Incident Detection and Response Coursera Quiz Answers 2022 | All Weeks Assessment Answers [💯Correct Answer]

Hello Peers, Today we are going to share all week’s assessment and quiz answers of the Incident Detection and Response course launched by Coursera totally free of cost✅✅✅. This is a certification course for every interested student.

In case you didn’t find this course for free, then you can apply for financial ads to get this course for totally free.

Check out this article – “How to Apply for Financial Ads?”

About The Coursera

Coursera, India’s biggest learning platform launched millions of free courses for students daily. These courses are from various recognized universities, where industry experts and professors teach very well and in a more understandable way.

---

Here, you will find Incident Detection and Response Exam Answers in Bold Color below.

These answers are updated recently and are 100% correct✅ answers of all week, assessment, and final exam answers of Incident Detection and Response from Coursera Free Certification Course.

Use “Ctrl+F” To Find Any Questions Answer. & For Mobile User, You Just Need To Click On Three dots In Your Browser & You Will Get A “Find” Option There. Use These Option to Get Any Random Questions Answer.

About Incident Detection and Response Course

Welcome to course seven, which is about finding and dealing with problems. If someone breaks into your systems and stays there for months without being noticed by your systems, administrators, security experts, or end users, it’s like giving that person the keys to your business or organization.

Course Apply Link – Incident Detection and Response

Incident Detection and Response Quiz Answers

Week 01: Incident Detection and Response Coursera Quiz Answers

Knowledge Check: Monitoring Systems Quiz Answer

Q.1. Directions: Answer the following true/false questions to review monitoring system terminology.    True or False? Real-time monitoring provides a means for immediately identifying overt and covert events. (D3, L7.1)   

• True
• False

Q.2. True or False? Non-real-time monitoring is not considered useful in terms of incident detection and response. (D3, L7.1)   

• True
• False

Q.3. True or False? An IDS has the ability to stop certain types of activities. (D3, L7.1)   

• True
• False

Applied Scenario 1 Review: Access Controls and UEBA Quiz Answer

Q.1 Directions: Answer the following questions regarding IMI’s UEBA system. (D3, L7.1)  Match the five typical use cases associated with UEBA to their description.

Connected devices that might contain sensitive data, of which IMI has hundreds. Used in the design, manufacturing and transportation to customers.  

• Data loss prevention
• Entity analytics (IoT) devices
• Incident prioritization
• Compromised insiders
• Malicious insiders

Q.2. A contractor or employee who, for whatever reason, has turned to the “dark side,” perhaps a disgruntled employee or a malicious actor placed within IMI. If these insiders also have privileged account access, the potential impact increases. 

• Data loss prevention
• Entity analytics (IoT) devices
• Incident prioritization
• Compromised insiders
• Malicious insiders

Q.3. MI has always made use of these solutions to track suspicious network activities such as file access, data transfers, and suspicious email usage. IMI has found that this method of tracking in particular results in extremely high volumes of alerts 

• Data loss prevention
• Entity analytics (IoT) devices
• Incident prioritization
• Compromised insiders
• Malicious insiders

Q.4. It is not uncommon to see situations where an attack from outside the organization has been successful with the end result being that privileged accounts are compromised or low-level accounts have been compromised and elevated. What is less common is discovering this type of attack using more traditional security tools and techniques.

• Data loss prevention
• Entity analytics (IoT) devices
• Incident prioritization
• Compromised insiders
• Malicious insiders

Q.5. SIEM solutions collect and aggregate information from a range of disparate devices to provide a central repository for analysis. The analytical element within UEBA helps to quickly identify and understand which events are the most suspicious and potentially the most harmful.   

• Data loss prevention
• Entity analytics (IoT) devices
• Incident prioritization
• Compromised insiders
• Malicious insiders

Q.6. Based on the screen capture, what indicated the user John Johnson network, file and email activities are suspicious? 

