GOOGLE IT SUPPORT PROFESSIONAL CERTIFICATE

Course 5 – IT Security: Defense Against the Digital Dark Arts

Week 1: Understanding Security Threats

Coursera Study Guide

Enroll in Coursera Google IT Support Certificate Here

TABLE OF CONTENT

Welcome to the IT Security course of the IT Support Professional Certificate! In the first week of this course, we will cover the basics of security in an IT environment. We will learn how to define and recognize security risks, vulnerabilities and threats. We’ll identify the most common security attacks in an organization and understand how security revolves around the “CIA” principle. By the end of this module, you will know the types of malicious software, network attacks, client-side attacks, and the essential security terms you’ll see in the workplace.

Learning Objectives

  • Define and recognize security risks, vulnerabilities and threats.
  • Be able to identify the most common security attacks.
  • Understand how security revolves around the CIA principle.

PRACTICE QUIZ: MALICIOUS SOFTWARE

1. In the CIA Triad, “Confidentiality” means ensuring that data is:

  • not accessible by unwanted parties. (CORRECT)
  • accurate and was not tampered with.
  • accessible anonymously.
  • available and that people can access it.

Right on! “Confidentiality,” in this context, means preventing unauthorized third parties from gaining access to the data.

2. In the CIA Triad, “Integrity” means ensuring that data is:

  • available and that people can access it.
  • truthful and honest.
  • accurate and was not tampered with. (CORRECT)
  • not accessible by unwanted parties.

Great work! “Integrity,” in this context, means ensuring that the data remains intact, uncorrupted, and not tampered with. The data that gets sent is the exact same as the data that gets received.

3. In the CIA Triad, “Availability” means ensuring that data is:

  • accurate and was not tampered with.
  • available to anyone from anywhere.
  • not accessible by unwanted parties.
  • available and people can access it. (CORRECT)

You got it! “Availability,” in this context, means ensuring that data and services remain accessible to those who are authorized to access them.

4. What’s the relationship between a vulnerability and an exploit?

  • An exploit creates a vulnerability in a system.
  • An exploit takes advantage of a vulnerability to run arbitrary code or gain access. (CORRECT)
  • A vulnerability takes advantage of an exploit to run arbitrary code or gain access.
  • They’re unrelated.

Correct: Awesome job! A vulnerability is a bug or hole in a system. It allows an attacker to gain access by using an exploit, which takes advantage of the vulnerability.

5. Which statement is true for both a worm and a virus?

  • They’re self-replicating and self-propagating. (CORRECT)
  • They don’t cause any harm to the target system.
  • They infect other files with malicious code.
  • They’re undetectable by antimalware software.

Wohoo! Both worms and viruses are capable of spreading themselves using a variety of transmission means.

6. Check all examples of types of malware:

  • Worms (CORRECT)
  • Key Generators
  • Adware (CORRECT)
  • Viruses (CORRECT)

Very good! These three are all examples of unwanted software that can cause adverse affects to an infected system, which is exactly what malware is

7. What are the characteristics of a rootkit? Check all that apply.

  • Provides elevated credentials (CORRECT)
  • Is difficult to detect (CORRECT)
  • Is destructive
  • Is harmless

Right on! A rootkit is designed to provide administrator-level access to a third party without the system owner’s knowledge. Given this, rootkits are usually designed to avoid detection and can be difficult to detect.

8. What does the CIA security model stand for?

  • Central Intelligence Agency
  • Computer Information Assurance
  • Confidentiality Integrity Availability (CORRECT)
  • Confidentiality Integrity Access

Nice job! “Confidentiality” signifies that data is only viewable by those authorized to view it; “Integrity” denotes that data won’t be manipulated or corrupted; and “Availability” means that services remain reachable and available.

9. A zero-day vulnerability is:

  • a vulnerability that has already been exploited before the vulnerability has been disclosed. (CORRECT)
  • a vulnerability that has not been exploited yet.
  • a newly discovered vulnerability.
  • a harmless vulnerability.

That’s right! The “zero” in zero-day vulnerability means that there’s been zero days for the vulnerability to be fixed, but it’s been exploited by attackers already.

