ISS 212 Cybersecurity Scripting Midterm Exam

Questions and Answers

Which regex pattern is valid for matching IPv4 addresses?

• \b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b (correct)
• (\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b)
• \b((2[0-5][0-5]|1[0-9]{2}|[1-9]?[0-9])\.){3}(2[0-5][0-5]|1[0-9]{2}|[1-9]?[0-9])\b (correct)
• \b\d{1,2}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b

Which of the following describes a suitable use case for Python or Bash scripting in cybersecurity?

• Creating a user interface for network devices.
• Automating log analysis and data extraction. (correct)
• Conducting manual penetration testing.
• Developing mobile applications for security analysis.

What is the purpose of the Week 7 Assignment Quiz?

• To provide practice for writing regex patterns.
• To assess programming skills in languages other than Python.
• To preview the midterm and test knowledge on related topics. (correct)
• To evaluate understanding of advanced cybersecurity concepts.

Which command would likely be included in effective reviewing of previous knowledge checks?

Reviewing key concepts and common scripting commands. (D)

Which method is least effective in solidifying understanding of scripting techniques?

Watching videos without taking notes. (D)

What is the duration allocated for completing the midterm exam once started?

Three hours (B)

Which PowerShell cmdlet can provide help and information about other cmdlets?

Get-Help (D)

What is the effect of the RemoteSigned execution policy in PowerShell?

Scripts from the internet must be signed by a trusted publisher. (A)

What feature in PowerShell aids in tracking script activities and monitoring for unusual behavior?

Script Block Logging (A)

Which of the following is a key benefit of PowerShell transcription?

Maintaining an auditable trail (C)

What is the primary purpose of using regular expressions (Regex) in log analysis?

To identify Indicators of Compromise (IOCs) (A)

Which scripting languages are emphasized for script development in this course?

Python and Bash (C)

What is NOT a feature of PowerShell logging?

Error Rate Logging (D)

Study Notes

Midterm Exam Information

• The midterm exam for ISS 212 Cybersecurity Scripting will be available from October 23, 2024, at 1 pm until October 31, 2024, at 12:01 am.
• You will have three hours to complete the exam once you start.
• The exam consists of multiple-choice questions, written responses, and code/script development tasks.
• For code/script questions, you will need to create your own scripts or use examples and concepts from the course content.

Key Areas to Focus On

Scripting Fundamentals

• Understand the fundamentals of Python, Bash, and PowerShell scripting.
• Focus on key concepts, common commands, and syntax for each scripting language.

Python and Bash Script Development

• Be able to write basic scripts in Python and Bash for automating tasks like searching for specific text in log files, filtering data, and performing arithmetic calculations.

Log Analysis and Security Scripting

• Understand how to use scripts to analyze logs and identify potential security incidents.
• Familiarize yourself with techniques for extracting relevant information from logs and creating alerts based on specific patterns.

Version Control with Git

• Review the basics of Git for managing and tracking code changes.
• Understand commands like "git add," "git commit," and "git push."

PowerShell Basics

• Understand the fundamentals of PowerShell scripting and its applications in cybersecurity.
• Review the basics, including cmdlets like "Get-Help," "Get-Command," and "Get-Member," which assist in exploring PowerShell capabilities.

Execution Policies

• Know the different PowerShell execution policies (Restricted, AllSigned, RemoteSigned, etc.), their purpose, and implications for script security.
• Understand how execution policies enforce security by controlling the execution of PowerShell scripts.

Logging in PowerShell

• Be able to explain PowerShell logging features, such as Script Block Logging, Module Logging, and Protected Event Logging.
• Understand how these features help track script activities, monitor for unusual behavior, and maintain log integrity for auditing purposes.

PowerShell Security Features

• Familiarize yourself with the security benefits of using PowerShell Transcription, Script Block Logging, and Module Logging.
• These features are crucial for maintaining an auditable trail and detecting potentially malicious script usage.

Indicators of Compromise (IOCs) and Regex

• Understand the role of regular expressions in identifying IOCs within logs.
• Be comfortable with basic Regex patterns (for IP addresses, email addresses, etc.) and prepared to write small snippets for detecting IOCs in log files.

Practical Skills

• Be prepared to create simple Regex patterns and small script snippets.
• Examples:
  • Matching IP addresses: \b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b (valid IPv4)
  • Extracting emails: ([A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,})
  • Creating basic scripts in Python and Bash to automate tasks.

Application of Scripting Concepts in Cybersecurity

• Focus on how you can use Python and Bash scripts to automate cybersecurity tasks, such as log analysis, data extraction, and detection of security incidents.
• Understand how to adapt scripts to respond to cybersecurity scenarios.

Suggestions for Effective Studying

• Treat the Week 7 Assignment Quiz as a graded preview of the midterm.
• Review past knowledge checks (Weeks 4 to 7) on BrightSpace.
• Refer to PowerPoint slides for detailed explanations of concepts.

Description

Prepare for the ISS 212 midterm exam covering fundamental scripting concepts in Python, Bash, and PowerShell. The exam will include multiple-choice questions, written responses, and practical script development tasks. Focus on automating tasks, log analysis, and security scripting techniques to excel.