IT Security: Defense against digital dark arts quiz answers

Coursera Google IT Security: Defense against the digital dark arts quiz answers to all weekly questions (weeks 1-6):

Week 1: Understanding Security Threats
Week 2: Pelcgbybtl (Cryptology)
Week 3: AAA Security (Not Roadside Assistance)
Week 4: Securing Your Networks
Week 5: Defense in Depth
Week 6: Creating a Company Culture for Security

You may also be interested in Google IT Support Professional Certificate quiz answers.

Google IT Support Professional Certificate quiz answers

Technical Support Fundamentals – quiz answers

The Bits and Bytes of Computer Networking – quiz answers

Operating Systems and You: Becoming a Power User – quiz answers

System Administration and IT Infrastructure Services – quiz answers

IT Security: Defense against the digital dark arts quiz answers

IT Security: Defense against the digital dark arts is Course 5 of the five-course Google IT Support Professional Certificate.

This course covers a wide variety of IT security concepts, tools, and best practices. It introduces threats and attacks and the many ways they can show up. We’ll give you some background of encryption algorithms and how they’re used to safeguard data. Then, we’ll dive into the three As of information security: authentication, authorization, and accounting. We’ll also cover network security solutions, ranging from firewalls to Wifi encryption options. The course is rounded out by putting all these elements together into a multi-layered, in-depth security architecture, followed by recommendations on how to integrate a culture of security into your organization or team.

At the end of this course, you’ll understand:
● how various encryption algorithms and techniques work as well as their benefits and limitations.
● various authentication systems and types.
● the difference between authentication and authorization.
● how to evaluate potential risks and recommend ways to reduce risk.
● best practices for securing a network.
● how to help others to grasp security concepts and protect themselves.

Week 1: Understanding Security Threats quiz answers

Welcome to the IT Security course of the Google IT Support Professional Certificate! In the first week of this course, we will cover the basics of security in an IT environment. We will learn how to define and recognize security risks, vulnerabilities and threats. We’ll identify the most common security attacks in an organization and understand how security revolves around the “CIA” principle. By the end of this module, you will know the types of malicious software, network attacks, client-side attacks, and the essential security terms you’ll see in the workplace.

Malicious Software

Question 1

In the CIA Triad, “Confidentiality” means ensuring that data is:

accurate and was not tampered with.
not accessible by unwanted parties.
accessible anonymously.
available and that people can access it.

“Confidentiality,” in this context, means preventing unauthorized third parties from gaining access to the data.

Question 2

In the CIA Triad, “Integrity” means ensuring that data is:

available and that people can access it.
not accessible by unwanted parties.
truthful and honest.
accurate and was not tampered with.

That’s not the kind of integrity we’re referring to here. Data integrity means ensuring that data is not corrupted or tampered with.

Question 3

In the CIA Triad, “Availability” means ensuring that data is:

available to anyone from anywhere.
accurate and was not tampered with.
not accessible by unwanted parties.
available and people can access it.

“Availability,” in this context, means ensuring that data and services remain accessible to those who are authorized to access them.

Question 4

What’s the relationship between a vulnerability and an exploit?

A vulnerability takes advantage of an exploit to run arbitrary code or gain access.
An exploit takes advantage of a vulnerability to run arbitrary code or gain access.
They’re unrelated.
An exploit creates a vulnerability in a system.

A vulnerability is a bug or hole in a system. It allows an attacker to gain access by using an exploit, which takes advantage of the vulnerability.

Question 5

Which statement is true for both a worm and a virus?

They’re self-replicating and self-propagating.
They’re undetectable by antimalware software.
They infect other files with malicious code.
They don’t cause any harm to the target system.

Both worms and viruses are capable of spreading themselves using a variety of transmission means.

Question 6

Check all examples of types of malware:

Key Generators
Adware
Worms
Viruses

These three are all examples of unwanted software that can cause adverse affects to an infected system, which is exactly what malware is

Question 7

What are the characteristics of a rootkit? Check all that apply.

Is difficult to detect
Is harmless
Is destructive
Provides elevated credentials

A rootkit is designed to provide administrator-level access to a third party without the system owner’s knowledge. Given this, rootkits are usually designed to avoid detection and can be difficult to detect.

Network Attacks

Question 1

What are the dangers of a man-in-the-middle attack? Check all that apply.

An attacker can block or redirect traffic.
An attacker can destroy data at rest.
An attacker can eavesdrop on unencrypted traffic.
An attacker can modify traffic in transit.

A man-in-the-middle attack means that the attacker has access to your network traffic. This allows them to eavesdrop, modify traffic in transit, or block traffic entirely. Yikes!

Question 2

Why is a DNS cache poisoning attack dangerous? Check all that apply.

It allows an attacker to redirect targets to malicious webservers.
Errrr…it’s not actually dangerous.
It affects any clients querying the poisoned DNS server.
It allows an attacker to remotely control your computer.

By inserting fake DNS records into a DNS server’s cache, every client that queries this record will be served the fake information. This allows an attacker to redirect clients to a web server of their choosing.

Question 3

Which of the following is true of a DDoS attack?

This type of attack causes a significant loss of data.
An attacker sends attack traffic directly to the target.
Attack traffic comes from lots of different hosts.
Attack traffic is encrypted.

The “Distributed” in DDoS means that the attack traffic is distributed across a large number of hosts, resulting in the attack coming from many different machines.

Question 4

Which of the following result from a denial-of-service attack? Check all that apply.