PRACTICE QUIZ: NETWORK ATTACKS

1. What are the dangers of a man-in-the-middle attack? Check all that apply.

  • An attacker can eavesdrop on unencrypted traffic. (CORRECT)
  • An attacker can block or redirect traffic. (CORRECT)
  • An attacker can destroy data at rest.
  • An attacker can modify traffic in transit. (CORRECT)

Correct! A man-in-the-middle attack means that the attacker has access to your network traffic. This allows them to eavesdrop, modify traffic in transit, or block traffic entirely. Yikes!

2. Why is a DNS cache poisoning attack dangerous? Check all that apply.

  • It allows an attacker to remotely control your computer.
  • Errrr…it’s not actually dangerous.
  • It affects any clients querying the poisoned DNS server.
  • It allows an attacker to redirect targets to malicious webservers. (CORRECT)

That’s exactly right! By inserting fake DNS records into a DNS server’s cache, every client that queries this record will be served the fake information. This allows an attacker to redirect clients to a web server of their choosing.

3. Which of the following is true of a DDoS attack?

  • Attack traffic comes from lots of different hosts. (CORRECT)
  • This type of attack causes a significant loss of data.
  • Attack traffic is encrypted.
  • An attacker sends attack traffic directly to the target.

Nice job! The “Distributed” in DDoS means that the attack traffic is distributed across a large number of hosts, resulting in the attack coming from many different machines.

4. Which of the following result from a denial-of-service attack? Check all that apply.

  • Data destruction
  • Malware infection
  • Slow network performance (CORRECT)
  • Service unreachable (CORRECT)

You nailed it! A denial-of-service attack is meant to prevent legitimate traffic from reaching a service. This is usually done by flooding the victim with attack traffic, degrading network and system performance, and rendering services unreachable.

PRACTICE QUIZ:  OTHER ATTACKS

1. How can you protect against client-side injection attacks? Check all that apply.

  • Use input validation (CORRECT)
  • Utilize strong passwords
  • Use data sanitization (CORRECT)
  • Use a SQL database

Correct! By checking user-provided input and only allowing certain characters to be valid input, you can avoid injection attacks. You can also use data sanitization, which involves checking user-supplied input that’s supposed to contain special characters to ensure they don’t result in an injection attack.

2. True or false: A brute-force attack is more efficient than a dictionary attack.

  • TRUE
  • FALSE (CORRECT)

You nailed it! A brute-force attack tries out every possible valid combination of characters to guess the password, while a dictionary attack only tries passwords contained in a dictionary file. This means the dictionary attack is more efficient, since it doesn’t generate the passwords and has a smaller number of guesses to attempt.

3. Which of the following scenarios are social engineering attacks? Check all that apply.

  • Someone uses a fake ID to gain access to a restricted area. (CORRECT)
  • You receive an email with an attachment containing a virus. (CORRECT)
  • An attacker performs a man-in-the-middle attack.
  • An attacker performs a DNS Cache poisoning attack.

Great job! A malicious spam email is a form of social engineering; the email is designed to trick you into opening a malicious payload contained in the attachment. Using a fake ID to gain entry to somewhere you’re not permitted is impersonation, a classic social engineering technique.

QUIZ: UNDERSTANDING SECURITY THREATS

1. Which of the following are examples of injection attacks? Check all that apply.

  • SYN flood attack
  • Social engineering attack
  • SQL injection attack (CORRECT)
  • XSS attack (CORRECT)

Correct! An XSS attack is when an attacker injects a malicious script into a web page, tricking the victim into running the script. A SQL injection attack is when an attacker is able to inject valid SQL commands into a text input field

2. An attacker could redirect your browser to a fake website login page using what kind of attack?

  • DDoS attack
  • SYN flood attack
  • Injection attack
  • DNS cache poisoning attack (CORRECT)

Great job! A DNS cache poisoning attack would allow an attacker to redirect your requests for websites to a server they control.

