Course 5 – IT Security: Defense Against the Digital Dark Arts

by
Contents hide
1 Week 1: Understanding Security Threats
2 PRACTICE QUIZ: MALICIOUS SOFTWARE
3 PRACTICE QUIZ: NETWORK ATTACKS
4 PRACTICE QUIZ: OTHER ATTACKS
5 QUIZ: UNDERSTANDING SECURITY THREATS
Spread the love

Week 1: Understanding Security Threats

This is the IT Security of IT Support Professional Certificate. This week, the basics of security within IT environments will be introduced. You’ll learn how to define and identify security risks, vulnerabilities, and threats. Moreover, you will also look at the examples of security attacks that organizations face and how security is guided by the “CIA” principle. At the end of this module, you’ll have an idea about different types of malicious software, network attacks, client-side attacks, and familiar security terms often used in the workplace.

Learning Objectives:

  • Define and identify security risks, vulnerabilities, and threats.
  • Identify the most common attacks that happen secure-wise.
  • Understand how security is placed about the CIA principle.

PRACTICE QUIZ: MALICIOUS SOFTWARE

1. In the CIA Triad, “Confidentiality” means ensuring that data is:

  • not accessible by unwanted parties. (CORRECT)
  • accurate and was not tampered with.
  • accessible anonymously.
  • available and that people can access it.

In reality! The term “confidentiality” in the field of IT security typically refers to ensuring that not all people or systems are able to access sensitive data but only those who are authorized to do so. Protects unauthorized access, disclosure, or exposure to sensitive data and maintains its privacy. It is common in the IT environment and is referred to as confidentiality to detail the implementing measures, such as encryption, access controls, or authentication mechanisms.

2. In the CIA Triad, “Integrity” means ensuring that data is:

  • available and that people can access it.
  • truthful and honest.
  • accurate and was not tampered with. (CORRECT)
  • not accessible by unwanted parties.

Great work! What is true! Integrity in information technology security means assurance that the data remains true, consistent, and unchanged during its transmission, storage, and processing. The extent to which unauthorized bodies do not modify or destroy the data. Typically, hashing, checksum, digital signature, data validation are some of the methods used to ensure data integrity such that the data sent to it is exactly the same as that received by it.

3. In the CIA Triad, “Availability” means ensuring that data is:

  • accurate and was not tampered with.
  • available to anyone from anywhere.
  • not accessible by unwanted parties.
  • available and people can access it. (CORRECT)

You got it! Indeed! Availability refers to the fact that, in IT security, authorized or rightful users may have their access to data and applications at any point in time or at the earliest opportunity. This involves protecting systems against interruptions such as hardware failure, cyberattack (such as denial-of-service attacks), or natural disasters. Touching on availability, it includes redundancy, failover mechanisms, regular system maintenance, and a solid disaster recovery plan. These systems aim to minimize downtime and it would get access to the critical resources uninterrupted.

4. What’s the relationship between a vulnerability and an exploit?

  • An exploit creates a vulnerability in a system.
  • An exploit takes advantage of a vulnerability to run arbitrary code or gain access. (CORRECT)
  • A vulnerability takes advantage of an exploit to run arbitrary code or gain access.
  • They’re unrelated.

Correct: Thanks so much! You put it out really clearly. A vulnerability is a missing link, or a crack, in a system, software, or network that can be brought to benefit someone by a potential attacker for unauthorized access, breaking down services, or damaging sensitive information. An exploit shows up the tool or technique or method that can be taken to utilize that vulnerability. It is intended to make users aware of the necessity of regularly updating, patching, and assessing security in order to minimize, if not obliterate, the potentiality of exploitation and increase the general security level.

5. Which statement is true for both a worm and a virus?

  • They’re self-replicating and self-propagating. (CORRECT)
  • They don’t cause any harm to the target system.
  • They infect other files with malicious code.
  • They’re undetectable by antimalware software.

Wohoo! Both worms and viruses can self-replicate or self-propagate through several means of distribution.

6. Check all examples of types of malware:

  • Worms (CORRECT)
  • Key Generators
  • Adware (CORRECT)
  • Viruses (CORRECT)

Very good! These are examples of the nasty little programs whose sole motive is the complete downfall of an infected system, precisely what malware is meant for.

