk
- Fill in the blank: The five core functions that make up the CSF are: identify, protect, detect, _____, and recover.
- regulate
- respond
- reevaluate
- reflect
- Fill in the blank: By enabling security professionals to determine which devices have been affected, the CSF _____ function helps organizations manage cybersecurity risks and their effects.
- protect
- identify
- detect
- recover
- What does a security analyst’s work involve during the CSF recover function?
- Return affected systems back to normal operation
- Protect an organization through the implementation of employee training
- Contain, neutralize, and analyze security incidents
- Pinpoint threats and improve monitoring capabilities
Weekly challenge 2
- What does a security professional use to create guidelines and plans that educate employees about how they can help protect the organization?
- Security posture
- Security audit
- Security framework
- Security hardening
- Fill in the blank: A security professional uses _____ to convert data from a readable format to an encoded format.
- authorization
- authentication
- encryption
- confidentiality
- Which of the following characteristics are examples of biometrics? Select all that apply.
- Voice
- Fingerprint
- Eye scan
- Password
- You work as a security analyst at a bank and need to ensure that customers can access their account information. Which core principle of the CIA triad are you using to confirm their data is accessible to them?
- Confidentiality
- Availability
- Integrity
- Accuracy
- Which of the following statements accurately describe the CSF? Select all that apply.
- The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
- Implementing improvements to a security process is part of the respond function of the CSF.
- The identify function of the CSF involves managing cybersecurity risk and its effects on an organization’s people and assets.
- The protect function of the CSF involves returning affected systems back to normal operation.
- A security team has just finished addressing a recent security incident. They now conduct tests to ensure that all of their repairs were successful. Which OWASP principle does this scenario describe?
- Minimize attack surface area
- Fix security issues correctly
- Principle of least privilege
- Separation of duties
- What are some of the primary objectives of an internal security audit? Select all that apply.
- Determine what needs to be improved in order to achieve the desired security posture
- Help security teams identify organizational risk
- Avoid fines due to a lack of compliance
- Reduce the amount of data on a network
What are some of the primary objectives of an internal security audit? Select three answers.
- Help security teams identify organizational risk
- Improve security posture
- Avoid fines due to a lack of compliance
- Develop a guiding security statement for the business
- Fill in the blank: In an internal security audit, _____ refers to identifying people, assets, policies, procedures, and technologies that might impact an organization’s security posture.
- completing a controls assessment
- implementing administrative controls
- scope
- goals
- A security analyst performs an internal security audit. They review their company’s existing assets, then evaluate potential risks to those assets. Which aspect of a security audit does this scenario describe?
- Completing a controls assessment
- Assessing compliance
- Establishing the scope and goals
- Communicating results
- What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.
- Strategies for improving security posture
- A summary of the goals
- Detailed data about past cybersecurity incidents
- Existing risks that need to be addressed now or in the future
Shuffle Q/A
- How do organizations use security frameworks to develop an effective security posture?
- As a policy to protect against phishing campaigns
- As a policy to support employee training initiatives
- As a guide to identify threat actor strategies
- As a guide to reduce risk and protect data and privacy
- Fill in the blank: An employee using multi-factor authentication to verify their identity is an example of the _____ process.
- confidentiality
- integrity
- authentication
- encryption
- You work as a security analyst for a supply chain organization and need to confirm all inventory data is correct, authentic, and reliable. Which core principle of the CIA triad are you using?
- Confidentiality
- Availability
- Credibility
- Integrity
- A security team considers how to avoid unnecessarily complicated solutions when implementing security controls. Which OWASP principle does this scenario describe?
- Fix security issues correctly
- Keep security simple
- Defense in depth
- Principle of least privilege
- What are some of the primary objectives of an internal security audit? Select all that apply.
- Help security teams correct compliance issues
- Enable security teams to assess controls
- Limit traffic on an organization’s firewall
- Identify any security gaps or weaknesses within an organization
- A security analyst performs an internal security audit. They focus on the human component of cybersecurity, such as the policies and procedures that define how their company manages data. What are they working to establish?
- Physical controls
- Technical controls
- Administrative controls
- Compliance controls
- What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.
- A list of existing risks
- Results and recommendations
- Questions about specific controls
- A summary of the scope
- What is the purpose of a security framework?
- Create security controls to protect marketing campaigns
- Develop procedures to help identify productivity goals
- Establish policies to expand business relationships
- Build plans to help mitigate risks and threats to data and privacy
- Fill in the blank: A security professional uses _____ to verify that an employee has permission to access a resource.
- authorization
- encryption
- integrity
- admission
- Which of the following statements accurately describe the CSF? Select all that apply.
- The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
- The detect function of the CSF involves improving monitoring capabilities to increase the speed and efficiency of detections.
- Restoring affected files or data is part of the recover function of the CSF.
- The identify function of the CSF involves returning affected systems back to normal operation.
Which of the following statements accurately describe the CSF? Select all that apply.
-
- The detect function of the CSF involves making sure proper procedures are used to contain, neutralize, and analyze security incidents.
- The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
- The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.
- Investigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.
- A security team establishes controls, including permission settings that will be used to create multiple security points that a threat actor must get through to breach their organization. Which OWASP principle does this scenario describe?
- Defense in depth
- Principle of least privilege
- Keep security simple
- Separation of duties
- Fill in the blank: In an internal security audit, _____ involves identifying potential threats, risks, and vulnerabilities in order to decide what security measures should be implemented.
- communicating to stakeholders
- conducting a risk assessment
- assessing compliance
- establishing the scope and goals
- A security analyst performs an internal security audit. They determine that the organization needs to install surveillance cameras at various store locations. What are they working to establish?
- Communication controls
- Administrative controls
- Technical controls
- Physical controls
- A person’s fingerprint, eye or palm scan are examples of what?
- Codes
- Biometrics
- Passwords
- Statistics
- Which of the following statements accurately describe the CSF? Select all that apply.
- The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.
- Investigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.
- The detect function of the CSF involves making sure proper procedures are used to contain, neutralize, and analyze security incidents.
- The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
- What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.
- Results and recommendations
- Comprehensive details about each part of the process
- Compliance regulations to be adhered to
- Strategies for improving security posture
Week 3
- Which log source records events related to websites, emails, and file shares, as well as password and username requests?
- Receiving
- Firewall
- Network
- Server
- Fill in the blank: A security information and _____ management (SIEM) tool is an application that collects and analyzes log data to monitor critical activities in an organization.
- employee
- efficiency
- emergency
- event
- A security professional evaluates a software application by reviewing key technical attributes including response time, availability, and failure rate. What are they using to assess performance?
- Index standards
- Metrics
- Cloud tools
- Models
- Fill in the blank: SIEM tools must be configured and _____ to meet each organization’s unique security needs.
- customized
- centralized
- reviewed
- indexed
Test your knowledge: Identify threats and vulnerabilities with SIEM tools
- A security team wants some of its services to be hosted on the internet instead of local devices. However, they also need to maintain physical control over certain confidential data. What type of SIEM solution should they select?
- Self-hosted
- Remote
- Cloud-hosted
- Hybrid
- Splunk Cloud is a self-hosted tool that retains, analyzes, and searches log data in order to provide security information and alerts.
- True
- False
- Fill in the blank: Chronicle is _____, which means it is specifically designed to take advantage of cloud computing capabilities including availability, flexibility, and scalability.
- cloud-infrastructure
- cloud-native
- cloud-local
- cloud-hardware
- What are the different types of SIEM tools? Select three answers.
- Self-hosted
- Cloud-hosted
- Hybrid
- Physical
Weekly challenge 3
- Which of the following statements correctly describe logs? Select three answers.
- SIEM tools rely on logs to monitor systems and detect security threats.
- A record of connections between devices and services on a network is part of a network log.
- A record of events related to employee logins and username requests is part of a server log.
- Actions such as username requests are recorded in a network log.
Which of the following statements correctly describe logs? Select three answers.
- SIEM tools rely on logs to monitor systems and detect security threats.
-
- Actions such as username requests are recorded in a network log.
- A record of events related to employee logins and username requests is part of a server log.
- A record of connections between devices and services on a network is part of a network log.
- What are some of the key benefits of SIEM tools? Select three answers.
- Monitor critical activities in an organization
- Automatic updates customized to new threats and vulnerabilities
- Provide visibility
- Store all log data in a centralized location
- Fill in the blank: To assess the performance of a software application, security professionals use _____, including response time, availability, and failure rate.
- dashboards
- SIEM tools
- logs
- metrics
- A security team installs a SIEM tool within their company’s own infrastructure to keep private data on internal servers. What type of tool are they using?
- Hybrid
- Infrastructure-hosted
- Self-hosted
- Cloud-hosted
A security team chooses to implement a SIEM tool that they will install, operate, and maintain using their own physical infrastructure. What type of tool are they using?
- Hybrid
- Infrastructure-hosted
- Self-hosted
- Cloud-hosted
Fill in the blank: SIEM tools are used to search, analyze, and _____ an organization’s log data to provide security information and alerts in real-time.
- retain
- separate
- modify
- release
A security analyst receives an alert about hundreds of login attempts from unusual geographic locations within the last few minutes. What can the analyst use to review a timeline of the login attempts, locations, and time of activity?
-
- A network protocol analyzer (packet sniffer)
- An operating system
- A SIEM tool dashboard
- A playbook
- You are a security analyst, and you want a security solution that will be fully maintained and managed by your SIEM tool provider. What type of tool do you choose?
- Self-hosted
- Solution-hosted
- Cloud-hosted
- Hybrid
- Fill in the blank: Splunk Enterprise is a self-hosted tool used to retain, analyze, and search an organization’s _____ to provide security information and alerts.
- database
- hardware
- cloud applications
- log data
- Which of the following statements accurately describe Chronicle? Select three answers.
- Cloud-native tools such as Chronicle are designed to take advantage of cloud computing availability.
- Chronicle is designed to retain, analyze, and search data.
- Self-hosted tools such as Chronicle are designed to give organizations more control over their data.
- Chronicle performs data analysis.
- Which type of tool typically requires users to pay for usage?
- Open-source
- Self-hosted
- Proprietary
- Cloud native
Shuffle Q/A
- Which of the following statements correctly describe logs? Select three answers.
- Actions such as using a username or password are recorded in a firewall log.
- Events related to websites, emails, or file shares are recorded in a server log.
- A network log is a record of all computers and devices that enter and leave a network.
- A log is a record of events that occur within an organization’s systems and networks.
- What are some of the key benefits of SIEM tools? Select three answers.
- Save time
- Provide event monitoring and analysis
- Eliminate the need for manual review of logs
- Collect log data from different sources
- Fill in the blank: Software application _____ are technical attributes, such as response time, availability, and failure rate.
- metrics
- dashboards
- SIEM tools
- logs
- You are a security professional, and you want a SIEM tool that will require both on-site infrastructure and internet-based solutions. What type of tool do you choose?
- Hybrid
- Self-hosted
- Cloud-hosted
- Component-hosted
- Which of the following statements accurately describe Chronicle? Select three answers.
- Chronicle saves businesses time by eliminating the need for security teams to monitor threats and vulnerabilities.
- Cloud-native tools such as Chronicle are designed to take advantage of cloud computing scalability.
- Cloud-native tools such as Chronicle are maintained and managed by the vendor.
- Chronicle performs data collection.
- What are some of the key benefits of SIEM tools? Select three answers.
- Minimize the number of logs to be manually reviewed
- Automatic customization to changing security needs
- Increase efficiency
- Deliver automated alerts
- Fill in the blank: A security professional creates a dashboard that displays technical attributes about business operations called ______, such as incoming and outgoing network traffic.
- metrics
- averages
- logs
- SIEM tools
- Fill in the blank: Splunk Enterprise is a self-hosted tool used to search, analyze, and _____ an organization’s log data to provide security information and alerts in real-time.
- retain
- modify
- release
- separate
- What are examples of open-source tools? Select two answers.
- Suricata
- Splunk Enterprise
- Linux
- Chronicle
- Fill in the blank: Splunk Enterprise is a _____ tool used to retain, analyze, and search an organization’s log data to provide security information and alerts in real-time.
- cloud-native
- self-hosted
- open-source
- cloud-based
Week 4
- In the event of a security incident, when would it be appropriate to refer to an incident response playbook?
- Only when the incident first occurs
- Only prior to the incident occurring
- Throughout the entire incident
- At least one month after the incident is over
- Fill in the blank: During the _____ phase, security professionals use tools and strategies to determine whether a breach has occurred and to evaluate its potential magnitude.
- preparation
- detection and analysis
- containment
- coordination
- In which incident response playbook phase would a security team document an incident to ensure that their organization is better prepared to handle future security events?
- Eradication and recovery
- Containment
- Post-incident activity
- Coordination
- What is the relationship between SIEM tools and playbooks?
- They work together to provide a structured and efficient way of responding to security incidents.
- Playbooks collect and analyze data, then SIEM tools guide the response process.
- They work together to predict future threats and eliminate the need for human intervention.
- Playbooks detect threats and generate alerts, then SIEM tools provide the security team with a proven strategy.
Test your knowledge: Use a playbook to respond to an incident
- Playbooks are permanent, best-practice documents, so a security team should not make changes to them.
- True
- False
- A business recently experienced a security breach. Security professionals are currently restoring the affected data using a clean backup that was created before the incident. What playbook phase does this scenario describe?
- Post-incident activity
- Detection and analysis
- Eradication and recovery
- Containment
- Fill in the blank: Once a security incident is resolved, security analysts perform various post-incident activities and _____ efforts with the security team.
- eradication
- coordination
- preparation
- detection
- Which action can a security analyst take when they are assessing a SIEM alert?
- Analyze log data and related metrics
- Isolate an infected network system
- Restore the affected data with a clean backup
- Create a final report
Weekly challenge 4
- Which of the following statements accurately describe playbooks? Select three answers.
- A playbook helps security teams respond to urgent situations quickly.
- A playbook improves accuracy when identifying and mitigating an incident.
- Organizations use different types of playbooks for different situations.
- Organizations keep playbooks consistent by applying the same procedures to different business events.
Which of the following statements accurately describe playbooks? Select three answers.
-
- Organizations use the same playbook for incident response, security alerts, and product-specific purposes.
- Organizations use playbooks to ensure employees follow a consistent list of actions.
- A playbook clarifies what tools to use in response to a security incident.
- A playbook is a manual that provides details about any operational action.
- A security team is considering what they learned during past security incidents. They also discuss ways to improve their security posture and refine response strategies for future incidents. What is the security team’s goal in this scenario?
- Assess employee performance
- Educate clients
- Update a playbook
- Delete biometric data
- Fill in the blank: Incident response playbooks are _____ used to help mitigate and manage security incidents from beginning to end.
- guides
- exercises
- examinations
- inquiries
- An organization has successfully responded to a security incident. According to their established standards, the organization must share information about the incident to a specific government agency. What phase of an incident response playbook does this scenario describe?
- Coordination
- Containment
- Detection and analysis
- Preparation
- Why is the containment phase of an incident response playbook a high priority for organizations?
- It demonstrates how to communicate about the breach to leadership.
- It enables a business to determine whether a breach has occurred.
- It helps prevent ongoing risks to critical assets and data.
- It outlines roles and responsibilities of all stakeholders.
- Fill in the blank: During the _____ phase, security teams may conduct a full-scale analysis to determine the root cause of an incident and use what they learn to improve the company’s overall security posture.
- post-incident activity
- detection and analysis
- containment
- eradication and recovery
- A security analyst establishes incident response procedures. They also educate users on what to do in the event of a security incident. What phase of an incident response playbook does this scenario describe?
- Containment
- Preparation
- Eradication and recovery
- Detection and analysis
- In what ways do SIEM tools and playbooks help security teams respond to an incident? Select all that apply.
- SIEM tools and playbooks work together to provide a structured way of responding to incidents.
- Playbooks collect and analyze data.
- SIEM tools detect threats.
- SIEM tools alert the security team to potential problems.
Shuffle Q/A
- Which of the following statements accurately describe playbooks? Select three answers.
- A playbook is used to develop compliance regulations.
- A playbook can be used to respond to an incident
- A playbook is an essential tool used in cybersecurity
- A playbook improves efficiency when identifying and mitigating an incident.
- Fill in the blank: A security team _____ their playbook frequently by learning from past security incidents, then refining policies and procedures.
- summarizes
- outlines
- shortens
- updates
- Fill in the blank: Incident response is an organization’s quick attempt to _____ an attack, contain the damage, and correct its effects.
- identify
- expand
- disclose
- ignore
A security analyst reports to stakeholders about a security breach. They provide details based on the organization’s established standards. What phase of an incident response playbook does this scenario describe?
-
- Preparation
- Coordination
- Detection and analysis
- Eradication and recovery
- What are the primary goals of the containment phase of an incident response playbook? Select two answers.
- Reduce the immediate impact
- Assess the damage
- Analyze the magnitude of the breach
- Prevent further damage
- Fill in the blank: During the post-incident activity phase, security teams may conduct a full-scale analysis to determine the _____ of an incident and use what they learn to improve the company’s overall security posture.
- structure
- target
- root cause
- end point
- Which phase of an incident response playbook is primarily concerned with preventing further damage and reducing the immediate impact of a security incident?
- Post-incident activity
- Preparation
- Containment
- Detection and analysis
- In what ways do SIEM tools and playbooks help security teams respond to an incident? Select all that apply.
- SIEM tools analyze data.
- SIEM alerts inform security teams of potential threats.
- SIEM alerts provide security teams with specific steps to identify and respond to security incidents.
- SIEM tools and playbooks work together to provide an efficient way of handling security incidents.
- What does a security team do when updating and improving a playbook? Select all that apply.
- Discuss ways to improve security posture
- Consider learnings from past security incidents
- Refine response strategies for future incidents
- Improve antivirus software performance
- Fill in the blank: Incident response playbooks outline processes for communication and ______ of a security breach.
- implementation
- documentation
- concealment
- iteration
- A security analyst wants to ensure an organized response and resolution to a security breach. They share information with key stakeholders based on the organization’s established standards. What phase of an incident response playbook does this scenario describe?
- Coordination
- Containment
- Eradication and recovery
- Detection and analysis
- Fill in the blank: During the post-incident activity phase, organizations aim to enhance their overall _____ by determining the incident’s root cause and implementing security improvements.
- user experience
- employee engagement
- security audit
- security posture
- A security analyst documents procedures to be followed in the event of a security breach. They also establish staffing plans and educate employees. What phase of an incident response playbook does this scenario describe?
- Coordination
- Eradication and recovery
- Detection and analysis
- Preparation
Course 3 – Connect and Protect: Networks and Network Security
Week 1
- To connect an entire city, the most effective network type would be a local area network (LAN).
- True
- False
- A security professional wants to ensure information is being broadcast properly to every computer on their organization’s network. What device should they investigate?
- Hub
- Modem
- Internet
- Router
- What are some benefits of switches? Select all that apply.
- They automatically install device-protection software.
- They can improve network performance.
- They control the flow of traffic.
- They only pass data to the intended destination.
- Fill in the blank: The practice of using servers, applications, and network services that are hosted on the internet is called _____ computing.
- website
- connected
- cloud
- uploadable
Test your knowledge: Network communication
- What type of information is contained within the header of an IP packet?
- The message that needs to be transmitted to the receiving device
- An explanation of how the port number will be processed by the receiving device
- The sender’s IP address, the size of the packet, and the protocol to use
- A string of data indicating that the data transmission is complete
- What characteristics do the TCP/IP and OSI models share? Select all that apply.
- Both models define standards for networking and divide the network communication process into different layers.
- Both models include an application and a transport layer.
- Both models illustrate network processes and protocols for data transmission between two or more systems.
- Both models have 7 layers.
- What is the Transmission Control Protocol (TCP)?
- A software application that organizes data
- An internet communication convention
- Guidelines for proper network operations
- A unique address that every device on a network is assigned
- Fill in the blank: A _____ is a software-based location that organizes the sending and receiving of data between devices on a network.
- channel
- segment
- port
- packet
- Which layer of the TCP/IP model has protocols that organize file transfers and email services?
- Internet layer
- Transport layer
- Network access layer
- Application layer
Test your knowledge: Local and wide network communication
- Fill in the blank: An Internet Protocol (IP) address is a unique string of characters that identifies the _____ of a device on the internet.
- speed
- location
- operating system
- size
- Which of the following is an example of an IPv4 address?
- 25, 443, 20
- 172.16.254.1
- 2001:0db8:85a3:0000:0000:8a2e:0370:7336
- 00-B1-D0-63-C2-26
- What is the term for an address assigned by an internet service provider that is shared by all devices on a local area network?
- Private IP address
- MAC address
- WAN address
- Public IP address
- Fill in the blank: A switch uses a MAC _____ to direct data packets to the correct device.
- address table
- geographic location
- home network
- public address
Weekly challenge 1
- What is the term for a group of connected devices?
- Cloud
- Hub
- Protocol
- Network
- A _____ broadcasts information to every device on the network.
- hub
- modem
- router
- switch
- Which of the following statements accurately describe switches? Select all that apply.
- When a switch receives a data packet, it reads the MAC address of the destination device and maps it to a port.
- Some benefits to switches are effective control of traffic flow and improved network performance.
- Switches are less secure than hubs.
- A switch is a device that makes connections between specific devices on a network by sending and receiving data between them.
- A security professional is investigating the benefits and drawbacks of using a cloud service provider (CSP). What are some reasons why the security professional might choose to use a CSP in their work? Select all that apply.
- A CSP provides business analytics to monitor web traffic and sales.
- CSP services may be accessed even when a business is not connected to the internet.
- CSP remote servers allow web applications to be accessed from any location.
- A CSP offers processing power that is only paid for as needed.
- What is the purpose of the protocol number of a data packet?
- To identify the message to be transmitted to the receiving device
- To signal to the receiving device that the packet is finished
- To contain the IP and MAC addresses
- To tell the receiving device what to do with the information in the packet
- What are the three main categories of services that CSPs provide? Select all that apply.
- Software as a service (SaaS)
- Platform as a service (PaaS)
- Desktop as a service (DaaS)
- Infrastructure as a service (IaaS)
- A security analyst is accessing a webpage that uses HTTPS. The analyst scans the network to see what ports are active. Which port number is used for HTTPS webpages?
- 443
- 40
- 20
- 25
- Which layer in the TCP/IP model is used to inspect the flow of traffic across a network?
- Layer 1, network access
- Layer 2, internet
- Layer 3, transport
- Layer 4, application
- A security analyst runs a command to discover a local IP address. The analyst receives the following result: 169.254.255.249. What type of address is this?
- MAC
- IPv4
- IPv6
- Ethernet
- A security analyst runs a command to discover a local IP address. The analyst receives the following result: fd45:3efd:3201:ff22:0000:0000:12ff:0000. What type of address is this?
- MAC
- Ethernet
- IPv4
- IPv6
Shuffle Q/A
- What type of network spans an office building, a school, or a home?
- Modem
- Cloud
- WAN
- LAN
- Which network device makes connections between specific devices on a network by sending and receiving data between them?
- A switch
- A router
- A hub
- A modem
- Which of the following are benefits for businesses that are considering using a cloud service provider (CSP)? Select all that apply.
- CSP data and devices are more secure because they are stored locally.
- CSP remote servers allow online services to be accessed from any location.
- CSPs provide business analytics to monitor web traffic and sales.
- CSPs offer on-demand storage.
- Fill in the blank: _____ refers to the practice of using remote servers, applications, and network services that are hosted on the internet, instead of in a physical location owned by a company.
- Cloud computing
- Software defined networks (SDNs)
- Hybrid cloud environment
- Local area network (LAN)
- Which one of the following port numbers is used for large file transfers?
- 25
- 37
- 20
- 443
- Fill in the blank: The ___ layer is used to determine how data packets will interact with receiving devices, including file transfers and email services.
- Layer 1, network access
- Layer 2, internet
- Layer 3, transport
- Layer 4, application
- Which of the following addresses is an accurate IPv4 address?
- 129.168.10.256
- 1001.2345.3234.5678
- 192.168.0.2
- 100.234.56.1.3
- Which of the following addresses is an accurate IPv6 address?
- fda2:7360:1e5b:e8f5:a69f:c8bd:1b3e:2578
- fda2::7361:135b::38f5:c8bd:1b3e:2578
- a360::abf7:h234:0011:g126:1130::ffj2
- a634:b123:cd34:3f56:0023:2345:7890:0000:ffff
- Fill in the blank: A ___ is a network that spans a large geographic area, like a city, state, or country.
- Modem
- LAN
- WAN
- Cloud
- Which network device connects multiple networks together?
- A hub
- A router
- A switch
- A modem
- Fill in the blank: A ___ is a device that makes connections between specific devices on a network by sending and receiving data between them.
- switch
- hub
- modem
- router
- What information is included in the body of a data packet?
- The protocol number
- The MAC address
- The message to be transmitted to the receiving device
- The signal that tells the receiving device that the packet is finished transferring
- What are two benefits of cloud computing and software defined networks (SDNs)? Select two answers.
- Decreased cost
- Increased scalability
- Decreased use of physical network devices
- Increased attack surface
- What is the purpose of the footer of a data packet?
- To identify the message to be transmitted to the receiving device
- To show the MAC address of the destination device
- To signal to the receiving device that the packet is finished
- To contain the source IP address
- Fill in the blank: 127.0.0.1 is an example of an accurate ___ address.
- Ethernet
- IPv6
- MAC
- IPv4
Week 2
- Fill in the blank: Network protocols are rules used by two or more devices on a network to describe the _____ and structure of data.
- access level
- optimum speed
- order of delivery
- maximum size
- Which network protocol provides a secure method of communication between clients and web servers?
- TCP
- ARP
- HTTPS
- DNS
- To keep information safe from malicious actors, what security protocol can be used?
- Secure sockets layer and transport layer security (SSL/TLS)
- Address resolution protocol (ARP)
- Domain name system (DNS)
- Transmission control protocol (TCP)
- IEEE 802.11, also known as Wi-Fi, is a set of standards that define communication for wireless LANs.