3. A SYN flood occurs when the attacker overwhelms a server with ______.

  • ACK packets
  • SYN packets (CORRECT)
  • Injection attacks
  • Malware

Nice work! A SYN flood attack happens when the attacker floods the victim with SYN packets and never completes the TCP three-way handshake.

4. The best defense against injection attacks is to ______.

  • Use input validation (CORRECT)
  • Use antimalware software
  • Use a firewall
  • Use strong passwords

You nailed it! Input validation will prevent an attacker from injecting commands using text input fields.

5. Which of these is an example of the integrity principle that can ensure your data is accurate and untampered with?

  • Keeping a symmetric key secret
  • Implementing flood guards
  • Using MACs (Message Authentication Codes) (CORRECT)
  • Using Encapsulating Security Payload (CORRECT)

Right on! A MAC is a bit of information that provides integrity to ensure the message wasn’t modified in some way.

Right on! Secure communication can be established with Encapsulating Security Payload which is a part of the IPsec suite of protocols. It encapsulates IP packets, providing confidentiality, integrity, and authentication of packets.

6. If there are cyber threats and vulnerabilities to your system, what does that expose you to? Check all that apply.

  • Attacks (CORRECT)
  • The CIA triad
  • Exploits (CORRECT)
  • Tailgating

Well done! You should be aware of possible threats and vulnerabilities so that you can better prepare against attacks to your system from a hacker.

Well done! If threats and vulnerabilities exist in your system, that exposes you to exploits that hackers can use to harm your system.

7. Which of these is a characteristic of Trojan malware?

  • A Trojan infection needs to be installed by the user. (CORRECT)
  • A Trojan may get installed without the user’s consent.
  • A Trojan is the same thing as a rootkit.
  • A Trojan is basically backdoor malware.

Great work! Just like how the historical Trojan horse was accepted into the city by the citizens of Troy, a malicious Trojan disguised in a trusted program has to be accepted and executed by the user.

8. What is it called when a hacker is able to get into a system through a secret entryway in order to maintain remote access to the computer?

  • Ransomware
  • Adware
  • A backdoor (CORRECT)
  • A Trojan

You nailed it! A backdoor is a way for a hacker to get into a system through a secret entryway.

9. Which of these are ways a hacker can establish a man-in-the-middle attack? Check all that apply.

  • Tailgating
  • Rogue Access Point (AP) (CORRECT)
  • Evil Twin (CORRECT)
  • Session hijacking (CORRECT)

Nice job! One way a man-in-the-middle attack can be established is a Rogue Access Point attack.

Nice job! An Evil Twin is a man-in-the middle attack where the victim connects to a network that is identical to a legit one, but is actually controlled by a hacker.

Nice job! A common man-in-the-middle attack is “session hijacking” or “cookie hijacking.”

10. Which of these is where a victim connects to a network that the victim thinks is legitimate, but is really an identical network controlled by a hacker to monitor traffic?

  • A Denial of Service (DoS)
  • A logic bomb
  • DNS Cache Poisoning
  • Evil Twin (CORRECT)

Woohoo! The premise of an Evil Twin is for the victim to connect to a network that is identical to a legit one, but it is actually controlled by a hacker.

11. What is it called if a hacker takes down multiple services very quickly with the help of botnets?

  • Distributed denial-of-service (DDoS) (CORRECT)
  • Cross-site Scripting (XSS)
  • A password attack
  • A SQL injection

You nailed it! DDoS attacks utilize multiple machines and can take down services in greater volumes and quicker rates.

12. If a hacker targets a vulnerable website by running commands that delete the website’s data in its database, what type of attack did the hacker perform?

  • A Denial-of-Service (DoS) attack
  • A dictionary attack
  • Cross-site Scripting (XSS)
  • SQL injection (CORRECT)

Woohoo! A SQL injection targets an entire website if the site uses a SQL database. If vulnerable, hackers can run SQL commands that allow them to delete web data, copy it, and run other malicious commands.

13. An end-user received an email stating his bank account was compromised, and that he needs to click a link to reset his password. When the user visited the site, he recognized it as legitimate and entered his credentials which were captured by a hacker. What type of social engineering attack does this describe?

