sc900 Prereq

Describe what is cybersecurity - Learn
wwlpublish
• 3 minutes
People, organizations, and governments are routinely falling victim to cyberattacks. We constantly hear
references to concepts like cybersecurity, cyberattacks, cybercriminals, and more. This can all sound
daunting and difficult to grasp. To protect yourself and those around you, you'll need to have a basic
understanding of these concepts.
What is a cyberattack?
A cyberattack is commonly defined as an attempt to gain illegal access to a computer or computer system
to cause damage or harm. But only thinking of computers or computer systems, in a traditional sense, is
limiting. The reality is that a cyberattack can occur on almost any modern digital device. The impact can
range from an inconvenience for an individual to global economic and social disruption.
An attacker can use people, computers, phones, applications, messages, and system processes to carry out
an attack. Individuals, organizations, institutions, and governments can be victims of an attack. These
attackers might:
• Lock data and processes, and demand a ransom.

• Remove vital information to cause serious harm.
• Steal information.
• Publicly expose private information.
• Stop vital business processes and systems from running, to cause disruption and malfunction.
With cyberattacks continuously evolving, it's important for you to remember that attackers don't exclusively
need a computer to carry out an attack. Also, attacks can vary widely in their nature and scope. Any
digitally connected device or entity can be used as part of an attack, or be subject to an attack.
What is a cybercriminal?
A cybercriminal is anyone who carries out a cyberattack. Cybercriminals can be:
• A single person or a group of people.

• An organization for hire.
• A government entity.
Cybercriminals can be located anywhere, including embedded inside an organization or institution, to cause
damage from within.
What is cybersecurity?
Cybersecurity refers to technologies, processes, and training that help protect systems, networks, programs,
and data from cyberattacks, damage, and unauthorized access. Cybersecurity enables you to achieve the
following goals:
• Confidentiality: Information should only be visible to the right people.
• Integrity: Information should only be changed by the right people or processes.
• Availability: Information should be visible and accessible whenever needed.
This is commonly referred to as the Confidentiality, Integrity, Availability (CIA) model in the context of
cybersecurity. Throughout the rest of this module, you'll learn about the types of attacks that cybercriminals
use to disrupt these goals, and cause harm. You'll also see some basic threat mitigation strategies.
Next unit: Describe the threat landscape

Continue
Ｒ Previous Unit 3 of 7 Ｓ Next Ｔ
＂ 100 XP
Describe the threat landscape

7 minutes
You've now learned about cyberattacks, cybercriminals, and cybersecurity. But you'll also
need to understand the means cybercriminals can use to carry out attacks and achieve their
aims. To do this, you'll learn about concepts like the threat landscape, attack vectors,
security breaches, and more.
What is the threat landscape?

Whether an organization is big or small, the entirety of the digital landscape with which it
interacts represents an entry point for a cyberattack. These can include:
• Email accounts
• Social media accounts
• Mobile devices
• The organization's technology infrastructure
• Cloud services
• People
Collectively, these are referred to as the threat landscape. Notice that the threat landscape
can cover more than just computers and mobile phones. It can include any elements that
are owned or managed by an organization, or some that are not. As you'll learn next,
criminals will use any means they can to mount and carry out an attack.
What are attack vectors?

An attack vector is an entry point or route for an attacker to gain access to a system.
Email is perhaps the most common attack vector. Cybercriminals will send seemingly
legitimate emails that result in users taking action. This might include downloading a file, or
selecting a link that will compromise their device. Another common attack vector is through
wireless networks. Bad actors will often tap into unsecured wireless networks at airports or
coffee shops, looking for vulnerabilities in the devices of users who access the wireless
network. Monitoring social media accounts, or even accessing devices that are left
unsecured, are other commonly used routes for cyberattacks. However, you should know
that attackers don’t need to rely on any of these. They can use a variety of less obvious
attack vectors. Here are some examples:
• Removable media. An attacker can use media such as USB drives, smart cables,
storage cards, and more to compromise a device. For example, attackers might load
malicious code into USB devices that are subsequently provided to users as a free gift,
or left in public spaces to be found. When they're plugged in, the damage is done.
• Browser. Attackers can use malicious websites or browser extensions to get users to
download malicious software on their devices, or change a user's browser settings. The
device can then become compromised, providing an entry point to the wider system
or network.
• Cloud services. Organizations rely more and more on cloud services for day-to-day
business and processes. Attackers can compromise poorly secured resources or
services in the cloud. For example, an attacker could compromise an account in a
cloud service, and gain control of any resources or services accessible to that account.
They could also gain access to another account with even more permissions.
• Insiders. The employees of an organization can serve as an attack vector in a
cyberattack, whether intentionally or not. An employee might become the victim of a
cybercriminal who impersonates them as a person of authority to gain unauthorized
access to a system. This is a form of social engineering attack. In this scenario, the
employee serves as an unintentional attack vector. In some cases, however, an
employee with authorized access may use it to intentionally steal or cause harm.
What are security breaches?

Any attack that results in someone gaining unauthorized access to devices, services, or
networks is considered a security breach. Imagine a security breach as similar to a break-in
where an intruder (attacker) successfully breaks into a building (a device, application, or
network).
Security breaches come in different forms, including the following:
Social engineering attacks

It is common to think about security breaches as exploiting some flaw or vulnerability in a
technology service or piece of equipment. Likewise, you might believe that security
breaches only happen because of vulnerabilities in technology. But that’s not the case.
Attackers can use social engineering attacks to exploit or manipulate users into granting
them unauthorized access to a system.
In social engineering, impersonation attacks happen when an unauthorized user (the

attacker), aims to gain the trust of an authorized user by posing as a person of authority to
access a system from some nefarious activity. For example, a cybercriminal might pretend to
be a support engineer to trick a user into revealing their password to access an
organization’s systems.
Browser attacks
Whether on a desktop, laptop, or phone, browsers are an important access tool for the
internet. Security vulnerabilities in a browser can have a significant impact because of their
pervasiveness. For example, suppose a user is working on an important project with a
looming deadline. They want to figure out how to solve a particular problem for their
project. They find a website that they believe will provide a solution.
The website asks the user to make some changes to their browser settings so they can
install an add-on. The user follows the instructions on the website. Unknown to them, the
browser is now compromised. This is a browser modifier attack, one of many different types
used by cybercriminals. An attacker can now use the browser to steal information, monitor
user behavior, or compromise a device.
Password attacks
A password attack is when someone attempts to use authentication for a password-
protected account to gain unauthorized access to a device or system. Attackers often use
software to speed up the process of cracking and guessing passwords. For example,
suppose an attacker has somehow discovered someone's username for their work account.
The attacker then tries a vast number of possible password combinations to access the
user’s account. The password only has to be correct once for the attacker to get access. This
is known as a brute force attack and is one of many ways in which a cybercriminal can use
password attacks.
What are data breaches?

A data breach is when an attacker successfully gains access or control of data. Using the
intruder example, this would be similar to that person getting access to, or stealing, vital
documents and information inside the building:
When an attacker achieves a security breach, they'll often want to target data, because it
represents vital information. Poor data security can lead to an attacker gaining access and
control of data. This can lead to serious consequences for the victim, whether that is a
person, organization, or even a government. This is because the victim's data could be
abused in many ways. For example, it can be held as ransom or used to cause financial or
reputational harm.
Next unit: Describe malware
Continue Ｔ
Describe malware - Learn
wwlpublish
• 4 minutes
You've heard about terms like malware, viruses, worms, and so on. But what do
these things mean? Is a virus a worm? Exactly what does malware do? These are
just some of the basic concepts you’ll learn about in this unit.
What is malware?
Malware comes from the combination of the words malicious and software. It’s a
piece of software used by cybercriminals to infect systems and carry out actions
that will cause harm. This could include stealing data or disrupting normal usage
and processes.
Malware has two main components:
• Propagation mechanism
• Payload
What is a propagation mechanism?

