1. Chapter 15 SQL Structured Query Language – Database Design
Each field in the CREATE TABLE has three parts (see above):. ColumnName; Data type; Optional Column Constraint. ColumnName. The ColumnName must be unique within ...
Main Body
2. Data and Databases – Information Systems for Business and Beyond
A relational database is one in which data is organized into one or more tables. Each table has a set of fields, which define the nature of the data stored in ...
Dave Bourgeois and David T. Bourgeois
3. What is a Relational Database? - TechTarget
Missing: seven action
Learn about relational databases, the basics of their structure and how they differ from non-relational and NoSQL databases.
4. SQL Skill Test | 40+ SQL Questions for Data Science Professionals
Jun 6, 2023 · In a relational schema, you can have only one primary key and there may be multiple unique keys present in the table. A unique key can take null ...
Test and improve your SQL skills with our MCQs. This quiz focuses on challenges encountered while using SQL, so you may master the concepts.
5. 180+ SQL Interview Questions and Answers in 2023 - Great Learning
INNER JOIN: The INNER JOIN creates a new result table by combining column values of two tables (table1 and table2) based upon the join-predicate. The query ...
The top 180+ SQL interview questions and answers of 2023 are for freshers and experienced professionals who get hired.
6. Define relationships between tables in an Access database
Missing: ____. | Show results with:____.
Describes table relationships and how to define relationships in a Microsoft Access database.
7. 3. Data, Tables, and Database Design - Fixing Access Annoyances [Book]
This clearly indicates that you need to create a separate table just for orders. In a properly designed database, new data adds rows, not fields. (When you're ...
Chapter 3. Data, Tables, and Database Design GIGO—Garbage In, Garbage Out—means that all the fancy forms and reports in the world don’t mean a thing if the data in your … - Selection from Fixing Access Annoyances [Book]
![3. Data, Tables, and Database Design - Fixing Access Annoyances [Book]](https://i0.wp.com/www.oreilly.com/library/cover/059600852X/)
8. Relational Database Normalization Process
The process of designing a relational database includes making sure that a table contains only ... columns, and relationships in order to create an efficient ...
Illogically or inconsistently stored data can cause a number of problems. In a relational database, a logical and efficient design is just as critical. A poorly designed database may provide erroneous information, may be difficult to use, or may even fail to work properly.
9. SQL DROP TABLE statement overview - SQLShack
Missing: seven | Show results with:seven
This article explores SQL DROP TABLE statement for dropping SQL Server table along with various use cases.
10. [PDF] Relational Data Management System (RDMS 2200) and IPF SQL ...
Each column has a set of permissible values called its domain. Tables look like and are similar to conventional sequential files. Like a file, each table has a ...
11. Google Cybersecurity Professional Certificate Answers - Coursera
... database table or a combination of tables is called a _____. query. log. key. row ... Filter databases to return only columns that exist in every table. Return ...
Google Cybersecurity Professional Certificate Answers - CourseraPrepare for a career as a cybersecurity analyst with a professional certificate from Google. Learn job-ready skills that are in-demand, like how to identify common risks, threats, and vulnerabilities, as well as the techniques to mitigate them.Cybersecurity analysts are responsible for monitoring and protecting networks, devices, people, and data. They use a collection of methods and technologies to safeguard against outside threats and unauthorized access — and to create and implement solutions should a threat get through.This certification is part of Google Career Certificates .Complete a Google Career Certificate to get exclusive access to CareerCircle, which offers free 1-on-1 coaching, interview and career support, and a job board to connect directly with employers, including over 150 companies in the Google Career Certificates Employer Consortium.Language: EnglishCertification URLs:grow.google/certificates/cybersecuritycoursera.org/google-certificates/cybersecurity-certificateQuestions: Course 1 - Foundations of Cybersecurity Week 1 Test your knowledge: Introduction to cybersecurity What are the three key elements of the CIA triad?Customer trust, increased revenue, and advancementCompliance standards, instructions, and accessConfidentiality, integrity, and availability of informationContinuity, invulnerability, and attainment of business goals What are the primary responsibilities of an entry-level security analyst? Select three answers.Create compliance lawsProtect informationSearch for weaknessesMonitor systems Fill in the blank: Performing _____ enables security professionals to review an organization's security records, activities, and related documents.penetration testssoftware developmentsethical hackingsecurity audits In what ways do security teams bring value to an organization? Select two answers.Protecting against external and internal threatsReducing business productivityAchieving regulatory complianceIncreasing operational expenses Test your knowledge: Core skills for cybersecurity professionals Which of the following proficiencies are transferable skills, likely to be applicable in almost any field? Select all that apply.Written and verbal communicationProblem-solvingAnalysisProgramming Which of the following proficiencies are technical skills that are needed to become an entry-level security analyst? Select all that apply.Regulation writingSoftware developmentData analysisProgramming Fill in the blank: _____ identify, analyze, and preserve criminal evidence within networks, computers, and electronic devices.Business intelligence professionalsDigital forensic investigatorsSecurity operations center analystsEthical hackers What are examples of sensitive personally identifiable information (SPII) that cybersecurity professionals need to protect? Select two answers.Bank account numbersEmail addressesMedical recordsLast names Weekly challenge 1 Fill in the blank: Cybersecurity aims to protect networks, devices, people, and data from _____ or criminal exploitation.changing business prioritiesunauthorized accesspoor financial managementmarket shifts Which of the following tasks are typically responsibilities of entry-level security analysts? Select all that apply.changing business prioritiesunauthorized accesspoor financial managementmarket shiftsorInstalling prevention softwareCreating organizational policiesConducting periodic security auditsProtecting computer and network systemsorInstalling prevention softwareCreating organizational policiesExamining in-house security issuesProtecting computer and network systems An employee receives an email that they believe to be legitimate. They click on a compromised link within the email. What type of internal threat does this scenario describe?AbusiveIntentionalAccidentalOperational Fill in the blank: Identity theft is the act of stealing _____ to commit fraud while impersonating a victim.trade secretshardwarepersonal informationbusiness records What are some key benefits associated with an organization meeting regulatory compliance? Select two answers.Avoiding finesRecruiting employeesUpholding ethical obligationsIncreasing productivity An individual is in their first job as an entry-level security professional. They apply the problem-solving proficiencies that they learned in past roles to their current security career. What does this scenario describe?Having expertise with a specific procedureUnderstanding business standardsTaking on-the-job trainingUsing transferable skills Fill in the blank: Security information and _____ management (SIEM) tools enable security professionals to identify and analyze threats, risks, and vulnerabilities.employereventemergencyenterprise What do security professionals typically do with SIEM tools?Identify threat actors and their locationsLocate and preserve criminal evidenceEducate others about potential security threats, risks, and vulnerabilitiesIdentify and analyze security threats, risks, and vulnerabilities Which of the following statements accurately describe personally identifiable information (PII) and sensitive personally identifiable information (SPII)? Select all that apply.An example of SPII is someone’s financial information.The theft of PII is often more damaging than the theft of SPII.Both PII and SPII are vulnerable to identity theft.An example of PII is someone’s date of birth.orAn example of PII is someone’s phone number.An example of SPII is someone’s biometric data.Only SPII is vulnerable to identity theft.PII is any information used to infer an individual’s identity.orSPII is a type of PII that falls under stricter handling guidelines.The theft of SPII is often more damaging than the theft of PII.An example of SPII is someone’s last name.An example of PII is someone’s email address. Fill in the blank: Cybersecurity aims to protect networks, devices, people, and data from _____ or unauthorized access.poor financial managementmarket shiftscriminal exploitationchanging business priorities Which of the following entities may be an internal threat to an organization? Select three answers.Trusted partnersVendorsEmployeesCustomers An individual has their personal information stolen. They discover that someone is using that information to impersonate them and commit fraud. What does this scenario describe?Data breachSecured customer dataNetwork infiltrationIdentity theft Fill in the blank: An organization that is in regulatory compliance is likely to _____ fines.rectifyavoidencounterincur An individual is in their first job as an entry-level security professional. They take training to learn more about the specific tools, procedures, and policies that are involved in their career. What does this scenario describe?Gaining new technical skillsImproving management capabilitiesUnderstanding different perspectivesTransferring capabilities from one career to another Fill in the blank: The purpose of _____ is to protect networks, devices, people, and data from unauthorized access or criminal exploitation.cybersecuritychange-managementplanningbusiness continuity A security professional collaborates with information technology teams to deploy an application that helps identify risks and vulnerabilities. What does this scenario describe?Upgrading network capacityInstalling detection softwareConducting a security auditEthical hacking Someone outside of an organization attempts to gain access to its private information. What type of threat does this scenario describe?InternalExternalEthicalAccidental What is identity theft?Failing to maintain and secure user, customer, and vendor dataTrying to gain access to an organization’s private networksStealing personal information to commit fraud while impersonating a victimA data breach that affects an entire organization A security professional receives an alert about an unknown user accessing a system within their organization. They attempt to identify, analyze, and preserve the associated criminal evidence. What security task does this scenario describe?Resolving error messagesProgramming with codeSoftware upgradesComputer forensics What is regulatory compliance?Sites and services that require complex passwords to accessLaws and guidelines that require implementation of security standardsExpenses and fines associated with vulnerabilitiesThreats and risks from employees and external vendors Fill in the blank: Security information and event _____ (SIEM) tools enable security professionals to identify and analyze threats, risks, and vulnerabilities.monitoringmitigationmaturitymanagement Which of the following proficiencies are examples of technical skills? Select two answers.Prioritizing collaborationCommunicating with employeesApplying computer forensicsAutomating tasks with programming Week 2 Test your knowledge: The history of cybersecurity Fill in the blank: A computer virus is malicious _____ that interferes with computer operations and causes damage.codesequencinghardwareformatting What is one way that the Morris worm helped shape the security industry?It prevented the development of illegal copies of software.It inspired threat actors to develop new types of social engineering attacks.It led to the development of computer emergency response teams.It made organizations more aware of the significant financial impact of security incidents. What were the key impacts of the Equifax breach? Select two answers.Millions of customers’ PII was stolen.The significant financial consequences of a breach became more apparent.Developers were able to track illegal copies of software and prevent pirated licenses.Phishing became illegal due to significant public outcry. Social engineering, such as phishing, is a manipulation technique that relies on computer error to gain private information, access, or valuables.TrueFalse Test your knowledge: The eight CISSP security domains Fill in the blank: Examples of security _____ include security and risk management and security architecture and engineering.domainsdatanetworksassets A security professional is responsible for ensuring that company servers are configured to securely store, maintain, and retain SPII. These responsibilities belong to what security domain?Security architecture and engineeringAsset securitySecurity and risk managementCommunication and network security Your supervisor asks you to audit the human resources management system at your organization. The objective of your audit is to ensure the system is granting appropriate access permissions to current human resources administrators. Which security domain is this audit related to?Software development securitySecurity assessment and testingSecurity operationsIdentity and access management Why is it useful to understand the eight CISSP security domains? Select two answers.To develop programming skillsTo identify potential career opportunitiesTo better understand your role within an organizationTo improve your communication skills Weekly challenge 2 What is the term for software that is designed to harm devices or networks?BugSocial applicationMalwareError message What historical event resulted in one of the largest known thefts of sensitive data, including social security numbers and credit card numbers?LoveLetter attackEquifax breachMorris wormBrain virusFill in the blank: Social engineering is a manipulation technique that exploits _____ error to gain access to private information.networkhumancomputercodingFill in the blank: Social engineering is a _____ that exploits human error to gain private information, access, or valuables.type of malwarereplicating virusmanipulation techniquebusiness breach A security professional is asked to teach employees how to avoid inadvertently revealing sensitive data. What type of training should they conduct?Training about network optimizationTraining about business continuityTraining about security architectureTraining about social engineering Which domain involves defining security goals and objectives, risk mitigation, compliance, business continuity, and the law?Security assessment and testingSecurity architecture and engineeringIdentity and access managementSecurity and risk management Which of the following tasks may be part of the security architecture and engineering domain? Select all that apply.Validating the identities of employeesConfiguring a firewallSecuring hardwareEnsuring that effective systems and processes are in place Which of the following tasks may be part of the asset security domain? Select all that apply.Ensuring users follow established policiesSecuring digital and physical assetsData storage and maintenanceProper disposal of digital assets A security professional is auditing user permissions at their organization in order to ensure employees have the correct access levels. Which domain does this scenario describe?Security assessment and testingSecurity and risk managementAsset securityCommunication and network security Which domain involves keeping data secure by ensuring users follow established policies to control and manage physical assets?Identity and access managementCommunication and network securitySecurity assessment and testingSecurity and risk managementWhich domain involves conducting investigations and implementing preventive measures?Security operationsSecurity and risk managementAsset securityIdentity and access management A security professional receives an alert that an unknown device has connected to their organization’s internal network. They follow policies and procedures to quickly stop the potential threat. Which domain does this scenario describe?Security operationsSecurity and risk managementAsset securityIdentity and access management Shuffle Q/A Which of the following threats are examples of malware? Select two answers.VirusesBugsWormsError messages Fill in the blank: Exploiting human error to gain access to private information is an example of _____ engineering.networkcommunicationsocialdigital Which of the following tasks may be part of the security architecture and engineering domain? Select all that apply.Securing hardwareEnsuring that effective systems and processes are in placeConfiguring a firewallValidating the identities of employees Which of the following tasks may be part of the security operations domain? Select all that apply.Implementing preventive measuresInvestigating an unknown device that has connected to an internal networkConducting investigationsUsing coding practices to create secure applications A security professional conducts internal training to teach their coworkers how to identify a social engineering attack. What types of security issues are they trying to avoid? Select all that apply.Employees inadvertently revealing sensitive dataOvertaxing systems with too many internal emailsPhishing attacksMalicious software being deployed Which of the following tasks are part of the security and risk management domain? Select all that apply.Securing physical assetsDefining security goals and objectivesComplianceBusiness continuity Which domain involves optimizing data security by ensuring that effective tools, systems, and processes are in place?Communication and network securitySecurity and risk managementIdentity and access managementSecurity architecture and engineering Which domain involves securing digital and physical assets, as well as managing the storage, maintenance, retention, and destruction of data?Asset securityCommunication and network securitySecurity assessment and testing Security operations Which of the following tasks may be part of the security assessment and testing domain? Select all that apply.Auditing user permissionsSecuring physical networks and wireless communicationsConducting security auditsCollecting and analyzing data A security professional is setting up access keycards for new employees. Which domain does this scenario describe?Identity and access managementCommunication and network securitySecurity and risk managementSecurity assessment and testing A security professional is optimizing data security by ensuring that effective tools, systems, and processes are in place. Which domain does this scenario describe?Communication and network securitySecurity architecture and engineeringSecurity and risk managementIdentity and access management Which of the following tasks may be part of the identity and access management domain? Select all that apply.Conducting security control testingSetting up an employee’s access keycardEnsuring users follow established policiesControlling physical assets Week 3 Test your knowledge: Frameworks and controls Fill in the blank: A security _____ is a set of guidelines used for building plans to help mitigate risk and threats to data and privacy.controlframeworkregulationlifecycle An organization requires its employees to complete a new data privacy training program each year to reduce the risk of a data breach. What is this training requirement an example of?Security controlData confidentialityCybersecurity Framework (CSF)Personally identifiable information (PII) What is a foundational model that informs how organizations consider risk when setting up systems and security policies?Cybersecurity Framework (CSF)Sensitive personally identifiable information (SPII)Confidentiality, integrity, and availability (CIA) triadGeneral Data Protection Regulation law (GDPR) Security teams use the NIST Cybersecurity Framework (CSF) as a baseline to manage short and long-term risk.TrueFalse Test your knowledge: Ethics in cybersecurity An employee trained to handle PII and SPII leaves confidential patient information unlocked in a public area. Which ethical principles does this violate? Select all that apply.ConfidentialityLawsPrivacy protectionsRemaining unbiased Fill in the blank: Privacy protection means safeguarding _____ from unauthorized use.business networkspersonal informationdocumentationcompliance processes You receive a text message on your personal device from your manager stating that they cannot access the company’s secured online database. They’re updating the company’s monthly party schedule and need another employee’s birth date right away. Your organization’s policies and procedures state that employee information should never be accessed or shared through personal communication channels. What should you do?Request identification from your manager to ensure the text message is authentic; then, provide the birth date.Respectfully decline, then remind your manager of the organization’s guidelines.Give your manager the employee’s birth date; a party is a friendly gesture.Ask your manager to provide proof of their inability to access the database. You work for a U.S.-based utility company that suffers a data breach. Several hacktivist groups claim responsibility for the attack. However, there is no evidence to verify their claims. What is the most ethical way to respond to this incident?Escalate the situation by involving other organizations that have been targeted.Improve the company’s defenses to help prevent future attacks.Target a specific hacktivist group as a warning to the others.Conduct cyberattacks against each hacktivist group that claimed responsibility. Weekly challenge 3 What are some of the primary purposes of security frameworks? Select three answers.Protecting PII dataManaging organizational risksSafeguarding specific individualsAligning security with business goals What are some of the primary purposes of security frameworks? Select three answers.Protecting PII dataManaging organizational risksSafeguarding specific individualsIdentifying security weaknesses Which of the following are core components of security frameworks? Select two answers.Managing data requestsIdentifying and documenting security goalsMonitoring and communicating resultsMonitoring personally identifiable information Fill in the blank: A security professional has been tasked with implementing safeguards to reduce suspicious activity on their company's network. They use _____ to help them reduce this type of risk.security controlspublic websitessecurity ethicsprivate information You are helping your security team consider risk when setting up a new software system. Using the CIA triad, you focus on confidentiality, availability, and what else?IntegrityInformationInconsistenciesIntelligenceYou are helping your security team consider risk when setting up a new software system. Using the CIA triad, you focus on confidentiality, availability, and what else?IntegrityInformationInconsistenciesIntelligence Fill in the blank: _____ are items perceived as having value to an organization.IncidentsLifecyclesAssetsAlerts Which of the following statements accurately describe the NIST CSF? Select all that apply.It is only effective at managing long-term risk.Its purpose is to help manage cybersecurity risk.It is a voluntary framework.It consists of standards, guidelines, and best practices. Fill in the blank: Some of the most dangerous threat actors are _____ because they often know where to find sensitive information, can access it, and may have malicious intent.past vendorsdisgruntled employeessenior partnersdissatisfied customersFill in the blank: As a security professional, you monitor the potential threats associated with _____ because they often have access to sensitive information, know where to find it, and may have malicious intent.past vendorsdisgruntled employeessenior partnersdissatisfied customers A security professional is updating software on a coworker’s computer and happens to see a very interesting email about another employee. The security professional chooses to follow company guidelines with regards to privacy protections and does not share the information with coworkers. Which concept does this scenario describe?Preserving evidenceSecurity controlsSecurity ethicsBusiness email compromiseA security professional overhears two employees discussing an exciting new product that has not been announced to the public. The security professional chooses to follow company guidelines with regards to confidentiality and does not share the information about the new product with friends. Which concept does this scenario describe?Preserving evidenceSecurity controlsSecurity ethicsBusiness email compromise Fill in the blank: The ethical principle of _____ involves safeguarding an organization’s human resources records that contain personal details about employees.honestyprivacy protectionunlimited accessnon-bias You are a security professional working for a state motor vehicle agency that stores drivers' national identification numbers and banking information. Which ethical principle involves adhering to rules that are intended to protect these types of data?RestrictionsLawsGuidelinesInvestigations Shuffle Q/A Which of the following are core components of security frameworks? Select two answers.Establishing regulatory compliance measuresImplementing security processesSetting guidelines to achieve security goalsMonitoring personally identifiable information Fill in the blank: A security professional has been tasked with implementing strict password policies on workstations to reduce the risk of password theft. This is an example of _____.ConformityCommunicationConfidentialityConsent Fill in the blank: A key aspect of the CIA triad is ensuring that data is correct, _____, and reliable.authenticpubliccentralizedupdated For what reasons might disgruntled employees be some of the most dangerous threat actors? Select all that apply.They know where to find sensitive information.They are less productive than other employees.They have access to sensitive information.They may have malicious intent. Fill in the blank: The ethical principle of _____ involves adhering to compliance regulations.protectionsrestrictionslawsguidelines Which of the following statements accurately describe the NIST CSF? Select all that apply.It is a voluntary framework.Security teams use it as a baseline to manage risk.It is only effective at managing short-term risk.Its purpose is to help manage cybersecurity risk. Which ethical principle describes the rules that are recognized by a community and enforced by a governing entity?RestrictionsGuidelinesProtectionsLaws You are helping your security team consider risk when setting up a new software system. Using the CIA triad, you focus on confidentiality, integrity, and what else?ActivityApplicationsAccuracyAvailability Week 4 Test your knowledge: Important cybersecurity tools What tool is designed to capture and analyze data traffic within a network?network protocol analyzer (packet sniffer)Structured Query Language (SQL)Google ChronicleSplunk Enterprise Which of the following are examples of SIEM tools? Select two answers.PythonGoogle ChronicleLinuxSplunk Enterprise How are logs primarily used by security professionals?Identify vulnerabilities and potential security breachesCollect and analyze data to monitor critical activities in an organizationSelect which security team members will respond to an incidentResearch and optimize processing capabilities within a network Fill in the blank: A _____ is a manual that provides details about operational actions.case historydirectoryplaybookchecklist Test your knowledge: Core cybersecurity knowledge and skills What do security professionals use to interact with and request information from a database?Confidentiality, integrity, availability (CIA) triadStructured Query Language (SQL)LinuxPython What is programming typically used for? Select two answers.Enable open-source operationsCreate a specific set of instructions for a computer to execute tasksComplete repetitive tasks and processesRecord events that occur within an organization’s systems Fill in the blank: Linux is an open-source _____ that can be used to examine logs.operating systemdatabasealgorithmprogramming language A playbook is a manual that provides details about how to respond to an incident only after it has occurred.TrueFalse Weekly challenge 4 Which of the following statements correctly describe logs? Select two answers.A business might log each time an employee signs into their computer.A log is used as a formal guide to incident response.Security professionals use logs to visualize data.A log is a record of events that occur within an organization’s systems. Which of the following tasks can be performed using SIEM tools? Select three answers.Providing alerts for specific types of risksPerforming incident analysisProactively searching for threatsNotifying authorities of illegal activity What is a benefit of a tool, such as Google’s Chronicle, being cloud-native?It requires hardware to deploy.It is a static resource.It allows for fast delivery of new features.It performs best when downloaded to a network. Fill in the blank: A security professional uses a _____ as a manual to guide operational activities.spreadsheettoolkitreviewplaybook As a security analyst, you are monitoring network traffic to ensure that SPII data is not being accessed by unauthorized users. What does this scenario describe?Using a network protocol analyzer (packet sniffer)Programming with codeCalculating with formulasGathering data in a spreadsheet Fill in the blank: The wide exposure and immediate access to the source code of open-source tools makes it _____ likely that issues will occur.verymorelessequally What are some key benefits of programming languages? Select all that apply.They install security hardware.They create a specific set of instructions for a computer to execute tasks.They execute repetitive processes accurately.They filter through data points faster than humans can working manually. How is an open-source operating system, such as Linux, different from other operating systems?It relies on a command line.It is only a desktop tool.It is proprietary.It must be downloaded from the cloud. Fill in the blank: A database is a _____ of organized data stored in a computer system.visualizationcollectionmodelframe What are some key benefits of using Python to perform security tasks? Select all that apply.It is designed for high levels of accuracy.It makes static data more dynamic.It simplifies repetitive tasks.It helps security professionals be more accurate. Shuffle Q/A Which of the following tasks can be performed using SIEM tools? Select three answers.Helping security analysts identify potential breachesCollecting and analyzing dataProviding alerts for specific types of risks and threatsRequesting security data from government agencies Why might a security professional choose Google Chronicle to store security data for later analysis?It is cloud-native, which means it delivers new features quickly.It requires hardware to deploy, so it is more secure.It is a static resource, so the user interface never changes.It performs best when downloaded to a network, which enables efficient processing. A security team wants to examine logs to understand what is occurring within their systems. Why might they choose Linux to perform this task? Select two answers.It allows for text-based commands by users.It is an efficient programming language.It is proprietary.It is open source. Fill in the blank: Security professionals can use _____ to interact with and request information from a database.Chroniclenetwork protocol analyzers (packet sniffers)Splunk EnterpriseSQL What are some key benefits of using Python to perform security tasks? Select all that apply.It saves time.It clearly maps data.It helps ensure accuracy.It uses a command-line interface. What are some key benefits of using Python to perform security tasks? Select all that apply. It helps security professionals work with high levels of detail.It enables security professionals to be more accurate.It simplifies repetitive tasks.It automatically eliminates sensitive information. As a security analyst, you are monitoring network traffic and detect a large number of failed login attempts. Which of the following tools would help you investigate this incident? Select two answers.An intrusion detection system (IDS)A network protocol analyzer (packet sniffer)A cryptographic encoderA command-line interface What are some key benefits of programming languages? Select all that apply.They create a specific set of instructions for a computer to execute tasks.They reduce the risk of human error.They describe how data is organized.They complete tasks faster than if working manually.What are some key benefits of programming languages? Select all that apply. Execute repetitive processes very accuratelyComplete repetitive tasks with a high degree of efficiencyImplement security protocolsCreate a specific set of instructions for a computer to execute tasks Fill in the blank: To request information from a _____, security professionals can use SQL.spreadsheetdatabasenetworkdashboard Which of the following tasks can be performed using SIEM tools? Select three answers.Implementing security software programsSaving time by reducing the amount of data to be reviewedAnalyzing filtered events and patternsMonitoring critical activities What term is used to describe publicly available systems, such as Linux?Open-sourceUnregulatedRestrictedFree-for-allA cybersecurity analyst is tasked with proactively searching for threats and performing incident analysis. What type of tool should they use?Structured Query Language (SQL)Chain of custody playbookLinux operating systemSecurity information and event management (SIEM) Course 2 - Play It Safe: Manage Security Risks Week 1 Fill in the blank: The _____ domain is focused on access and authorization to keep data secure by making sure that users follow established policies to control and manage assets.security operationsidentity and access managementasset securitycommunication and network securityWhat is the focus of the security and risk management domain?Manage and secure wireless communicationsSecure physical networks and wireless communicationsOptimize data security by ensuring effective processes are in placeDefine security goals and objectives, risk mitigation, compliance, business continuity, and regulationsIn which domain would a security professional conduct security control testing; collect and analyze data; and perform security audits to monitor for risks, threats, and vulnerabilities?Communication and network engineeringSecurity architecture and engineeringIdentity and access managementSecurity assessment and testingFill in the blank: The _____ domain concerns conducting investigations and implementing preventive measures.security operationscommunications and networking engineeringasset securitysoftware development security Test your knowledge: Navigate threats, risks, and vulnerabilitiesWhat is a vulnerability?An organization’s ability to manage its defense of critical assets and data and react to changeAnything that can impact the confidentiality, integrity, or availability of an assetAny