FA24 Midterm Study Guide PDF
Document Details
University of Maine at Augusta
2024
Tags
Summary
This study guide for the Fall 2024 Cybersecurity Scripting midterm covers key areas such as Python, Bash, and PowerShell scripting, along with log analysis and security concepts. It also has a section on Version Control with Git. The guide is for students at the University of Maine at Augusta.
Full Transcript
The midterm exam for ISS 212 Cybersecurity Scripting will be available from **October 23, 2024, at 1 pm** until **October 31, 2024, at 12:01 am**. You will have **three hours** to complete the exam once you start, so plan accordingly. The exam includes a mix of **multiple-choice questions**, **writt...
The midterm exam for ISS 212 Cybersecurity Scripting will be available from **October 23, 2024, at 1 pm** until **October 31, 2024, at 12:01 am**. You will have **three hours** to complete the exam once you start, so plan accordingly. The exam includes a mix of **multiple-choice questions**, **written responses**, and **code/script development** tasks. For the code/script questions, you will need to **create your own scripts or use examples and concepts from the course content**. Remember, this is an opportunity to demonstrate your understanding, so make sure your code reflects your personal work or builds on what we\'ve covered in the lessons. **Good luck, and make sure to review all material thoroughly!** **Key Areas to Focus On** #### **Scripting Fundamentals Across Python, Bash, and PowerShell** - - - - - - - - - - - - **Python and Bash Script Development** - - - - - - - - - - **Log Analysis and Security Scripting** - - - - - - - - **Version Control with Git** - - - - - **PowerShell Basics** Understand the fundamentals of PowerShell scripting and its applications in cybersecurity. Review the basics, including cmdlets like **Get-Help, Get-Command,** and **Get-Member**, which assist in exploring PowerShell capabilities. **Execution Policies** Know the different PowerShell execution policies (**Restricted, AllSigned, RemoteSigned, etc.**), their purpose, and implications for script security. This includes understanding how the role they play in enforcing security. **Logging in PowerShell** Be able to explain PowerShell logging features such as **Script Block Logging, Module Logging, and Protected Event Logging**. Review how these features help track script activities, monitor for unusual behavior, and maintain log integrity for auditing purposes. **PowerShell Security Features** Familiarize yourself with the security benefits of using **PowerShell Transcription, Script Block Logging, and Module Logging**. These features are crucial for maintaining an auditable trail and detecting potentially malicious script usage. **Indicators of Compromise (IOCs) and Regex** Understand the role of regular expressions in identifying IOCs within logs. You should be comfortable with basic Regex patterns (for IP addresses, email addresses, etc.) and be prepared to write small snippets for detecting IOCs in log files. **Practical Skills** **Regex and Scripting Snippets** Be prepared to create simple Regex patterns and small script snippets. **For example:** **Matching IP addresses** \\b((25\[0-5\]\|2\[0-4\]\[0-9\]\|\[01\]?\[0-9\]\[0-9\]?)\\.){3}(25\[0-5\]\|2\[0-4\]\[0-9\]\|\[01\]?\[0-9\]\[0-9\]?)\\b **(valid IPv4)** **vs** (\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b) **(invalid IPv4)** **Extracting emails** (\[A-Za-z0-9.\_%+-\]+@\[A-Za-z0-9.-\]+\\.\[A-Za-z\]{2,}) **Short scripts & one-liners**\ Creating basic scripts in Python and Bash to automate tasks like searching for specific text in log files, filtering data, and performing arithmetic calculations. **Application of Scripting Concepts in Cybersecurity** Focus on how you can use Python and Bash scripts to automate cybersecurity tasks, such as log analysis, data extraction, and detection of security incidents. Understand how to adapt scripts to respond to cybersecurity scenarios. **Suggestions for Effective Studying** **Week 7 Assignment Quiz** Treat this quiz as a graded preview of the midterm. It covers similar topics and provides an opportunity to test your knowledge in a format that mirrors what to expect in the midterm. **Review Your Knowledge Checks on BrightSpace** Go through the past knowledge checks (Weeks 4 to 7). They highlight key concepts and common scripting commands that you'll likely encounter on the midterm. **Revisit PowerPoints for In-Depth Explanations** The PowerPoint slides provide detailed explanations of concepts like PowerShell security, basic Python and Bash scripting techniques, and more. Use these resources to strengthen your understanding. They will not be available on BrightSpace while the midterm is open.