Propagation is how the malware spreads itself across one or more systems. Here
are a few examples of common propagation techniques:
Virus
Most of us are already familiar with this term. But what does it actually mean?
First, let’s think about viruses in non-technical terms. In biology, for example, a
virus enters the human body, and once inside, can spread and cause harm.
Technology-based viruses depend on some means of entry, specifically a user
action, to get into a system. For example, a user might download a file or plug in
a USB device that contains the virus, and contaminates the system. You now
have a security breach.
Worm
In contrast to a virus, a worm doesn't need any user action to spread itself across
systems. Instead, a worm causes damage by finding vulnerable systems it can
exploit. Once inside, the worm can spread to other connected systems. For
example, a worm might infect a device by exploiting a vulnerability in an
application that runs on it. The worm can then spread across other devices in the
same network and other connected networks.
Trojan
A trojan horse attack gets its name from classical history, where soldiers hid
inside a wooden horse that was presented as a gift to the Trojans. When the
Trojans brought the wooden horse into their city, the soldiers emerged from
hiding and attacked. In the context of cybersecurity, a trojan is a type of malware
that pretends to be a genuine piece of software. When a user installs the
program, it can pretend to be working as advertised, but the program also
secretly performs malicious actions such as stealing information.
What is a payload?
The payload is the action that a piece of malware performs on an infected device
or system. Here are some common types of payload:
• Ransomware is a payload that locks systems or data until the victim has
paid a ransom. Suppose there's an unidentified vulnerability in a network
of connected devices. A cybercriminal can exploit this to access and then
encrypt all files across this network. The attacker then demands a ransom
in return for decrypting the files. They might threaten to remove all of the
files if the ransom hasn't been paid by a set deadline.
• Spyware is a type of payload that spies on a device or system. For
example, the malware may install keyboard scanning software on a user's
device, collect password details, and transmit them back to the attacker, all
without the user's knowledge.
• Backdoors: A backdoor is a payload that enables a cybercriminal to
exploit a vulnerability in a system or device to bypass existing security
measures and cause harm. Imagine that a cybercriminal infiltrates a
software developing company and leaves some code that allows them to
carry out attacks. This becomes a backdoor that the cybercriminal could
use to hack into the application, the device it's running on, and even the
organization's and customers' networks and systems.
• Botnet is a type of payload that joins a computer, server, or another
device to a network of similarly infected devices that can be controlled
remotely to carry out some nefarious action. A common application of
botnet malware is crypto-mining (often referred to as crypto-mining
malware). In this case, the malware connects a device to a botnet that
consumes the device's computing power to mine or generate
cryptocurrencies. A user might notice their computer is running slower
than normal and getting worse by the day.
Next unit: Describe basic mitigation strategies

Continue
Need help? See our troubleshooting guide or provide specific feedback by

reporting an issue.
Describe basic mitigation strategies - Learn
wwlpublish
• 4 minutes
You've learned that there are many different types of cyberattack. But how do
you defend your organization against cybercriminals? There are several different
ways that you can keep cyberattackers at bay, from multifactor authentication to
improved browser security, and by informing and educating users.
What is a mitigation strategy?

A mitigation strategy is a measure or collection of steps that an organization
takes to prevent or defend against a cyberattack. This is usually done by
implementing technological and organizational policies and processes designed
to protect against attacks. Here are some of the many different mitigation
strategies available to an organization:
Multifactor authentication
Traditionally, if someone's password or username is compromised, this allows a
cybercriminal to gain control of the account. But multifactor authentication was
introduced to combat this.
Multifactor authentication works by requiring a user to provide multiple forms

of identification to verify that they are who they claim to be. The most common
form of identification used to verify or authenticate a user is a password. This
represents something the user knows.
Two other authentication methods provide something the user is, such as a
fingerprint or retinal scan (a biometric form of authentication), or provide
something the user has, such as a phone, hardware key, or other trusted device.
Multifactor authentication employs two or more of these forms of proof to verify
a valid user.
For example, a bank might require a user to provide security codes sent to their
mobile device, in addition to their username and password, to access their online
account.
Browser security
We all rely on browsers to access the internet to work and carry out our daily
tasks. As you've learned earlier, attackers can compromise poorly secured
browsers. A user might download a malicious file or install a malicious add-on
that can compromise the browser, the device and even propagate itself into an
organization's systems. Organizations can protect against these types of attacks
by implementing security policies that:
• Prevent the installation of unauthorized browser extensions or add-ons.

• Only allow permitted browsers to be installed on devices.
• Block certain sites using web content filters.
• Keep browsers up to date.
Educate users
Social engineering attacks rely on the vulnerabilities of humans to cause harm.
Organizations can defend against social engineering attacks by educating their
staff. Users should learn how to recognize malicious content they receive or
encounter, and know what to do when they spot something suspicious. For
example, organizations can teach users to:
• Identify suspicious elements in a message.

• Never respond to external requests for personal information.
• Lock devices when they're not in use.
• Only store, share and remove data according to the organization's policies.
Threat intelligence
The threat landscape can be vast. Organizations might have many attack vectors
that are all possible targets for cybercriminals. This means that organizations
need to take as many measures as possible to monitor, prevent, defend against
attacks, and even identify possible vulnerabilities before cybercriminals use
them to carry out attacks. In short, they need to use threat intelligence.
Threat intelligence enables an organization to collect systems information,

details about vulnerabilities, information on attacks, and more. Based on its
understanding of this information, the organization can then implement policies
for security, devices, user access, and more, to defend against cyberattacks. The
collection of information to gain insights, and respond to cyberattacks, is known
as threat intelligence.
Organizations can use technological solutions to implement threat intelligence

across their systems. These are often threat intelligent solutions that can
automatically collect information, and even hunt and respond to attacks and
vulnerabilities.
These are just some of the mitigation strategies that organizations can take to
protect against cyberattacks. Mitigation strategies enable an organization to take
a robust approach to cybersecurity. This will ultimately protect the
confidentiality, integrity, and availability of information.
200 XP
Knowledge check
1 minute
Choose the best response for each of the questions below. Then select "Check your
answers".
Check your knowledge

1. What are the three goals of cybersecurity?
 Conformity, identity, and authorization.
 Confidentiality, integrity, and availability.
 Confidentiality, identity, authorization.
2. Which type of security breach exploits or manipulates users into making changes to
settings or installing add-ons that allow data to be stolen?
 Social Engineering.
 Browser.
 Password.
3. Which mitigation strategy uses the principle of something the user knows and has?
 Threat intelligence.
 Browser security.
 Multifactor authentication
Check your answers

Describe cryptography - Learn
wwlpublish
• 2 minutes
The desire to keep secrets has been with us since we first learned to communicate. As
we developed new methods and ways of communicating over the centuries, the need to
share secrets with friends and allies grew.
Definition of cryptography
Cryptography, derived from the Greek word "Kryptos", which means hidden or secret, is
the application of secure communication in any form between a sender and a recipient.
Typically, cryptography is used to obscure the meaning of a written message, but it can
also be applied to images.
The first known use of cryptography can be traced back to ancient Egypt and the use of
complex hieroglyphics. One of the first ciphers ever used to secure military
communications came from the Roman Emperor Julius Caesar.
These two examples make clear that cryptography has many uses and isn't limited to the
digital world. However, from those humble origins, one thing is sure, cryptography is
now a fundamental requirement in helping secure our digitally connected planet.
• Each time you use a browser to access, for example, an HTTPS address, an online
retail store, your bank, or even this Learn site, elements of cryptography are
keeping your interactions confidential and secure.
• Whenever you wirelessly connect a device to a router to access the internet,
cryptography helps make it secure.
• You can use it to secure and protect files on external or internal storage.
• Smartphones have changed the way we communicate, from video and audio calls
to text messaging. Cryptography is used to maintain the confidentiality and
integrity of these communications.
As with all systems, cryptography has its own language of terms and phrases. Two of the
important ones are plaintext and ciphertext.
• The term plaintext represents any message including documents, music, pictures,
movies, data, and computer programs, waiting to be cryptographically
transformed.
• When the plaintext has been turned into a secret message, it's called ciphertext.
This term represents the encrypted/secured data.
Next unit: Describe encryption and its use in

cybersecurity
＂ 100 XP
Describe encryption and its use in

cybersecurity
10 minutes
As you discovered in the previous unit, cryptography is the art of obscuring the meaning of
a message to everyone but the intended recipient. This requires the plaintext message to be
transformed into ciphertext. The mechanism that enables this is called encryption.
The methods used to encrypt a message have evolved over thousands of years, from
swapping one letter for another to more elaborate mechanical devices like the Enigma
machine.
Encryption now takes place in the digital world. It uses computers and mathematics to
combine large random prime numbers to create keys that are used in both symmetric and
asymmetric encryption.
What is encryption?
Encryption is the mechanism by which plaintext messages are turned into unreadable
ciphertext. The use of encryption enhances the confidentiality of data being shared with
your recipient, whether they're a friend, a work colleague, or another business.
Decryption is the mechanism by which the recipient of a ciphertext message can turn it back
into readable plaintext.
To facilitate the encryption and decryption process, you need to use a secret encryption key.
This key is much like the one you’d use to open your car, or the door to your house.
Encryption keys come in two flavors:
• Symmetric keys
• Asymmetric keys
Symmetric keys
Symmetric key encryption is based around the idea that the same cryptographic key is used
for both the encryption of the plaintext message and the decryption of the ciphertext
message. This makes the encryption method quick and provides a degree of confidentiality
about the security of the ciphertext.
With this encryption method, the cryptographic key is treated as a shared secret between
two or more parties. The secret must be carefully guarded to avoid it being found by a bad
actor. All parties must have the same cryptographic key before secure messages can be
sent. Distribution of the key represents one of the challenges associated with symmetric
encryption.
Consider a group or organization where each individual needs the capability to

communicate securely with every other person. If the group consists of three individuals,
you need only three keys.
Now let’s consider an organization with only 100 employees, where each person needs to
communicate securely with everyone else. In this case, 4,950 keys need to be created, and
securely shared and managed. Lastly, imagine a government-based organization with 1,000
employees where each individual needs to communicate securely. The number of keys
required is 450,000. This growth can be expressed with a formula: p x (p-1) /2, where p is
the number of people who need to communicate.
As the number of people in the organization grows, the number of keys increases
significantly. This makes the secure management and distribution of secret keys, which are
used in symmetric encryption, difficult and costly.
Asymmetric or public-key encryption