Malware infection
Data destruction
Slow network performance
Service unreachable

A denial-of-service attack is meant to prevent legitimate traffic from reaching a service. This is usually done by flooding the victim with attack traffic, degrading network and system performance, and rendering services unreachable.

Other Attacks

Question 1

How can you protect against client-side injection attacks? Check all that apply.

Use data sanitization
Use a SQL database
Utilize strong passwords
Use input validation

By checking user-provided input and only allowing certain characters to be valid input, you can avoid injection attacks. You can also use data sanitization, which involves checking user-supplied input that’s supposed to contain special characters to ensure they don’t result in an injection attack.

Question 2

True or false: A brute-force attack is more efficient than a dictionary attack.

TRUE
FALSE

A brute-force attack tries out every possible valid combination of characters to guess the password, while a dictionary attack only tries passwords contained in a dictionary file. This means the dictionary attack is more efficient, since it doesn’t generate the passwords and has a smaller number of guesses to attempt.

Question 3

Which of the following scenarios are social engineering attacks? Check all that apply.

An attacker performs a DNS Cache poisoning attack.
Someone uses a fake ID to gain access to a restricted area.
An attacker performs a man-in-the-middle attack.
You receive an email with an attachment containing a virus.

A malicious spam email is a form of social engineering; the email is designed to trick you into opening a malicious payload contained in the attachment. Using a fake ID to gain entry to somewhere you’re not permitted is impersonation, a classic social engineering technique.

Graded Assessment

Understanding Security Threats

Question 1

A network-based attack where one attacking machine overwhelms a target with traffic is a(n) _ attack.

Injection
Malware
Denial of Service
Brute force password

This is a classic denial-of-service attack. Note that this is not a distributed denial-of-service attack, as the attack traffic is coming from a single source and not distributed over many attacking hosts

Question 2

When cleaning up a system after a compromise, you should look closely for any __ that may have been installed by the attacker.

Poisoned DNS caches [INCORRECT]
Backdoors
Rogue APs
Injection attacks

Question 3

A(n) _ attack is meant to prevent legitimate traffic from reaching a service.

Denial of Service
Injection
Password
DNS Cache poisoning [INCORRECT]

Question 4

The best defense against password attacks is using strong _.

Passwords
Encryption
Firewall configs
Antimalware software

Strong passwords will make password attacks too time-consuming to be viable for an attacker.

Question 5

Which of these is an example of the confidentiality principle that can help keep your data hidden from unwanted eyes?

Protecting online accounts with password protection
Making sure the data hasn’t been tampered with
Preventing data loss
Preventing an unwanted download

Password protection can help limit access to your data so that only those who need it can see it.

Question 6

What could potentially decrease the availability of security and also test the preparedness of data loss?

Adware
Keylogger
Spyware
Ransomware

Ransomware could prevent access to your data by holding the data hostage until you pay a ransom.

Question 7

Which of these is a characteristic of Trojan malware?

A Trojan is basically backdoor malware.
A Trojan may get installed without the user’s consent.
A Trojan is the same thing as a rootkit.
A Trojan infection needs to be installed by the user.

Just like how the historical Trojan horse was accepted into the city by the citizens of Troy, a malicious Trojan disguised in a trusted program has to be accepted and executed by the user.

Question 8

What is it called when a hacker is able to get into a system through a secret entryway in order to maintain remote access to the computer?

A backdoor
Ransomware
A Trojan
Adware

A backdoor is a way for a hacker to get into a system through a secret entryway.

Question 9

An unhappy Systems Administrator wrote a malware program to bring down the company’s services after a certain event occurred. What type of malware does this describe?

A logic bomb
A rootkit
Ransomware
Spyware

A logic bomb is malware that is intentionally triggered by a hacker once a certain event or time has occurred.

Question 10

Which of these is where a victim connects to a network that the victim thinks is legitimate, but is really an identical network controlled by a hacker to monitor traffic?

A Denial of Service (DoS)
Evil Twin
A logic bomb
DNS Cache Poisoning

The premise of an Evil Twin is for the victim to connect to a network that is identical to a legit one, but it is actually controlled by a hacker.

Question 11

How can injection attacks be prevented? Check all that apply.

Data sanitization
Flood guards
Log analysis systems
Input validation

Injection attacks can be mitigated with good software development principles such as validating input.

Question 12

If a hacker targets a vulnerable website by running commands that delete the website’s data in its database, what type of attack did the hacker perform?

A Denial-of-Service (DoS) attack
A dictionary attack
Cross-site Scripting (XSS)
SQL injection

A SQL injection targets an entire website if the site uses a SQL database. If vulnerable, hackers can run SQL commands that allow them to delete web data, copy it, and run other malicious commands.

Question 13

An attacker, acting as a postal worker, used social engineering tactics to trick an employee into thinking she was legitimately delivering packages. The attacker was then able to gain physical access to a restricted area by following behind the employee into the building. What type of attack did the attacker perform? Check all that apply.

Tailgating
Phishing
Spoofing
Social engineering

Social engineering is an attack method that relies heavily on interactions with humans. Humans will always be the weakest link in a security system.

Week 2: Pelcgbybtl (Cryptology) quiz answers

In the second week of this course, we’ll learn about cryptology. We’ll explore different types of encryption practices and how they work. We’ll show you the most common algorithms used in cryptography and how they’ve evolved over time. By the end of this module, you’ll understand how symmetric encryption, asymmetric encryption, and hashing work; you’ll also know how to choose the most appropriate cryptographic method for a scenario you may see in the workplace.

Cryptography Applications

Question 1

What information does a digital certificate contain? Check all that apply.

