Course 5 – IT Security: Defense Against the Digital Dark Arts

by
Contents hide
1 Week 1: Understanding Security Threats
2 PRACTICE QUIZ: MALICIOUS SOFTWARE
3 PRACTICE QUIZ: NETWORK ATTACKS
4 PRACTICE QUIZ: OTHER ATTACKS
5 QUIZ: UNDERSTANDING SECURITY THREATS
Spread the love

Week 1: Understanding Security Threats

IT Security is now a module inside the IT Support Professional Certificate Program! This week will cover most of the groundwork for understanding IT security. We will learn definitions of and differences between security risks, vulnerabilities, and threats. Next in line would be the organization security attacks followed by the security in terms of the axis of CIA. At the end of this module, you’ll be able to identify different categories of malicious software and different types of network and client-side attacks, gain an understanding of the terminology used in essential security matters that are often understood in the field.

Learning Objectives:

  • Define and identify security risks, vulnerabilities, and threats.
  • Recognize the most common security attacks.
  • Understand how security is centered around the CIA principle.

PRACTICE QUIZ: MALICIOUS SOFTWARE

1. In the CIA Triad, “Confidentiality” means ensuring that data is:

  • not accessible by unwanted parties. (CORRECT)
  • accurate and was not tampered with.
  • accessible anonymously.
  • available and that people can access it.

Yes, “Confidentiality” in IT security means that sensitive data are being accessed only to authorized users or systems. There are multiple techniques and mechanisms for impact, protecting the data from unauthorized access-either by encryption or, most probably, by access controls-and other security protocols. The first objective is to keep the information hidden and prevent the leakage by unauthorized parties.

2. In the CIA Triad, “Integrity” means ensuring that data is:

  • available and that people can access it.
  • truthful and honest.
  • accurate and was not tampered with. (CORRECT)
  • not accessible by unwanted parties.

Exact! Thanks. Through the standard “integrity,” IT security guarantees that the information is maintained accurate, unchangeable, and trustworthy for its entire lifecycle. The data should be unchanged or untampered with either while it is in-transit or even when it is stored. Integrity mechanisms such as checksums, hashes, and digital signatures are used to validate that unauthorized means have not modified the data.

3. In the CIA Triad, “Availability” means ensuring that data is:

  • accurate and was not tampered with.
  • available to anyone from anywhere.
  • not accessible by unwanted parties.
  • available and people can access it. (CORRECT)

In information technology security, one important principle is availability, which is defined as the datan, systems, and services being accessible and functioning when required by users with authorized access. This function involves the prevention of interruptions likely to occur due to hardware failures, network problems, denial-of-service (DoS) attacks and robbery of cyber services. Measures such as redundancy, backups, and failover systems are put in place to ensure the availability of resources, keeping them up and running even during unexpected events.

4. What’s the relationship between a vulnerability and an exploit?

  • An exploit creates a vulnerability in a system.
  • An exploit takes advantage of a vulnerability to run arbitrary code or gain access. (CORRECT)
  • A vulnerability takes advantage of an exploit to run arbitrary code or gain access.
  • They’re unrelated.

Correct: True, false. It’s a flaw or defect in a system that an attacker can use to gain unauthorized access or cause damage. An exploit is then the technique or means of utilizing that “vulnerability”. An exploit could use programming bugs, faulty configurations, or security loopholes; through an exploit an assailant can compromise a system to take retrieval data or disable operations. Therefore, scheduled patch updates, maintenance, and security assessments would be part of securing systems against exploitation hazards.

5. Which statement is true for both a worm and a virus?

  • They’re self-replicating and self-propagating. (CORRECT)
  • They don’t cause any harm to the target system.
  • They infect other files with malicious code.
  • They’re undetectable by antimalware software.

Wohoo! Worms and viruses propagate different transmission modes: Global Positioning System (GPS) Propagation.

6. Check all examples of types of malware:

  • Worms (CORRECT)
  • Key Generators
  • Adware (CORRECT)
  • Viruses (CORRECT)

Very good! These three are types of unwanted software negatively affecting the invaded system; that is precisely what malware is.

