course 6 – SOUND THE ALARM: DETECTION AND RESPONSE

Module 2: Network Monitoring and Analysis

GOOGLE CYBERSECURITY PROFESSIONAL CERTIFICATE

Complete Coursera Study Guide

Enroll in Coursera Google Cybersecurity Professional Certificate

TABLE OF CONTENT

INTRODUCTION – Network Monitoring and Analysis

In this comprehensive overview, participants will delve into the critical realm of network analysis tools, specifically focusing on packet sniffers. Through an immersive exploration, learners will gain hands-on experience in the intricate process of sniffing networks and meticulously analyzing packets for potential malicious threats. The course emphasizes the development of practical skills, empowering participants to craft filtering commands that dissect the contents of captured packets, thereby enhancing their ability to detect and respond to security challenges effectively. By immersing themselves in the intricacies of packet-level analysis, participants will acquire a robust skill set essential for safeguarding network integrity and combating cyber threats in real-world scenarios.

Learning Objectives

  • Describe how network traffic analysis can help to detect, prevent, and respond to security incidents.
  • Use packet sniffing tools to capture and view network communications.
  • Analyze packets to interpret network communications.

TEST YOUR KNOWLEDGE: UNDERSTAND NETWORK TRAFFIC

1. How do indicators of compromise (IoCs) help security analysts detect network traffic abnormalities?

  • They capture network activity.
  • They provide a way to identify an attack. (CORRECT)
  • They define the attacker’s intentions.
  • They confirm that a security incident happened.

IoCs help security analysts detect network traffic abnormalities by providing a way to identify an attack. IoCs provide analysts with specific evidence associated with an attack, such as a known malicious IP address, which can help quickly identify and respond to a potential security incident.

2. Fill in the blank: Data _____ is the term for unauthorized transmission of data from a system.

  • pivoting
  • infiltration
  • exfiltration (CORRECT)
  • network traffic

Data exfiltration is the unauthorized transmission of data from a system.

3. An attacker has infiltrated a network. Next, they spend time exploring it in order to expand and maintain their access. They look for valuable assets such as proprietary code and financial records. What does this scenario describe?

  • Lateral movement (CORRECT)
  • Large internal file transfer
  • Phishing
  • Network data

This scenario describes lateral movement. Lateral movement, also called pivoting, describes an attacker exploring a network with the goal of expanding and maintaining their access. 

4. What can security professionals use network traffic analysis for? Select three answers.

  • To secure critical assets
  • To understand network traffic patterns (CORRECT)
  • To monitor network activity (CORRECT)
  • To identify malicious activity (CORRECT)

Network traffic analysis provides security professionals with a way to monitor network activity, identify malicious activity, and understand network traffic patterns.

TEST YOUR KNOWLEDGE: CAPTURE AND VIEW NETWORK TRAFFIC

1. Which component of a packet contains the actual data that is intended to be sent to its destination?

  • Payload (CORRECT)
  • Footer
  • Header
  • Protocol

The payload is the component of a packet that contains the actual data that is intended to be sent to its destination, such as the body of an email.

2. Fill in the blank: A _____ is a file that contains data packets that have been intercepted from an interface or a network.

  • packet capture (CORRECT)
  • protocol
  • network protocol analyzer
  • network statistic

A packet capture is a file that contains data packets that have been intercepted from an interface or a network.

3. Which field of an IP header is used to identify whether IPv4 or IPv6 is used?

  • Options
  • Type of Service
  • Version (CORRECT)
  • Flags

The Version field of an IP header identifies whether IPv4 or IPv6 is used.

4. Which network protocol analyzer is accessed through a graphical user interface?

  • Wireshark (CORRECT)
  • Libpcap
  • TShark
  • tcpdump

Wireshark is a network protocol analyzer that is accessed through a graphical user interface.

5. Which of the following are components of a packet? Select three answers.

  • Header (CORRECT)
  • Footer (CORRECT)
  • Network
  • Payload (CORRECT)

A packet contains a header, payload, and footer. The header includes information like the type of protocol and port being used. The payload is the actual data being delivered. The footer signifies the end of the packet.

6. Fill in the blank: The _____ accepts and delivers packets for the network.

  • Destination Address
  • Internet Protocol (IP)
  • Internet Layer (CORRECT)
  • Source Address

The Internet Layer accepts and delivers packets for the network.

TEST YOUR KNOWLEDGE: PACKET INSPECTION

1. Which tcpdump option is used to specify the network interface?

  • -n
  • -i (CORRECT)
  • -c
  • -v

The -i option is used to specify the network interface; -i stands for interface.

2. What is needed to access the tcpdump network protocol analyzer?

  • Command-line interface (CORRECT)
  • Output
  • Packet capture
  • Graphical user interface

tcpdump is a network protocol analyzer that is accessed through a command-line interface (CLI). Output is the data that is produced when a command is run in the CLI.

3. What is the first field found in the output of a tcpdump command?

  • Protocol
  • Source IP
  • Version
  • Timestamp (CORRECT)

The first field found in the output of a tcpdump command is the packet’s timestamp.

4. You are using tcpdump to capture network traffic on your local computer. You would like to save the network traffic to a packet capture file for later analysis. Which tcpdump option should you use?

  • -v
  • -w (CORRECT)
  • -c
  • -r

You should use the -w option. The -w option lets you save the network packets to a packet capture file for later analysis.

MODULE 2 CHALLENGE

1. What type of attack involves the unauthorized transmission of data from a system?

  • Packet classification
  • Packet crafting
  • Data leak
  • Data exfiltration (CORRECT)

2. What tactic do malicious actors use to maintain and expand unauthorized access into a network?

  • Exfiltration
  • Data size reduction
  • Lateral movement (CORRECT)
  • Phishing

3. Which packet component contains protocol information?

  • Route
  • Header (CORRECT)
  • Payload
  • Footer

4. The practice of capturing and inspecting network data packets that are transmitted across a network is known as _____.

