IT Security Coursera Quiz & Assessment Answers | Google IT Support Professional Certificate in 2021

Hello Peers, Today we are going to share all week assessment and quizzes answers of IT Security, Google IT Support Professional course launched by Coursera for totally free of cost✅✅✅. This is a certification course for every interested student.

In case you didn’t find this course for free, then you can apply for financial ads to get this course for totally free.

Check out this article for“How to Apply for Financial Ads?”

About this Course-

This course covers a wide variety of IT security concepts, tools, and best practices. It introduces threats and attacks and the many ways they can show up. We’ll give you some background of encryption algorithms and how they’re used to safeguard data. Then, we’ll dive into the three As of information security: authentication, authorization, and accounting. We’ll also cover network security solutions, ranging from firewalls to Wifi encryption options. The course is rounded out by putting all these elements together into a multi-layered, in-depth security architecture, followed by recommendations on how to integrate a culture of security into your organization or team.

At the end of this course, you’ll understand:

  • How various encryption algorithms and techniques work as well as their benefits and limitations.
  • Various authentication systems and types.
  • The difference between authentication and authorization.
  • How to evaluate potential risks and recommend ways to reduce risk.
  • Best practices for securing a network.
  • How to help others to grasp security concepts and protect themselves.

Skills you will gain

  • Cybersecurity
  • Wireless Security
  • Cryptography
  • Network Security

Here, you will find IT Security Exam Answers in Bold Color which are given below.

Use “Ctrl+F” To Find Any Questions Answer. & For Mobile User, You Just Need To Click On Three dots In Your Browser & You Will Get A “Find” Option There. Use These Option to Get Any Random Questions Answer.

Apply Link –
IT Security

IT Security Coursera Quiz & Assessment Answers

1. Understanding Security Threads

Malicious Software

Question 1

In the CIA Triad, “Confidentiality” means ensuring that data is:

  • accurate and was not tampered with.
  • not accessible by unwanted parties.
  • accessible anonymously.
  • available and that people can access it.

“Confidentiality,” in this context, means preventing unauthorized third parties from gaining access to the data.

Question 2

In the CIA Triad, “Integrity” means ensuring that data is:

  • available and that people can access it.
  • not accessible by unwanted parties.
  • truthful and honest.
  • accurate and was not tampered with.

That’s not the kind of integrity we’re referring to here. Data integrity means ensuring that data is not corrupted or tampered with.

Question 3

In the CIA Triad, “Availability” means ensuring that data is:

  • available to anyone from anywhere.
  • accurate and was not tampered with.
  • not accessible by unwanted parties.
  • available and people can access it.

“Availability,” in this context, means ensuring that data and services remain accessible to those who are authorized to access them.

Question 4

What’s the relationship between a vulnerability and an exploit?

  • A vulnerability takes advantage of an exploit to run arbitrary code or gain access.
  • An exploit takes advantage of a vulnerability to run arbitrary code or gain access.
  • They’re unrelated.
  • An exploit creates a vulnerability in a system.

A vulnerability is a bug or hole in a system. It allows an attacker to gain access by using an exploit, which takes advantage of the vulnerability.

Question 5

Which statement is true for both a worm and a virus?

  • They’re self-replicating and self-propagating.
  • They’re undetectable by antimalware software.
  • They infect other files with malicious code.
  • They don’t cause any harm to the target system.

Both worms and viruses are capable of spreading themselves using a variety of transmission means.

Question 6

Check all examples of types of malware:

  • Key Generators
  • Adware
  • Worms
  • Viruses

These three are all examples of unwanted software that can cause adverse affects to an infected system, which is exactly what malware is

Question 7

What are the characteristics of a rootkit? Check all that apply.

  • Is difficult to detect
  • Is harmless
  • Is destructive
  • Provides elevated credentials

A rootkit is designed to provide administrator-level access to a third party without the system owner’s knowledge. Given this, rootkits are usually designed to avoid detection and can be difficult to detect.

Network Attacks

Question 1

What are the dangers of a man-in-the-middle attack? Check all that apply.

  • An attacker can block or redirect traffic.
  • An attacker can destroy data at rest.
  • An attacker can eavesdrop on unencrypted traffic.
  • An attacker can modify traffic in transit.

A man-in-the-middle attack means that the attacker has access to your network traffic. This allows them to eavesdrop, modify traffic in transit, or block traffic entirely. Yikes!

Question 2

Why is a DNS cache poisoning attack dangerous? Check all that apply.

  • It allows an attacker to redirect targets to malicious webservers.
  • Errrr…it’s not actually dangerous.
  • It affects any clients querying the poisoned DNS server.
  • It allows an attacker to remotely control your computer.

By inserting fake DNS records into a DNS server’s cache, every client that queries this record will be served the fake information. This allows an attacker to redirect clients to a web server of their choosing.

Question 3

Which of the following is true of a DDoS attack?

  • This type of attack causes a significant loss of data.
  • An attacker sends attack traffic directly to the target.
  • Attack traffic comes from lots of different hosts.
  • Attack traffic is encrypted.

The “Distributed” in DDoS means that the attack traffic is distributed across a large number of hosts, resulting in the attack coming from many different machines.

Question 4

Which of the following result from a denial-of-service attack? Check all that apply.