Public key data
Identifying information of the certificate owner
Digital signature
Private key data

A digital certificate contains the public key information, along with a digital signature from a CA. It also includes information about the certificate, like the entity that the certificate was issued to.

Question 2

Which type of encryption does SSL/TLS use?

Asymmetric encryption
Symmetric encryption
Neither
Both

SSL/TLS use asymmetric algorithms to securely exchange information used to derive a symmetric encryption key.

Question 3

What are some of the functions that a Trusted Platform Module can perform? Check all that apply.

Remote attestation
Malware detection
Secure user authentication
Data binding and sealing

A TPM can be used for remote attestation, ensuring that a host is a known good state and hasn’t been modified or tampered (from a hardware and a software perspective). TPMs can also seal and bind data to them, encrypting data against the TPM. This also allows it to be decrypted by the TPM, only if the machine is in a good and trusted state.

Hashing

Question 1

How is hashing different from encryption?

Hashing operations are one-directional.
Hashing is meant for large amounts of data, while encryption is meant for small amounts of data.
It’s less secure.
It’s faster.

Hash functions, by definition, are one-way, meaning that it’s not possible to take a hash and recover the input that generated the hash. Encryption, on the other hand, is two-directional, since data can be both encrypted and decrypted.

Question 2

What’s a hash collision?

When two identical files generate different hash digests
When a hash digest is reversed to recover the original
When two different hashing algorithms produce the same hash
When two different files generate the same hash digest

If two different files result in the same hash, this is referred to as a hash collision. Hash collisions aren’t awesome, as this would allow an attacker to create a fake file that would pass hash verification.

Question 3

How is a Message Integrity Check (MIC) different from a Message Authentication Code (MAC)?

A MIC only hashes the message, while a MAC incorporates a secret key.
A MAC requires a password, while a MIC does not.
They’re the same thing.
A MIC is more reliable than a MAC.

A MIC can be thought of as just a checksum or hash digest of a message, while a MAC uses a shared secret to generate the checksum. This also makes it authenticated, since the other party must also have the same shared secret, preventing a third party from forging the checksum data.

Question 4

How can you defend against brute-force password attacks? Check all that apply.

Store passwords in a rainbow table.
Incorporate salts into password hashing.
Run passwords through the hashing function multiple times.
Enforce the use of strong passwords.

A brute-force password attack involves guessing the password. So, having complex and long passwords will make this task much harder and will require more time and resources for the attacker to succeed. Incorporating salts into password hashes will protect against rainbow table attacks, and running passwords through the hashing algorithm lots of times also raises the bar for an attacker, requiring more resources for each password guess.

Symmetric Encryption

Question 1

What are the components that make up a cryptosystem? Check all that apply.

Decryption algorithms
Encryption algorithms
Transmission algorithms
Key generation algorithms

A cryptosystem is a collection of algorithms needed to operate an encryption service. This involves generating encryption keys, as well as encryption and decryption operations.

Question 2

What is steganography?

The study of languages
The practice of encoding messages
The study of stegosauruses
The practice of hiding messages

Steganography involves hiding messages, but not encoding them.

Question 3

What makes an encryption algorithm symmetric?

High speed
Different keys used for encryption and decryption
The same keys used for encryption and decryption
Very large key sizes

The symmetry of a symmetric algorithm refers to one key being used for both encryption and decryption.

Question 4

What’s the difference between a stream cipher and a block cipher?

Block ciphers are only used for block device encryption.
Stream ciphers can’t save encrypted data to disk.
Stream ciphers encrypt data as a continuous stream, while block ciphers operate on chunks of data.
There is no difference.

A stream cipher takes data in as a continuous stream, and outputs the ciphertext as a continuous stream, too. A block cipher encrypts the data in chunks, or blocks.

Question 5

True or false: The smaller the encryption key is, the more secure the encrypted data is.

TRUE
FALSE

The reverse is true. The larger the key, the more secure the encrypted data will be.

Week Two Practice Quiz

Question 1

Plaintext is the original message, while _ is the encrypted message.

Ciphertext
Digest
Cipher
Algorithm

Once the original message is encrypted, the result is referred to as ciphertext.

Question 2

The specific function of converting plaintext into ciphertext is called a(n) __.

Encryption algorithm
Integrity check
Data protection standard
Permutation

An encryption algorithm is the specific function or steps taken to convert plaintext into encrypted ciphertext.

Question 3

Studying how often letters and pairs of letters occur in a language is referred to as _.

Codebreaking
Cryptography
Frequency analysis
Espionage

Frequency analysis involves studying how often letters occur, and looking for similarities in ciphertext to uncover possible plaintext mappings.

Question 4

True or false: The same plaintext encrypted using the same algorithm and same encryption key would result in different ciphertext outputs.

TRUE
FALSE

If the plaintext, algorithm, and key are all the same, the resulting ciphertext would also be the same.

Question 5

The practice of hiding messages instead of encoding them is referred to as __.

Encryption
Hashing
Obfuscation
Steganography

Steganography involves hiding messages from discovery instead of encoding them.

Question 6

ROT13 and a Caesar cipher are examples of _.

Digital signatures
Steganography
Substitution ciphers
Asymmetric encryption

These are both examples of substitution ciphers, since they substitute letters for other letters in the alphabet.

Question 7

DES, RC4, and AES are examples of __ encryption algorithms.

Asymmetric
Strong
Symmetric
Weak

DES, RC4, and AES are all symmetric encryption algorithms.

Question 8

What are the two components of an asymmetric encryption system, necessary for encryption and decryption operations? Check all that apply.

