Introduction to Cybersecurity

One course of Cisco's "Skills for all"

On completing this course, you will be able to:

Explain the basics of being safe online, including what cybersecurity is and its potential impact.
Explain the most common cyber threats, attacks and vulnerabilities.
Explain how organizations can protect their operations against these attacks.
Access various information and resources to explore the different career options in cybersecurity.

Module 4 - Protecting the Organization

Welcome to this module, which will outline the various strategies and tools used by cybersecurity professionals to protect an organization’s network, data and equipment from cybercrime.

You only have to look at the news to understand that all organizations, regardless of type, size or location, are at risk of a cyber attack. It seems that no one is safe.

So is there anything you can do to help protect an organization from a targeted attack? And with many in the security industry predicting that it’s not a case of ‘if’ but ‘when’ a cybersecurity breach will occur, how can you respond to ensure that it has minimal impact?

This module will highlight the actions that you can take to help answer these questions.

Chapter 4.4 - Quiz

4.4.1 Module 4 quiz

Question

What name is given to a device that controls or filters traffic going in or out of the network?

Router Firewall VPN IPS

Question

Which of the following tools can be used to provide a list of open ports on network devices?

Whois Nmap Ping Tracert

Question

What tool can identify malicious traffic by comparing packet contents to known attack signatures?

Nmap IDS NetFlow Zenmap

Question

What is the correct definition of risk management?

The process of identifying and assessing risk to reduce the impact of threats and vulnerabilities The process of identifying and assessing risk to determine the severity of threats The process of accepting risks that cannot be eliminated, mitigated or transferred The process of transferring risks that cannot be eliminated or mitigated

Question

What is the last stage of a pen test?

Gathering target information Scanning Maintaining access Analysis and reporting

Question

Behavior-based analysis involves using baseline information to detect what?

Anomalies Vulnerabilities Backdoors Risk

Question

The risk management process consists of four steps. Can you put these in the right order?

Frame the risk

1 2 3 4

Respond to the risk

1 2 3 4

Monitor the risk

1 2 3 4

Assess the risk

1 2 3 4

Question

What is a security playbook?

A collection of repeatable queries or reports that outline a standardized process for incident detection and response A collection of security alerts, logs and historical data from the network A step-by-step guide on how to carry out IT-related procedures

4.4.2 Module 4 Quiz explanations

Question

Any device that controls or filters traffic going in or out of the network is known as a ____________.

Explanations

A firewall is a network device used to filter inbound or outbound traffic or both.

Answer: firewall

Question

What is the last stage of the Cyber Kill Chain framework?

remote control of the target device
gathering target information
creation of malicious payload
malicious action

Explanations

The Cyber Kill Chain describes the phases of a progressive cyberattack operation. The phases include the following:

Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and control
Actions on objectives

In general, these phases are carried out in sequence. However, during an attack, several phases can be carried out simultaneously, especially if multiple attackers or groups are involved.

Answer: malicious action

Question

Which tool can identify malicious traffic by comparing packet contents to known attack signatures?

Netflow
IDS
Nmap
Zenmap

Explanations

An IDS, or intrusion detection system, is a device that can scan packets and compare them to a set of rules or attack signatures. If the packets match attack signatures, then the IDS can create an alert and log the detection.

Answer: IDS

Question

A _________ is a group of compromised or hacked computers (bots) controlled by an individual with malicious intent.

Explanations

A compromised or hacked computer that is controlled by a malicious individual or group is known as a bot. A group of these hacked computers under the control of a malicious individual or group is known as a botnet.

Answer: botnet

Question

What type of attack disrupts services by overwhelming network devices with bogus traffic?

brute force
port scans
zero-day
DDoS

Explanations

DDoS, or distributed denial of service, attacks are used to disrupt service by overwhelming network devices with bogus traffic.

Answer: DDoS

Question

Which protocol is used by the Cisco Cyberthreat Defense Solution to collect information about the traffic that is traversing the network?

Telnet
HTTPS
NetFlow
NAT

Explanations

NetFlow is used both to gather details about the traffic that is flowing through the network, and to report it to a central collector.

Answer: NetFlow

Question

Behavior-based analysis involves using baseline information to detect _________ that could indicate an attack.

Explanations

Behavior-based security uses informational context to detect anomalies in the network.

Answer: anomalies

Question

Which tool can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks?

SIEM
Netflow
Nmap
Snort

Explanations

Snort is an open source intrusion protection system (IPS) that is capable of performing real-time traffic and port analysis, packet logging, content searching and matching, as well as detecting probes, attacks, port scans, fingerprinting, and buffer overflow attacks.

Answer: Snort

Solved quizzes