Cisco !#&? be a network ninja


To the top Chapter 4.4.1 Chapter 4.4.2

Introduction to Cybersecurity

One course of Cisco's "Skills for all"

On completing this course, you will be able to:

Module 4 - Protecting the Organization

Welcome to this module, which will outline the various strategies and tools used by cybersecurity professionals to protect an organization’s network, data and equipment from cybercrime.

You only have to look at the news to understand that all organizations, regardless of type, size or location, are at risk of a cyber attack. It seems that no one is safe.

So is there anything you can do to help protect an organization from a targeted attack? And with many in the security industry predicting that it’s not a case of ‘if’ but ‘when’ a cybersecurity breach will occur, how can you respond to ensure that it has minimal impact?

This module will highlight the actions that you can take to help answer these questions.

Chapter 4.4 - Quiz

4.4.1 Module 4 quiz

Question

What name is given to a device that controls or filters traffic going in or out of the network?

Question

Which of the following tools can be used to provide a list of open ports on network devices?

Question

What tool can identify malicious traffic by comparing packet contents to known attack signatures?

Question

What is the correct definition of risk management?

Question

What is the last stage of a pen test?

Question

Behavior-based analysis involves using baseline information to detect what?

Question

The risk management process consists of four steps. Can you put these in the right order?

Frame the risk

Respond to the risk

Monitor the risk

Assess the risk

Question

What is a security playbook?

4.4.2 Module 4 Quiz explanations

Question

Any device that controls or filters traffic going in or out of the network is known as a ____________.

Explanations

A firewall is a network device used to filter inbound or outbound traffic or both.

Answer: firewall

Question

What is the last stage of the Cyber Kill Chain framework?

  1. remote control of the target device
  2. gathering target information
  3. creation of malicious payload
  4. malicious action
Explanations

The Cyber Kill Chain describes the phases of a progressive cyberattack operation. The phases include the following:

  • Reconnaissance
  • Weaponization
  • Delivery
  • Exploitation
  • Installation
  • Command and control
  • Actions on objectives

In general, these phases are carried out in sequence. However, during an attack, several phases can be carried out simultaneously, especially if multiple attackers or groups are involved.

Answer: malicious action

Question

Which tool can identify malicious traffic by comparing packet contents to known attack signatures?

  1. Netflow
  2. IDS
  3. Nmap
  4. Zenmap
Explanations

An IDS, or intrusion detection system, is a device that can scan packets and compare them to a set of rules or attack signatures. If the packets match attack signatures, then the IDS can create an alert and log the detection.

Answer: IDS

Question

A _________ is a group of compromised or hacked computers (bots) controlled by an individual with malicious intent.

Explanations

A compromised or hacked computer that is controlled by a malicious individual or group is known as a bot. A group of these hacked computers under the control of a malicious individual or group is known as a botnet.

Answer: botnet

Question

What type of attack disrupts services by overwhelming network devices with bogus traffic?

  1. brute force
  2. port scans
  3. zero-day
  4. DDoS
Explanations

DDoS, or distributed denial of service, attacks are used to disrupt service by overwhelming network devices with bogus traffic.

Answer: DDoS

Question

Which protocol is used by the Cisco Cyberthreat Defense Solution to collect information about the traffic that is traversing the network?

  1. Telnet
  2. HTTPS
  3. NetFlow
  4. NAT
Explanations

NetFlow is used both to gather details about the traffic that is flowing through the network, and to report it to a central collector.

Answer: NetFlow

Question

Behavior-based analysis involves using baseline information to detect _________ that could indicate an attack.

Explanations

Behavior-based security uses informational context to detect anomalies in the network.

Answer: anomalies

Question

Which tool can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks?

  1. SIEM
  2. Netflow
  3. Nmap
  4. Snort
Explanations

Snort is an open source intrusion protection system (IPS) that is capable of performing real-time traffic and port analysis, packet logging, content searching and matching, as well as detecting probes, attacks, port scans, fingerprinting, and buffer overflow attacks.

Answer: Snort

Solved quizzes

Skills for all