Module 4 Coursera CS Cert - Questions and Terms
Modem
A device that connects your router to the internet and brings internet access to the LAN.
Switch
A device that makes connection between specific devices on a network by sending and receiving data between them.
Network
A group of connected devices.
Hub
A network device that broadcasts information to every device on the network
Router
A network device that connects multiple networks together.
Firewalls - Where do firewalls fit in to the big picture
A network security device that monitors traffic to or from your network. It is like your first line of defense. - Firewalls often reside between the secured and controlled internal network and the untrusted network resources outside the organization, such as the internet. .
WAN (Wide Area Network)
A network that spans a large geographic area like a city, state, or country
LAN ( Local Area Network)
A network that spans a small area like an office building, a school, or a home.
Which of the following statements accurately describe playbooks? Select three answers. A playbook improves accuracy when identifying and mitigating an incident. A playbook helps security teams respond to urgent situations quickly. Organizations keep playbooks consistent by applying the same procedures to different business events. Organizations use different types of playbooks for different situations.
A,B, AND D
In what ways do SIEM tools and playbooks help security teams respond to an incident? Select all that apply. SIEM tools generate alerts. After receiving a SIEM alert, security teams use playbooks to guide their response process. Playbooks analyze data to detect threats. SIEM tools collect data.
AB, D
Which action can a security analyst take when they are assessing a SIEM alert? Analyze log data and related metrics Isolate an infected network system Restore the affected data with a clean backup Create a final report
Analyze log data and related metrics
What are the primary goals of the containment phase of an incident response playbook? Select two answers. Analyze the magnitude of the breach Assess the damage Reduce the immediate impact Prevent further damage
C,D
Cloud Network
Collection of servers or computers that stores resources and data in remote data centers that can be accessed via the internet.
A security analyst reports to stakeholders about a security breach. They provide details based on the organization's established standards. What phase of an incident response playbook does this scenario describe? Preparation Detection and analysis Eradication and recovery Coordination
Coordination
Fill in the blank: Once a security incident is resolved, security analysts perform various post-incident activities and _____ efforts with the security team. detection coordination preparation eradication
Coordination
Fill in the blank: During the _____ phase, security professionals use tools and strategies to determine whether a breach has occurred and to evaluate its potential magnitude. detection and analysis coordination preparation containment
Detection and Analysis
A business recently experienced a security breach. Security professionals are currently restoring the affected data using a clean backup that was created before the incident. What playbook phase does this scenario describe? Containment Detection and analysis Post-incident activity Eradication and recovery
Eradication and Recovery
Fill in the blank: Incident response playbooks outline processes for communication and ______ of a security breach. documentation iteration implementation concealment
Implementation
Virtualization Tools
Pieces of software that perform network operations
In which incident response playbook phase would a security team document an incident to ensure that their organization is better prepared to handle future security events? Post-incident activity Eradication and recovery Containment Coordination
Post Incident Activity
Cloud Computing
Practice of using hosted servers, applications, and network services that are hosted externally on the internet instead of on local physical devices.
A security analyst establishes incident response procedures. They also educate users on what to do in the event of a security incident. What phase of an incident response playbook does this scenario describe? Eradication and recovery Detection and analysis Preparation Containment
Preparation
Servers
Provide information and services for devices like computers, smart home devices, and smartphones on the network.
SaaS( Software as a Service)
Refers to software suites operated by the CSG that a company uses remotely without hosting the software.
Fill in the blank: During the post-incident activity phase, security teams may conduct a full-scale analysis to determine the _____ of an incident and use what they learn to improve the company's overall security posture. root cause target structure end point
Root Cause
What is the relationship between SIEM tools and playbooks? They work together to predict future threats and eliminate the need for human intervention. They work together to provide a structured and efficient way of responding to security incidents. Playbooks collect and analyze data, then SIEM tools guide the response process. Playbooks detect threats and generate alerts, then SIEM tools provide the security team with a proven strategy.
They work together to provide a structured and efficient way of responding to security incidents.
In the event of a security incident, when would it be appropriate to refer to an incident response playbook? Throughout the entire incident Only prior to the incident occurring At least one month after the incident is over Only when the incident first occurs
Throughout the entire Incident
A security team is considering what they learned during past security incidents. They also discuss ways to improve their security posture and refine response strategies for future incidents. What is the security team's goal in this scenario? Assess employee performance Educate clients Delete biometric data Update a playbook
Update a Playbook
