Cyber Security Overview and Tools

Questions and Answers

What type of mode is typically used to transfer files to another server?

• Asynchronous mode
• Secure mode
• Binary mode (correct)
• Interactive mode

What is the primary purpose of baseline files?

• To automatically backup data
• To provide a snapshot of system performance (correct)
• To test network connectivity
• To record unauthorized access attempts

In the iptables command, what does the --j option stand for?

• Jump (correct)
• Judge
• Join
• Justify

Why would a hacker use a ZenMap scan on a network?

To identify open ports and services (C)

What does the whoami command do?

Displays the current user's identity (B)

When using the approve everything by default method, what should the last iptables rule specify?

DROP all traffic (D)

What command is used to retrieve a file from a server?

GET (D)

What information does a Tenable Nessus scan provide to pen testers?

System vulnerabilities (D)

Which of the following types of malware operates by tricking users into clicking on malicious links or attachments?

Trojan Horse (A)

What is the main purpose of the tool 'tracert' in a cybersecurity investigation?

To trace the path packets take to a network destination (D)

Which type of attack involves overwhelming a server with traffic to disrupt services?

DDoS (A)

In terms of cybersecurity, what distinguishes a script kiddie from a more advanced hacker?

Script kiddies utilize existing tools and scripts without full understanding (C)

Which of the following security measures should be implemented to protect sensitive data in default folders?

Implement strong access controls and encryption (A)

What does the 'whois' tool primarily help with in cybersecurity investigations?

Identifying the owner of a domain name (D)

Which type of hacker is motivated by political or social causes and uses illegal activities to promote their agenda?

Hacktivist (A)

Which of the following is NOT a common motivation or goal for white hat hackers?

Gaining financial rewards through illegal activities (C)

Which hash function produces the output '48E195AB'?

The quick brown fox (C)

What is the main advantage of using a static IP address?

It remains constant and does not change. (D)

Which of the following best describes Network Address Translation (NAT)?

A technique that allows multiple devices to share a single IP address. (A)

What is typically the primary challenge in establishing identity in cyberspace?

Difficulty in verifying the authenticity of online personas. (D)

Why is it crucial to take an image of a drive or device during an investigation?

To ensure evidence is preserved without alteration. (A)

What is the term used for data that is stored and not actively being moved or processed?

Data at rest (A)

Which encryption method uses a single key for both encryption and decryption?

Private key encryption (C)

What is the main purpose of cryptography?

To protect information (B)

Which of the following describes a substitution cipher?

Replaces each letter with another letter (B)

Which type of encryption utilizes two keys, one for encryption and another for decryption?

Asymmetric encryption (A)

Which of the following is NOT an example of data in transit?

A bank statement stored on a computer (D)

What is the role of an encryption key in cryptography?

To convert ciphertext back to plaintext (C)

Which algorithm is primarily associated with asymmetric encryption?

RSA (A)

What does ciphertext represent in the context of cryptography?

Encoded data that is not readable without decryption (A)

Which type of encryption requires the same key for both encrypting and decrypting messages?

Symmetric key encryption (D)

What is one of the advantages of asymmetric encryption?

It allows secure key exchange over an insecure channel. (A)

Which command is used to show the contents of a file?

cat (D)

What is one crucial factor to begin the encryption process on a hard drive?

A password must be provided. (C)

What is the primary function of a BitLocker recovery key?

To allow access to the encrypted drive in case the password is lost. (D)

What must you verify about a computer or device before leaving the scene during an investigation?

If the devices are powered on or off. (C)

Which method is often employed to crack container passwords?

Brute force dictionary method. (D)

What is important to document regarding the position of a mouse during an investigation?

It might suggest user activity at the time of evidence collection. (A)

During transport, what should be considered to protect digital evidence?

Environmental conditions and physical stability. (B)

Study Notes

Cyber Security Overview

• Network Topology: Structure of network connections, can impact performance and security.
• Types of Malware:
  • Virus: Infects files and spreads via attachments.
  • Worm: Self-replicating malware that spreads over networks without a host program.
  • Backdoor: Provides unauthorized remote access to systems.
  • Spyware: Monitors user activities and collects information.
  • Trojan Horse: Disguised as legitimate software, can damage systems once executed.
  • Adware: Displays unwanted advertisements, often bundled with free software.
  • Popup: Interrupts user experience by creating pop-up windows, can be related to adware.
• Operating Systems: Base software managing computer hardware and software resources.

Cyber Security Investigation Tools

• Whois: Provides registration details of a domain to identify the owner.
• Nslookup: Resolves domain names to IP addresses, useful for mapping networks.
• Tracert: Traces the path data takes to reach a specific server, highlighting potential network issues.
• Netstat: Displays active connections, offering insights into current network traffic and potential issues.

Malware and Cyber Attacks

• "ILOVEYOU" Worm: A type of malware that spread via email, it exploited human curiosity, causing massive data loss and system damage.
• DDoS Attack: Distributes denial-of-service attacks across multiple systems to overwhelm a target, rendering it unavailable.

Hacker Motivations

• White Hat Hackers: Ethical hacking to improve security; aim to find and fix vulnerabilities.
• Black Hat Hackers: Malicious intent; exploit vulnerabilities for personal gain.

Enhancing Security Against Malware

• Increased Risk Factors:
  • Opening unsolicited email attachments.
  • Downloading software from untrustworthy sources.
  • Ignoring software updates.
  • Lack of robust antivirus protection.

Additional Cyber Security Concepts

• Directory Locations for Servers:
  • Default IIS files often stored in C:\inetpub\wwwroot.
  • Logs found in subfolders for monitoring server activity.
• Forceful Browsing: Attempts to access directories that are not directly linked, enabling potential unauthorized access.
• Firewall Types:
  • Network Firewalls: Protect entire networks.
  • Host Level Firewalls: Protect individual devices.

Digital Forensics Fundamentals

• Handling Digital Evidence: Follow a strict process for documenting and preserving evidence in digital forensic investigations.
• Live Response: Technique for collecting evidence from a powered-on device, often necessary during active incidents.

Cryptography Basics

• Encryption Types:
  • Symmetric Key Encryption: Same key for encryption and decryption.
  • Asymmetric Encryption: Uses a pair of keys (public and private) for secure communications.
• Digital Data:
  • Data at Rest: Stored data (e.g., files on disk).
  • Data in Transit: Data being transferred (e.g., emails).

Important Commands & Protocols

• Commands:
  • whoami: Displays the current user account.
  • ipconfig: Shows the network configuration of the device.
• Protocols: Each layer of the OSI model corresponds to various protocols defining how data is transferred over networks.

Security Protocol Implementation

• FTP Security: Should limit anonymous access and only be permitted under specific scenarios to prevent unauthorized file transfers.
• Log File Management: Important for tracking access and identifying potential security breaches; should be securely stored and monitored.

Penetration Testing Tools

• Nessus and Metasploit: Commonly used tools by penetration testers for vulnerability scanning and exploitation respectively.
• ZenMap Scanner: Provides a visual map of the network and identifies potential weaknesses.

This outline provides a comprehensive view of foundational cybersecurity concepts, investigation tools, types of attacks, hacker motivations, encryption methods, and essential commands useful in cybersecurity practices.

Description

Explore the essential concepts of Cyber Security, including network topology, types of malware, and key operating systems. Additionally, learn about important investigation tools like Whois and Nslookup. This quiz is perfect for anyone looking to strengthen their knowledge in Cyber Security.