  • Malware infection
  • Data destruction
  • Slow network performance
  • Service unreachable

A denial-of-service attack is meant to prevent legitimate traffic from reaching a service. This is usually done by flooding the victim with attack traffic, degrading network and system performance, and rendering services unreachable.

Other Attacks

Question 1

How can you protect against client-side injection attacks? Check all that apply.

  • Use data sanitization
  • Use a SQL database
  • Utilize strong passwords
  • Use input validation

By checking user-provided input and only allowing certain characters to be valid input, you can avoid injection attacks. You can also use data sanitization, which involves checking user-supplied input that’s supposed to contain special characters to ensure they don’t result in an injection attack.

Question 2

True or false: A brute-force attack is more efficient than a dictionary attack.

  • TRUE
  • FALSE

A brute-force attack tries out every possible valid combination of characters to guess the password, while a dictionary attack only tries passwords contained in a dictionary file. This means the dictionary attack is more efficient, since it doesn’t generate the passwords and has a smaller number of guesses to attempt.

Question 3

Which of the following scenarios are social engineering attacks? Check all that apply.

  • An attacker performs a DNS Cache poisoning attack.
  • Someone uses a fake ID to gain access to a restricted area.
  • An attacker performs a man-in-the-middle attack.
  • You receive an email with an attachment containing a virus.

A malicious spam email is a form of social engineering; the email is designed to trick you into opening a malicious payload contained in the attachment. Using a fake ID to gain entry to somewhere you’re not permitted is impersonation, a classic social engineering technique.

Graded Assessment

https://drive.google.com/drive/folders/1xVnX4YdZuNC0034yu3vFZT3_nNm0_0Hj?usp=sharing

2. Pelgbybtl

Cryptography Applications

Question 1

What information does a digital certificate contain? Check all that apply.

  • Public key data
  • Identifying information of the certificate owner
  • Digital signature
  • Private key data

A digital certificate contains the public key information, along with a digital signature from a CA. It also includes information about the certificate, like the entity that the certificate was issued to.

Question 2

Which type of encryption does SSL/TLS use?

  • Asymmetric encryption
  • Symmetric encryption
  • Neither
  • Both

SSL/TLS use asymmetric algorithms to securely exchange information used to derive a symmetric encryption key.

Question 3

What are some of the functions that a Trusted Platform Module can perform? Check all that apply.

  • Remote attestation
  • Malware detection
  • Secure user authentication
  • Data binding and sealing

A TPM can be used for remote attestation, ensuring that a host is a known good state and hasn’t been modified or tampered (from a hardware and a software perspective). TPMs can also seal and bind data to them, encrypting data against the TPM. This also allows it to be decrypted by the TPM, only if the machine is in a good and trusted state.

Hashing

Question 1

How is hashing different from encryption?

  • Hashing operations are one-directional.
  • Hashing is meant for large amounts of data, while encryption is meant for small amounts of data.
  • It’s less secure.
  • It’s faster.

Hash functions, by definition, are one-way, meaning that it’s not possible to take a hash and recover the input that generated the hash. Encryption, on the other hand, is two-directional, since data can be both encrypted and decrypted.

Question 2

What’s a hash collision?

  • When two identical files generate different hash digests
  • When a hash digest is reversed to recover the original
  • When two different hashing algorithms produce the same hash
  • When two different files generate the same hash digest

If two different files result in the same hash, this is referred to as a hash collision. Hash collisions aren’t awesome, as this would allow an attacker to create a fake file that would pass hash verification.

Question 3

How is a Message Integrity Check (MIC) different from a Message Authentication Code (MAC)?

  • A MIC only hashes the message, while a MAC incorporates a secret key.
  • A MAC requires a password, while a MIC does not.
  • They’re the same thing.
  • A MIC is more reliable than a MAC.

A MIC can be thought of as just a checksum or hash digest of a message, while a MAC uses a shared secret to generate the checksum. This also makes it authenticated, since the other party must also have the same shared secret, preventing a third party from forging the checksum data.

Question 4

How can you defend against brute-force password attacks? Check all that apply.

  • Store passwords in a rainbow table.
  • Incorporate salts into password hashing.
  • Run passwords through the hashing function multiple times.
  • Enforce the use of strong passwords.

A brute-force password attack involves guessing the password. So, having complex and long passwords will make this task much harder and will require more time and resources for the attacker to succeed. Incorporating salts into password hashes will protect against rainbow table attacks, and running passwords through the hashing algorithm lots of times also raises the bar for an attacker, requiring more resources for each password guess.

Symmetric Encryption

Question 1

What are the components that make up a cryptosystem? Check all that apply.

  • Decryption algorithms
  • Encryption algorithms
  • Transmission algorithms
  • Key generation algorithms

A cryptosystem is a collection of algorithms needed to operate an encryption service. This involves generating encryption keys, as well as encryption and decryption operations.

Question 2

What is steganography?

  • The study of languages
  • The practice of encoding messages
  • The study of stegosauruses
  • The practice of hiding messages

Steganography involves hiding messages, but not encoding them.

Question 3

What makes an encryption algorithm symmetric?

  • High speed
  • Different keys used for encryption and decryption
  • The same keys used for encryption and decryption
  • Very large key sizes

The symmetry of a symmetric algorithm refers to one key being used for both encryption and decryption.