7. What are the characteristics of a rootkit? Check all that apply.

  • Provides elevated credentials (CORRECT)
  • Is difficult to detect (CORRECT)
  • Is destructive
  • Is harmless

Right on! In a nutshell, rootkits are designs in which an unauthorized third party would gain administrator-level access into a system without the knowledge of its owner. Most of them are built in such a way that they are hard to identify and remove, which makes them difficult to detect.

8. What does the CIA security model stand for?

  • Central Intelligence Agency
  • Computer Information Assurance
  • Confidentiality Integrity Availability (CORRECT)
  • Confidentiality Integrity Access

Nice job! ‘Tis thus: confidentiality accords access to information only to those so authorized; integrity guarantees the completeness and validness of data; and availability ensures, by constantly maintaining a service, that the service stays up anytime its users are seeking access.

9. A zero-day vulnerability is:

  • a vulnerability that has already been exploited before the vulnerability has been disclosed. (CORRECT)
  • a vulnerability that has not been exploited yet.
  • a newly discovered vulnerability.
  • a harmless vulnerability.

That’s right! According to which, the zero-day vulnerability means zero-days to react to or remedy this weakness before exploitation by attackers. This term basically indicates that the deficiency has been actively exploited by hackers before the developers or admins have had a chance to patch it.

PRACTICE QUIZ: NETWORK ATTACKS

1. What are the dangers of a man-in-the-middle attack? Check all that apply.

  • An attacker can eavesdrop on unencrypted traffic. (CORRECT)
  • An attacker can block or redirect traffic. (CORRECT)
  • An attacker can destroy data at rest.
  • An attacker can modify traffic in transit. (CORRECT)

Correct! A man-in-the-middle (MITM) attack happens when your network traffic gets intercepted by an attacker, who then either listens in on the communications or alters the data being sent or even blocks the entire traffic all at once. It certainly is a dangerous threat!

2. Why is a DNS cache poisoning attack dangerous? Check all that apply.

  • It allows an attacker to remotely control your computer.
  • Errrr…it’s not actually dangerous.
  • It affects any clients querying the poisoned DNS server.
  • It allows an attacker to redirect targets to malicious webservers. (CORRECT)

That is correct! An attacker is able to fake DNS records into a DNS server’s cache through a process known as DNS cache poisoning. Once an attacker poisons the DNS cache of a DNS server, this attacker can ensure that any client querying this record receives the fraudulent information. This means the user could end up redirected to a malicious web server of the attacker’s choice as the attacker can then redirect the user anywhere else, including into phishing schemes, malware downloads, or any other harmful activity.

3. Which of the following is true of a DDoS attack?

  • Attack traffic comes from lots of different hosts. (CORRECT)
  • This type of attack causes a significant loss of data.
  • Attack traffic is encrypted.
  • An attacker sends attack traffic directly to the target.

Nice job! “Distributed” refers to the fact that the attack traffic comes from many different compromised hosts, often part of a botnet. It makes the attack seem as if it comes from many different machines flooding the target system and making it harder to mitigate than a central attack.

4. Which of the following result from a denial-of-service attack? Check all that apply.

  • Data destruction
  • Malware infection
  • Slow network performance (CORRECT)
  • Service unreachable (CORRECT)

You nailed it! A denial of service (DoS) attack is designed to keep authorized users from getting access to a certain service by overloading it with excessive traffic. The attack uses such a huge volume of resources that the system becomes slow and ultimately unavailable to the legitimate users.

PRACTICE QUIZ: OTHER ATTACKS

1. How can you protect against client-side injection attacks? Check all that apply.

  • Use input validation (CORRECT)
  • Utilize strong passwords
  • Use data sanitization (CORRECT)
  • Use a SQL database

Correct! A denial of service (DoS) attack is designed to keep authorized users from getting access to a certain service by overloading it with excessive traffic. The attack uses such a huge volume of resources that the system becomes slow and ultimately unavailable to the legitimate users.

