ITC – Introduction to Cybersecurity 3.0 Module 2: Attacks, Concepts and Techniques Questions and Answers

ITC – Introduction to Cybersecurity 3.0 Module 2: Attacks, Concepts and Techniques Questions and Answers

ITC – Introduction to Cybersecurity 3.0 Module 2: Attacks, Concepts, and Techniques – Questions and Answers provides a comprehensive breakdown of key concepts to help students and professionals effectively prepare for their exams. This module emphasizes understanding the fundamental principles of cybersecurity attacks, exploring various techniques such as malware, phishing, and denial-of-service attacks, and discussing mitigation strategies. In this resource, each question is paired with detailed answers and explanations, ensuring a clear understanding of the underlying concepts. Whether you’re reviewing for a certification exam or strengthening your cybersecurity knowledge, this guide is designed to enhance your learning experience.

1. Match each of the descriptions to the correct malware type by selecting an answer from each dropdown, then Submit.

  • Malware designed to track your online activity and capture your data ==> Spyware
  • Software that automatically delivers advertisements ==> Adware
  • Malware that holds a computer system captive until a payment is made to the attacker ==> Ransomware
  • Malicious code that attaches to legitimate programs and usually spreads by USB drives, optical media, network shares or email ==> Virus
  • Malicious code that replicates itself independently by exploiting vulnerabilities in networks ==> Worms

2. You’re enjoying your lunch in the canteen when a colleague approaches you. They seem distressed.

They explain that they can’t seem to connect to the public Wi-Fi on their phone and ask if you have the private Wi-Fi password to hand so that they can check that their phone is working.

How would you respond?

Select the correct answer, then Submit.

  • “Yes, of course. Give me your phone and I’ll put it in for you.”
  • “Sure. It’s Xgff76dB.”
  • “Mmm… I’m not sure we’re allowed to use the private Wi-Fi network. Let me check with my manager first.”

This colleague could be carrying out a social engineering attack, manipulating you to provide the password used to protect the organization’s private wireless network. You can never be too careful – and, for answering correctly, you’ve earned some defender points. Well done!

Hackers have other techniques up their sleeves. Some use brute-force attacks, testing possible password combinations to try and guess a password. Others are able to identify unencrypted passwords by listening in and capturing packets sent on the network. This is called network sniffing. If the password is encrypted, they may still be able to reveal it using a password cracking tool.

3. It looks as if the hackers are trying everything to crack @Apollo’s private Wi-Fi password. We have to make sure that the password is strong enough to withstand their attack!

Take a look at the following passwords. Click the numbers to put them in the correct order according to how long you think it would take an attacker to crack each one using brute-force, where 1 is the shortest amount of time and 4, the highest.

  • Password
  • 3trawberry
  • K4km9n2R
  • H$1gh#7iD@3

4. Carrying out brute-force attacks involves the attacker trying several possible combinations in an attempt to guess the password. These attacks usually involve a word-list file — a text file containing a list of words from a dictionary. A program such as Ophcrack, L0phtCrack, THC Hydra, RainbowCrack or Medusa will then try each word and common combinations until it finds a match.

Because brute-force attacks take time, complex passwords take much longer to guess.

Phew! That’s a lot to take in and hackers certainly have a lot of tools at their disposal. It is important that you know what these are so that you can protect yourself and @Apollo.

You think back to some of the suspicious activities that you’ve seen recently in the organization. Based on what you have learned in this topic, what type of attack could each of these scenarios be? Take your time with this one. You have a chance to earn some much-needed defender points.

Select the correct answer from the dropdowns, then Submit.

  • On your way into the office, a person whom you have never seen before asks you to hold the door — they forgot their access card ==> Social engineering
  • You have started getting an error message when accessing your computer: ‘Your connection was interrupted. A network change was detected.’ ==> DoS
  • You searched for @Apollo’s website on Google, but when you clicked on the top result, you were redirected to a page advertising antivirus software ==> SEO poisoning

You were able to identify the potential attacks that could be happening right under your nose. Remember, it’s important to stay alert and be mindful of all of the ways that attackers are trying to catch you out. Bear in mind that many modern attacks involve a blend of these methods, with cybercriminals often using multiple techniques to infiltrate and attack a system.

5. This has made you think about some of the vulnerabilities that may exist at @Apollo. After some investigation you’ve noted some potential issues.

Can you identify what category each of these vulnerabilities falls into? You have a chance to earn some defender points here and further safeguard @Apollo, so take your time.

Choose the correct answer from each of the dropdowns, then Submit.

  • On starting at @Apollo, your network password was emailed to you in plain text and you were not prompted to change it ==> Weakness in security practice
  • Past employees still have access to @Apollo’s customer database ==> Access control problem
  • New users can log into their @Apollo account, even if they have signed up with an incorrectly formatted email address ==> Non-validated input

Emailing sensitive information such as passwords in plain text is extremely risky and is a weakness in security practice. This information should at the very least be encrypted.
Past employees should not have access to customer information when leaving a company. This is a serious access control problem.
New users need to be validated before anything else can be done with their data. Using an incorrectly formatted email address to log on is a non-validated input error.