circ*mstance or event that can negatively impact assetsA weakness that can be exploited by a threatFill in the blank: Information protected by regulations or laws is a _____. If it is compromised, there is likely to be a severe negative impact on an organization’s finances, operations, or reputation.low-risk assetnew-risk assetmedium-risk assethigh-risk assetWhat are the key impacts of threats, risks, and vulnerabilities? Select three answers.Damage to reputationEmployee retentionIdentity theftFinancial damageFill in the blank: The steps in the Risk Management Framework (RMF) are prepare, _____, select, implement, assess, authorize, and monitor.communicatecategorizeproducereflect Weekly challenge 1Fill in the blank: Security _____ refers to an organization’s ability to manage its defense of critical assets and data, as well as its ability to react to change.posturearchitecturegovernancehardeningWhich of the following examples are key focus areas of the security and risk management domain? Select three answers.Mitigate riskBe in complianceSecure digital and physical assetsDefine security goals and objectivesWhich of the following examples are key focus areas of the security and risk management domain? Select three answers.Follow legal regulationsConduct control testingDefine security goalsMaintain business continuity What term describes an organization's ability to maintain its everyday productivity by establishing risk disaster recovery plans?MitigationDaily defenseRecoveryBusiness continuityWhat security concept involves all individuals in an organization taking an active role in reducing risk and maintaining security?Shared responsibilityRemote servicesSecure codingEmployee retentionA security analyst researches ways to improve access and authorization at their business. Their primary goal is to keep data secure. Which security domain does this scenario describe?Security assessment and testingCommunication and network securityAsset securityIdentity and access managementWhat are the key areas of focus in the security assessment and testing domain? Select three answers.Collect and analyze dataPerform security auditsConduct security control testingUse secure coding practicesFill in the blank: The software development _____ process may involve penetration testing during the deployment and implementation phase of developing software products.positioningaccessoperationallifecycle Which of the following statements accurately describe risk? Select all that apply.Another way to think of risk is the likelihood of a threat occurring.A high-risk asset is any information protected by regulations or laws.If compromised, a medium-risk asset may cause some damage to an organization’s ongoing operations.If compromised, a low-risk asset would have a severe negative impact on an organization’s ongoing reputation. Which of the following statements accurately describe risk? Select all that apply.If compromised, a high-risk asset is unlikely to cause financial damage.Website content or published research data are examples of low-risk assets.Organizations often rate risks at different levels: low, medium, and high.If compromised, a medium-risk asset may cause some damage to an organization's finances. A business experiences an attack. As a result, sensitive personally identifiable information (SPII) is leaked through the dark web. What type of consequence does this scenario describe?Financial gainIdentity theftReputationCustomerIn the Risk Management Framework (RMF), which step involves knowing how current systems are operating and if they support security goals?MonitorAssessAuthorizeCategorize Shuffle Q/AFill in the blank: Security posture refers to an organization’s ability to react to _____ and manage its defense of critical assets and data.changetaskssustainabilitycompetitionHow does business continuity enable an organization to maintain everyday productivity?By ensuring return on investmentBy exploiting vulnerabilitiesBy outlining faults to business policiesBy establishing risk disaster recovery plansWhich of the following activities may be part of establishing security controls? Select three answers.Monitor and record user requestsCollect and analyze security data regularlyEvaluate whether current controls help achieve business goalsImplement multi-factor authentication A business experiences an attack. As a result, a major news outlet reports the attack, which creates bad press for the organization. What type of consequence does this scenario describe?Increase in profitsDamage to reputationLoss of identityLack of engagementIn the Risk Management Framework (RMF), which step involves having effective security and privacy plans in place in order to minimize the impact of ongoing risks?AuthorizePrepareCategorizeImplement What is the goal of business continuity?Reduce personnelRemove access to assetsDestroy publicly available dataMaintain everyday productivityShared responsibility is a core concept of which domain?Security and risk managementSecurity architecture and engineeringAsset securityCommunication and network securityHow does security control testing enable companies to identify new and better ways to mitigate threats? Select two answers.By revising project milestonesBy evaluating whether the current controls help achieve goalsBy granting employee access to physical spacesBy examining organizational goals and objectivesA business experiences an attack. As a result, its critical business operations are interrupted and it faces regulatory fines. What type of consequence does this scenario describe?PracticalReputationFinancialIdentity In the Risk Management Framework (RMF), which step involves being aware of how systems are operating?MonitorCategorizeImplementAuthorize A security analyst considers ways to enhance data security at their business. They decide to write a proposal to their supervisor that concerns employee authorization and asset management. Which security domain does this scenario describe?Software development securitySecurity assessment and testingCommunication and network securityIdentity and access management Week 2 How do security frameworks enable security professionals to help mitigate risk?They are used to establish laws that reduce a specific security risk.They are used to create unique physical characteristics to verify a person’s identity.They are used to refine elements of a core security model known as the CIA triad.They are used to establish guidelines for building security plans.Competitor organizations are the biggest threat to a company’s security.TrueFalseFill in the blank: Security controls are safeguards designed to reduce _____ security risks.publicbroadscalespecificgeneralA security analyst works on a project designed to reduce the risk of vishing. They develop a plan to protect their organization from attackers who could exploit biometrics. Which type of security control does this scenario describe?AuthenticationEncryptionAuthorizationCiphertext Test your knowledge: The CIA triad What is the CIA triad?Ongoing validation processes involving all employees in an organizationA foundational security model used to set up security policies and systemsA set of security controls used to update systems and networksA mandatory security framework involving the selection of appropriate controlsWhich element of the CIA triad specifies that only authorized users can access specific information?AccessConfirmationIntegrityConfidentialityA security analyst discovers that certain data is inaccessible to authorized users, which is preventing these employees from doing their jobs efficiently. The analyst works to fix the application involved in order to allow for timely and reliable access. Which element of the CIA triad does this scenario describe?ApplicabilityCapacityIntegrityAvailabilityFill in the blank: According to the CIA triad, _____ refers to ensuring that an organization's data is verifiably correct, authentic, and reliable.AvailabilityCredibilityAccuracyIntegrity Test your knowledge: NIST frameworksWhat is the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)?A collection of security principles focused on maintaining confidentiality, integrity, and availabilityA required business framework for ensuring security updates and repairs are successfulA set of security controls that help analysts determine what to do if a data breach occursStandards, guidelines, and best practices that organizations follow voluntarily in order to manage cybersecurity riskFill in the blank: The five core functions that make up the CSF are: identify, protect, detect, _____, and recover.regulaterespondreevaluatereflectFill in the blank: By enabling security professionals to determine which devices have been affected, the CSF _____ function helps organizations manage cybersecurity risks and their effects.protectidentifydetectrecoverWhat does a security analyst’s work involve during the CSF recover function?Return affected systems back to normal operationProtect an organization through the implementation of employee trainingContain, neutralize, and analyze security incidentsPinpoint threats and improve monitoring capabilities Weekly challenge 2 What does a security professional use to create guidelines and plans that educate employees about how they can help protect the organization?Security postureSecurity auditSecurity frameworkSecurity hardeningFill in the blank: A security professional uses _____ to convert data from a readable format to an encoded format.authorizationauthenticationencryptionconfidentialityWhich of the following characteristics are examples of biometrics? Select all that apply.VoiceFingerprintEye scanPasswordYou work as a security analyst at a bank and need to ensure that customers can access their account information. Which core principle of the CIA triad are you using to confirm their data is accessible to them?ConfidentialityAvailabilityIntegrityAccuracyWhich of the following statements accurately describe the CSF? Select all that apply.The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.Implementing improvements to a security process is part of the respond function of the CSF.The identify function of the CSF involves managing cybersecurity risk and its effects on an organization’s people and assets.The protect function of the CSF involves returning affected systems back to normal operation.A security team has just finished addressing a recent security incident. They now conduct tests to ensure that all of their repairs were successful. Which OWASP principle does this scenario describe?Minimize attack surface areaFix security issues correctlyPrinciple of least privilegeSeparation of dutiesWhat are some of the primary objectives of an internal security audit? Select all that apply.Determine what needs to be improved in order to achieve the desired security postureHelp security teams identify organizational riskAvoid fines due to a lack of complianceReduce the amount of data on a network What are some of the primary objectives of an internal security audit? Select three answers.Help security teams identify organizational riskImprove security postureAvoid fines due to a lack of complianceDevelop a guiding security statement for the business Fill in the blank: In an internal security audit, _____ refers to identifying people, assets, policies, procedures, and technologies that might impact an organization’s security posture.completing a controls assessmentimplementing administrative controlsscopegoalsA security analyst performs an internal security audit. They review their company’s existing assets, then evaluate potential risks to those assets. Which aspect of a security audit does this scenario describe?Completing a controls assessmentAssessing complianceEstablishing the scope and goalsCommunicating resultsWhat information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.Strategies for improving security postureA summary of the goalsDetailed data about past cybersecurity incidentsExisting risks that need to be addressed now or in the future Shuffle Q/A How do organizations use security frameworks to develop an effective security posture?As a policy to protect against phishing campaignsAs a policy to support employee training initiativesAs a guide to identify threat actor strategiesAs a guide to reduce risk and protect data and privacyFill in the blank: An employee using multi-factor authentication to verify their identity is an example of the _____ process.confidentialityintegrityauthenticationencryptionYou work as a security analyst for a supply chain organization and need to confirm all inventory data is correct, authentic, and reliable. Which core principle of the CIA triad are you using?ConfidentialityAvailabilityCredibilityIntegrityA security team considers how to avoid unnecessarily complicated solutions when implementing security controls. Which OWASP principle does this scenario describe?Fix security issues correctlyKeep security simpleDefense in depthPrinciple of least privilegeWhat are some of the primary objectives of an internal security audit? Select all that apply.Help security teams correct compliance issuesEnable security teams to assess controlsLimit traffic on an organization’s firewallIdentify any security gaps or weaknesses within an organizationA security analyst performs an internal security audit. They focus on the human component of cybersecurity, such as the policies and procedures that define how their company manages data. What are they working to establish?Physical controlsTechnical controlsAdministrative controlsCompliance controlsWhat information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.A list of existing risksResults and recommendationsQuestions about specific controlsA summary of the scopeWhat is the purpose of a security framework?Create security controls to protect marketing campaignsDevelop procedures to help identify productivity goalsEstablish policies to expand business relationshipsBuild plans to help mitigate risks and threats to data and privacy Fill in the blank: A security professional uses _____ to verify that an employee has permission to access a resource.authorizationencryptionintegrityadmission Which of the following statements accurately describe the CSF? Select all that apply.The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.The detect function of the CSF involves improving monitoring capabilities to increase the speed and efficiency of detections.Restoring affected files or data is part of the recover function of the CSF.The identify function of the CSF involves returning affected systems back to normal operation. Which of the following statements accurately describe the CSF? Select all that apply.The detect function of the CSF involves making sure proper procedures are used to contain, neutralize, and analyze security incidents.The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.Investigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF. A security team establishes controls, including permission settings that will be used to create multiple security points that a threat actor must get through to breach their organization. Which OWASP principle does this scenario describe?Defense in depthPrinciple of least privilegeKeep security simpleSeparation of dutiesFill in the blank: In an internal security audit, _____ involves identifying potential threats, risks, and vulnerabilities in order to decide what security measures should be implemented.communicating to stakeholdersconducting a risk assessmentassessing complianceestablishing the scope and goalsA security analyst performs an internal security audit. They determine that the organization needs to install surveillance cameras at various store locations. What are they working to establish?Communication controlsAdministrative controlsTechnical controlsPhysical controlsA person’s fingerprint, eye or palm scan are examples of what?CodesBiometricsPasswordsStatistics Which of the following statements accurately describe the CSF? Select all that apply.The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.Investigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.The detect function of the CSF involves making sure proper procedures are used to contain, neutralize, and analyze security incidents.The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.Results and recommendationsComprehensive details about each part of the processCompliance regulations to be adhered toStrategies for improving security posture Week 3 Which log source records events related to websites, emails, and file shares, as well as password and username requests?ReceivingFirewallNetworkServerFill in the blank: A security information and _____ management (SIEM) tool is an application that collects and analyzes log data to monitor critical activities in an organization.employeeefficiencyemergencyeventA security professional evaluates a software application by reviewing key technical attributes including response time, availability, and failure rate. What are they using to assess performance?Index standardsMetricsCloud toolsModelsFill in the blank: SIEM tools must be configured and _____ to meet each organization's unique security needs.customizedcentralizedreviewedindexed Test your knowledge: Identify threats and vulnerabilities with SIEM tools A security team wants some of its services to be hosted on the internet instead of local devices. However, they also need to maintain physical control over certain confidential data. What type of SIEM solution should they select?Self-hostedRemoteCloud-hostedHybridSplunk Cloud is a self-hosted tool that retains, analyzes, and searches log data in order to provide security information and alerts.TrueFalseFill in the blank: Chronicle is _____, which means it is specifically designed to take advantage of cloud computing capabilities including availability, flexibility, and scalability.cloud-infrastructurecloud-nativecloud-localcloud-hardwareWhat are the different types of SIEM tools? Select three answers.Self-hostedCloud-hostedHybridPhysical Weekly challenge 3 Which of the following statements correctly describe logs? Select three answers.SIEM tools rely on logs to monitor systems and detect security threats.A record of connections between devices and services on a network is part of a network log.A record of events related to employee logins and username requests is part of a server log.Actions such as username requests are recorded in a network log. Which of the following statements correctly describe logs? Select three answers.SIEM tools rely on logs to monitor systems and detect security threats.Actions such as username requests are recorded in a network log.A record of events related to employee logins and username requests is part of a server log.A record of connections between devices and services on a network is part of a network log. What are some of the key benefits of SIEM tools? Select three answers.Monitor critical activities in an organizationAutomatic updates customized to new threats and vulnerabilitiesProvide visibilityStore all log data in a centralized locationFill in the blank: To assess the performance of a software application, security professionals use _____, including response time, availability, and failure rate.dashboardsSIEM toolslogsmetricsA security team installs a SIEM tool within their company’s own infrastructure to keep private data on internal servers. What type of tool are they using?HybridInfrastructure-hostedSelf-hostedCloud-hostedA security team chooses to implement a SIEM tool that they will install, operate, and maintain using their own physical infrastructure. What type of tool are they using?HybridInfrastructure-hostedSelf-hostedCloud-hosted Fill in the blank: SIEM tools are used to search, analyze, and _____ an organization's log data to provide security information and alerts in real-time.retainseparatemodifyrelease A security analyst receives an alert about hundreds of login attempts from unusual geographic locations within the last few minutes. What can the analyst use to review a timeline of the login attempts, locations, and time of activity?A network protocol analyzer (packet sniffer)An operating systemA SIEM tool dashboardA playbook You are a security analyst, and you want a security solution that will be fully maintained and managed by your SIEM tool provider. What type of tool do you choose?Self-hostedSolution-hostedCloud-hostedHybridFill in the blank: Splunk Enterprise is a self-hosted tool used to retain, analyze, and search an organization's _____ to provide security information and alerts.databasehardwarecloud applicationslog dataWhich of the following statements accurately describe Chronicle? Select three answers.Cloud-native tools such as Chronicle are designed to take advantage of cloud computing availability.Chronicle is designed to retain, analyze, and search data.Self-hosted tools such as Chronicle are designed to give organizations more control over their data.Chronicle performs data analysis.Which type of tool typically requires users to pay for usage?Open-sourceSelf-hostedProprietaryCloud native Shuffle Q/A Which of the following statements correctly describe logs? Select three answers.Actions such as using a username or password are recorded in a firewall log.Events related to websites, emails, or file shares are recorded in a server log.A network log is a record of all computers and devices that enter and leave a network.A log is a record of events that occur within an organization’s systems and networks.What are some of the key benefits of SIEM tools? Select three answers.Save timeProvide event monitoring and analysisEliminate the need for manual review of logsCollect log data from different sourcesFill in the blank: Software application _____ are technical attributes, such as response time, availability, and failure rate.metricsdashboardsSIEM toolslogsYou are a security professional, and you want a SIEM tool that will require both on-site infrastructure and internet-based solutions. What type of tool do you choose?HybridSelf-hostedCloud-hostedComponent-hostedWhich of the following statements accurately describe Chronicle? Select three answers.Chronicle saves businesses time by eliminating the need for security teams to monitor threats and vulnerabilities.Cloud-native tools such as Chronicle are designed to take advantage of cloud computing scalability.Cloud-native tools such as Chronicle are maintained and managed by the vendor.Chronicle performs data collection.What are some of the key benefits of SIEM tools? Select three answers.Minimize the number of logs to be manually reviewedAutomatic customization to changing security needsIncrease efficiencyDeliver automated alertsFill in the blank: A security professional creates a dashboard that displays technical attributes about business operations called ______, such as incoming and outgoing network traffic.metricsaverageslogsSIEM toolsFill in the blank: Splunk Enterprise is a self-hosted tool used to search, analyze, and _____ an organization's log data to provide security information and alerts in real-time.retainmodifyreleaseseparateWhat are examples of open-source tools? Select two answers.SuricataSplunk EnterpriseLinuxChronicleFill in the blank: Splunk Enterprise is a _____ tool used to retain, analyze, and search an organization's log data to provide security information and alerts in real-time.cloud-nativeself-hostedopen-sourcecloud-based Week 4 In the event of a security incident, when would it be appropriate to refer to an incident response playbook?Only when the incident first occursOnly prior to the incident occurringThroughout the entire incidentAt least one month after the incident is overFill in the blank: During the _____ phase, security professionals use tools and strategies to determine whether a breach has occurred and to evaluate its potential magnitude.preparationdetection and analysiscontainmentcoordinationIn which incident response playbook phase would a security team document an incident to ensure that their organization is better prepared to handle future security events?Eradication and recoveryContainmentPost-incident activityCoordinationWhat is the relationship between SIEM tools and playbooks?They work together to provide a structured and efficient way of responding to security incidents.Playbooks collect and analyze data, then SIEM tools guide the response process.They work together to predict future threats and eliminate the need for human intervention.Playbooks detect threats and generate alerts, then SIEM tools provide the security team with a proven strategy. Test your knowledge: Use a playbook to respond to an incident Playbooks are permanent, best-practice documents, so a security team should not make changes to them.TrueFalseA business recently experienced a security breach. Security professionals are currently restoring the affected data using a clean backup that was created before the incident. What playbook phase does this scenario describe?Post-incident activityDetection and analysisEradication and recoveryContainmentFill in the blank: Once a security incident is resolved, security analysts perform various post-incident activities and _____ efforts with the security team.eradicationcoordinationpreparationdetectionWhich action can a security analyst take when they are assessing a SIEM alert?Analyze log data and related metricsIsolate an infected network systemRestore the affected data with a clean backupCreate a final report Weekly challenge 4 Which of the following statements accurately describe playbooks? Select three answers.A playbook helps security teams respond to urgent situations quickly.A playbook improves accuracy when identifying and mitigating an incident.Organizations use different types of playbooks for different situations.Organizations keep playbooks consistent by applying the same procedures to different business events.Which of the following statements accurately describe playbooks? Select three answers.Organizations use the same playbook for incident response, security alerts, and product-specific purposes.Organizations use playbooks to ensure employees follow a consistent list of actions.A playbook clarifies what tools to use in response to a security incident.A playbook is a manual that provides details about any operational action. A security team is considering what they learned during past security incidents. They also discuss ways to improve their security posture and refine response strategies for future incidents. What is the security team’s goal in this scenario?Assess employee performanceEducate clientsUpdate a playbookDelete biometric dataFill in the blank: Incident response playbooks are _____ used to help mitigate and manage security incidents from beginning to end.guidesexercisesexaminationsinquiriesAn organization has successfully responded to a security incident. According to their established standards, the organization must share information about the incident to a specific government agency. What phase of an incident response playbook does this scenario describe?CoordinationContainmentDetection and analysisPreparationWhy is the containment phase of an incident response playbook a high priority for organizations?It demonstrates how to communicate about the breach to leadership.It enables a business to determine whether a breach has occurred.It helps prevent ongoing risks to critical assets and data.It outlines roles and responsibilities of all stakeholders.Fill in the blank: During the _____ phase, security teams may conduct a full-scale analysis to determine the root cause of an incident and use what they learn to improve the company’s overall security posture.post-incident activitydetection and analysiscontainmenteradication and recoveryA security analyst establishes incident response procedures. They also educate users on what to do in the event of a security incident. What phase of an incident response playbook does this scenario describe?ContainmentPreparationEradication and recoveryDetection and analysisIn what ways do SIEM tools and playbooks help security teams respond to an incident? Select all that apply.SIEM tools and playbooks work together to provide a structured way of responding to incidents.Playbooks collect and analyze data.SIEM tools detect threats.SIEM tools alert the security team to potential problems. Shuffle Q/A Which of the following statements accurately describe playbooks? Select three answers.A playbook is used to develop compliance regulations.A playbook can be used to respond to an incidentA playbook is an essential tool used in cybersecurityA playbook improves efficiency when identifying and mitigating an incident.Fill in the blank: A security team _____ their playbook frequently by learning from past security incidents, then refining policies and procedures.summarizesoutlinesshortensupdatesFill in the blank: Incident response is an organization’s quick attempt to _____ an attack, contain the damage, and correct its effects.identifyexpanddiscloseignore A security analyst reports to stakeholders about a security breach. They provide details based on the organization’s established standards. What phase of an incident response playbook does this scenario describe?PreparationCoordinationDetection and analysisEradication and recovery What are the primary goals of the containment phase of an incident response playbook? Select two answers.Reduce the immediate impactAssess the damageAnalyze the magnitude of the breachPrevent further damageFill in the blank: During the post-incident activity phase, security teams may conduct a full-scale analysis to determine the _____ of an incident and use what they learn to improve the company’s overall security posture.structuretargetroot causeend pointWhich phase of an incident response playbook is primarily concerned with preventing further damage and reducing the immediate impact of a security incident?Post-incident activityPreparationContainmentDetection and analysisIn what ways do SIEM tools and playbooks help security teams respond to an incident? Select all that apply.SIEM tools analyze data.SIEM alerts inform security teams of potential threats.SIEM alerts provide security teams with specific steps to identify and respond to security incidents.SIEM tools and playbooks work together to provide an efficient way of handling security incidents.What does a security team do when updating and improving a playbook? Select all that apply.Discuss ways to improve security postureConsider learnings from past security incidentsRefine response strategies for future incidentsImprove antivirus software performanceFill in the blank: Incident response playbooks outline processes for communication and ______ of a security breach.implementationdocumentationconcealmentiterationA security analyst wants to ensure an organized response and resolution to a security breach. They share information with key stakeholders based on the organization’s established standards. What phase of an incident response playbook does this scenario describe?CoordinationContainmentEradication and recoveryDetection and analysisFill in the blank: During the post-incident activity phase, organizations aim to enhance their overall _____ by determining the incident’s root cause and implementing security improvements.user experienceemployee engagementsecurity auditsecurity postureA security analyst documents procedures to be followed in the event of a security breach. They also establish staffing plans and educate employees. What phase of an incident response playbook does this scenario describe?CoordinationEradication and recoveryDetection and analysisPreparation Course 3 - Connect and Protect: Networks and Network Security Week 1 To connect an entire city, the most effective network type would be a local area network (LAN).TrueFalseA security professional wants to ensure information is being broadcast properly to every computer on their organization’s network. What device should they investigate?HubModemInternetRouterWhat are some benefits of switches? Select all that apply.They automatically install device-protection software.They can improve network performance.They control the flow of traffic.They only pass data to the intended destination.Fill in the blank: The practice of using servers, applications, and network services that are hosted on the internet is called _____ computing.websiteconnectedclouduploadable Test your knowledge: Network communication What type of information is contained within the header of an IP packet?The message that needs to be transmitted to the receiving deviceAn explanation of how the port number will be processed by the receiving deviceThe sender’s IP address, the size of the packet, and the protocol to useA string of data indicating that the data transmission is completeWhat characteristics do the TCP/IP and OSI models share? Select all that apply.Both models define standards for networking and divide the network communication process into different layers.Both models include an application and a transport layer.Both models illustrate network processes and protocols for data transmission between two or more systems.Both models have 7 layers.What is the Transmission Control Protocol (TCP)?A software application that organizes dataAn internet communication conventionGuidelines for proper network operationsA unique address that every device on a network is assignedFill in the blank: A _____ is a software-based location that organizes the sending and receiving of data between devices on a network.channelsegmentportpacketWhich layer of the TCP/IP model has protocols that organize file transfers and email services?Internet layerTransport layerNetwork access layerApplication layer Test your knowledge: Local and wide network communicationFill in the blank: An Internet Protocol (IP) address is a unique string of characters that identifies the _____ of a device on the internet.speedlocationoperating systemsizeWhich of the following is an example of an IPv4 address?25, 443, 20172.16.254.12001:0db8:85a3:0000:0000:8a2e:0370:733600-B1-D0-63-C2-26What is the term for an address assigned by an internet service provider that is shared by all devices on a local area network?Private IP addressMAC addressWAN addressPublic IP addressFill in the blank: A switch uses a MAC _____ to direct data packets to the correct device.address tablegeographic locationhome networkpublic address Weekly challenge 1 What is the term for a group of connected devices?CloudHubProtocolNetworkA _____ broadcasts information to every device on the network.hubmodemrouterswitchWhich of the following statements accurately describe switches? Select all that apply.When a switch receives a data packet, it reads the MAC address of the destination device and maps it to a port.Some benefits to switches are effective control of traffic flow and improved network performance.Switches are less secure than hubs.A switch is a device that makes connections between specific devices on a network by sending and receiving data between them.A security professional is investigating the benefits and drawbacks of using a cloud service provider (CSP). What are some reasons why the security professional might choose to use a CSP in their work? Select all that apply.A CSP provides business analytics to monitor web traffic and sales.CSP services may be accessed even when a business is not connected to the internet.CSP remote servers allow web applications to be accessed from any location.A CSP offers processing power that is only paid for as needed.What is the purpose of the protocol number of a data packet?To identify the message to be transmitted to the receiving deviceTo signal to the receiving device that the packet is finishedTo contain the IP and MAC addressesTo tell the receiving device what to do with the information in the packetWhat are the three main categories of services that CSPs provide? Select all that apply.Software as a service (SaaS)Platform as a service (PaaS)Desktop as a service (DaaS)Infrastructure as a service (IaaS)A security analyst is accessing a webpage that uses HTTPS. The analyst scans the network to see what ports are active. Which port