7. What are the characteristics of a rootkit? Check all that apply.

  • Provides elevated credentials (CORRECT)
  • Is difficult to detect (CORRECT)
  • Is destructive
  • Is harmless

Right on! A rootkit can be created to give a third party administrative-level access, without the owner’s knowledge. Because of this reason, rootkits are designed to be held information proof and is difficult to recognize.

8. What does the CIA security model stand for?

  • Central Intelligence Agency
  • Computer Information Assurance
  • Confidentiality Integrity Availability (CORRECT)
  • Confidentiality Integrity Access

The confidentiality limits access to data only to persons appropriately authorized in this respect. Integrity ensures that data remains intact and free from corruption. Availability guarantees there is always access to services, and they are in an operative condition.

9. A zero-day vulnerability is:

  • a vulnerability that has already been exploited before the vulnerability has been disclosed. (CORRECT)
  • a vulnerability that has not been exploited yet.
  • a newly discovered vulnerability.
  • a harmless vulnerability.

Indeed that’s correct! The term “zero day” identifies a deficiency in software that has not yet been made known to the vendor or developer and thus has no time for a patch or remedial measure to be enacted before an intruder uses it against systems. The term “zero day” stems from the fact that a vulnerability goes unaddressed for “zero” days since a fix is created.

PRACTICE QUIZ: NETWORK ATTACKS

1. What are the dangers of a man-in-the-middle attack? Check all that apply.

  • An attacker can eavesdrop on unencrypted traffic. (CORRECT)
  • An attacker can block or redirect traffic. (CORRECT)
  • An attacker can destroy data at rest.
  • An attacker can modify traffic in transit. (CORRECT)

Correct! Sure! An attack “man-in-the-middle”-called as MitM is one in which an attacker secretly intercepts and possibly alters communications between two parties and neither party knows that the communication is actually on hold. Often this results in data theft, unauthorised changes, and very rarely denial of an actual service with very serious consequences on both individuals and organisations. It’s extremely important to be very cautious with this!”

2. Why is a DNS cache poisoning attack dangerous? Check all that apply.

  • It allows an attacker to remotely control your computer.
  • Errrr…it’s not actually dangerous.
  • It affects any clients querying the poisoned DNS server.
  • It allows an attacker to redirect targets to malicious webservers. (CORRECT)

That’s exactly right! Indeed! This procedure is termed as DNS cache poisoning (or DNS spoofing). By affixing injurious DNS record pills into the server cache, the attacker reroutes users to false websites, and this brings about activities such as phishing, theft of information, introduction of malware, etc. Because the user relies on the DNS for domain name resolution, cache poisoning tricks the user into believing that harmful sites are not suspicious, resulting in injuries. This is a dangerous attack and emphasizes the fact of securing DNS servers.

3. Which of the following is true of a DDoS attack?

  • Attack traffic comes from lots of different hosts. (CORRECT)
  • This type of attack causes a significant loss of data.
  • Attack traffic is encrypted.
  • An attacker sends attack traffic directly to the target.

Nice job! Correct! The “Distributed” in Distributed Denial of Service (DDoS) means that the attack traffic comes from several sources, frequently compromised machines that belong to a botnet. This makes it more difficult to stop, as the traffic seems to come from many different points-in-the-target’s-server or network infrastructure. DDoS attacks are meant for draining resources and causing denial of service and are categorically more difficult to eliminate as compared to attacks of a single point of origin.

4. Which of the following result from a denial-of-service attack? Check all that apply.

  • Data destruction
  • Malware infection
  • Slow network performance (CORRECT)
  • Service unreachable (CORRECT)

You nailed it! That’s true, it would mean overloading a service, system, or even networks with too many requests or traffic to prevent access by legitimate users. It basically overruns the specific target by creating such heavy traffic which prevents quick operations, or even worse, crashes the service completely, literally making it impossible to access. Normal operations are disrupted, usually bringing about downtime or losing the service altogether.

