COURSE 1 – INTRODUCTION TO CYBERSECURITY TOOLS & CYBER ATTACKS

Module 4: An overview of security tools

IBM CYBERSECURITY ANALYST PROFESSIONAL CERTIFICATE

Complete Coursera Study Guide

Enroll in Coursera IBM Cybersecurity Analyst Professional Certificate Here

TABLE OF CONTENT

INTRODUCTION – An overview of security tools

In this section, you’ll familiarize yourself with essential security utilities such as firewalls, antivirus software, and cryptography. Additionally, you’ll delve into penetration testing and digital forensics. Discover how to access resources on industry trends and emerging threats, aiding you in conducting comprehensive research on cybersecurity.

Learning Objectives

  • Define digital forensics and describe some of its essential concepts and tools
  • Summarize the process for performing a vulnerability assessment
  • Describe each phase of penetration testing outlined in the Penetration Testing Execution Standard (PTES)
  • List common methodologies for penetration testing
  • Describe different types of threat actors
  • Differentiate attackers, offensive security researchers, and gray hat hackers
  • Define penetration testing
  • Describe basic principles of symmetric key cryptography like the data encryption standard (DES) and the advanced encryption standard (AES)
  • Discuss common forms of cryptographic attack
  • Compare and contrast the main encryption types used today: symmetric, asymmetric, and hash
  • Differentiate stream and block ciphers
  • Describe cryptography and its key concepts
  • Explain how antivirus and antimalware programs work
  • Contrast stateless, stateful, and proxy firewalls
  • Describe XML gateways and their purpose
  • Summarize the limitations of firewalls
  • Contrast application gateways with packet filters
  • Describe packet filtering and how packet filters work
  • Explain the purpose of using a firewall
  • Describe key terms and characters from the well-known Alice and Bob cryptography scenario

Firewalls

1. Firewalls contribute to the security of your network in which three (3) ways?

  • Prevent an internal user from downloading data she is not authorized to access.
  • Prevent Denial of Service (DOS) attacks. (CORRECT)
  • Allow only authorized access to inside the network. (CORRECT)
  • Prevent unauthorized modifications to internal data from an outside actor. (CORRECT)

Partially correct! Firewalls can filter out packets in SYN flooding attacks.

Partially correct! Firewalls can allow only authenticated users to pass through.

Partially correct! Firewalls can prevent external connections to internal data.

2. Which packets are selected for inspection by a packet filtering firewall?

  • Every packet entering or leaving a network. (CORRECT)
  • The first packet in any transmission, whether entering or leaving.
  • The first packet of every transmission but only subsequent packets when “high risk” protocols are used.
  • Every packet entering the network but no packets leaving the network.

Correct! Every packet is inspected.

3. True or False: Application Gateways are an effective way to control which individuals can establish telnet connections through the gateway.

  • False
  • True (CORRECT)

Correct! Application gateways are good at managing access by protocol.

4. Why are XML gateways used?

  • XML traffic passes through conventional firewalls without inspection. (CORRECT)
  • XML packet headers are different from that of other protocols and often “confuse” conventional firewalls.
  • XML traffic cannot pass through a conventional firewall.
  • Conventional firewalls attempt to execute XML code as instructions to the firewall.

Correct! Conventional firewalls to do not inspect XML packets for dangerous things like executable code.

5. Which three (3) things are True about Stateless firewalls?

  • They are also known as packet-filtering firewalls. (CORRECT)
  • They maintain tables that allow them to compare current packets with previous packets.
  • They filter packets based upon Layer 3 and 4 information only (IP address and Port number) (CORRECT)
  • They are faster than Stateful firewalls. (CORRECT)

Partially correct! This is another name for a stateless firewall.

Partially correct! They filter on IP and port only.

Partially correct. They have less work to do.

ANTIVIRUS/ANTIMALWARE

1. True or False: Most Antivirus/Antimalware software works by comparing each file encountered on your system against a compressed (zipped) version of known malware maintained by the vendor on the local host.

  • False (CORRECT)
  • True

Correct! Comparing hashes of files is how most detect malicious files on your system.

INTRODUCTION TO CRYPTOGRAPHY

1. How many unique encryption keys are required for 2 people to exchange a series of messages using asymmetric public key cryptogrophy?

  • 2
  • no keys are required
  • 1
  • 4 (CORRECT)

Correct! The sender and reciever both need a public key and a private key.

2. What is Cryptographic Strength?

  • Relies on math, not secrecy
  • Ciphers that have stood the test of time are public algorithms.
  • Exclusive Or (XOR) is the “secret sauce” behind modern encryption.
  • All of the above. (CORRECT)

Correct! All of these are critical.

3. What is the primary difference between Symmetric and Asymmetric encryption?

  • The same key is used to both encrypt and decrypt the message. (CORRECT)
  • Symmetric encryption is inherently less secure than Asymmetric encryption.
  • Symmetric encryption is inherently more secure than Asymmetric encryption.
  • Asymmetric uses only single-use keys so a subscription to a key vendor is required to obtain new keys.

Correct! That is what is symmetric about the process.

4. Which type of cryptographic attack is characterized by an attack based upon trial and error where many millions of keys may be attempted in order to break the encrypted message?

  • Brute force (CORRECT)
  • Rainbow tables
  • Social Engineering
  • Known Plaintext
  • Known Ciphertext
  • All of the above.

