Cyber Security Assessment

This is a high level assessment to help gauge the visitor's knowledge regarding certain specific cyber security-related topics, tools, scenarios, and overall instruction-following capability.



Enter Your First and Last Name:




Caesar Cipher

With the following partial encryption (aka “shift key”)…

Plaintext A Q U Y O R C E
Ciphertext D T X B R U F H


Plaintext A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Ciphertext


What does the following encoded message translate to?

Plaintext
Ciphertext D W W D F N D W G D Z Q



Password Strength

Using the following online tool passwordmeter, please answer the following questions (you can copy/paste the italicized passwords into the tool):

According to the web tool, is this password considered strong? If so, what complexity does it get?

Winter

Yes/No Complexity


According to the web tool, is this password considered strong? If so, what complexity does it get?

Qa pla!Vor tir 1nine

Yes/No Complexity



Steganography

Using the following online tool, Manytools Steganography, please answer the following questions:

Do any of these images contain data exfiltration? If so, check which one does.



If so, what are its contents?



What are the threats/risks associated with data exfiltration?




Spoofing

Given the below simulated email, is it legitimate or spoofed?



Legitimate
Not Legitimate


How do you know? Why did you choose the answer above?




Root Cause Analysis

 I Investigation

A User Behaviour Analytics (UBA) alert kicked-off (email) indicating an employee’s credentials were successfully accessed from outside The United States. Your company doesn’t have employees who work internationally. Your company doesn't permit work-issued equipment to be taken overseas. All mobile endpoints are encrypted and tracked.

Using the below map, event log, and web tool, determine the possible root cause(s) of this alert.



The event log shows the following:


Feb 25, 2020
New Asset Logon Event
4:24:13 AM GMT
User Mark Wooferd logged into dal6yt.company.com for the first time with a NETWORK logon.
First Ingress by mark.wooferd
4:22:58 AM GMT
Account mark.wooferd successfully authenticated to Office365 for the first time by IP 14.139.54.208


You can use the following tool to help learn more information: SpeedGuide

What conclusion can you come to (more than one answer may apply)?

1 Mark Wooferd is traveling out of country ..using his personal laptop ..using a company-owned asset
2 .A malicious actor has obtained Mark's credentials ..is accessing Mark's O365 account from a foreign country ..is accessing Mark's O365 account from a VPN spoof of New York, NY
3 This alert can be ignored ..so this is a false positive ..so this is a false negative
4 Mark is logging-onto O365 webmail ..from New York, NY ..from company network


Why did you choose the selections above? What more did you conclude? Are there other possibilities not listed above?



  II Process of Elimination

A machine and/or user account may have been compromised and you need to confirm what is a possible root cause of the compromise. Based on the below events, which is the most likely root cause (choose one)?

Item No. Why? What caused all of this?






Malware Analysis

You receive an alert from the endpoint protection tool.

What severity rating would you give this below alert (HIGH, MEDIUM, LOW, N/A)? Is it legitimate or a false positive? Note: you may need to inspect the analysis results further below before deciding.



Malware analysis tools show what the email attachment would look like if actually opened (sandbox):



Malware analysis tools also show the following indicators:



What severity would you give this?

Severity
False Positive?


Why did you come to your conclusion above? Did you use any other web tools to investigate this? What did you use?






 III Vulnerabilities

Given the below information, which machine(s) should be given HIGH priority regarding patch management/remediation (e.g. opening a ticket for patching to be applied within a HIGH SLA)?

5...Urgent   4...Critical   3...Serious   2...Medium   1...Minimal



Check the box next to the machine(s) in the table below that have the highest severity and need to be remediated.:

Priority Machine Name Vuln CVE ID State/Status
DAL1924 CVE-2015-0008Online/Active
DAL4041 CVE-2015-0008Online/Active
DAL1330 CVE-2015-0008Online/Active
DAL1005 CVE-2012-002Online/Active
DAL0014CVE-2015-0008Online/Active
DAL2828CVE-2015-0008Online/Active
DAL4140 CVE-2015-0008Online/Active
DAL2001 CVE-2015-0008Online/Active
DAL4011CVE-2015-0008Online/Active
DAL0045CVE-2015-0008Online/Active
DAL_C400CVE-2015-0008Online/Active
DAL_LT011CVE-2015-0008Online/Active
DAL_LT_020CVE-2012-002Offline/E-cycled
DAL_H200CVE-2015-0008Online/Active


Why did you select the machine(s)? What tool(s) did you use to determine the CVE ID/Priority/Vulnerability?





Submission of Results

Please click the PRINT button below and printer select Save as PDF then send the PDF via email to us.

Print (PDF)