Professional Documents
Culture Documents
Exam 1.1. Assess Cybersecurity Concepts and Security Principles Learned - Coursera
Exam 1.1. Assess Cybersecurity Concepts and Security Principles Learned - Coursera
Exam 1.1. Assess Cybersecurity Concepts and Security Principles Learned - Coursera
Assess Cybersecurity Concepts and Security Principles Learned English Due Dec 3, 11:59 PM -05
Back Graded Quiz • 42 min
Hide menu
Try again once you are ready
Exam 1.1. Assess Cybersecurity Concepts and Security Principles Learned
Course Overview Try again
Grade Latest Submission To pass 80% or
Vulnerability and Threat received 52.38% Grade 52.38% higher
MOM: Method, Opportunity, Motive
Security Principles: Defense in Depth, Defense with Diversity, Cyber Resilience 1. 2016 DNC was hacked by Russian Hackers. What are the MOM involved? 0.6666666666666666
/ 1 point
Video: Security Principles: Defense in Depth, Defense with Diversity, Cyber Resilience
6 min
Submit your assignment
The methods are to use the hacking tool to break in the insecure/unpatched DNC server and to launch Try again
Reading: Defense in Depth
Due Dec 3, 11:59 PM -05 Attempts 3 every 8 hours phishing emails to get login credential from DNC staff.
10 min
Discussion Prompt: Security Principles: Defense in Depth, Defense with Diversity, Cyber Resilience
Correct
5 min
Receive grade Correct. The tools for phishing credential through emails and for penetrating the insecure servers are Your grade
Quiz: Exam 1.1. Assess Cybersecurity Concepts and Security Principles Learned ready available on internet. View Feedback
42 min To Pass 80% or higher 52.38% We keep your highest score
The main motive is to steal credit card info of donors in DNC server.
The opportunity will not be there if the DNS staff are well trained with cybersecurity awareness on phishing
attacks and how to handle it and if DNS hire qualified IT security professionals with tools patching the
Like Dislike Report an issue
server and protecting the data.
2. The three basic security services with the CIA acronym can be used as a triage tool to analyze cyber incidents and 1 / 1 point
suggest solutions. Which of the following is an application of CIA?
Brian Kreb of Krebonsecurity was attacked by DDoS with more than 600 Gbps 9/20/2016. Such an attack
could have been prevented by encrypting his documents on the hosting web server.
Correct
Correct. Brian Kreb was kicked out of the hosting companies twice due to the availability capability of
companies not able to deal with the amount of attack bandwidth. Finally Google Shield takes him in and
provide capable availability service to defeat the attacks. See the related presentation at USENIX Enigama
2017 conference.
3. Select the correct match based on classifying the attack according to the basic type of threats. 1 / 1 point
North Korea launched DDoS Attacks on FTC, White House, and Dept of Commerce. This is considered as
fabrication threat.
North Korea launched DDoS Attacks on FTC, White House, and Dept of Commerce. This is considered as
interruption threat.
North Korea launched DDoS Attacks on FTC, White House, and Dept of Commerce. This is considered as
Interception threat.
North Korea launched DDoS Attacks on FTC, White House, and Dept of Commerce. This is considered as
modification threat.
Correct
Correct. They intend to interrupt the access to those US web sites.
4. Ashley Madison Web Site got hacked 7/2015. Results in 32M accounts and usernames released on the dark web. 0.5 / 1 point
Since their web site does not verify the email address when users registered, many were framed, users
impersonated e.t.c. How do you design the web site registration process to prevent such abuse (using others'
email addresses as login) from happening?
The abuser is attacking vulnerability and incorrect implementation of the integrity service of the Ashley
Madison site.
The registration will require the user to confirm their registration by sending secure confirmation email with
unique one time pass (OTP) code to the mail account and only when the user hit the link attached in the
email, the registration will be completed.
Correct
Correct. This will work. A person tries to use other's email will not know the OTP to confirm the
registration. The OTP needs to be saved with the registration request for verifcation though. The OTP
need to be sent over secure email to avoid packet sniffing.
The registration will require the user to confirm their registration by sending an email and ask user to send
a simple email back to the site with their email on subject field.