2. True or false: A brute-force attack is more efficient than a dictionary attack.

  • TRUE
  • FALSE (CORRECT)

You nailed it! Brute-force attacks use every possible combination of characters systematically to crack a password; while dictionary attacks target only the passwords in a predefined list, or dictionary. Because there are fewer words in a focused dictionary, a dictionary attack is more efficient than a bruteforce attack, which tests all combinations regardless of how the password is structured.

3. Which of the following scenarios are social engineering attacks? Check all that apply.

  • Someone uses a fake ID to gain access to a restricted area. (CORRECT)
  • You receive an email with an attachment containing a virus. (CORRECT)
  • An attacker performs a man-in-the-middle attack.
  • An attacker performs a DNS Cache poisoning attack.

Great job! Malicious spam email is a sort of social engineering attack in which the attacker writes the email with the view of tricking the user into opening an appended file that contains a harmful payload such as malware. In contrast, using someone else’s identification is an example of impersonation when that fake identification is used to gain illegal access; impersonation is another of the many types of social engineering trickery, basically in which a person pretends to be someone he/she is not in order to persuade the victim to provide him/her access or information.

QUIZ: UNDERSTANDING SECURITY THREATS

1. Which of the following are examples of injection attacks? Check all that apply.

  • SYN flood attack
  • Social engineering attack
  • SQL injection attack (CORRECT)
  • XSS attack (CORRECT)

Correct! When attacker injects an malicious script into web page, it is called XSS (Cross-Site Scripting) Attack. Victim’s browser runs the malicious script without his knowledge. The script may steal their data, or do whatever fraudulent operations for that user.

2. An attacker could redirect your browser to a fake website login page using what kind of attack?

  • DDoS attack
  • SYN flood attack
  • Injection attack
  • DNS cache poisoning attack (CORRECT)

Great job! That’s correct! A DNS cache poisoning attack involves inserting malicious DNS records in a DNS server’s cache. Therefore, when you try to access the desired website, the poisoned DNS server gives incorrect IP address information, redirecting all requests to a server under attacker’s control. This can lead to phishing, malware delivery, or other malicious activity.

3. A SYN flood occurs when the attacker overwhelms a server with ______.

  • ACK packets
  • SYN packets (CORRECT)
  • Injection attacks
  • Malware

Nice work! Just like that. In SYN flooding, the attacker’s machine can send countless SYN packets to the victim machine. It will try to establish a connection through the application layer but won’t end the three-way handshake-TCP process by sending an ACK packet. As a result, half-open TCP connections will be using resources on the victim’s machine; resources will be overwhelmed, and finally, the system may come down due to resource starvation – also called denial of service (DoS) attack.

4. The best defense against injection attacks is to ______.

  • Use input validation (CORRECT)
  • Use antimalware software
  • Use a firewall
  • Use strong passwords

You nailed it! Exactly! Through input validation, the system is allowed to operate only on what it expects-and safe-data. Validation of text input fields stops the injection of malicious command, like SQL queries and scripts or any other inappropriate code, into the system to exploit its vulnerabilities and to compromise security.

5. Which of these is an example of the integrity principle that can ensure your data is accurate and untampered with?

  • Keeping a symmetric key secret
  • Implementing flood guards
  • Using MACs (Message Authentication Codes) (CORRECT)
  • Using Encapsulating Security Payload (CORRECT)

Indeed! A MAC (Message Authentication Code) is a piece of data that serves to demonstrate the integrity and authenticity of a message. It is ensured that the message has not been modified in transit.

On the same thread, Encapsulating Security Payload (ESP) is among the IPsec protocols used to secure messages sent over the Internet protocol. In brief, ESP encapsulates IP packets for providing confidentiality (for encrypting it), integrity (the data has not been tampered with), and authentication (to verify the sender), all of which are important communication over IP networks securely.

6. If there are cyber threats and vulnerabilities to your system, what does that expose you to? Check all that apply.

  • Attacks (CORRECT)
  • The CIA triad
  • Exploits (CORRECT)
  • Tailgating

You’re wise! Awareness of all threats and vulnerabilities makes a person take security measures, ‘before-the-fact’ strengthening their defense against the potential attacks.