• A research file was accessed
• The user logged in at 10:07 a.m.
• Large files were sent to a personal email account 
• The user does not have a company email 

 Data Loss Prevention Quiz Answer

You are on a team of security professionals working for Any bank, and you have been tasked with implementing a DLP solution for them. You will be giving a presentation later in the week to discuss your implementation plan, and your team wants to make a good impression. The CISO has given you a list of questions to help you prepare for the meeting.   Directions: Answer the following questions regarding your DLP solution for the bank. (D3, L7.1) 

Q.1. Which of the following is an important step to implementing a DLP solution? 

• Identify the types and locations of information the organization possesses. 
• Classify data types by sensitivity and how that data enters, flows, and exits the systems. 
• Outline information relating to data repositories and transmission paths. 
• All of these.

Q.2. Do specific policies need to be created? 

• Yes
• No

Q.3. Which mode of operation is best when first implementing a DLP solution, active or passive? 

• Active
• Passive

Q.4. What might a limitation be when considering DLP?   

• Sensitive data would not be able to be copied without authorization.
• There is visibility into where data is being stored, sent, etc.  
• Encrypted files and/or traffic can’t be examined without first decrypting it. 
• All of these.

Q.5. Which of these would be the most urgent signal or event for security personnel to respond to? (D3, L7.1) 

• Precursors 
• Indicators 
• Indicators of compromise 
• Event of interest 

Debrief Report Quiz Answer

Q.1. You are the security professional for an online retailer XYZ Online Ltd.  An incident occurred several days ago in which a fire broke out at one of the company’s distribution centers. The incident was dealt with and a debriefing with those involved has been carried out.  

Directions: Help complete the debrief report by matching the comment needed in the report to the correct party or issue presented in the debriefing. (D4, L7.2) 

Fire department took longer than expected to respond to the alarm activation or 911 (999) call.

• Water (Identified by fire department)
• Failure to declare (Identified by Health and Safety Executive, a UK government agency)
• Hazard identification
• Lack of information provided
• Emergency service response time (Identified by XYZ Online)
• Failure to update

Q.2. Fire hydrant access blocked, lack of water supplies, low water pressure

• Water (Identified by fire department)
• Failure to declare (Identified by Health and Safety Executive, a UK government agency)
• Hazard identification
• Lack of information provided
• Emergency service response time (Identified by XYZ Online)
• Failure to update

Q.3. Fire department called, middle and senior management not informed. General public not notified.

Water (Identified by fire department)

• Failure to declare (Identified by Health and Safety Executive, a UK government agency)
• Hazard identification
• Lack of information provided
• Emergency service response time (Identified by XYZ Online)
• Failure to update

Q.4. This was potentially a major incident with wider reaching health and/or safety implications 

• Water (Identified by fire department)
• Failure to declare (Identified by Health and Safety Executive, a UK government agency)
• Hazard identification
• Lack of information provided
• Emergency service response time (Identified by XYZ Online)
• Failure to update

Q.5.Timely updates to all personal, regulatory bodies and the general public not issued.

• Water (Identified by fire department)
• Failure to declare (Identified by Health and Safety Executive, a UK government agency)
• Hazard identification
• Lack of information provided
• Emergency service response time (Identified by XYZ Online)
• Failure to update

Q.6. Batteries, chemicals, toxic substances, waste products.

• Water (Identified by fire department)
• Failure to declare (Identified by Health and Safety Executive, a UK government agency)
• Hazard identification
• Lack of information provided
• Emergency service response time (Identified by XYZ Online)
• Failure to update

Which statement best describes an adverse event?  (D4, L7.2) 

• Adverse events are unplanned, possibly accidental occurrences that impact normal IT and OT operations, such as a server shutdown or corruption of data.
• Adverse events may be unplanned and accidental disruptions to IT and OT operations or they may be part of an attack.
• Adverse events are deliberate, hostile disruptions of IT and OT operations.
• Adverse events are disruptions caused by external causes, such as bad weather, power or internet outages, or internal events such as a fire alarm being triggered. 