Private key
Random number generator
Digest
Public key

In asymmetric encryption systems, there’s a private key used for encryption, and a public key used for decryption.

Question 9

To create a public key signature, you would use the __ key.

Decryption
Symmetric
Private
Public [INCORRECT]

Question 10

Using an asymmetric cryptosystem provides which of the following benefits? Check all that apply.

Non-repudiation
Authenticity
Hashing
Confidentiality

Confidentiality is provided by the encryption, authenticity is achieved through the use of digital signatures, and non-repudiation is also provided by digitally signing data.

Question 11

If two different files result in the same hash, this is referred to as a __.

Mistake
Coincidence
Key collision
Hash collision

A hash collision is when two different inputs yield the same hash.

Question 12

When authenticating a user’s password, the password supplied by the user is authenticated by comparing the __ of the password with the one stored on the system.

Hash
Plaintext
Ciphertext
Length

Passwords are verified by hashing and comparing hashes. This is to avoid storing plaintext passwords.

Question 13

If a rainbow table is used instead of brute-forcing hashes, what is the resource trade-off?

Rainbow tables use less computational resources and more storage space
Rainbow tables use less RAM resources and more computational resources
Rainbow tables use less storage space and more RAM resources
Rainbow tables use less storage space and more computational resources

Instead of computing every hash, a rainbow table is a precomputed table of hashes and text. Using a rainbow table to lookup a hash requires a lot less computing power, but a lot more storage space.

Question 14

In a PKI system, what entity is responsible for issuing, storing, and signing certificates?

Government
Certificate Authority
Intermediary Authority
Registration Authority

The certificate authority is the entity that signs, issues, and stores certificates.

Graded Assessment

# generate a 2048-bit RSA private key
openssl genrsa -out private_key.pem 2048
cat private_key.pem

# generate public key
openssl rsa -in private_key.pem -outform PEM -pubout -out public_key.pem
cat public_key.pem

# creating a text file
echo 'This is a secret message, for authorized parties only' > secret.txt

# encrpyt the file using public key
openssl rsautl -encrypt -pubin -inkey public_key.pem -in secret.txt -out secret.enc

# decrpyt the message using private key
openssl rsautl -decrypt -inkey private_key.pem -in secret.enc

# create hash digest
openssl dgst -sha256 -sign private_key.pem -out secret.txt.sha256 secret.txt

# verification
openssl dgst -sha256 -verify public_key.pem -signature secret.txt.sha256 secret.txt

# MD 5
# creating a text file
echo 'This is some text in a file, just so we have some data' > file.txt
# generate the MD5 sum for the file and store it
md5sum file.txt > file.txt.md5
cat file.txt.md5
# verify that the hash is correct
# and that the original file hasn't been tampered with since the sum was made
md5sum -c file.txt.md5

# Verifying an invalid file
# make a copy of file
cp file.txt badfile.txt
# generate new md5sum for the new file
md5sum badfile.txt > badfile.txt.md5
# check the resulting hash
cat badfile.txt.md5
cat file.txt.md5
# edit file and add a space character to the end of the file
nano badfile.txt
# verify
md5sum -c badfile.txt.md5
# generate new hash
md5sum badfile.txt > new.badfile.txt.md5
cat new.badfile.txt.md5

# SHA1
# create sh1 sum
shasum file.txt > file.txt.sha1
cat file.txt.sha1
# verify
shasum -c file.txt.sha1

# SHA256
# generate sha256 sum
shasum -a 256 file.txt > file.txt.sha256
cat file.txt.sha256
shasum -c file.txt.sha256

Week 3: AAA Security (Not Roadside Assistance) quiz answers

In the third week of this course, we’ll learn about the “three A’s” in cybersecurity. No matter what type of tech role you’re in, it’s important to understand how authentication, authorization, and accounting work within an organization. By the end of this module, you’ll be able to choose the most appropriate method of authentication, authorization, and level of access granted for users in an organization.

Authentication

Question 1

How is authentication different from authorization?

They’re the same thing.
Authentication is verifying access to a resource; authorization is verifying an identity.
Authentication is identifying a resource; authorization is verifying access to an identity.
Authentication is verifying an identity; authorization is verifying access to a resource.

Authentication is proving that an entity is who they claim to be, while authorization is determining whether or not that entity is permitted to access resources.

Question 2

What are some characteristics of a strong password? Check all that apply,

Contains dictionary words
Includes numbers and special characters
Is used across accounts and systems
Is at least eight characters long

A strong password should contain a mix of character types and cases, and should be relatively long — at least eight characters, but preferably more.

Question 3

In a multi-factor authentication scheme, a password can be thought of as:

something you know.
something you have.
something you use.
something you are.

Biometrics as an additional authentication factor is something you are, while passwords are something you know.

Question 4

What are some drawbacks to using biometrics for authentication? Check all that apply.

Biometric authentication is much slower than alternatives.
Biometrics are easy to share.
There are potential privacy concerns.
Biometric authentication is difficult or impossible to change if compromised.

If a biometric characteristic, like your fingerprints, is compromised, your option for changing your “password” is to use a different finger. This makes “password” changes limited. Other biometrics, like iris scans, can’t be changed if compromised. If biometric authentication material isn’t handled securely, then identifying information about the individual can leak or be stolen.

Question 5

In what way are U2F tokens more secure than OTP generators?

They’re password-protected.
They can’t be cloned.
They’re resistant to phishing attacks.
They’re cheaper.

With one-time-password generators, the one-time password along with the username and password can be stolen through phishing. On the flip side, U2F authentication is impossible to phish, given the public key cryptography design of the authentication protocol.

