MODULE-1

PRACTICAL
ASSESSMENT.

n
Hocine

ou
Introduction to computer work
Sahnoun
function

hn
Sa
e
in
oc
H
 Contents
1. Introduction 2
2. OBJECTIVES 2
3. ALLOCATED TIME 2
4. REQUIRED MATERIAL 2
5. ASSESSMENT SPECIFICATIONS INSTRUCTIONS 2
5.1 Enforce Password Settings 2

n
5.1.1 Configure password settings so that the user must: 2

ou
5.1.2 Configure the account lockout policy to: 2
5.2 Subscribe to an RSS Feed 3
5.3 Basic JavaScript 3
5.4 Research Privacy Issues 5

hn
5.5 Research Information Security 5
6. MARKING SCHEME 5
6.2 Assessment components 5
Sa
7. Penalties 6
e
in
oc
H

550 Sherbrooke West, 6th floor, East Tower

Montreal (Quebec) H3A 1B9
1
 1. Introduction

In this Practical assessment you will perform a number of tasks to demonstrate your
understanding of the module Computing Careers & Disciplines course.

2. OBJECTIVES
- Enforce password settings

n
- Subscribe to RSS Feed
- Basic JavaScript

ou
- Research privacy issues
- Research Information Security

3. ALLOCATED TIME
10 to 15 hours have been allocated for the completion of this assessment.

4. REQUIRED MATERIAL

hn
You need a windows 10 machine to perform these tasks
Sa
5. ASSESSMENT SPECIFICATIONS INSTRUCTIONS

5.1Enforce Password Settings

e

You have been asked to perform administrative tasks for a computer that is not a member of a
in

domain. To increase security and prevent unauthorized access to the computer, you need to
configure specific password and account lockout policies. In this exercise, your task is to use the
Local Security Policy to configure the following password and account lockout policies:
oc

5.1.1 Configure password settings so that the user must:

o Cycle through 8 passwords before reusing an old one.

Change the password every 120 days.
H

o
o Keep the password for at least 7 days.
o Create a password at least 10 characters long.
o Create a password that meets complexity requirements such as
using uppercase letters, lowercase letters, numbers, or symbols.

550 Sherbrooke West, 6th floor, East Tower

Montreal (Quebec) H3A 1B9
2
 5.1.2 Configure the account lockout policy to:

o Lock out any user who enters four incorrect passwords.

o Unlock an account automatically after 30 minutes.
o Configure the number of minutes that must elapse after a failed
logon attempt to 15 minutes.

5.2 Subscribe to an RSS Feed

n
While RSS feeds are not nearly as popular today as they were several years ago, they can still serve
a valuable purpose. Subscribing to an RSS feed is also a good exercise in learning about internet

ou
technology in general. In this activity, you'll use a feed reader to subscribe to an RSS feed. Do the
following:

1. Install an RSS feed reader of your choice. Free readers include Feedly, The Old Reader, and

hn
many more.
2. Use the feed reader you've installed to subscribe to an RSS feed of your choice. Examples
include news, weather, and government websites that regularly publish new content and
include RSS feeds for that content. For example, you could
use nasa.gov/content/nasa-rss-feeds to select from a number of different NASA feeds.
Sa
Some websites include the orange and white RSS logo to show that a feed is available.
3. After a few hours or perhaps a day or two, open your RSS feed reader again and check for
new content that has been published in the feed to which you've subscribed.
e
in
oc
H

550 Sherbrooke West, 6th floor, East Tower

Montreal (Quebec) H3A 1B9
3
 5.3 Basic JavaScript
In this activity, you will use an online JavaScript code generator to create a clickable button with an
HTML pop-up alert and then customize the page and button.
To complete the activity, perform the tasks listed in the following table:

TASK STEPS

n
Open an Online

ou
Open one of the following online JavaScript editors in your browser.
JavaScript Editor

▪ W3Schools

▪ jsfiddle.net

hn
▪ codepen.io

▪ Tutorials Point
Sa
Enter and Run Sample 1. Delete any contents in the left pane of the JavaScript editor.
Code 2. Enter the following code into the left pane.
3. <body>
4. <h1>My JavaScript Button</h1>
5.
6. <script>
e

7. function celebrate() {
8. alert("You are coding with
in

JavaScript!");
9. }
10. </script>
11.
12. <button onclick="celebrate()">Click
oc

me!</button>
13.</body>
14. Click the "Run Code" or "Preview" button at the top of the left
pane.
15. In the right pane, you will see a button that says "Click Here!".
H

16. If you have entered the code correctly, a pop-up should

appear on your screen after you click this button.
17. Click the "OK" Button to close the pop-up window.

