Course 5 – IT Security: Defense Against the Digital Dark Arts

Week 6: Creating a Company Culture for Security

Coursera Study Guide


Congratulations, you’ve made it to the final week in the course! In the last week of this course, we’ll explore ways to create a company culture for security. It’s important for any tech role to determine appropriate measures to meet the three goals of security. By the end of this module, you will develop a security plan for an organization to demonstrate the skills you’ve learned in this course. You’re almost done, keep up the great work!

Learning Objectives

  • Determine appropriate measures to use to meet the 3 goals of security.
  • Develop a security plan for a small-medium size organization.
  • Develop a disaster recovery plan.


1. What are some examples of security goals that you may have for an organization? Check all that apply.

  • To protect customer data from unauthorized access (CORRECT)
  • To deploy an Intrusion Prevention System
  • To implement a strong password policy
  • To prevent unauthorized access to customer credentials (CORRECT)

Great job! These are super important goals. Safeguards or systems should be implemented to help achieve them. It’s important to distinguish between a discrete goal and the mechanisms or defense systems that help you to achieve these goals. Defenses on their own aren’t goals, but they allow us to work towards these goals.

2. Which of these would you consider high-value targets for a potential attacker? Check all that apply.

  • Networked printers
  • Authentication databases (CORRECT)
  • Logging server
  • Customer credit card information (CORRECT)

That’s right! Customer credit card data is really valuable to attackers, since it can be a hot commodity in the shadier areas of the internet. The same goes for authentication databases, since this could provide attackers with usernames and passwords that might give them access to accounts on other websites and services.

3. What’s the purpose of a vulnerability scanner?

  • It fixes vulnerabilities on systems.
  • It blocks malicious traffic from entering your network.
  • It protects your network from malware.
  • It detects vulnerabilities on your network and systems. (CORRECT)

Correct! A vulnerability scanner will scan and evaluate hosts on your network. It does this by looking for misconfigurations or vulnerabilities, then compiling a report with what it found.

4. What are some restrictions that should apply to sensitive and confidential data? Check all that apply.

  • It can be stored on encrypted media only.
  • It can be transferred via email.
  • It can be stored on removable media.
  • It can be accessed and stored on personal devices.

Nice work! Sensitive data should be treated with care so that an unauthorized third-party doesn’t gain access. Ensuring this data is encrypted is an effective way to safeguard against unauthorized access.

5. What’s a privacy policy designed to guard against?

  • Eavesdropping on communications
  • Denial-of-service attacks
  • Misuse or abuse of sensitive data (CORRECT)
  • Attackers stealing customer data

Yep! Privacy policies are meant to govern the access and use of sensitive data for authorized parties.


1. You’re interested in using the services of a vendor company. How would you assess their security capabilities? Check all that apply.

  • Request full access to their systems to perform an assessment
  • Ask them to complete a questionnaire (CORRECT)
  • Assume that they’re using industry-standard solutions
  • Ask them to provide any penetration testing or security assessment reports (CORRECT)

Great job! A security assessment questionnaire allows you to quickly and efficiently get a broad understanding of what security measures a vendor company has in place. If available, any reports detailing penetration testing results or security assessments would also be valuable.

2. What’s the goal of mandatory IT security training for an organization? Check all that apply.

  • To educate employees on how to stay secure (CORRECT)
  • To build a culture that prioritizes security (CORRECT)
  • To punish employees with poor security practices
  • To avoid the need for a security team

Exactly! IT security training for employees should be designed to educate them on how to keep themselves and the organization secure, and to encourage a culture of security.


1. What’s the first step in handling an incident?

  • Contain the incident
  • Remove or eradicate of the incident
  • Recover from the incident
  • Detect the incident (CORRECT)

Yep! Before you can take any action, you have to be aware that an incident occurred in the first place.