PRACTICE QUIZ: OTHER ATTACKS

1. How can you protect against client-side injection attacks? Check all that apply.

  • Use input validation (CORRECT)
  • Utilize strong passwords
  • Use data sanitization (CORRECT)
  • Use a SQL database

Correct! Definitely true! Input validation and data sanitization are the primary shields against injection attacks (like SQL injection and command injection). This will allow only the expected characters such as nemonic to be used in input, while other malicious inputs will not be executed. On the other hand, data sanitization is the step where removal or proper escaping of special characters (like quotes or semicolons) within a user-provided data can prevent the usage of such characters to contrive or bypass mechanisms for security. Thus, both these practices protect your application from various injection vulnerabilities.

2. True or false: A brute-force attack is more efficient than a dictionary attack.

  • TRUE
  • FALSE (CORRECT)

You nailed it! Unlike dictionary attacks, which specifically test passwords found in a previously defined list or dictionary file, a brute-force attack goes the distance of trying every possible combination of characters. Thus, with that, the dictionary attack saves time and resources because it does not have to generate passwords and, of course, makes fewer attempts.

3. Which of the following scenarios are social engineering attacks? Check all that apply.

  • Someone uses a fake ID to gain access to a restricted area. (CORRECT)
  • You receive an email with an attachment containing a virus. (CORRECT)
  • An attacker performs a man-in-the-middle attack.
  • An attacker performs a DNS Cache poisoning attack.

Great job! A malicious spam email is something that falls under social engineering and it is used to trick you into opening an attachment that has some malicious content in it. Using a fake ID to gain unauthorized accesses is another example of impersonation, which is quite a basic social engineering tactic.

QUIZ: UNDERSTANDING SECURITY THREATS

1. Which of the following are examples of injection attacks? Check all that apply.

  • SYN flood attack
  • Social engineering attack
  • SQL injection attack (CORRECT)
  • XSS attack (CORRECT)

Correct! An XSS attack or Cross Site Scripting attack is said to have occurred when a hacker attacks a web page with malicious code so that a victim’s browser executes the same. A SQL injection attack occurs when a hacker injects malicious SQL commands in a text input field so that the person gained illegal access to a database.

2. An attacker could redirect your browser to a fake website login page using what kind of attack?

  • DDoS attack
  • SYN flood attack
  • Injection attack
  • DNS cache poisoning attack (CORRECT)

Great job! When a DNS cache poisoning attack occurs, an attacker is able to manipulate the cache of a DNS server. So, for example, when you attempt to access a certain website, a request would not go to the legitimate host but rather to the one controlled by the attacker.

3. A SYN flood occurs when the attacker overwhelms a server with ______.

  • ACK packets
  • SYN packets (CORRECT)
  • Injection attacks
  • Malware

Nice work! SYN flooding attack usually involves sending multiple SYN packets to a victim machine without completing the TCP three-way handshaking process, thereby overwhelming the victim’s machine with requests for a service that cannot be delivered.

4. The best defense against injection attacks is to ______.

  • Use input validation (CORRECT)
  • Use antimalware software
  • Use a firewall
  • Use strong passwords

Indeed! That is correct. Input validation is a tool through which attackers can inject malicious commands through text input fields such that access is denied to any malicious or unexpected data.

5. Which of these is an example of the integrity principle that can ensure your data is accurate and untampered with?

  • Keeping a symmetric key secret
  • Implementing flood guards
  • Using MACs (Message Authentication Codes) (CORRECT)
  • Using Encapsulating Security Payload (CORRECT)

Correct! A MAC (Message Authentication Code) confirms that a message retains its integrity, in the sense that it has not changed while being communicated.

You are right about ESP in IPsec. It is used to protect communication by providing confidentiality, integrity, and authentication of IP packets through the encapsulation of IP packets.

6. If there are cyber threats and vulnerabilities to your system, what does that expose you to? Check all that apply.

  • Attacks (CORRECT)
  • The CIA triad
  • Exploits (CORRECT)
  • Tailgating

Honestly, I thank you for saying that because it is true. It is necessary to understand threats and vulnerabilities so as to proactively defend the system against possible attacks. If these weaknesses exist, they provide opportunities for hackers to exploit and compromise your system. Regular assessment. Security measures to mitigate risks.

7. Which of these is a characteristic of Trojan malware?

  • Ransomware
  • Adware
  • A backdoor (CORRECT)
  • A Trojan

You nailed it! A backdoor is a way for a hacker to get into a system through a secret entryway.