Asymmetric encryption was developed in the 1970s. It addresses the secure distribution and
proliferation of keys that are associated with symmetric encryption.
Asymmetric encryption changed the way cryptographic keys were shared. Rather than one
encryption key, an asymmetric key is composed of two elements, a private key and a public
key, which form a key pair. The public key, as the name suggests, can be shared with
anyone, so individuals and organizations don’t need to worry about its secure distribution.
The private key must be kept safe. It's looked after only by the person who generated the
key pair and isn't shared with anyone. A user who needs to encrypt a message would use
the public key, and only the person holding the private key could decrypt it.
Asymmetric encryption, with its use of public and private keys, removes the burden of
secure distribution of keys. This concept also addresses the proliferation of keys we saw in
symmetric encryption. Consider the example of the government-based organization with
1,000 employees, where each individual must be able to communicate securely. With
asymmetric encryption, every person will generate a key pair, resulting in 2,000 keys. With
symmetric encryption, this would have required 450,000 keys.
How does asymmetric encryption work

While the algorithms and mathematics that underpin asymmetric encryption are complex,
the principle of how it works is relatively easy.
Let's assume that we have two people, Quincy and Monica, who need to communicate
securely and privately. Using readily available software tools, Quincy and Monica each
create their own key pair.
The first thing that Quincy and Monica will do is share their public keys with each other.
Because public keys aren't secret, they can exchange them via email.
When Quincy wants to send a secured message to Monica, he uses her public key to
encrypt the plaintext and create the ciphertext. Quincy then sends the ciphertext to Monica
using whatever means he wants, such as email. When Monica receives the ciphertext, she
uses her private key to decrypt it, turning it back to plaintext.
When Monica wants to respond, she uses Quincy's public key to encrypt the message
before sending it. Quincy then uses his private key to decrypt it.
Let's assume that Eve is interested in what Quincy and Monica are saying. Eve intercepts a
ciphertext message sent from Quincy to Monica. Additionally, Eve knows Monica's public
key.
Because Eve doesn’t know Monica’s private key, she has no way of decrypting the
ciphertext. If Eve tries to decrypt the ciphertext with Monica’s public key, she will see
gibberish.
Given the nature of asymmetric encryption, even if you know the public key, it's impossible
to discover the private key.
In this two-minute video, we'll demonstrate how symmetric and asymmetric encryption
work, and how they protect your documents from being read by unauthorized people.
Different types of encryptions

There are several different types of symmetric and asymmetric encryption, and new versions
are being invented all the time. Here are some that you may encounter:
• Data Encryption Standard (DES) and Triple-DES. This was one of the first symmetric
encryption standards used.
• Advanced encryption standard (AES). AES replaced DES and Triple DES, and is still
widely used today.
• RSA. This was one of the first asymmetric encryption standards, and variations are still
being used today.
Where is encryption used?
Encryption is used worldwide in almost every facet of our lives, from making a call on your
smartphone to using your credit card for a purchase in a shop. Encryption is used even
more when you browse the web.
Web browsing - you may not realize it, but every time you go to a website where the
address starts with HTTPS, or there is a padlock icon, encryption is being used. In the
address bar for this web page, you will notice it starts with https://. Similarly, when you
connect to your bank through the web or make an online purchase where you provide
sensitive information, such as a credit card number, you should make sure you see https://
in the address bar.
Device encryption – many operating systems provide tools to enable encryption of hard
drives and portable devices. For example, Windows BitLocker, a feature of the Windows
operating system, provides encryption for your PC hard drive or portable drives that may
connect via USB.
Messaging applications – some commonly known and available messaging applications

encrypt messages.
Mobile communications - whether you're using a smartphone or other mobile

communications device, encryption is used to securely register it with the nearest mast or
cell tower. This ensures you always have the best signal strength.
Next unit: Describe hashing and its application in digital

signing
Continue Ｔ
＂ 100 XP
Describe hashing and its application in

digital signing
4 minutes
So far, you've seen how cryptography, through the use of encryption, is used to keep
messages safe from prying eyes. Cryptography is also used to verify that data, like
documents and images, haven't been tampered with. This is done through a process called
hashing.
What is hashing?
Hashing uses an algorithm, also known as a hashing function, to convert the original text to
a unique fixed-length value. This is called a hash value. Each time the same text is hashed
using the same algorithm, the same hash value is produced. That hash can then be used as
a unique identifier of its associated data.
Hashing is different to encryption in that it doesn't use keys, and the hashed value can’t
decrypt back to the original.
There are many different types of hash functions. One that's common, and you may hear in
discussions with security professionals, is the Secure Hash Algorithm (SHA). SHA is a family
of hash algorithms that each work differently. The details are beyond the scope of this
content, but one of the more commonly used SHAs is SHA-256 which produces a hash
value that is 256 bits long.
What is a digital signature?

A common application of hashing is in digital signing. Like a signature on a piece of paper,
a digital signature validates that the document bears the signature which actually comes
from the person who signed it. Additionally, a digital signature is used to validate that the
document hasn't been tampered with.
How does a digital signature work?

A digital signature will always be unique to each person signing a document, much like one
that's been handwritten. All digital signatures use an asymmetric key pair: the private and
public keys.
Using a digital signing service, Monica can assign a digital signature to the document to
prove that it hasn’t changed. Signing the document creates a time-stamped hash for it. This
hash is then encrypted using Monica’s private key. Next, the signing service appends the
hash to the original document, which isn't encrypted. Finally, both the digitally signed
document and Monica’s public key are sent to Victoria.
When Victoria receives the digitally signed document, she uses the same digital signing
service to extract Monica’s hash from the document, and generate a fresh hash for the
original plaintext document. Then, using Monica’s public key, the encrypted hash is
decrypted. If Monica’s decrypted hash matches the one Victoria created for the document,
then the digital signature is valid. Victoria then knows that the document hasn’t been
tampered with.
The following two-minute video demonstrates how digital signatures work, and how they
show if a document has been tampered with.
Digital signing requires using a digital signing service. Many companies offer this capability.
Two of the most popular are DocuSign and Adobe Sign.
Describe digital certificates - Learn
wwlpublish
• 2 minutes
Cryptography has many applications in today's modern world. So far, you've

seen how it can maintain the confidentiality and authenticity of ciphertext
messages. Through hashing, cryptography also verifies that a plaintext message
hasn't changed.
Essentially, a digital certificate is a key pair that's been issued by a certificate

authority. A certificate authority guarantees that the key pair being used has
come from a trusted source, who has vetted and verified the identity of the
person requesting it. A good example is when you want to get a passport. The
government passport agency must verify that you're who you say you are before
they issue the new document.
Much like a passport, digital certificates have a short lifespan, which tends to be
one year, after which the certificate expires. When that happens, you'll see a
warning message about expired certificates when visiting some websites. This
indicates that authentication of the server can't be confirmed.
Why do we need digital certificates?

Previously, we showed an example of Quincy and Monica wanting to share
secure ciphertext messages in the encryption unit. While asymmetric encryption
supports this and creates confidence that the ciphertext is safe, there's another
consideration.
Because the public key is easy to obtain and is in plaintext, anyone can encrypt a
message and send it to Monica, by impersonating Quincy. Monica has no way of
authenticating that the message came from Quincy.
Instead of his original key pair, Quincy uses a certification authority (CA) to
create a digital certificate that links his identity with the CA-generated key pair.
Now, when Quincy sends a message to Monica, he can encrypt it and attach the
certificate. When Monica receives the message, she can use the CA public key to
decrypt it.
Need help? See our troubleshooting guide or provide specific feedback by

reporting an issue.
200 XP
Knowledge check
1 minute
answers".