number is used for HTTPS webpages?443402025Which layer in the TCP/IP model is used to inspect the flow of traffic across a network?Layer 1, network accessLayer 2, internetLayer 3, transportLayer 4, applicationA security analyst runs a command to discover a local IP address. The analyst receives the following result: 169.254.255.249. What type of address is this?MACIPv4IPv6EthernetA security analyst runs a command to discover a local IP address. The analyst receives the following result: fd45:3efd:3201:ff22:0000:0000:12ff:0000. What type of address is this?MACEthernetIPv4IPv6 Shuffle Q/A What type of network spans an office building, a school, or a home?ModemCloudWANLANWhich network device makes connections between specific devices on a network by sending and receiving data between them?A switchA routerA hubA modemWhich of the following are benefits for businesses that are considering using a cloud service provider (CSP)? Select all that apply.CSP data and devices are more secure because they are stored locally.CSP remote servers allow online services to be accessed from any location.CSPs provide business analytics to monitor web traffic and sales.CSPs offer on-demand storage.Fill in the blank: _____ refers to the practice of using remote servers, applications, and network services that are hosted on the internet, instead of in a physical location owned by a company.Cloud computingSoftware defined networks (SDNs)Hybrid cloud environmentLocal area network (LAN)Which one of the following port numbers is used for large file transfers?253720443Fill in the blank: The ___ layer is used to determine how data packets will interact with receiving devices, including file transfers and email services.Layer 1, network accessLayer 2, internetLayer 3, transportLayer 4, applicationWhich of the following addresses is an accurate IPv4 address?129.168.10.2561001.2345.3234.5678192.168.0.2100.234.56.1.3Which of the following addresses is an accurate IPv6 address?fda2:7360:1e5b:e8f5:a69f:c8bd:1b3e:2578fda2::7361:135b::38f5:c8bd:1b3e:2578a360::abf7:h234:0011:g126:1130::ffj2a634:b123:cd34:3f56:0023:2345:7890:0000:ffffFill in the blank: A ___ is a network that spans a large geographic area, like a city, state, or country.ModemLANWANCloudWhich network device connects multiple networks together?A hubA routerA switchA modemFill in the blank: A ___ is a device that makes connections between specific devices on a network by sending and receiving data between them.switchhubmodemrouterWhat information is included in the body of a data packet?The protocol numberThe MAC addressThe message to be transmitted to the receiving deviceThe signal that tells the receiving device that the packet is finished transferringWhat are two benefits of cloud computing and software defined networks (SDNs)? Select two answers.Decreased costIncreased scalabilityDecreased use of physical network devicesIncreased attack surfaceWhat is the purpose of the footer of a data packet?To identify the message to be transmitted to the receiving deviceTo show the MAC address of the destination deviceTo signal to the receiving device that the packet is finishedTo contain the source IP addressFill in the blank: 127.0.0.1 is an example of an accurate ___ address.EthernetIPv6MACIPv4 Week 2 Fill in the blank: Network protocols are rules used by two or more devices on a network to describe the _____ and structure of data.access leveloptimum speedorder of deliverymaximum sizeWhich network protocol provides a secure method of communication between clients and web servers?TCPARPHTTPSDNSTo keep information safe from malicious actors, what security protocol can be used?Secure sockets layer and transport layer security (SSL/TLS)Address resolution protocol (ARP)Domain name system (DNS)Transmission control protocol (TCP)IEEE 802.11, also known as Wi-Fi, is a set of standards that define communication for wireless LANs.TrueFalse Test your knowledge: System identification What monitors and filters traffic coming in and out of a network?Domain name system (DNS)FirewallForward proxy serverUncontrolled zoneStateless is a class of firewall that keeps track of information passing through it and proactively filters out threats.TrueFalseFill in the blank: Encapsulation is a process performed by a _____ that protects information by wrapping sensitive data in other data packets.firewallVPN serviceproxy serversecurity zoneWhich security zone is used to ensure highly confidential information and is only accessible to employees with certain privileges?Management zoneUncontrolled zoneRestricted zoneDemilitarized zone (DMZ)Fill in the blank: A security analyst uses a _____ to regulate and restrict access to an internal server from the internet. This tool works by accepting traffic from external parties, approving it, and forwarding it to internal servers.reverse proxy serverport filtercontrolled zoneforward proxy server Weekly challenge 2 What network protocol translates the domain name of a website’s server into an IP address?File transfer protocol (FTP)Domain name system (DNS)Transmission control protocol (TCP)Hypertext transfer protocol secure (HTTPS)Which of the following statements accurately describe wireless protocols? Select three answers.Wi-Fi protocols provide security levels about equal to that of wired connections.IEEE is the Institute of Electrical and Electronics Engineers, which maintains WiFi standards.WPA is a wired security protocol pertaining to local devices on the same network.802.11 is a suite of protocols used in wireless communication. A firewall administrator installs a firewall function to either block or allow certain port numbers to limit unwanted communication. What function does this scenario describe?Port filteringUsing cloud-based firewallsMasking a locationOrganizing data packets Which type of firewall analyzes network traffic for characteristics and behaviors that appear suspicious and stops them from entering the network?Next-generation firewall (NGFW)StatefulStatelessCloud-based Which of the following types of firewalls can perform deep packet inspection and intrusion detection?Next generation firewall (NGFW)DocumentedStatelessStateful How do VPNs preserve confidentiality?Use temporary memory to store data requested by external serversMonitor traffic to and from a networkTranslate internet domain names to IP addressesEncrypt data in transit Fill in the blank: A VPN uses _____ to transfer encrypted data between a device and the VPN server.network segmentationtransmission controlpacket sniffingencapsulationFill in the blank. A controlled zone protects a company's internal network from a(n)___ security zone.RestrictedDemilitarizedInternal networkUncontrolled What network security service masks a device’s virtual location to keep data private while using a public network?Network segmenterCloud service provider (CSP)Virtual private network (VPN)Domain name system (DNS)Fill in the blank: VPN services perform encapsulation to protect sensitive data by _____ it in other data packets.wrappingarchivingclassifyingdisplayingWhat network zone contains the internet and other services that are outside of an organization’s control?RestrictedUncontrolledControlledDemilitarizedWhat is the function of the demilitarized zone (DMZ)?Isolate servers exposed to the internet from the rest of a networkOrganize data by forwarding it to other serversProtect highly confidential information accessible only to employees with certain privilegesEncrypt data as it travels across the internetFill in the blank: A _____ fulfills the requests of its clients by forwarding them to other serversVirtual private network (VPN)FirewallProxy serverRouter What is one way forward proxies secure internal networks?Both forward and reverse proxy servers add a layer of protection from the internet.Forward proxy servers hide a user’s IP address and approve all outgoing requests.They are useful for protecting internal web servers that contain confidential data.They receive outgoing traffic from an employee, approve it, then forward it to its destination on the internet. Shuffle Q/A Which of the following statements accurately describe wireless protocols? Select three answers.WPA is a wireless security protocol pertaining to connecting to the internet.The set of standards IEEE 802.11 is also referred to as Wi-Fi.Wi-Fi protocols provide significantly lower security levels than wired connections.The Institute of Electrical and Electronics Engineers maintains Wi-Fi standards.A firewall administrator sets up a firewall that operates based on predefined rules. It is not used to keep track of information from data packets. What class of firewall does this scenario describe?AnswersCloud-basedNext-generation firewall (NGFW)StatefulStatelessA security professional sets up a security measure to allow employees to work from home securely while having access to internal network resources. What does this scenario describe?FirewallAddress resolution protocol (ARP)Virtual private network (VPN)Cloud service provider (CSP)Fill in the blank: VPN services perform _____ to protect sensitive data by wrapping it in other data packets.network segmentationtransmission controlencapsulationpacket sniffingWhat network is part of the uncontrolled zone?InternetSubnetsWeb serversInternal networksWhich of the following statements accurately describe forward and reverse proxy servers? Select three answers.Forward proxy servers receive outgoing traffic from an employee, approve it, then forward it to its destination on the internet.Reverse proxy servers accept traffic from external parties, approve it, then forward it to internal servers.Reverse proxy servers work by hiding a user’s IP address and approving all outgoing requests.Forward proxy servers regulate and restrict a person’s access to the internet.What network protocol helps data get to the right place by determining the MAC address of the next router or device on its path?Hypertext Transfer Protocol Secure (HTTPS)Address Resolution Protocol (ARP)Secure Sockets Layer/Transport Layer Security (SSL/TLS)Transmission Control Protocol (TCP)What network zone includes web and proxy servers that host websites for the public, as well as email and file servers to handle external communications?Uncontrolled zoneDemilitarized zoneRestricted zoneVirtual private network A security analyst implements a system to service client requests by forwarding them to other servers. What do they use?Proxy serverVirtual private network (VPN)FirewallRouter A security analyst implements a proxy server to secure internal networks. What are some of the proxy server’s primary functions? Select all that apply.Determine whether requests to connect to a website are allowedUse public IP addresses that are different from the rest on the private networkTemporarily stores data that is frequently requested by external serversDivide the network into segments to maintain privacy within corporate groupsFill in the blank: A ____ accepts traffic from external parties, approves it, then forwards it to internal servers.Reverse proxyForward proxyVirtual private network (VPN)Next generation firewall (NGFW) Week 3 What type of attack uses multiple devices or servers in different locations to flood the target network with unwanted traffic?Phishing attackTailgating attackDenial of Service (DoS) attackDistributed Denial of Service (DDoS) attackWhat type of attack poses as a TCP connection and floods a server with packets simulating the first step of the TCP handshake?SYN flood attackICMP floodOn-path attackSYN-ACK flood attackFill in the blank: The Denial of Service (DoS) attack _____ is caused when a hacker sends a system an ICMP packet that is bigger than 64KB.On-pathSYN floodPing of DeathICMP floodWhich types of attacks take advantage of communication protocols by sending an overwhelming number of requests to a server? Select all that apply.DDoS attackICMP flood attackSYN flood attackTCP connection attack Test your knowledge: Network interception attack tacticsPassive packet sniffing involves data packets being manipulated while in transit, which may include injecting internet protocols to redirect the packets to unintended ports or changing the information the packet contains.TrueFalseFill in the blank: A security analyst can protect against malicious packet sniffing by _____ to encrypt data as it travels across a network.using only websites with HTTP at the beginning of their domain addressesusing a VPNusing a network hubusing free public Wi-FiWhich type of attack involves an attacker changing the source IP of a data packet to impersonate an authorized system and gain access to the network?Replay attackIP spoofingOn-path attackPing of deathWhich of the following statements accurately describes a smurf attack?A DoS attack that is caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than the maximum sizeA network attack performed when an attacker sniffs an authorized user’s IP address and floods it with packetsA network attack performed when an attacker intercepts a data packet in transit and delays it or repeats it at another timeA DoS attack performed by an attacker repeatedly sending ICMP packets to a network server Weekly challenge 3 What happens during a Denial of Service (DoS) attack?The target crashes and normal business operations cannot continue.The data packets containing valuable information are stolen as they travel across the network.The attacker successfully impersonates an authorized user and gains access to the network.The network is infected with malware.Which of the following statements accurately describe Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks? Select three answers.In both DoS and DDoS attacks, every part of the network must be overloaded for the attacks to be successful.A DDoS attack involves multiple hosts carrying out the attack.A DoS attack involves one host conducting the attack.A network device experiencing a DoS attack is unable to respond to legitimate users. Which of the following statements accurately describe Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks? Select three answers.A DDoS attack may use multiple devices in different locations to flood the target network with unwanted traffic.In both DoS and DDoS attacks, if any part of the network is overloaded, the attacks are successful.A DoS attack involves multiple hosts carrying out the attack.A DoS attack targets a network or server. A security manager is training their team to identify when a server has experienced a SYN-flood attack. What might indicate to the team members that their organization is at risk?The port numbers in the data packets are incorrect.A large number of ICMP packets are delivered to the organization’s servers.An oversized ICMP packet is sent to the network server.The server has stopped responding after receiving an unusually high number of incoming SYN packets.Fill in the blank: The DoS attack _____ occurs when a malicious actor sends an oversized ICMP packet to a server.smurfSYN floodPing of Deathon-pathWhich of the following statements correctly describe passive and active packet sniffing? Select three answers.Using only websites with HTTPS at the beginning of their domain names provides protection from packet sniffing.Passive packet sniffing may enable attackers to change the information a packet contains.Active packet sniffing may enable attackers to redirect the packets to unintended ports.The purpose of passive packet sniffing is to read data packets while in transit.As a security professional, you research on-path, replay, and smurf attacks in order to implement procedures that will protect your company from these incidents. What type of attack are you learning about?Ping of deathSYN floodingPacket sniffingIP spoofingFill in the blank: _____ is a network attack performed when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network.A KRACK attackA DoS attackIP spoofingSYN floodingIn which attack do malicious actors impersonate a web browser or web server by placing themselves between the two devices, then sniffing the packet information to discover their IP and MAC addresses?Packet flooding attackOn-path attackMalware attackSmurf attackFill in the blank: The _____ network attack occurs when an attacker delays a data packet after intercepting it in transit.on-pathSYN floodsmurfreplay Which attack is a combination of a DDoS and an IP spoofing attack, during which the malicious actor overwhelms a target computer?Smurf attackPing of DeathOn-path attackReplay attack Fill in the blank: The _____ network attack occurs when a malicious actor takes a network transmission that was sent by an authorized user and repeats it at a later time to impersonate that user.SYN floodsmurfon-pathreplayWhich combination DoS and IP spoofing attack can bring down an entire network by flooding an authorized user’s IP address with packets?On-path attackReplay attackPing of DeathSmurf attack Shuffle Q/A What is the main objective of a Denial of Service (DoS) attack?Simulate a TCP connection and flood a server with SYN packetsSend oversized ICMP packetsDisrupt normal business operationsRepeatedly send ICMP packets to a network serverA security team discovers that an attacker has taken advantage of the handshake process that is used to establish a TCP connection between a device and their server. Which DoS attack does this scenario describe?ICMP floodOn-path attackSYN flood attackPing of DeathFill in the blank: The maximum size of a correctly formatted IPv4 ICMP packet is _____, as opposed to the oversized packet that is sent during a Ping of Death attack.32KB64TB15Gb64KBFill in the blank: To reduce the chances of an IP spoofing attack, a security analyst can configure a _____ to reject all incoming traffic with the same source IP addresses as those owned by the organization.VPNHTTPS domain addressfirewalldemilitarized zoneWhich of the following statements accurately describe Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks? Select three answers.A DoS attack may use multiple servers in different locations to flood the target network with unwanted traffic.A DDoS attack is intended to overwhelm the target server.A DoS attack may involve flooding a network with traffic.In both DoS and DDoS attacks, if any part of the network is overloaded, the attacks are successful.Which of the following statements correctly describe passive and active packet sniffing? Select three answers.A company can avoid using unprotected Wi-Fi to help protect itself from packet sniffing.Passive packet sniffing allows malicious actors to view the information going in and out of the targeted device.Passive packet sniffing enables attackers to change the information a packet contains.Active packet sniffing may enable attackers to redirect the packets to unintended ports.As a security professional, you implement safeguards against attackers changing the source IP of a data packet in order to communicate over your company’s network. What type of network attack are you trying to avoid?Passive packet sniffingPing of DeathActive packet sniffingIP spoofingWhat do network-level Denial of Service (DoS) attacks target?Commonly used software applicationsAll hardware within an organizationNetwork bandwidthThe personal information of employeesFill in the blank: The DoS attack _____ occurs when an attacker repeatedly sends ICMP packets to a network server.on-pathsmurfSYN floodICMP floodAs a security professional, you take steps to stop an attacker from changing the source IP of a data packet in order to impersonate your authorized system. What type of network attack are you working to prevent?Ping of DeathIP spoofingPassive packet sniffingActive packet sniffingWhat are some common IP spoofing attacks? Select all that apply.on-path attacksreplay attackssmurf attacksKRACK attacksIn which attack would malicious actors gain access to a network, put themselves between a web browser and a web server, then sniff the packet to learn the devices’ IP and MAC addresses?Smurf attackOn-path attackPacket flooding attackMalware attack Week 4 Fill in the blank: The _____ acts as an intermediary between software applications and computer hardware.authorized useroperating systemaccess systembaselineWhich of the following activities are security hardening tasks? Select all that apply.Making patch updatesDisposing of hardware and software properlyEnforcing password policiesExploiting an attack surfaceMultifactor authentication (MFA) is a security measure that requires a user to verify their identity in at least two ways before they can access a system or network.TrueFalseWhat are examples of physical security hardening? Select all that apply.Installing security camerasHiring security guardsRemoving or disabling unused applicationsReducing access permissions across devices Test your knowledge: Network hardening Fill in the blank: Security teams can use _____ to examine network logs and identify events of interest.network segmentationport filteringsecurity information and event management (SIEM) toolsbaseline configurationWhat is a basic principle of port filtering?Block all ports in a network.Allow users access to only areas of the network that are required for their role.Disallow ports that are used by normal network operations.Allow ports that are used by normal network operations.A security professional creates different subnets for the various departments in their business, ensuring users have access that is appropriate for their particular roles. What does this scenario describe?Network log analysisNetwork segmentationPatch updatesFirewall maintenanceData in restricted zones should have the same encryption standards as data in other zones.TrueFalse Test your knowledge: Cloud hardening Fill in the blank: A key distinction between cloud and traditional network hardening is the use of a server baseline image, which enables security analysts to prevent _____ by comparing data in cloud servers to the baseline image.slow speedsdamaged dataimproper resource storageunverified changesData and applications on cloud networks do not need to be separated based on their service category, such as their age or internal functionality.TrueFalseWho is responsible for ensuring the safety of cloud networks? Select all that apply.Individual usersResearch departmentCloud service providerSecurity teamFill in the blank: _____ cloud services are a common source of cloud security issues.MisconfiguredUnauthorizedSharedManaged Weekly challenge 4 Which of the following tasks are security hardening practices? Select all that apply.Keeping network devices functioning properlyUpdating softwareLoosening access permissionsPerforming port filteringWhat is the relationship between security hardening and an attack surface?Security hardening permanently eliminates the attack surface.Security hardening diminishes the attack surface.Security hardening expands the attack surface.Security hardening increases the attack surface.Fill in the blank: Hiring a security guard is an example of a _____ security hardening practice.physicalvirtualsoftware-basednetwork-focusedAn organization’s in-house security team has been authorized to simulate an attack on the organization’s website. The objective is to identify any vulnerabilities that are present. What does this scenario describe?Penetration testingThe Ping of DeathPacket sniffingA Distributed Denial of Service (DDoS) attackWhat are some methods for hardening operating systems? Select three answers.Removing unused software to limit unnecessary vulnerabilitiesImplementing an intrusion detection system (IDS)Configuring a device setting to fit a secure encryption standardKeeping an up-to-date list of authorized users.A security analyst notices something unusual affecting their company’s OS. To confirm that no changes have been made to the system, the analyst compares the current configuration to existing documentation about the OS. What does this scenario describe?Checking baseline configurationUpgrading the interface between computer hardware and the userResponsibly managing applicationsVerifying user identity when accessing an OSFill in the blank: The security measure multifactor authentication (MFA) requires a user to verify their _____ in two or more ways to access a system or network.passworduser permissionsjob titleidentityIn what way might port filtering be used to protect a network from an attack?By increasing the attack surface within a business networkBy creating isolated subnets for each of the various departments within an organizationBy helping analysts inspect, analyze, and react to security events based on their priorityBy blocking or allowing certain port numbers in order to limit unwanted communication In what way might port filtering be used to protect a network from an attack?To increase the attack surface in a networkTo inspect, analyze, and react to security events based on their priorityTo disable unused ports in order to reduce the attack surfaceTo create isolated subnets for different departments in an organization A security team considers the best way to handle the different security zones within their network. They prioritize protecting the restricted zone by separating from the rest of the network and ensuring it has much higher encryption standards. What does this scenario describe?Cloud hardeningPatch updatingPenetration testingNetwork segmentationWhat is one key similarity between regular web servers and cloud servers?In both, all data and application are stored together, regardless of their service categoryThey both use baseline images stored in the cloud to compare data.They both require proper maintenance and security hardening.In both, all applications are stored together, regardless of their age. Shuffle Q/A To help improve the security of a business, its in-house security team is approved to simulate an attack that will identify vulnerabilities in business processes. What does this scenario describe?A Distributed Denial of Service (DDoS) attackPacket sniffingPenetration testingThe Ping of Death Which of the following are OS hardening tasks? Select three answers.Regularly installing updatesImplementing multifactor authenticationUsing secure encryption standardsConducting a penetration test What is one key similarity between regular web servers and cloud servers?In both, all data and application are stored together, regardless of their service category.They both require security measures taken by the organization to stay safe.In both, all applications are stored together, regardless of their age.They both use baseline images stored in the cloud to compare data.Which of the following tasks are security hardening practices? Select all that apply.Reducing access permissions across devices and networksInstalling patch updatesDisabling unused portsReplacing the RAM on the computersWhat is the term for all the potential system vulnerabilities that a threat actor could exploit?Security architectureRiskSecurity challengeAttack surfaceFill in the blank: Installing security cameras is an example of a _____ security hardening practice.physicalsoftware-basednetwork-focusedvirtualA company’s executive team approves a proposal by the security director. The proposal involves security professionals simulating an attack on the company’s systems in order to identify vulnerabilities. What does this scenario describe?Penetration testingThe Ping of DeathPacket sniffingA Distributed Denial of Service (DDoS) attackWhich of the following are OS hardening tasks? Select three answers.Using secure encryption standardsImplementing multifactor authenticationConfiguring a firewallRunning regularly scheduled backupsA security analyst reviews documentation about a firewall rule that includes a list of allowed and disallowed network ports. They compare it to the current firewall to ensure no changes have been made. What does this scenario describe?Verifying user identity when accessing an OSUpgrading the interface between computer hardware and the userChecking baseline configurationResponsibly managing applicationsFill in the blank: The security measure _____ requires a user to verify their identity in two or more ways to access a system or network.baseline configurationnetwork log analysismultifactor authentication (MFA)password policyWhich of the following statements accurately describes port filtering?A process performed by a VPN service that protects data by wrapping it in other data packetsA security technique that divides a network into segmentsA security protocol that provides an encrypted tunnel for issuing commands from a remote serverA firewall function that blocks or allows certain port numbers in order to limit unwanted network trafficA security team works to ensure that an issue in one area of the business does not spread to others and create more problems. They design subnets for each department, such as one for research and another for finance. What does this scenario describe?Patch updatingCloud hardeningPenetration testingNetwork segmentationHow can a security professional confirm that no unverified changes have occurred within a cloud server?Use port filtering to block or allow certain updatesCompare the server baseline image to the data in cloud serversEstablish multifactor authentication (MFA)Perform a penetration testWhat are the purposes of performing a patch update for security hardening? Select all that apply.Requiring a user to verify their identity to access a system or network.Fixing known security vulnerabilities in a network or services.Upgrading an operating system to the latest software version.Preventing malicious actors from flooding a network.Fill in the blank: Requiring employees to turn off their personal devices while in secure areas is an example of a _____ security hardening practice.network-focusedvirtualcloud-basedphysicalFill in the blank: The security measure multi-factor authentication (MFA) requires a user to verify their identity _____ before accessing a system or network.in two or more wayswithin 60 secondsat least onceevery day Course 4 - Tools of the Trade: Linux and SQL Week 1 What is an operating system?The physical components of a computerThe interface between computer hardware and the userA program for sending emailA computer, smartphone, or tabletWhich of the following are operating systems? Select all that apply.LinuxAndroidWindowsSmartphonesWhich of the following statements correctly describe operating systems? Select all that apply.Computers run efficiently because of operating systems.Operating systems are the physical components of a computer.Operating systems are able to run many applications at once.Operating systems help people interact with computers in complex ways.Computers communicate in a language called binary, which consists of 0s and 1s.TrueFalse Test your knowledge: The operating system at work What is the job of a computer's operating system?Allow users to specify tasksHelp other computer programs run efficientlyLoad the bootloaderTurn on the computerFill in the blank: In order to carry out tasks on a computer, users directly interact with _____.the BIOStask managersthe CPUapplicationsThe management of a computer’s resources and memory is handled by an application.TrueFalseWhich of the following processes are part of starting an operating system? Select all that apply.The BIOS or UEFI microchip loads the bootloader.The bootloader starts the operating system.Either the BIOS or UEFI microchip is activated when a user turns on a computer.The bootloader immediately launches when a user turns on a computer. Test your knowledge: The user interface What is a GUI?A user interface that enables people to manage tasks on a computer using iconsA user interface that allows people to interact with a computer through commandsA user interface that runs only on Linux operating systemsA user interface that only runs on mobile devicesWhich of the following can be components of a GUI? Select all that apply.Desktop icons and shortcutsHardwareTask barStart menuFill in the blank: A security professional uses a(n) _____ to interact with a computer using text-based instructions.operating systemGUItext systemCLIA useful feature of a CLI is that it records a history file of commands and actions.TrueFalse Weekly challenge 1 Which of the following statements accurately describe operating systems? Select all that apply.Operating systems are responsible for making computers run efficiently.Operating systems are a type of computer hardware.Computers have operating systems, but smartphones and tablets do not have them.Operating systems help people and computers communicate.Which of the following are common operating systems? Select three answers.macOS®LinuxPCWindowsWhat is a bootloader?A program that checks for malware infections on a computerA program that starts an operating systemA program that communicates instructions to the userA program that loads the BIOS or UEFI chipFill in the blank: When someone uses a computer application, the operating system interprets the user's requests and directs them to the appropriate _____.user on the systemapplicationsuser interfacecomponents of the computers hardwareWhat happens when you use applications on your computer? Select three answers.The application receives information from the operating system and sends a confirmation message directly to the hardware.The operating system interprets a request from the application and directs it to the appropriate components of the computer’s hardware.The application sends your request to the operating system.The hardware sends information back to the operating system, which is sent back to the application.Fill in the blank: The user communicates with the operating system via a(n) _____.user applicationspecialized type of hardwareanother operating systemuser interfaceWhich of the following statements correctly describe GUIs and CLIs? Select three answers.A CLI performs multiple tasks less efficiently than a GUI.CLI commands execute tasks, such as moving a file to a new folder.GUI icons help users manage different tasks on a computer.A CLI is a text-based user interface.A security team suspects that an attacker has compromised their system. They examine the commands entered by the attacker to determine whether they can trace the attacker’s actions to help them resolve the incident. What does this scenario describe?Reviewing a history file in a GUIRepeating a process using iconsReviewing a history file in a CLIExamining the usage of files and applications from a start menuTo ensure a computer's capacity is used where it is needed most, what does an operating system manage?BIOS and UEFIViruses and malwareIcons and graphicsResources and memory Shuffle Q/A Which of the following statements accurately describe operating systems? Select all that apply.Operating systems are the interfaces between computer hardware and user.Computers, smartphones, and tablets all have operating systems.Operating systems only permit one application to run at a time.Operating systems are responsible for making computers run efficiently.Which of the following operating systems run on desktop and laptop computers? Select two answers.AndroidiOSmacOS®WindowsFill in the blank: When someone uses a computer application, the _____ interprets the user's requests and directs them to the appropriate components of the computer's hardware.CPUbootloaderoperating systemBIOSIf you wanted to perform a calculation on your computer, which of these things would happen? Select three answers.The application would send this request to the operating system.The hardware would send the answer directly back to the application.You would type in the number you wanted to calculate into the application.The hardware would determine the answer and send it back to the operating system.Fill in the blank: The _____ ensures the limited capacity of a computer system is used where it's needed most.bootloadertask managerhardwareoperating systemWhich of the following statements accurately describe operating systems? Select all that apply.Smartphones do not have operating systems.Operating systems help people and computers communicate.Operating systems are part of the physical components of a computer.Operating systems enable computers to run multiple applications at once.Which of the following operating systems were designed to run on mobile devices? Select two answers.AndroidmacOS®LinuxiOSWhat components are involved in the booting process? Select two answers.The bootloaderBIOS or UEFIA CLIA GUIFill in the blank: A _____ is a program that allows users to control functions of the operating system.UEFI chipuser interfacebootloaderCPUWhich of the following statements correctly describe GUIs and CLIs? Select three answers.A CLI uses commands to communicate with an operating system.A CLI can complete multiple tasks efficiently.A GUI is a text-based user interface.GUI icons help users manage different tasks on a computer. Which of the following statements correctly describe GUIs and CLIs? Select three answers.A GUI is a user interface that uses icons.CLI commands execute tasks, such as opening a program.A CLI can complete multiple tasks efficiently.A CLI includes a start menu and taskbar. What does BIOS load in order to start an operating system?The bootloaderThe user interfaceUEFIAn anti-virus applicationA security team responds to a breach by following the instructions from their playbook. They later want to ensure all of the commands they entered were correct. So, they review the saved steps they performed in the command line. What does this scenario describe?Repeating a process using iconsSaving files and applications from a start menuReviewing a history file in a GUIReviewing a history file in a CLIFill in the blank: On a computer, the _____ handles resource and memory management.task managerhardwarebrowseroperating system Which layer is responsible for establishing a connection between a source and a destination device?Layer 1, network accessLayer 2, internetLayer 3, transportLayer 4, application Week 2 As a security analyst, you might use Linux to review logs when investigating an issue.TrueFalseWhich of the following are components of the Linux architecture? Select all that apply.The shellApplicationsThe kernelThe operating systemFill in the blank: The Filesystem Hierarchy Standard (FHS) is the component of Linux architecture that _____.organizes dataconsists of the physical components of a computerenables people to communicate with the systemmanages processes and memoryWhich of the following hardware components are peripheral devices? Select all that apply.a printera CPURAMa monitor Test your knowledge: Linux distributions Fill in the blank: Because the _____ is open source, anyone can modify it to build new Linux distributions.hardwarekernelapplicationshellWhat is KALI LINUX ™?