Activity 3: Forensic Investigations

You have been asked to assist the corporation’s cyber forensics team in a suspected case of identity theft. An investigation has been launched because customer account information, including names, addresses and payment card details, has been found on the dark web.  It is not clear whether the information may have been stolen by someone within the organization, whether there was an additional external element to the theft or if a data breach has indeed occurred.  Directions: Consider the scenario and answer the following questions: (D4, L7.3) 

Q.1. What might be the best way to try and establish the extent of the problem? 

• Ask your supervisor 
• Try searching the dark web for traces
• Report that there is no evidence of a data breach
• All of these

Q.2. You have completed the search and discovered that there has indeed been a major data breach. What might be your next step? 

• Review the log data
• Prepare a media/police report
• Reset all company logins
• None of these

Q.3. After examining the network activity log files, nothing springs out as an indicator of an external attack. However, looking at the UEBA logs you notice that one of your employees, Sasha Coen, is being flagged. She is accessing the customer accounts files at odd times, usually outside of her normal working hours. What would need to be examined? 

• Sasha’s personal cellphone
• Sasha’s home
• Sasha’s work computer
• All of these

Week 02: Incident Detection and Response Coursera Quiz Answers

Chapter 7 Quiz: Incident Detection and Response

This quiz will help you to confirm your understanding and retention of concepts for this chapter. Please complete it by answering all questions, reviewing correct answers and feedback, and revisiting any chapter material you feel you need extra time with.

Instructions

1. This Assessment contains 10 objective item questions.
2. Recommended time limit is 20 minutes, 2 minutes per question.
3. Choose the best answer(s) for each question.
4. You have unlimited attempts and may complete this assessment as many times as you would like.
5. Passing grade for this quiz is 70%.
6. Score of highest attempt will be calculated.

Your score and quiz report

1. Each question carries 1 point.
2. For each question, a 1/1 point indicates correct answer and 0/1 point indicates incorrect answer which you see upon quiz submission.
3. Upon completion, you will be able to see your total number of attempts along with the score for each attempt.
4. Your overall grade reflects the score of your highest attempt.
5. Click on each attempt to view the completed quiz.

Q.1. What is the difference between a real and a virtual IRT?   (D4, L7.2)

• Real IRTs meet in an incident response center, SOC or other facility; virtual ones meet in the cloud.
• Virtual IRTs have permanently assigned members, who may or may not be called on as needed for any given incident; real IRTs are staffed from third-party service organizations.
• Real IRTs are staffed by permanent employees or members of the organization, have designated work centers or locations and are trained and certified in incident response; virtual IRTs use volunteer or part-time talent, and their members may or may not be fully trained or certified.
• There is no difference between a real and virtual IRT.

Q.2. Which of the following would not be acceptable in evidence collection?​ (D4, L7.3)

• Collect “live” evidence first​
• Use any forensic tool you are familiar with​
• Create disk images
• Use write blockers

Q.3. Incident response planning and procedures should include clearly defined internal communication channels that address which of the following? (D4, L7.2)

• Escalation
• End user advisories
• Lessons learned and continued engagement updates
• All of these

Q.4. Before a complete DLP solution can be introduced, you would need to consider all of the following except which one? (D3, L7.1)

• Data in motion
• Data by time
• Data in use
• Data in storage

Q.5. Which of the following is true regarding computer intrusions?  (D3, L7.1)

• Covert attacks such as a distributed denial-of-service (DDoS) attack harm public opinion of an organization.
• Overt attacks are easier to defend against because they can be readily identified.
• Network intrusion detection systems (NIDSs) help mitigate computer intrusions by notifying personnel in real time.
• Social engineering attacks are less effective than technical attacks.

Q.6. A security information and event management (SIEM) service performs which of the following functions?  (D3, L7.1)

• Configures software for security policies and procedures
• Aggregates logs from security devices and application servers looking for suspicious activity
• Documents incident handling and communication
• Matches user system authorization with physical access permissions

Q.7. With respect to network devices, servers, endpoints and other hosts, which of the following would be essential to support incident detection and characterization?  (D3, L7.1)

• Using the same network time service (NTS)
• Using the same brand and version of IDS, IPS and blocked/allowed behavior control tools
• Using an IAAA
• Having all devices protected by identity-based firewalls

Q.8. Which of the following statements about taking control of a scene is not correct? (D4, L7.3)

• The controller must prevent anyone from entering the scene until the investigator has arrived.
• Once evidence has been collected and removed, the person controlling the scene directs recovery efforts.
• The person controlling the scene must ensure that no one can make changes to the scene and cannot take pictures, recordings or videos unless they enter beyond the chain of custody.
• The person taking control of the scene ensures that the scene is protected from contamination or changes that might destroy evidence.