2. How do you protect against a similar incident occurring again in the future?

  • Change all account passwords.
  • Cross your fingers and hope for the best!
  • Conduct a post-incident analysis. (CORRECT)
  • Update your antivirus definitions.

Correct! By analyzing the incident and figuring out the details of how an attacker compromised a network or system, you can learn what vulnerabilities were exploited and take steps to close them.


1. What’s the first step in performing a security risk assessment?

  • Threat modeling (CORRECT)
  • Logs analysis
  • Vulnerability scanning
  • Penetration testing

That’s right! Threat modeling is the process of identifying likely threats to your systems or network, and assigning them priorities. This is the first step to assessing your security risks.

2. Which of the following should be incorporated into a reasonably secure password policy that balances security with usability? Check all that apply.

  • A length of at least 8 characters (CORRECT)
  • A requirement to use dictionary words
  • A complexity requirement of special characters and numbers (CORRECT)
  • A password expiration time of 6-12 months (CORRECT)

Excellent job! A good balance of a strong but useable password is at least 8 characters, includes a mixture of punctuation characters, and rotates periodically, but not too frequently.

3. What’s a quick and effective way of evaluating a third party’s security?

  • A comprehensive penetration testing review
  • A manual evaluation of all security systems
  • A security assessment questionnaire (CORRECT)
  • A signed contract

You nailed it! A security assessment questionnaire would help you understand how well-defended a third party is, before deciding to do business with them.

4. Beyond restoring normal operations and data, what else should be done during the recovery phase?

  • Take systems offline
  • Correct the underlying root cause (CORRECT)
  • Update documentation
  • Assign blame for the incident

Awesome! Ideally, you’d figure out what caused the incident in the first place, and make changes to avoid a similar incident from occurring in the future.

5. Security risk assessment starts with _____.

  • Payment processing
  • Threat modeling (CORRECT)
  • Outside attackers
  • Attack impact

You got it! Security risk assessment starts with threat modeling.

6. Your company wants to establish good privacy practices in the workplace so that employee and customer data is properly protected. Well-established and defined privacy policies are in place, but they also need to be enforced. What are some ways to enforce these privacy policies? Check all that apply.

  • Print customer information
  • Audit access logs (CORRECT)
  • Lease privilege (CORRECT)
  • VPN connection

You nailed it! Auditing access logs will ensure sensitive information is only being accessed by individuals that are authorized to access it.

You nailed it! Apply the principle of least privilege by not allowing access to specific data by default.

7. When employees need to access sensitive data, they should do all of the following EXCEPT what?

  • Specify exact data needed
  • Time limit
  • A second signature (CORRECT)
  • Provide justification

Awesome! Providing a signature for data access is not a normal process. Providing a second is even more uncommon.

8. When considering third-party service providers to host sensitive data, you should conduct a vendor risk review. What actions does this include? Check all that apply.

  • Test the vendor’s hardware or software. (CORRECT)
  • Ask vendor to fill out a security questionnaire. (CORRECT)
  • Talk to vendor employees.
  • Ask vendor for a cost comparison.

You got it! Test the software or hardware to evaluate it for potential security vulnerabilities.

You got it! The questionnaire will cover various aspects of their security policies, procedures, and defenses in place.

9. Management wants to build a culture where employees keep security in mind. Employees should be able to access information freely and provide feedback or suggestions without worry. Which of these are great ideas for this type of culture? Check all that apply.

  • Bring your own device
  • Designated mailing list (CORRECT)
  • Desktop monitoring software
  • Posters promoting good security behavior (CORRECT)

Awesome! A mailing list is where people can ask questions or report things related to security.

Awesome! Posters or other informational flyers help to encourage or reinforce good security behaviors.

10. The very first step of handling an incident is _____ the incident.

  • blaming
  • understanding
  • ignoring
  • detecting (CORRECT)

Great work! The very first step of handling an incident is detecting the incident.