(KALI LINUX ™ is a trademark of OffSec.)A Debian-derived, open-source distribution of Linux designed for security tasksA tool with a graphical user interface that can be used to analyze live and captured network trafficA subscription-based Linux distribution built for enterprise useA tool used to guess passwordsWhat is an open-source, user-friendly distribution derived from Debian that is widely used in security and other industries?UbuntuAutopsyRed HattcpdumpWhich of the following are distributions of Linux? Select all that apply.ParrotCentOSRed HatPen Test Test your knowledge: The shell What is the shell?An instruction telling the computer to do somethingThe command-line interpreterData consisting of an ordered sequence of charactersInformation received by the operating system (OS) via the command lineAfter a user inputs a command into the shell, what can the shell return to the user? Select two answers.A request for more input from the userOutputA request for user approvalAn error messageWhat is standard error in Linux?A Linux command that outputs a specified string of textError messages returned by the operating system through the shellInformation received by the operating system via the command lineInformation returned by the operating system through the shellWhat is the difference between standard input and standard output?Standard input is sent from the Filesystem Hierarchy Standard (FHS). Standard output is sent to the FHS.Standard input is sent to the operating system. Standard output is sent from the operating system.Standard input is sent to the Filesystem Hierarchy Standard (FHS). Standard output is sent from the FHS.Standard input is sent from the operating system. Standard output is sent to the operation system. Weekly challenge 2 Fill in the blank: Linux is a(n) _____ operating system.closed-sourcesingle-useropen-sourcecommand lineWhich of the following components are part of the Linux architecture? Select all that apply.ApplicationsThe kernelStandard inputThe shellWhat is one reason why there are multiple distributions of Linux?Linux distributions are closed source, which means users must create a new distribution if they want to use Linux.Linux distributions expire after a period of time, which means new distributions must be created.The Linux kernel is updated yearly, which means community developers create new distributions to stay updated.The Linux kernel is open source, which means anyone can use the kernel and modify it.Which of the following statements correctly describe KALI LINUX ™? Select three answers. (KALI LINUX ™ is a trademark of OffSec.)KALI LINUX ™ was created specifically to be used with penetration testing and digital forensics.KALI LINUX ™ was created as an enterprise distribution of Linux.KALI LINUX ™ is an open-source Linux distribution that is widely used in security.KALI LINUX ™ should be used on a virtual machine.Which of these are common Linux distributions? Select all that apply.ParrotRed HatBashCentOSFill in the blank: The _____ communicates with the kernel to execute commands.shellFilesystem Hierarchy Standard (FHS)interfacehardwareWhich of the following are communication methods with the shell? Select all that apply.Standard commandStandard errorStandard inputStandard outputWhich of the following is an example of hardware?ShellKernelCPUApplicationsWhen the system doesn't know how to respond to a command, what is the result?A request for additional resourcesStandard inputStandard outputAn error message Shuffle Q/A What is an effect of Linux being open source?It allows for collaboration among a community of developers.It is the most simple OS in terms of architecture.It requires a yearly subscription.It is the easiest OS for beginners to use.Which of the following components are part of the Linux architecture? Select all that apply.The kernelThe Filesystem Hierarchy Standard (FHS)Standard outputHardwareWhat are distributions?Simulated attacks that help identify vulnerabilitiesThe different versions of LinuxPrograms that perform specific tasksData consisting of an ordered sequence of charactersWhat is an example of a Linux distribution that comes pre-installed with many security-related tools?WiresharkKALI LINUX ™ (KALI LINUX ™ is a trademark of OffSec.)KernelSUSEWhat is the Linux shell used for?It organizes the data stored in the computer so it can be found easily.It manages processes and memory.It ensures the system allocates resources efficiently.It allows you to communicate with the operating system. Fill in the blank: When you communicate with the shell, the commands in the shell can ___. Select all that apply.give error messagesgive outputtake outputtake inputWhich of the following is a Linux distribution that is built for enterprise use and offers a dedicated support team for customers?nanoKALI LINUX ™ (KALI LINUX ™ is a trademark of OffSec.)Red HatParrotFill in the blank: Package managers are used to distribute Linux _____.kernelsshellscommandsapplications Which of the following is an example of an application?ParrotCentOSnanoThe kernelWhat does standard error contain?Error messages sent as standard input to an application.Error messages sent to the OS from the shell.Error messages returned by the OS through the shell.Error messages sent to an application as string data.Which aspect of Linux makes it available to everyone?Its kernelIts open-source designIts multiple distributionsIts use in cybersecurityWhich of the following components are part of the Linux architecture? Select all that apply.The distributionThe Filesystem Hierarchy Standard (FHS)ApplicationsThe shell Which of the following components are part of the Linux architecture? Select all that apply.The kernelStandard outputHardwareThe Filesystem Hierarchy Standard (FHS) Which of the following are examples of Linux distributions? Select all that apply.DebianWiresharkUbuntutcpdumpWhat is the shell in Linux?An instruction telling the computer to do somethingThe command-line interpreterA Linux command that outputs a specified string of textThe information received by the OS via the command line Week 3 What is a command?A common shell in many Linux distributionsAn instruction that tells a computer to do somethingThe highest-level directory in LinuxA component of the Linux architectureWhich of the following commands prints the working directory to the screen?catlspwdheadWhat does the cd command do?Navigates between directoriesOutputs a specified string of textDisplays the names of files in the current directoryPrints the working directory to the screenA security professional enters head access.txt into a shell. What are they telling the operating system to do?Remove the first 5 lines of access.txtReturn the content of access.txt one page a timeDisplay the first 10 lines of access.txtAdd a header to the file named access.txtWhat is the difference between an absolute file path and a relative file path?An absolute file path starts from the current directory, and a relative file path starts from the root.An absolute file path ends with a forward slash (/), and a relative file path ends with a backslash (\).An absolute file path starts from the root, and a relative file path starts from the current directory.An absolute file path ends with a backslash (\), and a relative file path ends with a forward slash (/). Test your knowledge: Manage file content in Bash What two arguments commonly follow the grep command?The file to move and the new file locationThe string to search for and the file to search throughThe file to write to and the string to add to itThe file name to search for and the directory to search throughIn Linux, what does the piping command (|) do?It searches a specified file and returns all lines in the file containing a specified string.It moves a file or directory to a new location.It sends the standard input of one command as standard output to another command for further processing.It sends the standard output of one command as standard input to another command for further processing.A security professional enters cp vulnerabilities.txt /home/analyst/projects into the command line. What do they want the operating system to do?Create a new file named vulnerabilities.txt in the projects directoryRemove the vulnerabilities.txt file from the projects directorySearch for the string vulnerabilities.txt in the projects directoryCopy the vulnerabilities.txt file into the projects directoryWhat command creates a new file called failed_logins.txt?find failed_logins.txtmkdir failed_logins.txttouch failed_logins.txtrm failed_logins.txt Test your knowledge: Authenticate and authorize users What is authorization?The concept of granting only the minimal access and authorization required to complete a task or functionThe concept of granting access to specific resources in a systemThe process of a user proving that they are who they say they are in the systemThe process of temporarily granting elevated permissions to specific usersWhich of the following statements correctly describe the file permissions string -rw-rw-rw-? Select two answers.The user and group have execute permissions.The user has write permissions.The file type is a directory.The group has read permissions.A security professional enters chmod g+w access.txt into the command line. What does this command tell the operating system to do?Add write permissions to the user for the access.txt fileRemove write permissions from the group for the access.txt fileAdd write permissions to the group for the access.txt fileRemove write permissions from the user for the access.txt fileWhich of the following commands typically must be used with sudo? Select three answers.useraddchmoduserdelchownA security analyst is updating permissions on a directory named projects. The current permissions are drwxrw-r--. They want to add execute permissions for the group. What do they enter on the command line?chmod g+x projectschmod u-x projectschmod x+x projectschmod g-x projects Test your knowledge: Get help in Linux Which of the following statements accurately describe Linux’s online global community? Select three answers.Because Linux is open-source, the community can easily contribute.The community is focused on collecting feedback from advanced users of Linux.Linux users can find support from the community for everyday tasks.The community publishes online information to help users learn how to operate Linux.What does the man command do?Display a description of a command on a single lineDisplay information on other commands and how they workSearch the manual page descriptions for a specified stringDelete a user from the systemWhat does the whatis command do?Return the username of the current userDisplay information on other commands and how they workSearch the manual page descriptions for a specified stringDisplay a description of a command on a single lineWhat is an advantage of the apropos command?It incorporates mandatory options for customized searchingIt condenses the description of a specific command to one line.Users can search for a command even if they do not know the specific command name.It can be used to search for descriptions of commands when you know the specific command name. Weekly challenge 3 What are the arguments in mv Q1users.txt /home/analyst/reports? Select two answers.Q1users.txt.txtmv/home/analyst/reportsFill in the blank: The highest-level directory in Linux is called the _____.permissionsroot directoryhome directorysudo Which command searches a specified file and returns all lines in the file containing a specified string?mkdirsudogreppwd Which of these commands creates a new file?cdchmodtouchmkdir What does the grep command do?Searches a specified file and returns all lines in the file containing a specified stringTemporarily grants elevated permissions to specific usersPrints the working directory to the screenCreates a new directoryWhat does the touch command do?Creates a new fileOpens a file editorMoves a file or directory to a new locationChanges permissions on files and directoriesWhat are read, write, and execute?The three types of permissions for authorized usersThe three types of owners for files and directoriesDifferent methods for editing filesSpecific Linux commands used to change file permissions A security analyst is updating permissions on the file access.txt. They want to add write permissions for the user and remove read permissions for the group. What do they enter on the command line?chmod u+w,g-r access.txtchmod access.txt u+w,g-rchmod u-w,g+r access.txtchmod u+rw,g-rw access.txt A security analyst is updating permissions on the file access.txt. They want to add write permissions for the user and remove read permissions for the group. What do they enter on the command line?chmod u-w,g+r access.txtchmod u+rw,g-rw access.txtchmod access.txt u+w,g-rchmod u+w,g-r access.txtA user is not a root user, but needs elevated privileges to use certain commands. What should they do?Use the sudo commandAssign themselves write permissionsAssign themselves execute permissionsUse the chmod commandWhich command can you use to change your current directory?pwdcatlscdWhat does the apropos command do?Searches the manual page descriptions for a specified stringDisplays detailed information on commands and their optionsPrints the working directory to the screenDisplays a description of a command on a single lineGiven the following permissions drw-rw-r--, what permissions does the group have? Select all that apply.ReadUseWriteExecute Given the following permissions drw-rw-r--, which character indicates if this is a file or directory?FifthTenthFirstSecond Shuffle Q/A A security analyst enters grep OS updates.txt into the command line. What does this tell the operating system to do?Create a new directory named OS and a new file named updates.txtCreate a new file named updates.txt in the OS directorySearch through the updates.txt file and return all lines containing the string OSMove the updates.txt file to the OS directoryWhat does sudo do?Temporarily grants elevated permissions to specific usersDeletes users from the systemChanges the owner associated with a particular fileAdds users to the systemIn which of these situations would you enter cd logs?You want to search for the string logs in the files of your current directory.You want to list all the files and directories in the logs directory.You want to change to a subdirectory of your current directory named logs.You want to print the first 10 lines of the logs file.Given the following permissions drw-rw-r--, what does the fourth character represent?The group does not have execute permissions for this directoryThe user does not have execute permissions for this directoryThe user has execute permissions for this directoryThe group has execute permissions for this directoryWhat are the arguments in cp vulnerabilities.txt /home/analyst/projects? Select two answers./home/analyst/projectsvulnerabilities.txtcp/homeWhich of the following items represents the root directory?/*home/home*A security analyst enters touch updates.txt into the command line. What does this tell the operating system to do?Move the updates.txt file out of their current directoryCreate a new file named updates.txt in their current directoryOpen the updates.txt fileCreate a new file named updates.txt and move it to the root directoryWhich of the following are types of permissions? Select all that apply.ReadWriteAuthorizeExecuteA security analyst enters chmod u+w,g-r access.txt into the command line. What does this command tell the operating system to do? Select all that apply.Remove read permissions from the user for the access.txt fileAdd write permissions to the user for the access.txt fileAdd write permissions to the group for the access.txt fileRemove read permissions from the group for the access.txt fileWhich of the following commands require the user to be a root user or have sudo privileges? Select two answers.cduseradduserdelgrepWhat should you specify in the argument following the cd command?Your current directoryThe string you want to search forThe directory you want to navigate toThe file you want to createWhich of the following commands searches the manual page descriptions for a specified string?cppwdmanapropos Week 4 Which statement accurately describes the organization of a relational database?Relational databases consist of a single table with one primary key and one foreign key.Relational databases contain tables that are related to each other through primary and foreign keys.Relational databases consist of a single table containing related information.Relational databases contain primary keys with at least two duplicate values.What is SQL used for? Select two answers.Finding data to support security-related decisions and analysisAllowing users to access a specific machineSecuring an organization’s systems and networksCreating, interacting with, and requesting information from a databaseA record of attempts to connect to an organization’s network is one example of a log.TrueFalseFill in the blank: A request for data from a database table or a combination of tables is called a _____.querylogkeyrow Test your knowledge: SQL queries What is filtering in SQL?Removing invalid recordsRemoving unnecessary data from the databaseSelecting data that match a certain conditionChanging a table to match a conditionYou are working with the Chinook database and want to return the firstname, lastname, and phone of all employees. Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)What is Andrew Adams' phone number?Answers+1 (403) 262-3443+1 (780) 428-9482+1 (780) 836-9987+1 (403) 467-3351A security analyst wants to filter the log_in_attempts table for records where the value in the country column is 'Canada'. What is a valid query for this?WHERE country = ‘Canada’ SELECT * FROM log_in_attempts; SELECT * FROM log_in_attempts WHERE country = ‘Canada’; SELECT WHERE country = ‘Canada’ FROM log_in_attempts; SELECT * FROM log_in_attempts WHERE country = Canada; Which pattern matches with any string that starts with the character 'A'?‘%A%’‘%A’‘A%’‘A’ Test your knowledge: More SQL filtersWhich filter outputs all records with values in the date column between '01-01-2015' (January 1, 2015) and '01-04-2015' (April 1, 2015)?WHERE date BETWEEN ’01-01-2015′ AND ’01-04-2015′;WHERE date BETWEEN ’01-01-2015′, ’01-04-2015′;WHERE date < ’01-04-2015′;WHERE date > ’01-01-2015′;Which operator is most efficient at returning all records with a status other than 'successful'?ORNOTBETWEENANDYou are working with the Chinook database. You want to find the first and last names of customers who have a value in the country column of either 'Brazil' or 'Argentina'. Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)How many customers are from Brazil or Argentina?5614While working as an analyst, you encounter a query that includes the following filter: SELECT * FROM customers WHERE country = 'USA' AND state = 'NV' What will this query return?Information about customers who have a value of ‘USA’ in the country column and a value of ‘NV’ in the state column.Information about customers who do not have a value of ‘USA’ in the country column but do have a value of ‘NV’ in the state column.Information about customers who have a value of ‘USA’ in the country column or a value of ‘NV’ in the state column.Information about customers who do not have a value of ‘USA’ in the country column or do not have a value of ‘NV’ in the state column. Test your knowledge: SQL joins Which join types return all rows from only one of the tables being joined? Select all that apply.RIGHT JOININNER JOINFULL OUTER JOINLEFT JOINYou are performing an INNER JOIN on two tables on the employee_id column. The left table is employees, and the right table is machines. Which of the following queries has the correct INNER JOIN syntax?SELECT * FROM employees INNER JOIN machines WHERE employees.employee_id = machines.employee_id; SELECT * FROM employees INNER JOIN ON employees.employee_id = machines.employee_id; INNER JOIN machines ON employees.employee_id = machines.employee_id SELECT * FROM employees; SELECT * FROM employees INNER JOIN machines ON employees.employee_id = machines.employee_id; In the following query, which join returns all records from the employees table, but only records that match on employee_id from the machines table? SELECT * FROM employees _____ machines ON employees.employee_id = machines.employee_id;FULL OUTER JOINRIGHT JOININNER JOINLEFT JOINAs a security analyst, you are responsible for performing an INNER JOIN on the invoices and invoice_items tables of the Chinook database. These tables can be connected through the invoiceid column. Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)What is the value in the trackid column of the first row that is returned from this query?132449 Weekly challenge 4 Why might a security analyst use SQL?To store data in a spreadsheetTo create new files on their computerTo efficiently find needed data in security logsTo assign new passwords to usersFill in the blank: A column in which every row has a unique entry and which is used to identify a table is called a _____.primary keydatabase keyforeign keyrelational keyWhich of these SQL statements queries the log_in_attempts table? Select all that apply.SELECT * FROM log_in_attempts; SELECT event_id, username FROM log_in_attempts WHERE event_id < 150; SELECT log_in_attempts FROM *; SELECT log_in_attempts FROM event_id; What does INNER JOIN do?Combine tables and save them as a new tableCompare tables and return only the rows that have a matching value in a specified columnFilter databases to return only columns that exist in every tableReturn every row in joined tablesWhich SQL keyword indicates the condition for a filter?FROMSELECTINNER JOINWHEREYou work with a table that has one column for name. Some of these names have prefixes. You want to identify all of the doctors. Which query will return every name that starts with the prefix 'Dr.'?WHERE name LIKE ‘Dr.%’;WHERE name = ‘Dr.%’;WHERE name = ‘Dr._’;WHERE name LIKE ‘Dr._’;What does the following query return? SELECT * FROM employees RIGHT JOIN machines ON employees.device_id = machines.device_id;All columns of the employees and machines table and the records from employees and machines that match on device_idAll columns and records from the employees and machines tablesAll columns of the employees and machines table, all records from the employees table, and the records from machines that match on device_idAll columns of the employees and machines table, all records from the machines table, and the records from employees that match on device_idYou are working with the Chinook database. You want to return the company and country columns from the customers table. Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)In what country is JetBrains s.r.o. located?GermanyCzech RepublicBrazilUnited StatesYou are working with the Chinook database and are responsible for filtering for invoices with a total that is more than 20. Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)How many invoices have a total that is more than 20?2413 You are working with the Chinook database and are responsible for filtering for customers that live in the country of 'USA' and the state with an abbreviation of 'CA'. Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)SELECT firstname,lastname, address, countryFROM customers--???What are the first names of the customers that live in the USA and the state with an abbreviation of CA?Frank, Tim, DanFrank, Tim, Dan, Heather, KathyKathy, Michelle, FrankJohn, Michelle, Julia, Patrick You are working with the Chinook database and are responsible for filtering for the customers that live in the city of 'Mountain View' and work for the company of 'Google Inc.' Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)How many customers live in Mountain View and work for Google Inc.?3241 Shuffle Q/A A security analyst queries a table related to login attempts. How can SQL help this analyst with their work?The analyst will get a live update on new login attempts.The analyst can efficiently find the login data they need.SQL will change authentication permissions to prevent unauthorized logins.SQL will automatically distribute a report on suspicious login attempts.Which of these SQL statements queries the machines table? Select all that apply.SELECT * FROM machines; SELECT device_id, operating_system FROM machines WHERE operating_system = ‘OS 2’; SELECT machines FROM *; SELECT machines FROM operating_system; What does WHERE department = 'Sales' indicate in the following SQL query?SELECT *FROM employeesWHERE department = 'Sales';To highlight the department column in the resultsTo only return rows that match the filterTo only return the department columnTo change all the values in the department column to ‘Sales’You need to perform a SQL join. You want to return all the columns with records matching on the employee_id column between the employees and machines tables. You also want to return all records from the machines table. Which of the following queries would you use?SELECT * FROM employees INNER JOIN machines ON employees.employee_id = machines.employee_id; SELECT * FROM employees LEFT JOIN machines ON employees.employee_id = machines.employee_id; SELECT * FROM employees FULL OUTER JOIN machines ON employees.employee_id = machines.employee_id; SELECT * FROM employees RIGHT JOIN machines ON employees.employee_id = machines.employee_id; You are working with the Chinook database. You want to return the employeeid and email columns from the employees table. Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)What is the employee ID number of the employee with an email of laura@chinookcorp.com?8264You are working with the Chinook database and are responsible for filtering for the customers that have a value of 'USA' in the country column and have a value of 'Frank' in the firstname column. Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)How many customers live in the USA and have the name Frank?4132You need to perform a SQL join. You want to return all the columns with records matching on the device_id column between the employees and machines tables. You also want to return all records from the employees table. Which of the following queries would you use?SELECT * FROM employees RIGHT JOIN machines ON employees.device_id = machines.device_id; SELECT * FROM employees INNER JOIN machines ON employees.device_id = machines.device_id; SELECT * FROM employees FULL OUTER JOIN machines ON employees.device_id = machines.device_id SELECT * FROM employees LEFT JOIN machines ON employees.device_id = machines.device_id; You are working with the Chinook database. You want to return the lastname and title columns from the employees table. Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)What is the title of the employee with the last name of Callahan?IT ManagerIT StaffSales ManagerGeneral ManagerYou are working with the Chinook database and want to filter on the hiredate column to find all employees hired on or after '2003-10-17' (October 17, 2003). Replace --??? with the missing information to complete the query. (If you want to undo your changes to the query, you can click the Reset button.)How many employees were hired on or after October 17, 2003?4231What is true about the values in the primary key column? Select all that apply.They cannot be null (or empty).They should never contain numeric data.They do not need to be unique.Each row must have a unique value. Which of these SQL statements queries the employees table? Select all that apply.SELECT employeesFROM employee_id;SELECT employeesFROM *;SELECT *FROM employees;SELECT employee_id, device_idFROM employeesWHERE employee_id > 1100; What type of join compares tables and returns only the rows that have a matching value in a specified column?FULL OUTER JOINLEFT JOININNER JOINRIGHT JOIN Both an employees table and a machines table contain an employee_id column, and you want to return only the records that share a value in this column. Which keyword should be part of your query?FULL OUTER JOININNER JOINBETWEENWHEREWhich query returns all records that start with the character 'a' from the name column in the employees table?SELECT name FROM employees WHERE name = ‘a%’; SELECT name FROM employees WHERE name LIKE ‘%a’; SELECT name FROM employees WHERE name LIKE ‘a%’; SELECT name FROM employees WHERE name LIKE ‘a’; Course 5 - Assets, Threats, and Vulnerabilities Week 1 What is a risk?Any circ*mstance or event that can negatively impact assetsAnything that can impact the confidentiality, integrity, or availability of an assetThe practice of labeling assets based on sensitivity and importance to an organizationA weakness that can be exploited by a threatA security professional discovers a rogue access point on their company WiFi that is not managed by the networking team. The rogue device is altering and deleting sensitive records without authorization. What does this scenario describe?ThreatVulnerabilityRiskAssetA product team is storing customer survey data for a new project in a cloud drive. The data is only accessible to product team members while the project is in development. What is this data’s asset type?PublicCustomer dataInternal demoConfidentialWhat is the practice of labeling assets based on sensitivity and importance to an organization?Asset inventoryAsset classificationAsset managementAsset restriction Test your knowledge: Digital and physical assets What is the practice of keeping data in all states away from unauthorized users?NetworkCybersecurityInformation securityAssetAn employee is promoted to a new role, so their workstation is transferred to a different office. As the employee’s workstation is being relocated, what data state are its files in?At restIn transitIn useIn storageWhat is an example of data in transit?A sent email is traveling over the network to reach its destination.A spreadsheet file is saved on an employee’s hard drive.A manager is editing a report on their computer.A user logs in to their online account to review their messages.Fill in the blank: Data is in use when it is being _____ by one or more users.accessedignoredtransportedclassified Test your knowledge: Risk and asset security What types of risks do security plans address? Select three answers.Disclosure of dataShift of market conditionsLoss of informationDamage to assetsWhat are the basic elements of a security plan? Select three answers.StandardsPoliciesProceduresRegulationsFill in the blank: The NIST CSF is a _____ framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.voluntarymandatorylimitedrigidWhat are some benefits of the NIST Cybersecurity Framework (CSF)? Select three answers.It helps organizations achieve regulatory standards.It can be used to identify and assess risk.It is required to do business online.It’s adaptable to fit the needs of any business. Weekly challenge 1 A malicious hacker gains access to a company system in order to access sensitive information. What does this scenario describe?VulnerabilityRegulationProcedureThreat Which of the following are examples of a vulnerability? Select two answers.Malicious hackers stealing access credentialsAn employee misconfiguring a firewallAttackers causing a power outageA malfunctioning door lock Fill in the blank: A misconfigured firewall is an example of a security _____.exploitvulnerabilitythreatassetWhat is the first step of asset management?To assign a risk score to assetsTo address an asset’s vulnerabilitiesTo make an asset inventoryTo classify assets based on valueA small group of software developers is working internally on a confidential project. They are developing a new web application for the employees at their organization. Who can the developers discuss this confidential project with? Select two answers.External business partnersClose friendsTeammatesProject managersA local chef owns a successful small business that sells cooking sauces and seasoning. Their best-selling product is a sauce that’s made with a top secret family recipe. To continue growing the company, the chef is about to start a partnership with a large retailer. In this scenario, what classification level should be assigned to the chef's proprietary recipe in this scenario?PublicInternalConfidentialRestricted Which of the following can be prevented with effective information security? Select all that apply.Compliance with regulationsIdentity theftFinancial lossReputational damage What is an example of digital data at rest? Select two answers.Files on a hard driveEmail messages in an inboxLetters on a tableContracts in a file cabinet Fill in the blank: Information security (InfoSec) is the practice of keeping ____ in all states away from unauthorized users.processesdocumentsfilesdataWhat is an example of data in transit? Select two answers.A slideshow presentation on a thumb driveA file being downloaded from a websiteA website with multiple files available for downloadAn email being sent to a colleagueWho should an effective security plan focus on protecting? Select all that apply.CustomersCompetitorsEmployeesBusiness partners What NIST Cybersecurity Framework (CSF) tier is an indication that compliance is being performed at an exemplary standard?Level-2Level-4Level-3Level-1 What are some benefits of the NIST Cybersecurity Framework? Select three answers.The CSF fosters trust between businesses.The CSF will protect an organization from cyber threats.The CSF is adaptable to meet a company’s needs.The CSF assists with regulatory compliance efforts. Which