  • port sniffing
  • packet sniffing (CORRECT)
  • packet capture
  • protocol capture

5. Network protocol analyzer tools are available to be used with which of the following? Select two answers.

  • Internet protocol
  • Graphical user interface (CORRECT)
  • Command-line interface (CORRECT)
  • Network interface card

6. Which layer of the TCP/IP model is responsible for accepting and delivering packets in a network?

  • Network Access
  • Application
  • Internet (CORRECT)
  • Transport

7. What is used to determine whether errors have occurred in the IPv4 header?

  • Protocol
  • Flags
  • Checksum (CORRECT)
  • Header

8. Which tcpdump option applies verbosity?

  • -i
  • -c
  • -n
  • -v (CORRECT)

9. Examine the following tcpdump output:

22:00:19.538395 IP (tos 0x10, ttl 64, id 33842, offset 0, flags [P], proto TCP (6), length 196) 198.168.105.1.41012 > 198.111.123.1.61012: Flags [P.], cksum 0x50af (correct), seq 169, ack 187, win 501, length 42

What is the source IP address?

  • 41012
  • 198.168.105.1 (CORRECT)
  • 22:00:19.538395
  • 198.111.123.1

10. Fill in the blank: _____ describes the amount of data that moves across a network.

  • Network data
  • Data exfiltration
  • Network traffic (CORRECT)
  • Traffic flow

11. Which of the following behaviors may suggest an ongoing data exfiltration attack? Select two answers.

  • Network performance issues
  • Multiple successful multi-factor authentication logins
  • Unexpected modifications to files containing sensitive data (CORRECT)
  • Outbound network traffic to an unauthorized file hosting service (CORRECT)

12. Do packet capture files provide detailed snapshots of network communications?

  • Yes. Packet capture files provide information about network data packets that were intercepted from a network interface. (CORRECT)
  • No. Packet capture files do not contain detailed information about network data packets. 
  • Maybe. The amount of detailed information packet captures contain depends on the type of network interface that is used.

13. Fill in the blank: tcpdump is a network protocol analyzer that uses a(n) _____ interface.

  • Linux
  • graphical user
  • command-line (CORRECT)
  • internet

14. Which IPv4 field determines how long a packet can travel before it gets dropped?

  • Time to Live (CORRECT)
  • Header Checksum
  • Options
  • Type of Service

15. What is the process of breaking down packets known as?

  • Checksum
  • Fragment Offset
  • Fragmentation (CORRECT)
  • Flags

16. Which tcpdump option is used to specify the capture of 5 packets?

  • -n 5
  • -i 5
  • -c 5 (CORRECT)
  • -v 5

17. Examine the following tcpdump output:

22:00:19.538395 IP (tos 0x10, ttl 64, id 33842, offset 0, flags [P], proto TCP (6), length 196) 198.168.105.1.41012 > 198.111.123.1.61012: Flags [P.], cksum 0x50af (correct), seq 169, ack 187, win 501, length 42

Which protocols are being used? Select two answers.

  • IP (CORRECT)
  • UDP
  • TCP (CORRECT)
  • TOS

18. Fill in the blank: Network protocol analyzers can save network communications into files known as a _____.

  • packet capture (CORRECT)
  • payload
  • protocol
  • network packet

19. Which layer of the TCP/IP model does the Internet Protocol (IP) operate on?

  • Application
  • Internet (CORRECT)
  • Transport
  • Network Access

20. What are some defensive measures that can be used to protect against data exfiltration? Select two answers.

  • Utilize lateral movement
  • Deploy multi-factor authentication (CORRECT)
  • Monitor network activity (CORRECT)
  • Reduce file sizes

21. Fill in the blank: The transmission of data between devices on a network is governed by a set of standards known as _____.

  • headers
  • payloads
  • ports
  • protocols (CORRECT)

22. Which protocol version is considered the foundation for all internet communications?

  • HTTP
  • ICMP
  • IPv4 (CORRECT)
  • UDP

23. Which IPv4 header fields involve fragmentation? Select three answers.

  • Identification (CORRECT)
  • Flags (CORRECT)
  • Fragment Offset (CORRECT)
  • Type of Service

24. How do network protocol analyzers help security analysts analyze network communications? Select two answers.

  • They take action to improve network performance.
  • They provide the ability to collect network communications. (CORRECT)
  • They take action to block network intrusions.
  • They provide the ability to filter and sort packet capture information to find relevant information. (CORRECT)

25. Why is network traffic monitoring important in cybersecurity? Select two answers.

  • It provides a method to encrypt communications.
  • It helps identify deviations from expected traffic flows. (CORRECT)
  • It provides a method of classifying critical assets.
  • It helps detect network intrusions and attacks. (CORRECT)

CONCLUSION – Network Monitoring and Analysis

In conclusion, this course equips participants with valuable insights and practical skills in the realm of network analysis tools, particularly packet sniffers. By delving into the intricacies of sniffing networks and analyzing packets, learners have gained a comprehensive understanding of how to identify and respond to potential security threats effectively.

The emphasis on crafting filtering commands enhances their ability to dissect packet contents, providing a hands-on experience crucial for real-world cybersecurity challenges. Armed with these skills, participants are well-prepared to contribute to the protection of network integrity and play a proactive role in addressing the evolving landscape of cyber threats.

Previous Module
Next Module

Subscribe to our site

Get new content delivered directly to your inbox.

Quiztudy Top Courses

Popular in Coursera

Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!

Subscribe