11. Once the scope of the incident is determined, the next step would be _____.

  • remediation
  • documentation
  • escalation
  • containment (CORRECT)

Nice job! Once the scope of the incident is determined, the next step would be containment.

12. What risk are you exposing your organization to when you contract services from a third party?

  • Trusting the third party’s security (CORRECT)
  • Man-in-the-middle attacks
  • DDoS attacks
  • Zero-day vulnerabilities

Yep! You’re trusting this third party to have reasonable security in place to protect the data or access you’re entrusting them with.

13. What are the first two steps of incident handling and response? Check all that apply.

  • Incident detection (CORRECT)
  • Incident containment (CORRECT)
  • Incident eradication or removal
  • Incident recovery

Nice work! The first step is incident detection, because you need to be aware of an ongoing incident before you can react to it. Once you’ve detected the incident, you can begin containment to minimize the impact of the incident.

14. When handling credit card payments, your organization needs to adhere to the _____.

  • IEEE
  • ISO

Great work! When handling credit card payments, your organization needs to adhere to the Payment Card Industry Data Security Standard (PCI DSS).

15. In the Payment Card Industry Data Security Standard (PCI DSS), which of these goals would benefit from encrypted data transmission?

  • Protecting cardholder data (CORRECT)
  • Maintaining a vulnerability management program
  • Monitoring and testing networks regularly
  • Implement strong access control measures

Nice job! To protect cardholder data, the transmission of cardholder data across open networks needs to be encrypted.

16. _____ is the practice of attempting to break into a system or network for the purpose of verification of systems in place.

  • Penetration testing (CORRECT)
  • Security assessment
  • Vulnerability scanning
  • Network probing

You nailed it! Penetration testing is the practice of attempting to break into a system or network for the purpose of verification of systems in place.

17. What are some ways to combat against email phishing attacks for user passwords? Check all that apply.

  • Virtual private network
  • Spam filters (CORRECT)
  • User education (CORRECT)
  • Cloud email

Right on! Spam filters can send phishing-like emails to the spam folder or block them completely.

Right on! Helping users understand what a phishing email looks like can prevent them from visiting fake websites.

18. Google provides free _____, which is a good starting point when assessing third-party vendors.

  • Vendor security assessment questionnaires (CORRECT)
  • Business apps
  • Cloud storage
  • Mobile phone services

Woohoo! Google’s Vendor Security Assessment Questionnaires are a good starting point to design your own vendor security assessment questionnaire.

19. Periodic mandatory security training courses can be given to employees in what way? Check all that apply.

  • Short video (CORRECT)
  • One-on-one interviews
  • Brief quiz (CORRECT)
  • Interoffice memos

Awesome! Periodic and mandatory security training courses can be given as a short video or informational presentation.

Awesome! Periodic and mandatory security training courses can be followed by a brief quiz.

20. After a known good backup has been restored and the known vulnerabilities have been closed, systems should be thoroughly _____.

  • backed up
  • baselined
  • tested (CORRECT)
  • removed

You got it! After a known good backup has been restored and the known vulnerabilities have been closed, systems should be thoroughly tested to ensure proper functionality has been restored.

21. How can events be reconstructed after an incident?

  • By reviewing and analyzing logs (CORRECT)
  • By interviewing the people involved
  • By doing analysis of forensic malware
  • By replaying security video footage

Excellent! By auditing logs, it should be possible to recreate exactly what happened before and during an incident. This would help you understand what was done, along with the overall scope of the incident.

22. A company wants to restrict access to sensitive data. Only those who have a “need to know” will have access to this data. Strong access controls need to be implemented. Which of these examples, that don’t include user identification, are used for 2-factor authentication? Check all that apply.

  • Common Access Card
  • Password (CORRECT)
  • U2F token (CORRECT)
  • Smart card

Well done! When looking at aggregated logs, you should pay attention to patterns and correlations between traffic. For example, if you are seeing a large percentage of hosts all connecting to a specific address outside your network, that might be worth investigating more closely, as it could indicate a malware infection.