Question 6

What elements of a certificate are inspected when a certificate is verified? Check all that apply.

Trust of the signatory CA
Certificate key size
“Not valid after” date
“Not valid before” date

To verify a certificate, the period of validity must be checked, along with the signature of the signing certificate authority, to ensure that it’s a trusted one.

Question 7

What is a CRL?

Certified Recursive Listener
Certificate Revocation List
Certificate Recording Language
Caramel Raspberry Lemon

CRL stands for “Certificate Revocation List.” It’s a list published by a CA, which contains certificates issued by the CA that are explicitly revoked, or made invalid.

Question 8

What are the names of similar entities that a Directory server organizes entities into?

Clusters
Groups
Trees
Organizational Units

Directory servers have organizational units, or OUs, that are used to group similar entities.

Question 9

True or false: The Network Access Server handles the actual authentication in a RADIUS scheme.

True
False

The Network Access Server only relays the authentication messages between the RADIUS server and the client; it doesn’t make an authentication evaluation itself.

Question 10

True or false: Clients authenticate directly against the RADIUS server.

True
False

Clients actually don’t interact with the RADIUS server directly. Instead, they relay authentication via the Network Access Server.

Question 11

What does a Kerberos authentication server issue to a client that successfully authenticates?

A ticket-granting ticket
A master password
An encryption key [INCORRECT]
A digital certificate

Question 12

What advantages does single sign-on offer? Check all that apply.

It provides encrypted authentication.
It reduces the total number of credentials,
It enforces multifactor authentication.
It reduces time spent authenticating.

SSO allows one set of credentials to be used to access various services across sites. This reduces the total number of credentials that might be otherwise needed. SSO authentication also issues an authentication token after a user authenticates using username and password. This token then automatically authenticates the user until the token expires. So, users don’t need to reauthenticate multiple times throughout a work day.

Question 13

What does OpenID provide?

Certificate signing
Digital signatures
Authentication delegation
Cryptographic hashing

OpenID allows authentication to be delegated to a third-party authentication service.

Authorization and Accounting

Question 1

What role does authorization play?

It determines whether or not an entity has access to a resource.
It verifies an entity’s identity.
It verifies passwords.
It provides strong encryption.

Authorization has to do with what resource a user or account is permitted or not permitted to access.

Question 2

What does OAuth provide?

Confidentiality
Integrity
Access delegation
Secure communications

OAuth is an open authorization protocol that allows account access to be delegated to third parties, without disclosing account credentials directly.

Question 3

How is auditing related to accounting?

They’re not related.
They’re the same thing.
Accounting is reviewing records, while auditing is recording access and usage.
Accounting is recording access and usage, while auditing is reviewing these records.

Accounting involves recording resource and network access and usage. Auditing is reviewing these usage records by looking for any anomalies.

Graded Assessment

AAA Security (Not Roadside Assistance)

Question 1

Authentication is concerned with determining _.

Identity
Validity
Access
Eligibility

Authentication is concerned with confirming the identities of individuals.

Question 2

The two types of one-time-password tokens are _ and _. Check all that apply.

Counter-based
Password-based
Time-based
Identity-based

An OTP generator token can be time-based, staying in sync with the server using time.

Question 3

In addition to the client being authenticated by the server, certificate authentication also provides __.

Authorization
Malware protection
Integrity
Server authentication

The client will validate the server’s certificate, thereby providing server authentication and client authentication.

Question 4

Kerberos uses _ as authentication tokens.

Tickets
Certificates
Passwords
Cryptographic keys

Kerberos issues tickets, which represent authentication and authorization tokens.

Question 5

Which of these passwords is the strongest for authenticating to a system?

P@w04d!$$L0N6
P@55w0rd!
Password!
P@ssword!

This is a strong password because of length, numbers, upper and lowercase letters, and special characters.

Question 6

In a Certificate Authority (CA) infrastructure, why is a client certificate used?

To authenticate the server
To authenticate the CA
To authenticate the client
To authenticate the subordinate CA

A client certificate is used to authenticate the client with other computers.

Question 7

A network admin wants to use a Remote Authentication Dial-In User Service (RADIUS) protocol to allow 5 user accounts to connect company laptops to an access point in the office. These are generic users and will not be updated often. Which of these internal sources would be appropriate to store these accounts in?

Active Directory
LDAP
Flat file
SQL database

Question 8

What are the benefits of using a Single Sign-On (SSO) authentication service? Check all that apply.

One set of credentials for the user
Reduce likelihood of passwords being written down
Reduce overhead of password assistance
Reduce time spent on re-authenticating to services

Single Sign-On (SSO) reduces the time spent on re-authenticating to services.

Question 9

In the three As of security, which part pertains to describing what the user account does or doesn’t have access to?

Authentication
Accounting
Authorization
Accessibility

Authorization pertains to describing what the user account does or doesn’t have access to.

Question 10

A company is utilizing Google Business applications for the marketing department. These applications should be able to temporarily access a user’s email account to send links for review. Why should the company use Open Authorization (OAuth) in this situation?

Administer multiple network devices
Gain access through a wireless access point
Utilize a Key Distribution Center server
Compatibility with third party apps

Open Authorization (OAuth) grants third-party websites and applications access to users’ information, like email, without sharing account credentials.

Question 11

Access control entries can be created for what types of file system objects? Check all that apply.

Folders
APIs
Programs
Files

Access control entries can define permissions controlling read, write, or execute functionalities on files.