- True
- False
Test your knowledge: System identification
- What monitors and filters traffic coming in and out of a network?
- Domain name system (DNS)
- Firewall
- Forward proxy server
- Uncontrolled zone
- Stateless is a class of firewall that keeps track of information passing through it and proactively filters out threats.
- True
- False
- Fill in the blank: Encapsulation is a process performed by a _____ that protects information by wrapping sensitive data in other data packets.
- firewall
- VPN service
- proxy server
- security zone
- Which security zone is used to ensure highly confidential information and is only accessible to employees with certain privileges?
- Management zone
- Uncontrolled zone
- Restricted zone
- Demilitarized zone (DMZ)
- Fill in the blank: A security analyst uses a _____ to regulate and restrict access to an internal server from the internet. This tool works by accepting traffic from external parties, approving it, and forwarding it to internal servers.
- reverse proxy server
- port filter
- controlled zone
- forward proxy server
Weekly challenge 2
- What network protocol translates the domain name of a website’s server into an IP address?
- File transfer protocol (FTP)
- Domain name system (DNS)
- Transmission control protocol (TCP)
- Hypertext transfer protocol secure (HTTPS)
- Which of the following statements accurately describe wireless protocols? Select three answers.
- Wi-Fi protocols provide security levels about equal to that of wired connections.
- IEEE is the Institute of Electrical and Electronics Engineers, which maintains WiFi standards.
- WPA is a wired security protocol pertaining to local devices on the same network.
- 802.11 is a suite of protocols used in wireless communication.
A firewall administrator installs a firewall function to either block or allow certain port numbers to limit unwanted communication. What function does this scenario describe?
- Port filtering
- Using cloud-based firewalls
- Masking a location
- Organizing data packets
- Which type of firewall analyzes network traffic for characteristics and behaviors that appear suspicious and stops them from entering the network?
- Next-generation firewall (NGFW)
- Stateful
- Stateless
- Cloud-based
Which of the following types of firewalls can perform deep packet inspection and intrusion detection?
- Next generation firewall (NGFW)
- Documented
- Stateless
- Stateful
How do VPNs preserve confidentiality?
-
- Use temporary memory to store data requested by external servers
- Monitor traffic to and from a network
- Translate internet domain names to IP addresses
- Encrypt data in transit
Fill in the blank: A VPN uses _____ to transfer encrypted data between a device and the VPN server.
-
- network segmentation
- transmission control
- packet sniffing
- encapsulation
Fill in the blank. A controlled zone protects a company’s internal network from a(n)___ security zone.
-
- Restricted
- Demilitarized
- Internal network
- Uncontrolled
- What network security service masks a device’s virtual location to keep data private while using a public network?
- Network segmenter
- Cloud service provider (CSP)
- Virtual private network (VPN)
- Domain name system (DNS)
- Fill in the blank: VPN services perform encapsulation to protect sensitive data by _____ it in other data packets.
- wrapping
- archiving
- classifying
- displaying
- What network zone contains the internet and other services that are outside of an organization’s control?
- Restricted
- Uncontrolled
- Controlled
- Demilitarized
- What is the function of the demilitarized zone (DMZ)?
- Isolate servers exposed to the internet from the rest of a network
- Organize data by forwarding it to other servers
- Protect highly confidential information accessible only to employees with certain privileges
- Encrypt data as it travels across the internet
- Fill in the blank: A _____ fulfills the requests of its clients by forwarding them to other servers
- Virtual private network (VPN)
- Firewall
- Proxy server
- Router
What is one way forward proxies secure internal networks?
-
- Both forward and reverse proxy servers add a layer of protection from the internet.
- Forward proxy servers hide a user’s IP address and approve all outgoing requests.
- They are useful for protecting internal web servers that contain confidential data.
- They receive outgoing traffic from an employee, approve it, then forward it to its destination on the internet.
Shuffle Q/A
- Which of the following statements accurately describe wireless protocols? Select three answers.
- WPA is a wireless security protocol pertaining to connecting to the internet.
- The set of standards IEEE 802.11 is also referred to as Wi-Fi.
- Wi-Fi protocols provide significantly lower security levels than wired connections.
- The Institute of Electrical and Electronics Engineers maintains Wi-Fi standards.
- A firewall administrator sets up a firewall that operates based on predefined rules. It is not used to keep track of information from data packets. What class of firewall does this scenario describe?
Answers
- Cloud-based
- Next-generation firewall (NGFW)
- Stateful
- Stateless
- A security professional sets up a security measure to allow employees to work from home securely while having access to internal network resources. What does this scenario describe?
- Firewall
- Address resolution protocol (ARP)
- Virtual private network (VPN)
- Cloud service provider (CSP)
- Fill in the blank: VPN services perform _____ to protect sensitive data by wrapping it in other data packets.
- network segmentation
- transmission control
- encapsulation
- packet sniffing
- What network is part of the uncontrolled zone?
- Internet
- Subnets
- Web servers
- Internal networks
- Which of the following statements accurately describe forward and reverse proxy servers? Select three answers.
- Forward proxy servers receive outgoing traffic from an employee, approve it, then forward it to its destination on the internet.
- Reverse proxy servers accept traffic from external parties, approve it, then forward it to internal servers.
- Reverse proxy servers work by hiding a user’s IP address and approving all outgoing requests.
- Forward proxy servers regulate and restrict a person’s access to the internet.
- What network protocol helps data get to the right place by determining the MAC address of the next router or device on its path?
- Hypertext Transfer Protocol Secure (HTTPS)
- Address Resolution Protocol (ARP)
- Secure Sockets Layer/Transport Layer Security (SSL/TLS)
- Transmission Control Protocol (TCP)
- What network zone includes web and proxy servers that host websites for the public, as well as email and file servers to handle external communications?
- Uncontrolled zone
- Demilitarized zone
- Restricted zone
- Virtual private network
A security analyst implements a system to service client requests by forwarding them to other servers. What do they use?
- Proxy server
- Virtual private network (VPN)
- Firewall
- Router
- A security analyst implements a proxy server to secure internal networks. What are some of the proxy server’s primary functions? Select all that apply.
- Determine whether requests to connect to a website are allowed
- Use public IP addresses that are different from the rest on the private network
- Temporarily stores data that is frequently requested by external servers
- Divide the network into segments to maintain privacy within corporate groups
- Fill in the blank: A ____ accepts traffic from external parties, approves it, then forwards it to internal servers.
- Reverse proxy
- Forward proxy
- Virtual private network (VPN)
- Next generation firewall (NGFW)
Week 3
- What type of attack uses multiple devices or servers in different locations to flood the target network with unwanted traffic?
- Phishing attack
- Tailgating attack
- Denial of Service (DoS) attack
- Distributed Denial of Service (DDoS) attack
- What type of attack poses as a TCP connection and floods a server with packets simulating the first step of the TCP handshake?
- SYN flood attack
- ICMP flood
- On-path attack
- SYN-ACK flood attack
- Fill in the blank: The Denial of Service (DoS) attack _____ is caused when a hacker sends a system an ICMP packet that is bigger than 64KB.
- On-path
- SYN flood
- Ping of Death
- ICMP flood
- Which types of attacks take advantage of communication protocols by sending an overwhelming number of requests to a server? Select all that apply.
- DDoS attack
- ICMP flood attack
- SYN flood attack
- TCP connection attack
Test your knowledge: Network interception attack tactics
- Passive packet sniffing involves data packets being manipulated while in transit, which may include injecting internet protocols to redirect the packets to unintended ports or changing the information the packet contains.
- True
- False
- Fill in the blank: A security analyst can protect against malicious packet sniffing by _____ to encrypt data as it travels across a network.
- using only websites with HTTP at the beginning of their domain addresses
- using a VPN
- using a network hub
- using free public Wi-Fi
- Which type of attack involves an attacker changing the source IP of a data packet to impersonate an authorized system and gain access to the network?
- Replay attack
- IP spoofing
- On-path attack
- Ping of death
- Which of the following statements accurately describes a smurf attack?
- A DoS attack that is caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than the maximum size
- A network attack performed when an attacker sniffs an authorized user’s IP address and floods it with packets
- A network attack performed when an attacker intercepts a data packet in transit and delays it or repeats it at another time
- A DoS attack performed by an attacker repeatedly sending ICMP packets to a network server
Weekly challenge 3
- What happens during a Denial of Service (DoS) attack?
- The target crashes and normal business operations cannot continue.
- The data packets containing valuable information are stolen as they travel across the network.
- The attacker successfully impersonates an authorized user and gains access to the network.
- The network is infected with malware.
- Which of the following statements accurately describe Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks? Select three answers.
- In both DoS and DDoS attacks, every part of the network must be overloaded for the attacks to be successful.
- A DDoS attack involves multiple hosts carrying out the attack.
- A DoS attack involves one host conducting the attack.
- A network device experiencing a DoS attack is unable to respond to legitimate users.
Which of the following statements accurately describe Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks? Select three answers.
- A DDoS attack may use multiple devices in different locations to flood the target network with unwanted traffic.
- In both DoS and DDoS attacks, if any part of the network is overloaded, the attacks are successful.
- A DoS attack involves multiple hosts carrying out the attack.
- A DoS attack targets a network or server.
- A security manager is training their team to identify when a server has experienced a SYN-flood attack. What might indicate to the team members that their organization is at risk?
- The port numbers in the data packets are incorrect.
- A large number of ICMP packets are delivered to the organization’s servers.
- An oversized ICMP packet is sent to the network server.
- The server has stopped responding after receiving an unusually high number of incoming SYN packets.
- Fill in the blank: The DoS attack _____ occurs when a malicious actor sends an oversized ICMP packet to a server.
- smurf
- SYN flood
- Ping of Death
- on-path
- Which of the following statements correctly describe passive and active packet sniffing? Select three answers.
-
- Using only websites with HTTPS at the beginning of their domain names provides protection from packet sniffing.
- Passive packet sniffing may enable attackers to change the information a packet contains.
- Active packet sniffing may enable attackers to redirect the packets to unintended ports.
- The purpose of passive packet sniffing is to read data packets while in transit.
- As a security professional, you research on-path, replay, and smurf attacks in order to implement procedures that will protect your company from these incidents. What type of attack are you learning about?
-
- Ping of death
- SYN flooding
- Packet sniffing
- IP spoofing
- Fill in the blank: _____ is a network attack performed when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network.
- A KRACK attack
- A DoS attack
- IP spoofing
- SYN flooding
- In which attack do malicious actors impersonate a web browser or web server by placing themselves between the two devices, then sniffing the packet information to discover their IP and MAC addresses?
- Packet flooding attack
- On-path attack
- Malware attack
- Smurf attack
Fill in the blank: The _____ network attack occurs when an attacker delays a data packet after intercepting it in transit.
-
- on-path
- SYN flood
- smurf
- replay
Which attack is a combination of a DDoS and an IP spoofing attack, during which the malicious actor overwhelms a target computer?
- Smurf attack
- Ping of Death
- On-path attack
- Replay attack
- Fill in the blank: The _____ network attack occurs when a malicious actor takes a network transmission that was sent by an authorized user and repeats it at a later time to impersonate that user.
- SYN flood
- smurf
- on-path
- replay
- Which combination DoS and IP spoofing attack can bring down an entire network by flooding an authorized user’s IP address with packets?
- On-path attack
- Replay attack
- Ping of Death
- Smurf attack
Shuffle Q/A
- What is the main objective of a Denial of Service (DoS) attack?
- Simulate a TCP connection and flood a server with SYN packets
- Send oversized ICMP packets
- Disrupt normal business operations
- Repeatedly send ICMP packets to a network server
- A security team discovers that an attacker has taken advantage of the handshake process that is used to establish a TCP connection between a device and their server. Which DoS attack does this scenario describe?
- ICMP flood
- On-path attack
- SYN flood attack
- Ping of Death
- Fill in the blank: The maximum size of a correctly formatted IPv4 ICMP packet is _____, as opposed to the oversized packet that is sent during a Ping of Death attack.
- 32KB
- 64TB
- 15Gb
- 64KB
- Fill in the blank: To reduce the chances of an IP spoofing attack, a security analyst can configure a _____ to reject all incoming traffic with the same source IP addresses as those owned by the organization.
- VPN
- HTTPS domain address
- firewall
- demilitarized zone
- Which of the following statements accurately describe Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks? Select three answers.
- A DoS attack may use multiple servers in different locations to flood the target network with unwanted traffic.
- A DDoS attack is intended to overwhelm the target server.
- A DoS attack may involve flooding a network with traffic.
- In both DoS and DDoS attacks, if any part of the network is overloaded, the attacks are successful.
- Which of the following statements correctly describe passive and active packet sniffing? Select three answers.
- A company can avoid using unprotected Wi-Fi to help protect itself from packet sniffing.
- Passive packet sniffing allows malicious actors to view the information going in and out of the targeted device.
- Passive packet sniffing enables attackers to change the information a packet contains.
- Active packet sniffing may enable attackers to redirect the packets to unintended ports.
- As a security professional, you implement safeguards against attackers changing the source IP of a data packet in order to communicate over your company’s network. What type of network attack are you trying to avoid?
- Passive packet sniffing
- Ping of Death
- Active packet sniffing
- IP spoofing
- What do network-level Denial of Service (DoS) attacks target?
- Commonly used software applications
- All hardware within an organization
- Network bandwidth
- The personal information of employees
- Fill in the blank: The DoS attack _____ occurs when an attacker repeatedly sends ICMP packets to a network server.
- on-path
- smurf
- SYN flood
- ICMP flood
- As a security professional, you take steps to stop an attacker from changing the source IP of a data packet in order to impersonate your authorized system. What type of network attack are you working to prevent?
- Ping of Death
- IP spoofing
- Passive packet sniffing
- Active packet sniffing
- What are some common IP spoofing attacks? Select all that apply.
- on-path attacks
- replay attacks
- smurf attacks
- KRACK attacks
- In which attack would malicious actors gain access to a network, put themselves between a web browser and a web server, then sniff the packet to learn the devices’ IP and MAC addresses?
- Smurf attack
- On-path attack
- Packet flooding attack
- Malware attack
Week 4
- Fill in the blank: The _____ acts as an intermediary between software applications and computer hardware.
- authorized user
- operating system
- access system
- baseline
- Which of the following activities are security hardening tasks? Select all that apply.
- Making patch updates
- Disposing of hardware and software properly
- Enforcing password policies
- Exploiting an attack surface
- Multifactor authentication (MFA) is a security measure that requires a user to verify their identity in at least two ways before they can access a system or network.
- True
- False
- What are examples of physical security hardening? Select all that apply.
- Installing security cameras
- Hiring security guards
- Removing or disabling unused applications
- Reducing access permissions across devices
Test your knowledge: Network hardening
- Fill in the blank: Security teams can use _____ to examine network logs and identify events of interest.
- network segmentation
- port filtering
- security information and event management (SIEM) tools
- baseline configuration
- What is a basic principle of port filtering?
- Block all ports in a network.
- Allow users access to only areas of the network that are required for their role.
- Disallow ports that are used by normal network operations.
- Allow ports that are used by normal network operations.
- A security professional creates different subnets for the various departments in their business, ensuring users have access that is appropriate for their particular roles. What does this scenario describe?
- Network log analysis
- Network segmentation
- Patch updates
- Firewall maintenance
- Data in restricted zones should have the same encryption standards as data in other zones.
- True
- False
Test your knowledge: Cloud hardening
- Fill in the blank: A key distinction between cloud and traditional network hardening is the use of a server baseline image, which enables security analysts to prevent _____ by comparing data in cloud servers to the baseline image.
- slow speeds
- damaged data
- improper resource storage
- unverified changes
- Data and applications on cloud networks do not need to be separated based on their service category, such as their age or internal functionality.
- True
- False
- Who is responsible for ensuring the safety of cloud networks? Select all that apply.
- Individual users
- Research department
- Cloud service provider
- Security team
- Fill in the blank: _____ cloud services are a common source of cloud security issues.
- Misconfigured
- Unauthorized
- Shared
- Managed
Weekly challenge 4
- Which of the following tasks are security hardening practices? Select all that apply.
- Keeping network devices functioning properly
- Updating software
- Loosening access permissions
- Performing port filtering
- What is the relationship between security hardening and an attack surface?
- Security hardening permanently eliminates the attack surface.
- Security hardening diminishes the attack surface.
- Security hardening expands the attack surface.
- Security hardening increases the attack surface.
- Fill in the blank: Hiring a security guard is an example of a _____ security hardening practice.
- physical
- virtual
- software-based
- network-focused
- An organization’s in-house security team has been authorized to simulate an attack on the organization’s website. The objective is to identify any vulnerabilities that are present. What does this scenario describe?
- Penetration testing
- The Ping of Death
- Packet sniffing
- A Distributed Denial of Service (DDoS) attack
- What are some methods for hardening operating systems? Select three answers.
- Removing unused software to limit unnecessary vulnerabilities
- Implementing an intrusion detection system (IDS)
- Configuring a device setting to fit a secure encryption standard
- Keeping an up-to-date list of authorized users.
- A security analyst notices something unusual affecting their company’s OS. To confirm that no changes have been made to the system, the analyst compares the current configuration to existing documentation about the OS. What does this scenario describe?
- Checking baseline configuration
- Upgrading the interface between computer hardware and the user
- Responsibly managing applications
- Verifying user identity when accessing an OS
- Fill in the blank: The security measure multifactor authentication (MFA) requires a user to verify their _____ in two or more ways to access a system or network.
- password
- user permissions
- job title
- identity
- In what way might port filtering be used to protect a network from an attack?
- By increasing the attack surface within a business network
- By creating isolated subnets for each of the various departments within an organization
- By helping analysts inspect, analyze, and react to security events based on their priority
- By blocking or allowing certain port numbers in order to limit unwanted communication
In what way might port filtering be used to protect a network from an attack?
- To increase the attack surface in a network
- To inspect, analyze, and react to security events based on their priority
- To disable unused ports in order to reduce the attack surface
- To create isolated subnets for different departments in an organization
- A security team considers the best way to handle the different security zones within their network. They prioritize protecting the restricted zone by separating from the rest of the network and ensuring it has much higher encryption standards. What does this scenario describe?
- Cloud hardening
- Patch updating
- Penetration testing
- Network segmentation
- What is one key similarity between regular web servers and cloud servers?
- In both, all data and application are stored together, regardless of their service category
- They both use baseline images stored in the cloud to compare data.
- They both require proper maintenance and security hardening.
- In both, all applications are stored together, regardless of their age.
Shuffle Q/A
- To help improve the security of a business, its in-house security team is approved to simulate an attack that will identify vulnerabilities in business processes. What does this scenario describe?
- A Distributed Denial of Service (DDoS) attack
- Packet sniffing
- Penetration testing
- The Ping of Death
Which of the following are OS hardening tasks? Select three answers.
- Regularly installing updates
- Implementing multifactor authentication
- Using secure encryption standards
- Conducting a penetration test
- What is one key similarity between regular web servers and cloud servers?
- In both, all data and application are stored together, regardless of their service category.
- They both require security measures taken by the organization to stay safe.
- In both, all applications are stored together, regardless of their age.
- They both use baseline images stored in the cloud to compare data.
- Which of the following tasks are security hardening practices? Select all that apply.
- Reducing access permissions across devices and networks
- Installing patch updates
- Disabling unused ports
- Replacing the RAM on the computers
- What is the term for all the potential system vulnerabilities that a threat actor could exploit?
- Security architecture
- Risk
- Security challenge
- Attack surface
- Fill in the blank: Installing security cameras is an example of a _____ security hardening practice.
- physical
- software-based
- network-focused
- virtual
- A company’s executive team approves a proposal by the security director. The proposal involves security professionals simulating an attack on the company’s systems in order to identify vulnerabilities. What does this scenario describe?
- Penetration testing
- The Ping of Death
- Packet sniffing
- A Distributed Denial of Service (DDoS) attack
- Which of the following are OS hardening tasks? Select three answers.
- Using secure encryption standards
- Implementing multifactor authentication
- Configuring a firewall
- Running regularly scheduled backups
- A security analyst reviews documentation about a firewall rule that includes a list of allowed and disallowed network ports. They compare it to the current firewall to ensure no changes have been made. What does this scenario describe?
- Verifying user identity when accessing an OS
- Upgrading the interface between computer hardware and the user
- Checking baseline configuration
- Responsibly managing applications
- Fill in the blank: The security measure _____ requires a user to verify their identity in two or more ways to access a system or network.
- baseline configuration
- network log analysis
- multifactor authentication (MFA)
- password policy
- Which of the following statements accurately describes port filtering?
- A process performed by a VPN service that protects data by wrapping it in other data packets
- A security technique that divides a network into segments
- A security protocol that provides an encrypted tunnel for issuing commands from a remote server
- A firewall function that blocks or allows certain port numbers in order to limit unwanted network traffic
- A security team works to ensure that an issue in one area of the business does not spread to others and create more problems. They design subnets for each department, such as one for research and another for finance. What does this scenario describe?
- Patch updating
- Cloud hardening
- Penetration testing
- Network segmentation
- How can a security professional confirm that no unverified changes have occurred within a cloud server?
- Use port filtering to block or allow certain updates
- Compare the server baseline image to the data in cloud servers
- Establish multifactor authentication (MFA)
- Perform a penetration test
- What are the purposes of performing a patch update for security hardening? Select all that apply.
- Requiring a user to verify their identity to access a system or network.
- Fixing known security vulnerabilities in a network or services.
- Upgrading an operating system to the latest software version.
- Preventing malicious actors from flooding a network.
- Fill in the blank: Requiring employees to turn off their personal devices while in secure areas is an example of a _____ security hardening practice.
- network-focused
- virtual
- cloud-based
- physical
- Fill in the blank: The security measure multi-factor authentication (MFA) requires a user to verify their identity _____ before accessing a system or network.
- in two or more ways
- within 60 seconds
- at least once
- every day
Course 4 – Tools of the Trade: Linux and SQL
Week 1
- What is an operating system?
- The physical components of a computer
- The interface between computer hardware and the user
- A program for sending email
- A computer, smartphone, or tablet
- Which of the following are operating systems? Select all that apply.
- Linux
- Android
- Windows
- Smartphones
- Which of the following statements correctly describe operating systems? Select all that apply.
- Computers run efficiently because of operating systems.
- Operating systems are the physical components of a computer.
- Operating systems are able to run many applications at once.
- Operating systems help people interact with computers in complex ways.
- Computers communicate in a language called binary, which consists of 0s and 1s.
- True
- False
Test your knowledge: The operating system at work
- What is the job of a computer’s operating system?
- Allow users to specify tasks
- Help other computer programs run efficiently
- Load the bootloader
- Turn on the computer
- Fill in the blank: In order to carry out tasks on a computer, users directly interact with _____.
- the BIOS
- task managers
- the CPU
- applications
- The management of a computer’s resources and memory is handled by an application.
- True
- False
- Which of the following processes are part of starting an operating system? Select all that apply.
- The BIOS or UEFI microchip loads the bootloader.
- The bootloader starts the operating system.
- Either the BIOS or UEFI microchip is activated when a user turns on a computer.
- The bootloader immediately launches when a user turns on a computer.
Test your knowledge: The user interface
- What is a GUI?
- A user interface that enables people to manage tasks on a computer using icons
- A user interface that allows people to interact with a computer through commands
- A user interface that runs only on Linux operating systems
- A user interface that only runs on mobile devices
- Which of the following can be components of a GUI? Select all that apply.
- Desktop icons and shortcuts
- Hardware
- Task bar
- Start menu
- Fill in the blank: A security professional uses a(n) _____ to interact with a computer using text-based instructions.
- operating system
- GUI
- text system
- CLI
- A useful feature of a CLI is that it records a history file of commands and actions.
- True
- False
Weekly challenge 1
- Which of the following statements accurately describe operating systems? Select all that apply.
- Operating systems are responsible for making computers run efficiently.
- Operating systems are a type of computer hardware.
- Computers have operating systems, but smartphones and tablets do not have them.
- Operating systems help people and computers communicate.
- Which of the following are common operating systems? Select three answers.
- macOS®
- Linux
- PC
- Windows
- What is a bootloader?
- A program that checks for malware infections on a computer
- A program that starts an operating system
- A program that communicates instructions to the user
- A program that loads the BIOS or UEFI chip
- Fill in the blank: When someone uses a computer application, the operating system interprets the user’s requests and directs them to the appropriate _____.
- user on the system
- applications
- user interface
- components of the computers hardware
- What happens when you use applications on your computer? Select three answers.
- The application receives information from the operating system and sends a confirmation message directly to the hardware.
- The operating system interprets a request from the application and directs it to the appropriate components of the computer’s hardware.
- The application sends your request to the operating system.
- The hardware sends information back to the operating system, which is sent back to the application.
- Fill in the blank: The user communicates with the operating system via a(n) _____.
- user application
- specialized type of hardware
- another operating system
- user interface
- Which of the following statements correctly describe GUIs and CLIs? Select three answers.
- A CLI performs multiple tasks less efficiently than a GUI.
- CLI commands execute tasks, such as moving a file to a new folder.
- GUI icons help users manage different tasks on a computer.
- A CLI is a text-based user interface.
- A security team suspects that an attacker has compromised their system. They examine the commands entered by the attacker to determine whether they can trace the attacker’s actions to help them resolve the incident. What does this scenario describe?
- Reviewing a history file in a GUI
- Repeating a process using icons
- Reviewing a history file in a CLI
- Examining the usage of files and applications from a start menu
- To ensure a computer’s capacity is used where it is needed most, what does an operating system manage?
- BIOS and UEFI
- Viruses and malware
- Icons and graphics
- Resources and memory
Shuffle Q/A
- Which of the following statements accurately describe operating systems? Select all that apply.
- Operating systems are the interfaces between computer hardware and user.
- Computers, smartphones, and tablets all have operating systems.
- Operating systems only permit one application to run at a time.
- Operating systems are responsible for making computers run efficiently.