1. How many keys are required when using symmetric encryption?
 Three.
 One.
 Two.
2. When using asymmetric encryption, which key shouldn't be shared?
 Private key.
 Public key.
 Key pair.
3. What is a hashing function?
A hashing function is an algorithm that creates a new ciphertext


message from the plaintext.
A hashing function is an algorithm that's used to decrypt


ciphertext from the sender.
A hashing function is an algorithm that creates a fixed-length


hexadecimal value of the plaintext.
Check your answers

＂ 100 XP
Define authentication
5 minutes
Authentication is the process of proving that a person is who they say they are. When
someone purchases an item with a credit card, they may be required to show an additional
form of identification. This proves that they are the person whose name appears on the
card. In this example, the user may show a driver’s license that serves as a form of
authentication and proves their ID.
When you want to access a computer or device, you'll encounter the same type of
authentication. You may get asked to enter a username and password. The username states
who you are, but by itself isn't enough to grant you access. When combined with the
password, which only that user should know, it allows access to your systems. The username
and password are a form of authentication.
Strong authentication methods are essential to maintaining good cybersecurity and ensure
that only authorized users can gain access to confidential data and resources.
While authentication will verifying the user, it doesn't govern what a user can do once
they've been authenticated. Control over what a user can do is called authorization and
we'll cover that later in this module.
Authentication methods
Authentication can be divided into three types: something you know, something you have,
and something you are.
• Something you know includes:

◦ Passwords
◦ PIN numbers
◦ Security questions
• Something you have includes:
◦ Identity cards
◦ USB keys
◦ Computers
◦ Cell phones
• Something you are includes:
◦ A fingerprint
◦ Facial recognition
◦ Retinal scan
◦ Other forms of biometric ID.
Biometric identification is comprised of physical characteristics that uniquely identify an

individual.
Single-factor authentication
Single-factor authentication is a system where only one authentication type is used, making
it the least secure but simplest method.
An example of a this system is when the user provides something they know, such as a
password, to authenticate. Simple passwords are straightforward to remember but easy for
criminals to hack. Complex passwords might seem more secure, but they'll be impossible to
remember. It's more likely that someone will write down this type of password, making it
much less secure.
Another single-factor authentication method is to use something you have. For example,
using your cell phone to pay for an item. A tap-to-pay service authenticates the user
through something that they have but doesn't require another verification method.
A biometric, something you are, can be used as a single-factor authentication method, but
in some common scenarios, it's not necessarily more secure. Consider, for example, when
you use a fingerprint to unlock your cell phone. You've probably known instances where the
fingerprint might not be readily recognized, so you're given the option to enter a pin. This
can make it easier for someone to guess. In most biometric cases, it's used in conjunction
with another form of authentication.
Single-factor authentication is convenient but isn't suitable for a highly secure system.
Multifactor authentication
Multifactor authentication is a system where two, or even three, authentication types are
used. By providing something that you know, something that you have, and something that
you are, the system's security is massively increased. For example, in a multifactor
authentication system that uses two types of authentications, you might be asked for a
password, and then a number is sent to your cell phone. You input this number, proving
that you know the password and have your cell phone. This is a common approach when
you use multifactor authentication to access an online bank account. Multifactor
authentication reduces the likelihood that a bad actor will be able to get access to
confidential information.
As mentioned earlier, biometric authentication is most often used in conjunction with

another method of authentication. Consider the example of a bank that has a secured area
where it keeps customers’ safety deposit boxes. Before someone can gain access, they're
typically required to successfully enter both a password and a fingerprint scan.
Multifactor authentication is an important way users and organizations can improve

security. It should be the default approach for authentication.
Next unit: Describe authentication-based attacks
Continue Ｔ
＂ 100 XP
Describe authentication-based attacks

4 minutes
Authentication attacks occur when someone tries to steal another person's credentials. They
can then pretend to be that person. Because an objective of these types of attacks is to
impersonate a legitimate user, they can also often be referred to as identity attacks.
Common attacks include, but are not limited to:
• Brute force attack

• Dictionary attack
• Credential stuffing
• Keylogging
• Social engineering
Brute force attack

In a brute force attack, a criminal will attempt to gain access simply by trying different
usernames and password combinations. Typically, attackers have tools that automate this
process by using millions of username and password combinations. Simple passwords, with
single-factor authentication, are vulnerable to brute force attacks.
Dictionary attack
A dictionary attack is a form of brute force attack, where a dictionary of commonly used
words is applied. To prevent dictionary attacks, it’s important to use symbols, numbers, and
multiple word combinations in a password.
Credential stuffing
Credential stuffing is an attack method that takes advantage of the fact that many people
use the same username and password across many sites. Attackers will use stolen
credentials, usually obtained after a data breach on one site, to attempt to access other
areas. Attackers typically use software tools to automate this process. To prevent credential
stuffing, it's important not to reuse passwords, and to change them regularly, particularly
after a security breach.
Keylogging
Keylogging involves malicious software that logs keystrokes. Using the key logger, an
attacker can log (steal) username and password combinations, which can then be used for
credential stuffing attacks. This is a common attack at internet cafes or anywhere you use a
shared computer for access. To prevent keylogging, don't install untrusted software and use
reputable virus-scanning software.
Keylogging isn't limited to just computers. Suppose a bad actor installs a box or device over
the card reader and keypad at an ATM. When you insert your card, it passes first through
the bad actors card reader - capturing the card details, before feeding it into the ATMs card
reader. Now, when you key in your pin using the bad actor's keypad, they get your pin as
well.
Social engineering
Social engineering involves an attempt to get people to reveal information or complete an
action to enable an attack.
Most authentication attacks involve exploitation of computers or an attempt to try many

credential combinations. Social engineering attacks are different in that they exploit the
vulnerabilities of humans. The attacker tries to gain the trust of a legitimate user. They
persuade the user to divulge information or take an action that enables them to cause
damage or steal information.
A number of social engineering techniques can be used for authentication theft, including:
• Phishing occurs when an attacker sends a seemingly legitimate email with the
objective of having a user reveal their authentication credentials. For example, an
email might appear to be from the user’s bank. A link opens to what looks like the
bank’s login page, but is actually a fake site. When a user logs in at the fake site, their
credentials become available to the attacker. There are several variations of phishing,
including spear-phishing, which targets specific organizations, businesses, or
individuals.
• Pretexting is a method where an attacker gains the victim's trust and convinces them
to divulge secure information. This can then be used to steal their identity. For
example, a hacker might call you, pretending to be from the bank, and ask for your
password to verify your identity. Another approach uses social media. You might get
asked to complete a survey or a quiz, where they asked seemingly random and
innocent questions that get you to reveal personal facts, or you'll get something that
looks fun, like making up the name for your fantasy pop-star band by using the name
of your first pet and the place you were born.
• Baiting is a form of attack where the criminal offers a fake reward or prize to
encourage the victim to divulge secure information.
Other authentication-based attack methods

These are just a few examples of authentication-based attacks. There's always the potential
for new attack types, but all of the ones listed here can be prevented by educating people
and using multifactor authentication.
Next unit: Describe authorization security techniques
Continue Ｔ
＂ 100 XP
Describe authorization security techniques

6 minutes
When you authenticate a user, you'll need to decide where they can go, and what they're
allowed to see and touch. This process is called authorization.
Suppose you want to spend the night in a hotel. The first thing you'll do is go to reception
to start the "authentication process". After the receptionist has verified who you are, you're
given a keycard and can go to your room. Think of the keycard as the authorization process.
The keycard will only let you open the doors and elevators you're permitted to access, such
as for your hotel room.
In cybersecurity terms, authorization determines the level of access an authenticated person

has to your data and resources. There are different security techniques that organizations
use to manage authorization.
Conditional access
As the name implies, conditional access involves access with conditions. One way to think
about conditional access is with if/then statements. If something is true, you're granted
access, but if it's false, you're denied.
Let’s see how this would work in an IT scenario. Increasingly, people are working from
home. Because of this, they might be using their personal computer to access work-related
content. With conditional access, an organization might grant access for an authenticated
user to a confidential system, such as payroll, only if it's made through secure corporate
computers located at their headquarters. If the authenticated user tries to access the payroll
system from a personal computer at home, they would be blocked.
Least privileged access

The concept of least privilege is where a user is granted the minimum rights that they
require. This concept applies in any security-related setting.
For example, when you board an airplane, you have access to the main cabin area to get to
your seat, but no passenger is allowed in to the cockpit. Also, if you're traveling with a
coach-class ticket, you will only have access to that section. To improve security, each
person can only access the areas they need to.
The same concept applies in the context of cybersecurity. Take the example where users
have access to a public folder on a network. If they only need to read a file, they should be
given that specific permission.
A user will almost always notify an administrator if they have insufficient rights to perform
their role. However, they will seldom tell an administrator if they have excess rights. So
there's little risk of being over cautious when assigning user rights.
By implementing the least privileged access, you will reduce an attacker's actions if a breach
occurs.
Lateral movement
If an attacker gains access to a system, they might use the compromised account to gather
more information. This could be used to infiltrate other systems or gain elevated access. The
attacker can move through the system, finding more resources until their target is reached.
Because the attacker will attempt to move between different sections, the final attack is
unlikely to come from the initial compromised account.
Think of an office building where a criminal gets past the security of the main reception
area. They can then generally move around the rest of the building, accessing different
floors and offices. It's important to provide added layers of security to protect against
intrusion in sensitive areas.
For example, many office buildings require a security code to access the floors where the
executive team is located. All offices on those floors are kept locked, allowing access only by
employees with a special card. You clearly don’t want a criminal to access your building at
all. But by assuming a breach might occur and adding additional layers of security to
protect against this type of lateral movement, you can limit the damage.
The same concept applies in an IT scenario. You start with secure authentication to reduce
the chance of an attacker accessing your systems. No system is foolproof but you can
provide added layers of security. These measures will help mitigate the chance that an
attacker who breaks into your system can access other more sensitive resources through
lateral movement.
Zero Trust
Zero Trust is a term that's prevalent in cybersecurity. It's a method that mitigates the
increasingly common attacks that we see today.
Zero Trust is a model that enables organizations to provide secure access to their resources
by teaching us to “never trust, always verify”. It's based on three principles that employ
concepts you're already familiar with.
• Verify explicitly - With Zero Trust, every request is fully authenticated and authorized
before any access is granted. Organizations may implement both multifactor
authentication and conditional access to ensure that every request is verified explicitly.
• Use least privileged access - as mentioned earlier in this unit, the concept of least
privilege is to only authorize a user with the minimum rights that they require. This
limits the damage that a user can do and limits lateral flows.
• Assume breach - By assuming that a breach has or will occur, an organization can
better plan for additional layers of security. This minimizes an attacker’s radius for
breaches and prevents lateral movement.
By employing a Zero Trust security model, organizations can better adapt to a modern
distributed workplace that provides secure access to resources.
Next unit: Knowledge check
Continue Ｔ
200 XP
Knowledge check
1 minute
answers".