Question 4

What’s the difference between a stream cipher and a block cipher?

  • Block ciphers are only used for block device encryption.
  • Stream ciphers can’t save encrypted data to disk.
  • Stream ciphers encrypt data as a continuous stream, while block ciphers operate on chunks of data.
  • There is no difference.

A stream cipher takes data in as a continuous stream, and outputs the ciphertext as a continuous stream, too. A block cipher encrypts the data in chunks, or blocks.

Question 5

True or false: The smaller the encryption key is, the more secure the encrypted data is.

  • TRUE
  • FALSE

The reverse is true. The larger the key, the more secure the encrypted data will be.

Week Two Practice Quiz

Question 1

Plaintext is the original message, while _ is the encrypted message.

  • Ciphertext
  • Digest
  • Cipher
  • Algorithm

Once the original message is encrypted, the result is referred to as ciphertext.

Question 2

The specific function of converting plaintext into ciphertext is called a(n) __.

  • Encryption algorithm
  • Integrity check
  • Data protection standard
  • Permutation

An encryption algorithm is the specific function or steps taken to convert plaintext into encrypted ciphertext.

Question 3

Studying how often letters and pairs of letters occur in a language is referred to as _.

  • Codebreaking
  • Cryptography
  • Frequency analysis
  • Espionage

Frequency analysis involves studying how often letters occur, and looking for similarities in ciphertext to uncover possible plaintext mappings.

Question 4

True or false: The same plaintext encrypted using the same algorithm and same encryption key would result in different ciphertext outputs.

  • TRUE
  • FALSE

If the plaintext, algorithm, and key are all the same, the resulting ciphertext would also be the same.

Question 5

The practice of hiding messages instead of encoding them is referred to as __.

  • Encryption
  • Hashing
  • Obfuscation
  • Steganography

Steganography involves hiding messages from discovery instead of encoding them.

Question 6

ROT13 and a Caesar cipher are examples of _.

  • Digital signatures
  • Steganography
  • Substitution ciphers
  • Asymmetric encryption

These are both examples of substitution ciphers, since they substitute letters for other letters in the alphabet.

Question 7

DES, RC4, and AES are examples of __ encryption algorithms.

  • Asymmetric
  • Strong
  • Symmetric
  • Weak

DES, RC4, and AES are all symmetric encryption algorithms.

Question 8

What are the two components of an asymmetric encryption system, necessary for encryption and decryption operations? Check all that apply.

  • Private key
  • Random number generator
  • Digest
  • Public key

In asymmetric encryption systems, there’s a private key used for encryption, and a public key used for decryption.

Question 9

To create a public key signature, you would use the __ key.

  • Decryption
  • Symmetric
  • Private
  • Public [INCORRECT]

Question 10

Using an asymmetric cryptosystem provides which of the following benefits? Check all that apply.

  • Non-repudiation
  • Authenticity
  • Hashing
  • Confidentiality

Confidentiality is provided by the encryption, authenticity is achieved through the use of digital signatures, and non-repudiation is also provided by digitally signing data.

Question 11

If two different files result in the same hash, this is referred to as a __.

  • Mistake
  • Coincidence
  • Key collision
  • Hash collision

A hash collision is when two different inputs yield the same hash.

Question 12

When authenticating a user’s password, the password supplied by the user is authenticated by comparing the __ of the password with the one stored on the system.

  • Hash
  • Plaintext
  • Ciphertext
  • Length

Passwords are verified by hashing and comparing hashes. This is to avoid storing plaintext passwords.

Question 13

If a rainbow table is used instead of brute-forcing hashes, what is the resource trade-off?

  • Rainbow tables use less computational resources and more storage space
  • Rainbow tables use less RAM resources and more computational resources
  • Rainbow tables use less storage space and more RAM resources
  • Rainbow tables use less storage space and more computational resources

Instead of computing every hash, a rainbow table is a precomputed table of hashes and text. Using a rainbow table to lookup a hash requires a lot less computing power, but a lot more storage space.

Question 14

In a PKI system, what entity is responsible for issuing, storing, and signing certificates?

  • Government
  • Certificate Authority
  • Intermediary Authority
  • Registration Authority

The certificate authority is the entity that signs, issues, and stores certificates.

Graded Assessment

https://drive.google.com/drive/folders/1lqShN0jVshRsnRfU1n7lZaMNPKO3XnIf?usp=sharing

3. AAA Security

Authentication

Question 1

How is authentication different from authorization?

  • They’re the same thing.
  • Authentication is verifying access to a resource; authorization is verifying an identity.
  • Authentication is identifying a resource; authorization is verifying access to an identity.
  • Authentication is verifying an identity; authorization is verifying access to a resource.

Authentication is proving that an entity is who they claim to be, while authorization is determining whether or not that entity is permitted to access resources.

Question 2

What are some characteristics of a strong password? Check all that apply,

  • Contains dictionary words
  • Includes numbers and special characters
  • Is used across accounts and systems
  • Is at least eight characters long

A strong password should contain a mix of character types and cases, and should be relatively long — at least eight characters, but preferably more.

Question 3

In a multi-factor authentication scheme, a password can be thought of as:

  • something you know.
  • something you have.
  • something you use.
  • something you are.

Biometrics as an additional authentication factor is something you are, while passwords are something you know.