5. Assessing the risk of a secure network system allow us to make wise decision in investing our resources to address 0 / 1 point
the critical impact areas and to improve the "security posture" of our system.
Deter can not often effective achieve, since we often do not know who attack us. Therefore it is not a
method of defense to be considered.
Risk can be assessed by the summation of all impacts of security events and their probability of
occurrence.
Correct
Correct. That is the basic formula we use to estimate or calculate the risks.
6. To reduce the risk we can deploy various methods of defense. They deals with different stages of attacks. 0 / 1 point
By deploying the five different methods of defense, we follow the layer of defense or defense in depth
paradigm and reduce the system risk.
Correct
Correct. Each method of defense deals with different stage of attacks.
Recover is an important method of defense. Fast recovery from disasters increase the availability of the
system.
7. 0.5 / 1 point
Awareness
and Training is listed as one of the top security controls in NIST 800-53.
Access control is listed as one of the top security controls in NIST 800-53.
Audit
and accountability is listed as one of the top security controls in NIST 800-53.
Correct
Correct. It is a critical one. Audit
and accountability can be used to reveal insider attacks and external
intrusion.
8. Risk Management Framework (RMF) is the unified information security framework for the entire federal 0 / 1 point
government that is replacing the legacy Certification and Accreditation (C&A) processes within federal
government departments and agencies, the Department of Defense (DOD) and the Intelligence Community (IC).
RMF has six steps. The first is to categorize information system and assessing the related risks.
Step
5 of RMF is to authorize the use of security control
in Information system.
Correct
Correct. This is done after the security control mechanisms are carefully assessed.
After we authorized the use of security control of information system, we just left it run without monitoring.
Currently most of the computer processing unit are using same mono instruction set architecture (ISA).
Hackers developed a malware can exploit device using the same x8t6/64 instruction set archiecture. The
defend in depth security principle can be deployed to remedy this.
The most often cited security principles is defense in depth. It provide layered security mechansims to
increase security of the system as a whole.
Correct
Correct. If an attack causes one security mechanism to fail, other mechanisms may still provide the
necessary security to protect the system.
To defend the network & infrastructure, we need first line defense to protect the local area network and
wide area network from DDoS attacks, as a second line of defense, we provide
confidentiality and integrity protection for data transmitted over networks to
resist passive monitoring.
10. Cyber Resilience is a new security principle where we design systems to support the functions necessary for 0.3333333333333333
mission success in spite of hostile action or adverse conditions. / 1 point
The constrain, reconstitute, transform, and re-architecture are the new cyber resilience techniques
proposed.
The cyber resilience adds anticipate, withstand (to deal with hostile attacks), evolve to adapt to the
new hostile and degraded system
condition.
11. 0.6666666666666666
What is proper control on the vulnerabilities in the case of Taiwan First Bank ATM Heist? / 1 point
Install a firewall device that blocks traffic to ATM machines except from authorized servers.
Correct
Correct. If this security policy is properly enforced, the hacker will not be able to download the malicious
software
Only small number of IoT devices are compromised and use as Botnet devices for DDoS attacks.
Not just Government (White House), big companies (Sony) got attacked, small and medium size companies
got attacked too.
Correct
Murai botnet does not require those lease their botnet to install DDoS software to
launch the attacks.
Murai botnet web site advertised 50k IoT bots for $4600.
Authenticity deals with verifying the documents are from specific authors
Correct
To verify the signed hash in a secure email, we just extract the public
key from attached sender certificate to decrypt the signed hash without
having to verify integrity of the attached sender certificate.
Integrity deals with making sure the documents are not modified un-authorized person.
14. 0 / 1 point
How do we efficiently defend against DDoS attack?
Trace back or push back the DDoS attacks by contacting FBI or our ISP
Incorrect
Incorrect. The multi-homing gateways or the wide area proxy servers are subjected to further attacks.
15. What factors are included in the method for a cyber attack? 1 / 1 point
The skill, knowledge, tools and other things with which to be able to pull off the attack
The reason a hacker/cracker to want to perform the cyber attack against this syste.
Correct
Correct.
Correct
Correct. By denying any of these factors the attacks will not occur.