- Which of the following operating systems run on desktop and laptop computers? Select two answers.
- Android
- iOS
- macOS®
- Windows
- Fill in the blank: When someone uses a computer application, the _____ interprets the user’s requests and directs them to the appropriate components of the computer’s hardware.
- CPU
- bootloader
- operating system
- BIOS
- If you wanted to perform a calculation on your computer, which of these things would happen? Select three answers.
- The application would send this request to the operating system.
- The hardware would send the answer directly back to the application.
- You would type in the number you wanted to calculate into the application.
- The hardware would determine the answer and send it back to the operating system.
- Fill in the blank: The _____ ensures the limited capacity of a computer system is used where it’s needed most.
- bootloader
- task manager
- hardware
- operating system
- Which of the following statements accurately describe operating systems? Select all that apply.
- Smartphones do not have operating systems.
- Operating systems help people and computers communicate.
- Operating systems are part of the physical components of a computer.
- Operating systems enable computers to run multiple applications at once.
- Which of the following operating systems were designed to run on mobile devices? Select two answers.
- Android
- macOS®
- Linux
- iOS
- What components are involved in the booting process? Select two answers.
- The bootloader
- BIOS or UEFI
- A CLI
- A GUI
- Fill in the blank: A _____ is a program that allows users to control functions of the operating system.
- UEFI chip
- user interface
- bootloader
- CPU
- Which of the following statements correctly describe GUIs and CLIs? Select three answers.
- A CLI uses commands to communicate with an operating system.
- A CLI can complete multiple tasks efficiently.
- A GUI is a text-based user interface.
- GUI icons help users manage different tasks on a computer.
Which of the following statements correctly describe GUIs and CLIs? Select three answers.
- A GUI is a user interface that uses icons.
- CLI commands execute tasks, such as opening a program.
- A CLI can complete multiple tasks efficiently.
- A CLI includes a start menu and taskbar.
- What does BIOS load in order to start an operating system?
- The bootloader
- The user interface
- UEFI
- An anti-virus application
- A security team responds to a breach by following the instructions from their playbook. They later want to ensure all of the commands they entered were correct. So, they review the saved steps they performed in the command line. What does this scenario describe?
- Repeating a process using icons
- Saving files and applications from a start menu
- Reviewing a history file in a GUI
- Reviewing a history file in a CLI
- Fill in the blank: On a computer, the _____ handles resource and memory management.
- task manager
- hardware
- browser
- operating system
Which layer is responsible for establishing a connection between a source and a destination device?
-
- Layer 1, network access
- Layer 2, internet
- Layer 3, transport
- Layer 4, application
Week 2
- As a security analyst, you might use Linux to review logs when investigating an issue.
- True
- False
- Which of the following are components of the Linux architecture? Select all that apply.
- The shell
- Applications
- The kernel
- The operating system
- Fill in the blank: The Filesystem Hierarchy Standard (FHS) is the component of Linux architecture that _____.
- organizes data
- consists of the physical components of a computer
- enables people to communicate with the system
- manages processes and memory
- Which of the following hardware components are peripheral devices? Select all that apply.
- a printer
- a CPU
- RAM
- a monitor
Test your knowledge: Linux distributions
- Fill in the blank: Because the _____ is open source, anyone can modify it to build new Linux distributions.
- hardware
- kernel
- application
- shell
- What is KALI LINUX ™?
(KALI LINUX ™ is a trademark of OffSec.)
- A Debian-derived, open-source distribution of Linux designed for security tasks
- A tool with a graphical user interface that can be used to analyze live and captured network traffic
- A subscription-based Linux distribution built for enterprise use
- A tool used to guess passwords
- What is an open-source, user-friendly distribution derived from Debian that is widely used in security and other industries?
- Ubuntu
- Autopsy
- Red Hat
- tcpdump
- Which of the following are distributions of Linux? Select all that apply.
- Parrot
- CentOS
- Red Hat
- Pen Test
Test your knowledge: The shell
- What is the shell?
- An instruction telling the computer to do something
- The command-line interpreter
- Data consisting of an ordered sequence of characters
- Information received by the operating system (OS) via the command line
- After a user inputs a command into the shell, what can the shell return to the user? Select two answers.
- A request for more input from the user
- Output
- A request for user approval
- An error message
- What is standard error in Linux?
- A Linux command that outputs a specified string of text
- Error messages returned by the operating system through the shell
- Information received by the operating system via the command line
- Information returned by the operating system through the shell
- What is the difference between standard input and standard output?
- Standard input is sent from the Filesystem Hierarchy Standard (FHS). Standard output is sent to the FHS.
- Standard input is sent to the operating system. Standard output is sent from the operating system.
- Standard input is sent to the Filesystem Hierarchy Standard (FHS). Standard output is sent from the FHS.
- Standard input is sent from the operating system. Standard output is sent to the operation system.
Weekly challenge 2
- Fill in the blank: Linux is a(n) _____ operating system.
- closed-source
- single-user
- open-source
- command line
- Which of the following components are part of the Linux architecture? Select all that apply.
- Applications
- The kernel
- Standard input
- The shell
- What is one reason why there are multiple distributions of Linux?
- Linux distributions are closed source, which means users must create a new distribution if they want to use Linux.
- Linux distributions expire after a period of time, which means new distributions must be created.
- The Linux kernel is updated yearly, which means community developers create new distributions to stay updated.
- The Linux kernel is open source, which means anyone can use the kernel and modify it.
- Which of the following statements correctly describe KALI LINUX ™? Select three answers.
(KALI LINUX ™ is a trademark of OffSec.)
- KALI LINUX ™ was created specifically to be used with penetration testing and digital forensics.
- KALI LINUX ™ was created as an enterprise distribution of Linux.
- KALI LINUX ™ is an open-source Linux distribution that is widely used in security.
- KALI LINUX ™ should be used on a virtual machine.
- Which of these are common Linux distributions? Select all that apply.
- Parrot
- Red Hat
- Bash
- CentOS
- Fill in the blank: The _____ communicates with the kernel to execute commands.
- shell
- Filesystem Hierarchy Standard (FHS)
- interface
- hardware
- Which of the following are communication methods with the shell? Select all that apply.
- Standard command
- Standard error
- Standard input
- Standard output
- Which of the following is an example of hardware?
- Shell
- Kernel
- CPU
- Applications
- When the system doesn’t know how to respond to a command, what is the result?
- A request for additional resources
- Standard input
- Standard output
- An error message
Shuffle Q/A
- What is an effect of Linux being open source?
- It allows for collaboration among a community of developers.
- It is the most simple OS in terms of architecture.
- It requires a yearly subscription.
- It is the easiest OS for beginners to use.
- Which of the following components are part of the Linux architecture? Select all that apply.
- The kernel
- The Filesystem Hierarchy Standard (FHS)
- Standard output
- Hardware
- What are distributions?
- Simulated attacks that help identify vulnerabilities
- The different versions of Linux
- Programs that perform specific tasks
- Data consisting of an ordered sequence of characters
- What is an example of a Linux distribution that comes pre-installed with many security-related tools?
- Wireshark
- KALI LINUX ™ (KALI LINUX ™ is a trademark of OffSec.)
- Kernel
- SUSE
- What is the Linux shell used for?
- It organizes the data stored in the computer so it can be found easily.
- It manages processes and memory.
- It ensures the system allocates resources efficiently.
- It allows you to communicate with the operating system.
Fill in the blank: When you communicate with the shell, the commands in the shell can ___. Select all that apply.
- give error messages
- give output
- take output
- take input
Which of the following is a Linux distribution that is built for enterprise use and offers a dedicated support team for customers?
-
- nano
- KALI LINUX ™ (KALI LINUX ™ is a trademark of OffSec.)
- Red Hat
- Parrot
Fill in the blank: Package managers are used to distribute Linux _____.
-
- kernels
- shells
- commands
- applications
- Which of the following is an example of an application?
- Parrot
- CentOS
- nano
- The kernel
- What does standard error contain?
- Error messages sent as standard input to an application.
- Error messages sent to the OS from the shell.
- Error messages returned by the OS through the shell.
- Error messages sent to an application as string data.
- Which aspect of Linux makes it available to everyone?
- Its kernel
- Its open-source design
- Its multiple distributions
- Its use in cybersecurity
- Which of the following components are part of the Linux architecture? Select all that apply.
- The distribution
- The Filesystem Hierarchy Standard (FHS)
- Applications
- The shell
Which of the following components are part of the Linux architecture? Select all that apply.
- The kernel
- Standard output
- Hardware
- The Filesystem Hierarchy Standard (FHS)
- Which of the following are examples of Linux distributions? Select all that apply.
- Debian
- Wireshark
- Ubuntu
- tcpdump
- What is the shell in Linux?
- An instruction telling the computer to do something
- The command-line interpreter
- A Linux command that outputs a specified string of text
- The information received by the OS via the command line
Week 3
- What is a command?
- A common shell in many Linux distributions
- An instruction that tells a computer to do something
- The highest-level directory in Linux
- A component of the Linux architecture
- Which of the following commands prints the working directory to the screen?
- cat
- ls
- pwd
- head
- What does the cd command do?
- Navigates between directories
- Outputs a specified string of text
- Displays the names of files in the current directory
- Prints the working directory to the screen
- A security professional enters head access.txt into a shell. What are they telling the operating system to do?
- Remove the first 5 lines of access.txt
- Return the content of access.txt one page a time
- Display the first 10 lines of access.txt
- Add a header to the file named access.txt
- What is the difference between an absolute file path and a relative file path?
- An absolute file path starts from the current directory, and a relative file path starts from the root.
- An absolute file path ends with a forward slash (/), and a relative file path ends with a backslash (\).
- An absolute file path starts from the root, and a relative file path starts from the current directory.
- An absolute file path ends with a backslash (\), and a relative file path ends with a forward slash (/).
Test your knowledge: Manage file content in Bash
- What two arguments commonly follow the grep command?
- The file to move and the new file location
- The string to search for and the file to search through
- The file to write to and the string to add to it
- The file name to search for and the directory to search through
- In Linux, what does the piping command (|) do?
- It searches a specified file and returns all lines in the file containing a specified string.
- It moves a file or directory to a new location.
- It sends the standard input of one command as standard output to another command for further processing.
- It sends the standard output of one command as standard input to another command for further processing.
- A security professional enters cp vulnerabilities.txt /home/analyst/projects into the command line. What do they want the operating system to do?
- Create a new file named vulnerabilities.txt in the projects directory
- Remove the vulnerabilities.txt file from the projects directory
- Search for the string vulnerabilities.txt in the projects directory
- Copy the vulnerabilities.txt file into the projects directory
- What command creates a new file called failed_logins.txt?
- find failed_logins.txt
- mkdir failed_logins.txt
- touch failed_logins.txt
- rm failed_logins.txt
Test your knowledge: Authenticate and authorize users
- What is authorization?
- The concept of granting only the minimal access and authorization required to complete a task or function
- The concept of granting access to specific resources in a system
- The process of a user proving that they are who they say they are in the system
- The process of temporarily granting elevated permissions to specific users
- Which of the following statements correctly describe the file permissions string -rw-rw-rw-? Select two answers.
- The user and group have execute permissions.
- The user has write permissions.
- The file type is a directory.
- The group has read permissions.
- A security professional enters chmod g+w access.txt into the command line. What does this command tell the operating system to do?
- Add write permissions to the user for the access.txt file
- Remove write permissions from the group for the access.txt file
- Add write permissions to the group for the access.txt file
- Remove write permissions from the user for the access.txt file
- Which of the following commands typically must be used with sudo? Select three answers.
- useradd
- chmod
- userdel
- chown
- A security analyst is updating permissions on a directory named projects. The current permissions are drwxrw-r–. They want to add execute permissions for the group. What do they enter on the command line?
- chmod g+x projects
- chmod u-x projects
- chmod x+x projects
- chmod g-x projects
Test your knowledge: Get help in Linux
- Which of the following statements accurately describe Linux’s online global community? Select three answers.
- Because Linux is open-source, the community can easily contribute.
- The community is focused on collecting feedback from advanced users of Linux.
- Linux users can find support from the community for everyday tasks.
- The community publishes online information to help users learn how to operate Linux.
- What does the man command do?
- Display a description of a command on a single line
- Display information on other commands and how they work
- Search the manual page descriptions for a specified string
- Delete a user from the system
- What does the whatis command do?
- Return the username of the current user
- Display information on other commands and how they work
- Search the manual page descriptions for a specified string
- Display a description of a command on a single line
- What is an advantage of the apropos command?
- It incorporates mandatory options for customized searching
- It condenses the description of a specific command to one line.
- Users can search for a command even if they do not know the specific command name.
- It can be used to search for descriptions of commands when you know the specific command name.
Weekly challenge 3
- What are the arguments in mv Q1users.txt /home/analyst/reports? Select two answers.
- Q1users.txt
- .txt
- mv
- /home/analyst/reports
- Fill in the blank: The highest-level directory in Linux is called the _____.
- permissions
- root directory
- home directory
- sudo
Which command searches a specified file and returns all lines in the file containing a specified string?
-
- mkdir
- sudo
- grep
- pwd
Which of these commands creates a new file?
-
- cd
- chmod
- touch
- mkdir
- What does the grep command do?
- Searches a specified file and returns all lines in the file containing a specified string
- Temporarily grants elevated permissions to specific users
- Prints the working directory to the screen
- Creates a new directory
- What does the touch command do?
- Creates a new file
- Opens a file editor
- Moves a file or directory to a new location
- Changes permissions on files and directories
- What are read, write, and execute?
- The three types of permissions for authorized users
- The three types of owners for files and directories
- Different methods for editing files
- Specific Linux commands used to change file permissions
A security analyst is updating permissions on the file access.txt. They want to add write permissions for the user and remove read permissions for the group. What do they enter on the command line?
- chmod u+w,g-r access.txt
- chmod access.txt u+w,g-r
- chmod u-w,g+r access.txt
- chmod u+rw,g-rw access.txt
- A security analyst is updating permissions on the file access.txt. They want to add write permissions for the user and remove read permissions for the group. What do they enter on the command line?
- chmod u-w,g+r access.txt
- chmod u+rw,g-rw access.txt
- chmod access.txt u+w,g-r
- chmod u+w,g-r access.txt
- A user is not a root user, but needs elevated privileges to use certain commands. What should they do?
- Use the sudo command
- Assign themselves write permissions
- Assign themselves execute permissions
- Use the chmod command
- Which command can you use to change your current directory?
- pwd
- cat
- ls
- cd
- What does the apropos command do?
- Searches the manual page descriptions for a specified string
- Displays detailed information on commands and their options
- Prints the working directory to the screen
- Displays a description of a command on a single line
- Given the following permissions drw-rw-r–, what permissions does the group have? Select all that apply.
- Read
- Use
- Write
- Execute
Given the following permissions drw-rw-r–, which character indicates if this is a file or directory?
-
- Fifth
- Tenth
- First
- Second
Shuffle Q/A
- A security analyst enters grep OS updates.txt into the command line. What does this tell the operating system to do?
- Create a new directory named OS and a new file named updates.txt
- Create a new file named updates.txt in the OS directory
- Search through the updates.txt file and return all lines containing the string OS
- Move the updates.txt file to the OS directory
- What does sudo do?
- Temporarily grants elevated permissions to specific users
- Deletes users from the system
- Changes the owner associated with a particular file
- Adds users to the system
- In which of these situations would you enter cd logs?
- You want to search for the string logs in the files of your current directory.
- You want to list all the files and directories in the logs directory.
- You want to change to a subdirectory of your current directory named logs.
- You want to print the first 10 lines of the logs file.
- Given the following permissions drw-rw-r–, what does the fourth character represent?
-
- The group does not have execute permissions for this directory
- The user does not have execute permissions for this directory
- The user has execute permissions for this directory
- The group has execute permissions for this directory
- What are the arguments in cp vulnerabilities.txt /home/analyst/projects? Select two answers.
- /home/analyst/projects
- vulnerabilities.txt
- cp
- /home
- Which of the following items represents the root directory?
- /
- *home
- /home
- *
- A security analyst enters touch updates.txt into the command line. What does this tell the operating system to do?
- Move the updates.txt file out of their current directory
- Create a new file named updates.txt in their current directory
- Open the updates.txt file
- Create a new file named updates.txt and move it to the root directory
- Which of the following are types of permissions? Select all that apply.
- Read
- Write
- Authorize
- Execute
- A security analyst enters chmod u+w,g-r access.txt into the command line. What does this command tell the operating system to do? Select all that apply.
- Remove read permissions from the user for the access.txt file
- Add write permissions to the user for the access.txt file
- Add write permissions to the group for the access.txt file
- Remove read permissions from the group for the access.txt file
- Which of the following commands require the user to be a root user or have sudo privileges? Select two answers.
- cd
- useradd
- userdel
- grep
- What should you specify in the argument following the cd command?
- Your current directory
- The string you want to search for
- The directory you want to navigate to
- The file you want to create
- Which of the following commands searches the manual page descriptions for a specified string?
- cp
- pwd
- man
- apropos
Week 4
- Which statement accurately describes the organization of a relational database?
- Relational databases consist of a single table with one primary key and one foreign key.
- Relational databases contain tables that are related to each other through primary and foreign keys.
- Relational databases consist of a single table containing related information.
- Relational databases contain primary keys with at least two duplicate values.
- What is SQL used for? Select two answers.
- Finding data to support security-related decisions and analysis
- Allowing users to access a specific machine
- Securing an organization’s systems and networks
- Creating, interacting with, and requesting information from a database
- A record of attempts to connect to an organization’s network is one example of a log.
- True
- False
- Fill in the blank: A request for data from a database table or a combination of tables is called a _____.
- query
- log
- key
- row
Test your knowledge: SQL queries
- What is filtering in SQL?
- Removing invalid records
- Removing unnecessary data from the database
- Selecting data that match a certain condition
- Changing a table to match a condition
- You are working with the Chinook database and want to return the firstname, lastname, and phone of all employees. Replace –??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)
What is Andrew Adams’ phone number?
Answers
- +1 (403) 262-3443
- +1 (780) 428-9482
- +1 (780) 836-9987
- +1 (403) 467-3351
- A security analyst wants to filter the log_in_attempts table for records where the value in the country column is ‘Canada’. What is a valid query for this?
- WHERE country = ‘Canada’
SELECT *
FROM log_in_attempts; - SELECT *
FROM log_in_attempts
WHERE country = ‘Canada’; - SELECT WHERE country = ‘Canada’
FROM log_in_attempts; - SELECT *
FROM log_in_attempts
WHERE country = Canada;
- Which pattern matches with any string that starts with the character ‘A’?
- ‘%A%’
- ‘%A’
- ‘A%’
- ‘A’
Test your knowledge: More SQL filters
- Which filter outputs all records with values in the date column between ’01-01-2015′ (January 1, 2015) and ’01-04-2015′ (April 1, 2015)?
- WHERE date BETWEEN ’01-01-2015′ AND ’01-04-2015′;
- WHERE date BETWEEN ’01-01-2015′, ’01-04-2015′;
- WHERE date < ’01-04-2015′;
- WHERE date > ’01-01-2015′;
- Which operator is most efficient at returning all records with a status other than ‘successful’?
- OR
- NOT
- BETWEEN
- AND
- You are working with the Chinook database. You want to find the first and last names of customers who have a value in the country column of either ‘Brazil’ or ‘Argentina’. Replace –??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)
How many customers are from Brazil or Argentina?
- 5
- 6
- 1
- 4
- While working as an analyst, you encounter a query that includes the following filter:
SELECT *
FROM customers
WHERE country = ‘USA’ AND state = ‘NV’
What will this query return?
- Information about customers who have a value of ‘USA’ in the country column and a value of ‘NV’ in the state column.
- Information about customers who do not have a value of ‘USA’ in the country column but do have a value of ‘NV’ in the state column.
- Information about customers who have a value of ‘USA’ in the country column or a value of ‘NV’ in the state column.
- Information about customers who do not have a value of ‘USA’ in the country column or do not have a value of ‘NV’ in the state column.
Test your knowledge: SQL joins
- Which join types return all rows from only one of the tables being joined? Select all that apply.
- RIGHT JOIN
- INNER JOIN
- FULL OUTER JOIN
- LEFT JOIN
- You are performing an INNER JOIN on two tables on the employee_id column. The left table is employees, and the right table is machines. Which of the following queries has the correct INNER JOIN syntax?
- SELECT *
FROM employees
INNER JOIN machines WHERE employees.employee_id = machines.employee_id; - SELECT *
FROM employees
INNER JOIN ON employees.employee_id = machines.employee_id; - INNER JOIN machines ON employees.employee_id = machines.employee_id
SELECT *
FROM employees; - SELECT *
FROM employees
INNER JOIN machines ON employees.employee_id = machines.employee_id;
- In the following query, which join returns all records from the employees table, but only records that match on employee_id from the machines table?
SELECT *
FROM employees
_____ machines ON employees.employee_id = machines.employee_id;
- FULL OUTER JOIN
- RIGHT JOIN
- INNER JOIN
- LEFT JOIN
- As a security analyst, you are responsible for performing an INNER JOIN on the invoices and invoice_items tables of the Chinook database. These tables can be connected through the invoiceid column. Replace –??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)
What is the value in the trackid column of the first row that is returned from this query?
- 1
- 3
- 2
- 449
Weekly challenge 4
- Why might a security analyst use SQL?
- To store data in a spreadsheet
- To create new files on their computer
- To efficiently find needed data in security logs
- To assign new passwords to users
- Fill in the blank: A column in which every row has a unique entry and which is used to identify a table is called a _____.
- primary key
- database key
- foreign key
- relational key
- Which of these SQL statements queries the log_in_attempts table? Select all that apply.
- SELECT *
FROM log_in_attempts; - SELECT event_id, username
FROM log_in_attempts
WHERE event_id < 150; - SELECT log_in_attempts
FROM *; - SELECT log_in_attempts
FROM event_id;
- What does INNER JOIN do?
- Combine tables and save them as a new table
- Compare tables and return only the rows that have a matching value in a specified column
- Filter databases to return only columns that exist in every table
- Return every row in joined tables
- Which SQL keyword indicates the condition for a filter?
- FROM
- SELECT
- INNER JOIN
- WHERE
- You work with a table that has one column for name. Some of these names have prefixes. You want to identify all of the doctors. Which query will return every name that starts with the prefix ‘Dr.’?
- WHERE name LIKE ‘Dr.%’;
- WHERE name = ‘Dr.%’;
- WHERE name = ‘Dr._’;
- WHERE name LIKE ‘Dr._’;
- What does the following query return?
SELECT *
FROM employees
RIGHT JOIN machines ON employees.device_id = machines.device_id;
- All columns of the employees and machines table and the records from employees and machines that match on device_id
- All columns and records from the employees and machines tables
- All columns of the employees and machines table, all records from the employees table, and the records from machines that match on device_id
- All columns of the employees and machines table, all records from the machines table, and the records from employees that match on device_id
- You are working with the Chinook database. You want to return the company and country columns from the customers table. Replace –??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)
In what country is JetBrains s.r.o. located?
- Germany
- Czech Republic
- Brazil
- United States
- You are working with the Chinook database and are responsible for filtering for invoices with a total that is more than 20. Replace –??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)
How many invoices have a total that is more than 20?
- 2
- 4
- 1
- 3
You are working with the Chinook database and are responsible for filtering for customers that live in the country of ‘USA’ and the state with an abbreviation of ‘CA’. Replace –??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)
SELECT firstname,lastname, address, country
FROM customers
–???
What are the first names of the customers that live in the USA and the state with an abbreviation of CA?
- Frank, Tim, Dan
- Frank, Tim, Dan, Heather, Kathy
- Kathy, Michelle, Frank
- John, Michelle, Julia, Patrick
- You are working with the Chinook database and are responsible for filtering for the customers that live in the city of ‘Mountain View’ and work for the company of ‘Google Inc.’ Replace –??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)
How many customers live in Mountain View and work for Google Inc.?
- 3
- 2
- 4
- 1
Shuffle Q/A
- A security analyst queries a table related to login attempts. How can SQL help this analyst with their work?
- The analyst will get a live update on new login attempts.
- The analyst can efficiently find the login data they need.
- SQL will change authentication permissions to prevent unauthorized logins.
- SQL will automatically distribute a report on suspicious login attempts.
- Which of these SQL statements queries the machines table? Select all that apply.
- SELECT *
FROM machines; - SELECT device_id, operating_system
FROM machines
WHERE operating_system = ‘OS 2’; - SELECT machines
FROM *; - SELECT machines
FROM operating_system;
- What does WHERE department = ‘Sales’ indicate in the following SQL query?
SELECT *
FROM employees
WHERE department = ‘Sales’;
- To highlight the department column in the results
- To only return rows that match the filter
- To only return the department column
- To change all the values in the department column to ‘Sales’
- You need to perform a SQL join. You want to return all the columns with records matching on the employee_id column between the employees and machines tables. You also want to return all records from the machines table. Which of the following queries would you use?
- SELECT *
FROM employees
INNER JOIN machines ON employees.employee_id = machines.employee_id; - SELECT *
FROM employees
LEFT JOIN machines ON employees.employee_id = machines.employee_id; - SELECT *
FROM employees
FULL OUTER JOIN machines ON employees.employee_id = machines.employee_id; - SELECT *
FROM employees
RIGHT JOIN machines ON employees.employee_id = machines.employee_id;
- You are working with the Chinook database. You want to return the employeeid and email columns from the employees table. Replace –??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)
What is the employee ID number of the employee with an email of laura@chinookcorp.com?
- 8
- 2
- 6
- 4
- You are working with the Chinook database and are responsible for filtering for the customers that have a value of ‘USA’ in the country column and have a value of ‘Frank’ in the firstname column. Replace –??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)
How many customers live in the USA and have the name Frank?
- 4
- 1
- 3
- 2
- You need to perform a SQL join. You want to return all the columns with records matching on the device_id column between the employees and machines tables. You also want to return all records from the employees table. Which of the following queries would you use?