8. What is it called when a hacker is able to get into a system through a secret entryway in order to maintain remote access to the computer?

  • Salting
  • Asymmetric (CORRECT)
  • Symmetric
  • Hashing

Asymmetric encryption is a method of using a pair of keys for encryption and decryption; a public key and a private key. The public key will be given away and the data owner will keep hold of the private key.

9. Which of these are ways a hacker can establish a man-in-the-middle attack? Check all that apply.

  • Tailgating
  • Rogue Access Point (AP) (CORRECT)
  • Evil Twin (CORRECT)
  • Session hijacking (CORRECT)

In this case, the man-in-the-middle should access the unauthorized access point, providing the service. An intruder can set up a wireless access point, build a man-in-the-middle attack, and trick customers into accessing the intruder’s access point.

Evil Twin basically means creating an access point that is basically a clone to the access point that the victim is connecting with, thus intercepting all communications in between. A man here now is the middle between the victim and the genuine access point

Session hijacking or cookie hijacking is another common type of an MiTM attack that allows the hijacker to gain control over a valid session. It does so by stealing a cookie or session token from the victim and gaining unauthorized access to sensitive information.

10. Which of these is where a victim connects to a network that the victim thinks is legitimate, but is really an identical network controlled by a hacker to monitor traffic?

  • A Denial of Service (DoS)
  • A logic bomb
  • DNS Cache Poisoning
  • Evil Twin (CORRECT)

Woohoo! It’s right in the very definition of the Evil Twin attack. The victim here connects to a phony wireless network dangling like a legitimate one, while it’s actually established by a hacker. Such connection serves the hacker to capture sensitive private communications or initiate other attacks.

11. What is it called if a hacker takes down multiple services very quickly with the help of botnets?

  • Distributed denial-of-service (DDoS) (CORRECT)
  • Cross-site Scripting (XSS)
  • A password attack
  • A SQL injection

You nailed it! DDoS attacks utilize multiple machines and can take down services in greater volumes and quicker rates.

12. If a hacker targets a vulnerable website by running commands that delete the website’s data in its database, what type of attack did the hacker perform?

  • A Denial-of-Service (DoS) attack
  • A dictionary attack
  • Cross-site Scripting (XSS)
  • SQL injection (CORRECT)

Woohoo! Well! A SQL injection is also any form of attack where any malicious intent injected SQL command string with any arguments into an input field of a web-based application that does not validate such input for websites that use SQL databases. If the site is vulnerable, attackers can delete data or modify it further with stolen information or for other purposes. Proper validation of input and parameterization of queries prevents the occurrence of such attacks.

13. An end-user received an email stating his bank account was compromised, and that he needs to click a link to reset his password. When the user visited the site, he recognized it as legitimate and entered his credentials which were captured by a hacker. What type of social engineering attack does this describe?

  • A baiting attack
  • A phishing attack (CORRECT)
  • A tailgating attack
  • A SQL injection attack

Nice job! Definitely! Under phishing, social engineering comes when a hacker sends fake emails, one of which would say that you’ve been hacked from bank accounts. You go through the link for resetting the password and it takes you to a fake website, like that of your bank. Once you have entered your credentials, the hacker gets your password and is ready to steal your info. For this reason, always verify the source before clicking on links or entering sensitive information.

14. When cleaning up a system after a compromise, you should look closely for any ______ that may have been installed by the attacker.

  • Injection attacks
  • Backdoors (CORRECT)
  • Poisoned DNS caches
  • Rogue APs

Well done! Rightly said! The complete back-up means copying the entire set of data including all the files whether modified or not. Though this type of back-up comprises everything, it could be less efficient when regularly done as many of the files do not get changed often themselves. Rather, incremental or differential backups are often used to improve efficiency so that only modified data needs to be backed up.

15. The best defense against password attacks is using strong _______.

  • Passwords (CORRECT)
  • Antimalware software
  • Firewall configs
  • Encryption

Great job! Strong passwords will make password attacks too time-consuming to be viable for an attacker.

16. A hacker stood outside a building and spun up a wireless network without anyone’s knowledge. At that point, the hacker was able to gain unauthorized access to a secure corporate network. Which of these is the name of this type of attack?

