Cybersecurity Capstone: Breach Response Case Studies | Coursera Quiz Answers

Cybersecurity Capstone: Breach Response Case Studies | IBM

This course is designed to equip learners with foundational knowledge essential for developing Cybersecurity skills through the IBM Cybersecurity Professional Certificate programs. Participants will delve into incident response strategies and security frameworks, learning to identify and classify various vulnerabilities and the corresponding threats targeting contemporary enterprises. The course provides detailed examinations of both historical and recent breaches, focusing on detection methods employed and strategies for mitigating organizational risks. Moreover, participants will analyze the financial implications of data breaches based on comprehensive research and notable case studies.

A notable component of this course involves selecting and researching a current cybersecurity incident reported in the media. Participants will apply acquired knowledge and skills from this course, along with previous cybersecurity training, to conduct detailed analyses encompassing attack types, timelines, vulnerable systems, and potential missed opportunities. Evaluation of these projects will be performed peer-to-peer within the course.

This course caters to individuals aspiring to pursue careers in Cybersecurity as Analysts or Specialists, offering practical insights into real-world cybersecurity breaches. Successful completion of the course also qualifies participants to earn the Cybersecurity Capstone: Breach Response Case Studies IBM digital badge.

Enroll Course

---

Notice!
Always refer to the module on your for the most accurate and up-to-date information.

Module 1 – Incident Management Response and Cyberattack Frameworks

Incident Management Knowledge Check

1. In creating an incident response capability in your organization, NIST recommends taking 6 actions. Which three (3) actions are included on that list? (Select 3)

• Establish a formal incident response capability
• ‘Create an incident response policy
• ‘Hold incident response drills on a regular basis
• ‘Develop an incident response plan based on the incident response policy

2. Which incident response team model would best fit the needs of a small company that runs its business out of a single office building or campus?

• Hybrid incident response team
• Distributed incident response team
• Coordinating incident response team
• Central incident response team

3. True or False. An incident response team needs a blend of members with strong technical and strong soft skills?

• True
• False

4. Assuring systems, networks, and applications are sufficiently secure to resist an attack is part of which phase of the incident response lifecycle?

• Detection & Analysis
• Post-Incident Activity
• Preparation
• Containment, Eradication & Recovery

Cyberattack Frameworks Knowledge Check

1. According to the IRIS Framework, during which stage of an attack would the attacker conduct external reconnaissance, alight tactics, techniques and procedures to target and prepare his attack infrastructure?

• Continue the attack, expand network access
• Continuous phases occur
• Attack beginnings
• Attack objective execution
• Launch and execute the attack

2. According to the IRIS Framework, during which stage of an attack would the attacker escalate evasion tactics to evade detection?

• Attack beginnings
• Launch and execute the attack
• Continuous phases occur
• Continue the attack, expand network access
• Attack objective execution

3. According to the IRIS framework, during the third phase of an attack when the attackers are attempting to escalate privileges, what should the IR team be doing as a countermeasure?

• Build a threat profile of adversarial actors who are likely to target the company
• Analyze all network traffic and endpoints, searching for anomalous behavior
• Thoroughly examine available forensics to understand attack details, establish mitigation priorities, provide data to law enforcement, and plan risk reduction strategies
• Enforce strong user password policies by enabling multi-factor authentication and restricting the ability to use the same password across systems
• Implement strong endpoint detection and mitigation strategies

4. According to the IRIS framework, during the fifth phase of an attack, the attackers will attempt execute their final objective. What should the IR team be doing as a countermeasure?

• Enforce strong user password policies by enabling multi-factor authentication and restricting the ability to use the same password across systems
• Thoroughly examine available forensics to understand attack details, establish mitigation priorities, provide data to law enforcement, and plan risk reduction strategies
• Implement strong endpoint detection and mitigation strategies
• Analyze all network traffic and endpoints, searching for anomalous behavior
• Build a threat profile of adversarial actors who are likely to target the company

5. True or False. A data breach only has to be reported to law enforcement if external customer data was compromised?

• True
• False

Incident Management Response and Cyberattack Frameworks Graded Assessment

1. In creating an incident response capability in your organization, NIST recommends taking 6 actions. Which three (3) actions that are a included on that list? (Select 3)

• Establish policies and procedures regarding incident-related information sharing
• Secure executive sponsorship for the incident response plan
• Considering the relevant factors when selecting an incident response team model
• Develop incident response procedures

2. Which incident response team model would best fit the needs of a the field offices of a large distributed organizations?