Question 4

What are some drawbacks to using biometrics for authentication? Check all that apply.

  • Biometric authentication is much slower than alternatives.
  • Biometrics are easy to share.
  • There are potential privacy concerns.
  • Biometric authentication is difficult or impossible to change if compromised.

If a biometric characteristic, like your fingerprints, is compromised, your option for changing your “password” is to use a different finger. This makes “password” changes limited. Other biometrics, like iris scans, can’t be changed if compromised. If biometric authentication material isn’t handled securely, then identifying information about the individual can leak or be stolen.

Question 5

In what way are U2F tokens more secure than OTP generators?

  • They’re password-protected.
  • They can’t be cloned.
  • They’re resistant to phishing attacks.
  • They’re cheaper.

With one-time-password generators, the one-time password along with the username and password can be stolen through phishing. On the flip side, U2F authentication is impossible to phish, given the public key cryptography design of the authentication protocol.

Question 6

What elements of a certificate are inspected when a certificate is verified? Check all that apply.

  • Trust of the signatory CA
  • Certificate key size
  • “Not valid after” date
  • “Not valid before” date

To verify a certificate, the period of validity must be checked, along with the signature of the signing certificate authority, to ensure that it’s a trusted one.

Question 7

What is a CRL?

  • Certified Recursive Listener
  • Certificate Revocation List
  • Certificate Recording Language
  • Caramel Raspberry Lemon

CRL stands for “Certificate Revocation List.” It’s a list published by a CA, which contains certificates issued by the CA that are explicitly revoked, or made invalid.

Question 8

What are the names of similar entities that a Directory server organizes entities into?

  • Clusters
  • Groups
  • Trees
  • Organizational Units

Directory servers have organizational units, or OUs, that are used to group similar entities.

Question 9

True or false: The Network Access Server handles the actual authentication in a RADIUS scheme.

  • True
  • False

The Network Access Server only relays the authentication messages between the RADIUS server and the client; it doesn’t make an authentication evaluation itself.

Question 10

True or false: Clients authenticate directly against the RADIUS server.

  • True
  • False

Clients actually don’t interact with the RADIUS server directly. Instead, they relay authentication via the Network Access Server.

Question 11

What does a Kerberos authentication server issue to a client that successfully authenticates?

  • A ticket-granting ticket
  • A master password
  • An encryption key [INCORRECT]
  • A digital certificate

Question 12

What advantages does single sign-on offer? Check all that apply.

  • It provides encrypted authentication.
  • It reduces the total number of credentials,
  • It enforces multifactor authentication.
  • It reduces time spent authenticating.

SSO allows one set of credentials to be used to access various services across sites. This reduces the total number of credentials that might be otherwise needed. SSO authentication also issues an authentication token after a user authenticates using username and password. This token then automatically authenticates the user until the token expires. So, users don’t need to reauthenticate multiple times throughout a work day.

Question 13

What does OpenID provide?

  • Certificate signing
  • Digital signatures
  • Authentication delegation
  • Cryptographic hashing

OpenID allows authentication to be delegated to a third-party authentication service.

Authorization and Accounting

Question 1

What role does authorization play?

  • It determines whether or not an entity has access to a resource.
  • It verifies an entity’s identity.
  • It verifies passwords.
  • It provides strong encryption.

Authorization has to do with what resource a user or account is permitted or not permitted to access.

Question 2

What does OAuth provide?

  • Confidentiality
  • Integrity
  • Access delegation
  • Secure communications

OAuth is an open authorization protocol that allows account access to be delegated to third parties, without disclosing account credentials directly.

Question 3

How is auditing related to accounting?

  • They’re not related.
  • They’re the same thing.
  • Accounting is reviewing records, while auditing is recording access and usage.
  • Accounting is recording access and usage, while auditing is reviewing these records.

Accounting involves recording resource and network access and usage. Auditing is reviewing these usage records by looking for any anomalies.

Peer Graded Assessment

https://drive.google.com/drive/folders/1rIeNNyH7gF8amy1wXQb5KvMzgP9kLmMQ?usp=sharing

4. Securing Your Networks

Network Monitoring

Question 1

What does tcpdump do? Select all that apply.

  • Encrypts your packets
  • Analyzes packets and provides a textual analysis
  • Captures packets
  • Generates packets

Tcpdump is a packet capture and analysis utility, not a packet generator.

Question 2

What does wireshark do differently from tcpdump? Check all that apply.

  • It can write packet captures to a file.
  • It has a graphical interface.
  • It understands more application-level protocols.
  • It can capture packets and analyze them.

tcpdump is a command line utility, while wireshark has a powerful graphical interface. While tcpdump understands some application-layer protocols, wireshark expands on this with a much larger complement of protocols understood.

Question 3

What factors should you consider when designing an IDS installation? Check all that apply.

  • Internet connection speed
  • Storage capacity
  • OS types in use
  • Traffic bandwidth

It’s important to understand the amount of traffic the IDS would be analyzing. This ensures that the IDS system is capable of keeping up with the volume of traffic. Storage capacity is important to consider for logs and packet capture retention reasons.

Question 4

What is the difference between an Intrusion Detection System and an Intrusion Prevention System?

  • An IDS can actively block attack traffic, while an IPS can only alert on detected attack traffic.
  • An IDS can alert on detected attack traffic, but an IPS can actively block attack traffic.
  • An IDS can detect malware activity on a network, but an IPS can’t
  • They are the same thing.