  • A baiting attack
  • A phishing attack (CORRECT)
  • A tailgating attack
  • A SQL injection attack

Nice job! Phishing occurs when a hacker sends a victim an email disguised as being legit but isn’t. For example, you get an email saying your bank account has been compromised. When you click the link to reset your password, you go to a site that looks like it’s your bank’s but it’s actually a fake website trying to steal your password!

14. When cleaning up a system after a compromise, you should look closely for any ______ that may have been installed by the attacker.

  • Injection attacks
  • Backdoors (CORRECT)
  • Poisoned DNS caches
  • Rogue APs

Well done! You can do a complete backup on a regular basis, which involves making a copy of the data to be backed up. The full, unmodified contents of all files is included in this backup mechanism, whether the data was modified or not. This is often very inefficient, if done often with unchanging files.

15. The best defense against password attacks is using strong _______.

  • Passwords (CORRECT)
  • Antimalware software
  • Firewall configs
  • Encryption

Great job! Strong passwords will make password attacks too time-consuming to be viable for an attacker.

16. A hacker stood outside a building and spun up a wireless network without anyone’s knowledge. At that point, the hacker was able to gain unauthorized access to a secure corporate network. Which of these is the name of this type of attack?

  • A Denial-of-Service (DoS) attack
  • SYN flood attack
  • A Rogue AP (Access Point) attack (CORRECT)
  • A DNS Cache Poisoning attack

Nice job! A Rogue AP is an access point that is installed on the network without the network admin’s knowledge. This is very dangerous because this can allow a hacker to gain unauthorized access to a secure network.

17. What can occur during a ping of death (POD) attack? Check all that apply.

  • A Denial-of-Service (DoS) (CORRECT)
  • Remote code execution (CORRECT)
  • Baiting
  • A buffer overflow (CORRECT)

Woohoo! A POD can result in a buffer overflow which allows for the remote execution of malicious code.

Right on! A POD is a type of DoS attack.

Woohoo! A POD can result in a buffer overflow.

18. How can injection attacks be prevented? Check all that apply.

  • Log analysis systems
  • Input validation
  • Flood guards
  • Data sanitization (CORRECT)

Well done! Injection attacks can be mitigated with good software development principles such as validating input.

Well done! Injection attacks can be mitigated with good software development principles such as sanitizing data.

19. How can you increase the strength of your passwords? Check all that apply.

  • Incorporate symbols and numbers. (CORRECT)
  • Exclude dictionary words. (CORRECT)
  • Use passwords from a precompiled list.
  • Use a mix of capital and lowercase letters. (CORRECT)

Awesome! The best way to prevent a password attack is to utilize strong passwords. For example, use a mix of uppercase and lowercase letters.

20. A network-based attack where one attacking machine overwhelms a target with traffic is a(n) _______ attack.

  • Denial of Service (CORRECT)
  • Injection
  • Malware
  • Brute force password

You got it! This is a classic denial-of-service attack. Note that this is not a distributed denial-of-service attack, as the attack traffic is coming from a single source and not distributed over many attacking hosts

21. What makes a DDoS attack different from a DoS attack? Check all that apply.

  • A DDoS attack has attack traffic coming from one source.
  • A DoS attack has attack traffic coming from one source. (CORRECT)
  • A DoS attack has attack traffic coming from many different sources.
  • A DDoS attack has attack traffic coming from many different sources. (CORRECT)

That’s right! The extra “D” in DDoS stands for “Distributed.” This means the attack traffic is distributed among a larger number of attacking machines.

22. Which of these is an example of the confidentiality principle that can help keep your data hidden from unwanted eyes?

  • Making sure the data hasn’t been tampered with (CORRECT)
  • Preventing an unwanted download
  • Preventing data loss
  • Protecting online accounts with password protection

Nice job! Password protection can help limit access to your data so that only those who need it can see it.

23. What’s the difference between a virus and a worm?

  • Viruses replicate through files, but worms live on their own. (CORRECT)
  • Viruses do not replicate like worms do.
  • Worms replicate, viruses do not.
  • Worms replicate through files, but viruses live on their own.