  • A Denial-of-Service (DoS) attack
  • SYN flood attack
  • A Rogue AP (Access Point) attack (CORRECT)
  • A DNS Cache Poisoning attack

Nice job! Of course! Rogue Access Point – Unauthorized installation device on the network, unknown by the network administrator. Poses great potential risk for security because it can open a backdoor to hackers and let them get into the network without passing through security measures such as firewalls and encryption. Finding and blocking against rogue APs must be done to achieve security network.

17. What can occur during a ping of death (POD) attack? Check all that apply.

  • A Denial-of-Service (DoS) (CORRECT)
  • Remote code execution (CORRECT)
  • Baiting
  • A buffer overflow (CORRECT)

Woohoo! A POD can result in a buffer overflow which allows for the remote execution of malicious code.

Right on! A POD is a type of DoS attack.

Woohoo! A POD can result in a buffer overflow.

18. How can injection attacks be prevented? Check all that apply.

  • Log analysis systems
  • Input validation
  • Flood guards
  • Data sanitization (CORRECT)

Good software development practices can avoid injection attacks, such as validating input to ensure that data going into the system meets the expected format and does not contain malicious elements.

Another important mechanism in the prevention of injection attacks is data sanitization, which cleans potentially harmful characters or scripts from source data before arriving at the system and prevents any chances of malicious code execution in the system.

19. How can you increase the strength of your passwords? Check all that apply.

  • Incorporate symbols and numbers. (CORRECT)
  • Exclude dictionary words. (CORRECT)
  • Use passwords from a precompiled list.
  • Use a mix of capital and lowercase letters. (CORRECT)

Awesome! It also makes it harder for attackers to obtain access through unauthorized ways because of having one more layer added by multi-factor authentication (MFA).

20. A network-based attack where one attacking machine overwhelms a target with traffic is a(n) _______ attack.

  • Denial of Service (CORRECT)
  • Injection
  • Malware
  • Brute force password

You got it! Precisely! In a simple verbalization, this is a denial-of-service (DoS) attack where a person is trying to render a system unavailable by bombarding it with traffic. Since the traffic for the attack comes from a single source, it does not fall within the definition of a distributed denial-of-service (DDoS) attack, wherein the traffic would come from multiple attacking hosts to amplify the attack and sexier difficult to mitigate.

21. What makes a DDoS attack different from a DoS attack? Check all that apply.

  • A DDoS attack has attack traffic coming from one source.
  • A DoS attack has attack traffic coming from one source. (CORRECT)
  • A DoS attack has attack traffic coming from many different sources.
  • A DDoS attack has attack traffic coming from many different sources. (CORRECT)

That’s right! It is correct! The most important distinction is that the first ‘D’ in the acronym DDoS means ‘Distributed.’ This implies that the attacking traffic does not come from only one source: it rather comes from many. In a DDoS attack, the attacker indeed uses a botnet-an infected network of machines-to direct traffic at the target and makes the flood very difficult to block and mitigate. Compared to DoS attacks, such an attack uses a single source.

22. Which of these is an example of the confidentiality principle that can help keep your data hidden from unwanted eyes?

  • Making sure the data hasn’t been tampered with (CORRECT)
  • Preventing an unwanted download
  • Preventing data loss
  • Protecting online accounts with password protection

Nice job! Password protection can help limit access to your data so that only those who need it can see it.

23. What’s the difference between a virus and a worm?

  • Viruses replicate through files, but worms live on their own. (CORRECT)
  • Viruses do not replicate like worms do.
  • Worms replicate, viruses do not.
  • Worms replicate through files, but viruses live on their own.

Woohoo! Viruses and worms are similar. The difference is that a virus spreads through files and worms don’t need to attach to something to spread.

24. A hacker infected your computer to steal your Internet connection and used your machine’s resources to mine Bitcoin. What is the name of this kind of attack?

  • Ransomware
  • Adware
  • A bot (CORRECT)
  • Spyware

You nailed it! You are absolutely right! When malware invades a victim’s computer and grants the hacker remote access to it, that computer becomes a bot. Hackers have different uses for such compromised machines including launching DDoS attacks, sending spam emails, and gathering sensitive information from other computers. A botnet is simply a network of such bots. It helps magnify the attacker’s ability.