When vulnerabilities exist, they open gates for a hacker to use them for causing damage, stealing data, or causing disruption. The only remedy to such damages is having a good number of assessments on a regular basis, adequately patch management, and proper detection of threats in order to minimize effects that such weaknesses could have-on-system-exploitation.

7. Which of these is a characteristic of Trojan malware?

  • A Trojan infection needs to be installed by the user. (CORRECT)
  • A Trojan may get installed without the user’s consent.
  • A Trojan is the same thing as a rootkit.
  • A Trojan is basically backdoor malware.

Great work! Indeed, true to that, like the Trojan horse in the annals of history–which, foxy in its ruse, found acceptance in the city of Troy under the disguise of a gift-a malware Trojan is any of the totally fake programs whose disguise is legit in the domain of cybersecurity. It must be accepted and run by the user for entry and nefarious activity on the system, mostly by manipulation or trickery, for the attack to be accomplished.

8. What is it called when a hacker is able to get into a system through a secret entryway in order to maintain remote access to the computer?

  • Ransomware
  • Adware
  • A backdoor (CORRECT)
  • A Trojan

Thanks! Just right! A backdoor is a hidden path by which the hackers can illicitly enter any system without passing regular security methods like passwords or firewalls. Often, backdoors are intentionally created by the attacker at the time of initial breach and permit that attacker a way of continued access, even if the system later gets patched or secured.

9. Which of these are ways a hacker can establish a man-in-the-middle attack? Check all that apply.

  • Tailgating
  • Rogue Access Point (AP) (CORRECT)
  • Evil Twin (CORRECT)
  • Session hijacking (CORRECT)

Awesome! One specific form of MITM attack is Rogue AP attack.

Well done, it’s an Evil Twin attack when the victim connects instead to an access point controlled by a hacker when they connect to what seems like a legitimate access point.

Good one! A man-in-the-middle may be an invasion called “session hijacking” or “cookie hijacking.”

10. Which of these is where a victim connects to a network that the victim thinks is legitimate, but is really an identical network controlled by a hacker to monitor traffic?

  • A Denial of Service (DoS)
  • A logic bomb
  • DNS Cache Poisoning
  • Evil Twin (CORRECT)

Woohoo! The principle upon which such an attack is termed Evil Twin is that it would have the victim erroneously connecting to a network that is made to look exactly like a legitimate one, whereas, in fact, this entity is under the hack of a hacker.

11. What is it called if a hacker takes down multiple services very quickly with the help of botnets?

  • Distributed denial-of-service (DDoS) (CORRECT)
  • Cross-site Scripting (XSS)
  • A password attack
  • A SQL injection

You nailed it! A distributed denial of service attack, DDoS for short, can be defined as the attack in which a number of machines are used to direct and overwhelm services. Tips on prevention: Avoid higher volume and/or speed disruption.

12. If a hacker targets a vulnerable website by running commands that delete the website’s data in its database, what type of attack did the hacker perform?

  • A Denial-of-Service (DoS) attack
  • A dictionary attack
  • Cross-site Scripting (XSS)
  • SQL injection (CORRECT)

Woohoo! SQL injection is an attack directed towards sites utilizing a SQL database. If such a site bears vulnerabilities, the attacker may input their SQL command to delete, copy, or manipulate web data and other malicious actions.

13. An end-user received an email stating his bank account was compromised, and that he needs to click a link to reset his password. When the user visited the site, he recognized it as legitimate and entered his credentials which were captured by a hacker. What type of social engineering attack does this describe?

  • A baiting attack
  • A phishing attack (CORRECT)
  • A tailgating attack
  • A SQL injection attack

Nice job! Phishing is when a hacker sends a false email masquerading as genuine. So, say, you have received an email claiming that your account has been hacked from your bank. If you click on the link to reset your password, though, you get directed to a place that appears like the official site of your bank but is actually a fake site built to rip you off from your password!

14. When cleaning up a system after a compromise, you should look closely for any ______ that may have been installed by the attacker.

