Hello Friends in this article i am gone to share Coursera Course: Introduction to Cyber Attacks by New York University | Module 4 Quiz Answers with you..
Introduction to Cyber Attacks Module 4 Quiz Answers
Module 4 Quiz Answers
Question 1)
Carefully mapping assets to threats is an effective technique under which of the following situations?
- Your client offers follow-on security work for your consulting team
- You do not believe fraud to be a legitimate component of the CIA model
- You have no inventory of assets and will never get one
- Your GRC tool has been hacked
- You have no understanding of your assets but would like to
Question 2)
32)Man-in-the-middle attacks on wireless UMTS services are possible because of which infrastructure feature?
- Cheap 2G services
- Fallback from 3G to 2G services
- Evolution to LTE
- WiFi covering weak 3G coverage gaps
- All of the above
Question 3)
Which of the following statements regarding enterprise assets is true?
- Assets are not tangible
- Tangible assets are not identifiable
- Identifiable assets include tangible ones
- Intangible assets are always identifiable
- Assets are always known
Question 4)
Estimating risk for cells in a threat-asset matrix requires which of the following approaches:
- Holistic views of attacks, vulnerabilities, and asset values
- Knowledge of the environment
- Recognition that cost issues must be taken into account
- All of the above
Question 5)
Which of the following statements is true?
- Assets always have serious vulnerabilities
- Assets sometimes have vulnerabilities
- Attackers exploit the same vulnerabilities in assets
- Threats are more important that assets
Question 6)
Which would most likely be the highest security risk for a Mobility Service Provider?
- Disclosure of equipment types
- Integrity of facility entry card readers
- Availability of LTE service
- Answers “a” and “b”
- Staff backgrounds and social network posts
Question 7)
Which of the following is not an organizational asset?
- Name
- Reputation
- Servers
- People
- None of the Above
Question 8)
As risk goes up, we can conclude which of the following?
- Probability of attack goes up
- Probability of security failure goes up
- Consequence goes up
- Consequence and probability of attack goes up
- None of the above
Question 9)
Worms are best avoided by which of the following techniques?
- Information sharing
- Better firewalls
- More attentive staff
- Improved patching
- All of the above
Question 10)
Since there is an infinity of possible vulnerabilities, but a finite number of threat types, the following can be stated:
- Security engineering is therefore not possible in practice.
- Penetration testing must focus on threats, not vulnerabilities.
- The cross product of vulnerabilities and threats must be mapped to assets.
- We can issue threat advisories publicly, but not vulnerability advisories.
- Threat-asset matrices can be constructed, but not vulnerability-asset matrices.