- SELECT *
FROM employees
RIGHT JOIN machines ON employees.device_id = machines.device_id; - SELECT *
FROM employees
INNER JOIN machines ON employees.device_id = machines.device_id; - SELECT *
FROM employees
FULL OUTER JOIN machines ON employees.device_id = machines.device_id - SELECT *
FROM employees
LEFT JOIN machines ON employees.device_id = machines.device_id;
- You are working with the Chinook database. You want to return the lastname and title columns from the employees table. Replace –??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)
What is the title of the employee with the last name of Callahan?
- IT Manager
- IT Staff
- Sales Manager
- General Manager
- You are working with the Chinook database and want to filter on the hiredate column to find all employees hired on or after ‘2003-10-17’ (October 17, 2003). Replace –??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)
How many employees were hired on or after October 17, 2003?
- 4
- 2
- 3
- 1
- What is true about the values in the primary key column? Select all that apply.
- They cannot be null (or empty).
- They should never contain numeric data.
- They do not need to be unique.
- Each row must have a unique value.
Which of these SQL statements queries the employees table? Select all that apply.
- SELECT employees
FROM employee_id;
- SELECT employees
FROM *;
- SELECT *
FROM employees;
- SELECT employee_id, device_id
FROM employees
WHERE employee_id > 1100;
What type of join compares tables and returns only the rows that have a matching value in a specified column?
-
- FULL OUTER JOIN
- LEFT JOIN
- INNER JOIN
- RIGHT JOIN
- Both an employees table and a machines table contain an employee_id column, and you want to return only the records that share a value in this column. Which keyword should be part of your query?
- FULL OUTER JOIN
- INNER JOIN
- BETWEEN
- WHERE
- Which query returns all records that start with the character ‘a’ from the name column in the employees table?
- SELECT name
FROM employees
WHERE name = ‘a%’; - SELECT name
FROM employees
WHERE name LIKE ‘%a’; - SELECT name
FROM employees
WHERE name LIKE ‘a%’; - SELECT name
FROM employees
WHERE name LIKE ‘a’;
Course 5 – Assets, Threats, and Vulnerabilities
Week 1
- What is a risk?
- Any circumstance or event that can negatively impact assets
- Anything that can impact the confidentiality, integrity, or availability of an asset
- The practice of labeling assets based on sensitivity and importance to an organization
- A weakness that can be exploited by a threat
- A security professional discovers a rogue access point on their company WiFi that is not managed by the networking team. The rogue device is altering and deleting sensitive records without authorization. What does this scenario describe?
- Threat
- Vulnerability
- Risk
- Asset
- A product team is storing customer survey data for a new project in a cloud drive. The data is only accessible to product team members while the project is in development. What is this data’s asset type?
- Public
- Customer data
- Internal demo
- Confidential
- What is the practice of labeling assets based on sensitivity and importance to an organization?
- Asset inventory
- Asset classification
- Asset management
- Asset restriction
Test your knowledge: Digital and physical assets
- What is the practice of keeping data in all states away from unauthorized users?
- Network
- Cybersecurity
- Information security
- Asset
- An employee is promoted to a new role, so their workstation is transferred to a different office. As the employee’s workstation is being relocated, what data state are its files in?
- At rest
- In transit
- In use
- In storage
- What is an example of data in transit?
- A sent email is traveling over the network to reach its destination.
- A spreadsheet file is saved on an employee’s hard drive.
- A manager is editing a report on their computer.
- A user logs in to their online account to review their messages.
- Fill in the blank: Data is in use when it is being _____ by one or more users.
- accessed
- ignored
- transported
- classified
Test your knowledge: Risk and asset security
- What types of risks do security plans address? Select three answers.
- Disclosure of data
- Shift of market conditions
- Loss of information
- Damage to assets
- What are the basic elements of a security plan? Select three answers.
- Standards
- Policies
- Procedures
- Regulations
- Fill in the blank: The NIST CSF is a _____ framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
- voluntary
- mandatory
- limited
- rigid
- What are some benefits of the NIST Cybersecurity Framework (CSF)? Select three answers.
- It helps organizations achieve regulatory standards.
- It can be used to identify and assess risk.
- It is required to do business online.
- It’s adaptable to fit the needs of any business.
Weekly challenge 1
- A malicious hacker gains access to a company system in order to access sensitive information. What does this scenario describe?
- Vulnerability
- Regulation
- Procedure
- Threat
Which of the following are examples of a vulnerability? Select two answers.
- Malicious hackers stealing access credentials
- An employee misconfiguring a firewall
- Attackers causing a power outage
- A malfunctioning door lock
- Fill in the blank: A misconfigured firewall is an example of a security _____.
- exploit
- vulnerability
- threat
- asset
- What is the first step of asset management?
- To assign a risk score to assets
- To address an asset’s vulnerabilities
- To make an asset inventory
- To classify assets based on value
- A small group of software developers is working internally on a confidential project. They are developing a new web application for the employees at their organization. Who can the developers discuss this confidential project with? Select two answers.
- External business partners
- Close friends
- Teammates
- Project managers
- A local chef owns a successful small business that sells cooking sauces and seasoning. Their best-selling product is a sauce that’s made with a top secret family recipe. To continue growing the company, the chef is about to start a partnership with a large retailer. In this scenario, what classification level should be assigned to the chef’s proprietary recipe in this scenario?
-
- Public
- Internal
- Confidential
- Restricted
Which of the following can be prevented with effective information security? Select all that apply.
-
- Compliance with regulations
- Identity theft
- Financial loss
- Reputational damage
What is an example of digital data at rest? Select two answers.
- Files on a hard drive
-
- Email messages in an inbox
- Letters on a table
- Contracts in a file cabinet
- Fill in the blank: Information security (InfoSec) is the practice of keeping ____ in all states away from unauthorized users.
- processes
- documents
- files
- data
- What is an example of data in transit? Select two answers.
- A slideshow presentation on a thumb drive
- A file being downloaded from a website
- A website with multiple files available for download
- An email being sent to a colleague
- Who should an effective security plan focus on protecting? Select all that apply.
- Customers
- Competitors
- Employees
- Business partners
What NIST Cybersecurity Framework (CSF) tier is an indication that compliance is being performed at an exemplary standard?
- Level-2
- Level-4
- Level-3
- Level-1
What are some benefits of the NIST Cybersecurity Framework? Select three answers.
- The CSF fosters trust between businesses.
- The CSF will protect an organization from cyber threats.
- The CSF is adaptable to meet a company’s needs.
- The CSF assists with regulatory compliance efforts.
- Which of the following are components of the NIST Cybersecurity Framework? Select three answers.
- Profiles
- Core
- Controls
- Tiers
- Fill in the blank: To measure performance across the functions of the _____, security teams use NIST tiers.
-
- profiles
- core
- framework
- business
Shuffle Q/A
- An employee who has access to company assets abuses their privileges by stealing information and selling it for personal gain. What does this scenario describe?
- Vulnerability
- Procedure
- Threat
- Regulation
Which of the following refers to the process of tracking assets and the risks that affect them?
- Asset management
- Asset administration
- Asset classification
- Asset inventory
- Which of the following are examples of security vulnerabilities? Select three answers.
- Unattended laptop
- Suspended access card
- Weak password
- Unlocked doors at a business
- Which of the following statements correctly describe security asset management? Select two answers.
- It helps identify risks.
- It decreases vulnerabilities.
- It is a one-time process.
- It uncovers gaps in security.
- What is an example of restricted information? Select all that apply.
- Cardholder data
- Intellectual property
- Employee email addresses
- Health information
- What are some key benefits of a security plan? Select three answers.
- Define consistent policies that address what’s being protected and why.
- Establish a shared set of standards for protecting assets.
- Outline clear procedures that describe how to protect assets and react to threats.
- Enhance business advantage by collaborating with key partners.
- Fill in the blank: CSF profiles provide insights into the _____ state of a security plan.
- historical
- current
- future
- recent
- An employee is asked to email customers and request that they complete a satisfaction survey. The employee must be given access to confidential information in the company database to conduct the survey. What types of confidential customer information should the employee be able to access from the company’s database to do their job? Select two answers.
- E-mail addresses
- Credit card data
- Customer names
- Home addresses
- A mobile game displays ads to users. The game is free to users so long as they occasionally view ads from other companies. Should these other companies be able contact the users of the gaming app?
- Maybe, because users have control over sharing their information.
- No, because this user information is restricted.
- Yes, because user information is public.
- Why is it so challenging to secure digital information? Select two answers.
- Most information is in the form of data.
- There are no regulations that protect information.
- There are so many resources to dedicate to security.
- Technologies are interconnected.
- What is an example of confidential information? Select two answers.
- Press release
- Employee contacts
- Project documents
- Marketing strategy
- What is an example of data in use? Select three answers.
-
- Reading emails in your inbox.
- Watching a movie on a laptop.
- Playing music on your phone.
- Downloading a file attachment.
- Which of the following are functions of the NIST Cybersecurity Framework core? Select three answers.
- Implement
- Protect
- Detect
- Respond
Week 2
- What are categories of security controls? Select all that apply.
- Operational
- Privacy
- Technical
- Managerial
- Fill in the blank: A data _____ decides who can access, edit, use, or destroy their information.
- handler
- custodian
- protector
- owner
- A writer for a technology company is drafting an article about new software features that are being released. According to the principle of least privilege, what should the writer have access to while drafting the article? Select all that apply.
- Login credentials of the software users
- Software developers who are knowledgeable about the product
- Other new software that is in development
- The software they are reviewing
- Which privacy regulations influence how organizations approach data security? Select three answers.
- Infrastructure as a Service (IaaS)
- General Data Protection Regulation (GDPR)
- Payment Card Industry Data Security Standard (PCI DSS)
- Health Insurance Portability and Accountability Act (HIPAA)
Test your knowledge: Encryption methods
- Which of the following elements are required when using encryption? Select all that apply.
- Key
- Certificate
- Cipher
- Token
- Which technologies are used in public key infrastructure (PKI)? Select three answers.
- Asymmetric encryption
- Symmetric encryption
- Digital certificates
- Ciphertext
- Fill in the blank: _____ encryption produces a public and private key pair.
- Hashing
- Symmetric
- Salting
- Asymmetric
- An attacker gains access to a database where user passwords are secured with the SHA-256 hashing algorithm. Can the attacker decrypt the user passwords?
- Yes. Hash algorithms produce a decryption key.
- No. Hash algorithms do not produce decryption keys.
- What term describes being unable to deny that information is authentic?
- Confidentiality
- Non-repudiation
- Integrity
- Availability
Test your knowledge: Authentication, authorization, and accounting
- What factors do authentication systems use to verify a user’s identity? Select three answers.
- Ownership
- Characteristic
- Authorization
- Knowledge
- How do businesses benefit from implementing single sign-on (SSO) technology? Select two answers.
- By simplifying their user management
- By providing a better user experience
- By requiring multiple forms of identification
- By streamlining HTTP traffic between servers
- A retail company has one employee that’s in charge of purchasing goods, another employee that’s in charge of approving new purchases, and a third employee that’s in charge of paying invoices. What security principle is the retail company implementing?
- Separation of duties
- Least privilege
- Authentication, authorization, and accounting (AAA)
- Non-repudiation
- What are the categories of access controls? Select three answers.
- Authorization
- Administration
- Authentication
- Accounting
- What credential does OAuth use to authenticate users?
- A one-time passcode (OTP)
- A session cookie
- An application programming interface (API) token
- A digital certificate
Weekly challenge 2
- Which of the following examples are categories of security controls? Select three answers.
- Operational
- Managerial
- Technical
- Compliance
- A large hotel chain is conducting a national sweepstakes. To enter the sweepstakes, customers must consent to sharing their email address with the chain’s business partners for marketing purposes. What are the hotel chain’s responsibilities as data custodians? Select three answers.
- Back up customer information
- Send information to business partners
- Grant business partners consent to use customer data
- Collect customer consent and emails
- You send an email to a friend. The service provider of your inbox encrypts all messages that you send. What happens to the information in your email when it’s encrypted?
- It’s converted from a hash value to ciphertext.
- It’s converted from Caesar’s cipher to plaintext.
- It’s converted from plaintext to ciphertext.
- It’s converted from ciphertext to plaintext.
- Why are hash algorithms that generate long hash values more secure than those that produce short hash values?
- They are easier to decrypt
- They are easier to exchange over a network
- They are more difficult to remember
- They are more difficult to brute force
- Fill in the blank: A _____ is used to prove the identity of users, companies, and networks in public key infrastructure.
- digital certificate
- access token
- access key
- digital signature
- Fill in the blank: Knowledge, ownership, and characteristic are three factors of _____ systems.
- authorization
- administrative
- accounting
- authentication
What are two advantages of using single sign-on (SSO) systems to authenticate users? Select two answers.
- It makes authentication safe.
- It makes the login process faster.
- Users can reuse the same password.
- Users can gain access to multiple platforms.
- What is a key advantage of multi-factor authentication compared to single sign-on?
- It can grant access to multiple company resources at once.
- It streamlines the authentication process.
- It requires more than one form of identification before granting access to a system.
- It is faster when authenticating users.
- A shipping company imports and exports materials around the world. Their business operations include purchasing goods from suppliers, receiving shipments, and distributing goods to retailers. How should the shipping company protect their assets under the principle of separation of duties? Select two answers.
- Have one employee file purchase orders
- Have one employee select goods and submit payments
- Have one employee receive shipments and distribute goods
- Have one employee approve purchase orders
- Fill in the blank: ____ is the technology used to establish a user’s request to access a server.
- Basic auth
- API tokens
- OAuth
- Digital certificates
- Which of the following are reasons why accounting in security is such an important function of effective access controls? Select two answers.
- Identify ways to improve business operations.
- Detect session hijacking incidents.
- Uncover threat actors who have accessed a system.
- Record user activity for marketing purposes.
Which security controls are used in public key infrastructure? Select three answers.
-
- Multi-factor authentication
- Digital certificates
- Symmetric encryption
- Asymmetric encryption
Shuffle Q/A
- What is the primary purpose of hash functions?
- To store data in the cloud
- To determine data integrity
- To decrypt sensitive data
- To make data quickly available
- Which of the following steps are part of the public key infrastructure process? Select two answers.
- Exchange of public and private keys
- Transfer hash digests
- Establish trust using digital certificates
- Exchange of encrypted information
- What factors do authentication systems use to verify a user’s identity? Select three answers.
- Accounting
- Knowledge
- Ownership
- Characteristic
- What are some disadvantages of using single sign-on (SSO) technology for user authentication? Select two.
- Username and password management is more complicated for the end users.
- Customers, vendors, and business partners are less vulnerable to attack.
- Stolen credentials can give attackers access to multiple resources.
- Access to all connected resources stops when SSO is down.
- A business has one person who receives money from customers at the register. At the end of the day, another person counts that money that was received against the items sold and deposits it. Which security principles are being implemented into business operations? Select two answers.
- Multi-factor authentication
- Separation of duties
- Single sign-on
- Least privilege
- What types of user information does an API token contain? Select two answers.
- A user’s secret key
- A user’s site permissions
- A user’s password
- A user’s identity
- Which type of encryption is generally slower because the algorithms generate a pair of encryption keys?
- Asymmetric
- Rivest–Shamir–Adleman (RSA)
- Data encryption standard (DES)
- Symmetric
- The main responsibility of a receptionist at a healthcare company is to check-in visitors upon arrival. When visitors check-in, which kinds of information should the receptionist be able to access to complete their task? Select two answers.
- The patient being visited
- Their billing information
- Their medical history
- A photo ID
- A customer of an online retailer has complained that their account contains an unauthorized purchase. You investigate the incident by reviewing the retailer’s access logs. What are some components of the user’s session that you might review? Select two answers.
- Session certificate
- Session algorithm
- Session cookie
- Session ID
- What is the purpose of security controls?
- Create policies and procedures
- Encrypt information for privacy
- Establish incident response systems
- Reduce specific security risks
What do symmetric encryption algorithms use to encrypt and decrypt information?
- A digital certificate
- A public and private key pair
- A hash value
- A single secret key
- A paid subscriber of a news website has access to exclusive content. As a data owner, what should the subscriber be authorized to do with their account? Select three answers.
- Stop their subscription
- Review their username and password
- Edit articles on the website
- Update their payment details
- What are common authorization tools that are designed with the principle of least privilege and separation of duties in mind? Select three answers.
- API Tokens
- SHA256
- Basic auth
- OAuth
- What is the practice of monitoring the access logs of a system?
- Auditing
- Authentication
- Accounting
- Authorization
Week 3
- Which of the following are steps in the vulnerability management process. Select two answers.
- Identify vulnerabilities
- Catalog organizational assets
- Assign a CVE® ID
- Prepare defenses against threats
- An organization is attacked by a vulnerability that was previously unknown. What is this exploit an example of?
- A cipher
- An asset
- A zero-day
- A perimeter layer
- Which layer of the defense in depth strategy is a user authentication layer that mainly filters external access?
- Endpoint
- Data
- Network
- Perimeter
- A security researcher reports a new vulnerability to the CVE® list. Which of the following criteria must the vulnerability meet before it receives a CVE® ID? Select two answers.
- It must affect multiple applications.
- The submission must have supporting evidence.
- The vulnerability must be unknown to the developer.
- It must be independently fixable.
Test your knowledge: Identify system vulnerabilities
- Fill in the blank: A vulnerability ____ refers to the internal review process of an organization’s security systems.
- assessment
- scoring
- patch
- scanner
- What are the goals of a vulnerability assessment? Select two answers.
- To reduce overall threat exposure
- To detect network traffic
- To audit regulatory compliance
- To identify existing weaknesses
- Which of the following remediation examples might be implemented after a vulnerability scan? Select two answers.
- Training employees to follow new security procedures
- Identifying misconfigurations in an application
- Locating vulnerabilities in workstations
- Installing software updates and patches
- What are two types of vulnerability scans? Select two answers.
- Patch or upgrade
- Authenticated or unauthenticated
- Limited or comprehensive
- Risk or threat
Test your knowledge: Cyber attacker mindset
- What is the difference between an attack vector and an attack surface?
- An attack surface refers to all the weaknesses of an asset that can be attacked; an attack vector refers to an outdated and vulnerable network.
- An attack vector refers to the pathways attackers use to penetrate security defenses; an attack surface refers to all the vulnerabilities of an asset that can be exploited.
- An attack surface refers to the specific pathway of exploiting a weakness; an attack vector refers to all the weaknesses of an asset that can be exploited.
- An attack surface refers to the specific method of attack; an attack vector refers to an outdated and vulnerable network.
- What are examples of security hardening? Select three answers.
- Restarting a crashed application
- Hashing all user passwords
- Keeping systems patched and updated
- Disabling inactive network ports
- Which steps are applied when using an attacker mindset? Select three answers.
- Evaluate a target’s attack vectors
- Identify a target
- Stay in communication with a target
- Determine how a target can be accessed
- How can businesses reduce the number of attack vectors they must defend? Select three answers.
- By educating users so they can participate in preventing attacks
- By totally restricting information from being shared
- By controlling access and authorization to assets
- By implementing security controls that protect information
Weekly challenge 3
- Consider the following scenario:
A cloud service provider has misconfigured a cloud drive. They’ve forgotten to change the default sharing permissions. This allows all of their customers to access any data that is stored on the drive.
This misconfigured cloud drive is an example of what?
- A threat
- An exploit
- A security control
- A vulnerability
- Fill in the blank: The five layers of the defense in depth model are: perimeter, network, endpoint, application, and _____.
- session
- transport
- physical
- data
- What is the difference between the application and data layers of the defense in depth model?
- The application layer authorizes users who have access to perform a duty. The data layer maintains the integrity of information with controls like encryption and hashing.
- The data layer includes controls like encryption and hashing to secure data at rest. The application layer authorizes users who have access to perform a duty.
- The application layer secures information with controls that are programmed into the application itself. The data layer maintains the integrity of information with controls like encryption and hashing.
- The data layer authenticates users to only allow access to trusted parties. The application layer secures information with controls that are programmed into the application itself.
- What is the main purpose of the CVE® list?
- To create a dictionary of threats to organizational assets that must be addressed
- To share a standard way of identifying and categorizing known vulnerabilities and exposures
- To keep a record of the coding mistakes of major software developers
- To collect information on vulnerabilities and exposures performed by independent researchers
- A security team is preparing new workstations that will be installed in an office.
Which vulnerability management steps should they take to prepare these workstations? Select three answers.
- Download the latest patches and updates for each system.
- Install a suite of collaboration tools on each workstation.
- Consider who will be using each computer.
- Configure the company firewall to allow network access.
- A security team is conducting a periodic vulnerability assessment on their security procedures. Their objective is to review gaps in their current procedures that could lead to a data breach. After identifying and analyzing current procedures, the team conducts a risk assessment.
What is the purpose of performing a risk assessment?
- To adjust current security procedures
- To score vulnerabilities based on their severity and impact
- To simulate attacks that could be performed against each vulnerability
- To fix vulnerabilities that have been identified
- Fill in the blank: All the potential vulnerabilities that a threat actor could exploit is called an attack _____.
- database
- vector
- surface
- network
- An online newspaper suffered a data breach. The attackers exploited a vulnerability in the login form of their website. The attackers were able to access the newspaper’s user database, which did not encrypt personally identifiable information (PII).
What attack vectors did the malicious hackers use to steal user information? Select two answers.
- The online login form
- The unencrypted PII
- The newspaper’s website
- The user database
- A security team is performing a vulnerability assessment on a banking app that is about to be released. Their objective is to identify the tools and methods that an attacker might use.
Which steps of an attacker mindset should the team perform to figure this out? Select three answers.
- Consider potential threat actors.
- Identify a target.
- Evaluate attack vectors that can be exploited.
- Determine how the target can be accessed.
- Consider the following scenario:
You are working as a security professional for a school district. An application developer with the school district created an app that connects students to educational resources. You’ve been assigned to evaluate the security of the app.
Using an attacker mindset, which of the following steps would you take to evaluate the application? Select two answers.
- Integrate the app with existing educational resources.
- Identify the types of users who will interact with the app.
- Ensure the app’s login form works.
- Evaluate how the app handles user data.
Shuffle Q/A
- An application has broken access controls that fail to restrict any user from creating new accounts. This allows anyone to add new accounts with full admin privileges.
The application’s broken access controls are an example of what?
- A vulnerability
- An exploit
- A threat
- A security control
- Which of the following layers do not provide protection for information that users provide? Select two answers.
- The perimeter layer
- The network layer
- The data layer
- The application layer
- Which layer of the defense in depth model is a user authentication layer that can include usernames and passwords?
- Perimeter
- Network
- Endpoint
- Application
- Which of the following are characteristics of the vulnerability management process? Select two answers.
- Vulnerability management is a way to discover new assets.
- Vulnerability management is a way to limit security risks.
- Vulnerability management should consider various perspectives.
- Vulnerability management should be a one-time process.
- What are the two types of attack surfaces that security professionals defend? Select two answers.
- Digital
- Physical
- Intellectual property
- Brand reputation
- A project manager at a utility company receives a suspicious email that contains a file attachment. They open the attachment and it installs malicious software on their laptop.
What are the attack vectors used in this situation? Select two answers.
- The suspicious email
- The infected workstation
- The malicious software
- The file attachment
- What is not a step of practicing an attacker mindset?
- Evaluate attack vectors that can be exploited.
- Determine how a target can be accessed.
- Identify ways to fix existing vulnerabilities.
- Find the tools and methods of attack.
- A hotel chain has outdated WiFi routers in their guest rooms. An attacker hacked into the devices and stole sensitive information from several guests.
The outdated WiFi router is an example of what?
- An exploit
- A vulnerability
- A threat
- An access control
- Which layer of the defense in depth model relates to user devices that have accessed a network?
- Endpoint
- Application
- Perimeter
- Data
- Which of the following are criteria that a vulnerability must meet to qualify for a CVE® ID? Select all that apply.
- It can only affect one codebase.
- It must be submitted with supporting evidence.
- It must be independent of other issues.
- It must be recognized as a potential security risk.
- It must pose a financial risk.
- Which of the following are reasons that security teams practice an attacker mindset? Select three answers.
- To identify attack vectors
- To exploit flaws in an application’s codebase
- To uncover vulnerabilities that should be monitored
- To find insights into the best security controls to use
- Fill in the blank: According to the CVE® list, a vulnerability with a score of _____ or above is considered to be a critical risk to company assets that should be addressed right away.
- 11
- 1
- 9
- 4
- You are tasked with performing a vulnerability assessment of an onsite server. After scanning the server, you discover that its operating system is missing several new updates.
What are two steps that you might take next to complete the vulnerability assessment? Select two answers.
- Investigate critical system updates that are available.
- Scan the millions of devices that connect to the server
- Perform a risk assessment of the old operating system.
- Deactivate the server because its operating system is outdated
Which of the following are types of attack surfaces? Select three answers.
- Cloud servers
- Network routers
- Computer workstations
- Malicious software
Fill in the blank: An attack _____ refers to the pathways attackers use to penetrate security defenses.
-
- surface
- vector
- landscape
- vulnerability
What are ways to protect an organization from common attack vectors? Select three answers.
-
- By not practicing an attacker mindset
- By keeping software and systems updated
- By implementing effective password policies
- By educating employees about security vulnerabilities
Week 4
- Fill in the blank: _____ is the use of digital communications to trick people into revealing sensitive data or deploying malicious software.
- Whaling
- Baiting
- Phishing
- Quid pro quo
- What type of phishing uses electronic voice communications to obtain sensitive information or to impersonate a known source?
- Tailgating
- Angler phishing
- Smishing
- Vishing
- Fill in the blank: The stages of a social engineering attack include to prepare, establish trust, use persuasion tactics, and ____.
- disconnect from the target
- evaluate defenses
- spread awareness with others
- stay informed of security trends
- Phishing kits typically contain which of the following tools to help attackers avoid detection? Select three answers.
- Fraudulent web links
- Malicious attachments
- Email filters
- Fake data-collection forms
Test your knowledge: Malware
- Which of the following are types of malware? Select two answers.