of the following are components of the NIST Cybersecurity Framework? Select three answers.ProfilesCoreControlsTiersFill in the blank: To measure performance across the functions of the _____, security teams use NIST tiers.profilescoreframeworkbusiness Shuffle Q/A An employee who has access to company assets abuses their privileges by stealing information and selling it for personal gain. What does this scenario describe?VulnerabilityProcedureThreatRegulation Which of the following refers to the process of tracking assets and the risks that affect them?Asset managementAsset administrationAsset classificationAsset inventory Which of the following are examples of security vulnerabilities? Select three answers.Unattended laptopSuspended access cardWeak passwordUnlocked doors at a businessWhich of the following statements correctly describe security asset management? Select two answers.It helps identify risks.It decreases vulnerabilities.It is a one-time process.It uncovers gaps in security.What is an example of restricted information? Select all that apply.Cardholder dataIntellectual propertyEmployee email addressesHealth informationWhat are some key benefits of a security plan? Select three answers.Define consistent policies that address what’s being protected and why.Establish a shared set of standards for protecting assets.Outline clear procedures that describe how to protect assets and react to threats.Enhance business advantage by collaborating with key partners.Fill in the blank: CSF profiles provide insights into the _____ state of a security plan.historicalcurrentfuturerecentAn employee is asked to email customers and request that they complete a satisfaction survey. The employee must be given access to confidential information in the company database to conduct the survey. What types of confidential customer information should the employee be able to access from the company's database to do their job? Select two answers.E-mail addressesCredit card dataCustomer namesHome addressesA mobile game displays ads to users. The game is free to users so long as they occasionally view ads from other companies. Should these other companies be able contact the users of the gaming app?Maybe, because users have control over sharing their information.No, because this user information is restricted.Yes, because user information is public.Why is it so challenging to secure digital information? Select two answers.Most information is in the form of data.There are no regulations that protect information.There are so many resources to dedicate to security.Technologies are interconnected.What is an example of confidential information? Select two answers.Press releaseEmployee contactsProject documentsMarketing strategyWhat is an example of data in use? Select three answers.Reading emails in your inbox.Watching a movie on a laptop.Playing music on your phone.Downloading a file attachment.Which of the following are functions of the NIST Cybersecurity Framework core? Select three answers.ImplementProtectDetectRespond Week 2 What are categories of security controls? Select all that apply.OperationalPrivacyTechnicalManagerialFill in the blank: A data _____ decides who can access, edit, use, or destroy their information.handlercustodianprotectorownerA writer for a technology company is drafting an article about new software features that are being released. According to the principle of least privilege, what should the writer have access to while drafting the article? Select all that apply.Login credentials of the software usersSoftware developers who are knowledgeable about the productOther new software that is in developmentThe software they are reviewingWhich privacy regulations influence how organizations approach data security? Select three answers.Infrastructure as a Service (IaaS)General Data Protection Regulation (GDPR)Payment Card Industry Data Security Standard (PCI DSS)Health Insurance Portability and Accountability Act (HIPAA) Test your knowledge: Encryption methodsWhich of the following elements are required when using encryption? Select all that apply.KeyCertificateCipherTokenWhich technologies are used in public key infrastructure (PKI)? Select three answers.Asymmetric encryptionSymmetric encryptionDigital certificatesCiphertextFill in the blank: _____ encryption produces a public and private key pair.HashingSymmetricSaltingAsymmetricAn attacker gains access to a database where user passwords are secured with the SHA-256 hashing algorithm. Can the attacker decrypt the user passwords?Yes. Hash algorithms produce a decryption key.No. Hash algorithms do not produce decryption keys.What term describes being unable to deny that information is authentic?ConfidentialityNon-repudiationIntegrityAvailability Test your knowledge: Authentication, authorization, and accounting What factors do authentication systems use to verify a user's identity? Select three answers.OwnershipCharacteristicAuthorizationKnowledgeHow do businesses benefit from implementing single sign-on (SSO) technology? Select two answers.By simplifying their user managementBy providing a better user experienceBy requiring multiple forms of identificationBy streamlining HTTP traffic between serversA retail company has one employee that’s in charge of purchasing goods, another employee that's in charge of approving new purchases, and a third employee that’s in charge of paying invoices. What security principle is the retail company implementing?Separation of dutiesLeast privilegeAuthentication, authorization, and accounting (AAA)Non-repudiationWhat are the categories of access controls? Select three answers.AuthorizationAdministrationAuthenticationAccountingWhat credential does OAuth use to authenticate users?A one-time passcode (OTP)A session cookieAn application programming interface (API) tokenA digital certificate Weekly challenge 2 Which of the following examples are categories of security controls? Select three answers.OperationalManagerialTechnicalComplianceA large hotel chain is conducting a national sweepstakes. To enter the sweepstakes, customers must consent to sharing their email address with the chain’s business partners for marketing purposes. What are the hotel chain's responsibilities as data custodians? Select three answers.Back up customer informationSend information to business partnersGrant business partners consent to use customer dataCollect customer consent and emailsYou send an email to a friend. The service provider of your inbox encrypts all messages that you send. What happens to the information in your email when it’s encrypted?It’s converted from a hash value to ciphertext.It’s converted from Caesar’s cipher to plaintext.It’s converted from plaintext to ciphertext.It’s converted from ciphertext to plaintext.Why are hash algorithms that generate long hash values more secure than those that produce short hash values?They are easier to decryptThey are easier to exchange over a networkThey are more difficult to rememberThey are more difficult to brute forceFill in the blank: A _____ is used to prove the identity of users, companies, and networks in public key infrastructure.digital certificateaccess tokenaccess keydigital signatureFill in the blank: Knowledge, ownership, and characteristic are three factors of _____ systems.authorizationadministrativeaccountingauthentication What are two advantages of using single sign-on (SSO) systems to authenticate users? Select two answers.It makes authentication safe.It makes the login process faster.Users can reuse the same password.Users can gain access to multiple platforms. What is a key advantage of multi-factor authentication compared to single sign-on?It can grant access to multiple company resources at once.It streamlines the authentication process.It requires more than one form of identification before granting access to a system.It is faster when authenticating users.A shipping company imports and exports materials around the world. Their business operations include purchasing goods from suppliers, receiving shipments, and distributing goods to retailers. How should the shipping company protect their assets under the principle of separation of duties? Select two answers.Have one employee file purchase ordersHave one employee select goods and submit paymentsHave one employee receive shipments and distribute goodsHave one employee approve purchase ordersFill in the blank: ____ is the technology used to establish a user’s request to access a server.Basic authAPI tokensOAuthDigital certificatesWhich of the following are reasons why accounting in security is such an important function of effective access controls? Select two answers.Identify ways to improve business operations.Detect session hijacking incidents.Uncover threat actors who have accessed a system.Record user activity for marketing purposes. Which security controls are used in public key infrastructure? Select three answers.Multi-factor authenticationDigital certificatesSymmetric encryptionAsymmetric encryptionShuffle Q/A What is the primary purpose of hash functions?To store data in the cloudTo determine data integrityTo decrypt sensitive dataTo make data quickly availableWhich of the following steps are part of the public key infrastructure process? Select two answers.Exchange of public and private keysTransfer hash digestsEstablish trust using digital certificatesExchange of encrypted informationWhat factors do authentication systems use to verify a user's identity? Select three answers.AccountingKnowledgeOwnershipCharacteristicWhat are some disadvantages of using single sign-on (SSO) technology for user authentication? Select two.Username and password management is more complicated for the end users.Customers, vendors, and business partners are less vulnerable to attack.Stolen credentials can give attackers access to multiple resources.Access to all connected resources stops when SSO is down.A business has one person who receives money from customers at the register. At the end of the day, another person counts that money that was received against the items sold and deposits it. Which security principles are being implemented into business operations? Select two answers.Multi-factor authenticationSeparation of dutiesSingle sign-onLeast privilegeWhat types of user information does an API token contain? Select two answers.A user’s secret keyA user’s site permissionsA user’s passwordA user’s identityWhich type of encryption is generally slower because the algorithms generate a pair of encryption keys?AsymmetricRivest–Shamir–Adleman (RSA)Data encryption standard (DES)SymmetricThe main responsibility of a receptionist at a healthcare company is to check-in visitors upon arrival. When visitors check-in, which kinds of information should the receptionist be able to access to complete their task? Select two answers.The patient being visitedTheir billing informationTheir medical historyA photo IDA customer of an online retailer has complained that their account contains an unauthorized purchase. You investigate the incident by reviewing the retailer's access logs. What are some components of the user's session that you might review? Select two answers.Session certificateSession algorithmSession cookieSession IDWhat is the purpose of security controls?Create policies and proceduresEncrypt information for privacyEstablish incident response systemsReduce specific security risks What do symmetric encryption algorithms use to encrypt and decrypt information?A digital certificateA public and private key pairA hash valueA single secret key A paid subscriber of a news website has access to exclusive content. As a data owner, what should the subscriber be authorized to do with their account? Select three answers.Stop their subscriptionReview their username and passwordEdit articles on the websiteUpdate their payment detailsWhat are common authorization tools that are designed with the principle of least privilege and separation of duties in mind? Select three answers.API TokensSHA256Basic authOAuthWhat is the practice of monitoring the access logs of a system?AuditingAuthenticationAccountingAuthorization Week 3 Which of the following are steps in the vulnerability management process. Select two answers.Identify vulnerabilitiesCatalog organizational assetsAssign a CVE® IDPrepare defenses against threatsAn organization is attacked by a vulnerability that was previously unknown. What is this exploit an example of?A cipherAn assetA zero-dayA perimeter layerWhich layer of the defense in depth strategy is a user authentication layer that mainly filters external access?EndpointDataNetworkPerimeterA security researcher reports a new vulnerability to the CVE® list. Which of the following criteria must the vulnerability meet before it receives a CVE® ID? Select two answers.It must affect multiple applications.The submission must have supporting evidence.The vulnerability must be unknown to the developer.It must be independently fixable. Test your knowledge: Identify system vulnerabilities Fill in the blank: A vulnerability ____ refers to the internal review process of an organization’s security systems.assessmentscoringpatchscannerWhat are the goals of a vulnerability assessment? Select two answers.To reduce overall threat exposureTo detect network trafficTo audit regulatory complianceTo identify existing weaknessesWhich of the following remediation examples might be implemented after a vulnerability scan? Select two answers.Training employees to follow new security proceduresIdentifying misconfigurations in an applicationLocating vulnerabilities in workstationsInstalling software updates and patchesWhat are two types of vulnerability scans? Select two answers.Patch or upgradeAuthenticated or unauthenticatedLimited or comprehensiveRisk or threat Test your knowledge: Cyber attacker mindset What is the difference between an attack vector and an attack surface?An attack surface refers to all the weaknesses of an asset that can be attacked; an attack vector refers to an outdated and vulnerable network.An attack vector refers to the pathways attackers use to penetrate security defenses; an attack surface refers to all the vulnerabilities of an asset that can be exploited.An attack surface refers to the specific pathway of exploiting a weakness; an attack vector refers to all the weaknesses of an asset that can be exploited.An attack surface refers to the specific method of attack; an attack vector refers to an outdated and vulnerable network.What are examples of security hardening? Select three answers.Restarting a crashed applicationHashing all user passwordsKeeping systems patched and updatedDisabling inactive network portsWhich steps are applied when using an attacker mindset? Select three answers.Evaluate a target’s attack vectorsIdentify a targetStay in communication with a targetDetermine how a target can be accessedHow can businesses reduce the number of attack vectors they must defend? Select three answers.By educating users so they can participate in preventing attacksBy totally restricting information from being sharedBy controlling access and authorization to assetsBy implementing security controls that protect information Weekly challenge 3 Consider the following scenario:A cloud service provider has misconfigured a cloud drive. They’ve forgotten to change the default sharing permissions. This allows all of their customers to access any data that is stored on the drive.This misconfigured cloud drive is an example of what?A threatAn exploitA security controlA vulnerabilityFill in the blank: The five layers of the defense in depth model are: perimeter, network, endpoint, application, and _____.sessiontransportphysicaldataWhat is the difference between the application and data layers of the defense in depth model?The application layer authorizes users who have access to perform a duty. The data layer maintains the integrity of information with controls like encryption and hashing.The data layer includes controls like encryption and hashing to secure data at rest. The application layer authorizes users who have access to perform a duty.The application layer secures information with controls that are programmed into the application itself. The data layer maintains the integrity of information with controls like encryption and hashing.The data layer authenticates users to only allow access to trusted parties. The application layer secures information with controls that are programmed into the application itself.What is the main purpose of the CVE® list?To create a dictionary of threats to organizational assets that must be addressedTo share a standard way of identifying and categorizing known vulnerabilities and exposuresTo keep a record of the coding mistakes of major software developersTo collect information on vulnerabilities and exposures performed by independent researchersA security team is preparing new workstations that will be installed in an office.Which vulnerability management steps should they take to prepare these workstations? Select three answers.Download the latest patches and updates for each system.Install a suite of collaboration tools on each workstation.Consider who will be using each computer.Configure the company firewall to allow network access.A security team is conducting a periodic vulnerability assessment on their security procedures. Their objective is to review gaps in their current procedures that could lead to a data breach. After identifying and analyzing current procedures, the team conducts a risk assessment.What is the purpose of performing a risk assessment?To adjust current security proceduresTo score vulnerabilities based on their severity and impactTo simulate attacks that could be performed against each vulnerabilityTo fix vulnerabilities that have been identifiedFill in the blank: All the potential vulnerabilities that a threat actor could exploit is called an attack _____.databasevectorsurfacenetworkAn online newspaper suffered a data breach. The attackers exploited a vulnerability in the login form of their website. The attackers were able to access the newspaper’s user database, which did not encrypt personally identifiable information (PII).What attack vectors did the malicious hackers use to steal user information? Select two answers.The online login formThe unencrypted PIIThe newspaper’s websiteThe user databaseA security team is performing a vulnerability assessment on a banking app that is about to be released. Their objective is to identify the tools and methods that an attacker might use.Which steps of an attacker mindset should the team perform to figure this out? Select three answers.Consider potential threat actors.Identify a target.Evaluate attack vectors that can be exploited.Determine how the target can be accessed.Consider the following scenario:You are working as a security professional for a school district. An application developer with the school district created an app that connects students to educational resources. You’ve been assigned to evaluate the security of the app.Using an attacker mindset, which of the following steps would you take to evaluate the application? Select two answers.Integrate the app with existing educational resources.Identify the types of users who will interact with the app.Ensure the app’s login form works.Evaluate how the app handles user data. Shuffle Q/A An application has broken access controls that fail to restrict any user from creating new accounts. This allows anyone to add new accounts with full admin privileges. The application’s broken access controls are an example of what?A vulnerabilityAn exploitA threatA security controlWhich of the following layers do not provide protection for information that users provide? Select two answers.The perimeter layerThe network layerThe data layerThe application layerWhich layer of the defense in depth model is a user authentication layer that can include usernames and passwords?PerimeterNetworkEndpointApplicationWhich of the following are characteristics of the vulnerability management process? Select two answers.Vulnerability management is a way to discover new assets.Vulnerability management is a way to limit security risks.Vulnerability management should consider various perspectives.Vulnerability management should be a one-time process.What are the two types of attack surfaces that security professionals defend? Select two answers.DigitalPhysicalIntellectual propertyBrand reputationA project manager at a utility company receives a suspicious email that contains a file attachment. They open the attachment and it installs malicious software on their laptop.What are the attack vectors used in this situation? Select two answers.The suspicious emailThe infected workstationThe malicious softwareThe file attachmentWhat is not a step of practicing an attacker mindset?Evaluate attack vectors that can be exploited.Determine how a target can be accessed.Identify ways to fix existing vulnerabilities.Find the tools and methods of attack.A hotel chain has outdated WiFi routers in their guest rooms. An attacker hacked into the devices and stole sensitive information from several guests.The outdated WiFi router is an example of what?An exploitA vulnerabilityA threatAn access controlWhich layer of the defense in depth model relates to user devices that have accessed a network?EndpointApplicationPerimeterDataWhich of the following are criteria that a vulnerability must meet to qualify for a CVE® ID? Select all that apply.It can only affect one codebase.It must be submitted with supporting evidence.It must be independent of other issues.It must be recognized as a potential security risk.It must pose a financial risk.Which of the following are reasons that security teams practice an attacker mindset? Select three answers.To identify attack vectorsTo exploit flaws in an application’s codebaseTo uncover vulnerabilities that should be monitoredTo find insights into the best security controls to useFill in the blank: According to the CVE® list, a vulnerability with a score of _____ or above is considered to be a critical risk to company assets that should be addressed right away.11194You are tasked with performing a vulnerability assessment of an onsite server. After scanning the server, you discover that its operating system is missing several new updates.What are two steps that you might take next to complete the vulnerability assessment? Select two answers.Investigate critical system updates that are available.Scan the millions of devices that connect to the serverPerform a risk assessment of the old operating system.Deactivate the server because its operating system is outdated Which of the following are types of attack surfaces? Select three answers.Cloud serversNetwork routersComputer workstationsMalicious software Fill in the blank: An attack _____ refers to the pathways attackers use to penetrate security defenses.surfacevectorlandscapevulnerability What are ways to protect an organization from common attack vectors? Select three answers.By not practicing an attacker mindsetBy keeping software and systems updatedBy implementing effective password policiesBy educating employees about security vulnerabilities Week 4 Fill in the blank: _____ is the use of digital communications to trick people into revealing sensitive data or deploying malicious software.WhalingBaitingPhishingQuid pro quoWhat type of phishing uses electronic voice communications to obtain sensitive information or to impersonate a known source?TailgatingAngler phishingSmishingVishingFill in the blank: The stages of a social engineering attack include to prepare, establish trust, use persuasion tactics, and ____.disconnect from the targetevaluate defensesspread awareness with othersstay informed of security trendsPhishing kits typically contain which of the following tools to help attackers avoid detection? Select three answers.Fraudulent web linksMalicious attachmentsEmail filtersFake data-collection forms Test your knowledge: Malware Which of the following are types of malware? Select two answers.SpywareDictionary attacksVirusesCredential stuffingFill in the blank: ____ are malware that automatically duplicate and spread themselves across systems.BotnetsTrojansRootkitsWormsWhat is it called when someone's computing resources are illegally hijacked to mine cryptocurrencies?CryptojackingRootkitTrojan horseSpywareWhich of the following are common signs of a malware infection? Select three answers.Files are suddenly encryptedIncreased CPU usageUnusual system crashesSlowdowns in performance Test your knowledge: Web-based exploits Fill in the blank: _____ are malicious code or behaviors that are used to take advantage of coding flaws in a web application.Spear phishingWeb-based exploitsCommand-line interfaceSocial engineeringCross-site scripting (XSS) attacks are often delivered by exploiting which of the following languages? Select two answers.SQLJavaScriptPythonHTMLWhat server-side code can be used to defend against SQL injection attacks?Prepared statementInjection attackInput validationPhishing kitWhat are two examples of when SQL injections can take place?When using the login form to access a siteWhen a malicious script exists in the webpage a browser loadsWhen a malicious script is injected directly on the serverWhen a user enters their credentialsIn a SQL injection attack, malicious hackers attempt to obtain which of the following? Select two answers.Exploiting languagesGain administrative rightsSensitive informationCategorize the environment Weekly challenge 4 Which of the following could be examples of social engineering attacks? Select three answers.An unfamiliar employee asking you to hold the door open to a restricted areaAn email urgently asking you to send money to help a friend who is stuck in a foreign countryA lost record of important customer informationA pop-up advertisem*nt promising a large cash reward in return for sensitive informationWhat is the main difference between a vishing attack and a smishing attack?Vishing makes use of voice calls to trick targets.Vishing involves a widespread email campaign to steal information.Vishing is used to target executives at an organization.Vishing exploits social media posts to identify targets.A digital artist receives a free version of professional editing software online that has been infected with malware. After installing the program, their computer begins to freeze and crash repeatedly.The malware hidden in this editing software is an example of which type of malware?scarewarespywaretrojanadwareWhat are the characteristics of a ransomware attack? Select three answers.Attackers demand payment to restore access to a device.Attackers make themselves known to their targets.Attackers encrypt data on the device without the user’s permission.Attackers display unwanted advertisem*nts on the device.Fill in the blank: Cryptojacking is a type of malware that uses someone’s device to _____ cryptocurrencies.minecollectinvestearnSecurity researchers inserted malicious code into the web-applications of various organizations. This allowed them to obtain the personally identifiable information (PII) of various users across multiple databases.What type of attack did the researchers perform?MalwareSocial engineeringRansomwareInjectionAn attacker sends a malicious link to subscribers of a sports news site. If someone clicks the link, a malicious script is sent to the site's server and activated during the server’s response.This is an example of what type of injection attack?DOM-basedSQL injectionReflectedStoredWhat is one way to prevent SQL injection?Having well-written codeExcluding prepared statementsIncluding application design flawsDownloading malicious appsWhat should security teams do after identifying threats, according to the threat modeling process? Select two answers.Identify who might perform an attack and howExamine existing protections and identify gapsConsider how users interact with an environmentDetermine mitigation strategiesDuring which stage of the PASTA framework is an attack tree created?Decomposing an applicationVulnerability analysisThreat analysisAttack modeling Shuffle Q/A Fill in the blank: The four stages of a social engineering attack are to prepare, _____, use persuasion tactics, and disconnect from the target.impersonate a relativedistribute malicious emailestablish trustobtain access credentialsFill in the blank: _____ uses text messages to manipulate targets into sharing sensitive information.SmishingWhalingVishingPretextingWhich of the following are not types of malware? Select two answers.WormSQL injectionCross-site scriptingVirusA member of a government agency is tricked into installing a virus on their workstation. The virus gave a criminal group access to confidential information. The attackers threaten to leak the agency's data to the public unless they pay $31,337.What type of attack is this an example of?RansomwareCross-site scriptingCryptojackingScarewareWhat is malicious code that is inserted into a vulnerable application called?Input validationCryptojackingSocial engineeringInjection attackAn attacker injected malware on a server. When a user visits a website hosted by the server, their device gets infected with the malware.This is an example of what type of injection attack?Brute forceDOM-basedStoredReflectedWhich of the following are areas of a website that are vulnerable to SQL injection? Select two answers.Social media feedsPop-up advertisem*ntsCredit card payment formsUser login pagesA security team is conducting a threat model on a new software system. They are determining whether risks can be transferred, reduced, or accepted.Which key step of a threat model does this scenario represent?Evaluate findingsAnalyze threatsDefine the scopeMitigate risksWhat discoveries are made while decomposing an application during a PASTA threat model? Select two answers.The types of threats that can be used to compromise dataWhich vulnerabilities can put data at riskHow data travels from users to an organization’s databaseWhich controls are in place to protect data along the wayWhat is the most common form of social engineering used by attackers?RansomwareMalwarePhishingAdwareWhich of the following are common signs that a computer is infected with cryptojacking software? Select three answers.Increased CPU usageSudden system crashesUnusually high electricity costsModified or deleted filesA hacktivist group gained access to the website of a utility company. The group bypassed the site’s login page by inserting malicious code that granted them access to customer accounts to clear their debts.What type of attack did the hacktivist group perform?SpywareWatering holeQuid pro quoInjectionWhich stage of the PASTA framework is related to identifying the application components that must be evaluated?Perform a vulnerability analysisDecompose the applicationDefine the technical scopeConduct attack modelingA threat actor tricked a new employee into sharing information about a senior executive over the phone.This is an example of what kind of attack?MalwareSocial engineeringPretextingPhishing Course 6 - Sound the Alarm: Detection and Response Week 1 The first phase of the NIST Incident Response Lifecycle is Preparation. What are the other phases? Select three answers.IdentifyPost-Incident ActivityDetection and AnalysisContainment, Eradication, and RecoveryWhat type of process is the NIST Incident Response Lifecycle?LinearPhasedObservableCyclicalFill in the blank: An _____ is an observable occurrence on a network, system, or device.analysisincidenteventinvestigationA security professional investigates an incident. Their goal is to gain information about the 5 W's, which include what happened and why. What are the other W's? Select three answers.Which type of incident it wasWho triggered the incidentWhere the incident took placeWhen the incident took place Test your knowledge: Incident response operations What are the goals of a computer security incident response team (CSIRT)? Select three answers.To provide services and resources for response and recoveryTo manage incidentsTo handle the public disclosure of an incidentTo prevent future incidents from occurringWhich document outlines the procedures to follow after an organization experiences a ransomware attack?A network diagramA contact listA security policyAn incident response planFill in the blank: The job of _____ is to investigate alerts and determine whether an incident has occurred.technical leadssecurity analystsincident coordinatorspublic relations representativeWhich member of a CSIRT is responsible for tracking and managing the activities of all teams involved in the response process?Technical leadIncident coordinatorPublic relations representativeSecurity analyst Test your knowledge: Detection and documentation tools What are some examples of types of documentation? Select three answers.Final reportsWord processorsPoliciesPlaybooksFill in the blank: Ticketing systems such as _____ can be used to document and track incidents.CamerasEvernoteJiraExcelWhat application monitors system activity, then produces alerts about possible intrusions?Intrusion detection systemPlaybookProduct manualWord processorWhat actions does an intrusion prevention system (IPS) perform? Select three answers.Detect abnormal activityStop intrusive activityMonitor activityManage security incidents Weekly challenge 1 Which of the following is an example of a security incident?Multiple unauthorized transfers of sensitive documents to an external system.A company’s experiences increased traffic volumes on their website because of a new product release.An extreme weather event causes a network outage.An authorized user emails a file to a customer.What is the NIST Incident Response Lifecycle?The method of closing an investigationA framework that provides a blueprint for effective incident responseA system that only includes regulatory standards and guidelinesThe process used to document eventsWhich of the following are phases of the NIST Incident Response Lifecycle? Select three answers.Containment, Eradication, and RecoveryPreparationDetection and AnalysisProtectionWhat are some roles included in a computer security incident response team (CSIRT)? Select three answers.Security analystIncident coordinatorTechnical leadIncident managerWhat is an incident response plan?A document that outlines the procedures to take in each step of incident responseA document that outlines a security team’s contact informationA document that details system informationA document that contains policies, standards, and proceduresA cybersecurity analyst receives an alert about a potential security incident. Which type of tool should they use to examine the alert's evidence in greater detail?A recovery toolA documentation toolAn investigative toolA detection toolWhich of the following methods can a security analyst use to create effective documentation? Select two answers.Provide clear and concise explanations of concepts and processes.Write documentation in a way that reduces confusion.Provide documentation in a paper-based format.Write documentation using technical language.What is the difference between an intrusion detection system (IDS) and an intrusion prevention system (IPS)?An IDS stops intrusive activity whereas an IPS monitors system activity and alerts on intrusive activity.An IDS monitors system activity and alerts on intrusive activity whereas an IPS stops intrusive activity.An IDS automates response and an IPS generates alerts.An IDS and an IPS both have the same capabilities.What is an example of a workflow that can be automated through security orchestration, automation, and response (SOAR)?The creation of raw log dataThe analysis and response to a security incidentThe creation of potential threatsThe analysis of a centralized platformFill in the blank: During the _____ step of the SIEM process, the collected raw data is transformed to create log record consistency.data analysisdata collectiondata aggregationdata normalization Shuffle Q/A Which step does the NIST Incident Response Lifecycle begin with?Post-Incident ActivityPreparationDetection and AnalysisContainment, Eradication and RecoveryWhat is a computer security incident response team (CSIRT)?A specialized group of security professionals who focus on incident preventionA specialized group of security professionals who are solely dedicated to crisis managementA specialized group of security professionals who are trained in incident management and responseA specialized group of security professionals who work in isolation from other departmentsFill in the blank: Incident response plans outline the _____ to take in each step of incident response.policiesexercisesinstructionsproceduresWhich of the following best describes how security analysts use security tools?They only use detection and management tools during incident investigations.They only use documentation tools for incident response tasks.They use a combination of different tools for various tasks.They only use a single tool to monitor, detect, and analyze events.What are the qualities of effective documentation? Select three answers.ConsistentClearAccurateBriefFill in the blank: An intrusion prevention system (IPS) monitors systems and _____ intrusive activity.stopsreportspausesdetectsWhat happens during the data collection and aggregation step of the SIEM process? Select two answers.Data is analyzed according to rules.Data is collected from different sources.Data is centralized in one place.Data is cleaned and transformed.Which of the following statements describe security incidents and events?All security incidents are events, but not all events are security incidents.Security incidents and events are the same.Security incidents and events are unrelated.All events are security incidents, but not all security incidents are events.A security team uses the NIST Incident Response Lifecycle to support incident response operations. How should they follow the steps to use the approach most effectively?Only use each step once.Complete the steps in any order.Skip irrelevant steps.Overlap the steps as needed.Fill in the blank: A specialized group of security professionals who are trained in incident management and response is a _____.computer security incident response teamforensic investigation teamthreat hunter grouprisk assessment groupA cybersecurity professional is setting up a new security information and event management (SIEM) tool for their organization and begins identifying data sources for log ingestion. Which step of the SIEM does this scenario describe?Aggregate dataAnalyze dataCollect dataNormalize dataWhich of the following is an example of a security incident?An unauthorized user successfully changes the password of an account that does not belong to them.An authorized user successfully logs in to an account using their credentials and multi-factor authentication.A user installs a device on their computer that is allowed by an organization’s policy.A software bug causes an application to crash.What are investigative tools used for?Managing alertsDocumenting incidentsMonitoring activityAnalyzing events What are examples of tools used for documentation? Select two answers.CamerasFinal reportsPlaybooksAudio recorders Fill in the blank: An intrusion detection system (IDS) _____ system activity and alerts on possible intrusions.monitorsmanagesprotectsanalyzes Week 2 How do indicators of compromise (IoCs) help security analysts detect network traffic abnormalities?They define the attacker’s intentions.They provide a way to identify an attack.They capture network activity.They confirm that a security incident happened.Fill in the blank: Data _____ is the term for unauthorized transmission of data from a system.pivotingexfiltrationinfiltrationnetwork trafficAn attacker has infiltrated a network. Next, they spend time exploring it in order to expand and maintain their access. They look for valuable assets such as proprietary code and financial records. What does this scenario describe?Large internal file transferPhishingLateral movementNetwork dataWhat can security professionals use network traffic analysis for? Select three answers.To understand network traffic patternsTo identify malicious activityTo secure critical assetsTo monitor network activity Test your knowledge: Capture and view network traffic Which component of a packet contains the actual data that is intended to be sent to its destination?ProtocolHeaderPayloadFooterFill in the blank: A _____ is a file that contains data packets that have been intercepted from an interface or a network.packet capturenetwork protocol analyzernetwork statisticprotocolWhich field of an IP header is used to identify whether IPv4 or IPv6 is used?Type of ServiceOptionsFlagsVersionWhich network protocol analyzer is accessed through a graphical user interface?TSharkWiresharktcpdumpLibpcap Test your knowledge: Packet inspection Which tcpdump option is used to specify the network interface?