Introduction to Cybersecurity Module 4: Protecting the Organization Quiz Answers
1. What is the correct definition of risk management?
- The process of transferring risks that cannot be eliminated or mitigated
- The process of identifying and assessing risk to determine the severity of threats
- The process of accepting risks that cannot be eliminated, mitigated or transferred
- The process of identifying and assessing risk to reduce the impact of threats and vulnerabilities
2. Which of the following tools can be used to provide a list of open ports on network devices?
- Ping
- Tracert
- Nmap
- Whois
3. Which of the following tools can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks?
- NetFlow
- SIEM
- Nmap
- Snort
4. ‘Today, there are single security appliances that will solve all the network security needs of an organization.’
Is this statement true or false?
- True
- False
5. What name is given to a device that controls or filters traffic going in or out of the network?
- Router
- VPN
- Firewall
- IPS
6. What tool can identify malicious traffic by comparing packet contents to known attack signatures?
- IDS
- Zenmap
- Nmap
- NetFlow
7. What protocol is used to collect information about traffic traversing a network?
- HTTPS
- NetFlow
- Telnet
- NAT
8. Behavior-based analysis involves using baseline information to detect what?
- Risk
- Anomalies
- Backdoors
- Vulnerabilities
9. What is the last stage of a pen test?
- Scanning
- Analysis and reporting
- Gathering target information
- Maintaining access
10. ‘With careful planning and consideration, some risks can be completely eliminated.’
Is this statement true or false?
- True
- False
11. What is a security playbook?
- A collection of security alerts, logs and historical data from the network
- A collection of repeatable queries or reports that outline a standardized process for incident detection and response
- A step-by-step guide on how to carry out IT-related procedures
12. What is the main aim of a Cyber Security Incident Response Team (CSIRT)?
- To help client organizations improve their incident management capabilities
- To help ensure organization, system and data preservation by performing investigations into computer security incidents
- To enforce access to network resources by creating role-based control policies
- To provide guidance on the implementation of safeguards and personnel training