Q.9. Which of the following would not normally be a part of an all-source threat intelligence assessment? (D3, L7.1)

• Social media such as Facebook or Twitter feeds
• News and entertainment channels
• Digital discovery orders

Q.10. Which tasks can SOAR systems do that SIEMs cannot? Select all that apply. (D4, L7.3)

• Create and manage a secure evidence (custody) facility
• Remotely manage the collection and collation of data from security appliances, devices, servers, endpoints and agents
• Support user creation of workflows to direct and control the execution of routine and emergency tasks, such as data analysis or incident response
• Remotely manage configuration settings for security appliances, devices, servers, endpoints and agents

More About This Course

Course 7 is about finding and dealing with incidents.

Welcome to course seven, which is about finding and dealing with problems. If someone breaks into your systems and stays there for months without being noticed by your systems, administrators, security experts, or end users, it’s like giving that person the keys to your business or organization.

Most of the time, an organization finds out about a data breach when someone tells them that their private information is for sale on the dark web.

Many of the top people in the security field say that we all need to do more to find the intruders in our stories. Many people even say that the main job of security professionals should be to find intruders.

Ransomware attacks have turned into a big business, with large-scale extortion attacks, the sale of ransomware attack tools and services, and the use of any data that was stolen during a breach.

Government officials and business people all over the world have been speaking out about this new and very scary change to the way advanced persistent threat, or APT, attackers do business. In this chapter, we’ll talk about how to find intrusions and incidents.

Many of the tools, techniques, technologies, and ideas you’ll see here have already been covered in other chapters. This class brings them all together and starts by talking about how to find the intruder.

Model one uses the ideas of precursors and indicators. Precursors are signals that warn us ahead of time and give us a real warning about a risk event. Indicators of compromise are signals that we know can only mean a hostile agent has gotten in. In module two, you’ll learn more about what to do after you think you’ve found a possible intrusion. This will help you understand incident response better.

In module three, we look more closely at how to help with forensic investigations. Forensics is a way of thinking about a situation or event that is based on facts and not on feelings. It’s your inner child looking at something and wondering about it.

Then, answer each of those questions with more questions, letting the facts you find shape your growing understanding of what happened, how, why, where, who did it, and what effects it might have.

Once you know the answers to these questions, you can go back and look at the risk mitigation controls to see if any of them need to be changed, replaced, or added to.

Goals for learning in Course 7

When a person finishes this course, he or she will be able to:

L7.1: Use all-source intelligence to look over the steps for monitoring, finding incidents, and stopping data loss.

L7.2: Name the parts of an incident response policy and the people who make up the incident response team (IRT).

L7.3: Describe the role of the security professional in helping with forensic investigations.

Course Agenda

Module 1: Use all-source intelligence to monitor and find incidents (Domain 3: Identifying, monitoring, and analyzing risks)

Module 2: Help with the incident lifecycle (Domain 4: Response to and recovery from incidents).

Module 3: Know how forensic investigations work and help with them (Domain 4: Incident Response and Recovery).

Beginners should take this course.

Experience Required: No prior experience is required

Conclusion

Hopefully, this article will be useful for you to find all the Week, final assessment, and Peer Graded Assessment Answers of the Incident Detection and Response Quiz of Coursera and grab some premium knowledge with less effort. If this article really helped you in any way then make sure to share it with your friends on social media and let them also know about this amazing training. You can also check out our other course Answers. So, be with us guys we will share a lot more free courses and their exam/quiz solutions also, and follow our Techno-RJ Blog for more updates.