• Hybrid incident response team
• Coordinating incident response team
• Central incident response team
• Distributed incident response team

3. Which incident response team staffing model would be appropriate for a small retail store that has just launched an online selling platform and finds it is now under attack?

• The platform was put together by its very small IT department who has no experience in managing incident response.
• Migrate all online operations to a cloud service provider so you will not have to worry about further attacks
• Outsource the monitoring of intrusion detection systems and firewalls to an offsite managed security service provider while leaving the response to detected incidents to current IT staff
• Use internal IT staff only, forcing them to come up to speed as quickly as possible
• Completely outsource the incident response work to an onsite contractor with expertise in monitoring and responding to incidents

4. Which three (3) technical skills are important to have in an organization’s incident response team? (Select 3)

• Programming
• Network administration
• System administration
• Encryption

5. Identifying incident precursors and indicators is part of which phase of the incident response lifecycle?

• Detection & Analysis
• Preparation
• Containment, Eradication & Recovery
• Post-Incident Activity

6. Automatically isolating a system from the network when malware is detected on that system is part of which phase of the incident response lifecycle?

• Containment, Eradication & Recovery
• Post-Incident Activity
• Detection & Analysis
• Preparation

7. According to the IRIS Framework, during which stage of an attack would the attacker send phishing email, steal credentials and establish a foothold in the target network?

• Continue the attack, expand network access
• Attack beginnings
• Continuous phases occur
• Attack objective execution
• Launch and execute the attack

8. According to the IRIS Framework, during which stage of an attack would the attacker execute their final objectives?

• Attack beginnings
• Launch and execute the attack
• Continue the attack, expand network access
• Continuous phases occur
• Attack objective execution

9. According to the IRIS framework, during the first stage of an attack, when the bad actors are conducting external reconnaissance and aligning their tactics, techniques and procedures, what should the IR team be doing as a countermeasure?

• Implement strong endpoint detection and mitigation strategies
• Thoroughly examine available forensics to understand attack details, establish mitigation priorities, provide data to law enforcement, and plan risk reduction strategies
• Build a threat profile of adversarial actors who are likely to target the company
• Enforce strong user password policies by enabling multi-factor authentication and restricting the ability to use the same password across systems
• Analyze all network traffic and endpoints, searching for anomalous behavior

10. According to the IRIS framework, during the fourth phase of an attack, the attackers will attempt to evade detection. What should the IR team be doing as a countermeasure?

• Thoroughly examine available forensics to understand attack details, establish mitigation priorities, provide data to law enforcement, and plan risk reduction strategies
• Implement strong endpoint detection and mitigation strategies
• Enforce strong user password policies by enabling multi-factor authentication and restricting the ability to use the same password across systems
• Build a threat profile of adversarial actors who are likely to target the company
• Analyze all network traffic and endpoints, searching for anomalous behavior

11. True or False. A data breach always has to be reported to law enforcement agencies.

• True
• False

Module 2 – Phishing Scams

Introduction to Phishing Scams Knowledge Check

1. Some of the earliest known phishing attacks were carried out against which company?

• Google
• Facebook
• Yahoo
• America Online (AOL)

2. You have banked at “MyBank” for many years when you receive an urgent email telling you to log in to verify your security credentials or your account would be frozen. You are not wealthy but what little you have managed to save is in this bank. The email is addressed to “Dear Customer” and upon closer inspection you see it was sent from “security@mybank.yahoo.com”. What kind of attack are you under?

• As a phishing attack.
• No attack, this is a legitimate note from the security department of your bank.
• A spear phishing attack.
• A whale attack.

3. True or False. HTTPS assures passwords and other data that is sent across the Internet is encrypted. Links in email that use HTTPS will protect you against phishing attacks.