1. What are the three types of authentication?
Something you know, something you have, and something you


are.
 Something you own, something you know, something you learn.
 Something you find, something you are, something you know.
2. What is credential stuffing?
An attacker attempts to gain access using millions of username


and password combinations.
You use the same username and password at many sites. There's
 a security breach at one site, and attackers use your
compromised usernames and passwords at many other sites.
A dictionary of commonly used words is used for the brute force


attack.
3. What are the three principles of Zero Trust?
 Verify explicitly, assume breach, and use least privileged access.
 Spear-fishing, pretexting, and baiting.
 Credential stuffing, key logging, spear-fishing.
Check your answers

＂ 100 XP
Describe the different types of networks

4 minutes
In today’s modern world, networks exist everywhere. Home networks connect your laptop,
computer, TV, gaming console, smartphones, tablets, and Internet of Things (IoT) devices.
This allows them to communicate with each other and the internet. Whether a business is a
humble organization running out of a garage or a large enterprise, networks provide the
backbone that allows them to function and share data, ideas, and resources.
Networks are used to access all kinds of information, from the pictures you share with
friends, to sensitive information like bank and credit card transactions. The banking
application on your mobile device uses multiple networks to reach your bank. After that,
you navigate the bank's network to get to your details.
What is a network?
A network is a grouping of interconnected physical components that work together to
provide a seamless backbone for all your devices to communicate. The cloud and the
internet might seem intangible but even they have physical roots. While there are dozens of
parts that help define a network, the ones you're more likely to encounter are: routers,
switches, firewalls, access points, and hubs. While most of these are outside the scope of
this unit, two are worth calling out.
• The switch is the fundamental building block of a modern network. It allows multiple
devices to communicate with each other.
• The router allows different networks to communicate with each other.
You may have heard of different types of networks, such as wireless networks and local area
networks. However, fundamentally, they all fall into one of the following two categories:
• A private network is where a level of authentication and authorization is required to

access devices and resources, as you might find in your place of work.
• A public network, like the internet, is open to any user.
Connect to your network

Whatever type of network you're using, there are several different ways that you can
connect to it.
• The Wired or Ethernet connection is still the most common way of connecting to an
office network. It requires a physical network cable to connect your computer or
laptop to a switch in your network.
• A Wireless connection lets your device connect to the network using Wi-Fi. This is
typically used at home or in large public venues.
• A Bluetooth connection is a short-range device-to-device communication method.
Small devices like pedometers, headphones, and smart watches tend to use Bluetooth.
The client-server topology

While networks allow devices or apps to communicate with each other, one of the most
common network implementations is the client-server topology. In this model, the client
can be one or more devices or applications on a device that wants to do something. The
server is responsible for processing each client request and sending back a response.
An example of the client-server model is when you use your smartphone or tablet to access
a digital streaming service. Your device is the client that makes a request to the streaming
server to access the movie or TV show you want to watch. The server responds by streaming
the content to your device. Another example is when you use your browser to access
content from the internet.
Next unit: Describe how data moves around a network
Continue Ｔ
＂ 100 XP
Describe how data moves around a

network
8 minutes
A network exists when you have two or more devices that share data. As you saw in the
previous unit, a network is composed of many different physical parts that work together to
ensure your data gets to where it's needed. This transmission of data across a network is
enabled by a suite of communication protocols, often referred to as TCP/IP. It's named after
the two main protocols: Transmission Control Protocol (TCP), which handles the connection
between two devices, and Internet Protocol (IP), which is responsible for routing
information across the network.
Every network on the planet shares and moves data every second of the day. This data
comes in every shape and size, from a simple message to images, and even the movies that
are streamed to your home.
The datagram or packet

Networks exist to help make device-to-device or system-to-system communication easier.
Whatever the size of data, it all needs to be broken down into tiny, uniform chunks. These
chunks are called datagrams but are also more commonly known as packets.
Imagine that you want to stream a movie to your device. Given the enormous size of the
data involved, the streaming server can't give you the whole movie in one go. Instead, the
movie is broken up into billions of packets. Each packet contains a small part of the movie,
which is then sent to your device. Your device has to wait until enough packets have been
received before you can start watching the movie. In the background, the server continues
to send a steady stream of packets to your device just ahead of what's being displayed. If
your network speed slows down, then the packets may not reach you in time. The picture
you see might become distorted or blocky and there may be gaps in the sound.
IP addresses
When you want to send a letter to a friend, you'll first write it out before putting it in an
envelope. Next you'll write your friend's address on the envelope before posting it. The
postal service collects the letter, and through various sorting offices, eventually delivers it.
Networks operate in a similar manner. The message is contained in the packet, like an
envelope. Then the sender and recipient addresses are added to the packet.
The primary function of the Internet Protocol (IP) is to ensure that every device on a
network can be uniquely identified. Before a packet is sent across the network, it must be
told the IP address of where it's going, and the IP address of where it's come from.
There are presently two standards of IP address: the IPv4 and the IPv6. The details are
beyond the scope of this module, but the most common type of IP address, and the one
you may be familiar with, is IPv4. This is made up of four groups of digits separated by a
dot, for example: 127.100.0.1.
DNS
Just like every device on a network needs a unique IP address, every public facing website
has its own IP address. You could use the IP address to visit your favorite online retail store,
bank, or streaming video service. But with so many websites available, that would be
difficult to remember. Instead, you type the name of the service you're looking for into your
browser and it takes you to the website you want. This is all thanks to the domain name
service or DNS.
The DNS holds a table that has the name of the website, for instance microsoft.com ,
which maps to its corresponding IP address. Your browser uses this to find the actual
website in much the same way as you might use a phone book to find a telephone number.
Each time your device connects to the internet, it uses a local DNS server to find the name
of the website you're looking for. If the DNS can’t find the site, it checks other DNS servers.
If the site can't be found, or the request times out, you'll get an message you've probably
encountered before: the 404 page not found error.
Routing
When the IP addresses have been added to the packet, it's ready to be transmitted across
the network. If the IP address exists on your network, the packet is sent directly to the
device. However, if the IP address is outside of your network, it will need to go via a router.
A router is a physical device that connects one network to another.
Using our letter scenario, if your friend was only a few streets away, you might decide to
deliver the message by hand. Your friend is within your local network.
However, if your friend is in a different city or country/region, you'll need to post the letter
and let the mail service deliver it. In this instance, the postal service is the router. It takes the
message from your network, then finds the best route to get it to your friend's network for
delivery.
Video animation
In this short two-minute video, you'll see how everyday activities form networks, from
speaking with your friends on the phone, to sharing emails. Then we'll look at the way
messages are broken down into packets that can be sent across the network. Finally, you'll
see how each packet of a message is routed across the internet to get to its recipient.

＂ 100 XP
Describe threats to network security

6 minutes
Networks are the backbone of the modern world, enabling us to communicate, shop, play,
and work from anywhere. They allow access to a vast amount of information not only about
ourselves, but also for businesses. That makes networks the prime target for cybercriminals
who see information as the new currency. Weak network security risks exposing sensitive
critical data and, damaging the confidentiality, availability, and integrity of the data being
stored.
Understanding threats is a key part of building a strong security network.
Common network attacks

The ways in which networks can be attacked are too numerous to cover here. Let's consider
the more common ones:
• Man-in-the-middle or eavesdropping attack – this type of attack can occur when

cybercriminals compromise or emulate routes in the network, allowing them to
intercept the packets of information. Think of this as a form of wiretapping. This allows
attackers to not just steal data but also compromise its integrity.
• Distributed denial of service (DDoS) attack – the objective of a DDoS attack is to
compromise the availability of the targeted network or service. Attackers do this by
bombarding the targeted network or service with millions of simultaneous requests,
from sources that are distributed across the network, overwhelming it and causing it
to crash.
Video animation
In this short video, you'll see a simulation of how each of these attacks work. For the man-
in-the-middle attack, to keep it simple, we've chosen to only use one route. With the DDoS
attack, hundreds of thousands, or even tens of millions, of computers are used. Again for
simplicity, we'll only show a handful.

