Introduction to Cyber Attacks Module 4 Quiz Answers

Hello Friends in this article i am gone to share Coursera Course: Introduction to Cyber Attacks by New York University | Module 4 Quiz Answers with you..

Introduction to Cyber Attacks Module 4 Quiz Answers

Module 4 Quiz Answers

Question 1)
Carefully mapping assets to threats is an effective technique under which of the following situations?

  • Your client offers follow-on security work for your consulting team
  • You do not believe fraud to be a legitimate component of the CIA model
  • You have no inventory of assets and will never get one
  • Your GRC tool has been hacked
  • You have no understanding of your assets but would like to

Question 2)
32)Man-in-the-middle attacks on wireless UMTS services are possible because of which infrastructure feature?

  • Cheap 2G services
  • Fallback from 3G to 2G services
  • Evolution to LTE
  • WiFi covering weak 3G coverage gaps
  • All of the above

Question 3)
Which of the following statements regarding enterprise assets is true?

  • Assets are not tangible
  • Tangible assets are not identifiable
  • Identifiable assets include tangible ones
  • Intangible assets are always identifiable
  • Assets are always known

Question 4)
Estimating risk for cells in a threat-asset matrix requires which of the following approaches:

  • Holistic views of attacks, vulnerabilities, and asset values
  • Knowledge of the environment
  • Recognition that cost issues must be taken into account
  • All of the above

Question 5)
Which of the following statements is true?

  • Assets always have serious vulnerabilities
  • Assets sometimes have vulnerabilities
  • Attackers exploit the same vulnerabilities in assets
  • Threats are more important that assets

Question 6)
Which would most likely be the highest security risk for a Mobility Service Provider?

  • Disclosure of equipment types
  • Integrity of facility entry card readers
  • Availability of LTE service
  • Answers “a” and “b”
  • Staff backgrounds and social network posts

Question 7)
Which of the following is not an organizational asset?

  • Name
  • Reputation
  • Servers
  • People
  • None of the Above

Question 8)
As risk goes up, we can conclude which of the following?

  • Probability of attack goes up
  • Probability of security failure goes up
  • Consequence goes up
  • Consequence and probability of attack goes up
  • None of the above

Question 9)
Worms are best avoided by which of the following techniques?

  • Information sharing
  • Better firewalls
  • More attentive staff
  • Improved patching
  • All of the above

Question 10)
Since there is an infinity of possible vulnerabilities, but a finite number of threat types, the following can be stated:

  • Security engineering is therefore not possible in practice.
  • Penetration testing must focus on threats, not vulnerabilities.
  • The cross product of vulnerabilities and threats must be mapped to assets.
  • We can issue threat advisories publicly, but not vulnerability advisories.
  • Threat-asset matrices can be constructed, but not vulnerability-asset matrices.



Leave a Comment