-n-i-v-cWhat is needed to access the tcpdump network protocol analyzer?Command-line interfacePacket captureOutputGraphical user interfaceWhat is the first field found in the output of a tcpdump command?VersionTimestampProtocolSource IPYou are using tcpdump to capture network traffic on your local computer. You would like to save the network traffic to a packet capture file for later analysis. Which tcpdump option should you use?-c-r-w-v Weekly challenge 2 Fill in the blank: _____ describes the amount of data that moves across a network.Traffic flowData exfiltrationNetwork trafficNetwork dataWhat tactic do malicious actors use to maintain and expand unauthorized access into a network?ExfiltrationPhishingData size reductionLateral movementWhich packet component contains protocol information?PayloadFooterRouteHeaderDo packet capture files provide detailed snapshots of network communications?Yes. Packet capture files provide information about network data packets that were intercepted from a network interface.No. Packet capture files do not contain detailed information about network data packets.Maybe. The amount of detailed information packet captures contain depends on the type of network interface that is used.How do network protocol analyzers help security analysts analyze network communications? Select two answers.They take action to improve network performance.They provide the ability to filter and sort packet capture information to find relevant information.They take action to block network intrusions.They provide the ability to collect network communications.Which protocol is considered the foundation for all internet communications?UDPIPv4TCPHTTPWhat is used to determine whether errors have occurred in the IPv4 header?FlagsProtocolChecksumHeaderWhat is the process of breaking down packets known as?Fragment OffsetFragmentationFlagsChecksumWhich tcpdump command outputs detailed packet information?sudo tcpdump -v any -isudo tcpdump -i any -vsudo tcpdump -i any -c 100sudo tcpdump -i any -nExamine the following tcpdump output:22:00:19.538395 IP (tos 0x10, ttl 64, id 33842, offset 0, flags [P], proto TCP (6), length 196) 198.168.105.1.41012 > 198.111.123.1.61012: Flags [P.], cksum 0x50af (correct), seq 169, ack 187, win 501, length 42What is the source IP address?22:00:19.538395198.111.123.1198.168.105.141012 Shuffle Q/A Why is network traffic monitoring important in cybersecurity? Select two answers.It provides a method of classifying critical assets.It helps detect network intrusions and attacksIt helps identify deviations from expected traffic flows.It provides a method to encrypt communications.What information do packet headers contain? Select three answers.ProtocolsPayload dataIP addressesPortsFill in the blank: Network protocol analyzers can save network communications into files known as a _____.protocolpacket capturepayloadnetwork packetWhich layer of the TCP/IP model does the Internet Protocol (IP) operate on?InternetApplicationTransportNetwork AccessExamine the following tcpdump output:22:00:19.538395 IP (tos 0x10, ttl 64, id 33842, offset 0, flags [P], proto TCP (6), length 196) 198.168.105.1.41012 > 198.111.123.1.61012: Flags [P.], cksum 0x50af (correct), seq 169, ack 187, win 501, length 42Which protocols are being used? Select two answers.TOSUDPIPTCPWhat are some defensive measures that can be used to protect against data exfiltration? Select two answers.Utilize lateral movementMonitor network activityDeploy multi-factor authenticationReduce file sizes Fill in the blank: The transmission of data between devices on a network is governed by a set of standards known as _____.headersportspayloadsprotocols Network protocol analyzer tools are available to be used with which of the following? Select two answers.Network interface cardInternet protocolGraphical user interfaceCommand-line interfaceWhich IPv4 header fields involve fragmentation? Select three answers.FlagsIdentificationType of ServiceFragment OffsetWhich tcpdump option is used to specify the capture of 5 packets?-v 5-i 5-c 5-n 5Examine the following tcpdump output:22:00:19.538395 IP (tos 0x10, ttl 64, id 33842, offset 0, flags [P], proto TCP (6), length 196) 198.168.105.1.41012 > 198.111.123.1.61012: Flags [P.], cksum 0x50af (correct), seq 169, ack 187, win 501, length 42What is the value of the Type of Service field?0x1065010x50afWhat type of attack involves the unauthorized transmission of data from a system?Data leakData exfiltrationPacket classificationPacket craftingWhich of the following behaviors may suggest an ongoing data exfiltration attack? Select two answers.Outbound network traffic to an unauthorized file hosting serviceUnexpected modifications to files containing sensitive dataMultiple successful multi-factor authentication loginsNetwork performance issuesFill in the blank: tcpdump is a network protocol analyzer that uses a(n) _____ interface.Linuxcommand-lineinternetgraphical userWhich layer of the TCP/IP model is responsible for accepting and delivering packets in a network?TransportInternetNetwork AccessApplicationWhich IPv4 field determines how long a packet can travel before it gets dropped?OptionsHeader ChecksumTime to LiveType of ServiceHow are IP headers valuable for security analysts during investigations?They provide the foundation for communications over the internet.They provide the ability to modify network communications.They provide insight into the details of network communications.They provide the ability to visualize network communications. Week 3 Do detection tools have limitations in their detection capabilities?YesNoWhy do security analysts refine alert rules? Select two answers.To increase alert volumesTo reduce false positive alertsTo create threat intelligenceTo improve the accuracy of detection technologiesFill in the blank: _____ involves the investigation and validation of alerts.HoneypotDetectionAnalysisThreat huntingWhat are some causes of high alert volumes? Select two answers.Refined detection rulesBroad detection rulesMisconfigured alert settingsSophisticated evasion techniques Test your knowledge: Response and recovery A security analyst in a security operations center (SOC) receives an alert. The alert ticket describes the detection of the download of a possible malware file on an employee's computer. Which step of the triage process does this scenario describe?Receive and assessAdd contextCollect and analyzeAssign priorityWhat is triage?The prioritizing of incidents according to their level of importance or urgencyA document that outlines the procedures to sustain business operations during and after a significant disruptionThe ability to prepare for, respond to, and recover from disruptionsThe process of returning affected systems back to normal operationsFill in the blank: _____ is the act of limiting and preventing additional damage caused by an incident.EradicationResilienceContainmentRecoveryWhich examples describe actions related to the eradication of an incident? Select two answers.Apply a patchComplete a vulnerability scanInvestigate logs to verify the incidentDevelop a business continuity planActivity: Review a final report What type of security incident was the organization affected by?RansomwareData theftPhishingMalwareWhich section of the report includes an explanation of the root cause of the incident?InvestigationRecommendationsTimelineExecutive summaryWhat did the attacker use to exploit the e-commerce web application vulnerability?Data breachWeb server logsForced browsingUser errorWhat recommendations did the organization implement to prevent future recurrences? Select two answers.Implemented access control mechanismsPaid the $50,000 payment requestProvided identity protection services to the affected customersImplemented routine vulnerability scans Weekly challenge 3 A security analyst is investigating an alert involving a possible network intrusion. Which of the following tasks is the security analyst likely to perform as part of the Detection and Analysis phase of the incident response lifecycle? Select two answers.Identify the affected devices or systems.Implement a patch to fix the vulnerability.Collect and analyze the network logs to verify the alert.Isolate the affected machine from the network.What are the benefits of documentation during incident response? Select three answers.QualityClarityStandardizationTransparencyAn organization is working on implementing a new security tool, and a security analyst has been tasked with developing workflow documentation that outlines the process for using the tool. Which documentation benefit does this scenario outline?TransparencyClarityQualityStandardizationChain of custody documents establish proof of which of the following? Select two answers.IntegrityValidationQualityReliabilityWhich of the following does a semi-automated playbook use? Select two.Threat intelligenceCrowdsourcingHuman interventionAutomation Which statement best describes the functionality of automated playbooks?They use a combination of flowcharts and manual input to execute tasks and response actions.They use automation to execute tasks and response actions.They require the use of human intervention to execute tasks.They require the combination of human intervention and automation to execute tasks. What are the steps of the triage process in the correct order?Receive and assess, assign priority, collect and analyzeAssign priority, receive and assess, collect and analyzeCollect and analyze, assign priority, receive and assessReceive and assess, collect and analyze, assign priorityFill in the blank: Containment is the act of limiting and _____ additional damage caused by an incident.eradicatingremovingpreventingdetectingFill in the blank: Eradication is the complete _____ of all the incident elements from affected systems.removalpreventionisolationdisconnectionTwo weeks after an incident involving ransomware, the members of an organization want to review the incident in detail. Which of the following actions should be done during this review? Select all that apply.Determine how to improve future response processes and procedures.Determine the person to blame for the incident.Create a final report.Schedule a lessons learned meeting that includes all parties involved with the security incident.During a lessons learned meeting following an incident, a meeting participant wants to identify actions that the organization can take to prevent similar incidents from occurring in the future. Which section of the final report should they refer to for this information?TimelineExecutive summaryDetectionRecommendations Shuffle Q/A After a ransomware incident, an organization discovers their ransomware playbook needs improvements. A security analyst is tasked with changing the playbook documentation. Which documentation best practice does this scenario highlight?Be accurateBe conciseKnow your audienceUpdate regularlyA member of the forensics department of an organization receives a computer that requires examination. On which part of the chain of custody form should they sign their name and write the date?Description of the evidenceCustody logPurpose of transferEvidence movementA security analyst gets an alert involving a phishing attempt. Which step of the triage process does this scenario outline?Add contextReceive and assessAssign priorityCollect and analyzeAfter a security incident involving an exploited vulnerability due to outdated software, a security analyst applies patch updates. Which of the following steps does this task relate to?ResponseReimagingPreventionEradicationWhich step of the NIST Incident Response Lifecycle involves returning affected systems back to normal operations?RecoveryContainmentResponseEradicationWhat questions can be asked during a lessons learned meeting? Select three answers.What time did the incident happen?Which employee is to blame?What could have been done differently?What were the actions taken for recovery?In the NIST Incident Response Lifecycle, what is the term used to describe the prompt discovery of security events?PreparationDetectionValidationInvestigationIn incident response, documentation provides an established set of guidelines that members of an organization can follow to complete a task. What documentation benefit does this provide?ReliabilityIntegrityStandardizationTransparencyWhat are the steps of the third phase of the NIST Incident Response Lifecycle? Select three answers.EradicationRecoveryContainmentResponse Which of the following is an example of a recovery task?Applying a patch to address a server vulnerabilityMonitoring a network for intrusionsDisconnecting an infected system from the networkReinstalling the operating system of a computer infected by malware Fill in the blank: A lessons learned meeting should be held within ____ weeks of an incident.twothreefourfive Which documentation provides a comprehensive review of an incident?TimelineFinal reportLessons learned meetingNew technology An organization is completing its annual compliance audit. The people performing the audit have access to any relevant information, including records and documents. Which documentation benefit does this scenario outline?ConsistencyOrganizationTransparencyAccuracy What are examples of how transparent documentation can be useful? Select all that apply.Meeting cybersecurity insurance requirementsProviding evidence for legal proceedingsDefining an organization's security postureDemonstrating compliance with regulatory requirements An analyst is responding to a distributed denial of service attack (DDoS). They take several manual steps outlined in the organization’s DDoS playbook. Which type of playbook did they use to respond to the incident?SOARSemi-automatedNon-automatedAutomated Week 4 What is the primary purpose of logs during incident investigation?To manage alert volumesTo identify and diagnose system issuesTo improve user experienceTo provide a record of event detailsA security analyst wants to determine whether a suspicious login was successful. Which log type would be most useful for this purpose?NetworkAuthenticationSystemFirewallIn the following log, what action does the log entry record?[ALLOW: wikipedia.org] Source: 192.167.1.1 Friday, 10 June 2022 11:36:12192.167.1.1SourceFriday, 10 June 2022 11:36:12ALLOWFill in the blank: _____ is the process of examining logs to identify events of interest.Log forwarderLog fileLog analysisLogging Test your knowledge: Log components and formats Examine the following authentication log:[2022/12/20 08:20:38.921286] User nuhara logged in successfullyWhat type of information does this log contain? Select two answers.Event descriptionSyslogMessage IDTimestampWhich of the following capabilities can syslog be used for? Select three answers.ExtensionLog formatProtocolServiceWhat are examples of log formats? Select three answers.JavaScript Object Notation (JSON)Gramm-Leach-Bliley Act (GLBA)Common Event Format (CEF)eXtensible Markup Language (XML)Which log format uses tags to structure data?eXtensible Markup Language (XML)VerboseComma Separated Values (CSV)Syslog Test your knowledge: Overview of intrusion detection systems (IDS) A security analyst uses a network protocol analyzer to capture HTTP traffic to analyze patterns. What type of data are they using?Network telemetryHost-basedFalse positiveSignature-basedWhich statement accurately describes the difference between a network-based intrusion detection system (NIDS) and a host-based intrusion detection system (HIDS)?A NIDS is installed on a network; a HIDS is installed on individual devices.A NIDS uses signature analysis to detect threats; a HIDS uses agents.A NIDS is installed on individual devices; a HIDS is installed on a network.A NIDS only detects known threats; a HIDS detects unknown threats.Fill in the blank: The _____ component of an IDS signature includes network traffic information.actionrule optionsheadersignature IDA security analyst creates a Suricata signature to identify and detect security threats based on the direction of network traffic. Which of the following rule options should they use?ContentMessageFlowRev Activity: Perform a query with Splunk How many events are contained in the main index across all time?Over 100,000100-1,00010,00010-99Which field identifies the name of a network device or system from which an event originates?hostsourcetypeindexsourceWhich of the following hosts used by Buttercup Games contains log information relevant to financial transactions?www1vendor_saleswww2www3How many failed SSH logins are there for the root account on the mail server?OneNone100More than 100 Test your knowledge: Overview of SIEM tools Which special character can be used to substitute with any other character in Search Processing Language (SPL)?=!=|*Which of the following steps is part of the SIEM process for data collection? Select three answers.Collect and process data.SIEM tools index data to be made searchable.Normalize data so it is ready to read and analyze.Monitor activity and alerts related to intrusions.Fill in the blank: ____ is a computer language used to create rules for searching through ingested log data.EVE JSONYARA-LNIDSSIEMWhich of the following is Splunk’s query language?UDMSPLSQLIDS Weekly challenge 4 What details do logs contain? Select all that apply.LocationDateForwarderTimeWhat is the difference between a log and log analysis?A log records details in log files. Log analysis involves a high-level overview of all events that happen on the network.A log and log analysis both contain details of events, but they record details from different sources.A log contains log file details. Log analysis involves the collection and storage of logs.A log is a record of events that occur within an organization’s systems. Log analysis is the process of examining logs to identify events of interest.Examine the following log:{“name”: “System test”,“host”: "167.155.183.139",“id”: 11111,“Message”: [error] test,}Which log format is this log entry in?SyslogCSVXMLJSONConsider the following scenario:A security analyst at a midsized company is tasked with installing and configuring a host-based intrusion detection system (HIDS) on a laptop. The security analyst installs the HIDS and wants to test whether it is working properly by simulating malicious activity. The security analyst runs unauthorized programs on the laptop, which the HIDS successfully detects and alerts on.What is the laptop an example of?An endpointAn agentA log forwarderA signatureWhat information is included in a signature’s header? Select all that apply.IP addressPort numberProtocolActionWhich symbol is used to indicate a comment and is ignored in a Suricata signature file?:>#$Which type of log data does Suricata generate? Select all that apply.Network telemetryProtocolAlertSignatureWhich type of Splunk query searches through unstructured log records?Reference searchRaw log searchIndex searchUDM searchWhat is the default method of search in Chronicle?YARA-LRaw logNon-normalizedUDMFill in the blank: SIEM tools _____ raw data so that it is formatted consistently.processingestnormalizecollect Shuffle Q/A Which software is used to collect and send logs?IDSSIEMIPSForwarderExamine the following log:LoginEvent[2021/10/13 10:32:08.958711] auth_session_authenticator.cc:304 Regular user login 1Which type of log is this?LocationApplicationNetworkAuthenticationFill in the blank: A syslog entry contains a header, _____, and a message.structured-dataobjecttageXtensible Markup LanguageFill in the blank: _____ analysis is a detection method used to find events of interest using patterns.EndpointSignatureNetworkHostWhich rule option is used to match based on the direction of network traffic?contentsidflowmessageWhich querying language does Splunk use?Structured Querying LanguageSearch Processing LanguageStructured Processing LanguageSIEM Processing Language Which step in the SIEM process involves the processing of raw data into a standardized and structured format?NormalizeIndexProcessCollect Which Unified Data Model (UDM) field search specifies a security action?security_result.actionblockmetadata.event_typeactionWhat are the steps in the SIEM process for data collection? Select all that apply.IndexNormalizeCollectUnifyWhich of the following refers to a record of events that occur within an organization’s systems?LogsLog sourcesOccurrencesLog forwarderExamine the following log:[2022/12/21 17:46:35.232748] NOTIFY: NetworkPropertiesUpdated: wifi_psk_13Which type of log is this?AuthenticationLocationApplicationNetworkExamine the following log:<111>1 2020-04-12T23:20:50.52Z my.machine.com evntslog - ID01 [user@98274 iut="2" eventSource="Mobile" eventID="24"][Priority@98274 class="low"] Computer AWhat field value indicates the type of device that this event originated from?my.machine.comComputer AMobilelowWhat is the difference between a network-based intrusion detection system (NIDS) and a host-based intrusion detection system (HIDS)?A NIDS collects and monitors network traffic and network data. A HIDS monitors the activity of the host on which it is installed.Both NIDS and HIDS monitor systems and generate alerts, but a NIDS use agents.A NIDS monitors the activity of the host on which it is installed. A HIDS uses signature analysis to analyze network activity.A NIDS logs and generates alerts. A HIDS system monitors endpoint activity.Which rule option is used to indicate the number of times a signature is updated?tcpmsgrevsidFill in the blank: The asterisk symbol is also known as a(n) _____.labelwildcardoptionBoolean operatorFill in the blank: Chronicle uses ______ to define detection rules.UDMYARA-LSQLSPLWhat is the difference between network telemetry and network alert logs?Network telemetry is output in EVE JSON format; network alert logs are output in HTML.Network telemetry is the output of a signature; network alert logs contain details about malicious activity.Network telemetry contains information about network traffic flows; network alert logs are the output of a signature.Both provide information that is relevant for security analysts, but network alert logs contain network connection details. Course 7 - Automate Cybersecurity Tasks with Python Week 1 What tasks would a security analyst most likely automate with Python? Select three answers.Sorting through a log fileAnalyzing network trafficAddressing an unusual cybersecurity concernManaging an access control listWhat are some benefits of using Python in security? Select all that apply.Python reduces manual effort.Python helps automate short, simple tasks.Python is the only language that creates a specific set of instructions to execute tasks.Python can combine separate tasks into one workstream.Which of the following code blocks contains a valid Python comment?: This prints a “Try again” message print(“Try again”) # This prints a “Try again” message print(“Try again”) This prints a “Try again” message print(“Try again”) comment: This prints a “Try again” message print(“Try again”)Which line of code outputs the string "invalid username" to the screen?print(#invalid username#)print(“invalid username”)# print(“invalid username”)print(invalid username) Test your knowledge: Core Python components Which of the following data items are float data? Select all that apply.-2.11815.0“5.2”What code displays the data type of the variable username?username = [“elarson”, “bmoreno”, “tshah”] data_type = type() print(data_type) username = [“elarson”, “bmoreno”, “tshah”] data_type = username print(data_type) username = [“elarson”, “bmoreno”, “tshah”] data_type = type(username) print(data_type) username = [“elarson”, “bmoreno”, “tshah”] type(username) = data_type print(data_type) In the following code, what is the data type of login_success?login_success = ["success", "success", "fail", "success"]IntegerStringListBoolean What is the output of the following code?failed_attempts = 3failed_attempts = 4print(failed_attempts)3743, 4 Test your knowledge: Conditional and iterative statements What will the following code display?ip_address = "192.168.183.51"if ip_address == "192.168.183.51":print("You're logged in.")else:print("Login failed, try again.")“Login failed, try again.”“You’re logged in.”Both “You’re logged in.” and “Login failed, try again.”Nothing Which conditional statement prints the message "account locked" when the value of failed_logins is 3 or higher?if failed_login_count > 3: print(“account locked”) if failed_login_count != 3: print(“account locked”) if failed_logins >= 3: print(“account locked”) if failed_login_count == 3: print(“account locked”) Which code prints all numbers from 3 to 7?for i in range(3, 4, 5, 6, 7): print(i) for i in range(8): print(i) for i in range(3, 7): print(i) for i in range(3, 8): print(i) How many times does the following code print the "security alert" message?count = 0while count < 10:print("security alert")count = count + 150910 Weekly challenge 1 Fill in the blank: Automation is _____.the use of human and manual effort to reduce technological power consumptionthe use of technology to reduce human and manual effort to perform common and repetitive tasksthe combination of technology and manual effort to complete a taskthe replacement of existing technology What is wrong with the following code?for username in failed_login:print(username)The line with for username in failed_login: is not indented.The first line should be split in two, and in failed_login: should be indented on the new line.The line with print(username) is not indented.Both lines are not indented.What data type requires quotation marks (" ")?BooleanStringFloatIntegerWhich line of Python code would create a Boolean value of True?print(“True”)print([“Boolean”])print(25<24)print(10<100)Which line of code assigns the string "dtanaka" to a variable called username?username = “dtanaka”“dtanaka” = usernameusername(“dtanaka”)username = dtanaka What will this code do when you run it?var2 = ["a","b","c"]var2_type = type(var2)print(var2_type)Indicate that var2 contains list dataChange the data type of var2Output the characters “a”, “b”, and “c” to the screenPrint the string “var2_type” to the screen You are checking whether the string stored in a device_id variable matches to the correct device ID, the string "15hgu3769". When it matches, you want to print, "Login successful!". Which conditional statement has the correct syntax needed to do this?if device_id == “15hgu3769”: print(“Login successful!”) if “device_id” = “15hgu3769” print(“Login successful!”) if “device_id == 15hgu3769” print(“Login successful!”) if device_id != “15hgu3769” print(“Login successful!”) Fill in the blank: An else statement _____.is required after every if statementexecutes when the condition in the if statement preceding it evaluates to Falseexecutes when the condition in the if statement preceding it evaluates to Truecontains its own unique conditionWhat will this iterative statement do?for i in [0, 5]:print(i)Output the integer 0Output the integers 0, 1, 2, 3, and 4Output the integers 0 and 5Output the integers 0, 1, 2, 3, 4, and 5If you want to run a loop that repeats if a count variable is less than 50, what code should your loop header contain?while count < 50:while count == 50:print(50)count = count + 50 Shuffle Q/A Fill in the blank: If you use Python code to reduce the manual effort needed to manage an access control list, this is an example of _____.debuggingreassignmentautomationdata analysisThe purpose of the following code is to print an "Attempting connection" message while the value of the count variable is less than 10. The value of count should increase by 1 with each iteration of the loop. What is wrong with the code? Select all that apply.count = 1while count < 10:print("Attempting connection")count = count + 1The line with print(“Attempting connection”) is not indented.The line with while count < 10: is not indented.The line with count = count + 1 is not indented.The line with count = 1 is not indented Fill in the blank: String data _____.must be placed in parenthesesmust be placed in bracketsmust be placed in quotation marksmust include a decimal point Which data type always has a value of either True or False?BooleanFloatListString How do you assign the string value "rtp3426" to a variable called device_id?device_id = “rtp3426”device_id = rtp3426device_id(rtp3426)device_id(“rtp3426”) Fill in the blank: If you ran the following code, the output would _____.var1 = 9.5var1_type = type(var1)print(var1_type)indicate that var1 contains float dataoutput 9.5 to the screenreassign var1 as string datareassign var1 as float data You wrote the following code:if attempts >= 5:print("locked")else:print("try again")If the value in the attempts variable is 3, what will Python do?First output the message “try again” and then output the message “locked”Output the message “locked”Output the message “try again”First output the message “locked” and then output the message “try again” What iterative statement should you use if you want to print the numbers 1, 2, and 3?for i in [1,3]: print(i) for i in range(1,3): print(i) for i in range(0,3): print(i) for i in [1, 2, 3]: print(i) How many times will the following code print the "warning" message?count = 1while count < 5:print("warning")count = count + 15140 You are implementing security measures on a server. If a user has more than 3 failed login attempts, the program should print "locked out". The number of failed login attempts is stored in a variable called failed_attempts. Which conditional statement has the correct syntax needed to do this?if failed_attempts >= 3 print(“locked out”) if failed_attempts <= 3: print(“locked out”) if failed_attempts > 3: print(“locked out”) if failed_attempts < 3 print(“locked out”) You have written the following code:if operating_system == "OS 3":print("Updates needed")You want to add to it so that it will print a "No updates needed" message whenever the value of operating_system is not "OS 3". Which lines of code have the correct syntax to do this?else: print(“No updates needed”) else print(“No updates needed”)elif operating_system == “OS 3”: print(“No updates needed”) else operating_system != “OS 3”: print(“No updates needed”) In a cybersecurity setting, which of these tasks would it be common to apply Python to? Select all that apply.Automating several tasks from a playbook into one workstreamManually checking individual timestamps in a logAutomating how a log is read when responding to an incidentReducing the effort needed to manage an access control list What is the syntax problem in the following code?if username == "aestrada":print("username found")The first line should be indented one space, and the second line should be indented two spaces.The line with print(“username found”) is not indented.The line with if username == “aestrada”: is not indented.Both lines are not indented. What are the variables in the following code? Select all that apply.username = "kcarter"attempts = 5print(username)print(attempts)print("locked")“kcarter”attemptsusername“locked” You want to check the string stored in an update_status variable. When it contains a value of "incomplete", you want to print a "schedule update" message. Right now, this conditional statement is not correct. What are the problems with this conditional statement? Select all that apply.if update_status != "incomplete"print("schedule update")A colon (:) is missing at the end of the conditional header.The operator should not be !