Hackers & Defenders
Scenario:
A company hires a cybersecurity professional to legally test their systems by attempting to break into their network and report weaknesses so they can fix them before real hackers find them.
Question:
What type of hacker is this?
What is a White Hat Hacker?
Scenario:
A student’s computer needs to find the IP address of www.macomb.edu. The computer first checks its local cache but then sends a query to a server that is not the authoritative server to resolve the domain name.
Question:
What type of DNS query is this called?
What is a recursive DNS query?
Scenario:
A student wants to check if a website is accessible from their computer, but also wants to see if any packets are being delayed or lost along the route.
Question:
Which command provides both connectivity testing and packet loss information?
What is ping?
Scenario:
A student wants to connect to a webmail server using a protocol that downloads emails to their client without removing them from the server.
Question:
Which port does IMAP typically use?
What is port 143?
Scenario:
A hacker tricks an employee into plugging a USB drive into their workstation. Once connected, malware automatically installs and begins scanning the network for sensitive files without the employee noticing.
Question:
What type of attack is this?
What is a USB-based malware attack / rogue device attack?
Scenario:
A student receives an email that appears to come from their bank asking them to click a link and verify their login credentials. The website looks identical to the real bank website but is actually designed to steal usernames and passwords.
Question:
What type of cyber attack is this?
What is Phishing?
Scenario:
A new computer connects to a network. It sends a broadcast request asking for an IP address. The network responds with a lease that includes an IP, subnet mask, default gateway, and DNS servers.
Question:
Which protocol is responsible for providing this network configuration?
What is DHCP (Dynamic Host Configuration Protocol)?
Scenario:
A network engineer wants to find out if any specific port is open on a remote host before deploying an application, without using a web browser.
Question:
Which command-line tool can scan a single host for open ports?
What is nmap?
Scenario:
A network technician is troubleshooting time synchronization issues on the network. They need to ensure devices can communicate with an NTP server to get the correct time.
Question:
Which port is used by NTP, and what is its purpose?
What is Port 123, used for network time synchronization.
Scenario:
A hacker exploits a vulnerability in a website to run malicious scripts that steal session cookies from users visiting the site.
Question:
What type of attack is this?
What is Cross-Site Scripting (XSS)?
Scenario:
An organization installs a security system that monitors all incoming and outgoing network traffic. If traffic violates the organization’s security policies, the connection is automatically blocked.
Question:
What type of security device is being used?
What is a Firewall?
Scenario:
A network admin wants to test connectivity to a remote server. They notice some packets are dropped and want to see how many hops and which routers the packets pass through, including round-trip time for each hop.
Question:
Which command should the administrator use to get this detailed path information?
What is traceroute (or tracert in Windows)?
Scenario:
A system administrator notices unusual network activity on a server and wants to see all active network connections, including the local and remote addresses and the ports being used, to determine if any unauthorized connections are present.
Question:
Which tool would the administrator use to view this information?
What is Netstat?
Scenario:
A system administrator notices a device sending SNMP queries to collect information from network devices like routers and switches.
Question:
Which port does SNMP use by default, and what is its function?
Port 161, used for network management and monitoring.
Scenario:
An attacker floods a company’s web server with massive amounts of traffic, causing legitimate users to be unable to access the website.
Question:
What type of attack is this?
What is a Denial of Service (DoS) attack?
Scenario:
A popular website suddenly becomes unavailable because thousands of compromised computers around the world begin sending large amounts of traffic to the server at the same time, overwhelming it.
Question:
What type of cyber attack is causing this disruption?
What is a Distributed Denial-of-Service (DDoS) Attack?
Scenario:
A cybersecurity analyst is capturing traffic from a network segment. They notice packets with unusual TCP flags, malformed headers, and some retransmissions, suggesting a possible reconnaissance attempt.
Question:
What network analysis technique allows the analyst to inspect these packets in detail?
What is packet sniffing / network traffic analysis?
Scenario:
A network administrator is troubleshooting why users cannot reach www.macomb.edu. They want to see the IP address returned by the DNS server, check which server responded, and confirm whether the DNS record is an A record.
Question:
Which command-line tool can provide this DNS lookup and detailed information?
What is dig?
Scenario:
A user tries to download email from their server using POP3. The connection is refused because the wrong port is blocked.
Question:
Which port does POP3 typically use, and what is its main function?
Port 110, used for retrieving emails from the server to a client.
Scenario:
A malicious actor intercepts communications between a user and a website without the user knowing, capturing login credentials.
Question:
What type of attack is this?
What is a Man-in-the-Middle (MITM) attack?
Scenario:
An employee downloads what appears to be a free software tool from the internet. The program installs successfully, but in the background it secretly opens a connection that allows an attacker to remotely control the computer.
Question:
What type of malware attack is this?
What is a Trojan Horse?
Scenario:
A subnet has the address 192.168.10.64/28. A device on the network tries to ping 192.168.10.80, but the packets do not reach the target. The network engineer realizes this is due to the addressing scheme.
Question:
How many usable host addresses are in this subnet, and why can the ping fail?
There are 14 usable host addresses (192.168.10.65–192.168.10.78). The ping fails because 192.168.10.80 is outside the subnet.
Scenario:
A Linux administrator wants to check if a remote service is responding on a specific TCP port. They don’t want to ping the host, only verify the service itself is listening.
Question:
Which command-line utility can test TCP connections on a specific port?
What is telnet (or nc/netcat)?
Scenario:
A cybersecurity student is tasked with securely transferring configuration files from their local machine to a Linux server over the network. The connection must be encrypted to prevent anyone from intercepting the files or credentials.
Question:
Which port is used for this secure file transfer, and what is its primary purpose?
Port 22, used for SSH and secure file transfers (SFTP/secure remote access).
Scenario:
A hacker gains unauthorized access to a company’s network and installs a backdoor so they can maintain access even if passwords are changed.
Question:
What type of attack technique does this describe?
What is a persistence/backdoor attack?