• True
• False

4. Which feature of this email is a red flag, indicating that it may be a phishing attack and not a legitimate account warning from PayPal?

• (Image: sjjLry3a7uk)
• Suspicious sender’s address.
• Suspicious attachments.
• There is a hyperlink in the body of the email.
• Poor quality layout.

5. Which three (3) of these statistics about phishing attacks are real? (Select 3)

• The average cost of a data breach is $3.86 million.
• 15% of people successfully phished will be targeted at least one more time within a year.
• 12% of businesses reported being the victim of a phishing attack in 2018.
• Phishing accounts for 90% of data breaches.

6. Which range best represents the number of unique phishing web sites reported to the Anti-Phishing Working Group (apwg.org) in Q4 2019?

• Between 100 and 200.
• Between 1500 and 1800.
• Between 130,000 and 140,000.
• Between 1.3 million and 1.4 million.

Phishing Case Study Knowledge Check

1. Which three (3) techniques are commonly used in a phishing attack? (Select 3)

• Breaking in to an office at night and installing a key logging device on the victim’s computer.
• Make an urgent request to cause the recipient to take quick action before thinking carefully.
• Send an email from an address that very closely resembles a legitimate address.
• Sending an email with a fake invoice that is overdue.

2. You are working as an engineer on the design of a new product your company hopes will be a big seller when you receive an email from someone you do not personally know. The email is addressed to you and was sent by someone who identifies herself as the VP of your Product division. She wants you to send her a zip file of your design documents so she can review them. While her name is that of the real VP, she explains that she is using her personal email system since her company account is having problems. You suspect fraud. What kind of attack are you likely under?

• A man in the middle attack.
• A phishing attack.
• A spear phishing attack.
• A whale attack.

3. Phishing attacks are often sent from spoofed domains that look just like popular real domains. Which brand has been spoofed the most in phishing attacks?

• Microsoft
• Google
• IBM
• Apple

4. Which feature of this email is a red flag, indicating that it may be a phishing attack and not a legitimate account warning from PayPal?
(Image)

• Suspicious attachments
• There is a hyperlink in the body of the email
• Poor quality layout
• There are spelling errors.

5. Which three (3) of these statistics about phishing attacks are real? (Select 3)

• 94% of phishing messages are opened by their targeted users.
• BEC (Business Email Compromise) scams accounted for over $12 billion in losses according the US FBI.
• 76% of businesses reported being a victim of phishing attacks in 2018.
• Phishing attempts grew 65% between 2017 and 2018.

6. Which is the most common type of identity theft?

• Credit card fraud
• Phone or utility fraud
• Loan or lease fraud
• Government documents or benefits fraud

Module 3 – Point of Sale Breach

Introduction to Point of Sale Attacks Knowledge Check

1. True or False. There are more successful PoS attacks made against large online retailers than there are against small to medium sized brick-and-mortar businesses.

• True
• False

2. Which is the standard regulating credit card transactions and processing?

• PCI-DSS
• Sarbanes-Oxley (SOX)
• GDPR
• NIST SP-800

3. Which three (3) of these are PCI-DSS requirements for any company handling, processing or transmitting credit card data? (Select 3)

• Cardholder data may not reside on local PoS devices for more than 48 hours
• Protect stored cardholder data
• Install and maintain a firewall configuration to protect cardholder data
• Do not use vendor-supplied defaults for system passwords and other security parameters

4. True or False. A study conducted by the Ingenico Group found that credit card transactions were sufficiently secure as long as all participants were in strict compliance with PCI-DSS standards.

• True
• False

5. What are the two (2) most common operating systems for PoS devices? (Select 2)

• Windows
• Mac i/OS
• Linux
• POSOS

6. If your credit card is stolen from a PoS system, what is the first thing the thief is likely to do with your card data?