=. It should be ==.There should be quotation marks around the variable update_status.The line with print(“schedule update”) should not be indented. You want to print all even numbers between 0 and 10 (in other words, 0, 2, 4, 6, 8, and 10). What should your next line of code be?count = 0while count <= 10:print(count)count = count + 1if count < 10:count = 1count = count + 2 Week 2 In Python, what is a function?A section of code that contains a conditionalA section of code that exists directly in PythonA section of code that can be reused in a programA section of code that contains an iterative statementWhich of the following keywords is essential when defining a function?whileifdefforYou want to define a function that performs a status check. Which of the following is a valid header for the function definition?def status_check()def status_checkdef status_check:def status_check():You are responsible for defining a function alert() that prints out the statement "Security issue detected." Which of the following blocks of code represent the correct indentation for defining and then calling the function? Test your knowledge: Arguments, parameters, and return statements Test your knowledge: Arguments, parameters, and return statementsFill in the blank: In the following code, the integers 5 and 12 are _____: for i in range(5, 12): print(i)functionsparametersreturn statementsargumentsWhat is the correct way to define the function addition() if it requires the two parameters num1 and num2?def addition(num1 num2):def addition(num1 and num2):def addition(num1)(num2):def addition(num1, num2):Which of the following lines of code has correct syntax for printing the data type of the string "elarson"?print(type, “elarson”)print(type(“elarson”))type(print(“elarson”))print(“elarson”, type)Which function definition includes the correct syntax for returning the value of the result variable from the doubles() function?def doubles(num): result = num * 2 return result def doubles(num): result = num * 2 result return def doubles(num): result = num * 2 return = result def doubles(num): result = num * 2 return “result” Test your knowledge: Learn from the Python community Which of these is not included in the Python Standard Library?timeNumPyrecsvWhich of the following resources provides recommendations about including comments in your code?csvrePython Standard LibraryPEP 8Which of the following code blocks have correct indentation?What is a Python module?A Python file that contains additional functions, variables, and any kind of runnable codeA resource that provides stylistic guidelines for programmers working in PythonA text file that contains cybersecurity-related dataA Python function that exists within Python and can be called directly Weekly challenge 2 Which of the following components are part of the header in a function definition? Select all that apply.The keyword returnThe name of the functionThe parameters used in a functionThe keyword defWhich of the following calls to the type() function uses correct syntax?type([55, 81, 17])type([17, 81]):type[(81, 17)]type[81, 55, 17]Review the following code. Which of these statements accurately describes name?def echo(name):return name * 3It is a parameter because it is used in a return statement.It is a parameter because it is included in the function definition.It is an argument because it is included in the function call.It is an argument because it is used in a return statement.Fill in the blank: The re, csv, glob, and time modules are all _____.keywords in a function headerbuilt-in functionspart of the Python Standard Librarypart of PEP 8What does this line of code return? print(max(1,3,7))17311What is returned from the following user-defined function if you pass it the arguments 2 and 3? def add(num1, num2):result = num1 + num2return resultadd(2, 3)2531Which of the following choices is a resource that provides stylistic guidelines for programmers working in Python?rePython Standard LibraryPEP 8globWhat should you do when writing comments? Select all that apply.Keep them up-to-date.Make them clear.Only place them at the beginning of a program.Place them before every line of code.What is a function?A Python file that contains runnable codeA reusable section of codeA set of stylistic guidelines for working in PythonA downloadable resource with code instructionsFill in the blank: A Python file that contains additional functions, variables, classes, and any kind of runnable code is called a _____.parameterlibrarymodulebuilt-in function Shuffle Q/A Which of the following choices is a valid header in a function definition?def remove_user(username):def remove_user(username)remove_user(username):def (remove_user(username))Fill in the blank: A collection of modules that users can access in their programs is a _____.style guidebuilt-in functionlibraryuser-defined functionWhat does this line of code return?print(type("h32rb17"))int“h32rb17”strh32rb17What is returned from the following user-defined function if you pass it the argument "John"?def greet(name):greeting = "Hello"return namegreet("John")“John”name“Hello, John”“Hello John”What can a style guide help you with when working with Python? Select two answers.Making it easier for other programmers to understand your codeFinding new modules you can incorporate into your codeFinding ways to make your code more complexMaking your code more consistentWhy are comments useful? Select three answers.They explain the code to other programmers.They make debugging easier later on.They provide insight on what the code does.They make the code run faster.What are built-in functions?Functions that return informationFunctions that exist with Python and can be called directlyFunctions that take parametersFunctions that a programmer builds for their specific needsYou imported a Python module, what do you now have access to in Python?A manual that informs the writing, formatting, and design of documentsA function that exists within Python and can be called directlyA list of comments that you have included in previous codeAdditional functions, variables, classes, and other kinds of runnable codeWhich of the following calls to the sorted() function uses correct syntax?sorted([532, 73, 85])sorted[73, 85, 532]sorted[(85, 523, 73)]sorted():In the following code, what is the argument?def welcome_user(name):print("Welcome," name)username="elarson"welcome_user(username)welcome_userdefnameusernameWhen working in Python, what is a library?A collection of modules that provide code users can access in their programsA module that allows you to work with a particular type of fileA Python file that contains additional functions, variables, classes, and any kind of runnable codeA collection of stylistic guidelines for working with PythonWhat is returned from the following user-defined function if you pass it the argument of 2?def multiples(num):multiple = num * 3return nummultiples(2)multiples6num2What is an advantage of including this comment in the following code? Select all that apply.# For loop iterates to print an alert message 5 timesfor i in range(5):print("alert")It ensures the loop will function when the code is run in Python.It can help other programmers understand the purpose of this loop.It can help you understand the code if you revisit it in the future.It is displayed in the output when the code is run in Python.Which of the following statements accurately describe functions? Select all that apply.Functions can be used no more than 10 times from within a single program.When functions are updated, the changes are applied everywhere they are used.Functions are useful for automation.Functions can be reused throughout a program.What does this line of code return?print(sorted(["h32rb17", "p52jb81", "k11ry83"]))[“h32rb17”, “k11ry83”, “p52jb81”][“p52jb81”][“p52jb81”, “k11ry83”, “h32rb17”][“h32rb17”] Week 3 Which of the following statements correctly describe strings? Select all that apply.Strings cannot contain numeric characters.Strings must be placed in brackets ([ ]).Strings must be placed in quotation marks (” “).Strings are immutable.What does the following code return?device_id = "uu0ktt0vwugjyf2"print(device_id[2:5])“u0kt”“0ktt”“u0k”“0kt”What does the following code display?device_id = "Tj1C58Dakx" print(device_id.lower())“tj1C58Dakx”“Tj1C58Dakx”“tj1c58dakx”“TJ1C58DAKX”You want to find the index where the substring "192.168.243.140" starts within the string contained in the variable ip_addresses. Complete the Python code to find and display the starting index. (If you want to undo your changes to the code, you can click the Reset button.)What index does the substring "192.168.243.140" start at?31333432 Test your knowledge: Work with lists and develop algorithms Review the following code:my_list = ["a", "b", "c", "d"]my_list[2] = 4print(my_list)What will it display?[“a”, 4, “c”, “d”]An error message[“a”, “b”, 4, “d”][“a”, “b”, “4”, “d”]You are working with the list ["cwvQSQ","QvPvX5","ISyT3a","S7vgN0"]. Its elements represent machine IDs, and the list is stored in a variable named machine_ids. Which line of code will add the ID of "yihhLL" at index 3?machine_ids.append(“yihhLL”,3)machine_ids.insert(“yihhLL”,3)machine_ids.append(“yihhLL”)machine_ids.insert(3,”yihhLL”)Which line of code will remove the username "tshah" from the following list?access_list = ["elarson", "bmoreno", "tshah", "sgilmore"]access_list[“tshah”].remove()access_list.remove(“tshah”)access_list.remove(2)access_list.remove(3)As a security analyst, you are responsible for developing an algorithm that automates removing usernames that match specific criteria from an access list. What Python components would you help implement this? Select three answers.A for loop that iterates through the usernames in the access listThe .remove() methodThe .append() methodAn if statement that compares a username to the criteria for removal Test your knowledge: Regular expressions Which regular expression symbol represents one or more occurrences of a specific character?\d\w*+As a security analyst, you are responsible for finding employee IDs that end with the character and number sequence "a6v". Given that employee IDs consist of both numbers and alphabetic characters and are at least four characters long, which regular expression pattern would you use?“\w*a6v”“a6v”“\wa6v”“\w+a6v”You have imported the re module into Python with the code import re. You want to use the findall() function to search through a string. Which function call enables you to search through the string contained in the variable text in order to return all matches to a regular expression stored in the variable pattern?findall(pattern, text)findall(text, pattern)re.findall(pattern, text)re.findall(text, pattern)Which strings match the regular expression pattern "\w+"? Select all that apply.“3”“FirstName”“#name”“” Weekly challenge 3 Which line of code converts the integer 7 to a string?str(“7”)str(7)string(7)string(“7”)Which line of code returns a copy of the string "HG91AB2" as "hg91ab2"?print(“HG91AB2”.lower())print(“HG91AB2″(lower))print(lower.”HG91AB2″())print(lower(“HG91AB2”))In the string "network", which character has an index of 1?"e""n""k""t" What is the index of the character "4" in the string "h204D3921"?2534You need to take a slice from an employee ID. Specifically, you must extract the characters with indices of 3, 4, 5, and 6. Complete the Python code to take this slice and display it. (If you want to undo your changes to the code, you can click the Reset button.)What string does the code output?“x430”“37×4”“7×43”“237x” You need to take a slice from a network ID. Specifically, you must extract the characters with indices of 6 through 10. Complete the Python code to take this slice and display it. (If you want to undo your changes to the code, you can click the Reset button.)network_id = "l693m585n528"print(### YOUR CODE HERE ###)What string does the code output?"m585n""5n528""585n5""85n52" What is the output of the following code?list1 = [1, 2, 3]list2 = ["a", "b", "c"]print(list1 + list2)[1, 2, 3, “a”, “b”, “c”]An error message[1, “a”, 2, “b”, 3, “c”][6, “abc”]A variable named my_list contains the list [1,2,3,4]. Which line of code adds the element 5 to the end of the list?my_list.insert(4,5)my_list.insert(5)my_list.insert(5,4)my_list.insert(5,5)What is an algorithm?A function that finds matches to a patternA set of guidelines to keep code consistentA function that returns informationA set of rules to solve a problemWhat does the \w symbol match to in a regular expression?Any letterAny character and symbolAny alphanumeric characterAny numberYou have imported the re module into Python with the code import re. Which code searches the device_ids string variable for a pattern of "r15\w+"?re.findall(device_ids, “r15\w+”)findall(“r15\w+”, device_ids)re.findall(“r15\w+”, device_ids)findall(device_ids, “r15\w+”)Which method adds input to the end of a list?.append().lower().insert().index() Shuffle Q/A What is the output of the following code?print(len("125"))31085Which line of code returns a copy of the string "bmoreno" as "BMORENO"?print(“bmoreno”.upper())print(upper.”bmoreno”())print(upper(“bmoreno”))print(“bmoreno”(upper))What is the index of the character "c" in the string "encryption"?2314What is the output of the following code?username_list = ["elarson", "bmoreno", "tshah"]device_id_list = ["us2c0R5", "2R78TBR", "bt3MIEz"]print(username_list + device_id_list)[“elarson”, “us2c0R5”, “bmoreno”, “2R78TBR”, “tshah”, “bt3MIEz”][“us2c0R5”, “2R78TBR”, “bt3MIEz”, “elarson”, “bmoreno”, “tshah”]An error message[“elarson”, “bmoreno”, “tshah”, “us2c0R5”, “2R78TBR”, “bt3MIEz”]A variable named my_list contains the list [1,2,3,4]. Which line of code removes the last element in the list?remove (my_list, 3)remove(my_list, 4)my_list.remove(3)my_list.remove(4)What module do you need to import to use regular expressions in Python?ostimerecsvWhat is the result when .upper() is applied to a string?The character that appears most frequently in the string is extracted from it and returned.The value of the string is reassigned to the value of the string in the line preceding it.The value of the string is reassigned to contain all uppercase letters.A copy of the string is returned with all uppercase letters.What is the output of the following code?approved_users = ["bmoreno", "elarson", "tshah", "eraab"]print(approved_users[1])“elarson”[“bmoreno”, “elarson”, “tshah”, “eraab”, 1]“bmoreno”[1, “bmoreno”, “elarson”, “tshah”, “eraab”]Fill in the blank: A(n) _____ is a set of rules to solve a problem.appendalgorithmregular expressionindexWhich of the following strings match with the regular expression pattern of "\w"? Select all that apply.“W”“security”“2”“1B”What does the re.findall() function return?All possible regular expressions that match to a given stringA list of all matches to a regular expression in a given stringThe first match to a regular expression in a given stringAll occurrences of the pattern “re” in a given stringWhat does the code username_list.append("bmoreno") method do?Returns all matches to the pattern “bmoreno” in the username_list listInserts “bmoreno” at the beginning of the username_list listAdds “bmoreno” to the end of the username_list listUpdates all instances of “bmoreno” in the username_list list to uppercase lettersWhich line of code returns the number of characters in the string assigned to the username variable?print(len(username))print(username.len())print(str(username))print(username.str())Which code joins a list of new_users to a list of approved_users and assigns the value to a third variable named users?users(new_users[1], approved_users[2])users = insert(new_users, approved_users)users = new_users + approved_usersusers(new_users, approved_users)Fill in the blank: Determining that you need to use string slicing and a for loop to extract information from items in a list is part of creating a(n) _____.indexregular expressionappendalgorithm What does the code device_ids.append("h32rb17") do?Adds "h32rb17" to the end of the device_ids listReturns all matches to the pattern "h32rb17" in the device_ids listInserts "h32rb17" at the beginning of the device_ids listUpdates all instances of "h32rb17" in the device_ids list to uppercase letters Week 4 You want to open the file "logs.txt" and store it in the file variable for the purpose of reading it. You also want to ensure all resources are released and the file is closed after you read it. What is the correct line of code to do this?file = open(“logs.txt”, “r”):with open(“logs.txt”, “r”) as file:with file.open(“logs.txt”, “r”):with open(“r”, “logs.txt”) as file:After you’ve opened a log file as login_file, which line of code can you use to read the file and store it in a variable called login_attempts?login_attempts = login_file.reader()login_attempts = login_file.read()login_attempts = read(login_file)login_file.read() as login_attemptsYou just read a log file into a variable called file. The file variable contains a string of multiple IP addresses that are each separated by a whitespace. Which line of code separates each individual IP address and stores it as a list in a variable called ip_addresses?ip_addresses = split(file)split(file, ip_addresses)ip_addresses = file.split()ip_addresses.split(file)You need to check for unusual login activity. Specifically, you need to check a list of login timestamps to determine if any of the login times occurred at unusual hours. If you want to automate this through Python, what would be part of your code? Select two answers.A for loop that iterates through the list of timestampsAn if statement that checks if a specific user has multiple login timestamps during unusual hoursA counter variable that keeps track of the number of failed login attemptsAn if statement that checks if the login timestamp occurred at unusual hours Test your knowledge: Debug Python code What types of errors might you encounter while debugging code? Select three answers.Logic errorsExceptionsSyntax errorsIterativesThe purpose of this code is to indicate whether a particular operating system needs to be updated. However, it contains a syntax error. Run this code, analyze its output, and then debug it. (If you want to undo your changes to the code, you can click the Reset button.)Based on what you discover, how can you fix the error?Remove all colons (:).Change the keyword elsif to elif.Indent the elsif statement.Use single equals signs (=) and not double equals signs (==).You have written code that assigns security incident tickets to the appropriate cybersecurity team based on its priority level. If the priority level is 1, it should get forwarded to Team A. If the priority level is 2, it should get forwarded to Team B. When testing your code, you notice that an incident with priority level 2 is forwarded to Team A instead of Team B. What type of error is this?ExceptionSyntax errorLogic errorName errorYou have written code that uses a search algorithm to find an employee’s IP address. When testing your code, an error message indicates that an unknown index is being accessed. What type of error is this?ExceptionLogic errorSyntax errorIterative Weekly challenge 4 What is debugging?The practice of improving code efficiency.The practice of identifying and fixing errors in code.The practice of improving code readability.The practice of calling a function from multiple places in a larger programThe purpose of the following code is to print the numbers from 0 to 9. Run this code, analyze its output, and then debug it. (If you want to undo your changes to the code, you can click the Reset button.)How can you fix the error?Add a missing colon (:)Remove the quotation marks around numberChange indentationSpell a variable correctlyThe purpose of the following code is to iterate through a list and print a warning message if it finds "user3" in the list. Run this code, analyze its output, and debug it. (If you want to undo your changes to the code, you can click the Reset button.)How can you fix the error?Change “user3” to “user2” in the conditional.Change the indentation so that the line that prints the warning is not indented.Change “user3” to “user1” in the conditional.Change the != operator to the == operator in the conditional. You did not define a function before calling it. What type of error is this?Logic errorIndex out of boundsSyntax errorException You did not assign a value to a variable before using it in a conditional. What type of error is this?Index out of boundsLogic errorSyntax errorExceptionWhy might you use print statements when debugging code?To prevent errors from occurringTo identify which sections of the code are working properlyTo create error messagesTo add missing syntax to the codeWhich of these functions or arguments should you include in a with statement if you want Python to open a file called access.txt so that it can be read? Select three answers.“r”read()open()“access.txt”The logins variable is a string containing 20 device IDs. The device IDs are separated by spaces. In order to pass it into a function that checks the login count of each device, the string should be divided into a list of separate IDs. How do you convert this string into a list and store it in a device_ids variable?device_ids = logins.split()logins.split() as device_idsdevice_ids = device_ids.split(logins)device_ids = split(device_ids, logins)Fill in the blank: If you use the .split() method to convert a string into a list so that it can be read more easily, this would be an example of _____.slicingparsingdebuggingdividingAfter you’ve opened a log file as file, which line of code will help you read the file into a variable called text?text.read(file)text = file.read()text = read(file, “r”)text = read(file)You want to check for unusual login activity. Specifically, you want to read a log file that contains information on each login attempt, including whether it failed or was successful. You should then parse the data into a logins list, and then you should separate all failed log entries into a separate failed_logins list. If you want to automate this through Python, what would be part of your code? Select three answers.An if statement to check if a login attempt failedA for loop to iterate through all items in the logins listA counter variable to keep track of the number of failed loginsA split() function to split the login information into a list Shuffle Q/A You included username_list[10] in your code, but username_list only contains five elements. What type of error is this?Logic errorExceptionName errorSyntax errorIf you know there is a logic error somewhere inside a function, how can you figure out the exact location?Place print statements in and around the functionMove the function to another locationDelete the function from the programWrite comments in and around the functionIf you want to read a file called "logs.txt", which line of code allows you to open this file for purposes of reading it and store it in a variable called file?with open(“logs.txt”, file, “r”):with file.open(“logs.txt”, “r”):with open(“logs.txt”, “r”) as file:with open(“logs.txt”) as file:You’ve read a log file into the variable file_text. The file_text variable contains a string of 50 usernames of employees at your company. In order to pass it into a function that checks the login count of each user, the string should be divided into a list of separate usernames. How do you convert this string into a list and store it in a variable usernames?file_text.split() as usernamesusernames = usernames.split(file_text)usernames = file_text.split()usernames = split(usernames, file_text)What are the three types of errors you will encounter while debugging?Logic errors, comment errors, and iterative errorsExceptions, logic errors, iterative errorsSyntax errors, exceptions, and comment errorsSyntax errors, logic errors, and exceptionsThe purpose of the following code is to print the characters in a device ID. Run this code, analyze its output, and then debug it. (If you want to undo your changes to the code, you can click the Reset button.)What is the error related to?A misspelled variableA missing double equals sign (==)A missing quotation mark (“)A missing colon (:)When debugging code, what are effective ways to determine which sections of code are working properly? Select all that apply.Add comments in the codeUse a debuggerDelete blank lines from the codeAdd print statementsWhat does the following code do?with open("logs.txt", "r") as file:It copies a file called “logs.txt” into a new file “r”.It opens a file called “logs.txt” in write mode and stores it in a variable called file.It copies a file called “r” into a new file “logs.txt”.It opens a file called “logs.txt” in read mode and stores it in a variable called file. What does the following code do?logins = "pwashing jhill tshah"usernames = logins.split()Removes the last username in the logins variable and stores the string in the usernames variableRemoves the blank spaces that split the usernames in the variable logins and stores the string in the variable usernamesSplits a string variable called logins into a list of strings and stores it in the variable usernamesSplits a string variable called logins into single characters What is parsing?The process of reading data line by lineThe process of copying data to other filesThe process of writing data to a new fileThe process of converting data into a more readable formatWhat is the practice of identifying and fixing errors in code?ParsingSlicingDebuggingSplittingThe purpose of this code is to print "user flagged" if the username is "jhill", and otherwise to print "user okay". Run this code, analyze its output, and debug it. (If you want to undo your changes to the code, you can click the Reset button.)How can you fix this error?Call check_user() before the function definition.Remove indentation from the line that prints “user okay” so that it is not part of the conditional.Use the != operator instead of the == operator in the conditional header.Add an else statement before the line that prints “user okay”.You did not define a function before calling it. What type of error is this?Index out of boundsSyntax errorLogic errorExceptionWhat does the following code do? read_text = text.read()Reads the string text and stores it the file read_textSplits the text variable, which contains a string, and stores it as a list in read_textReads the text variable, which contains a file, and stores it as a string in read_textReplaces the contents of the file read_text with the contents of the file textYou want to check for unusual login activity. Specifically, you want to check if there were more than three failed login attempts in the last 10 minutes by the last user who logged in. If you want to automate this through Python, what would be part of your code? Select three answers.A for loop that iterates through the list of loginsA line of code that reassigns a counter variable to 0 if there is a failed login attemptA counter variable that increments when a failed login is detectedAn if statement that checks if there were more than three failed login attempts What does the following code do?new_format = old_format.read()Reads the old_format variable, which contains a file, and stores it as a string in new_formatInserts the string stored in the new_format variable into the file stored in the old_format variableDetects certain text patterns in old_formatPrints the contents of old_format Course 8 - Put It to Work: Prepare for Cybersecurity Jobs Week 1 What does a security mindset enable a security analyst to do when protecting their organization? Select two answers.Evaluate risks and identify potential system breachesApprove social media connections from security professionalsRecognize what they are defendingEvaluate employee retentionWhich type of asset would have the least impact on an organization if it were compromised?Trade secretsIntellectual propertyFinancial informationGuest Wi-Fi networkHow can security analysts cultivate a security mindset?By researching the latest security vulnerabilitiesBy signing non-disclosure agreements (NDAs)By protecting public data from being accessed and sharedBy sharing sensitive information with those who request itWhich of the following examples describes the use of a security mindset? Select two answers.Exercising suspicion before opening email attachmentsReusing passwords for multiple accountsDownloading email attachments from unknown sendersReporting suspicious emails Test your knowledge: Your impact on data protection A security analyst notices that an employee has installed an app on their work device without getting permission from the help desk. The log indicates that potentially malicious code might have been executed on the host. Which of these security events should the security analyst escalate to a supervisor?The employee installing an app without permission should be escalated.Both events should be escalated.Neither event should be escalated.The log indicating malicious code might have been executed on the host should be escalated.Which are types of data and assets that stakeholders are most interested in protecting? Select two answers.Company policiesSensitive financial dataSocial media presenceCustomers’ usernames and passwordsFill in the blank: When a security event results in a data breach, it is categorized as a _____.security incidentthreatvulnerabilityassetWhich of the following are examples of the potential impact of a security incident involving malicious code?Loss of assetsOperational downtimeFinancial consequencesData protection Weekly challenge 1 Fill in the blank: A security mindset is the _____.ability to help an organization’s human resources (HR) department remain compliant at all timesintent to provide quality security services to an organization’s development operations teamopportunity to showcase your Linux and other coding related technical skillsability to evaluate risk and constantly seek out and identify the potential or actual breach of a system, application, or dataAs a security analyst, you are responsible for protecting an organization’s low-level assets and high-level assets. Which of the following is considered a high-level asset?Company job descriptionsPublic press releasesIntellectual propertyGuest Wi-Fi networkFill in the blank: A security mindset helps a security analyst _____.defend against constant pressure from cyber attackersrecognize the difference between physical security and cybersecurityapply for an engineering rolereinforce the expectations of security stakeholdersWhich of the following are examples of private data? Select two answers.Government trade agreementsCustomer bank account informationEmployee identification numbersEmployee email addressesWhat term is used to describe individuals of an organization who are interested in protecting sensitive financial data, customers’ usernames and passwords, and third-party vendor security?Executive security administratorsData managersInformation protection advisorsStakeholdersFill in the blank: The decisions a security analyst makes can affect the organization that the analyst works for and other team members across the organization. These decisions also affect ______.the analyst’s chance for a promotionthe financial marketscompetitors in the industrythe customers of the organization that hired the analystWhat are some ways that security analysts protect data? Select three answers.Understanding the organization’s assetsReporting small eventsIgnoring small eventsPaying attention to detailFill in the blank: When a security event results in a data breach, it is categorized as a _____.vulnerabilitysecurity eventsecurity incidentthreatFill in the blank: An organization is responsible for protecting its customers' sensitive data. Examples of the kinds of sensitive data that must be protected include ____ and _____. Select two answers.social security numbersbank statementsprivate social media pageswebsite URLsWhich of the following can cause a company to experience loss of credibility, financial loss, or regulatory fines?A cybersecurity awareness month phishing programThe resignation of the company’s social media managerEmployee security awareness trainingA data breach Shuffle Q/A Which concept focuses on understanding how to evaluate risk and identify the potential for a breach of a system, application, or data?Security analyst evaluationSecurity recognitionSecurity mindsetPython knowledgeAs a security analyst, you are responsible for protecting an organization’s low-level assets and high-importance assets. Which of the following is considered a low-level asset?Company trade secretsGuest Wi-Fi networkCustomer email addressesIntellectual propertyWhich of the following assets can be protected by adopting a security mindset? Select three answers.Sensitive customer dataFinancial informationIntellectual propertyNetwork equipmentAn employee at a healthcare company accesses a patient's medical history and payment information to provide treatment. Which type of data is this classified as?Sensitive dataConfidential dataPrivate dataPublic dataFill in the blank: _____ are interested in protecting sensitive financial data, customers’ usernames and passwords, and third-party vendor security.StakeholdersSocial media influencersWeb programmersHIPAA compliance officersWhat are some examples of the customer data that security analysts protect? Select two answers.Product announcementsPasswordsNewslettersCredit card numbersFill in the blank: _____ must be protected at all times. An organization can lose its credibility with its customers if it is not properly protected.Employee salariesAn organization’s social media pageSensitive customer dataAn organization’s termination policyWhich of the following are the best examples of possible consequences of a data breach? Select two answers.Improved hardware functionalitySignificant reduction in employee retentionLoss of credibilityRegulatory finesWhich of the following examples are considered public data? Select two answers.Health insurance informationProduct announcementsPress releasesPassport numbersFill in the blank: One of the most important concerns for most organizations is the protection of _____.customer dataguest Wi-Fisocial mediajob postingsA security analyst notices that an employee has installed an app on their work computer without getting permission from the IT service desk. The security analyst also notices that antivirus software recorded a potentially malicious execution on the same computer. Which of these security events should the security analyst escalate to their supervisor?Both events should be escalated.Neither event should be escalated.The employee installing an app without permission should be escalated.The potentially malicious code detected by the antivirus software should be escalated.Which of the following is an essential way to maintain a security mindset?Evaluate risksSeek engineering mentorsEscalate major security issues within one weekWork various security jobs with different organizationsFill in the blank: Entry-level analysts can help protect low-level assets, such as an organization’s _____.guest Wi-Fi networkfinancial informationtrade secretscompany job descriptionsWhich of the following statements best describes the relationship between a security mindset and asset protection?A security mindset helps analysts protect low-level assets.A security mindset is not important for protecting assets.A security mindset helps analysts protect high-importance assets.A security mindset helps analysts protect all levels of assets.Who will be affected by the decisions you make as a security analyst? Select two answers.The financial marketsThe customers of the organization that hired youCompetitors in the same industryThe organization that hired you Fill in the blank: A security analyst should _____ escalate potential security events.neverrarelysometimesalwaysWhat is the correct term for a security event that results in a data breach?Compromised dataData security eventSecurity incidentPhishing incident Which of the