Week 4: Securing Your Networks quiz answers

In the fourth week of this course, we’ll learn about secure network architecture. It’s important to know how to implement security measures on a network environment, so we’ll show you some of the best practices to protect an organization’s network. We’ll learn about some of the risks of wireless networks and how to mitigate them. We’ll also cover ways to monitor network traffic and read packet captures. By the end of this module, you’ll understand how VPNs, proxies and reverse proxies work; why 802.1X is a super important for network protection; understand why WPA/WPA2 is better than WEP; and know how to use tcpdump to capture and analyze packets on a network. That’s a lot of information, but well worth it for an IT Support Specialist to understand!

Network Monitoring

Question 1

What does tcpdump do? Select all that apply.

Encrypts your packets
Analyzes packets and provides a textual analysis
Captures packets
Generates packets

Tcpdump is a packet capture and analysis utility, not a packet generator.

Question 2

What does wireshark do differently from tcpdump? Check all that apply.

It can write packet captures to a file.
It has a graphical interface.
It understands more application-level protocols.
It can capture packets and analyze them.

tcpdump is a command line utility, while wireshark has a powerful graphical interface. While tcpdump understands some application-layer protocols, wireshark expands on this with a much larger complement of protocols understood.

Question 3

What factors should you consider when designing an IDS installation? Check all that apply.

Internet connection speed
Storage capacity
OS types in use
Traffic bandwidth

It’s important to understand the amount of traffic the IDS would be analyzing. This ensures that the IDS system is capable of keeping up with the volume of traffic. Storage capacity is important to consider for logs and packet capture retention reasons.

Question 4

What is the difference between an Intrusion Detection System and an Intrusion Prevention System?

An IDS can actively block attack traffic, while an IPS can only alert on detected attack traffic.
An IDS can alert on detected attack traffic, but an IPS can actively block attack traffic.
An IDS can detect malware activity on a network, but an IPS can’t
They are the same thing.

An IDS only detects intrusions or attacks, while an IPS can make changes to firewall rules to actively drop or block detected attack traffic.

Question 5

What factors would limit your ability to capture packets? Check all that apply.

Network interface not being in promiscuous or monitor mode
Anti-malware software
Encryption
Access to the traffic in question

If your NIC isn’t in monitor or promiscuous mode, it’ll only capture packets sent by and sent to your host. In order to capture traffic, you need to be able to access the packets. So, being connected to a switch wouldn’t allow you to capture other clients’ traffic.

Secure Network Architecture

Question 1

Why is normalizing log data important in a centralized logging setup?

Log normalizing detects potential attacks.
Uniformly formatted logs are easier to store and analyze.
The data must be decrypted before sending it to the log server.
It’s difficult to analyze abnormal logs.

Logs from various systems may be formatted differently. Normalizing logs is the practice of reformatting the logs into a common format, allowing for easier storage and lookups in a centralized logging system.

Question 2

What type of attacks does a flood guard protect against? Check all that apply.

Man-in-the-middle attacks
Malware infections
SYN floods
DDoS attacks

A flood guard protects against attacks that overwhelm networking resources, like DoS attacks and SYN floods.

Question 3

What does DHCP Snooping protect against?

Rogue DHCP server attacks
DDoS attacks
Brute-force attacks
Data theft

DHCP snooping is designed to guard against rogue DHCP attacks. The switch can be configured to transmit DHCP responses only when they come from the DHCP server’s port.

Question 4

What does Dynamic ARP Inspection protect against?

Rogue DHCP server attacks
Malware infections
ARP poisoning attacks
DDoS attacks

Dynamic ARP inspection protects against ARP poisoning attacks by watching for ARP packets. If an ARP packet doesn’t match the table of MAC address and IP address mappings generated by DHCP snooping, the packet will be dropped as invalid or malicious.

Question 5

What does IP Source Guard protect against?

IP spoofing attacks
Brute-force attacks
Rogue DHCP server attacks
DDoS attacks

IP Source Guard prevents an attacker from spoofing an IP address on the network. It does this by matching assigned IP addresses to switch ports, and dropping unauthorized traffic.

Question 6

What does EAP-TLS use for mutual authentication of both the server and the client?

Biometrics
Usernames and passwords
Digital certificates
One-time passwords

The client and server both present digital certificates, which allows both sides to authenticate the other, providing mutual authentication.

Question 7

Why is it recommended to use both network-based and host-based firewalls? Check all that apply.

For protection for mobile devices, like laptops
For protection against DDoS attacks
For protection against compromised hosts on the same network
For protection against man-in-the-middle attacks

Using both network- and host-based firewalls provides protection from external and internal threats. This also protects hosts that move between trusted and untrusted networks, like mobile devices and laptops.

Wireless Security

Question 1

What are some of the weaknesses of the WEP scheme? Check all that apply.

Its small IV pool size
Its use of ASCII characters for passphrases
Its use of the RC4 stream cipher
Its poor key generation methods

The RC4 stream cipher had a number of design flaws and weaknesses. WEP also used a small IV value, causing frequent IV reuse. Lastly, the way that the encryption keys were generated was insecure.

Question 2

What symmetric encryption algorithm does
WPA2 use?

DES
DSA
RSA
AES

WPA2 uses CCMP. This utilizes AES in counter mode, which turns a block cipher into a stream cipher.

Question 3

How can you reduce the likelihood of WPS brute-force attacks? Check all that apply.

Implement lockout periods for incorrect attempts.
Update firewall rules.
Use a very long and complex passphrase.
Disable WPS.