Modify the Page Style 1. Enter the following code above the first line (<body>) that you
have previously entered.
2. <style>
3. body {
4. background-color: beige;
5. text-align: center;

550 Sherbrooke West, 6th floor, East Tower

Montreal (Quebec) H3A 1B9
4
 6. color: chocolate;
7. font-family: Arial;
8. }
9. </style>
10. Click the "Run Code" or "Preview" button at the top of the left
pane and see what changes in the right pane.
11. Experiment with changing the colors, alignment, and fonts.
What limitations do you find as you try different style options?

Customize the Button 1. Enter the following code just before the line that

n
contains </style>.
2. button {

ou
3. text-align: right;
4. height: 60px;
5. width: 200px;
6. background-color: GoldenRod;
7. border-radius: 10px;
8. border-width: 3px;

hn
9. border-color: SaddleBrown;
10.}
11.
12.button:hover {
13. background-color: DeepPink;
14. cursor: pointer;
Sa
15.}
16. What changes do you see?
17. Try changing the different options to customize your button.
e
in
oc
H

550 Sherbrooke West, 6th floor, East Tower

Montreal (Quebec) H3A 1B9
5
 5.4 Research Privacy Issues
In this exercise, you will choose a current issue related to online privacy and then identify three
different types of sources to help you understand the issue. Do the following:

1. Choose these online privacy issues (Anonymity. Merging clickstream data & personal
information. Personal contact information) that interests you. Possibilities include NSA data
collection, social media privacy, and Big Data.
2. Use Google Scholar (scholar.google.com) to identify a scholarly or academic article on your

n
chosen topic.
3. List these articles with the most updated version

ou
● A secure anonymous tracing fog-assisted method for the Internet of Robotic Things
● Mothers’ Perceptions of the Internet and Social Media as Sources of Parenting and Health
Information: Qualitative Study
● TCALAS: Temporal Credential-Based Anonymous Lightweight Authentication Scheme for Internet

hn
of Drones Environment

5.5 Research Information Security

Sa
In this exercise, you will identify recent examples of cyberattacks that have exposed private
information and damaged businesses and financial institutions.

▪ Conduct online research to answer the following questions.

▪ What major institutions have announced significant cyberattacks within the past three
e

years?
RedCross: In January 2022, hackers carried out an attack on servers hosting the personal
in

information of more than 500,000 people receiving services from the Red Cross and Red
Crescent Movement. The hacked servers contained data related to the organization’s
Restoring Family Links services, which works to reconnect people separated by war,
migration, and violence. The Red Cross took servers offline to stop this suspected attack by
oc

a nation state, although no culprit has definitely been identified.

Crypto.com:The attack took place on January 17th and targeted nearly 500 people’s
cryptocurrency wallets. In this case, hackers stole approximately $18 million worth of Bitcoin
and $15 million worth of Ethereum, plus other cryptocurrencies. This was primarily possible
thanks to the hackers’ ability to bypass two-factor authentication and access users’ wallets.
H

This is another example of why using a password manager is so important.

GiveSendGo: In February 2022, GiveSendGo was breached as a political gesture by a
hacker who claims credit for hacking far-right social networks. GiveSendGo is a Christian
fundraising site favored by Canadian truckers who drove across the country to protest
against COVID rules – the so-called Freedom Convoy. The hacker redirected the
fundraising site to a page that condemned the Freedom Convoy protests – a case of a
Distributed Denial of Service (DDoS) attack. The hacker then published the personal
information of the 90,000 donors who had contributed to the Freedom Convoy via the
GiveSendGo website. It is a clear lesson that companies need top-notch security to ward off
political attacks – because not all breaches are driven by financial gain.