Woohoo! Viruses and worms are similar. The difference is that a virus spreads through files and worms don’t need to attach to something to spread.

24. A hacker infected your computer to steal your Internet connection and used your machine’s resources to mine Bitcoin. What is the name of this kind of attack?

  • Ransomware
  • Adware
  • A bot (CORRECT)
  • Spyware

You nailed it! Malware can use a victim’s machine to perform a task controlled by a hacker. At that point, the compromised machine is known as a bot.

25. Which of these sends tons of packets to a system in order to crash it or prevents services from being available? Check all that apply.

  • SYN flood (CORRECT)
  • Ping flood (CORRECT)
  • An Evil Twin
  • Ping of Death (POD)

Great work! A ping flood sends tons of ICMP echo requests to take down a computer.

26. You receive a legitimate-looking email from a sender that you recognize asking you to click a funny link. But, once you do, malware installs on your computer. What is most likely the reason you got infected?

  • The sender’s email has been hacked.
  • The sender’s email password was cracked.
  • The sender’s email address was spoofed. (CORRECT)
  • The sender’s email password was used in a DNS Cache Poisoning attack.

Yep! The sender sent the email which was spoofed.

27. Which of these is a way to help prevent brute-force attacks? Check all that apply.

  • Strong passwords (CORRECT)
  • Password crackers
  • Using a precompiled list of common passwords
  • Captchas (CORRECT)

Correct: You nailed it! The best way to prevent a password attack, such as a brute-force attack, is to utilize strong passwords.

Correct: You nailed it! In a password attack, an automated password cracker could just keep trying to log in to your account, but a captcha prevents these attacks from executing.

28. A(n) _____ attack is meant to prevent legitimate traffic from reaching a service.

  • Password
  • DNS Cache poisoning
  • Injection
  • Denial of Service (CORRECT)

Correct: Yes! A DoS, or denial-of-service, attack is meant to prevent legitimate traffic from reaching a service.

29. Which of these is true of vulnerabilities? Check all that apply.

  • A vulnerability is a flaw in the code of an application that can be exploited. (CORRECT)
  • An exploit is the possibility of taking advantage of a vulnerability bug in code.
  • A vulnerability is the possibility of suffering a loss in the event of an attack.
  • An exploit takes advantage of bugs and vulnerabilities. (CORRECT)

Correct: You got it! An exploit is software that takes advantage of and “exploits” the vulnerability.

Correct: You got it! An exploit is software that takes advantage of and “exploits” bugs and vulnerabilities.

30. What type of attack can a hacker perform that involves injecting malicious code into a website to hijack a session cookie?

  • A password attack
  • Cross-site Scripting (XSS) (CORRECT)
  • Ping flood
  • SQL injection

Correct: Awesome! XSS (Cross-site Scripting) is an injection attack where the attacker inserts malicious script into a website to achieve session hijacking.

31. Phishing, baiting, and tailgating are examples of ________ attacks.

  • Password
  • Malware
  • Social engineering (CORRECT)
  • Network

Correct: Yep! These three attack types are designed to trick or deceive people into trusting an attacker. Phishing accomplishes this via email, baiting uses physical props like USB drives, and tailgating happens when the attacker follows you into a restricted area.

32. An attack that would allow someone to intercept your data as it’s being sent or received is called a(n) _________ attack.

  • SYN flood
  • Denial of Service
  • Man-in-the-middle (CORRECT)
  • Injection

Correct: Correct! A man-in-the-middle attack allows the attacker to monitor and potentially redirect your traffic.

33. If a hacker can steal your passwords by installing malware that captures all the messages you type, what kind of malware did the hacker install? Check all that apply.

  • A logic bomb
  • A rootkit
  • A keylogger (CORRECT)
  • Spyware (CORRECT)

Correct: Awesome! A hacker can record every keystroke you make with a keylogger, which is a type of spyware.

Correct: Awesome! Spyware is meant to spy on you and steal your passwords.

Previous Course
Next Week 2

Subscribe to our site

Get new content delivered directly to your inbox.

Quiztudy Top Courses

Popular in Coursera

Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!

Subscribe