- Spyware
- Dictionary attacks
- Viruses
- Credential stuffing
- Fill in the blank: ____ are malware that automatically duplicate and spread themselves across systems.
- Botnets
- Trojans
- Rootkits
- Worms
- What is it called when someone’s computing resources are illegally hijacked to mine cryptocurrencies?
- Cryptojacking
- Rootkit
- Trojan horse
- Spyware
- Which of the following are common signs of a malware infection? Select three answers.
- Files are suddenly encrypted
- Increased CPU usage
- Unusual system crashes
- Slowdowns in performance
Test your knowledge: Web-based exploits
- Fill in the blank: _____ are malicious code or behaviors that are used to take advantage of coding flaws in a web application.
- Spear phishing
- Web-based exploits
- Command-line interface
- Social engineering
- Cross-site scripting (XSS) attacks are often delivered by exploiting which of the following languages? Select two answers.
- SQL
- JavaScript
- Python
- HTML
- What server-side code can be used to defend against SQL injection attacks?
- Prepared statement
- Injection attack
- Input validation
- Phishing kit
- What are two examples of when SQL injections can take place?
- When using the login form to access a site
- When a malicious script exists in the webpage a browser loads
- When a malicious script is injected directly on the server
- When a user enters their credentials
- In a SQL injection attack, malicious hackers attempt to obtain which of the following? Select two answers.
- Exploiting languages
- Gain administrative rights
- Sensitive information
- Categorize the environment
Weekly challenge 4
- Which of the following could be examples of social engineering attacks? Select three answers.
- An unfamiliar employee asking you to hold the door open to a restricted area
- An email urgently asking you to send money to help a friend who is stuck in a foreign country
- A lost record of important customer information
- A pop-up advertisement promising a large cash reward in return for sensitive information
- What is the main difference between a vishing attack and a smishing attack?
- Vishing makes use of voice calls to trick targets.
- Vishing involves a widespread email campaign to steal information.
- Vishing is used to target executives at an organization.
- Vishing exploits social media posts to identify targets.
- A digital artist receives a free version of professional editing software online that has been infected with malware. After installing the program, their computer begins to freeze and crash repeatedly.
The malware hidden in this editing software is an example of which type of malware?
- scareware
- spyware
- trojan
- adware
- What are the characteristics of a ransomware attack? Select three answers.
- Attackers demand payment to restore access to a device.
- Attackers make themselves known to their targets.
- Attackers encrypt data on the device without the user’s permission.
- Attackers display unwanted advertisements on the device.
- Fill in the blank: Cryptojacking is a type of malware that uses someone’s device to _____ cryptocurrencies.
- mine
- collect
- invest
- earn
- Security researchers inserted malicious code into the web-applications of various organizations. This allowed them to obtain the personally identifiable information (PII) of various users across multiple databases.
What type of attack did the researchers perform?
- Malware
- Social engineering
- Ransomware
- Injection
- An attacker sends a malicious link to subscribers of a sports news site. If someone clicks the link, a malicious script is sent to the site’s server and activated during the server’s response.
This is an example of what type of injection attack?
- DOM-based
- SQL injection
- Reflected
- Stored
- What is one way to prevent SQL injection?
- Having well-written code
- Excluding prepared statements
- Including application design flaws
- Downloading malicious apps
- What should security teams do after identifying threats, according to the threat modeling process? Select two answers.
- Identify who might perform an attack and how
- Examine existing protections and identify gaps
- Consider how users interact with an environment
- Determine mitigation strategies
- During which stage of the PASTA framework is an attack tree created?
- Decomposing an application
- Vulnerability analysis
- Threat analysis
- Attack modeling
Shuffle Q/A
- Fill in the blank: The four stages of a social engineering attack are to prepare, _____, use persuasion tactics, and disconnect from the target.
- impersonate a relative
- distribute malicious email
- establish trust
- obtain access credentials
- Fill in the blank: _____ uses text messages to manipulate targets into sharing sensitive information.
- Smishing
- Whaling
- Vishing
- Pretexting
- Which of the following are not types of malware? Select two answers.
- Worm
- SQL injection
- Cross-site scripting
- Virus
- A member of a government agency is tricked into installing a virus on their workstation. The virus gave a criminal group access to confidential information. The attackers threaten to leak the agency’s data to the public unless they pay $31,337.
What type of attack is this an example of?
- Ransomware
- Cross-site scripting
- Cryptojacking
- Scareware
- What is malicious code that is inserted into a vulnerable application called?
- Input validation
- Cryptojacking
- Social engineering
- Injection attack
- An attacker injected malware on a server. When a user visits a website hosted by the server, their device gets infected with the malware.
This is an example of what type of injection attack?
- Brute force
- DOM-based
- Stored
- Reflected
- Which of the following are areas of a website that are vulnerable to SQL injection? Select two answers.
- Social media feeds
- Pop-up advertisements
- Credit card payment forms
- User login pages
- A security team is conducting a threat model on a new software system. They are determining whether risks can be transferred, reduced, or accepted.
Which key step of a threat model does this scenario represent?
- Evaluate findings
- Analyze threats
- Define the scope
- Mitigate risks
- What discoveries are made while decomposing an application during a PASTA threat model? Select two answers.
- The types of threats that can be used to compromise data
- Which vulnerabilities can put data at risk
- How data travels from users to an organization’s database
- Which controls are in place to protect data along the way
- What is the most common form of social engineering used by attackers?
- Ransomware
- Malware
- Phishing
- Adware
- Which of the following are common signs that a computer is infected with cryptojacking software? Select three answers.
- Increased CPU usage
- Sudden system crashes
- Unusually high electricity costs
- Modified or deleted files
- A hacktivist group gained access to the website of a utility company. The group bypassed the site’s login page by inserting malicious code that granted them access to customer accounts to clear their debts.
What type of attack did the hacktivist group perform?
- Spyware
- Watering hole
- Quid pro quo
- Injection
- Which stage of the PASTA framework is related to identifying the application components that must be evaluated?
- Perform a vulnerability analysis
- Decompose the application
- Define the technical scope
- Conduct attack modeling
- A threat actor tricked a new employee into sharing information about a senior executive over the phone.
This is an example of what kind of attack?
- Malware
- Social engineering
- Pretexting
- Phishing
Course 6 – Sound the Alarm: Detection and Response
Week 1
- The first phase of the NIST Incident Response Lifecycle is Preparation. What are the other phases? Select three answers.
- Identify
- Post-Incident Activity
- Detection and Analysis
- Containment, Eradication, and Recovery
- What type of process is the NIST Incident Response Lifecycle?
- Linear
- Phased
- Observable
- Cyclical
- Fill in the blank: An _____ is an observable occurrence on a network, system, or device.
- analysis
- incident
- event
- investigation
- A security professional investigates an incident. Their goal is to gain information about the 5 W’s, which include what happened and why. What are the other W’s? Select three answers.
- Which type of incident it was
- Who triggered the incident
- Where the incident took place
- When the incident took place
Test your knowledge: Incident response operations
- What are the goals of a computer security incident response team (CSIRT)? Select three answers.
- To provide services and resources for response and recovery
- To manage incidents
- To handle the public disclosure of an incident
- To prevent future incidents from occurring
- Which document outlines the procedures to follow after an organization experiences a ransomware attack?
- A network diagram
- A contact list
- A security policy
- An incident response plan
- Fill in the blank: The job of _____ is to investigate alerts and determine whether an incident has occurred.
- technical leads
- security analysts
- incident coordinators
- public relations representative
- Which member of a CSIRT is responsible for tracking and managing the activities of all teams involved in the response process?
- Technical lead
- Incident coordinator
- Public relations representative
- Security analyst
Test your knowledge: Detection and documentation tools
- What are some examples of types of documentation? Select three answers.
- Final reports
- Word processors
- Policies
- Playbooks
- Fill in the blank: Ticketing systems such as _____ can be used to document and track incidents.
- Cameras
- Evernote
- Jira
- Excel
- What application monitors system activity, then produces alerts about possible intrusions?
- Intrusion detection system
- Playbook
- Product manual
- Word processor
- What actions does an intrusion prevention system (IPS) perform? Select three answers.
- Detect abnormal activity
- Stop intrusive activity
- Monitor activity
- Manage security incidents
Weekly challenge 1
- Which of the following is an example of a security incident?
- Multiple unauthorized transfers of sensitive documents to an external system.
- A company’s experiences increased traffic volumes on their website because of a new product release.
- An extreme weather event causes a network outage.
- An authorized user emails a file to a customer.
- What is the NIST Incident Response Lifecycle?
- The method of closing an investigation
- A framework that provides a blueprint for effective incident response
- A system that only includes regulatory standards and guidelines
- The process used to document events
- Which of the following are phases of the NIST Incident Response Lifecycle? Select three answers.
- Containment, Eradication, and Recovery
- Preparation
- Detection and Analysis
- Protection
- What are some roles included in a computer security incident response team (CSIRT)? Select three answers.
- Security analyst
- Incident coordinator
- Technical lead
- Incident manager
- What is an incident response plan?
- A document that outlines the procedures to take in each step of incident response
- A document that outlines a security team’s contact information
- A document that details system information
- A document that contains policies, standards, and procedures
- A cybersecurity analyst receives an alert about a potential security incident. Which type of tool should they use to examine the alert’s evidence in greater detail?
- A recovery tool
- A documentation tool
- An investigative tool
- A detection tool
- Which of the following methods can a security analyst use to create effective documentation? Select two answers.
- Provide clear and concise explanations of concepts and processes.
- Write documentation in a way that reduces confusion.
- Provide documentation in a paper-based format.
- Write documentation using technical language.
- What is the difference between an intrusion detection system (IDS) and an intrusion prevention system (IPS)?
- An IDS stops intrusive activity whereas an IPS monitors system activity and alerts on intrusive activity.
- An IDS monitors system activity and alerts on intrusive activity whereas an IPS stops intrusive activity.
- An IDS automates response and an IPS generates alerts.
- An IDS and an IPS both have the same capabilities.
- What is an example of a workflow that can be automated through security orchestration, automation, and response (SOAR)?
- The creation of raw log data
- The analysis and response to a security incident
- The creation of potential threats
- The analysis of a centralized platform
- Fill in the blank: During the _____ step of the SIEM process, the collected raw data is transformed to create log record consistency.
- data analysis
- data collection
- data aggregation
- data normalization
Shuffle Q/A
- Which step does the NIST Incident Response Lifecycle begin with?
- Post-Incident Activity
- Preparation
- Detection and Analysis
- Containment, Eradication and Recovery
- What is a computer security incident response team (CSIRT)?
- A specialized group of security professionals who focus on incident prevention
- A specialized group of security professionals who are solely dedicated to crisis management
- A specialized group of security professionals who are trained in incident management and response
- A specialized group of security professionals who work in isolation from other departments
- Fill in the blank: Incident response plans outline the _____ to take in each step of incident response.
- policies
- exercises
- instructions
- procedures
- Which of the following best describes how security analysts use security tools?
- They only use detection and management tools during incident investigations.
- They only use documentation tools for incident response tasks.
- They use a combination of different tools for various tasks.
- They only use a single tool to monitor, detect, and analyze events.
- What are the qualities of effective documentation? Select three answers.
- Consistent
- Clear
- Accurate
- Brief
- Fill in the blank: An intrusion prevention system (IPS) monitors systems and _____ intrusive activity.
- stops
- reports
- pauses
- detects
- What happens during the data collection and aggregation step of the SIEM process? Select two answers.
- Data is analyzed according to rules.
- Data is collected from different sources.
- Data is centralized in one place.
- Data is cleaned and transformed.
- Which of the following statements describe security incidents and events?
- All security incidents are events, but not all events are security incidents.
- Security incidents and events are the same.
- Security incidents and events are unrelated.
- All events are security incidents, but not all security incidents are events.
- A security team uses the NIST Incident Response Lifecycle to support incident response operations. How should they follow the steps to use the approach most effectively?
-
- Only use each step once.
- Complete the steps in any order.
- Skip irrelevant steps.
- Overlap the steps as needed.
- Fill in the blank: A specialized group of security professionals who are trained in incident management and response is a _____.
- computer security incident response team
- forensic investigation team
- threat hunter group
- risk assessment group
- A cybersecurity professional is setting up a new security information and event management (SIEM) tool for their organization and begins identifying data sources for log ingestion. Which step of the SIEM does this scenario describe?
- Aggregate data
- Analyze data
- Collect data
- Normalize data
- Which of the following is an example of a security incident?
- An unauthorized user successfully changes the password of an account that does not belong to them.
- An authorized user successfully logs in to an account using their credentials and multi-factor authentication.
- A user installs a device on their computer that is allowed by an organization’s policy.
- A software bug causes an application to crash.
- What are investigative tools used for?
- Managing alerts
- Documenting incidents
- Monitoring activity
- Analyzing events
What are examples of tools used for documentation? Select two answers.
- Cameras
- Final reports
- Playbooks
- Audio recorders
Fill in the blank: An intrusion detection system (IDS) _____ system activity and alerts on possible intrusions.
- monitors
- manages
- protects
- analyzes
Week 2
- How do indicators of compromise (IoCs) help security analysts detect network traffic abnormalities?
- They define the attacker’s intentions.
- They provide a way to identify an attack.
- They capture network activity.
- They confirm that a security incident happened.
- Fill in the blank: Data _____ is the term for unauthorized transmission of data from a system.
- pivoting
- exfiltration
- infiltration
- network traffic
- An attacker has infiltrated a network. Next, they spend time exploring it in order to expand and maintain their access. They look for valuable assets such as proprietary code and financial records. What does this scenario describe?
- Large internal file transfer
- Phishing
- Lateral movement
- Network data
- What can security professionals use network traffic analysis for? Select three answers.
- To understand network traffic patterns
- To identify malicious activity
- To secure critical assets
- To monitor network activity
Test your knowledge: Capture and view network traffic
- Which component of a packet contains the actual data that is intended to be sent to its destination?
- Protocol
- Header
- Payload
- Footer
- Fill in the blank: A _____ is a file that contains data packets that have been intercepted from an interface or a network.
- packet capture
- network protocol analyzer
- network statistic
- protocol
- Which field of an IP header is used to identify whether IPv4 or IPv6 is used?
- Type of Service
- Options
- Flags
- Version
- Which network protocol analyzer is accessed through a graphical user interface?
- TShark
- Wireshark
- tcpdump
- Libpcap
Test your knowledge: Packet inspection
- Which tcpdump option is used to specify the network interface?
- -n
- -i
- -v
- -c
- What is needed to access the tcpdump network protocol analyzer?
- Command-line interface
- Packet capture
- Output
- Graphical user interface
- What is the first field found in the output of a tcpdump command?
- Version
- Timestamp
- Protocol
- Source IP
- You are using tcpdump to capture network traffic on your local computer. You would like to save the network traffic to a packet capture file for later analysis. Which tcpdump option should you use?
- -c
- -r
- -w
- -v
Weekly challenge 2
- Fill in the blank: _____ describes the amount of data that moves across a network.
- Traffic flow
- Data exfiltration
- Network traffic
- Network data
- What tactic do malicious actors use to maintain and expand unauthorized access into a network?
- Exfiltration
- Phishing
- Data size reduction
- Lateral movement
- Which packet component contains protocol information?
- Payload
- Footer
- Route
- Header
- Do packet capture files provide detailed snapshots of network communications?
- Yes. Packet capture files provide information about network data packets that were intercepted from a network interface.
- No. Packet capture files do not contain detailed information about network data packets.
- Maybe. The amount of detailed information packet captures contain depends on the type of network interface that is used.
- How do network protocol analyzers help security analysts analyze network communications? Select two answers.
- They take action to improve network performance.
- They provide the ability to filter and sort packet capture information to find relevant information.
- They take action to block network intrusions.
- They provide the ability to collect network communications.
- Which protocol is considered the foundation for all internet communications?
- UDP
- IPv4
- TCP
- HTTP
- What is used to determine whether errors have occurred in the IPv4 header?
- Flags
- Protocol
- Checksum
- Header
- What is the process of breaking down packets known as?
- Fragment Offset
- Fragmentation
- Flags
- Checksum
- Which tcpdump command outputs detailed packet information?
- sudo tcpdump -v any -i
- sudo tcpdump -i any -v
- sudo tcpdump -i any -c 100
- sudo tcpdump -i any -n
- Examine the following tcpdump output:
22:00:19.538395 IP (tos 0x10, ttl 64, id 33842, offset 0, flags [P], proto TCP (6), length 196) 198.168.105.1.41012 > 198.111.123.1.61012: Flags [P.], cksum 0x50af (correct), seq 169, ack 187, win 501, length 42
What is the source IP address?
- 22:00:19.538395
- 198.111.123.1
- 198.168.105.1
- 41012
Shuffle Q/A
- Why is network traffic monitoring important in cybersecurity? Select two answers.
- It provides a method of classifying critical assets.
- It helps detect network intrusions and attacks
- It helps identify deviations from expected traffic flows.
- It provides a method to encrypt communications.
- What information do packet headers contain? Select three answers.
- Protocols
- Payload data
- IP addresses
- Ports
- Fill in the blank: Network protocol analyzers can save network communications into files known as a _____.
- protocol
- packet capture
- payload
- network packet
- Which layer of the TCP/IP model does the Internet Protocol (IP) operate on?
- Internet
- Application
- Transport
- Network Access
- Examine the following tcpdump output:
22:00:19.538395 IP (tos 0x10, ttl 64, id 33842, offset 0, flags [P], proto TCP (6), length 196) 198.168.105.1.41012 > 198.111.123.1.61012: Flags [P.], cksum 0x50af (correct), seq 169, ack 187, win 501, length 42
Which protocols are being used? Select two answers.
- TOS
- UDP
- IP
- TCP
- What are some defensive measures that can be used to protect against data exfiltration? Select two answers.
- Utilize lateral movement
- Monitor network activity
- Deploy multi-factor authentication
- Reduce file sizes
Fill in the blank: The transmission of data between devices on a network is governed by a set of standards known as _____.
-
- headers
- ports
- payloads
- protocols
- Network protocol analyzer tools are available to be used with which of the following? Select two answers.
- Network interface card
- Internet protocol
- Graphical user interface
- Command-line interface
- Which IPv4 header fields involve fragmentation? Select three answers.
- Flags
- Identification
- Type of Service
- Fragment Offset
- Which tcpdump option is used to specify the capture of 5 packets?
- -v 5
- -i 5
- -c 5
- -n 5
- Examine the following tcpdump output:
22:00:19.538395 IP (tos 0x10, ttl 64, id 33842, offset 0, flags [P], proto TCP (6), length 196) 198.168.105.1.41012 > 198.111.123.1.61012: Flags [P.], cksum 0x50af (correct), seq 169, ack 187, win 501, length 42
What is the value of the Type of Service field?
- 0x10
- 6
- 501
- 0x50af
- What type of attack involves the unauthorized transmission of data from a system?
- Data leak
- Data exfiltration
- Packet classification
- Packet crafting
- Which of the following behaviors may suggest an ongoing data exfiltration attack? Select two answers.
- Outbound network traffic to an unauthorized file hosting service
- Unexpected modifications to files containing sensitive data
- Multiple successful multi-factor authentication logins
- Network performance issues
- Fill in the blank: tcpdump is a network protocol analyzer that uses a(n) _____ interface.
- Linux
- command-line
- internet
- graphical user
- Which layer of the TCP/IP model is responsible for accepting and delivering packets in a network?
- Transport
- Internet
- Network Access
- Application
- Which IPv4 field determines how long a packet can travel before it gets dropped?
- Options
- Header Checksum
- Time to Live
- Type of Service
- How are IP headers valuable for security analysts during investigations?
- They provide the foundation for communications over the internet.
- They provide the ability to modify network communications.
- They provide insight into the details of network communications.
- They provide the ability to visualize network communications.
Week 3
- Do detection tools have limitations in their detection capabilities?
- Yes
- No
- Why do security analysts refine alert rules? Select two answers.
- To increase alert volumes
- To reduce false positive alerts
- To create threat intelligence
- To improve the accuracy of detection technologies
- Fill in the blank: _____ involves the investigation and validation of alerts.
- Honeypot
- Detection
- Analysis
- Threat hunting
- What are some causes of high alert volumes? Select two answers.
- Refined detection rules
- Broad detection rules
- Misconfigured alert settings
- Sophisticated evasion techniques
Test your knowledge: Response and recovery
- A security analyst in a security operations center (SOC) receives an alert. The alert ticket describes the detection of the download of a possible malware file on an employee’s computer. Which step of the triage process does this scenario describe?
- Receive and assess
- Add context
- Collect and analyze
- Assign priority
- What is triage?
- The prioritizing of incidents according to their level of importance or urgency
- A document that outlines the procedures to sustain business operations during and after a significant disruption
- The ability to prepare for, respond to, and recover from disruptions
- The process of returning affected systems back to normal operations
- Fill in the blank: _____ is the act of limiting and preventing additional damage caused by an incident.
- Eradication
- Resilience
- Containment
- Recovery
- Which examples describe actions related to the eradication of an incident? Select two answers.
- Apply a patch
- Complete a vulnerability scan
- Investigate logs to verify the incident
- Develop a business continuity plan
Activity: Review a final report
- What type of security incident was the organization affected by?
- Ransomware
- Data theft
- Phishing
- Malware
- Which section of the report includes an explanation of the root cause of the incident?
- Investigation
- Recommendations
- Timeline
- Executive summary
- What did the attacker use to exploit the e-commerce web application vulnerability?
- Data breach
- Web server logs
- Forced browsing
- User error
- What recommendations did the organization implement to prevent future recurrences? Select two answers.
- Implemented access control mechanisms
- Paid the $50,000 payment request
- Provided identity protection services to the affected customers
- Implemented routine vulnerability scans
Weekly challenge 3
- A security analyst is investigating an alert involving a possible network intrusion. Which of the following tasks is the security analyst likely to perform as part of the Detection and Analysis phase of the incident response lifecycle? Select two answers.
- Identify the affected devices or systems.
- Implement a patch to fix the vulnerability.
- Collect and analyze the network logs to verify the alert.
- Isolate the affected machine from the network.
- What are the benefits of documentation during incident response? Select three answers.
- Quality
- Clarity
- Standardization
- Transparency
- An organization is working on implementing a new security tool, and a security analyst has been tasked with developing workflow documentation that outlines the process for using the tool. Which documentation benefit does this scenario outline?
-
- Transparency
- Clarity
- Quality
- Standardization
- Chain of custody documents establish proof of which of the following? Select two answers.
- Integrity
- Validation
- Quality
- Reliability
- Which of the following does a semi-automated playbook use? Select two.
- Threat intelligence
- Crowdsourcing
- Human intervention
- Automation
Which statement best describes the functionality of automated playbooks?
- They use a combination of flowcharts and manual input to execute tasks and response actions.
- They use automation to execute tasks and response actions.
- They require the use of human intervention to execute tasks.
- They require the combination of human intervention and automation to execute tasks.
- What are the steps of the triage process in the correct order?
- Receive and assess, assign priority, collect and analyze
- Assign priority, receive and assess, collect and analyze
- Collect and analyze, assign priority, receive and assess
- Receive and assess, collect and analyze, assign priority
- Fill in the blank: Containment is the act of limiting and _____ additional damage caused by an incident.
- eradicating
- removing
- preventing
- detecting
- Fill in the blank: Eradication is the complete _____ of all the incident elements from affected systems.
- removal
- prevention
- isolation
- disconnection
- Two weeks after an incident involving ransomware, the members of an organization want to review the incident in detail. Which of the following actions should be done during this review? Select all that apply.
- Determine how to improve future response processes and procedures.
- Determine the person to blame for the incident.
- Create a final report.
- Schedule a lessons learned meeting that includes all parties involved with the security incident.
- During a lessons learned meeting following an incident, a meeting participant wants to identify actions that the organization can take to prevent similar incidents from occurring in the future. Which section of the final report should they refer to for this information?
- Timeline
- Executive summary
- Detection
- Recommendations
Shuffle Q/A
- After a ransomware incident, an organization discovers their ransomware playbook needs improvements. A security analyst is tasked with changing the playbook documentation. Which documentation best practice does this scenario highlight?
- Be accurate
- Be concise
- Know your audience
- Update regularly
- A member of the forensics department of an organization receives a computer that requires examination. On which part of the chain of custody form should they sign their name and write the date?
- Description of the evidence
- Custody log
- Purpose of transfer
- Evidence movement
- A security analyst gets an alert involving a phishing attempt. Which step of the triage process does this scenario outline?
- Add context
- Receive and assess
- Assign priority
- Collect and analyze
- After a security incident involving an exploited vulnerability due to outdated software, a security analyst applies patch updates. Which of the following steps does this task relate to?
- Response
- Reimaging
- Prevention
- Eradication
- Which step of the NIST Incident Response Lifecycle involves returning affected systems back to normal operations?
- Recovery
- Containment
- Response
- Eradication
- What questions can be asked during a lessons learned meeting? Select three answers.
- What time did the incident happen?
- Which employee is to blame?
- What could have been done differently?
- What were the actions taken for recovery?
- In the NIST Incident Response Lifecycle, what is the term used to describe the prompt discovery of security events?
- Preparation
- Detection
- Validation
- Investigation
- In incident response, documentation provides an established set of guidelines that members of an organization can follow to complete a task. What documentation benefit does this provide?
- Reliability
- Integrity
- Standardization
- Transparency
- What are the steps of the third phase of the NIST Incident Response Lifecycle? Select three answers.
- Eradication
- Recovery
- Containment
- Response
Which of the following is an example of a recovery task?
-
- Applying a patch to address a server vulnerability
- Monitoring a network for intrusions
- Disconnecting an infected system from the network
- Reinstalling the operating system of a computer infected by malware
Fill in the blank: A lessons learned meeting should be held within ____ weeks of an incident.
- two
- three
- four
- five
Which documentation provides a comprehensive review of an incident?