  • Injection attacks
  • Backdoors (CORRECT)
  • Poisoned DNS caches
  • Rogue APs

Well done! Definitively, it is the act of making complete duplication of all data, and hence also of every complete, unmodified contents of every file, regardless of whether the contents of files changed or not; when full copies are required, an exhaustive backup is created. Although this guarantees intensive backup activity, it may not be often efficient when done; it may become so when less constant and used too much with many files untouched.

15. The best defense against password attacks is using strong _______.

  • Passwords (CORRECT)
  • Antimalware software
  • Firewall configs
  • Encryption

Great job! Sometimes they can have to break between days or even weeks to crack a very strong password. A good and solid password can make a plan for an attack nearly impossible by increasing the time and energy taken to break into such a password.

16. A hacker stood outside a building and spun up a wireless network without anyone’s knowledge. At that point, the hacker was able to gain unauthorized access to a secure corporate network. Which of these is the name of this type of attack?

  • A Denial-of-Service (DoS) attack
  • SYN flood attack
  • A Rogue AP (Access Point) attack (CORRECT)
  • A DNS Cache Poisoning attack

Nice job! Access Point Rogue: An access point is set up on a network without the awareness of the administrator of that network. This poses a very serious security risk because it allows a hacker unauthorized entry into a secure network.

17. What can occur during a ping of death (POD) attack? Check all that apply.

  • A Denial-of-Service (DoS) (CORRECT)
  • Remote code execution (CORRECT)
  • Baiting
  • A buffer overflow (CORRECT)

POD or Packet of Death is said to overflow the buffer, as would cause a remote execution of malicious code.

Perfect. A POD is a DoS attack.

Oh yes. A POD indeed causes buffer overflow.

18. How can injection attacks be prevented? Check all that apply.

  • Log analysis systems
  • Input validation
  • Flood guards
  • Data sanitization (CORRECT)

Impeccably accomplished! Injection attacks can also be prevented by good software development principles such as validating inputs.

In perverting attacks, well done. Injection attacks can also be avoided with the right software engineering principles like sanitizing data.

19. How can you increase the strength of your passwords? Check all that apply.

  • Incorporate symbols and numbers. (CORRECT)
  • Exclude dictionary words. (CORRECT)
  • Use passwords from a precompiled list.
  • Use a mix of capital and lowercase letters. (CORRECT)

Awesome! A strong password serves as the primary defense against any sort of password attack. For instance, use upper and lower-case letters as well as numbers and special characters to create a tough password.

20. A network-based attack where one attacking machine overwhelms a target with traffic is a(n) _______ attack.

  • Denial of Service (CORRECT)
  • Injection
  • Malware
  • Brute force password

You got it! This is a standard Denial-of-Service (DoS) attack. It is important to realize that this is not a Distributed Denial-of-Service (DDoS) attack; instead of being spread across several attacking hosts, the attack traffic has one point of origin.

21. What makes a DDoS attack different from a DoS attack? Check all that apply.

  • A DDoS attack has attack traffic coming from one source.
  • A DoS attack has attack traffic coming from one source. (CORRECT)
  • A DoS attack has attack traffic coming from many different sources.
  • A DDoS attack has attack traffic coming from many different sources. (CORRECT)

That’s right! ”The additional “D” in DDoS pertains to “distributed”. Simply put, the attack traffic is distributed among multiple attacking machines, making it harder to handle compared to the usual Dos.”

22. Which of these is an example of the confidentiality principle that can help keep your data hidden from unwanted eyes?

  • Making sure the data hasn’t been tampered with (CORRECT)
  • Preventing an unwanted download
  • Preventing data loss
  • Protecting online accounts with password protection

Nice job! A password protection helps maintain ground access of the user to the data such that only the priviledged persons can open or view it.

23. What’s the difference between a virus and a worm?

  • Viruses replicate through files, but worms live on their own. (CORRECT)
  • Viruses do not replicate like worms do.
  • Worms replicate, viruses do not.
  • Worms replicate through files, but viruses live on their own.

Woohoo! The similarities between viruses and worms are that both are malware types but differ in how they proliferate. A virus attaches itself to files and proliferates when those files are shared. On the other hand, a worm can associate itself and can therefore move independently across networks.

24. A hacker infected your computer to steal your Internet connection and used your machine’s resources to mine Bitcoin. What is the name of this kind of attack?