Correct! Modern computers can make billions of attempts per second, but good encryption could still make the process last billions of years.

5. What is the correct sequence of steps required for Alice to send a message to Bob using asymmetric encryption?

  • Alice and Bob exchange their private keys to confirm each other’s identity and then Alice uses her public key to encrypt the message that Bob can decrypt using his public key.
  • Alice and Bob exchange their public keys to confirm each other’s identity and then Alice uses her private key to encrypt the message that Bob can decrypt using his private key.
  • Alice uses her private key to encrypt her message and then sends it to Bob. Bob requests Alice’s public key and uses it to decrypt the message.
  • Alice requests Bob’s public key and uses it to encrypt her message. Alice then sends the encrypted message to Bob who decrypts it using his private key. (CORRECT)

Correct! Alice gets Bob’s public key and uses it to encrypt the message that only Bob’s secret private

FIRST LOOK AT PENETRATION TESTING AND DIGITAL FORENSICS

1. A skilled penetration tester wants to show her employer how smart she is in hopes of getting a promotion. Without obtaining permission, she hacks into the company’s new online store to see if there are any weaknesses that can be hardened before the system goes live. She does not do any damage and writes a useful report which she sends over her boss’s head to the CISO. What color hat was she wearing?

  • A White Hat
  • A Gray Hat (CORRECT)
  • A Black Hat
  • A Pink Hat
  • A Rainbow Hat

Correct! Her motivations were good, for the most part, but it is dangerous, a violation of the law and likely her company’s computer security policies to access a system without permission. She may get promoted or she may get fired.

2. Which three (3) are resources that are available to help guide penetration testing efforts by cybersecurity specialists?

  • Open Source Security Testing Methodology Manual (OSSTMM). (CORRECT)
  • NIST SP 800-42 Guidelines on Network Security Testing. (CORRECT)
  • Information Systems Security Assessment Framework (ISSAF) (CORRECT)
  • General Data Protection Regulation (GDPR)

Partially correct! As its name implies, this is a great resource.

Partially correct! NIST is a great resource for pentesting and other cybersecurity issues.

Partially correct! ISSAF is a great resource.

3. According to the Vulnerability Assessment Methodology, Potential Impacts are determined by which 2 factors?

  • Identify Indicators and Exposure
  • Sensitivity and Adaptive Capacity
  • Exposure and Sensitivity (CORRECT)
  • Potential Impacts and Adaptive Capacity

Correct! Weigh potential exposure and the sensitivity of an event to determine its potential impact.

4. In digital forensics, the term Chain of Custody refers to what?

  • This is a physical chain that is place around a crime scene to protect the evidence from being disturbed.
  • The record that documents the sequence of custody, control, transfer, analysis, and disposition of physical or electronic evidence. (CORRECT)
  • This is a digital “chain” that isolated digital evidence from being disturbed until it can be analyzed by the police or other authorities.
  • This chain of custody is simply a written record of who possessed the evidence as it moves from collection to analysis to presentation in a court of law.

Correct! This is a chain where each link represents the state of the evidence at any point in time.

KEY SECURITY TOOLS

1. What is the primary function of a firewall?

  • Uses malware definitions.
  • Filter traffic between networks. (CORRECT)
  • Secures communication that may be understood by the intended recipient only.
  • Scans the system and search for matches against the malware definitions.

2. How many unique encryption keys are required for 2 people to exchange a series of messages using symmetric key cryptography?

  • 1 (CORRECT)
  • 2
  • 4
  • no keys are required

3. Which type of data does a packet-filtering firewall inspect when it decides whether to forward or drop a packet?

  • Source and destination IP addresses.
  • TCP/UDP source and destination port numbers.
  • ICMP message type.
  • TCP SYN and ACK bits.
  • All of the above. (CORRECT)

4. Which type of firewall inspects XML packet payloads for things like executable code, a target IP address that make sense, and a known source IP address?

  • An XML Gateway. (CORRECT)
  • An application-level firewall.
  • A packet-filtering firewall.
  • All of the above.

5. Which statement about Stateful firewalls is True?

  • They have state tables that allow them to compare current packets with previous packets. (CORRECT)
  • They are less secure in general than Stateless firewalls.
  • They are faster than Stateless firewalls.
  • All of the above.

6. True or False: Most Antivirus/Antimalware software works by comparing a hash of every file encountered on your system against a table of hashs of known virus and malware previously made by the antivirus/antimalware vendor.

  • True (CORRECT)
  • False

7. Which type of cryptographic attack is characterized by comparing a captured hashed password against a table of many millions of previously hashed words or strings?

  • Social Engineering
  • Known Ciphertext
  • Rainbow tables (CORRECT)
  • Brute force
  • Known Plaintext

CONCLUSION – An overview of security tools

In conclusion, this module provides a comprehensive introduction to crucial security tools like firewalls, antivirus programs, and cryptography. Additionally, it delves into the realms of penetration testing and digital forensics. By understanding where to access resources on industry trends and emerging threats, you’ll be equipped to conduct thorough research in the field of cybersecurity.

Previous Week
Next Course

Subscribe to our site

Get new content delivered directly to your inbox.

Quiztudy Top Courses

Popular in Coursera

Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!

Subscribe