-
- Timeline
- Final report
- Lessons learned meeting
- New technology
- An organization is completing its annual compliance audit. The people performing the audit have access to any relevant information, including records and documents. Which documentation benefit does this scenario outline?
- Consistency
- Organization
- Transparency
- Accuracy
What are examples of how transparent documentation can be useful? Select all that apply.
- Meeting cybersecurity insurance requirements
- Providing evidence for legal proceedings
-
- Defining an organization’s security posture
- Demonstrating compliance with regulatory requirements
- An analyst is responding to a distributed denial of service attack (DDoS). They take several manual steps outlined in the organization’s DDoS playbook. Which type of playbook did they use to respond to the incident?
- SOAR
- Semi-automated
- Non-automated
- Automated
Week 4
- What is the primary purpose of logs during incident investigation?
- To manage alert volumes
- To identify and diagnose system issues
- To improve user experience
- To provide a record of event details
- A security analyst wants to determine whether a suspicious login was successful. Which log type would be most useful for this purpose?
- Network
- Authentication
- System
- Firewall
- In the following log, what action does the log entry record?
[ALLOW: wikipedia.org] Source: 192.167.1.1 Friday, 10 June 2022 11:36:12
-
- 192.167.1.1
- Source
- Friday, 10 June 2022 11:36:12
- ALLOW
- Fill in the blank: _____ is the process of examining logs to identify events of interest.
- Log forwarder
- Log file
- Log analysis
- Logging
Test your knowledge: Log components and formats
- Examine the following authentication log:
[2022/12/20 08:20:38.921286] User nuhara logged in successfully
What type of information does this log contain? Select two answers.
- Event description
- Syslog
- Message ID
- Timestamp
- Which of the following capabilities can syslog be used for? Select three answers.
- Extension
- Log format
- Protocol
- Service
- What are examples of log formats? Select three answers.
- JavaScript Object Notation (JSON)
- Gramm-Leach-Bliley Act (GLBA)
- Common Event Format (CEF)
- eXtensible Markup Language (XML)
- Which log format uses tags to structure data?
- eXtensible Markup Language (XML)
- Verbose
- Comma Separated Values (CSV)
- Syslog
Test your knowledge: Overview of intrusion detection systems (IDS)
- A security analyst uses a network protocol analyzer to capture HTTP traffic to analyze patterns. What type of data are they using?
- Network telemetry
- Host-based
- False positive
- Signature-based
- Which statement accurately describes the difference between a network-based intrusion detection system (NIDS) and a host-based intrusion detection system (HIDS)?
- A NIDS is installed on a network; a HIDS is installed on individual devices.
- A NIDS uses signature analysis to detect threats; a HIDS uses agents.
- A NIDS is installed on individual devices; a HIDS is installed on a network.
- A NIDS only detects known threats; a HIDS detects unknown threats.
- Fill in the blank: The _____ component of an IDS signature includes network traffic information.
- action
- rule options
- header
- signature ID
- A security analyst creates a Suricata signature to identify and detect security threats based on the direction of network traffic. Which of the following rule options should they use?
- Content
- Message
- Flow
- Rev
Activity: Perform a query with Splunk
- How many events are contained in the main index across all time?
- Over 100,000
- 100-1,000
- 10,000
- 10-99
- Which field identifies the name of a network device or system from which an event originates?
- host
- sourcetype
- index
- source
- Which of the following hosts used by Buttercup Games contains log information relevant to financial transactions?
- www1
- vendor_sales
- www2
- www3
- How many failed SSH logins are there for the root account on the mail server?
- One
- None
- 100
- More than 100
Test your knowledge: Overview of SIEM tools
- Which special character can be used to substitute with any other character in Search Processing Language (SPL)?
- =
- !=
- |
- *
- Which of the following steps is part of the SIEM process for data collection? Select three answers.
- Collect and process data.
- SIEM tools index data to be made searchable.
- Normalize data so it is ready to read and analyze.
- Monitor activity and alerts related to intrusions.
- Fill in the blank: ____ is a computer language used to create rules for searching through ingested log data.
- EVE JSON
- YARA-L
- NIDS
- SIEM
- Which of the following is Splunk’s query language?
- UDM
- SPL
- SQL
- IDS
Weekly challenge 4
- What details do logs contain? Select all that apply.
- Location
- Date
- Forwarder
- Time
- What is the difference between a log and log analysis?
- A log records details in log files. Log analysis involves a high-level overview of all events that happen on the network.
- A log and log analysis both contain details of events, but they record details from different sources.
- A log contains log file details. Log analysis involves the collection and storage of logs.
- A log is a record of events that occur within an organization’s systems. Log analysis is the process of examining logs to identify events of interest.
- Examine the following log:
{
“name”: “System test”,
“host”: “167.155.183.139”,
“id”: 11111,
“Message”: [error] test,
}
Which log format is this log entry in?
- Syslog
- CSV
- XML
- JSON
- Consider the following scenario:
A security analyst at a midsized company is tasked with installing and configuring a host-based intrusion detection system (HIDS) on a laptop. The security analyst installs the HIDS and wants to test whether it is working properly by simulating malicious activity. The security analyst runs unauthorized programs on the laptop, which the HIDS successfully detects and alerts on.
What is the laptop an example of?
- An endpoint
- An agent
- A log forwarder
- A signature
- What information is included in a signature’s header? Select all that apply.
- IP address
- Port number
- Protocol
- Action
- Which symbol is used to indicate a comment and is ignored in a Suricata signature file?
- :
- >
- #
- $
- Which type of log data does Suricata generate? Select all that apply.
- Network telemetry
- Protocol
- Alert
- Signature
- Which type of Splunk query searches through unstructured log records?
- Reference search
- Raw log search
- Index search
- UDM search
- What is the default method of search in Chronicle?
- YARA-L
- Raw log
- Non-normalized
- UDM
- Fill in the blank: SIEM tools _____ raw data so that it is formatted consistently.
- process
- ingest
- normalize
- collect
Shuffle Q/A
- Which software is used to collect and send logs?
-
- IDS
- SIEM
- IPS
- Forwarder
- Examine the following log:
LoginEvent[2021/10/13 10:32:08.958711] auth_session_authenticator.cc:304 Regular user login 1
Which type of log is this?
- Location
- Application
- Network
- Authentication
- Fill in the blank: A syslog entry contains a header, _____, and a message.
- structured-data
- object
- tag
- eXtensible Markup Language
- Fill in the blank: _____ analysis is a detection method used to find events of interest using patterns.
- Endpoint
- Signature
- Network
- Host
- Which rule option is used to match based on the direction of network traffic?
- content
- sid
- flow
- message
- Which querying language does Splunk use?
- Structured Querying Language
- Search Processing Language
- Structured Processing Language
- SIEM Processing Language
Which step in the SIEM process involves the processing of raw data into a standardized and structured format?
- Normalize
- Index
- Process
- Collect
- Which Unified Data Model (UDM) field search specifies a security action?
- security_result.action
- block
- metadata.event_type
- action
- What are the steps in the SIEM process for data collection? Select all that apply.
- Index
- Normalize
- Collect
- Unify
- Which of the following refers to a record of events that occur within an organization’s systems?
- Logs
- Log sources
- Occurrences
- Log forwarder
- Examine the following log:
[2022/12/21 17:46:35.232748] NOTIFY: NetworkPropertiesUpdated: wifi_psk_13
Which type of log is this?
- Authentication
- Location
- Application
- Network
- Examine the following log:
<111>1 2020-04-12T23:20:50.52Z my.machine.com evntslog – ID01 [user@98274 iut=”2″ eventSource=”Mobile” eventID=”24″][Priority@98274 class=”low”] Computer A
What field value indicates the type of device that this event originated from?
- my.machine.com
- Computer A
- Mobile
- low
- What is the difference between a network-based intrusion detection system (NIDS) and a host-based intrusion detection system (HIDS)?
- A NIDS collects and monitors network traffic and network data. A HIDS monitors the activity of the host on which it is installed.
- Both NIDS and HIDS monitor systems and generate alerts, but a NIDS use agents.
- A NIDS monitors the activity of the host on which it is installed. A HIDS uses signature analysis to analyze network activity.
- A NIDS logs and generates alerts. A HIDS system monitors endpoint activity.
- Which rule option is used to indicate the number of times a signature is updated?
- tcp
- msg
- rev
- sid
- Fill in the blank: The asterisk symbol is also known as a(n) _____.
- label
- wildcard
- option
- Boolean operator
- Fill in the blank: Chronicle uses ______ to define detection rules.
- UDM
- YARA-L
- SQL
- SPL
- What is the difference between network telemetry and network alert logs?
-
- Network telemetry is output in EVE JSON format; network alert logs are output in HTML.
- Network telemetry is the output of a signature; network alert logs contain details about malicious activity.
- Network telemetry contains information about network traffic flows; network alert logs are the output of a signature.
- Both provide information that is relevant for security analysts, but network alert logs contain network connection details.
Course 7 – Automate Cybersecurity Tasks with Python
Week 1
- What tasks would a security analyst most likely automate with Python? Select three answers.
- Sorting through a log file
- Analyzing network traffic
- Addressing an unusual cybersecurity concern
- Managing an access control list
- What are some benefits of using Python in security? Select all that apply.
- Python reduces manual effort.
- Python helps automate short, simple tasks.
- Python is the only language that creates a specific set of instructions to execute tasks.
- Python can combine separate tasks into one workstream.
- Which of the following code blocks contains a valid Python comment?
- : This prints a “Try again” message
print(“Try again”)
- # This prints a “Try again” message
print(“Try again”)
- This prints a “Try again” message
print(“Try again”)
- comment: This prints a “Try again” message
print(“Try again”)
- Which line of code outputs the string “invalid username” to the screen?
- print(#invalid username#)
- print(“invalid username”)
- # print(“invalid username”)
- print(invalid username)
Test your knowledge: Core Python components
- Which of the following data items are float data? Select all that apply.
- -2.11
- 8
- 15.0
- “5.2”
- What code displays the data type of the variable username?
- username = [“elarson”, “bmoreno”, “tshah”]
data_type = type()
print(data_type)
- username = [“elarson”, “bmoreno”, “tshah”]
data_type = username
print(data_type)
- username = [“elarson”, “bmoreno”, “tshah”]
data_type = type(username)
print(data_type)
- username = [“elarson”, “bmoreno”, “tshah”]
type(username) = data_type
print(data_type)
- In the following code, what is the data type of login_success?
login_success = [“success”, “success”, “fail”, “success”]
- Integer
- String
- List
- Boolean
- What is the output of the following code?
failed_attempts = 3
failed_attempts = 4
print(failed_attempts)
- 3
- 7
- 4
- 3, 4
Test your knowledge: Conditional and iterative statements
- What will the following code display?
ip_address = “192.168.183.51”
if ip_address == “192.168.183.51”:
print(“You’re logged in.”)
else:
print(“Login failed, try again.”)
- “Login failed, try again.”
- “You’re logged in.”
- Both “You’re logged in.” and “Login failed, try again.”
- Nothing
- Which conditional statement prints the message “account locked” when the value of failed_logins is 3 or higher?
- if failed_login_count > 3:
print(“account locked”)
- if failed_login_count != 3:
print(“account locked”)
- if failed_logins >= 3:
print(“account locked”)
- if failed_login_count == 3:
print(“account locked”)
- Which code prints all numbers from 3 to 7?
- for i in range(3, 4, 5, 6, 7):
print(i)
- for i in range(8):
print(i)
- for i in range(3, 7):
print(i)
- for i in range(3, 8):
print(i)
- How many times does the following code print the “security alert” message?
count = 0
while count < 10:
print(“security alert”)
count = count + 1
- 5
- 0
- 9
- 10
Weekly challenge 1
- Fill in the blank: Automation is _____.
- the use of human and manual effort to reduce technological power consumption
- the use of technology to reduce human and manual effort to perform common and repetitive tasks
- the combination of technology and manual effort to complete a task
- the replacement of existing technology
- What is wrong with the following code?
for username in failed_login:
print(username)
- The line with for username in failed_login: is not indented.
- The first line should be split in two, and in failed_login: should be indented on the new line.
- The line with print(username) is not indented.
- Both lines are not indented.
- What data type requires quotation marks (” “)?
- Boolean
- String
- Float
- Integer
- Which line of Python code would create a Boolean value of True?
- print(“True”)
- print([“Boolean”])
- print(25<24)
- print(10<100)
- Which line of code assigns the string “dtanaka” to a variable called username?
- username = “dtanaka”
- “dtanaka” = username
- username(“dtanaka”)
- username = dtanaka
- What will this code do when you run it?
var2 = [“a”,”b”,”c”]
var2_type = type(var2)
print(var2_type)
- Indicate that var2 contains list data
- Change the data type of var2
- Output the characters “a”, “b”, and “c” to the screen
- Print the string “var2_type” to the screen
- You are checking whether the string stored in a device_id variable matches to the correct device ID, the string “15hgu3769”. When it matches, you want to print, “Login successful!”. Which conditional statement has the correct syntax needed to do this?
- if device_id == “15hgu3769”:
print(“Login successful!”)
- if “device_id” = “15hgu3769”
print(“Login successful!”)
- if “device_id == 15hgu3769”
print(“Login successful!”)
- if device_id != “15hgu3769”
print(“Login successful!”)
- Fill in the blank: An else statement _____.
- is required after every if statement
- executes when the condition in the if statement preceding it evaluates to False
- executes when the condition in the if statement preceding it evaluates to True
- contains its own unique condition
- What will this iterative statement do?
for i in [0, 5]:
print(i)
- Output the integer 0
- Output the integers 0, 1, 2, 3, and 4
- Output the integers 0 and 5
- Output the integers 0, 1, 2, 3, 4, and 5
- If you want to run a loop that repeats if a count variable is less than 50, what code should your loop header contain?
- while count < 50:
- while count == 50:
- print(50)
- count = count + 50
Shuffle Q/A
- Fill in the blank: If you use Python code to reduce the manual effort needed to manage an access control list, this is an example of _____.
- debugging
- reassignment
- automation
- data analysis
- The purpose of the following code is to print an “Attempting connection” message while the value of the count variable is less than 10. The value of count should increase by 1 with each iteration of the loop. What is wrong with the code? Select all that apply.
count = 1
while count < 10:
print(“Attempting connection”)
count = count + 1
- The line with print(“Attempting connection”) is not indented.
- The line with while count < 10: is not indented.
- The line with count = count + 1 is not indented.
- The line with count = 1 is not indented
- Fill in the blank: String data _____.
- must be placed in parentheses
- must be placed in brackets
- must be placed in quotation marks
- must include a decimal point
- Which data type always has a value of either True or False?
- Boolean
- Float
- List
- String
- How do you assign the string value “rtp3426” to a variable called device_id?
- device_id = “rtp3426”
- device_id = rtp3426
- device_id(rtp3426)
- device_id(“rtp3426”)
- Fill in the blank: If you ran the following code, the output would _____.
var1 = 9.5
var1_type = type(var1)
print(var1_type)
- indicate that var1 contains float data
- output 9.5 to the screen
- reassign var1 as string data
- reassign var1 as float data
- You wrote the following code:
if attempts >= 5:
print(“locked”)
else:
print(“try again”)
If the value in the attempts variable is 3, what will Python do?
- First output the message “try again” and then output the message “locked”
- Output the message “locked”
- Output the message “try again”
- First output the message “locked” and then output the message “try again”
- What iterative statement should you use if you want to print the numbers 1, 2, and 3?
- for i in [1,3]:
print(i)
- for i in range(1,3):
print(i)
- for i in range(0,3):
print(i)
- for i in [1, 2, 3]:
print(i)
- How many times will the following code print the “warning” message?
count = 1
while count < 5:
print(“warning”)
count = count + 1
- 5
- 1
- 4
- 0
- You are implementing security measures on a server. If a user has more than 3 failed login attempts, the program should print “locked out”. The number of failed login attempts is stored in a variable called failed_attempts. Which conditional statement has the correct syntax needed to do this?
- if failed_attempts >= 3
print(“locked out”)
- if failed_attempts <= 3:
print(“locked out”)
- if failed_attempts > 3:
print(“locked out”)
- if failed_attempts < 3
print(“locked out”)
- You have written the following code:
if operating_system == “OS 3”:
print(“Updates needed”)
You want to add to it so that it will print a “No updates needed” message whenever the value of operating_system is not “OS 3”. Which lines of code have the correct syntax to do this?
- else:
print(“No updates needed”)
- else
print(“No updates needed”)
- elif operating_system == “OS 3”:
print(“No updates needed”)
- else operating_system != “OS 3”:
print(“No updates needed”)
- In a cybersecurity setting, which of these tasks would it be common to apply Python to? Select all that apply.
- Automating several tasks from a playbook into one workstream
- Manually checking individual timestamps in a log
- Automating how a log is read when responding to an incident
- Reducing the effort needed to manage an access control list
- What is the syntax problem in the following code?
if username == “aestrada”:
print(“username found”)
- The first line should be indented one space, and the second line should be indented two spaces.
- The line with print(“username found”) is not indented.
- The line with if username == “aestrada”: is not indented.
- Both lines are not indented.
- What are the variables in the following code? Select all that apply.
username = “kcarter”
attempts = 5
print(username)
print(attempts)
print(“locked”)
- “kcarter”
- attempts
- username
- “locked”
- You want to check the string stored in an update_status variable. When it contains a value of “incomplete”, you want to print a “schedule update” message. Right now, this conditional statement is not correct. What are the problems with this conditional statement? Select all that apply.
if update_status != “incomplete”
print(“schedule update”)
- A colon (:) is missing at the end of the conditional header.
- The operator should not be !=. It should be ==.
- There should be quotation marks around the variable update_status.
- The line with print(“schedule update”) should not be indented.
- You want to print all even numbers between 0 and 10 (in other words, 0, 2, 4, 6, 8, and 10). What should your next line of code be?
count = 0
while count <= 10:
print(count)
- count = count + 1
- if count < 10:
- count = 1
- count = count + 2
Week 2
- In Python, what is a function?
- A section of code that contains a conditional
- A section of code that exists directly in Python
- A section of code that can be reused in a program
- A section of code that contains an iterative statement
- Which of the following keywords is essential when defining a function?
- while
- if
- def
- for
- You want to define a function that performs a status check. Which of the following is a valid header for the function definition?
- def status_check()
- def status_check
- def status_check:
- def status_check():
- You are responsible for defining a function alert() that prints out the statement “Security issue detected.” Which of the following blocks of code represent the correct indentation for defining and then calling the function?
Test your knowledge: Arguments, parameters, and return statements
Test your knowledge: Arguments, parameters, and return statements
- Fill in the blank: In the following code, the integers 5 and 12 are _____:
for i in range(5, 12):
print(i)
- functions
- parameters
- return statements
- arguments
- What is the correct way to define the function addition() if it requires the two parameters num1 and num2?
- def addition(num1 num2):
- def addition(num1 and num2):
- def addition(num1)(num2):
- def addition(num1, num2):
- Which of the following lines of code has correct syntax for printing the data type of the string “elarson”?
- print(type, “elarson”)
- print(type(“elarson”))
- type(print(“elarson”))
- print(“elarson”, type)
- Which function definition includes the correct syntax for returning the value of the result variable from the doubles() function?
- def doubles(num):
result = num * 2
return result - def doubles(num):
result = num * 2
result return - def doubles(num):
result = num * 2
return = result - def doubles(num):
result = num * 2
return “result”
Test your knowledge: Learn from the Python community
- Which of these is not included in the Python Standard Library?
- time
- NumPy
- re
- csv
- Which of the following resources provides recommendations about including comments in your code?
- csv
- re
- Python Standard Library
- PEP 8
- Which of the following code blocks have correct indentation?
- What is a Python module?
- A Python file that contains additional functions, variables, and any kind of runnable code
- A resource that provides stylistic guidelines for programmers working in Python
- A text file that contains cybersecurity-related data
- A Python function that exists within Python and can be called directly
Weekly challenge 2
- Which of the following components are part of the header in a function definition? Select all that apply.
- The keyword return
- The name of the function
- The parameters used in a function
- The keyword def
- Which of the following calls to the type() function uses correct syntax?
- type([55, 81, 17])
- type([17, 81]):
- type[(81, 17)]
- type[81, 55, 17]
- Review the following code. Which of these statements accurately describes name?
def echo(name):
return name * 3
- It is a parameter because it is used in a return statement.
- It is a parameter because it is included in the function definition.
- It is an argument because it is included in the function call.
- It is an argument because it is used in a return statement.
- Fill in the blank: The re, csv, glob, and time modules are all _____.
- keywords in a function header
- built-in functions
- part of the Python Standard Library
- part of PEP 8
- What does this line of code return? print(max(1,3,7))
- 1
- 7
- 3
- 11
- What is returned from the following user-defined function if you pass it the arguments 2 and 3?
def add(num1, num2):
result = num1 + num2
return result
add(2, 3)
- 2
- 5
- 3
- 1
- Which of the following choices is a resource that provides stylistic guidelines for programmers working in Python?
- re
- Python Standard Library
- PEP 8
- glob
- What should you do when writing comments? Select all that apply.
- Keep them up-to-date.
- Make them clear.
- Only place them at the beginning of a program.
- Place them before every line of code.
- What is a function?
- A Python file that contains runnable code
- A reusable section of code
- A set of stylistic guidelines for working in Python
- A downloadable resource with code instructions
- Fill in the blank: A Python file that contains additional functions, variables, classes, and any kind of runnable code is called a _____.
- parameter
- library
- module
- built-in function
Shuffle Q/A
- Which of the following choices is a valid header in a function definition?
- def remove_user(username):
- def remove_user(username)
- remove_user(username):
- def (remove_user(username))
- Fill in the blank: A collection of modules that users can access in their programs is a _____.
- style guide
- built-in function
- library
- user-defined function
- What does this line of code return?
print(type(“h32rb17”))
- int
- “h32rb17”
- str
- h32rb17
- What is returned from the following user-defined function if you pass it the argument “John”?
def greet(name):
greeting = “Hello”
return name
greet(“John”)
- “John”
- name
- “Hello, John”
- “Hello John”
- What can a style guide help you with when working with Python? Select two answers.
- Making it easier for other programmers to understand your code
- Finding new modules you can incorporate into your code
- Finding ways to make your code more complex
- Making your code more consistent
- Why are comments useful? Select three answers.
- They explain the code to other programmers.
- They make debugging easier later on.
- They provide insight on what the code does.
- They make the code run faster.
- What are built-in functions?
- Functions that return information
- Functions that exist with Python and can be called directly
- Functions that take parameters
- Functions that a programmer builds for their specific needs
- You imported a Python module, what do you now have access to in Python?
- A manual that informs the writing, formatting, and design of documents
- A function that exists within Python and can be called directly
- A list of comments that you have included in previous code
- Additional functions, variables, classes, and other kinds of runnable code
- Which of the following calls to the sorted() function uses correct syntax?
- sorted([532, 73, 85])
- sorted[73, 85, 532]
- sorted[(85, 523, 73)]
- sorted():
- In the following code, what is the argument?
def welcome_user(name):
print(“Welcome,” name)
username=”elarson”
welcome_user(username)
- welcome_user
- def
- name
- username
- When working in Python, what is a library?
- A collection of modules that provide code users can access in their programs
- A module that allows you to work with a particular type of file
- A Python file that contains additional functions, variables, classes, and any kind of runnable code
- A collection of stylistic guidelines for working with Python
- What is returned from the following user-defined function if you pass it the argument of 2?
def multiples(num):
multiple = num * 3
return num
multiples(2)
- multiples
- 6
- num
- 2
- What is an advantage of including this comment in the following code? Select all that apply.
# For loop iterates to print an alert message 5 times
for i in range(5):
print(“alert”)
- It ensures the loop will function when the code is run in Python.
- It can help other programmers understand the purpose of this loop.
- It can help you understand the code if you revisit it in the future.
- It is displayed in the output when the code is run in Python.
- Which of the following statements accurately describe functions? Select all that apply.
- Functions can be used no more than 10 times from within a single program.
- When functions are updated, the changes are applied everywhere they are used.
- Functions are useful for automation.
- Functions can be reused throughout a program.
- What does this line of code return?
print(sorted([“h32rb17”, “p52jb81”, “k11ry83”]))
- [“h32rb17”, “k11ry83”, “p52jb81”]
- [“p52jb81”]
- [“p52jb81”, “k11ry83”, “h32rb17”]
- [“h32rb17”]
Week 3
- Which of the following statements correctly describe strings? Select all that apply.
- Strings cannot contain numeric characters.
- Strings must be placed in brackets ([ ]).
- Strings must be placed in quotation marks (” “).
- Strings are immutable.
- What does the following code return?
device_id = “uu0ktt0vwugjyf2”
print(device_id[2:5])
- “u0kt”
- “0ktt”
- “u0k”
- “0kt”
- What does the following code display?
device_id = “Tj1C58Dakx”
print(device_id.lower())
- “tj1C58Dakx”
- “Tj1C58Dakx”
- “tj1c58dakx”
- “TJ1C58DAKX”
- You want to find the index where the substring “192.168.243.140” starts within the string contained in the variable ip_addresses. Complete the Python code to find and display the starting index. (If you want to undo your changes to the code, you can click the Reset button.)
What index does the substring “192.168.243.140” start at?
- 31
- 33
- 34
- 32
Test your knowledge: Work with lists and develop algorithms
- Review the following code:
my_list = [“a”, “b”, “c”, “d”]
my_list[2] = 4
print(my_list)
What will it display?
- [“a”, 4, “c”, “d”]
- An error message
- [“a”, “b”, 4, “d”]
- [“a”, “b”, “4”, “d”]
- You are working with the list [“cwvQSQ”,”QvPvX5″,”ISyT3a”,”S7vgN0″]. Its elements represent machine IDs, and the list is stored in a variable named machine_ids. Which line of code will add the ID of “yihhLL” at index 3?