following are examples of sensitive customer data that most organizations prioritize? Select two answers.Social media profilesCredit card numbersUsernames and passwordsJob postings Week 2 Fill in the blank: A malware infection is an incident type that occurs when _____.a website experiences high traffic volumesmalicious software designed to disrupt a system infiltrates an organization’s computers or networka computer’s speed and performance improvesan employee of an organization violates the organization’s acceptable use policiesFill in the blank: Improper usage is an incident type that occurs when _____.an individual gains digital or physical access to a system or application without permissionmalicious software designed to disrupt a system infiltrates an organization’s computers or network.an employee of an organization violates the organization’s acceptable use policiesan employee that runs an organization’s public relations posts incorrect data on the company’s social media pageWhen should you escalate improper usage to a supervisor?Improper usage incidents should always be escalated out of caution.Improper usage incidents should be escalated if there is a high level of improper usage.Improper usage attempts that affect high-priority assets should be escalated; other improper usage instances are not as important.Improper usage does not need to be escalated because these are in-house scenarios that can be handled without reporting them to the security team.Fill in the blank: Unauthorized access is an incident type that occurs when _____.an individual gains digital or physical access to a system, data, or an application without permissionan individual gains digital or physical access to a system, data, or an application without permissionmalicious software designed to disrupt a system infiltrates an organization’s computers or networkan employee of an organization violates the organization’s acceptable use policies Test your knowledge: Timing is everything All security incidents should be escalated.TrueFalseWhich incident can have the most impact on an organization?An employee forgets their login credentialsA user’s social media password is leakedA manufacturing plant’s network is compromisedAn organization’s guest Wi-Fi network is downFill in the blank: A(n) _____ is a set of actions that outlines who should be notified when an incident alert occurs and how that incident should be handled.playbookeventsecurity incidentescalation policyWhich incident classification type occurs when an employee violates an organization’s acceptable use policy?Improper usageMalware infectionUnauthorized accessContainment Weekly challenge 2 What security term describes the identification of a potential security event, triaging it, and handing it off to a more experienced team member?Incident escalationSOC operationsSocial engineeringData security protectionWhich skills will help you identify security incidents that need to be escalated? Select two answers.Excellent communication skillsAbility to collaborate well with othersAttention to detailAbility to follow an organization’s escalation guidelines or processesFill in the blank: Entry-level analysts might need to escalate various incident types, including _____.noncompliance of tax lawsmismanagement of fundsimproper usagemissing softwareImproper usage can be intentional; other times it can be accidental. How should you decide which acts of improper usage should be escalated to a supervisor?Improper usage incidents should always be escalated as a precaution.Improper usage should never be escalated to a supervisor.Only intentional acts of improper usage should be escalated.Improper usage attempts that affect high-priority assets should be escalated; other improper usage instances are not as important.You are alerted that a hacker has gained unauthorized access to one of your organization’s manufacturing applications. At the same time, an employee’s account has been flagged for multiple failed login attempts. Which incident should be escalated first?Both security incidents should be escalated at the same time.The incident involving the employee who is unable to log in to their account should be escalated first.The incident involving the malicious actor who has gained unauthorized access to the manufacturing application should be escalated first.The best thing to do is escalate the incident that your supervisor advised you to escalate first.What is the best way to determine the urgency of a security incident?Contact the risk assessment team to determine urgency.Reach out to the organization’s Red Team supervisor to determine urgency.Identify the importance of the assets affected by the security incident.Email the Chief Information Security Officer (CISO) of the company for clarification.Fill in the blank: An escalation policy is a set of actions that outlines _____.how to manage the security stakeholders of an organizationhow to escalate customer service complaintshow to defend an organization’s data and assetshow to handle a security incident alertFill in the blank: _____ is important when following a company’s escalation policy to ensure you follow the policy correctly.Attention to detailDelegating tasksReading quicklyWorking remotelyFill in the blank: An entry-level analyst helps the security team make sure the _____ person on the team is alerted when incidents occur.technicalavailablecorrectmost senior-levelWhich of the following security incidents is likely to have the most negative impact on an organization?An employee sends an email to the wrong colleagueUnauthorized access to a manufacturing applicationAn employee’s account flagged for multiple login attemptsAn employee having a phone conversation about a work project in the breakroom Shuffle Q/A Fill in the blank: _____ is a skill that will help you identify security incidents that need to be escalated.Graphics designAttention to detailLeadershipLinux operationsAs a security analyst, you might be asked to escalate various incidents. Which of the following are common incident classification types? Select two answers.Malware infectionSPAMGift card scamUnauthorized accessAn employee attempting to access software on their work device for personal use can be an example of what security incident type?Unauthorized accessImproper usageMalware infectionSocial engineeringWhat is a potential negative consequence of not properly escalating a small security incident? Select two answers.The company can suffer a loss in reputation.The company’s antivirus software can be uninstalled.The company’s employee retention percentage can decrease drastically.The company can suffer a financial loss.You have recently been hired as a security analyst for an organization. You previously worked at another company doing security, and you were very familiar with their escalation policy. Why would it be important for you to learn your new company’s escalation policy?Every company has a different escalation policy, and it is an analyst’s job to ensure incidents are handled correctly.The policy will help you analyze data logs.The policy will advise you on who to report to each day.The escalation policy will help you with vulnerability scanning.Fill in the blank: An _____ will help an entry-level analyst to know when and how to escalate a security incident.executive security dashboardescalation policyemployee security handbookblue team CIRT guidelineFill in the blank: Incident escalation is the process of _____.reporting a security incident to a human resource department for compliance purposesproperly assessing security eventscreating a visual dashboard that shows security stakeholders the amount of security incidents taking placeidentifying a potential security incident , triaging it, and handing it off to a more experienced team memberWhat does attention to detail and following an organization’s security event notification process help you with?Vulnerability scanningIncident escalationSecurity data forensicsLog monitoringWhat elements of security do terms like unauthorized access, malware infections, and improper usage describe?Public press releasesPhishing attemptsCompany job descriptionsIncident classification typesWhich of the following security incidents can have the most damaging impact to an organization?A system containing customer PII is compromisedA company’s social media account is compromisedThe guest Wi-Fi network for a company is hackedAn employee forgets their password and logs too many failed login attemptsA security analyst for an organization notices unusual log activity in an app that was recently banned from the organization. However, the analyst forgets to escalate this activity to the proper personnel. What potential impact can this small incident have on the organization?Small incidents rarely have any impact on an organization.The organization might need to delete its social media profile.It can become a bigger threat.The third-party assessment team might be removed by the organization.What security term is defined as a set of actions that outlines who should be notified when an incident alert occurs?A security risk assessorAn escalation policyA network architecture alertA vulnerability scan systemWhy is it important for analysts to follow a company’s escalation policy? Select two answers.An escalation policy can help analysts determine the best way to cross-collaborate with other members of their organization.An escalation policy instructs analysts on the right person to contact during an incident.An escalation policy can help analysts determine which tools to use to solve an issue.An escalation policy can help analysts prioritize which security events need to be escalated with more or less urgency.A new security analyst has just been hired to an organization and is advised to read through the company’s escalation policy. What kind of information will the analyst be educated on when reading through this policy?They will learn when and how to escalate security incidents.They will learn the best way to communicate with stakeholders.They will learn how to use the Linux operating system.They will learn the best way to create visual dashboards to communicate with executives.Unauthorized access to a system with PII is _____ critical than an employee’s account being flagged for multiple failed login attempts.marginallymoreequallylessHow can an escalation policy help security analysts do their jobs?An escalation policy outlines who should be notified when an incident occurs.An escalation policy outlines when to alert the public of a data breach.An escalation policy educates analysts on how to be aware of phishing attempts.An escalation policy instructs the analysts on how to scan for vulnerabilities. Which of the following is an essential part of incident escalation?Communicate a potential security incident to a more experienced team memberMake reactive decisionsMaintain data logs that detail previous security eventsCreate a visual dashboard that details a solution to the security problem Which incident type involves an employee violating an organization’s acceptable use policy?Malware infectionImproper usagePhishingUnauthorized access Week 3 Which of the following should a security analyst do before communicating the results of a vulnerability test to stakeholders? Select three answers.Use visual aidsChoose an appropriate communications mediumUse highly technical detailsConsider the nature of the information that is being communicatedIf a stakeholder fails to respond to an email in a timely manner, which communication steps are the next best options? Select two answers.Send an instant messageComplain to human resources (HR)Make a phone callReport to the organization’s Chief Information Security Officer (CISO)Fill in the blank: The use of _____ to tell a security story can help security analysts communicate impactful data and metrics.visualscross-site scriptingdirect phone callsinstant messagesWhich software programs can be used as tools for sharing and telling a visual story about data? Select all that apply.Apache OpenOfficeGoogle DocsGoogle SheetsLinux Weekly challenge 3 What term is used to define an individual or a group that has an interest in the decisions or activities of an organization?Audit specialistIncident response managerDecision-making managerStakeholderFill in the blank: The _____ is an example of a security stakeholder who is most interested in protecting the data and assets of an organization.social media manageraccounts receivable specialistin-house graphic designeroperations managerA security operations manager often works directly with a security analyst as the first line of defense to protect an organization from what challenges? Select two answers.A lack of an employee consortiumThe use of social media on work devicesVulnerabilitiesRisksFill in the blank: Information that is communicated to ____ is considered sensitive.the general publicstakeholdersan organization’s competitorsemployees regarding social eventsWhich of the following guidelines can help security analysts improve stakeholder communications? Select two answers.Use technical security terms as much as possibleInclude as many topics as possibleBe preciseAvoid unnecessary technical termsWhich of the following is an example of a security event that should be communicated to a stakeholder?Incorrect office hours posted on social mediaA tax auditMalicious code detected in logsThe resignation of a human resources employeeFill in the blank: Visual communications to stakeholders can be used to convey key details in the form of ____.text messages and chartstext-filled documents and graphslogs and alertsgraphs and chartsWhy is it important for analysts to use visuals to tell a security story?Visuals can help an analyst communicate impactful metrics and data.Visuals can help an analyst identify which details are most important for different stakeholders.Visuals can help an analyst prioritize which incidents need to be escalated with more or less urgency.Visuals can help an analyst determine which tool to use to solve a security challenge.Fill in the blank: For security purposes, it is important to communicate sensitive information with _____.supervisioncaregraphs and chartsa low level of urgencyStakeholders have many responsibilities, so they might miss an email or fail to respond promptly. If an analyst needs to reach a stakeholder right away, what might be a better option for stakeholder communication?A follow-up investigationA phone callAn email to the CISOA follow-up email to the stakeholder’s supervisor Shuffle Q/AWhich of the following are stakeholders interested in having knowledge of? Select two answers.The online reviews for their organizationSocial media reviews for their competitor’s organizationThe decisions of their organization’s leadershipThe activities of their organizationWhich security stakeholder helps recognize risks and manage the response to security incidents?Risk managerChief Information Security Officer (CISO)Operations managerChief Financial Security Officer (CFO)Handling the daily maintenance of security operations is the general responsibility for which security stakeholder?Operations managerChief Information Security Officer (CISO)Chief Financial Security Officer (CFO)Entry-level security analystAn analyst sends an email to stakeholders about a recent security breach. While writing the email, the analyst is mindful about what they say and which stakeholders they communicate the information to. Why does the analyst take this approach?Information that is communicated to stakeholders is sensitive.Information can be sent to stakeholders instead of managers.Information about a security breach might improve the company’s reputation.Information sent via email can be considered public knowledge.Fill in the blank: Communications with stakeholders should always be precise, avoid unnecessary technical terms, and _____.include numerous security questionstell an elaborate story to ensure your point is madehave various purposes to maximize timehave a clear purposeGraphs and charts can be used to create which form of stakeholder report?Text-filled documentsText messagesPhone callsVisual communicationsFill in the blank: In the field of security, it is important to communicate _____ with care.sensitive informationpublicly available informationnonsensitive informationtime off requestsWhat is the best way to follow-up with a stakeholder who has not immediately responded to your email? Select two answers.File a complaint with human resourcesCall them on the phoneReport the issue to your supervisorSend them an instant messageWhich of the following statements best describes the information that is communicated to stakeholders?It is sensitive.It is proprietary.It is shareable to the entire organization.It is publicly available.Which of the following options is the best way to handle the detection of malicious code in logs?Handle the incident using your Linux knowledgeReport the incident directly to the CISOCommunicate the incident to a security stakeholderWait until a more experienced team member notices itFill in the blank: Creating ____ communications allows a security stakeholder to view representations of what is being explained using graphs and charts.audiovisualcomplexsimpleYou have recently been hired as a security analyst for an organization. You’ve been asked by a security stakeholder to provide information on how often the employees from various departments are clicking on simulated phishing emails. What action can you take to best communicate this information?Use visuals, such as charts and graphs, to tell the security storySend an email that explains the necessary informationCall the stakeholder and directly update themAsk your supervisor to report your findings because you are newFill in the blank: If a stakeholder fails to respond to an important message you sent them right away, the best approach to reach them is to follow-up with _____.an email to the CISOa phone call or an instant messagean email to your immediate supervisora text message to the stakeholder’s manager What is a stakeholder?The security professionals who manage the SOC operations for an organizationAn individual or a group that has an interest in any decision or activity of an organizationAn individual or a group that manages the public relations crisis for an organizationA customer who depends on an organization to protect their sensitive financial and medical data Which individuals are considered security stakeholders? Select three answers.Risk managersChief Information Security Officers (CISOs)Help desk analystsOperations ManagersYou are alerted that a malicious actor has gained unauthorized access to one of your organization’s manufacturing applications. You need to inform the operations manager as soon as possible. What is the best way to communicate this information?Clearly and conciselyWith a corporate-wide emailWith a dashboard visualizationWith a phone callAn analyst finishes an incident review. Next, they want to clearly communicate meaningful data from their findings. What action can they take to share this information?Use visuals to tell a security storyCollaborate with the publicity team to develop a communication strategyRequest that the Chief Technology Officer (CTO) sends a summary emailAsk stakeholders to report their findings Week 4 Which of the following methods can be used to build your cybersecurity network? Select three answers.Join cybersecurity associations.Attend cybersecurity conferences.Connect with security professionals using social media.Research the latest threats and vulnerabilities.Fill in the blank: A security professional can sign up for _____ to keep up with key trends and topics in the industry.Linux training courseshealthcare magazinesengineering mailing listssecurity mailing listsWhich of the following strategies can an aspiring security analyst use to connect with security professionals? Select two answers.Subscribe to security mailing lists.Leverage professional social media sites such as LinkedIn®.Create a newsletter.Join security associations.How can engaging with the security community help newcomers establish a security career? Select two answers.By connecting with other security professionalsBy focusing on improving technical skillsBy engaging in unethical security activitiesBy staying informed about the latest security news Weekly challenge 4 You are being interviewed for a cybersecurity analyst role with a mid-level organization. During the interview, the hiring manager asks you what resources you believe are most valuable for staying up-to-date on the most critical security risks to web applications. Which of the following resources would you suggest?Risk Management for Security GeeksCSO OnlineOWASPKrebs Explains SecurityFill in the blank: ____ is a security website that covers security news and investigations into cyber attacks.Security Investigation by KrebsThe Washington Post Security GuideKrebs on SecuritySecurity from Kreb’s Point of ViewWhich site do many CISOs in the security industry review for security tips and ideas?The Security CISO OnlineThe CSO Security Expert DigestCSO OnlineCSO Tips for BeginnersWhich security resource provides information on analytics and application security, mobile and cloud security, and the Internet of Things (IoT)?Krebs Knows SecurityKrebs on SecurityCSO OnlineDark ReadingFill in the blank: _____ is a great way to connect to other security professionals in the industry.Knocking door-to-doorAsking friends and family members who are not in the security industry for introductionsStaying away from social mediaNetworking on social mediaFill in the blank: _____ is a great way to connect with security professionals on social media.Responding to unfamiliar messagesAttempting to hack a security team member and resolving that hack in a timely fashionReading and commenting on the social media posts of leaders in the security industryReading CISO posts on social mediaFill in the blank: _____ for the name of the CISO of an organization is a good first step to finding a CISO to follow on social media.Asking social media friendsAsking friends or family membersChecking an organization’s blogConducting an internet searchWhat is a good way to find other security analysts in the industry to follow on social media?Search for security engineers on LinkedIn®Cold call various security teams until someone agrees to connect with you on social mediaPut out a social media post that asks all security analysts to follow youSearch for cybersecurity analysts on LinkedIn®Fill in the blank: For individuals who are not active on social media, _____ is another great way to connect with security professionals.taking a class on how to foster a collaborative team environmentjoining different security associationsjoining exclusive CFO seminarstaking a social media training courseFill in the blank: When determining a security association to join, it's important to _____.select one that is geared towards advanced security professionalsselect one that aligns with your professional goalsask the CISO of the most recent organization you applied to for suggestionsjoin one that is closest to where you live, so you’re able to attend in person Shuffle Q/A Which well-known security website was created by former Washington Post reporter, Brian Krebs?Security from Kreb’s Point of ViewBrian Knows SecurityThe Washington Post Security GuideKrebs on SecurityFill in the blank: _____ provides news, analysis, and research on various security and risk management topics.Risk Management for Security GeeksKrebs Explains SecurityWho Knows Security?CSO OnlineFill in the blank: Although many security websites and blogs provide different relevant security tips, _____ specifically provides information on analytics and application security, mobile and cloud security, and the Internet of Things (IoT).Dark ReadingCSO OnlineKrebs on SecurityKreb’s Cloud Security BlogYou’ve recently completed the Google Cybersecurity Certificate and decide it’s time to connect with other security professionals. Which of the following is a great way to connect with security professionals?Searching for them on social mediaAsking friends and family members who are not in the security industry to connect you with people they knowStaying away from social mediaCalling different organizations and asking to speak with their security teamsYou’ve recently completed the Google Cybersecurity Certificate and decide it’s time to connect with other security professionals. Which of the following is a great way to connect with security professionals on social media? Select two answers.Follow leaders in the security industryRespond to messages of people on social media that you’re unfamiliar with, as long as their profile says they’re in the security industryRead and comment on the social media posts of leaders in the security industrySend messages to a security supervisor until they agree to be your mentorFill in the blank: The first step to finding a CISO to follow on social media is to conduct a(n) _____ for the name of the CISO of an organization.cross-reference checkbackground checkexternal security auditinternet searchWhat is a great way to connect with security professionals or find mentors in the security industry without using social media?Search for CISOs on LinkedIn®Do an internet search for entry-level security analysts in your areaJoin different security associationsAttend a social media training seminarWhich security website covers security news and investigations into cyber attacks?Online CISOKreb’s Security PerspectiveSecurity Investigation by KrebsKrebs on SecurityWhich of the following is a good first step to finding a CISO to follow on social media?Ask friends in the e-commerce industry about which CISOs to followConduct a background check on CISOs in your areaSend multiple messages to a company on their social media page and ask how to contact their CISO directlyConduct an internet search for the name of the CISO of an organizationOn social networks like LinkedIn®, you can find security professionals by searching for “cybersecurity analysts” or a similar search term. After this search, what is the best way to filter through those search results?Filter for people who talk about # (hashtag) cybersecurityFilter for people who talk about # (hashtag) product engineeringFilter for people who talk about # (hashtag) PythonFilter for people who talk about # (hashtag) social mediaFill in the blank: _____ is a great way to connect with security professionals without using social media.Cold calling security teams from different companiesDoing an internet search for entry-level security analysts in your areaJoining different security associationsContacting a CISO directly via emailFill in the blank: Selecting a security association that _____ will help ensure you find the one that best fits your needs.is within a five-mile radius of your homehas excellent online reviewsaligns with your professional goalsis dedicated to senior-level analystsFill in the blank: The OWASP is a standard awareness document that lists the top _____most critical security risks to web applications.1050520What is the best search term to use to find a security organization to join?“Incident response teams”“Industry associations”“Top CISOs in my area”“Cybersecurity industry associations” Fill in the blank: The _____ is a standard awareness document that lists the top 10 most critical security risks to web applications.Programming for Security ProtectionWall Street JournalOWASPRed Teaming BlogFill in the blank: _____ is an online security resource that provides information on analytics and application security, mobile and cloud security, and the Internet of Things (IoT). Krebs Knows SecurityCSO OnlineKrebs on SecurityDark Reading Which of the following is a good way to use social media to connect with security professionals? Select two answers.Send messages to a security supervisor until they agree to be your mentorRead and comment on social media posts of leaders in the security industryFollow leaders in the security industry on social mediaRespond to messages of people on social media that you’re unfamiliar with, as long as their profile says they’re in the security industry Week 5 Which of the following strategies are effective ways to prepare for a job interview? Select three answers.Review the job descriptionPractice describing your skills and experiencesCall the chief information security officerReview your resumeWhich of the following actions should you take before a video interview to prevent technical difficulties during the interview? Select two answers.Install the required video conference applicationConduct pre-interview researchTest video and audio settingsAdjust the lightingFill in the blank: Establishing _____ with the interviewer is an important step to take and can help you leave a positive impression with the interviewer.a conversational tonedata typesroadblocksa rapportWhich of the following post-interview practices is an effective way to stand out as a candidate?Apply to the position againAsk the interviewer how other candidates did during their interviewsSend a gift to the interviewerSend a follow-up email to the interviewer Test your knowledge: Develop an elevator pitchFill in the blank: Elevator pitches enable you to summarize your experience, skills, and background to potential employers in about ____.10 minutesFive minutes60 seconds2 minutesWhat are effective strategies to use when sharing your elevator pitch? Select two answers.Be succinct.Mention mistakes you made at previous jobs.Describe the technical skills that you plan to learn.Speak at a relaxed pace.In which of the following scenarios would it be appropriate to share your elevator pitch? Select two answers.At the end of a job interviewWhen meeting new friends or colleaguesWhen introducing yourself to career and business connectionsAfter you receive a job offerWhat is a best practice when sharing your elevator pitch with a potential employer?Speak in a conversational toneSpeak quicklyUse a lot of technical termsDisclose why you left your previous job Weekly challenge 5 What are examples of skills that are transferable to a cybersecurity role? Select three answers.Written and verbal communication skillsAttention to detailCollaboration skillsSocial media skillsWhich personal details should be included at the top of your resume? Select three answers.Your professional titleYour summary statementYour nameYour educationWhat can the skills section of your resume include? Select two answers.Programming skillsA history of previous work experiencesYour email addressSecurity frameworksWhich of the following statements is suitable to include in the work experience section of a resume? Select two answers.Tasked with handling security challengesCollaborated with a team of six to develop training for more than 25 company employeesSecurity tasks were handledConducted monthly vulnerability assessmentsWhich of the following sections should be included at the bottom of your resume?Contact informationSkill competenciesWork experienceEducation/CertificationsFill in the blank: It is important to make sure there are no _____ errors in your resume before sending it to potential employers.technicallocation-basedcybersecuritygrammaticalFill in the blank: _____ is a good way to begin preparing for a job interview.Reviewing the job descriptionDressing in casual clothingMemorizing your resumeChecking the company’s stock priceFill in the blank: Testing your video and audio settings before a video conference interview will help you correct any _____ before the interview.nervousnesstechnical issuesLinux programming issuesconfusion about interview questionsWhich term describes a friendly relationship in which the people involved understand each other’s ideas and communicate well with each other?PhishingSocial networkingRapportSocial engineeringA potential candidate is interviewing for a security analyst role. The candidate says the following when responding to a scenario-based question: “The outcome led to an increase in total sales over the two months that my manager was out of the office.” Which part of the STAR method does this response demonstrate?ResultSituationActionTask Shuffle Q/A Fill in the blank: A resume might also be referred to as a _____.standard frameworkcurriculum vitaeprofessional referencecover letterWhich details should your resume’s summary statement include? Select two answers.Your professional references’ names and email addressesSpecific words from the responsibilities section of the job descriptionYour professional titleYour strengths and relevant skillsFill in the blank: The _____ section of your resume should list capabilities that are related to the position you are applying to.technical programmingsummary statementskillsprofessional referencesFill in the blank: In the experience section of your resume, you should list your _____.contact informationprofessional referenceswork historyLinux programming skillsYou are currently working on completing a certificate program and will complete the program soon. How should you indicate that in the certification/education section of your resume?”Completed”“Partially fulfilled”“In progress”“Incomplete”What are effective ways to prepare for your job interview? Select three answers.Practice speaking about the experiences and skills that the employer is looking forReview the job descriptionReview your notes on the NIST Framework to refresh your memoryResearch the company’s former Chief Financial Officer (CFO)Why is building rapport important in the job interview process? Select two answers.It can distract the interviewerIt can reduce your chances of getting hiredIt can help ease nervousness during the interviewIt can help enhance the communication between you and the interviewerA potential candidate is interviewing for a security analyst role. The candidate says the following when responding to a scenario-based question: “It was up to me to manage the product sales for the next two months while the department manager was away from the company.” Which part of the STAR method does this response demonstrate?TaskSituationResultActionFill in the blank: After the name and summary section, the next part of your resume is the _____.cybersecurity experience sectionresponsibilities sectionprofessional references sectionskills sectionFill in the blank: Under the education/certification section of your resume, you should list any subjects you studied related to _______.social engineeringPythonthe job you are applying forprevious work experiencesBefore finalizing your resume, which of the following best practices should you follow? Select two answers.Ensure your resume is a maximum of 2 pages longEnsure your resume is a minimum of 3 pages longCheck that your resume uses at least 2 font colorsCheck for spelling and grammatical errorsWhich steps are essential when preparing for a video interview? Select two answers.Test your video and audio settingsBuild a rapport with the interviewerWrite a cover letterFind a quiet location in your homeFill in the blank: Resumes typically list your last _____ years of work experience.threefive2010When do you begin to build rapport with your potential employer?On your first day of employmentDuring the second round of interviewsDuring your first interaction by phone, email, or video conferenceDuring the technical interview Fill in the blank: To calm your nerves before the interview begins, _____ and remind yourself about the preparation you have put in.review Linux commandstake a few deep breathscall your professional referencesreview other job postings A hiring manager recently reached out to you for a video interview. You have never used the software required for you to join the interview. What should you do to prepare?Request an in-person interview insteadDownload the software specified by the interviewer in advanceInform the interviewer that you do not know how to use this particular softwareDownload the video conference software that you are familiar with instead More certification answers our continuously expanding library in CertificationAnswers.com
