Virtualization
Classes of Malware
Cybersecurity Practices
100

You need to run a virtual machine on your Mac. This free virtualization software is available for Mac users.

What is VMWare Fusion Player?

100

This malware was used to sabotage Iran’s uranium centrifuges, targeting Siemens systems and delaying their nuclear program.

What is Stuxnet?

100

In a disaster recovery scenario, a company's servers are restored from backup. However, it takes several hours before operations are fully restored, despite data being fully intact. Which part of the CIA triad is affected?

What is availability?

200

You want to use free virtualization software for running virtual machines. Name a free option available other than VMWare.

What is Oracle VirtualBox?

200

According to new NIST guidelines, this once common password practice should be avoided unless a breach occurs.

What is "no more expiration without reason"?

200

A research organization transmits highly sensitive data over a secure VPN but stores the data on local servers without performing regular integrity checks. If corruption occurs during storage, what is affected?

What is integrity?

300

If a VM is configured with 4 GB of RAM and 100 GB of hard drive space, but the host only has 8 GB of RAM and 200 GB of hard drive space, what happens to the VM if another virtual machine is allocated an additional 2 GB of RAM and 50 GB of hard drive space simultaneously?

Both VMs will run, but the host's available resources will be shared, potentially causing performance degradation if the host runs out of memory or disk space.

300

This 2016 attack reached 1.1 terabits per second and was delivered by over 145,000 hacked Internet-connected cameras.:

What is the OVH DDoS attack?

300

Sophie designs a backup system that only runs during off-hours to prevent disruption to the main system. However, she only schedules backups every other week because she assumes that most of the company’s important work happens in the last week of the month anyway. Which element of the CIA Triad does this apply to? And is it storage, transmission, or processing?

What is availability and storage?

400

Describe the ping statistics that are displayed for the command ping -c 4 <ip address>, assuming each packet was sent successfully.

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)

400

This type of rootkit, originally crafted by teenage hackers and later weaponized by criminal syndicates, is capable of hiding deep within a system’s core processes, making itself nearly undetectable while silently executing keylogging or credential-stealing activities to facilitate financial fraud on a massive scale.

What is pseudo-ransomware or a wiper attack?

400

Samantha is responsible for her company’s email service and sets up a failover mail server. However, she configures the DNS with a long Time-to-Live (TTL) setting, so in the event of a failover, emails are delayed for hours, but she says that as long as they are eventually delivered, the system is still functioning.

What is availability and transmission?

500

You are currently in the /workspaces/python/scripts directory, and you need to navigate to the /workspaces/reports/2024 directory while listing all files and folders along the way. Which commands will you use (not in order just list the commands)?

cd ../../reports/2024 and ls commands

500

This type of attack, which surfaced prominently in the 2017 NotPetya incident is a nation-state-driven wiper malware, designed to cause widespread irreversible damage to global corporations, freezing government agencies, and crippling vital infrastructure.

What is a banking rootkit with keylogging and web inject capabilities?

500

Greg applies version control to his company's critical source code repositories and uses MD5 to verify the code. While confident in its ability to detect changes, Greg simultaneously lets the developers bypass the checks “when they are in a rush,” because completing tasks on time is more important. Which element of the CIA Triad does this apply to? And is it storage, transmission, or processing?

What is integrity and processing?