- machine_ids.append(“yihhLL”,3)
- machine_ids.insert(“yihhLL”,3)
- machine_ids.append(“yihhLL”)
- machine_ids.insert(3,”yihhLL”)
- Which line of code will remove the username “tshah” from the following list?
access_list = [“elarson”, “bmoreno”, “tshah”, “sgilmore”]
- access_list[“tshah”].remove()
- access_list.remove(“tshah”)
- access_list.remove(2)
- access_list.remove(3)
- As a security analyst, you are responsible for developing an algorithm that automates removing usernames that match specific criteria from an access list. What Python components would you help implement this? Select three answers.
- A for loop that iterates through the usernames in the access list
- The .remove() method
- The .append() method
- An if statement that compares a username to the criteria for removal
Test your knowledge: Regular expressions
- Which regular expression symbol represents one or more occurrences of a specific character?
- \d
- \w
- *
- +
- As a security analyst, you are responsible for finding employee IDs that end with the character and number sequence “a6v”. Given that employee IDs consist of both numbers and alphabetic characters and are at least four characters long, which regular expression pattern would you use?
- “\w*a6v”
- “a6v”
- “\wa6v”
- “\w+a6v”
- You have imported the re module into Python with the code import re. You want to use the findall() function to search through a string. Which function call enables you to search through the string contained in the variable text in order to return all matches to a regular expression stored in the variable pattern?
- findall(pattern, text)
- findall(text, pattern)
- re.findall(pattern, text)
- re.findall(text, pattern)
- Which strings match the regular expression pattern “\w+”? Select all that apply.
- “3”
- “FirstName”
- “#name”
- “”
Weekly challenge 3
- Which line of code converts the integer 7 to a string?
- str(“7”)
- str(7)
- string(7)
- string(“7”)
- Which line of code returns a copy of the string “HG91AB2” as “hg91ab2”?
- print(“HG91AB2”.lower())
- print(“HG91AB2″(lower))
- print(lower.”HG91AB2″())
- print(lower(“HG91AB2”))
In the string “network”, which character has an index of 1?
- “e”
- “n”
- “k”
- “t”
- What is the index of the character “4” in the string “h204D3921”?
- 2
- 5
- 3
- 4
- You need to take a slice from an employee ID. Specifically, you must extract the characters with indices of 3, 4, 5, and 6. Complete the Python code to take this slice and display it. (If you want to undo your changes to the code, you can click the Reset button.)
What string does the code output?
- “x430”
- “37×4”
- “7×43”
- “237x”
You need to take a slice from a network ID. Specifically, you must extract the characters with indices of 6 through 10. Complete the Python code to take this slice and display it. (If you want to undo your changes to the code, you can click the Reset button.)
network_id = “l693m585n528”
print(### YOUR CODE HERE ###)
What string does the code output?
-
- “m585n”
- “5n528”
- “585n5”
- “85n52”
- What is the output of the following code?
list1 = [1, 2, 3]
list2 = [“a”, “b”, “c”]
print(list1 + list2)
- [1, 2, 3, “a”, “b”, “c”]
- An error message
- [1, “a”, 2, “b”, 3, “c”]
- [6, “abc”]
- A variable named my_list contains the list [1,2,3,4]. Which line of code adds the element 5 to the end of the list?
-
- my_list.insert(4,5)
- my_list.insert(5)
- my_list.insert(5,4)
- my_list.insert(5,5)
- What is an algorithm?
- A function that finds matches to a pattern
- A set of guidelines to keep code consistent
- A function that returns information
- A set of rules to solve a problem
- What does the \w symbol match to in a regular expression?
- Any letter
- Any character and symbol
- Any alphanumeric character
- Any number
- You have imported the re module into Python with the code import re. Which code searches the device_ids string variable for a pattern of “r15\w+”?
- re.findall(device_ids, “r15\w+”)
- findall(“r15\w+”, device_ids)
- re.findall(“r15\w+”, device_ids)
- findall(device_ids, “r15\w+”)
- Which method adds input to the end of a list?
- .append()
- .lower()
- .insert()
- .index()
Shuffle Q/A
- What is the output of the following code?
print(len(“125”))
- 3
- 10
- 8
- 5
- Which line of code returns a copy of the string “bmoreno” as “BMORENO”?
- print(“bmoreno”.upper())
- print(upper.”bmoreno”())
- print(upper(“bmoreno”))
- print(“bmoreno”(upper))
- What is the index of the character “c” in the string “encryption”?
- 2
- 3
- 1
- 4
- What is the output of the following code?
username_list = [“elarson”, “bmoreno”, “tshah”]
device_id_list = [“us2c0R5”, “2R78TBR”, “bt3MIEz”]
print(username_list + device_id_list)
- [“elarson”, “us2c0R5”, “bmoreno”, “2R78TBR”, “tshah”, “bt3MIEz”]
- [“us2c0R5”, “2R78TBR”, “bt3MIEz”, “elarson”, “bmoreno”, “tshah”]
- An error message
- [“elarson”, “bmoreno”, “tshah”, “us2c0R5”, “2R78TBR”, “bt3MIEz”]
- A variable named my_list contains the list [1,2,3,4]. Which line of code removes the last element in the list?
- remove (my_list, 3)
- remove(my_list, 4)
- my_list.remove(3)
- my_list.remove(4)
- What module do you need to import to use regular expressions in Python?
- os
- time
- re
- csv
- What is the result when .upper() is applied to a string?
- The character that appears most frequently in the string is extracted from it and returned.
- The value of the string is reassigned to the value of the string in the line preceding it.
- The value of the string is reassigned to contain all uppercase letters.
- A copy of the string is returned with all uppercase letters.
- What is the output of the following code?
approved_users = [“bmoreno”, “elarson”, “tshah”, “eraab”]
print(approved_users[1])
- “elarson”
- [“bmoreno”, “elarson”, “tshah”, “eraab”, 1]
- “bmoreno”
- [1, “bmoreno”, “elarson”, “tshah”, “eraab”]
- Fill in the blank: A(n) _____ is a set of rules to solve a problem.
- append
- algorithm
- regular expression
- index
- Which of the following strings match with the regular expression pattern of “\w”? Select all that apply.
- “W”
- “security”
- “2”
- “1B”
- What does the re.findall() function return?
- All possible regular expressions that match to a given string
- A list of all matches to a regular expression in a given string
- The first match to a regular expression in a given string
- All occurrences of the pattern “re” in a given string
- What does the code username_list.append(“bmoreno”) method do?
- Returns all matches to the pattern “bmoreno” in the username_list list
- Inserts “bmoreno” at the beginning of the username_list list
- Adds “bmoreno” to the end of the username_list list
- Updates all instances of “bmoreno” in the username_list list to uppercase letters
- Which line of code returns the number of characters in the string assigned to the username variable?
- print(len(username))
- print(username.len())
- print(str(username))
- print(username.str())
- Which code joins a list of new_users to a list of approved_users and assigns the value to a third variable named users?
- users(new_users[1], approved_users[2])
- users = insert(new_users, approved_users)
- users = new_users + approved_users
- users(new_users, approved_users)
- Fill in the blank: Determining that you need to use string slicing and a for loop to extract information from items in a list is part of creating a(n) _____.
- index
- regular expression
- append
- algorithm
What does the code device_ids.append(“h32rb17”) do?
- Adds “h32rb17” to the end of the device_ids list
- Returns all matches to the pattern “h32rb17” in the device_ids list
- Inserts “h32rb17” at the beginning of the device_ids list
- Updates all instances of “h32rb17” in the device_ids list to uppercase letters
Week 4
- You want to open the file “logs.txt” and store it in the file variable for the purpose of reading it. You also want to ensure all resources are released and the file is closed after you read it. What is the correct line of code to do this?
- file = open(“logs.txt”, “r”):
- with open(“logs.txt”, “r”) as file:
- with file.open(“logs.txt”, “r”):
- with open(“r”, “logs.txt”) as file:
- After you’ve opened a log file as login_file, which line of code can you use to read the file and store it in a variable called login_attempts?
- login_attempts = login_file.reader()
- login_attempts = login_file.read()
- login_attempts = read(login_file)
- login_file.read() as login_attempts
- You just read a log file into a variable called file. The file variable contains a string of multiple IP addresses that are each separated by a whitespace. Which line of code separates each individual IP address and stores it as a list in a variable called ip_addresses?
- ip_addresses = split(file)
- split(file, ip_addresses)
- ip_addresses = file.split()
- ip_addresses.split(file)
- You need to check for unusual login activity. Specifically, you need to check a list of login timestamps to determine if any of the login times occurred at unusual hours. If you want to automate this through Python, what would be part of your code? Select two answers.
- A for loop that iterates through the list of timestamps
- An if statement that checks if a specific user has multiple login timestamps during unusual hours
- A counter variable that keeps track of the number of failed login attempts
- An if statement that checks if the login timestamp occurred at unusual hours
Test your knowledge: Debug Python code
- What types of errors might you encounter while debugging code? Select three answers.
- Logic errors
- Exceptions
- Syntax errors
- Iteratives
- The purpose of this code is to indicate whether a particular operating system needs to be updated. However, it contains a syntax error. Run this code, analyze its output, and then debug it. (If you want to undo your changes to the code, you can click the Reset button.)
Based on what you discover, how can you fix the error?
- Remove all colons (:).
- Change the keyword elsif to elif.
- Indent the elsif statement.
- Use single equals signs (=) and not double equals signs (==).
- You have written code that assigns security incident tickets to the appropriate cybersecurity team based on its priority level. If the priority level is 1, it should get forwarded to Team A. If the priority level is 2, it should get forwarded to Team B. When testing your code, you notice that an incident with priority level 2 is forwarded to Team A instead of Team B. What type of error is this?
- Exception
- Syntax error
- Logic error
- Name error
- You have written code that uses a search algorithm to find an employee’s IP address. When testing your code, an error message indicates that an unknown index is being accessed. What type of error is this?
- Exception
- Logic error
- Syntax error
- Iterative
Weekly challenge 4
- What is debugging?
- The practice of improving code efficiency.
- The practice of identifying and fixing errors in code.
- The practice of improving code readability.
- The practice of calling a function from multiple places in a larger program
- The purpose of the following code is to print the numbers from 0 to 9. Run this code, analyze its output, and then debug it. (If you want to undo your changes to the code, you can click the Reset button.)
How can you fix the error?
- Add a missing colon (:)
- Remove the quotation marks around number
- Change indentation
- Spell a variable correctly
- The purpose of the following code is to iterate through a list and print a warning message if it finds “user3” in the list. Run this code, analyze its output, and debug it. (If you want to undo your changes to the code, you can click the Reset button.)
How can you fix the error?
- Change “user3” to “user2” in the conditional.
- Change the indentation so that the line that prints the warning is not indented.
- Change “user3” to “user1” in the conditional.
- Change the != operator to the == operator in the conditional.
You did not define a function before calling it. What type of error is this?
- Logic error
- Index out of bounds
- Syntax error
- Exception
- You did not assign a value to a variable before using it in a conditional. What type of error is this?
- Index out of bounds
- Logic error
- Syntax error
- Exception
- Why might you use print statements when debugging code?
- To prevent errors from occurring
- To identify which sections of the code are working properly
- To create error messages
- To add missing syntax to the code
- Which of these functions or arguments should you include in a with statement if you want Python to open a file called access.txt so that it can be read? Select three answers.
- “r”
- read()
- open()
- “access.txt”
- The logins variable is a string containing 20 device IDs. The device IDs are separated by spaces. In order to pass it into a function that checks the login count of each device, the string should be divided into a list of separate IDs. How do you convert this string into a list and store it in a device_ids variable?
- device_ids = logins.split()
- logins.split() as device_ids
- device_ids = device_ids.split(logins)
- device_ids = split(device_ids, logins)
- Fill in the blank: If you use the .split() method to convert a string into a list so that it can be read more easily, this would be an example of _____.
- slicing
- parsing
- debugging
- dividing
- After you’ve opened a log file as file, which line of code will help you read the file into a variable called text?
- text.read(file)
- text = file.read()
- text = read(file, “r”)
- text = read(file)
- You want to check for unusual login activity. Specifically, you want to read a log file that contains information on each login attempt, including whether it failed or was successful. You should then parse the data into a logins list, and then you should separate all failed log entries into a separate failed_logins list. If you want to automate this through Python, what would be part of your code? Select three answers.
- An if statement to check if a login attempt failed
- A for loop to iterate through all items in the logins list
- A counter variable to keep track of the number of failed logins
- A split() function to split the login information into a list
Shuffle Q/A
- You included username_list[10] in your code, but username_list only contains five elements. What type of error is this?
- Logic error
- Exception
- Name error
- Syntax error
- If you know there is a logic error somewhere inside a function, how can you figure out the exact location?
- Place print statements in and around the function
- Move the function to another location
- Delete the function from the program
- Write comments in and around the function
- If you want to read a file called “logs.txt”, which line of code allows you to open this file for purposes of reading it and store it in a variable called file?
- with open(“logs.txt”, file, “r”):
- with file.open(“logs.txt”, “r”):
- with open(“logs.txt”, “r”) as file:
- with open(“logs.txt”) as file:
- You’ve read a log file into the variable file_text. The file_text variable contains a string of 50 usernames of employees at your company. In order to pass it into a function that checks the login count of each user, the string should be divided into a list of separate usernames. How do you convert this string into a list and store it in a variable usernames?
- file_text.split() as usernames
- usernames = usernames.split(file_text)
- usernames = file_text.split()
- usernames = split(usernames, file_text)
- What are the three types of errors you will encounter while debugging?
- Logic errors, comment errors, and iterative errors
- Exceptions, logic errors, iterative errors
- Syntax errors, exceptions, and comment errors
- Syntax errors, logic errors, and exceptions
- The purpose of the following code is to print the characters in a device ID. Run this code, analyze its output, and then debug it. (If you want to undo your changes to the code, you can click the Reset button.)
What is the error related to?
- A misspelled variable
- A missing double equals sign (==)
- A missing quotation mark (“)
- A missing colon (:)
- When debugging code, what are effective ways to determine which sections of code are working properly? Select all that apply.
- Add comments in the code
- Use a debugger
- Delete blank lines from the code
- Add print statements
- What does the following code do?
with open(“logs.txt”, “r”) as file:
- It copies a file called “logs.txt” into a new file “r”.
- It opens a file called “logs.txt” in write mode and stores it in a variable called file.
- It copies a file called “r” into a new file “logs.txt”.
- It opens a file called “logs.txt” in read mode and stores it in a variable called file.
What does the following code do?
logins = “pwashing jhill tshah”
usernames = logins.split()
- Removes the last username in the logins variable and stores the string in the usernames variable
- Removes the blank spaces that split the usernames in the variable logins and stores the string in the variable usernames
- Splits a string variable called logins into a list of strings and stores it in the variable usernames
- Splits a string variable called logins into single characters
- What is parsing?
- The process of reading data line by line
- The process of copying data to other files
- The process of writing data to a new file
- The process of converting data into a more readable format
- What is the practice of identifying and fixing errors in code?
- Parsing
- Slicing
- Debugging
- Splitting
- The purpose of this code is to print “user flagged” if the username is “jhill”, and otherwise to print “user okay”. Run this code, analyze its output, and debug it. (If you want to undo your changes to the code, you can click the Reset button.)
How can you fix this error?
- Call check_user() before the function definition.
- Remove indentation from the line that prints “user okay” so that it is not part of the conditional.
- Use the != operator instead of the == operator in the conditional header.
- Add an else statement before the line that prints “user okay”.
- You did not define a function before calling it. What type of error is this?
- Index out of bounds
- Syntax error
- Logic error
- Exception
- What does the following code do?
read_text = text.read()
- Reads the string text and stores it the file read_text
- Splits the text variable, which contains a string, and stores it as a list in read_text
- Reads the text variable, which contains a file, and stores it as a string in read_text
- Replaces the contents of the file read_text with the contents of the file text
- You want to check for unusual login activity. Specifically, you want to check if there were more than three failed login attempts in the last 10 minutes by the last user who logged in. If you want to automate this through Python, what would be part of your code? Select three answers.
- A for loop that iterates through the list of logins
- A line of code that reassigns a counter variable to 0 if there is a failed login attempt
- A counter variable that increments when a failed login is detected
- An if statement that checks if there were more than three failed login attempts
What does the following code do?
new_format = old_format.read()
- Reads the old_format variable, which contains a file, and stores it as a string in new_format
- Inserts the string stored in the new_format variable into the file stored in the old_format variable
- Detects certain text patterns in old_format
- Prints the contents of old_format
Course 8 – Put It to Work: Prepare for Cybersecurity Jobs
Week 1
- What does a security mindset enable a security analyst to do when protecting their organization? Select two answers.
- Evaluate risks and identify potential system breaches
- Approve social media connections from security professionals
- Recognize what they are defending
- Evaluate employee retention
- Which type of asset would have the least impact on an organization if it were compromised?
- Trade secrets
- Intellectual property
- Financial information
- Guest Wi-Fi network
- How can security analysts cultivate a security mindset?
- By researching the latest security vulnerabilities
- By signing non-disclosure agreements (NDAs)
- By protecting public data from being accessed and shared
- By sharing sensitive information with those who request it
- Which of the following examples describes the use of a security mindset? Select two answers.
- Exercising suspicion before opening email attachments
- Reusing passwords for multiple accounts
- Downloading email attachments from unknown senders
- Reporting suspicious emails
Test your knowledge: Your impact on data protection
- A security analyst notices that an employee has installed an app on their work device without getting permission from the help desk. The log indicates that potentially malicious code might have been executed on the host. Which of these security events should the security analyst escalate to a supervisor?
- The employee installing an app without permission should be escalated.
- Both events should be escalated.
- Neither event should be escalated.
- The log indicating malicious code might have been executed on the host should be escalated.
- Which are types of data and assets that stakeholders are most interested in protecting? Select two answers.
- Company policies
- Sensitive financial data
- Social media presence
- Customers’ usernames and passwords
- Fill in the blank: When a security event results in a data breach, it is categorized as a _____.
- security incident
- threat
- vulnerability
- asset
- Which of the following are examples of the potential impact of a security incident involving malicious code?
- Loss of assets
- Operational downtime
- Financial consequences
- Data protection
Weekly challenge 1
- Fill in the blank: A security mindset is the _____.
- ability to help an organization’s human resources (HR) department remain compliant at all times
- intent to provide quality security services to an organization’s development operations team
- opportunity to showcase your Linux and other coding related technical skills
- ability to evaluate risk and constantly seek out and identify the potential or actual breach of a system, application, or data
- As a security analyst, you are responsible for protecting an organization’s low-level assets and high-level assets. Which of the following is considered a high-level asset?
- Company job descriptions
- Public press releases
- Intellectual property
- Guest Wi-Fi network
- Fill in the blank: A security mindset helps a security analyst _____.
- defend against constant pressure from cyber attackers
- recognize the difference between physical security and cybersecurity
- apply for an engineering role
- reinforce the expectations of security stakeholders
- Which of the following are examples of private data? Select two answers.
- Government trade agreements
- Customer bank account information
- Employee identification numbers
- Employee email addresses
- What term is used to describe individuals of an organization who are interested in protecting sensitive financial data, customers’ usernames and passwords, and third-party vendor security?
- Executive security administrators
- Data managers
- Information protection advisors
- Stakeholders
- Fill in the blank: The decisions a security analyst makes can affect the organization that the analyst works for and other team members across the organization. These decisions also affect ______.
- the analyst’s chance for a promotion
- the financial markets
- competitors in the industry
- the customers of the organization that hired the analyst
- What are some ways that security analysts protect data? Select three answers.
- Understanding the organization’s assets
- Reporting small events
- Ignoring small events
- Paying attention to detail
- Fill in the blank: When a security event results in a data breach, it is categorized as a _____.
- vulnerability
- security event
- security incident
- threat
- Fill in the blank: An organization is responsible for protecting its customers’ sensitive data. Examples of the kinds of sensitive data that must be protected include ____ and _____. Select two answers.
- social security numbers
- bank statements
- private social media pages
- website URLs
- Which of the following can cause a company to experience loss of credibility, financial loss, or regulatory fines?
- A cybersecurity awareness month phishing program
- The resignation of the company’s social media manager
- Employee security awareness training
- A data breach
Shuffle Q/A
- Which concept focuses on understanding how to evaluate risk and identify the potential for a breach of a system, application, or data?
- Security analyst evaluation
- Security recognition
- Security mindset
- Python knowledge
- As a security analyst, you are responsible for protecting an organization’s low-level assets and high-importance assets. Which of the following is considered a low-level asset?
- Company trade secrets
- Guest Wi-Fi network
- Customer email addresses
- Intellectual property
- Which of the following assets can be protected by adopting a security mindset? Select three answers.
- Sensitive customer data
- Financial information
- Intellectual property
- Network equipment
- An employee at a healthcare company accesses a patient’s medical history and payment information to provide treatment. Which type of data is this classified as?
- Sensitive data
- Confidential data
- Private data
- Public data
- Fill in the blank: _____ are interested in protecting sensitive financial data, customers’ usernames and passwords, and third-party vendor security.
- Stakeholders
- Social media influencers
- Web programmers
- HIPAA compliance officers
- What are some examples of the customer data that security analysts protect? Select two answers.
- Product announcements
- Passwords
- Newsletters
- Credit card numbers
- Fill in the blank: _____ must be protected at all times. An organization can lose its credibility with its customers if it is not properly protected.
- Employee salaries
- An organization’s social media page
- Sensitive customer data
- An organization’s termination policy
- Which of the following are the best examples of possible consequences of a data breach? Select two answers.
- Improved hardware functionality
- Significant reduction in employee retention
- Loss of credibility
- Regulatory fines
- Which of the following examples are considered public data? Select two answers.
- Health insurance information
- Product announcements
- Press releases
- Passport numbers
- Fill in the blank: One of the most important concerns for most organizations is the protection of _____.
- customer data
- guest Wi-Fi
- social media
- job postings
- A security analyst notices that an employee has installed an app on their work computer without getting permission from the IT service desk. The security analyst also notices that antivirus software recorded a potentially malicious execution on the same computer. Which of these security events should the security analyst escalate to their supervisor?
- Both events should be escalated.
- Neither event should be escalated.
- The employee installing an app without permission should be escalated.
- The potentially malicious code detected by the antivirus software should be escalated.
- Which of the following is an essential way to maintain a security mindset?
- Evaluate risks
- Seek engineering mentors
- Escalate major security issues within one week
- Work various security jobs with different organizations
- Fill in the blank: Entry-level analysts can help protect low-level assets, such as an organization’s _____.
- guest Wi-Fi network
- financial information
- trade secrets
- company job descriptions
- Which of the following statements best describes the relationship between a security mindset and asset protection?
- A security mindset helps analysts protect low-level assets.
- A security mindset is not important for protecting assets.
- A security mindset helps analysts protect high-importance assets.
- A security mindset helps analysts protect all levels of assets.
- Who will be affected by the decisions you make as a security analyst? Select two answers.
- The financial markets
- The customers of the organization that hired you
- Competitors in the same industry
- The organization that hired you
Fill in the blank: A security analyst should _____ escalate potential security events.
-
- never
- rarely
- sometimes
- always
What is the correct term for a security event that results in a data breach?
-
- Compromised data
- Data security event
- Security incident
- Phishing incident
Which of the following are examples of sensitive customer data that most organizations prioritize? Select two answers.
-
- Social media profiles
- Credit card numbers
- Usernames and passwords
- Job postings
Week 2
- Fill in the blank: A malware infection is an incident type that occurs when _____.
- a website experiences high traffic volumes
- malicious software designed to disrupt a system infiltrates an organization’s computers or network
- a computer’s speed and performance improves
- an employee of an organization violates the organization’s acceptable use policies
- Fill in the blank: Improper usage is an incident type that occurs when _____.
- an individual gains digital or physical access to a system or application without permission
- malicious software designed to disrupt a system infiltrates an organization’s computers or network.
- an employee of an organization violates the organization’s acceptable use policies
- an employee that runs an organization’s public relations posts incorrect data on the company’s social media page
- When should you escalate improper usage to a supervisor?
- Improper usage incidents should always be escalated out of caution.
- Improper usage incidents should be escalated if there is a high level of improper usage.
- Improper usage attempts that affect high-priority assets should be escalated; other improper usage instances are not as important.
- Improper usage does not need to be escalated because these are in-house scenarios that can be handled without reporting them to the security team.
- Fill in the blank: Unauthorized access is an incident type that occurs when _____.
- an individual gains digital or physical access to a system, data, or an application without permission
- an individual gains digital or physical access to a system, data, or an application without permission
- malicious software designed to disrupt a system infiltrates an organization’s computers or network
- an employee of an organization violates the organization’s acceptable use policies
Test your knowledge: Timing is everything
- All security incidents should be escalated.
- True
- False
- Which incident can have the most impact on an organization?
- An employee forgets their login credentials
- A user’s social media password is leaked
- A manufacturing plant’s network is compromised
- An organization’s guest Wi-Fi network is down
- Fill in the blank: A(n) _____ is a set of actions that outlines who should be notified when an incident alert occurs and how that incident should be handled.
- playbook
- event
- security incident
- escalation policy
- Which incident classification type occurs when an employee violates an organization’s acceptable use policy?
- Improper usage
- Malware infection
- Unauthorized access
- Containment
Weekly challenge 2
- What security term describes the identification of a potential security event, triaging it, and handing it off to a more experienced team member?
- Incident escalation
- SOC operations
- Social engineering
- Data security protection
- Which skills will help you identify security incidents that need to be escalated? Select two answers.
- Excellent communication skills
- Ability to collaborate well with others
- Attention to detail
- Ability to follow an organization’s escalation guidelines or processes
- Fill in the blank: Entry-level analysts might need to escalate various incident types, including _____.
- noncompliance of tax laws
- mismanagement of funds
- improper usage
- missing software
- Improper usage can be intentional; other times it can be accidental. How should you decide which acts of improper usage should be escalated to a supervisor?
- Improper usage incidents should always be escalated as a precaution.
- Improper usage should never be escalated to a supervisor.
- Only intentional acts of improper usage should be escalated.