17. In Taiwan First Bank ATM Heist case, what are the MOM factors? 0.3333333333333333
/ 1 point
The ATM machines and First Bank servers are connected and can be accessed through Internet easily
Correct
Correct. The hacker first compromised the First Bank Answering server in its London branch and then use
it to access the ATM machines in Taipei that are vulnerable.
The ATM machines of this bank in Taipei city contains large volume of cashes for their customers even at
night.
First Bank uses the same vulnerable ATM software which the hacker has exploit before.
18. In Taiwan First Bank ATM Heist case, what are the MOM factors caused the robbers got caught? Hint. From defense 1 / 1 point
point of view.
The robber thinks no body will witness the peculiar money drawn at night.
The citizen/taxi drives do not care about the behavior of their passenger.
It is difficult to launder money, or carry such a large lump sum of money through airport.
Correct
Correct. This is the method factors that was not carefully consider. Taiwan is an island. Not easy to get in
and out.
19. In case study: Taiwan First Bank ATM Heist 7/2016. What are the main threats? Related Story: 0 / 1 point
The security policy may not be restrictive enough to limit where the software updates come from.
ATM machine does not verify the integrity of the software patch or the identity of download server.
Incorrect
Incorrect. That is one of vulnerabilities, not threat. The threat comes from Hackers that break in to the
First Bank's London Server and utilize the vulnerability of the ATM system to replace with their malware to
spit out cashes in the compromised ATM machines on their demand.
20. In 2016 Russian hack of Clinton Campaign incidence, the main vulnerability is 0.75 / 1 point
Related story:
https://www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html?_r=0
The DNC server was not secure and was compromised earlier 2015
Correct
Correct. DNS servers was compromised and detected by FBI for sending emails to Russian. Security policy
does/may not exist for urgently following up FBI alerts or their enforcement procedures were not strictly
followed.
Super cyber attack skill of Russian hackers Fancy Bear and Cozy Bear
The staff of Mr. Podesta (Clintons Campaign Chairman) believe the emails from gmail to him were legitimate
and change the password accordingly.
21. As a receiver, why do we need to compute the hash of received signed document ourselves and then compare that 1 / 1 point
with decrypted signed hash?
This is just to make the computation longer to convince the receiver the crypto library program has done a
lot of work.
Correct
Correct. For example, a hacker can just change the public key or subject field of a certificate without
changing the signed hash of the certificate. If we just verify that the signed hash can be decrypted by the
public key of sender, we may accept altered content.
22. How we can strengthen the authentication of users in the login process? 0.75 / 1 point
Correct
Correct. Requiring more that one means of identifications is an excellent approach for authentication.
****
23. Which of the following are methods of defense that deal with risks? 0.6666666666666666
/ 1 point
Recover
Correct
Correct. After the system being hacked, use contingent/disaster recovery plan to restore system or
mitigate the damages.
Deflect
Deter
Obfuscate
Detect
Correct
Correct. Use IDS to provide early detection of intrusion. Give response team longer time to act or call for
help.
Prevent
Correct
Correct. Preemption and External deference are corresponding external prevention and internal
prevention. Reducing the number of network ports/services (attack surface) belongs to such a method.
Correct
Correct.
Correct
Correct.
Correct
Correct. Really turn in on.
Correct
Correct.
Correct
Correct.
Correct
Correct.
25. Which of the following are part of the Security Control Family of document? 0.5 / 1 point
Auditing and Accountability is one of the important security control listed in NIST 800-53.
Correct
Correct.
Configuration Management is one of the important security control listed in NIST 800-53.
26. What is the first line of defense for insider attacks? 0 / 1 point
The first line of defense for insider attacks is Authenticated Access Control and Audit
The first line of defense for insider attacks is Physical and Personnel Security
Incorrect
Incorrect. This is 2nd line of defense for insider attacks.
We should encourage the development of diverse system architecture, OS', crucial libraries/software
packages, and programming languges.
Correct
Systems with dynamic changing ISA exist but incur 100% performance degradation
Mono instruction architectures, such as Intel x86/64, make it easier for attackers to develop one malicious
software to attack vulnerabilities in all systems with the same architecture.
Framework for allowing real-time seamless service/app migration from one system to another remote
system is too difficult. So do not try it.
An architecture is more resilient if it can provide these functions with higher probability, shorter periods of
reduced capability, and across a wider range of scenarios, conditions and threats.