An IDS only detects intrusions or attacks, while an IPS can make changes to firewall rules to actively drop or block detected attack traffic.

Question 5

What factors would limit your ability to capture packets? Check all that apply.

  • Network interface not being in promiscuous or monitor mode
  • Anti-malware software
  • Encryption
  • Access to the traffic in question

If your NIC isn’t in monitor or promiscuous mode, it’ll only capture packets sent by and sent to your host. In order to capture traffic, you need to be able to access the packets. So, being connected to a switch wouldn’t allow you to capture other clients’ traffic.

Secure Network Architecture

Question 1

Why is normalizing log data important in a centralized logging setup?

  • Log normalizing detects potential attacks.
  • Uniformly formatted logs are easier to store and analyze.
  • The data must be decrypted before sending it to the log server.
  • It’s difficult to analyze abnormal logs.

Logs from various systems may be formatted differently. Normalizing logs is the practice of reformatting the logs into a common format, allowing for easier storage and lookups in a centralized logging system.

Question 2

What type of attacks does a flood guard protect against? Check all that apply.

  • Man-in-the-middle attacks
  • Malware infections
  • SYN floods
  • DDoS attacks

A flood guard protects against attacks that overwhelm networking resources, like DoS attacks and SYN floods.

Question 3

What does DHCP Snooping protect against?

  • Rogue DHCP server attacks
  • DDoS attacks
  • Brute-force attacks
  • Data theft

DHCP snooping is designed to guard against rogue DHCP attacks. The switch can be configured to transmit DHCP responses only when they come from the DHCP server’s port.

Question 4

What does Dynamic ARP Inspection protect against?

  • Rogue DHCP server attacks
  • Malware infections
  • ARP poisoning attacks
  • DDoS attacks

Dynamic ARP inspection protects against ARP poisoning attacks by watching for ARP packets. If an ARP packet doesn’t match the table of MAC address and IP address mappings generated by DHCP snooping, the packet will be dropped as invalid or malicious.

Question 5

What does IP Source Guard protect against?

  • IP spoofing attacks
  • Brute-force attacks
  • Rogue DHCP server attacks
  • DDoS attacks

IP Source Guard prevents an attacker from spoofing an IP address on the network. It does this by matching assigned IP addresses to switch ports, and dropping unauthorized traffic.

Question 6

What does EAP-TLS use for mutual authentication of both the server and the client?

  • Biometrics
  • Usernames and passwords
  • Digital certificates
  • One-time passwords

The client and server both present digital certificates, which allows both sides to authenticate the other, providing mutual authentication.

Question 7

Why is it recommended to use both network-based and host-based firewalls? Check all that apply.

  • For protection for mobile devices, like laptops
  • For protection against DDoS attacks
  • For protection against compromised hosts on the same network
  • For protection against man-in-the-middle attacks

Using both network- and host-based firewalls provides protection from external and internal threats. This also protects hosts that move between trusted and untrusted networks, like mobile devices and laptops.

Wireless Security

Question 1

What are some of the weaknesses of the WEP scheme? Check all that apply.

  • Its small IV pool size
  • Its use of ASCII characters for passphrases
  • Its use of the RC4 stream cipher
  • Its poor key generation methods

The RC4 stream cipher had a number of design flaws and weaknesses. WEP also used a small IV value, causing frequent IV reuse. Lastly, the way that the encryption keys were generated was insecure.

Question 2

What symmetric encryption algorithm does
WPA2 use?

  • DES
  • DSA
  • RSA
  • AES

WPA2 uses CCMP. This utilizes AES in counter mode, which turns a block cipher into a stream cipher.

Question 3

How can you reduce the likelihood of WPS brute-force attacks? Check all that apply.

  • Implement lockout periods for incorrect attempts.
  • Update firewall rules.
  • Use a very long and complex passphrase.
  • Disable WPS.

Question 4

Select the most secure WiFi security configuration from below:

  • WPA2 enterprise
  • WEP 128 bit
  • WPA personal
  • WPA enterprise
  • WPA2 personal
  • None

WPA2 Enterprise would offer the highest level of security for a WiFi network. It offers the best encryption options for protecting data from eavesdropping third parties, and does not suffer from the manageability or authentication issues that WPA2 Personal has with a shared key mechanism. WPA2 Enterprise used with TLS certificates for authentication is one of the best solutions available.

Graded Assessment

https://drive.google.com/drive/folders/1u8AZAgsZ_RsRSd2j4LPzwHYl_8YCQFgL?usp=sharing

4. Defense in Path

Application Hardening

Question 1

Why is it important to keep software up-to-date?

  • To address any security vulnerabilities discovered
  • To ensure compatibility with other systems
  • It’s not important. It’s just annoying.
  • To ensure access to the latest features

As vulnerabilities are discovered and fixed by the software vendor, applying these updates is super important to protect yourself against attackers.

Question 2

What are some types of software that you’d want to have an explicit application policy for? Check all that apply.

  • Software development kits
  • Video games
  • Filesharing software
  • Word processors

Video games and filesharing software typically don’t have a use in business (though it does depend on the nature of the business). So, it might make sense to have explicit policies dictating whether or not this type of software is permitted on systems.

