Cyber Security Assessment
This is a high level assessment to help gauge the visitor's knowledge regarding certain specific cyber security-related topics, tools, scenarios, and overall instruction-following capability.
WARNING! DO NOT REFRESH! CONTENTS ARE NOT SAVED!
Enter Your First and Last Name:
Caesar Cipher
With the following partial encryption (aka “shift key”)…
Plaintext
|
A
|
Q
|
U
|
Y
|
O
|
R
|
C
|
E
|
Ciphertext
|
D
|
T
|
X
|
B
|
R
|
U
|
F
|
H
|
What does the following encoded message translate to?
Password Strength
Using the following online tool
passwordmeter, please answer the following questions (you can copy/paste the italicized passwords into the tool):
According to the web tool, is this password considered strong? If so, what complexity does it get?
Winter
According to the web tool, is this password considered strong? If so, what complexity does it get?
Qa pla!Vor tir 1nine
Steganography
Using the following online tool,
Manytools Steganography, please answer the following questions:
Do any of these images contain data exfiltration? If so, check which one does.
If so, what are its contents?
What are the threats/risks associated with data exfiltration?
Spoofing
Given the below simulated email, is it legitimate or spoofed?
How do you know? Why did you choose the answer above?
Root Cause Analysis
I Investigation
A User Behaviour Analytics (UBA) alert kicked-off (email) indicating an employee’s credentials were successfully accessed from outside The United States. Your company doesn’t have employees who work internationally. Your company doesn't permit work-issued equipment to be taken overseas. All mobile endpoints are encrypted and tracked.
Using the below map, event log, and web tool, determine the possible root cause(s) of this alert.
The event log shows the following:
Feb 25, 2020
New Asset Logon Event
4:24:13 AM GMT
User Mark Wooferd logged into dal6yt.company.com for the first time with a NETWORK logon.
First Ingress by mark.wooferd
4:22:58 AM GMT
Account mark.wooferd successfully authenticated to Office365 for the first time by IP 14.139.54.208
You can use the following tool to help learn more information:
SpeedGuide
What conclusion can you come to (more than one answer may apply)?
Why did you choose the selections above? What more did you conclude? Are there other possibilities not listed above?
II Process of Elimination
A machine and/or user account may have been compromised and you need to confirm what is a possible root cause of the compromise. Based on the below events, which is the most likely root cause (choose one)?
Malware Analysis
You receive an alert from the endpoint protection tool.
What severity rating would you give this below alert (HIGH, MEDIUM, LOW, N/A)? Is it legitimate or a false positive?
Note: you may need to inspect the analysis results further below before deciding.
Malware analysis tools show what the email attachment would look like if actually opened (sandbox):
Malware analysis tools also show the following indicators:
What severity would you give this?
Why did you come to your conclusion above? Did you use any other web tools to investigate this? What did you use?
III Vulnerabilities
i. Given the below information, which machine(s) should be given HIGH priority regarding patch management/remediation (e.g. opening a ticket for patching to be applied within a HIGH SLA)?
5...Critical 4...High 3...Medium 2...Low 1...Informational
CVE ID |
Vulnerability Title |
Severity |
Assets |
CVE-2008-2752 |
DoS Exec Code Mem. Corr. |
5 |
2 |
CVE-2011-0096 |
XSS |
5 |
1 |
CVE-1999-0179 |
Exec Code |
2 |
3 |
Check the box next to the machine(s) in the table below that have the highest severity and need to be remediated.:
Why did you select the machine(s)? What tool(s) did you use to determine the CVE ID/Priority/Vulnerability?
ii. Identify which machine(s) is the most vulnerable based on the following risk-based ranking chart:
- is externally exposed (internet-facing)
- is a Domain Controller
- missing EDR
- has exploitable vulnerabilities
Why did you select the machine(s)?
iii. What can you tell us about this webpage?
ELDMBR
Submission of Results
Please click the PRINT button below and printer select
Save as PDF then send the PDF via email to us.