• Use it as part of a larger identity theft scheme
• Use it to buy merchandise
• Sell it to a carder
• Sell it to a distributor

7. PCI-DSS can best be described how?

• A voluntary payment card industry data security standard
• A provision of the European GDPR that covers payment card data privacy regulations
• A financial regulation in the United States covering the payment card industry that replaced Sarbanes-Oxley
• A financial regulation in the United States that supplements Sarbanes-Oxley with missing provisions covering the payment card industry

Point of Sale Breach Graded Assessment

1. Which group suffers from the most PoS attacks?

• Restaurants and small retail stores.
• Large online retailers like Amazon.com
• Social media companies like Facebook and Instagram.
• Government agencies.

2. Which three (3) of these control processes are included in the PCI-DSS standard? (Select 3)

• Build and maintain a secure network and systems
• Maintain a vulnerability management program
• Protect cardholder data
• Require use of multi-factor authentication for new card holders

3. Which three (3) of these are PCI-DSS requirements for any company handling, processing or transmitting credit card data? (Select 3)

• Use and regularly update antivirus software
• All employees with direct access to cardholder data must be bonded
• Encrypt transmission of cardholder data across open, public networks
• Develop and maintain secure systems and applications

4. Which three (3) additional requirements did the Ingenico Group recommend be used to enhance credit card transactions above and beyond the requirements found in PCI-DSS? (Select 3)

• Mobile Device Management (MDM)
• Employee Education
• Tokenization
• Discontinue use of magnetic strip readers and cards

5. When is credit card data most vulnerable to PoS malware?

• While stored on the PoS device hard drive
• While in RAM
• After the card data has been received by the credit card processor
• While in transit between the PoS device and the credit card processing center

6. Which scenario best describes how a stolen credit card number is used to enrich the thief?

• Credit card thieves use stolen credit cards to buy merchandise that is then returned to the store in exchange for store credit that is sold at a discount for profit
• Credit card thieves resell stolen card numbers to dark web companies that use call-center style operations to purchase goods on behalf of customers who pay for them at discounted rates using real credit cards
• Credit card thieves sell stolen credit cards directly to carders using weekly dark web auctions. The carders then encode credit card blanks with the stolen numbers and resell the cards
• Stolen credit card numbers are sold to brokers who resell them to carders who use them to buy prepaid credit cards that are then used to buy gift cards that will be used to buy merchandise for resale

Module 4 – 3rd Party Breach

THIRD-PARTY BREACH KNOWLEDGE CHECK
1. A cyber attack originating from which three (3) of the following would be considered a supply-chain attack? (Select 3)

• An environmental activist group
• E-mail providers
• Subcontractors
• Web hosting companies

2. Which three (3) of these were cited as the top 3 sources of third-party breach? (Select 3)

• Cloud-based storage or hosting providers
• Online payment or credit card processing services
• JavaScript on websites used for web analytics
• Security vulnerabilities in operating systems

3. True or False. While data loss from a third-party breach can be expensive, third-party breaches account for less than 22% of all breaches.

• True
• False

4. According to a 2019 Ponemon study, what percent of consumers say they will defect from a business if their personal information is compromised in a breach?
10%

• 51%
• 80%
• 92%

Third-party Breach Graded Assessment

1. True or False. According to a 2018 Ponemon study, organizations surveyed cited “A third-party misused or shared confidential information…” as their top cyber security concern for the coming year.

• True
• False

2. How effective were the processes for vetting third-parties as reported by the majority (64%) of the companies surveyed?

• Highly effective
• Effective
• Somewhat or not effective
• Not effective at all

3. In the first few months of 2020 data breaches were reported from Instagram, Carson City, Amazon, GE, T-Mobile, radio.com, MSU, and Marriot. While different data were stolen from each organization, which two data elements were stolen from all of them? (Select 2)

• Corporate financial data
• Personal information
• Customer financial information
• Confidential corporate strategy data

4. True or False. More than 63% of data breaches can be linked to a third-party.

• True
• False

5. According to a 2019 Ponemon study, which is the most common course of action for a consumer who has lost personal data in a breach?

• Tell others of their experience
• Use social media to complain about their experience
• Comment directly on the company’s website
• File a complaint with the FTC or other regulatory body

Module 5 – Ransomware

Ransomware Knowledge Check

1. You get a pop-up message on your screen telling you that critical files on your system have been encrypted and that you must pay a fee to get the encryption key. What type of ransomware has attacked your system?