System Hardening

Question 1

What is an attack vector?

  • The classification of attack type
  • The direction an attack is going in
  • The severity of the attack
  • A mechanism by which an attacker can interact with your network or systems

An attack vector can be thought of as any route through which an attacker can interact with your systems and potentially attack them.

Question 2

Disabling unnecessary components serves which purposes? Check all that apply.

  • Reducing the attack surface
  • Making a system harder to use
  • Increasing performance
  • Closing attack vectors

Every unnecessary component represents a potential attack vector. The attack surface is the sum of all attack vectors. So, disabling unnecessary components closes attack vectors, thereby reducing the attack surface.

Question 3

What’s an attack surface?

  • The target or victim of an attack
  • The payload of the attack
  • The total scope of an attack
  • The combined sum of all attack vectors in a system or network

The attack surface describes all possible ways that an attacker could interact and exploit potential vulnerabilities in the network and connected systems.

Question 4

A good defense in depth strategy would involve deploying which firewalls?

  • No firewalls
  • Network-based firewalls only
  • Both host-based and network-based firewalls
  • Host-based firewalls only

Defense in depth involves multiple layers of overlapping security. So, deploying both host- and network-based firewalls is recommended.

Question 5

Using a bastion host allows for which of the following? Select all that apply.

  • Running a wide variety of software securely
  • Applying more restrictive firewall rules
  • Having more detailed monitoring and logging
  • Enforcing stricter security measures

Bastion hosts are special-purpose machines that permit restricted access to more sensitive networks or systems. By having one specific purpose, these systems can have strict authentication enforced, more firewall rules locked down, and closer monitoring and logging.

Question 6

What benefits does centralized logging provide? Check all that apply.

  • It prevents database theft.
  • It blocks malware infections.
  • It helps secure logs from tampering or destruction.
  • It allows for easier logs analysis.

Centralized logging is really beneficial, since you can harden the log server to resist attempts from attackers trying to delete logs to cover their tracks. Keeping logs in place also makes analysis on aggregated logs easier by providing one place to search, instead of separate disparate log systems.

Question 7

What are some of the shortcomings of antivirus software today? Check all that apply.

  • It can’t protect against unknown threats.
  • It’s very expensive.
  • It only detects malware, but doesn’t protect against it.
  • It only protects against viruses.

Antivirus software operates off a blacklist, blocking known bad entities. This means that brand new, never-before-seen malware won’t be blocked.

Question 8

How is binary whitelisting a better option than antivirus software?

  • It’s cheaper.
  • It can block unknown or emerging threats.
  • It’s not better. It’s actually terrible.
  • It has less performance impact.

By blocking everything by default, binary whitelisting can protect you from the unknown threats that exist without you being aware of them.

Question 9

What does full-disk encryption protect against? Check all that apply.

  • Data theft
  • IP spoofing attacks
  • Malware infections
  • Tampering with system files

With the contents of the disk encrypted, an attacker wouldn’t be able to recover data from the drive in the event of physical theft. An attacker also wouldn’t be able to tamper with or replace system files with malicious ones.

Question 10

What’s the purpose of escrowing a disk encryption key?

  • Providing data integrity
  • Protecting against unauthorized access
  • Preventing data theft
  • Performing data recovery

Key escrow allows the disk to be unlocked if the primary passphrase is forgotten or unavailable for whatever reason.

Peer Graded Assessment

https://drive.google.com/drive/folders/1bGbLTW4c6djFDE8IOpfuDH3OwUvzeZV8?usp=sharing

6. Creating Company Culture For Society

Peer Graded Assessment

https://drive.google.com/drive/folders/1HgQM-NNjggNLQS9efDYdgoB_lC7QjL1R?usp=sharing

117 thoughts on “IT Security Coursera Quiz & Assessment Answers | Google IT Support Professional Certificate in 2021”

  1. Oh my goodness! Amazing article dude! Thanks, However I am having
    issues with your RSS. I don’t know the reason why I can’t join it.
    Is there anyone else having identical RSS problems?
    Anyone that knows the solution will you kindly respond?

    Thanks!!

    Reply
  2. Ꮃrite more, thɑts all I have to say. Literally, it seems as though you relied on the video to
    make your point. You definitely know what youre talking
    about, why waste your intеlligence ᧐n just poѕting videos to your blog ᴡhen you could be giving us something enlightening to read?

    Reply
  3. I кnow tis if off topic but I’m looking into stɑrting my own bloɡ and was curioᥙs what all is neded to gget set up?
    I’m assuming having а blkog like yours woluld cost a pretty pennу?
    I’m not very web smart so I’m not 100% positive.
    Anny tips or аdvice would be grеatly appreciated. Cheеrs

    Reply
  4. Thanks for the good writeup. It actually used to be a amusement
    account it. Look complex to more delivered agreeable from you!

    However, how could we keep in touch?

    Reply
  5. Good day very cool website!! Guy .. Beautiful ..
    Amazing .. I’ll bookmark your website and take the feeds
    additionally? I am satisfied to seek out so many helpful info right here within the submit,
    we’d like develop more techniques on this regard, thank you
    for sharing. . . . . .

    Reply
  6. Yesterday, while I was at work, my sister stole my iphone and tested to see if it can survive a 25
    foot drop, just so she can be a youtube sensation. My apple
    ipad is now destroyed and she has 83 views. I know
    this is totally off topic but I had to share
    it with someone!