Question 4

Select the most secure WiFi security configuration from below:

WPA2 enterprise
WEP 128 bit
WPA personal
WPA enterprise
WPA2 personal
None

WPA2 Enterprise would offer the highest level of security for a WiFi network. It offers the best encryption options for protecting data from eavesdropping third parties, and does not suffer from the manageability or authentication issues that WPA2 Personal has with a shared key mechanism. WPA2 Enterprise used with TLS certificates for authentication is one of the best solutions available.

Graded Assessment

# Using tcpdump
# fill terminal with a constant stream of text as new packets are read.
sudo tcpdump -i eth0
# the -v flag to enable more verbose output
# the -n avoid generating additional traffic from the DNS lookups, and to speed up the analysis
sudo tcpdump -i eth0 -vn
# tcpdump's filter
# we only want packets where the source or destination IP address matches what we specify (in this case 8.8.8.8)
sudo tcpdump -i eth0 -vn host 8.8.8.8 and port 53
    # in second terminal
    dig @8.8.8.8 A example.com

# Saving captured packets
# capture on our eth0 interface that filters for only HTTP traffic by specifying port 80. 
# the -w flag indicates that we want to write the captured packets to a file named http.pcap.
sudo tcpdump -i eth0 port 80 -w http.pcap
    # in second terminal
    curl example.com # generate some traffic
# read from this file using tcpdump 
tcpdump -r http.pcap -nv

Week 5: Defense in Depth quiz answers

In the fifth week of this course, we’re going to go more in-depth into security defense. We’ll cover ways to implement methods for system hardening, application hardening, and determine the policies for OS security. By the end of this module, you’ll know why it’s important to disable unnecessary components of a system, learn about host-based firewalls, setup anti-malware protection, implement disk encryption, and configure software patch management and application policies.

Application Hardening

Question 1

Why is it important to keep software up-to-date?

To address any security vulnerabilities discovered
To ensure compatibility with other systems
It’s not important. It’s just annoying.
To ensure access to the latest features

As vulnerabilities are discovered and fixed by the software vendor, applying these updates is super important to protect yourself against attackers.

Question 2

What are some types of software that you’d want to have an explicit application policy for? Check all that apply.

Software development kits
Video games
Filesharing software
Word processors

Video games and filesharing software typically don’t have a use in business (though it does depend on the nature of the business). So, it might make sense to have explicit policies dictating whether or not this type of software is permitted on systems.

System Hardening

Question 1

What is an attack vector?

The classification of attack type
The direction an attack is going in
The severity of the attack
A mechanism by which an attacker can interact with your network or systems

An attack vector can be thought of as any route through which an attacker can interact with your systems and potentially attack them.

Question 2

Disabling unnecessary components serves which purposes? Check all that apply.

Reducing the attack surface
Making a system harder to use
Increasing performance
Closing attack vectors

Every unnecessary component represents a potential attack vector. The attack surface is the sum of all attack vectors. So, disabling unnecessary components closes attack vectors, thereby reducing the attack surface.

Question 3

What’s an attack surface?

The target or victim of an attack
The payload of the attack
The total scope of an attack
The combined sum of all attack vectors in a system or network

The attack surface describes all possible ways that an attacker could interact and exploit potential vulnerabilities in the network and connected systems.

Question 4

A good defense in depth strategy would involve deploying which firewalls?

No firewalls
Network-based firewalls only
Both host-based and network-based firewalls
Host-based firewalls only

Defense in depth involves multiple layers of overlapping security. So, deploying both host- and network-based firewalls is recommended.

Question 5

Using a bastion host allows for which of the following? Select all that apply.

Running a wide variety of software securely
Applying more restrictive firewall rules
Having more detailed monitoring and logging
Enforcing stricter security measures

Bastion hosts are special-purpose machines that permit restricted access to more sensitive networks or systems. By having one specific purpose, these systems can have strict authentication enforced, more firewall rules locked down, and closer monitoring and logging.

Question 6

What benefits does centralized logging provide? Check all that apply.

It prevents database theft.
It blocks malware infections.
It helps secure logs from tampering or destruction.
It allows for easier logs analysis.

Centralized logging is really beneficial, since you can harden the log server to resist attempts from attackers trying to delete logs to cover their tracks. Keeping logs in place also makes analysis on aggregated logs easier by providing one place to search, instead of separate disparate log systems.

Question 7

What are some of the shortcomings of antivirus software today? Check all that apply.

It can’t protect against unknown threats.
It’s very expensive.
It only detects malware, but doesn’t protect against it.
It only protects against viruses.

Antivirus software operates off a blacklist, blocking known bad entities. This means that brand new, never-before-seen malware won’t be blocked.

Question 8

How is binary whitelisting a better option than antivirus software?

It’s cheaper.
It can block unknown or emerging threats.
It’s not better. It’s actually terrible.
It has less performance impact.

By blocking everything by default, binary whitelisting can protect you from the unknown threats that exist without you being aware of them.

Question 9

What does full-disk encryption protect against? Check all that apply.

Data theft
IP spoofing attacks
Malware infections
Tampering with system files

With the contents of the disk encrypted, an attacker wouldn’t be able to recover data from the drive in the event of physical theft. An attacker also wouldn’t be able to tamper with or replace system files with malicious ones.

Question 10

What’s the purpose of escrowing a disk encryption key?

Providing data integrity
Protecting against unauthorized access
Preventing data theft
Performing data recovery

Key escrow allows the disk to be unlocked if the primary passphrase is forgotten or unavailable for whatever reason.

Graded Assessment

Defense in Depth

Question 1

How are attack vectors and attack surfaces related?