Common DNS attack

A DNS attack looks to exploit weaknesses in the DNS server because they're designed for
efficiency and usability, and not with security in mind. A common DNS attack is DNS
poisoning. This is where the attacker changes the IP addresses in the DNS lookup tables to
divert traffic from a legitimate site to a bad site that might contain malicious links or other
malware.
Common wireless attacks

Wireless networks allow our devices to seamlessly connect to networks everywhere. In your
home, the wireless network allows your smartphone, and always-on IoT devices to connect
to the internet. The broad availability of these networks makes them the perfect target for
cybercriminals. There are many different ways to attack a wireless network:
• Wardriving – the term Wardriving was popularized by a couple of 1980s movies. The
attacker, typically operating from a vehicle, searches for unsecured wireless networks
that have vulnerabilities. Most wardriving attacks seek to use your network for criminal
activities, like hacking other computers and stealing personal information.
• Spoofing Wi-Fi hotspots – This is similar to a man-in-the-middle attack. The attacker
uses their laptop, or a device connected to it, to offer a network access point that
mimics a genuine access point. For example, if you're in a coffee shop looking to
access the internet using their guest Wi-Fi, you might see a couple of access points
that show the name of the business. One of those could be from a bad actor. If you
connect to the bogus access point, anything you do over the network can be
intercepted. It also allows the cybercriminal to direct you to bad websites or capture
your private data.
Bluetooth attack
There has been a growth in Bluetooth devices, from smart watches and audio devices to
device-to-device communication. Attacks on Bluetooth networks are less common than for
wireless, mostly because the criminal needs to be within range of your device – but it's still a
valid attack vector. A Bluejacking attack is where a criminal sends unsolicited messages to
any Bluetooth-enabled device that's within range of their own. Bluejacking is similar to
when someone rings your doorbell and then runs away before you can answer. It's mostly
an annoyance.
Next unit: Protect your network
Continue Ｔ
＂ 100 XP
Protect your network

5 minutes
Network protection is an essential part of a robust security policy. As you saw in the
previous unit, there are numerous ways in which a network can be attacked. There's no
single solution that will protect your network; however, the majority of these attacks can be
mitigated by using a combination of hardware and software solutions.
How a firewall protects your network

A firewall is typically the first line of defense in your network. It's a device that sits between
the internet and your network, and filters all traffic going in and out. A firewall can be
software or hardware based, but for the best protection, it's good to have both types. A
firewall monitors incoming and outgoing traffic. Using security rules, it will keep out
unfriendly traffic, while allowing authorized traffic to pass freely.
Maintaining a healthy network using antivirus

Viruses come in all shapes and sizes and none of them are good for the devices and servers
that use your network. Cybercriminals use viruses for many purposes, from obtaining user
credentials so they can access your network, to more harmful types that encrypt all the data
on a device or server unless you pay vast sums of money. Much like your body will fight off
a virus when it gets infected, computers can also be protected with antivirus software. When
antivirus software is installed it will run in the background, scanning all data that arrives on
the device. A detected virus will automatically be deleted to prevent the user from
accidentally running it.
You can now get antivirus protection for most devices, including servers, computers, tablets,
smartphones, and any other internet-connected devices.
Improve authentication using network access control

While a firewall keeps unwanted devices from accessing your network, you still need to
control the ones that you do want to use it. Network access control (NAC) is a security
solution that manages device and user access through strict policy enforcement. Device
policies control what can be done on the network and limit what the user does on a device.
Through NAC, you can improve security by requiring everyone to use multifactor
authentication to sign in to the network. NAC allows you to define the devices and users
that can access network assets, reducing threats and stopping unsanctioned access.
Split your network into parts

Every room in your home has a different purpose, such as the kitchen, lounge, dining room,
study, bedrooms, and bathrooms. You can control access to each of these rooms by
attaching digital locks to all the doors. As a guest arrives, you can grant them a key that
permits them to use specific rooms in your home. You can do the same kind of thing with
your network using the concept of network segmentation.
Network segmentation creates boundaries around critical operations or assets, in much the
same way as you'd put your finance team in their own office. It improves the integrity of
your network assets by ensuring that, even if your network is breached, the attacker can't
reach the segmented areas.
Secure connections using a virtual private network

A virtual private network (VPN) serves as a dedicated and secure connection, between a
device and a server, across the internet. A VPN connection encrypts all your internet traffic
and then disguises it so it's impossible to know the identity of the original device. This type
of secure connection makes it difficult for cybercriminals to track activities and obtain your
data. If you've ever connected to your work network from a public Wi-Fi hotspot, such as at
an airport, you most likely used a VPN. The VPN establishes a secure connection over an
insecure public network. VPN providers have become very common not just for remote
work scenarios but also for personal use.
Encrypt your wireless network

Whether you're setting up a wireless access point in your home or place of work, enabling
encryption is critical to protecting against attacks. Wi-Fi Protected Access 2 (WPA2) is the
most commonly used Wi-Fi encryption method. It uses the Advanced Encryption Standard
(AES) to secure the connection.
Continue Ｔ
200 XP
Knowledge check
2 minutes
Choose the best response for each of the questions below. Then select Check your answers.

1. In a network, what is the fundamental building block that allows multiple devices to communicate with each other?
 The switch
 The router
 The access point
2. What is a datagram used for?
 A datagram is used to announce a message is ready to send across the network.
 A datagram is a chunk of data of uniform length that can be sent across the network.
 A datagram is used to send music data across a network.
3. What is the name of a common network attack where the cybercriminal compromises a router in the network to
eavesdrop on, or alter, data?
 Man-in-the-middle.
 Bluejacking.
 Wardriving.
4. When considering security, what is the common name given to separating your network into discrete entities?
 Network access control.
 Virtual private network.
 Network segmentation.
Check your answers

＂ 100 XP
Describe what your device knows about you

4 minutes
Devices are an important part of everyday life and we depend on them for so many things. To do their job efficiently,
devices need to capture, store, and share all kinds of sensitive information about us. We might not realize the extent
to which we use some devices; they’ve become almost invisible to us. To protect the sensitive information to which
our devices have access, we should be aware of how we’re using them, either consciously or subconsciously.
What are devices?

When you hear about a "device", what's the first thing that comes to mind? You'll probably think about the ones
you're familiar with, such as your phone, laptop, or tablet. Devices encompass a lot more than this. For example:
• USB drives.
• Any device connected to your home network, including always-on home assistance devices, printers, TVs,
appliances, door cameras, printers, and more.
• Car dashboards, including the navigation system and voice control.
• Wi-Fi hotspots.
From our homes to our offices and everywhere in between, we come into contact with devices.
Let’s look at Kayla. At home, she's surrounded by devices like her phone, always-on home assistant, tablet, smart
watch, wireless router, and more.
Kayla uses her car to get to work. The vehicle has built-in devices that she can use while driving, like the navigation
system and the wireless access point that allows her car to serve as a mobile hotspot.
At work, Kayla's mobile phone and computer connect wirelessly to her organization's network to access corporate
resources, including a printer. She also uses a USB drive to store certain files and presentations.
In the context of cybersecurity, anything you can touch or interact with, and that can also connect to something else,
is considered to be a device. You might be using a device consciously, like when you're on your phone, or when you
insert a USB drive into your laptop. Or you might not realize you're using a device, either because a connection
happens automatically, like when your phone connects to a Wi-Fi hotspot, or because you set it up once and then
forgot about it—such as the router in your home network.
The takeaway here is that we should expand what comes to mind when we think about devices. It's important to do
this because, in the context of cybersecurity, these can all be considered as threat vectors—targets for cybercriminals
who want to cause harm.
Devices and data
Why are devices an integral part of our lives? It's largely because they collect and store information, and keep us
connected to other devices and services.
Think about the convenience of receiving real-time traffic information on your cell phone or the annoyance when
adverts are delivered to your device, based on your internet search history. This type of targeted content is sent
because our devices, through their applications, collect enormous amounts of information about us. This includes
location details, websites visited, how long we stay on a site, and much more.
Connected devices also enable us to easily access and share information. For example, you've probably used your
cell phone to share family photos with your friends, access a work document, or pay for something at a store.
Whether you use the device for work or personal business—or both—the accessible information is often sensitive
and private. Cybercriminals know this and try to compromise devices as a means to access data.
Next unit: Describe how devices and become cybersecurity threats
Continue Ｔ
＂ 100 XP
Describe how devices and become cybersecurity

threats
5 minutes
You’ve learned that devices are all around us, and that they hold all kinds of personal information. Also, you've seen
that cybercriminals will target devices to get their hands on this information. But how do they do this?
Devices as threat vectors