25. Which of these sends tons of packets to a system in order to crash it or prevents services from being available? Check all that apply.

  • SYN flood (CORRECT)
  • Ping flood (CORRECT)
  • An Evil Twin
  • Ping of Death (POD)

Great work! A ping flood sends tons of ICMP echo requests to take down a computer.

26. You receive a legitimate-looking email from a sender that you recognize asking you to click a funny link. But, once you do, malware installs on your computer. What is most likely the reason you got infected?

  • The sender’s email has been hacked.
  • The sender’s email password was cracked.
  • The sender’s email address was spoofed. (CORRECT)
  • The sender’s email password was used in a DNS Cache Poisoning attack.

Yep! The sender sent the email which was spoofed.

27. Which of these is a way to help prevent brute-force attacks? Check all that apply.

  • Strong passwords (CORRECT)
  • Password crackers
  • Using a precompiled list of common passwords
  • Captchas (CORRECT)

Indeed for password attaks- brute force attaks. Strong passwrods are the best bastion. Guesswork becomes much harder for automated tools.

Great deterrent measures against password attack is CAPTCHA. CAPTCHAs prevent automated systems from cracking passwords by requiring the user to solve a challenge, like recognizing some objects in images or typing distorted texts, thereby adding extra layer of safegaurding.

28. A(n) _____ attack is meant to prevent legitimate traffic from reaching a service.

  • Password
  • DNS Cache poisoning
  • Injection
  • Denial of Service (CORRECT)

Correct: Yes! A DoS, or denial-of-service, attack is meant to prevent legitimate traffic from reaching a service.

29. Which of these is true of vulnerabilities? Check all that apply.

  • A vulnerability is a flaw in the code of an application that can be exploited. (CORRECT)
  • An exploit is the possibility of taking advantage of a vulnerability bug in code.
  • A vulnerability is the possibility of suffering a loss in the event of an attack.
  • An exploit takes advantage of bugs and vulnerabilities. (CORRECT)

An exploit is the malicious code or software which damages the system or an application by exploiting its weaknesses. This allows the attacker to perform malicious actions.

Exploits are targeted at bugs and vulnerabilities that allow hackers to break into systems to run unauthorized processes, disrupt operations, or steal sensitive data. It is important to patch these systems and remediate their vulnerabilities regularly to prevent exploitation.

30. What type of attack can a hacker perform that involves injecting malicious code into a website to hijack a session cookie?

  • A password attack
  • Cross-site Scripting (XSS) (CORRECT)
  • Ping flood
  • SQL injection

Correct: Cross site scripting, abbreviated as XSS, is a form of an injection attack where an attacker injects malicious scripts into a specific web page, such as the one that is hosted by a web application that has compromised security. This is then executed from the user’s browser, resulting in a session hijack whereby the attacker can steal session cookies and impersonate any user.

31. Phishing, baiting, and tailgating are examples of ________ attacks.

  • Password
  • Malware
  • Social engineering (CORRECT)
  • Network

Correct: The three attack methods, in essence, want people to psych them into believing that they actually are trusting an attacker. Phishing-deceptive mails, baiting-physical accessories such as USBs as bait, and tailgating-following another individual into an entry controlled area by an attacker.

32. An attack that would allow someone to intercept your data as it’s being sent or received is called a(n) _________ attack.

  • SYN flood
  • Denial of Service
  • Man-in-the-middle (CORRECT)
  • Injection

Correct: So exactly! It is an attack in which an attacker can hijack and observe and even possibly manipulate communications between two parties. They won’t even realize it.

33. If a hacker can steal your passwords by installing malware that captures all the messages you type, what kind of malware did the hacker install? Check all that apply.

  • A logic bomb
  • A rootkit
  • A keylogger (CORRECT)
  • Spyware (CORRECT)

Correct: Exactly! A keylogger is a type of spyware that captures all your keystrokes, which can include somevery sensitive information such as passwords.

Correct: Right! Spyware are employed mostly for tracking your activities and stealing your individual data- passwords or other private information, for example.

Leave a Comment