• Blockware
• Crypto
• Leakware/Doxware
• Locker

2. Your bank sends you an email with your account statement attached. You think this is odd but open it anyway to see what it is. The document is blank so you close it and think no more about it. A few days later you realize that your computer is infected with malware. What attack vector was used to compromise your system?

• Remote Desktop Protocol (RDP)
• Malicious Links
• Phishing
• Software Vulnerabilities

3. You take advantage of an Internet offer for free technical support and a live technician acutally does contact you, log into your computer and help you optimize your system. A few days later you notice some critical business files are missing when a big red message block appears on your screen demanding money if you ever want to see your files again. What attack vector is the malware exploiting?

• Software Vulnerabilities
• Phishing
• Malicious Links
• Remote Desktop Protocol (RDP)

4. If you fail to patch your operating system and that fact allows a bad actor to install ransomware on your system, what was the likely attack vector?

• Remote Desktop Protocol (RDP)
• Software Vulnerabilities
• Malicious Links
• Phishing

5. You read an interesting article online that contains links to related articles so you follow one of them and pretty soon you are a victim of a ransomware attack. What was the likely attack vector used by the bad actors?

• Phishing
• Remote Desktop Protocol (RDP)
• Software Vulnerabilities
• Malicious Links

6. What is the most important thing to have in place that will save you from having to pay a ransom in the event you have fallen victim to a ransomware attack?

• Fully patched operating system and applications
• Strong passwords
• Anti-virus software
• A full system backup

7. Which ransomware spread across 150 countries in 2017 and was responsible for over $4 billion in losses worldwide?

• Bad Rabbit
• GoldenEye
• Jigsaw
• WannaCry

8. True or False. Projections are that ransomware will not be a significant problem in the future as operating systems become more secure and anti-malware applications gain in sophistication.

• True
• False

Ransomware Graded Assessment

1. You get a pop-up message on your screen telling you have been locked out of your computer and that access will remain blocked until you pay a fee to have your access restored. What type of ransomware has attacked your system?

• Blockware
• Crypto
• Locker
• Leakware/Doxware

2. You get a pop-up message on your screen telling you that embarrassing photos taken of you at a college party many years ago have been downloaded and will be made public unless you pay a fee. What type of ransomware has attacked your system?

• Leakware/Doxware
• Blockware
• Crypto
• Locker

3. You get an email from your Internet service provider addressed to “Dear Customer” asking you to log in and verify your credentials due to “suspicious activity” detected in your account. This email is most likely trying to exploit which attack vector?

• Remote Desktop Protocol (RDP)
• Malicious Links
• Phishing
• Software Vulnerabilities

4. A person you meet at a party offers to help you optimize your computer so you arrange for her to log in remotely. The next time you reboot your system, you get a pop-up message telling you all your critical files have been encrypted and you must pay a ransome to get the encryption key. What attack vector was used to exploit your system?

• Phishing
• Malicious Links
• Software Vulnerabilities
• Remote Desktop Protocol (RDP)

5. You fear that the security patches sent out by the vendor of one of your products may introduce changes to what you are used to so you never allow the updates. What attack vector are you setting yourself up for?

• Remote Desktop Protocol (RDP)
• Software Vulnerabilities
• Phishing
• Malicious Links

6. You log into your bank and see an offer for a 0% interest rate loan. You click on the link to check out the details and suddenly your computer is locked and there is a message demanding payment in order to unlock it. Your bank’s website was hacked! What attack vector was being used to install ransomware on your system?

• Phishing
• Remote Desktop Protocol (RDP)
• Malicious Links
• Software Vulnerabilities

7. True or False. Being vigilant about email you receive, links your follow and websites you visit is an effective way to keep yourself safe from a ransomware attack.

• True
• False

8. Which ransomware used fake Adobe Flash download websites to distribute and install ransomware?

• Bad Rabbit
• GoldenEye
• Jigsaw
• WannaCry

9. True or False. It is feared that in the future our cars, homes and factories may fall victim to ransomware attacks as more and more devices join the Internet of Things.

• True
• False

---

Related Articles