While devices help us to get our work done, and go about our daily lives, they also present opportunities to
cybercriminals who want to cause harm. This is because they're threat vectors—they provide different ways in which
cybercriminals can carry out attacks. For example:
• Phone, laptop, or tablet – downloading a malicious app might result in the device being contaminated with
malware that can exfiltrate sensitive data stored locally, without the user’s knowledge. This compromises
confidentiality and integrity because the cybercriminal can now view or modify the data.
• USB drives – cybercriminals can put malicious software or files on a USB drive and insert it into a device like a
laptop. The drive could, for example, run ransomware, meaning the availability of the data has been
compromised because it's locked in return for a ransom.
• Always-on home assistant devices – these devices are always listening or watching. A cybercriminal can put
malicious software on the app stores for these devices. If a user then installs it, the cybercriminal could, for
example, attack the device with spyware to secretly record information, and compromise data confidentiality.
They could also move laterally to other home devices, and compromise their data.
Video animation
Let’s look at the following video to see how devices around us can become threat vectors:
Device vulnerabilities
A device can become compromised because of poor health, either because it doesn't have the latest security
updates, or it has weak authentication. If you connect this type of device to a Wi-Fi hotspot—in an airport, for
example, it's an easy target for attackers. They know the common vulnerabilities of devices and applications, and
how to gain unauthorized access.
After an attacker gains access, they can run scripts to install malware. In most cases, malware like back doors or
botnets can persist on the device even after it's updated. This causes further damage when a user connects the
infected device to a work or home network.
Some users want to gain more control of their devices for customization or other purposes, and might resort to
jailbreaking. This is where a user finds unofficial ways to get full access to the core systems of a device. The device
becomes vulnerable because this action might circumvent security measures. This gives cybercriminals the
opportunity to provide false guidance or software that compromises the device.
Any connected device has the potential to be a threat vector if it’s not properly secured. Having learned this, we can
now think about the different ways in which we protect our devices.
Next unit: Describe how to mitigate against device related threats
Continue Ｔ
＂ 100 XP
Describe how to mitigate against device related

threats
3 minutes
We've learned that devices can be threat vectors for cybercriminals who want to gain access to, or control of, data to
cause harm. But what can we do protect ourselves?
Mitigation measures
There are different ways to protect devices and data. Let’s look at a few of the common ones:
Device hardening
Device hardening is how you minimize the possibility of having device vulnerabilities that can be exploited. You can
use the following methods:
• Make sure devices have the latest security updates.

• Turn off any unused devices.
• Enable security features supported through the device operating system.
• Require PIN or biometrics, such as facial recognition, to access devices.
Many modern operating systems have capabilities that support device hardening. For example, users can enable
automatic operating system updates to help protect against known vulnerabilities and ensure continued availability
of the device. Updates also support security features such as virus and threat protection, and firewall functionality.
These features are easily enabled and can help keep your connected device secure to maintain the confidentiality
and integrity of accessible data.
Encryption
Encryption is a process that turns information on the device into unintelligible data. The only way to make this
information useful is to reverse the encryption. This requires a specific password or key that's only available to the
authorized user. When the information is encrypted, it becomes useless without the correct key or password. This
way, data confidentiality is maintained. The contents of a device can be encrypted in many different ways. For
example, some operating systems come with built-in tools that enable you to encrypt your computer’s hard drive or
any storage device you connect to it.
Limit application device access

So far, we've looked at the different ways in which applications and devices might be compromised, and the steps
you can take to mitigate threats. However, one of the more overlooked attack vectors is when someone directly uses
your apps on the physical device.
Suppose you've left your smartphone on the desk and hurried off for an urgent meeting. A bad actor could use your
phone to access any of your apps. They could send messages, access bank accounts, and make purchases—all by
using apps from your device. If they're smart, they'd leave the device where they found it, so you would never know.
This threat also applies to your work computer. Suppose you're busy working on important and sensitive data, and
step away from your computer to get a coffee. A criminal could now use the unsecured computer to look up secret
or sensitive data, or download it to a USB drive.
In these two cases, everything the bad actor does will be logged and tracked in your name. There's little chance that
the bad actor's actions will be traced back to them, and you'll have to deal with the fallout and clean-up.
The best way to limit access to your applications is to ensure that they're closed or secured when you aren't using
them. You do this by locking a device when you step away from it. If the device is small enough, keep it with you.
Continue Ｔ
200 XP
Knowledge check
2 minutes

1. In the context of cybersecurity, what can be considered a device?
 Only devices you use personally like phones, and computers.
 Anything you can touch, as long as it doesn't connect to something else.
 Anything you can touch but also connect to something else.
2. What is device hardening?
 Connecting multiple devices in a network so they can communicate.
 Minimizing device vulnerabilities.
 When a device is at its end of support and no longer receives updates.
3. What is jailbreaking?
 When a user runs only a single application on a device at a time.
 When a user finds a way to run multiple applications on multiple devices at the same time.
 When a user finds unofficial methods to get full access to the core systems of the device.
Check your answers

＂ 100 XP
Describe what are applications

4 minutes
Nowadays, many of us talk about applications even in our most casual conversations. But
do we really know what an application is? To better understand how applications can
become attack vectors for cybercriminals, we'll first need to identify what they know about
us.
What is software?
Software is a collection or set of commands in the form of code that instructs a computer or
device to do some form of work. Software runs on top of the hardware (physical
components) of a device. Broadly speaking, software comes in two types:
• System software
• Application software
System software
System software is the first thing that runs when you turn on your device, and manages the
different components that make it work. It also creates a framework that enables
applications to run properly and to mitigate problems when they stop working.
System software can be characterized by the following:
• It controls or facilitates the hardware and processes of a system such as the keyboard,
mouse, network, and video.
• It can run independently.
• It typically runs in the background.
For example, your computer's operating system and utilities, like the antivirus and firewall,
are all system software.
System software is a large and complex area, and is well outside the scope of this unit. But
it's worth noting that system software can also be the target of cybercriminal attacks.
Application software
Application software, also known as applications, are designed with a specific purpose.
These include word processing, spreadsheets, email, and instant messaging, to name a few.
These applications are designed to work on specific instances of system software, and the
majority are available for the most popular systems.
Application software can be characterized by the following:
• Doing specialized work, such as word processing, video editing, and messaging.
• Designed for the user to interact with directly.
• Typically, it doesn't run independently and needs system software.
• It needs to be installed by a user.
Word processors, email apps, internet browsers, and image editors, are all examples of
application software. More than ever, we’re using application software to do all sorts of
things, so they now come in all shapes and sizes. Applications can run on all types of
devices, such as desktops, mobiles, and appliances. For example, games are applications
that can run on desktops, mobile devices, and even smart televisions.
Applications are also becoming proactive and intelligent. For instance, the map application
on your mobile phone could be tracking your location to provide real-time traffic
information, even if you’re not interacting with it. Apps on your devices are collecting
important data about you, like your location, how long you stay at a given place, your
browser search history, and more.
Typically, the information collected is shared with other apps. For example, your browser
search history is often shared with social media sites, so they can provide targeted
advertisements based on that information.
Because applications are so intertwined with our daily lives, and run on all sorts of devices,
they've become the key to information about us. Cybercriminals are aware of this, and will
attempt to compromise applications to get their hands on our information.
Next unit: Describe the threat landscape of applications
Continue Ｔ
＂ 100 XP
Describe the threat landscape of

applications
5 minutes
Applications are widely available and used for just about anything, from home and personal
use, to work and school. They're a fundamental part of our daily life. They empower us by
making difficult things easier. At the same time, applications actively collect and hold vast
amounts of data about what we do, who our friends are, where we've been, what we spend
our money on, what our hobbies are, and much more. Cybercriminals are fully aware of how
much data is held and accessed by these applications and will look for any weaknesses they
can exploit.
Protecting our data, whether you're an individual or a big corporation, is essential.

