Module 4 Graded Quiz: Detection and Response :Cybersecurity Architecture (IBM Cybersecurity Analyst Professional Certificate) Answers 2025
1. Question 1
What is SIEM?
-
❌ Antivirus software
-
✅ A system that allows us to monitor, analyze, and report on what happens in our environment
-
❌ Messaging app
-
❌ Database system
Explanation:
SIEM = Security Information and Event Management → centralizes logs, detects threats, and generates alerts.
2. Question 2
What is XDR?
-
❌ Machine learning algorithm
-
❌ Productivity tool
-
❌ Encryption method
-
❌ Data-conserving system
Correct Answer:
➡️ The correct option is not listed, but the intended concept in the lesson is:
XDR = Extended Detection and Response — a system that unifies and correlates security telemetry across endpoints, networks, cloud, identities, etc.
Best matching option (closest intent):
❌ None of the provided options describe XDR correctly.
3. Question 3
Primary purpose of threat hunting?
-
❌ Identify software bugs
-
❌ Ensure firewalls are up to date
-
✅ Be proactive and detect possible threats before triggering an alarm
-
❌ Repair systems
Explanation:
Threat hunting looks for hidden threats before automated tools flag them.
4. Question 4
Tools used by threat hunters?
-
❌ Photo editing
-
❌ Debugging
-
❌ Website builders
-
✅ SIEM and XDR tools
Explanation:
Threat hunters analyze logs, telemetry, and alerts using SIEM/XDR platforms.
5. Question 5
Advantage of using both SIEM and XDR?
-
❌ Create web pages
-
✅ They complement each other and provide a stronger security response
-
❌ Easy interface
-
❌ Free storage
Explanation:
SIEM = centralized logs; XDR = correlated multi-layer detection → together improve visibility and response.
6. Question 6
Role of a cybersecurity analyst in threat hunting?
-
❌ Develop software
-
❌ Install antivirus
-
❌ Maintain servers
-
✅ Develop a hypothesis using experience and instincts about potential threats
Explanation:
Threat hunters proactively form hypotheses to discover hidden attacks.
7. Question 7
Benefit of early detection?
-
❌ Enables system updates
-
✅ It moves the awareness of an attack earlier in the attack timeline
-
❌ Enhances server performance
-
❌ Fixes bugs
Explanation:
Earlier detection = lower impact, faster containment.
8. Question 8
Difference between SIEM and XDR?
-
❌ Same function
-
❌ SIEM cheaper
-
✅ SIEM collects all data and raises alarms; XDR keeps most data local and fetches it when requested
-
❌ XDR needs more operators
Explanation:
SIEM = centralized log ingestion
XDR = distributed, telemetry-based, cloud-assisted detection
9. Question 9
What is threat hunting?
-
✅ A proactive process of forming hypotheses and looking for indicators of compromise
-
❌ Physically tracking criminals
-
❌ Removing threats
-
❌ Reactive response after alerts
Explanation:
Threat hunting = proactive, hypothesis-driven threat discovery.
10. Question 10
What is MTTI?
-
❌ Time to fix a problem
-
❌ Time to prevent an attack
-
❌ Total recovery time
-
✅ Time delay until we know an attack has occurred
Explanation:
MTTI measures how long it takes to detect that an attack has happened.
🧾 Summary Table
| Q | Correct Answer | Key Concept |
|---|---|---|
| 1 | Monitor, analyze, report | SIEM |
| 2 | Correct answer not listed → XDR = Extended Detection & Response | XDR |
| 3 | Proactive threat detection | Threat hunting |
| 4 | SIEM + XDR | Threat hunting tools |
| 5 | Stronger combined security | SIEM + XDR synergy |
| 6 | Develop threat hypotheses | Analyst role |
| 7 | Earlier attack awareness | Early detection |
| 8 | SIEM = collects all data; XDR = fetches when needed | Key difference |
| 9 | Proactive hunting | What threat hunting is |
| 10 | Time until detection | MTTI |