 21. What is the combined sum of all attack vectors in a corporate network?

  • The Access Control List (ACL)
  • The attack surface (CORRECT)
  • The risk
  • The antivirus software

Right on! A password is one factor of authentication that does not include user identification.

U2F token is one factor of authentication that does not include user identification.

23. Data handling policies usually forbid the storing of confidential information on which of these devices? Check all that apply.

  • CD drives (CORRECT)
  • Encrypted portal hard drives
  • Limited access file shares
  • USB sticks (CORRECT)

Awesome! Storing confidential information on removable media such as CD drives is usually forbidden.

Awesome! Storing confidential information on removable media such as USB sticks is usually forbidden.

24. Third-party services that require equipment on-site may require your company to do which of the following? Check all that apply.

  • Provide additional monitoring via a firewall or agentless solution. (CORRECT)
  • Provide remote access to third-party service provider. (CORRECT)
  • Report any issues discovered from evaluating hardware. (CORRECT)
  • Evaluate hardware in the lab first. (CORRECT)

You nailed it! Your company should monitor these third-party devices because it is a new potential attack surface on the network.

You nailed it! Your company may need to open remote access for third-party service provider to maintain equipment.

You nailed it! After evaluating and monitoring the devices, any issues found should be reported to the vendor for remediation.

You nailed it! Your company should evaluate the third-party devices in a lab, prior to being deployed on the network.

25. What tool can you use to discover vulnerabilities or dangerous misconfigurations on your systems and network?

  • Antimalware software
  • Firewalls
  • Bastion hosts
  • Vulnerability scanners (CORRECT)

Awesome! A vulnerability scanner is a tool that will scan a network and systems looking for vulnerabilities or misconfigurations that represent a security risk.

26. A strong password is a good step towards good security, but what else is recommended to secure authentication?

  • Strong encryption
  • Password rotation
  • 2-factor authentication (CORRECT)
  • Vulnerability scanning

Exactly! Two-factor authentication, combined with a strong password, significantly increases the security of your authentication systems.

27. Which of these are examples of security tools that can scan computer systems and networks for vulnerabilities? Check all that apply.

  • Qualys (CORRECT)
  • Wireshark
  • Nessus (CORRECT)

Woohoo! OpenVAS is a software tool that can scan systems and networks for vulnerabilities.

Woohoo! Qualys is a software tool that can scan systems and networks for vulnerabilities.

Woohoo! Nessus is a software tool that can scan systems and networks for vulnerabilities.

28. Which of these are bad security habits commonly seen amongst employees in the workplace? Check all that apply.

  • Password on a post-it note (CORRECT)
  • Leave laptop logged in and unattended (CORRECT)
  • Log out of website session
  • Lock desktop screen

Great work! Writing down passwords on a post-it is a bad security habit.

Great work! Leaving a laptop logged in and unattended is a bad security habit.

29. A co-worker needs to share a sensitive file with you, but it is too large to send via an encrypted email. The co-worker works out of a remote office. You work at headquarters. Which of these options would most likely be approved by the company’s security policies? Check all that apply.

  • Upload to a personal OneDrive
  • Upload to a personal Google drive
  • Share directly via VPN (CORRECT)
  • Upload to company secure cloud storage. (CORRECT)

Nice job! Establishing a virtual private network (VPN) with headquarters will allow the file to be shared directly and securely.

Nice job! A company can establish an approved and safe mechanism, such as a secure cloud storage solution, to share large files securely with others remotely.

30. The incident response team found malware on several user workstations. Trying to remove the malware infection is becoming time consuming. There is important data on the workstations. Which of these actions will recover the workstations back to a malware-free state? Check all that apply.

  • Replace the hard drive
  • Restore file from backup (CORRECT)
  • Rebuild the machine (CORRECT)
  • Replace network cable

Right on! After rebuilding the machine, user files can be restored from a backup store.