550 Sherbrooke West, 6th floor, East Tower

Montreal (Quebec) H3A 1B9
6
 ▪ Approximately how many people have had their private information exposed as a
result of each attack?
RedCross: 500,000 people
Crypto.com: 500 people
GiveSendGo: 90,000 people

▪ Approximately how much money has each institution suffered in damages from each
attack?
RedCross: $4.35 million
Crypto.com: $33 milion

n
GiveSendGo: $7,9 million

▪ What security vulnerabilities did hackers take advantage of in each attack?

ou
RedCross: The hackers made use of considerable resources to access our systems and used tactics
that most detection tools would not have picked up. The following information demonstrates the
sophisticated and targeted nature of the attack:

hn
▪ The attackers used a very specific set of advanced hacking tools designed for offensive
security. These tools are primarily used by advanced persistent threat* groups are not
available publicly and therefore out of reach to other actors.
▪ The attackers used sophisticated obfuscation techniques to hide and protect their malicious
Sa
programs. This requires a high level of skills only available to a limited number of actors.
▪ We determined the attack to be targeted because the attackers created a piece of code
designed purely for execution on the targeted ICRC servers. The tools used by the attacker
explicitly referred to a unique identifier on the targeted servers (its MAC address).
▪ The anti-malware tools we had installed on the targeted servers were active and did detect
and block some of the files used by the attackers. But most of the malicious files deployed
e

were specifically crafted to bypass our anti-malware solutions, and it was only when we
installed advanced endpoint detection and response (EDR) agents as part of our planned
in

enhancement programme that this intrusion was detected.

Crypto.com: Bad actors are increasingly targeting decentralized finance (DeFi) protocols, which are
oc

uniquely vulnerable to hacking, according to the report. DeFi programs are the underlying blockchain
technology that enable financial transactions to occur outside of traditional banks. These programs
primarily utilize the Ethereum blockchain. DeFi programs are public and use open-source code, which
can be helpful because it typically allows for security issues to be discovered and fixed quickly.
H

However, since open-source code is available for anyone to review, cybercriminals are able to
extensively study the code and find vulnerabilities that can be exploited and used to steal crypto
funds, according to the report.

GiveSendGo: Users who tried to access GiveSendGo.com on Sunday night were immediately rerouted
to the domain GiveSendGone.wtf. There, a video of the Disney movie Frozen began playing, with a
scrolling message addressing "GiveSendGo grifters and hatriots." A link to the hacked donor data
appeared below the video.

550 Sherbrooke West, 6th floor, East Tower

Montreal (Quebec) H3A 1B9
7
 It was up for several hours before GiveSendGo regained control of its domain and posted a message
on its main page saying the site was offline for "maintenance and server upgrades."

▪ How could each attack have been prevented?

Ways To Prevent Common Cyber Attacks

● Creating a cyber security strategy.

n
● Developing cyber security policies.
● Conducting a security risk assessment.

ou
● Hiring a virtual CISO service.
● Performing vulnerability assessments.
● Conducting employee phishing campaigns.
● Implementing security awareness training.

6. MARKING SCHEME

6.1Assessment components hn
Sa
Enforce password settings (20 points)
e

Subscribe to RSS Feed (20 points)

in

Basic JavaScript (20 points)

Research privacy issues (20 points)

oc

Research Information Security (20 points)

Methodology & Presentation (20 points)

H

Penalties

Total

Student Name: Leonardo Fernandes Xavier Student No: TI1012157

550 Sherbrooke West, 6th floor, East Tower

Montreal (Quebec) H3A 1B9
8
 7. Penalties
▪ For each day that a assessment is late, 5% will be deducted.
▪ Assessments that are more than three days late will earn a maximum score of 60%.
▪ Assessments that are more than five days late will earn a score of 0%.
▪ Assessments that contain a virus must be resubmitted and will earn a maximum of
60%.
▪ Quality of the language (0,5 points per fault, spelling and grammar,
▪ maximum of 10 points)

n
ou
hn
Sa
e
in
oc
H

550 Sherbrooke West, 6th floor, East Tower

Montreal (Quebec) H3A 1B9
9