Understanding how applications can be compromised, and where these threats come from,
will improve your application security and the confidentiality of any stored or accessed data.
Applications from untrustworthy origins

The ability to download applications to your device, be that a computer, smartphone, or
tablet, has become easier. The majority of us use the larger well-established application
stores. Some of these will verify the authenticity of the applications before they list them,
and prohibit certain types being sold through their platform.
There are, however, other places where you can download applications. There's little or no
restriction on the apps available and minimal verification on their authenticity. Not every
app on these stores is bad. However, a cybercriminal can create and package source code,
and give it the name of a legitimate application that users might be familiar with. They then
upload it to a hosting site alongside legitimate applications.
If you install or run applications from untrustworthy sources, you could become the victim
of a cyberattack.
Applications with inherent vulnerabilities

While application developers strive to ensure their apps are secure, it's impossible to
guarantee 100 percent protection. Cybercriminals will look for any vulnerability they can
exploit. There are many different types of application vulnerabilities—open source and zero
day are two of the more common ones.
Open-source vulnerabilities
Software developers will often create libraries of common functions to solve a specific
problem. Everyone can access open-source libraries, and the source code is usually freely
available. When an application developer wants to solve a specific problem, they'll check to
see if there's an open-source solution first.
One of the benefits of open source is that issues and vulnerabilities are publicly identified
and fixed. However, these libraries are also available to cybercriminals who will look for
ways to take advantage. Developers need to stay current on the latest version of any open-
source libraries they've used as components in their applications, to avoid cyberattacks.
Zero-day vulnerabilities
Cybercriminals conduct detailed reconnaissance of applications, searching the code for
flaws they might exploit. Any flaw that's previously unknown to the application owner and
left unpatched is considered a zero-day vulnerability. When a cybercriminal finds a zero-day
vulnerability, they won’t publicize it. Instead, they’ll take full advantage. For example, a
cybercriminal might have noticed that a banking app has a zero-day vulnerability, and used
this to quietly steal information and money from application users. The zero-day name
stems from the number of days a developer has from when a vulnerability is identified to
when a fix is available—that's zero days.
Browser-based threats
Browsers may be our gateway to the internet, but they're also applications. That's why most
threats that you’ll come across manifest themselves through browser activity. Here's two of
the more common browser-based threats:
Cookie-based attacks
You may have heard about cookies, but do you really know what they are? A cookie is a
simple plaintext file that contains small bits of data—your user credentials, last search you
made, last purchased item, and so on. The purpose of cookies is to enhance your browser
experience and make surfing easier, by simplifying the need to continuously log in to the
site.
One common type of cookie attack is a session replay. If the cybercriminal can intercept or
eavesdrop on your communications, they're able to steal the cookie data, and your login
data, then use it to access the website posing as you.
Typosquatting
Typosquatting is a type of browser-based attack where a cybercriminal obtains deliberately
misspelled domain names. These are based on popular websites, where they can put their
own malicious code, disguised as a legitimate website for the domain. Users might then
mistake the malicious website for the legitimate one they wanted to visit. If a user enters
any personal information or follows instructions on the website, they’ve become victims of a
cyberattack.
Next unit: Describe how to protect your applications
Continue Ｔ
＂ 100 XP
Describe how to protect your applications

6 minutes
In the modern world we're always connected, and applications have become central to how
we engage with it. Whether you're talking to friends or colleagues, shopping or banking
—applications make all this possible. All reputable application and software developers aim
to build robust and hardened products that deliver the functionality we need, and the
security to keep cybercriminals at bay. A hardened application is one where the developer
has tested it against all the latest cyberattacks before making it available to download.
Software developers will offer patches and upgrades to ensure that your user experience is
the best and safest it can be.
But cybercriminals are unrelenting in their desire to obtain your data, and will look to
exploit any weakness or vulnerability. There are a few things that you can do, either as an
individual or an enterprise organization, to protect the apps that you use.
Patching promptly
Operating systems and most mainstream applications—for example, word processors and
music apps—will issue updates or patches. Some of these offer improvements in
functionality, but the majority will be to patch a known security weakness or vulnerability in
the software, or to improve the application's security. Cybercriminals and hackers will focus
on these applications looking for exploitable vulnerabilities. When one is identified, they'll
move quickly to write malicious code. If successful, this malware can take control of the
application or intercept data being accessed by it, until the next patch is released, and the
cycle starts over again.
As part of a robust security process or policy, you should ensure all applications used on
your device have the latest patches or updates.
Application configuration
Most applications are developed with a balance of security and usability in mind. All
applications come with a default configuration designed for optimal usage and to allow as
much access as possible. Some might have a default user account—admin, for example—
with a standard default password.
Cybercriminals are quick to identify these vulnerabilities, and exploit them by using default
settings to access your applications. It's vitally important that you check your application
configuration settings and, where possible, change the passwords on default accounts and
settings. This small step can often thwart an attacker and improve the confidentiality of your
data, and the integrity of your application.
Privacy settings
Every activity that you carry out, from an instant message application or just using your
browser, is tracked and recorded. A small part of this is so developers can improve the
application. However, the majority of data collected is used by advertisers to offer targeted
content based on the things you're looking at, or doing.
All applications give you a degree of control over what data is collected by providing
privacy settings—these vary with each application. For example, a map application may
have privacy settings that prevent it from recording the routes you've used. A shopping
application can be told not to remember the items that you were browsing.
It's good practice to locate the privacy settings and tailor them to what you want.
Cookies
Browsers use cookies to hold details about what you were doing on a specific website—
from the last thing you searched for, to passwords or other personal data. Some measures
have been introduced to try to limit the amount of data that's retained in cookies and on
the website. A cybercriminal could exploit your browser and access these cookies to gain
information and data.
Every browser offers the ability to clean up unused cookies or to remove all of them from
your browser. It's good practice to periodically do a clean-up of cookies. However, there's
another way to manage your cookies by using the private browsing window in your
browser. You may have seen them as incognito or privacy windows. This offers a higher level
of security, to let you browse with more confidence. When you close the browser window,
all cookies and any history are automatically deleted.
Using verified applications

Just a few years ago, the only way to get an application was to buy it from a shop, take the
box home and use the CD-ROM to install it on your computer. For all its antiquated aspects,
this was by far the safest way to obtain and then use software. The internet has made the
world a smaller place, and you can now obtain applications from the comfort of your
chosen device without leaving home. There's a huge choice of online shops offering the
best opportunity for you to find the app you're looking for. But for every genuine shop
selling an app, there's likely to be another offering a cheaper version, which might contain
some unwanted additions.
A cybercriminal might copy the latest or bestselling app and hack it to include malware.
Then they can make it available through a store, selling it cheaper than anywhere else. We
all like a bargain, especially if it means getting the latest app at a fraction of the price. The
compromised app might well behave exactly as the genuine one, but underneath the hood
the cybercriminal can search your device for personal or sensitive data. This can then be
extracted and used for their own purposes.
As a matter of good practice, you should always download your apps from verified and
trusted stores.
Continue Ｔ
200 XP
Knowledge check
3 minutes

1. Which of the following is an example of application software?
 An operating system.
 A device driver.
 Word processing software.
2. Which statement defines a zero-day vulnerability?
Any flaw that is known and for which the application owner has

already created a patch.
Any flaw that is previously unknown to the application owner and


unpatched.
Any flaw that is known to the application developer but for which

the developer hasn't yet developed a patch.
3. What is a simple way for users to mitigate threats to their applications?
 Disable automatic updates.
 Avoid applications that employ open-source libraries.
 Enable automatic updates of your applications.
Check your answers

sc900 Prereq

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

sc900 Prereq

Uploaded by

Copyright:

Available Formats

Describe what is cybersecurity - Learn

• Lock data and processes, and demand a ransom.

• A single person or a group of people.

Next unit: Describe the threat landscape

Describe the threat landscape

What is the threat landscape?

What are attack vectors?

What are security breaches?

Security breaches come in different forms, including the following:

Social engineering attacks

In social engineering, impersonation attacks happen when an unauthorized user (the

What are data breaches?

Next unit: Describe malware

Malware has two main components:

What is a propagation mechanism?

Next unit: Describe basic mitigation strategies

Need help? See our troubleshooting guide or provide specific feedback by

What is a mitigation strategy?

Multifactor authentication works by requiring a user to provide multiple forms

• Prevent the installation of unauthorized browser extensions or add-ons.

• Identify suspicious elements in a message.

Threat intelligence enables an organization to collect systems information,

Organizations can use technological solutions to implement threat intelligence

Check your knowledge

 Conformity, identity, and authorization.

 Confidentiality, integrity, and availability.

 Confidentiality, identity, authorization.

Check your answers

Next unit: Describe encryption and its use in

Describe encryption and its use in

Consider a group or organization where each individual needs the capability to

Asymmetric or public-key encryption

How does asymmetric encryption work

Different types of encryptions

Messaging applications – some commonly known and available messaging applications

Mobile communications - whether you're using a smartphone or other mobile

Next unit: Describe hashing and its application in digital

Describe hashing and its application in

What is a digital signature?

How does a digital signature work?

Cryptography has many applications in today's modern world. So far, you've

Essentially, a digital certificate is a key pair that's been issued by a certificate

Why do we need digital certificates?

Need help? See our troubleshooting guide or provide specific feedback by

Check your knowledge

2. When using asymmetric encryption, which key shouldn't be shared?

3. What is a hashing function?

A hashing function is an algorithm that creates a new ciphertext

A hashing function is an algorithm that's used to decrypt

A hashing function is an algorithm that creates a fixed-length

Check your answers

• Something you know includes:

Biometric identification is comprised of physical characteristics that uniquely identify an

As mentioned earlier, biometric authentication is most often used in conjunction with

Multifactor authentication is an important way users and organizations can improve

Next unit: Describe authentication-based attacks

Describe authentication-based attacks

• Brute force attack

Brute force attack

Most authentication attacks involve exploitation of computers or an attempt to try many

Other authentication-based attack methods

Next unit: Describe authorization security techniques

Describe authorization security techniques