- Improper usage attempts that affect high-priority assets should be escalated; other improper usage instances are not as important.
- You are alerted that a hacker has gained unauthorized access to one of your organization’s manufacturing applications. At the same time, an employee’s account has been flagged for multiple failed login attempts. Which incident should be escalated first?
- Both security incidents should be escalated at the same time.
- The incident involving the employee who is unable to log in to their account should be escalated first.
- The incident involving the malicious actor who has gained unauthorized access to the manufacturing application should be escalated first.
- The best thing to do is escalate the incident that your supervisor advised you to escalate first.
- What is the best way to determine the urgency of a security incident?
- Contact the risk assessment team to determine urgency.
- Reach out to the organization’s Red Team supervisor to determine urgency.
- Identify the importance of the assets affected by the security incident.
- Email the Chief Information Security Officer (CISO) of the company for clarification.
- Fill in the blank: An escalation policy is a set of actions that outlines _____.
- how to manage the security stakeholders of an organization
- how to escalate customer service complaints
- how to defend an organization’s data and assets
- how to handle a security incident alert
- Fill in the blank: _____ is important when following a company’s escalation policy to ensure you follow the policy correctly.
- Attention to detail
- Delegating tasks
- Reading quickly
- Working remotely
- Fill in the blank: An entry-level analyst helps the security team make sure the _____ person on the team is alerted when incidents occur.
- technical
- available
- correct
- most senior-level
- Which of the following security incidents is likely to have the most negative impact on an organization?
- An employee sends an email to the wrong colleague
- Unauthorized access to a manufacturing application
- An employee’s account flagged for multiple login attempts
- An employee having a phone conversation about a work project in the breakroom
Shuffle Q/A
- Fill in the blank: _____ is a skill that will help you identify security incidents that need to be escalated.
- Graphics design
- Attention to detail
- Leadership
- Linux operations
- As a security analyst, you might be asked to escalate various incidents. Which of the following are common incident classification types? Select two answers.
- Malware infection
- SPAM
- Gift card scam
- Unauthorized access
- An employee attempting to access software on their work device for personal use can be an example of what security incident type?
- Unauthorized access
- Improper usage
- Malware infection
- Social engineering
- What is a potential negative consequence of not properly escalating a small security incident? Select two answers.
- The company can suffer a loss in reputation.
- The company’s antivirus software can be uninstalled.
- The company’s employee retention percentage can decrease drastically.
- The company can suffer a financial loss.
- You have recently been hired as a security analyst for an organization. You previously worked at another company doing security, and you were very familiar with their escalation policy. Why would it be important for you to learn your new company’s escalation policy?
- Every company has a different escalation policy, and it is an analyst’s job to ensure incidents are handled correctly.
- The policy will help you analyze data logs.
- The policy will advise you on who to report to each day.
- The escalation policy will help you with vulnerability scanning.
- Fill in the blank: An _____ will help an entry-level analyst to know when and how to escalate a security incident.
- executive security dashboard
- escalation policy
- employee security handbook
- blue team CIRT guideline
- Fill in the blank: Incident escalation is the process of _____.
- reporting a security incident to a human resource department for compliance purposes
- properly assessing security events
- creating a visual dashboard that shows security stakeholders the amount of security incidents taking place
- identifying a potential security incident , triaging it, and handing it off to a more experienced team member
- What does attention to detail and following an organization’s security event notification process help you with?
- Vulnerability scanning
- Incident escalation
- Security data forensics
- Log monitoring
- What elements of security do terms like unauthorized access, malware infections, and improper usage describe?
- Public press releases
- Phishing attempts
- Company job descriptions
- Incident classification types
- Which of the following security incidents can have the most damaging impact to an organization?
- A system containing customer PII is compromised
- A company’s social media account is compromised
- The guest Wi-Fi network for a company is hacked
- An employee forgets their password and logs too many failed login attempts
- A security analyst for an organization notices unusual log activity in an app that was recently banned from the organization. However, the analyst forgets to escalate this activity to the proper personnel. What potential impact can this small incident have on the organization?
- Small incidents rarely have any impact on an organization.
- The organization might need to delete its social media profile.
- It can become a bigger threat.
- The third-party assessment team might be removed by the organization.
- What security term is defined as a set of actions that outlines who should be notified when an incident alert occurs?
- A security risk assessor
- An escalation policy
- A network architecture alert
- A vulnerability scan system
- Why is it important for analysts to follow a company’s escalation policy? Select two answers.
- An escalation policy can help analysts determine the best way to cross-collaborate with other members of their organization.
- An escalation policy instructs analysts on the right person to contact during an incident.
- An escalation policy can help analysts determine which tools to use to solve an issue.
- An escalation policy can help analysts prioritize which security events need to be escalated with more or less urgency.
- A new security analyst has just been hired to an organization and is advised to read through the company’s escalation policy. What kind of information will the analyst be educated on when reading through this policy?
- They will learn when and how to escalate security incidents.
- They will learn the best way to communicate with stakeholders.
- They will learn how to use the Linux operating system.
- They will learn the best way to create visual dashboards to communicate with executives.
- Unauthorized access to a system with PII is _____ critical than an employee’s account being flagged for multiple failed login attempts.
- marginally
- more
- equally
- less
- How can an escalation policy help security analysts do their jobs?
- An escalation policy outlines who should be notified when an incident occurs.
- An escalation policy outlines when to alert the public of a data breach.
- An escalation policy educates analysts on how to be aware of phishing attempts.
- An escalation policy instructs the analysts on how to scan for vulnerabilities.
Which of the following is an essential part of incident escalation?
- Communicate a potential security incident to a more experienced team member
- Make reactive decisions
- Maintain data logs that detail previous security events
- Create a visual dashboard that details a solution to the security problem
Which incident type involves an employee violating an organization’s acceptable use policy?
-
- Malware infection
- Improper usage
- Phishing
- Unauthorized access
Week 3
- Which of the following should a security analyst do before communicating the results of a vulnerability test to stakeholders? Select three answers.
- Use visual aids
- Choose an appropriate communications medium
- Use highly technical details
- Consider the nature of the information that is being communicated
- If a stakeholder fails to respond to an email in a timely manner, which communication steps are the next best options? Select two answers.
- Send an instant message
- Complain to human resources (HR)
- Make a phone call
- Report to the organization’s Chief Information Security Officer (CISO)
- Fill in the blank: The use of _____ to tell a security story can help security analysts communicate impactful data and metrics.
- visuals
- cross-site scripting
- direct phone calls
- instant messages
- Which software programs can be used as tools for sharing and telling a visual story about data? Select all that apply.
- Apache OpenOffice
- Google Docs
- Google Sheets
- Linux
Weekly challenge 3
- What term is used to define an individual or a group that has an interest in the decisions or activities of an organization?
- Audit specialist
- Incident response manager
- Decision-making manager
- Stakeholder
- Fill in the blank: The _____ is an example of a security stakeholder who is most interested in protecting the data and assets of an organization.
- social media manager
- accounts receivable specialist
- in-house graphic designer
- operations manager
- A security operations manager often works directly with a security analyst as the first line of defense to protect an organization from what challenges? Select two answers.
- A lack of an employee consortium
- The use of social media on work devices
- Vulnerabilities
- Risks
- Fill in the blank: Information that is communicated to ____ is considered sensitive.
-
- the general public
- stakeholders
- an organization’s competitors
- employees regarding social events
- Which of the following guidelines can help security analysts improve stakeholder communications? Select two answers.
- Use technical security terms as much as possible
- Include as many topics as possible
- Be precise
- Avoid unnecessary technical terms
- Which of the following is an example of a security event that should be communicated to a stakeholder?
- Incorrect office hours posted on social media
- A tax audit
- Malicious code detected in logs
- The resignation of a human resources employee
- Fill in the blank: Visual communications to stakeholders can be used to convey key details in the form of ____.
- text messages and charts
- text-filled documents and graphs
- logs and alerts
- graphs and charts
- Why is it important for analysts to use visuals to tell a security story?
- Visuals can help an analyst communicate impactful metrics and data.
- Visuals can help an analyst identify which details are most important for different stakeholders.
- Visuals can help an analyst prioritize which incidents need to be escalated with more or less urgency.
- Visuals can help an analyst determine which tool to use to solve a security challenge.
- Fill in the blank: For security purposes, it is important to communicate sensitive information with _____.
- supervision
- care
- graphs and charts
- a low level of urgency
- Stakeholders have many responsibilities, so they might miss an email or fail to respond promptly. If an analyst needs to reach a stakeholder right away, what might be a better option for stakeholder communication?
- A follow-up investigation
- A phone call
- An email to the CISO
- A follow-up email to the stakeholder’s supervisor
Shuffle Q/A
- Which of the following are stakeholders interested in having knowledge of? Select two answers.
- The online reviews for their organization
- Social media reviews for their competitor’s organization
- The decisions of their organization’s leadership
- The activities of their organization
- Which security stakeholder helps recognize risks and manage the response to security incidents?
- Risk manager
- Chief Information Security Officer (CISO)
- Operations manager
- Chief Financial Security Officer (CFO)
- Handling the daily maintenance of security operations is the general responsibility for which security stakeholder?
- Operations manager
- Chief Information Security Officer (CISO)
- Chief Financial Security Officer (CFO)
- Entry-level security analyst
- An analyst sends an email to stakeholders about a recent security breach. While writing the email, the analyst is mindful about what they say and which stakeholders they communicate the information to. Why does the analyst take this approach?
- Information that is communicated to stakeholders is sensitive.
- Information can be sent to stakeholders instead of managers.
- Information about a security breach might improve the company’s reputation.
- Information sent via email can be considered public knowledge.
- Fill in the blank: Communications with stakeholders should always be precise, avoid unnecessary technical terms, and _____.
- include numerous security questions
- tell an elaborate story to ensure your point is made
- have various purposes to maximize time
- have a clear purpose
- Graphs and charts can be used to create which form of stakeholder report?
- Text-filled documents
- Text messages
- Phone calls
- Visual communications
- Fill in the blank: In the field of security, it is important to communicate _____ with care.
- sensitive information
- publicly available information
- nonsensitive information
- time off requests
- What is the best way to follow-up with a stakeholder who has not immediately responded to your email? Select two answers.
- File a complaint with human resources
- Call them on the phone
- Report the issue to your supervisor
- Send them an instant message
- Which of the following statements best describes the information that is communicated to stakeholders?
- It is sensitive.
- It is proprietary.
- It is shareable to the entire organization.
- It is publicly available.
- Which of the following options is the best way to handle the detection of malicious code in logs?
- Handle the incident using your Linux knowledge
- Report the incident directly to the CISO
- Communicate the incident to a security stakeholder
- Wait until a more experienced team member notices it
- Fill in the blank: Creating ____ communications allows a security stakeholder to view representations of what is being explained using graphs and charts.
- audio
- visual
- complex
- simple
- You have recently been hired as a security analyst for an organization. You’ve been asked by a security stakeholder to provide information on how often the employees from various departments are clicking on simulated phishing emails. What action can you take to best communicate this information?
- Use visuals, such as charts and graphs, to tell the security story
- Send an email that explains the necessary information
- Call the stakeholder and directly update them
- Ask your supervisor to report your findings because you are new
- Fill in the blank: If a stakeholder fails to respond to an important message you sent them right away, the best approach to reach them is to follow-up with _____.
- an email to the CISO
- a phone call or an instant message
- an email to your immediate supervisor
- a text message to the stakeholder’s manager
What is a stakeholder?
-
- The security professionals who manage the SOC operations for an organization
- An individual or a group that has an interest in any decision or activity of an organization
- An individual or a group that manages the public relations crisis for an organization
- A customer who depends on an organization to protect their sensitive financial and medical data
Which individuals are considered security stakeholders? Select three answers.
- Risk managers
- Chief Information Security Officers (CISOs)
-
- Help desk analysts
- Operations Managers
You are alerted that a malicious actor has gained unauthorized access to one of your organization’s manufacturing applications. You need to inform the operations manager as soon as possible. What is the best way to communicate this information?
- Clearly and concisely
- With a corporate-wide email
- With a dashboard visualization
- With a phone call
An analyst finishes an incident review. Next, they want to clearly communicate meaningful data from their findings. What action can they take to share this information?
- Use visuals to tell a security story
- Collaborate with the publicity team to develop a communication strategy
- Request that the Chief Technology Officer (CTO) sends a summary email
- Ask stakeholders to report their findings
Week 4
- Which of the following methods can be used to build your cybersecurity network? Select three answers.
- Join cybersecurity associations.
- Attend cybersecurity conferences.
- Connect with security professionals using social media.
- Research the latest threats and vulnerabilities.
- Fill in the blank: A security professional can sign up for _____ to keep up with key trends and topics in the industry.
- Linux training courses
- healthcare magazines
- engineering mailing lists
- security mailing lists
- Which of the following strategies can an aspiring security analyst use to connect with security professionals? Select two answers.
- Subscribe to security mailing lists.
- Leverage professional social media sites such as LinkedIn®.
- Create a newsletter.
- Join security associations.
- How can engaging with the security community help newcomers establish a security career? Select two answers.
- By connecting with other security professionals
- By focusing on improving technical skills
- By engaging in unethical security activities
- By staying informed about the latest security news
Weekly challenge 4
- You are being interviewed for a cybersecurity analyst role with a mid-level organization. During the interview, the hiring manager asks you what resources you believe are most valuable for staying up-to-date on the most critical security risks to web applications. Which of the following resources would you suggest?
- Risk Management for Security Geeks
- CSO Online
- OWASP
- Krebs Explains Security
- Fill in the blank: ____ is a security website that covers security news and investigations into cyber attacks.
- Security Investigation by Krebs
- The Washington Post Security Guide
- Krebs on Security
- Security from Kreb’s Point of View
- Which site do many CISOs in the security industry review for security tips and ideas?
- The Security CISO Online
- The CSO Security Expert Digest
- CSO Online
- CSO Tips for Beginners
- Which security resource provides information on analytics and application security, mobile and cloud security, and the Internet of Things (IoT)?
- Krebs Knows Security
- Krebs on Security
- CSO Online
- Dark Reading
- Fill in the blank: _____ is a great way to connect to other security professionals in the industry.
- Knocking door-to-door
- Asking friends and family members who are not in the security industry for introductions
- Staying away from social media
- Networking on social media
- Fill in the blank: _____ is a great way to connect with security professionals on social media.
- Responding to unfamiliar messages
- Attempting to hack a security team member and resolving that hack in a timely fashion
- Reading and commenting on the social media posts of leaders in the security industry
- Reading CISO posts on social media
- Fill in the blank: _____ for the name of the CISO of an organization is a good first step to finding a CISO to follow on social media.
- Asking social media friends
- Asking friends or family members
- Checking an organization’s blog
- Conducting an internet search
- What is a good way to find other security analysts in the industry to follow on social media?
- Search for security engineers on LinkedIn®
- Cold call various security teams until someone agrees to connect with you on social media
- Put out a social media post that asks all security analysts to follow you
- Search for cybersecurity analysts on LinkedIn®
- Fill in the blank: For individuals who are not active on social media, _____ is another great way to connect with security professionals.
- taking a class on how to foster a collaborative team environment
- joining different security associations
- joining exclusive CFO seminars
- taking a social media training course
- Fill in the blank: When determining a security association to join, it’s important to _____.
- select one that is geared towards advanced security professionals
- select one that aligns with your professional goals
- ask the CISO of the most recent organization you applied to for suggestions
- join one that is closest to where you live, so you’re able to attend in person
Shuffle Q/A
- Which well-known security website was created by former Washington Post reporter, Brian Krebs?
- Security from Kreb’s Point of View
- Brian Knows Security
- The Washington Post Security Guide
- Krebs on Security
- Fill in the blank: _____ provides news, analysis, and research on various security and risk management topics.
- Risk Management for Security Geeks
- Krebs Explains Security
- Who Knows Security?
- CSO Online
- Fill in the blank: Although many security websites and blogs provide different relevant security tips, _____ specifically provides information on analytics and application security, mobile and cloud security, and the Internet of Things (IoT).
- Dark Reading
- CSO Online
- Krebs on Security
- Kreb’s Cloud Security Blog
- You’ve recently completed the Google Cybersecurity Certificate and decide it’s time to connect with other security professionals. Which of the following is a great way to connect with security professionals?
- Searching for them on social media
- Asking friends and family members who are not in the security industry to connect you with people they know
- Staying away from social media
- Calling different organizations and asking to speak with their security teams
- You’ve recently completed the Google Cybersecurity Certificate and decide it’s time to connect with other security professionals. Which of the following is a great way to connect with security professionals on social media? Select two answers.
- Follow leaders in the security industry
- Respond to messages of people on social media that you’re unfamiliar with, as long as their profile says they’re in the security industry
- Read and comment on the social media posts of leaders in the security industry
- Send messages to a security supervisor until they agree to be your mentor
- Fill in the blank: The first step to finding a CISO to follow on social media is to conduct a(n) _____ for the name of the CISO of an organization.
- cross-reference check
- background check
- external security audit
- internet search
- What is a great way to connect with security professionals or find mentors in the security industry without using social media?
- Search for CISOs on LinkedIn®
- Do an internet search for entry-level security analysts in your area
- Join different security associations
- Attend a social media training seminar
- Which security website covers security news and investigations into cyber attacks?
- Online CISO
- Kreb’s Security Perspective
- Security Investigation by Krebs
- Krebs on Security
- Which of the following is a good first step to finding a CISO to follow on social media?
- Ask friends in the e-commerce industry about which CISOs to follow
- Conduct a background check on CISOs in your area
- Send multiple messages to a company on their social media page and ask how to contact their CISO directly
- Conduct an internet search for the name of the CISO of an organization
- On social networks like LinkedIn®, you can find security professionals by searching for “cybersecurity analysts” or a similar search term. After this search, what is the best way to filter through those search results?
- Filter for people who talk about # (hashtag) cybersecurity
- Filter for people who talk about # (hashtag) product engineering
- Filter for people who talk about # (hashtag) Python
- Filter for people who talk about # (hashtag) social media
- Fill in the blank: _____ is a great way to connect with security professionals without using social media.
- Cold calling security teams from different companies
- Doing an internet search for entry-level security analysts in your area
- Joining different security associations
- Contacting a CISO directly via email
- Fill in the blank: Selecting a security association that _____ will help ensure you find the one that best fits your needs.
- is within a five-mile radius of your home
- has excellent online reviews
- aligns with your professional goals
- is dedicated to senior-level analysts
- Fill in the blank: The OWASP is a standard awareness document that lists the top _____most critical security risks to web applications.
- 10
- 50
- 5
- 20
- What is the best search term to use to find a security organization to join?
- “Incident response teams”
- “Industry associations”
- “Top CISOs in my area”
- “Cybersecurity industry associations”
Fill in the blank: The _____ is a standard awareness document that lists the top 10 most critical security risks to web applications.
- Programming for Security Protection
- Wall Street Journal
- OWASP
- Red Teaming Blog
Fill in the blank: _____ is an online security resource that provides information on analytics and application security, mobile and cloud security, and the Internet of Things (IoT).
- Krebs Knows Security
- CSO Online
- Krebs on Security
- Dark Reading
Which of the following is a good way to use social media to connect with security professionals? Select two answers.
-
- Send messages to a security supervisor until they agree to be your mentor
- Read and comment on social media posts of leaders in the security industry
- Follow leaders in the security industry on social media
- Respond to messages of people on social media that you’re unfamiliar with, as long as their profile says they’re in the security industry
Week 5
- Which of the following strategies are effective ways to prepare for a job interview? Select three answers.
- Review the job description
- Practice describing your skills and experiences
- Call the chief information security officer
- Review your resume
- Which of the following actions should you take before a video interview to prevent technical difficulties during the interview? Select two answers.
- Install the required video conference application
- Conduct pre-interview research
- Test video and audio settings
- Adjust the lighting
- Fill in the blank: Establishing _____ with the interviewer is an important step to take and can help you leave a positive impression with the interviewer.
- a conversational tone
- data types
- roadblocks
- a rapport
- Which of the following post-interview practices is an effective way to stand out as a candidate?
- Apply to the position again
- Ask the interviewer how other candidates did during their interviews
- Send a gift to the interviewer
- Send a follow-up email to the interviewer
Test your knowledge: Develop an elevator pitch
- Fill in the blank: Elevator pitches enable you to summarize your experience, skills, and background to potential employers in about ____.
- 10 minutes
- Five minutes
- 60 seconds
- 2 minutes
- What are effective strategies to use when sharing your elevator pitch? Select two answers.
- Be succinct.
- Mention mistakes you made at previous jobs.
- Describe the technical skills that you plan to learn.
- Speak at a relaxed pace.
- In which of the following scenarios would it be appropriate to share your elevator pitch? Select two answers.
- At the end of a job interview
- When meeting new friends or colleagues
- When introducing yourself to career and business connections
- After you receive a job offer
- What is a best practice when sharing your elevator pitch with a potential employer?
- Speak in a conversational tone
- Speak quickly
- Use a lot of technical terms
- Disclose why you left your previous job
Weekly challenge 5
- What are examples of skills that are transferable to a cybersecurity role? Select three answers.
- Written and verbal communication skills
- Attention to detail
- Collaboration skills
- Social media skills
- Which personal details should be included at the top of your resume? Select three answers.
- Your professional title
- Your summary statement
- Your name
- Your education
- What can the skills section of your resume include? Select two answers.
- Programming skills
- A history of previous work experiences
- Your email address
- Security frameworks
- Which of the following statements is suitable to include in the work experience section of a resume? Select two answers.
- Tasked with handling security challenges
- Collaborated with a team of six to develop training for more than 25 company employees
- Security tasks were handled
- Conducted monthly vulnerability assessments
- Which of the following sections should be included at the bottom of your resume?
- Contact information
- Skill competencies
- Work experience
- Education/Certifications
- Fill in the blank: It is important to make sure there are no _____ errors in your resume before sending it to potential employers.
- technical
- location-based
- cybersecurity
- grammatical
- Fill in the blank: _____ is a good way to begin preparing for a job interview.
- Reviewing the job description
- Dressing in casual clothing
- Memorizing your resume
- Checking the company’s stock price
- Fill in the blank: Testing your video and audio settings before a video conference interview will help you correct any _____ before the interview.
- nervousness
- technical issues
- Linux programming issues
- confusion about interview questions
- Which term describes a friendly relationship in which the people involved understand each other’s ideas and communicate well with each other?
- Phishing
- Social networking
- Rapport
- Social engineering
- A potential candidate is interviewing for a security analyst role. The candidate says the following when responding to a scenario-based question: “The outcome led to an increase in total sales over the two months that my manager was out of the office.” Which part of the STAR method does this response demonstrate?
- Result
- Situation
- Action
- Task
Shuffle Q/A
- Fill in the blank: A resume might also be referred to as a _____.
- standard framework
- curriculum vitae
- professional reference
- cover letter
- Which details should your resume’s summary statement include? Select two answers.
- Your professional references’ names and email addresses
- Specific words from the responsibilities section of the job description
- Your professional title
- Your strengths and relevant skills
- Fill in the blank: The _____ section of your resume should list capabilities that are related to the position you are applying to.
- technical programming
- summary statement
- skills
- professional references
- Fill in the blank: In the experience section of your resume, you should list your _____.
- contact information
- professional references
- work history
- Linux programming skills
- You are currently working on completing a certificate program and will complete the program soon. How should you indicate that in the certification/education section of your resume?
- ”Completed”
- “Partially fulfilled”
- “In progress”
- “Incomplete”
- What are effective ways to prepare for your job interview? Select three answers.
- Practice speaking about the experiences and skills that the employer is looking for
- Review the job description
- Review your notes on the NIST Framework to refresh your memory
- Research the company’s former Chief Financial Officer (CFO)
- Why is building rapport important in the job interview process? Select two answers.
- It can distract the interviewer
- It can reduce your chances of getting hired
- It can help ease nervousness during the interview
- It can help enhance the communication between you and the interviewer
- A potential candidate is interviewing for a security analyst role. The candidate says the following when responding to a scenario-based question: “It was up to me to manage the product sales for the next two months while the department manager was away from the company.” Which part of the STAR method does this response demonstrate?
- Task
- Situation
- Result
- Action
- Fill in the blank: After the name and summary section, the next part of your resume is the _____.
- cybersecurity experience section
- responsibilities section
- professional references section
- skills section
- Fill in the blank: Under the education/certification section of your resume, you should list any subjects you studied related to _______.
- social engineering
- Python
- the job you are applying for
- previous work experiences
- Before finalizing your resume, which of the following best practices should you follow? Select two answers.
- Ensure your resume is a maximum of 2 pages long
- Ensure your resume is a minimum of 3 pages long
- Check that your resume uses at least 2 font colors
- Check for spelling and grammatical errors
- Which steps are essential when preparing for a video interview? Select two answers.
- Test your video and audio settings
- Build a rapport with the interviewer
- Write a cover letter
- Find a quiet location in your home
- Fill in the blank: Resumes typically list your last _____ years of work experience.
- three
- five
- 20
- 10
- When do you begin to build rapport with your potential employer?
- On your first day of employment
- During the second round of interviews
- During your first interaction by phone, email, or video conference
- During the technical interview
Fill in the blank: To calm your nerves before the interview begins, _____ and remind yourself about the preparation you have put in.
- review Linux commands
- take a few deep breaths
- call your professional references
- review other job postings
A hiring manager recently reached out to you for a video interview. You have never used the software required for you to join the interview. What should you do to prepare?
- Request an in-person interview instead
- Download the software specified by the interviewer in advance
- Inform the interviewer that you do not know how to use this particular software
- Download the video conference software that you are familiar with instead
Related Google Career Certificates:
- Google Cybersecurity Professional Certificate Answers
- Google Data Analytics Professional Certificate Answers
- Google Digital Marketing & E-commerce Professional Certificate Answers
- Google IT Support Professional Certificate Answers
- Google Project Management Professional Certificate Answers
- Google UX Design Professional Certificate Answers