    Reply
  7. Hi everyone, it’s my first pay a quick visit at this web site, and piece of writing is in fact fruitful designed for me, keep
    up posting these types of articles or reviews.

    Reply
  8. Do you mind if I quote a few of your posts as long as I
    provide credit and sources back to your site? My website is in the very same area of interest as yours and my users would certainly benefit from a lot of the information you present here.
    Please let me know if this okay with you. Appreciate it!

    Reply
  9. I do consider all the concepts you’ve introduced for your
    post. They’re very convincing and can definitely work.
    Nonetheless, the posts are very short for beginners.
    May just you please lengthen them a little from next time?

    Thanks for the post.

    Reply
  10. Awesome blog you have here but I was wondering if you knew of any forums that cover the same
    topics talked about in this article? I’d really like to be a
    part of group where I can get responses from other knowledgeable people that
    share the same interest. If you have any recommendations, please let me know.
    Cheers!

    Reply
  11. Hey great website! Does running a blog similar to this require a great deal of work?
    I’ve very little expertise in computer programming but I had been hoping to start
    my own blog soon. Anyways, should you have any ideas or tips
    for new blog owners please share. I know this is off topic however I simply
    had to ask. Thanks a lot!

    Reply
  12. Have you ever considered writing an e-book or guest authoring on other sites?
    I have a blog based on the same information you discuss
    and would love to have you share some stories/information. I know my
    viewers would appreciate your work. If you’re even remotely interested, feel free to shoot me an email.

    Reply
  13. Hey! I realize this is somewhat off-topic but I needed to ask.

    Does managing a well-established website like yours require a lot of work?
    I am completely new to running a blog but I do write in my diary
    every day. I’d like to start a blog so I will be able to
    share my own experience and feelings online. Please let me know if you have any ideas or tips
    for new aspiring bloggers. Appreciate it!

    Reply
  14. Fantastic beat ! I wish to apprentice while you amend your web site, how could i subscribe for a blog site?
    The account aided me a acceptable deal. I had been a little bit acquainted of this your broadcast provided bright
    clear idea

    Reply
  15. I am really impressed with your writing skills and also with the layout on your blog.

    Is this a paid theme or did you modify it yourself?
    Either way keep up the nice quality writing, it’s rare to see a great
    blog like this one these days.

    Reply
  16. Hey I know this is off topic but I was wondering if you knew
    of any widgets I could add to my blog that automatically tweet my newest twitter
    updates. I’ve been looking for a plug-in like
    this for quite some time and was hoping maybe you would have some experience with something like this.
    Please let me know if you run into anything. I truly
    enjoy reading your blog and I look forward to your new updates.

    Reply
  17. With havin so much content and articles do you ever
    run into any problems of plagorism or copyright infringement?

    My blog has a lot of exclusive content I’ve
    either written myself or outsourced but it appears a lot of
    it is popping it up all over the internet without
    my authorization. Do you know any ways to help prevent content from being
    stolen? I’d truly appreciate it.

    Reply
  18. Betting on football has become a common hobby for sports lovers all
    more or less the world. It increases the thrill of watching
    a game in the past you may withhold your preferred team or player not just because
    you desire them to win but afterward because you
    are betting child support on the result.
    If you’ve never gambled upon football before,
    you may not know where to begin. Visit a website with UFA888, a well-known online
    sportsbook that provides a large selection of betting possibilities for football
    games, as one alternative.
    Understanding the various sorts of bets straightforward is critical previously making
    any wagers. Moneyline bets, tapering off increase bets, and over/under bets are a few well-liked football
    wager kinds.
    A moneyline wager is a easy bet upon the winning side in the game.
    A negative moneyline will be shown for the side that is conventional
    to win, even if a definite moneyline will be displayed for the underdog.

    You would obsession to wager $150 on Manchester associated to
    win $100 or $100 on Liverpool to win $130, for instance, if the moneyline for a
    be in agreement in the company of Manchester associated and Liverpool was -150 for Manchester allied and +130 for Liverpool.

    A dwindling evolve wager entails a tiny more work.

    The sportsbook will insist a “spread” for the
    game in this kind of wager, next one side swine favored to
    win by a certain amount of points. Manchester joined is 3 points favored to
    win, for instance, if the enhancement for the
    game is set at -3 for Manchester joined and +3 for Liverpool.
    You win your wager if Manchester united wins by a margin greater than three points.
    Your money will be refunded if they win by precisely 3 points
    and the wager is a push. You lose your bet if they
    lose or win by fewer than three points.
    A gamble on the sum amount of points, goals, or extra statistical measures that will be scored in the game is known as an over/under wager.

    You may wager upon whether the actual sum will be above or below
    a “line” that the sportsbook sets for the over/under. If a game’s over/under is set
    at 2.5 goals, for instance, you may wager upon the
    higher than if you resign yourself to there will be more goals scored than 2.5 goals or upon the below if you tolerate there
    will be less goals than 2.5.
    You must register for an account and fund it once child
    support back you can place football bets at UFA888.
    In complement to bank transfers, UFA888
    as a consequence accepts financial credit and debit
    cards, e-wallets, and further secure bump options.

    You may explore the betting choices and put your bets after funding your account.