An attack surface is the sum of all attack vectors.
They’re the same thing.
An attack vector is the sum of all attack surfaces.
They’re not actually related.

An attack surface is the sum of all attack vectors in a system or environment.

Question 2

What does full-disk encryption protect against? Check all that apply.

Data tampering
Eavesdropping
Data theft
Malware

Encrypting the entire disk prevents unauthorized access to the data in case it’s lost or stolen. It also protects against malicious tampering of the files contained on the disk.

Question 3

What does applying software patches protect against? Check all that apply.

Undiscovered vulnerabilities
Newly found vulnerabilities
MITM attacks
Data tampering

Software updates or patches can fix recently discovered vulnerabilities or close ones that you weren’t aware of.

Question 4

A hacker gained access to a network through malicious email attachments. Which one of these is important when talking about methods that allow a hacker to gain this access?

An attack vector
A 0-day
An attack surface
An ACL

An attack vector can be used by an attacker to compromise and gain unauthorized access to a system.

Question 5

When looking at aggregated logs, you are seeing a large percentage of Windows hosts connecting to an Internet Protocol (IP) address outside the network in a foreign country. Why might this be worth investigating more closely?

It can indicate ACLs are not configured correctly.
It can indicate a malware infection.
It can indicate log normalization.
It can indicate what software is on the binary whitelist.

When looking at aggregated logs, you should pay attention to patterns and correlations between traffic. For example, if you are seeing a large percentage of hosts all connecting to a specific address outside your network, that might be worth investigating more closely, as it could indicate a malware infection.

Question 6

Which of these protects against the most common attacks on the internet via a database of signatures, but at the same time actually represents an additional attack surface that attackers can exploit to compromise systems?

Security Information and Event Management (SIEM) system
Antivirus software
Binary whitelisting software
Full disk encryption (FDE)

Antivirus, which is designed to protect systems, actually represents an additional attack surface that attackers can exploit to compromise systems.

Question 7

A hacker exploited a bug in the software and triggered unintended behavior which led to the system being compromised by running vulnerable software. Which of these helps to fix these types of vulnerabilities?

Software patch management
Log analysis
Application policies
Implicit deny

Vulnerabilities can be fixed through software patches and updates which correct the bugs that attackers exploit.

Question 8

Why is it risky if you wanted to make an exception to the application policy to allow file sharing software?

The software could disable full disk encryption (FDE).
The software could be infected with malware.
The software can normalize log data.
The software can shrink attack vectors.

It is generally a good idea to have a policy to disallow particularly risky classes of software. Things like file sharing software and piracy-related software tend to be closely associated with malware infections.

Week 6: Creating a Company Culture for Security quiz answers

Congratulations, you’ve made it to the final week in the course! In the last week of this course, we’ll explore ways to create a company culture for security. It’s important for any tech role to determine appropriate measures to meet the three goals of security. By the end of this module, you will develop a security plan for an organization to demonstrate the skills you’ve learned in this course. You’re almost done, keep up the great work!

Graded Assessment

Creating a Company Culture for Security

Question 1

What tool can you use to discover vulnerabilities or dangerous misconfigurations on your systems and network?

Firewalls
Bastion hosts
Vulnerability scanners
Antimalware software

A vulnerability scanner is a tool that will scan a network and systems looking for vulnerabilities or misconfigurations that represent a security risk.

Question 2

A strong password is a good step towards good security, but what else is recommended to secure authentication?

Strong encryption
Vulnerability scanning
2-factor authentication
Password rotation

Two-factor authentication, combined with a strong password, significantly increases the security of your authentication systems.

Question 3

What’s a quick and effective way of evaluating a third party’s security?

A security assessment questionnaire
A signed contract
A comprehensive penetration testing review
A manual evaluation of all security systems

A security assessment questionnaire would help you understand how well-defended a third party is, before deciding to do business with them.

Question 4

When handling credit card payments, your organization needs to adhere to the _.

ISO
HIPAA
PCI DSS
IEEE

When handling credit card payments, your organization needs to adhere to the Payment Card Industry Data Security Standard (PCI DSS).

Question 5

A company wants to restrict access to sensitive data. Only those who have a “need to know” will have access to this data. Strong access controls need to be implemented. Which of these examples, that don’t include user identification, are used for 2-factor authentication? Check all that apply.

U2F token
Common Access Card
Password
Smart card

Question 6

Your company wants to establish good privacy practices in the workplace so that employee and customer data is properly protected. Well-established and defined privacy policies are in place, but they also need to be enforced. What are some ways to enforce these privacy policies? Check all that apply.

Print customer information
Audit access logs
Lease privilege
VPN connection

Question 7

Which of these are bad security habits commonly seen amongst employees in the workplace? Check all that apply.

Leave laptop logged in and unattended
Lock desktop screen
Log out of website session
Password on a post-it note

Question 8

What are some ways to combat against email phishing attacks for user passwords? Check all that apply.

Virtual private network
Cloud email
User education
Spam filters

Question 9

Third-party services that require equipment on-site may require your company to do which of the following? Check all that apply.

Report any issues discovered from evaluating hardware.
Provide additional monitoring via a firewall or agentless solution.
Provide remote access to third-party service provider.
Evaluate hardware in the lab first.

Question 10

Periodic mandatory security training courses can be given to employees in what way? Check all that apply.

Interoffice memos
Short video
One-on-one interviews
Brief quiz

Question 11

Once the scope of the incident is determined, the next step would be _.

documentation
containment
remediation
escalation

Once the scope of the incident is determined, the next step would be containment.