  • Ransomware
  • Adware
  • A bot (CORRECT)
  • Spyware

You nailed it! Trojans can snatch hold of a user’s computer and set it to do some activity under a hacker’s control. Compromised machines are generally referred to as Bots and can be organized together into a larger Botnet platform for malicious use.

25. Which of these sends tons of packets to a system in order to crash it or prevents services from being available? Check all that apply.

  • SYN flood (CORRECT)
  • Ping flood (CORRECT)
  • An Evil Twin
  • Ping of Death (POD)

Great work! A ping flood represents a kind of Denial-of-Service (DoS) attack in that the attacker sends a huge number of ICMP echo requests (pings) to prevent the target computer from functioning properly, usually rendering it unresponsive or crashing it.

26. You receive a legitimate-looking email from a sender that you recognize asking you to click a funny link. But, once you do, malware installs on your computer. What is most likely the reason you got infected?

  • The sender’s email has been hacked.
  • The sender’s email password was cracked.
  • The sender’s email address was spoofed. (CORRECT)
  • The sender’s email password was used in a DNS Cache Poisoning attack.

Yep! The sender sent the email which was spoofed.

27. Which of these is a way to help prevent brute-force attacks? Check all that apply.

  • Strong passwords (CORRECT)
  • Password crackers
  • Using a precompiled list of common passwords
  • Captchas (CORRECT)

You’re right! It’s using strong passwords that, above all, prevents password attacks, such as brute-force attacks.

Correct: You nailed it! Automated password crackers can try accessing your credentials through cracking using passwords but still fail with a Corpus-assisted Password Authentication.

28. A(n) _____ attack is meant to prevent legitimate traffic from reaching a service.

  • Password
  • DNS Cache poisoning
  • Injection
  • Denial of Service (CORRECT)

Correct: Yes! A DoS, or denial-of-service, attack is meant to prevent legitimate traffic from reaching a service.

29. Which of these is true of vulnerabilities? Check all that apply.

  • A vulnerability is a flaw in the code of an application that can be exploited. (CORRECT)
  • An exploit is the possibility of taking advantage of a vulnerability bug in code.
  • A vulnerability is the possibility of suffering a loss in the event of an attack.
  • An exploit takes advantage of bugs and vulnerabilities. (CORRECT)

Yes, that’s right! Exploit is software that takes advantage of and “exploits” the vulnerability.

Yes, that’s right! An exploit takes advantage of and “exploits” bugs and vulnerabilities.

30. What type of attack can a hacker perform that involves injecting malicious code into a website to hijack a session cookie?

  • A password attack
  • Cross-site Scripting (XSS) (CORRECT)
  • Ping flood
  • SQL injection

Correct: Fantastic! XSS (Cross Site Scripting) is actually an injection attack through which the attacker inserts malicious scripts in the website, which then can be interpreted in a victim’s browser and result in hijacking of the session or similar things.

31. Phishing, baiting, and tailgating are examples of ________ attacks.

  • Password
  • Malware
  • Social engineering (CORRECT)
  • Network

Correct: Yep! All the three attack types are aimed at tricking or deceiving a person to gain trust from an attacker. Phishing incorporates deceptive emails to gain trust, baiting lures users with things such as USB drives, and tailgating takes place when someone follows an authorized person into a restricted area.

32. An attack that would allow someone to intercept your data as it’s being sent or received is called a(n) _________ attack.

  • SYN flood
  • Denial of Service
  • Man-in-the-middle (CORRECT)
  • Injection

Correct: A man-in-the-middle assault allows an assailant to capture, observe, and possibly shift your transmission between parties, usually with neither the sender nor the receiver knowing it.

33. If a hacker can steal your passwords by installing malware that captures all the messages you type, what kind of malware did the hacker install? Check all that apply.

  • A logic bomb
  • A rootkit
  • A keylogger (CORRECT)
  • Spyware (CORRECT)

Correct: Awesome! A hacker can record every keystroke with a keylogger which is one example of spyware.

Correct: Awesome! Spyware is intended to monitor you and then to acquire sensitive information, including passwords.

Leave a Comment