    UFA888 provides a broad range of other betting possibilities in accessory to the up to standard wagers upon the outcome of a single game.
    You may wager, for instance, on the league or tournament champion, the
    performer in imitation of the most goals in a league or tournament, or even the side that will be demoted
    from a league.
    When placing a football wager, one concern to keep in mind is to manage your money wisely at all times.
    Particularly if you’re supplementary to betting, it’s crucial to insist limitations
    for how much you’re ready to wager and adhere to those
    limits. before making a wager, it’s a fine idea to complete your homework and agree to into account
    all pertinent elements, such as team form, injuries, and head-to-head records.

    Overall, placing a wager on football may be a thrilling and entertaining method to
    enlargement your pleasure of the extraordinary game.
    Whether you are a seasoned bettor or a novice to the sport world

    My blog post – ยูฟ่า888

    Reply
  19. Cooper talked to UCR in September in regards to the intricacies of his stage present and
    his excitement to resume touring after more than a 12
    months off the street as a result of coronavirus pandemic.
    For regular diners, it is an excellent strategy to learn about new eateries in your area or find a restaurant
    when you’re on the street. Using the operate of division into classes, you can easily discover one thing
    that may suit your style. But DVRs have two major flaws
    — it’s a must to pay for the privilege of using one, and you are
    stuck with whatever capabilities the DVR you buy occurs to come with.
    This template is acceptable for any operating system,
    subsequently, utilizing this template is as easy as booking a lodge room.
    Therefore, it is completely suitable for the design of a weblog utility.
    Therefore, not only the furnishings needs to be comfortable, but in addition the applying for its buy.

    my web page: slot wallet

    Reply
  20. I loved as much as you’ll receive carried out right here. The sketch is tasteful, your authored subject matter stylish.

    nonetheless, you command get bought an shakiness over that you wish be delivering the following.
    unwell unquestionably come further formerly again as exactly
    the same nearly very often inside case you shield this
    hike.

    Reply
  21. always i used to read smaller articles that as well clear their motive, and that is also happening
    with this article which I am reading at this time.

    Reply
  22. These wonderfl devices work just like a camera, a mini computer,
    a MP3 player as well as a gamig consoile whenever required.
    Accsense Product Manager Dana Kennedy explains his enthusiasm:
    “Increasingly we’re concentrating on expanding the ability individuals Accsense systems towards the market’s specific needs, to ensure that we’re now storing the servers ourselves and offering direct support. Eventually, electronic devices manufacturers started with the likelihood of automating domestic microcontroller based devices.

    Reply
  23. I really love your website.. Excellent colors &
    theme. Did you develop this amazing site yourself?

    Please reply back as I’m attempting to create my very own website and would like to know where you got this from or just
    what the theme is named. Cheers!

    Reply
  24. I recommend this program to anyone who is battling substance
    abuse. The staff goes above and beyond for their patients.
    They are caring and very welcoming. Never did I ever feel judged or uncomfortable talking to the staff.
    They do care and are there to help you. I can honestly say
    nowhere else has helped me out as much and in a way as this program.
    Thank you, guys.

    Reply
  25. Hello! I know this is kind of off topic but I was wondering which blog platform
    are you using for this website? I’m getting sick and tired of WordPress because I’ve had issues with hackers and I’m looking
    at options for another platform. I would be awesome if you could point me in the direction of a good platform.

    Reply
  26. I do consider all the ideas you’ve presented in your post. They’re really convincing
    and will certainly work. Nonetheless, the posts
    are very short for novices. May you please lengthen them a bit from subsequent
    time? Thanks for the post.

    Reply
  27. Spot on with this write-up, I actually believe this amazing site needs a
    great deal more attention. I’ll probably be returning to read through more, thanks for the
    information!

    Reply
  28. This design is wicked! You obviously know how to
    keep a reader entertained. Between your wit and your
    videos, I was almost moved to start my own blog (well,
    almost…HaHa!) Wonderful job. I really enjoyed what you had
    to say, and more than that, how you presented it.
    Too cool!

    Reply
  29. My brother suggested I might like this blog. He was entirely right.
    This post truly made my day. You can not imagine simply how much
    time I had spent for this information! Thanks!

    Reply
  30. Hey! Do you know if they make any plugins to help with Search Engine Optimization? I’m trying to get
    my blog to rank for some targeted keywords but I’m not seeing very good gains.
    If you know of any please share. Appreciate it!

    Reply
  31. Thank you for another great article. Where else could anyone get that
    type of information in such an ideal approach of writing?
    I’ve a presentation next week, and I’m at the look for such information.

    Reply
  32. Great – I should certainly pronounce, impressed with your site. I had no trouble navigating through all the tabs and related info ended up being truly easy to do to access. I recently found what I hoped for before you know it in the least. Reasonably unusual. Is likely to appreciate it for those who add forums or something, web site theme . a tones way for your client to communicate. Excellent task.

    Reply
  33. Hey just wanted to give you a quick heads up. The words in your content seem to be running off the screen in Chrome. I’m not sure if this is a format issue or something to do with web browser compatibility but I figured I’d post to let you know. The design and style look great though! Hope you get the problem solved soon. Thanks

    Reply

Leave a Comment

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker🙏.

Powered By
Best Wordpress Adblock Detecting Plugin | CHP Adblock