Cisco Certified Support Technician Cybersecurit Workbook D1

Cisco Certified Support Technician:
Cybersecurity
Project Workbook
First Edition
LearnKey creates signature multimedia courseware. LearnKey provides expert instruction for popular computer software,
technical certifications, and application development with dynamic video-based courseware and effective learning
management systems. For a complete list of courses, visit https://www.learnkey.com.
All rights reserved. Unauthorized reproduction or distribution is prohibited.
© 2023 LearnKey
www.learnkey.com
Table of Contents
Introduction 1
Best Practices Using LearnKey’s Online Training 2
Using This Workbook 3
Skills Assessment 4
Cisco Certified Support Technician: Cybersecurity Video Times 6
Domain 1 Lesson 1 7
Fill-in-the-Blanks 8
Vulnerabilities, Threats, Exploits, and Risks 9
Hardening and Defense-in-Depth 10
Domain 1 Lesson 2 11
Confidentiality, Integrity, and Availability 13
Attackers 14
Malware and Ransomware 17
Denial-of-Service Attacks 18
Social Engineering Attacks 19
Physical Attacks 20
Common Attacks and Vulnerabilities 21
AAA and RADIUS 24
Multifactor Authentication 25
Password Policies 26
Encryption 29
Hashing 30
Certificates and Public Key Infrastructure 31
Encryption Algorithms 32
States of Data 33
Protocols Using Encryption 34
TCP, UDP, and HTTP 37
ARP, ICMP, DHCP, and DNS 38
IPv4 and IPv6 Addresses 41
MAC Addresses and CIDR Notation 42
Public vs. Private Networks 43
Network Security Architecture 46
Virtualization and Cloud 47
Honeypots, Proxy Servers, IDS, and IPS 48
Setting up a Secure Wireless SOHO Network 51
Implement Secure Access Technologies 52
Operating Systems 55
Security Features and Command-line Tools 56
Privileges 58
Endpoint Tools 62
Hardware and Software Inventories 63
Policies and Standards 64
Software and Hardware Updates 67
Log Files 68
Malware Removal 69
Identification, Management, and Mitigation 72
Active and Passive Reconnaissance 73
Testing 74
Vulnerability Databases 77
Vulnerability Assessment Tools 78
Vulnerability News 79
Intelligence and Documentation 80
Risk Management Elements 83
Data Risks and Security Assessments 85
Disaster Recovery Plans 86
Disaster Recovery Controls 87
SIEM and SOAR 90
Identifying Incidents and Events 91
Attack Frameworks 94
Digital Evidence 95
Compliance Frameworks and Incident Response 96
Appendix 98
Glossary 99
Objectives 105
Cisco Certified Support Technician: Cybersecurity Lesson Plan 107
Domain 1 Lesson Plan 108
Introduction
1 | Introduction: Best Practices Using LearnKey’s Online Training Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Best Practices Using LearnKey’s Online Training
LearnKey offers video-based training solutions that are flexible enough to accommodate private students and educational
facilities and organizations.
Our course content is presented by top experts in their respective fields and provides clear and comprehensive
information. The full line of LearnKey products has been extensively reviewed to meet superior quality standards. Our
course content has also been endorsed by organizations such as Certiport, CompTIA®, Cisco, and Microsoft. However, it is
the testimonials given by countless satisfied customers that truly set us apart as leaders in the information training world.
LearnKey experts are highly qualified professionals who offer years of job and project experience in their subjects. Each
expert has been certified at the highest level available for their field of expertise. This expertise provides the student with
the knowledge necessary to obtain top-level certifications in their chosen field.
Our accomplished instructors have a rich understanding of the content they present. Effective teaching encompasses
presenting the basic principles of a subject and understanding and appreciating organization, real-world application, and
links to other related disciplines. Each instructor represents the collective wisdom of their field and within our industry.
Our Instructional Technology

Each course is independently created based on the manufacturer’s standard objectives for which the course was
developed.
We ensure that the subject matter is up-to-date and relevant. We examine the needs of each student and create training
that is both interesting and effective. LearnKey training provides auditory, visual, and kinesthetic learning materials to fit
diverse learning styles.
Course Training Model

The course training model allows students to undergo basic training, building upon primary knowledge and concepts to
more advanced application and implementation. In this method, students will use the following toolset:
Pre-assessment: The pre-assessment is used to determine the student’s prior knowledge of the subject matter. It will also
identify a student’s strengths and weaknesses, allowing them to focus on the specific subject matter they need to improve
the most. Students should not necessarily expect a passing score on the pre-assessment as it is a test of prior knowledge.
Video training sessions: Each training course is divided into sessions or domains and lessons with topics and subtopics.
LearnKey recommends incorporating all available external resources into your training, such as student workbooks,
glossaries, course support files, and additional customized instructional material. These resources are located in the folder
icon at the top of the page.
Exercise labs: Labs are interactive activities that simulate situations presented in the training videos. Step-by-step
instructions and live demonstrations are provided.
Post-assessment: The post-assessment is used to determine the student’s knowledge gained from interacting with the
training. In taking the post-assessment, students should not consult the training or any other materials. A passing score is
80 percent or higher. If the individual does not pass the post-assessment the first time, LearnKey recommends
incorporating external resources, such as the workbook and additional customized instructional material.
Workbook: The workbook has various activities, such as fill-in-the-blank worksheets, short answer questions, practice
exam questions, and group and individual projects that allow the student to study and apply concepts presented in the
training videos.
2 | Introduction: Best Practices Using LearnKey’s Online Training Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Using This Workbook
This project workbook contains practice projects and exercises to reinforce the knowledge you have gained through the
video portion of the Cisco Certified Support Technician: Cybersecurity course. The purpose of this workbook is twofold.
First, get you further prepared to pass the Cisco Certified Support Technician: Cybersecurity exam, and second, to teach
you job-ready skills and increase your employability in the area of cybersecurity, including essential cybersecurity
principles, network security, endpoint security, vulnerability assessments, risk management, and incident handling.
The projects within this workbook follow the order of the video portion of this course. To save your answers in this
workbook, you must first download a copy to your computer. You will not be able to save your answers in the web version.
You can complete the workbook exercises as you go through each section of the course, complete several at the end of
each domain, or complete them after viewing the entire course. The key is to go through these projects to strengthen your
knowledge in this subject.
Each project is based upon a specific video (or videos) in the course and specific test objectives. The materials you will
need for this course include:
• LearnKey’s Cisco Certified Support Technician: Cybersecurity courseware.
• PowerShell.
• Linux.
For Teachers
LearnKey is proud to provide extra support to instructors upon request.
Notes
• Extra teacher notes, when applicable, are in the Project Details box within each exercise.
• Exam objectives are aligned with the course objectives listed in each project, and project file names correspond
with these numbers.
• Short answers may vary but should be similar to those provided in this workbook.
• Refer to your course representatives for further support.
We value your feedback about our courses. If you have any questions, comments, or concerns, please let us know by
visiting https://about.learnkey.com.
3 | Introduction: Using This Workbook Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Skills Assessment
Instructions: Rate your skills on the following tasks from 1-5 (1 being needs improvement, 5 being excellent).
Skills 1 2 3 4 5
Define essential security principles.
Explain common threats and vulnerabilities.
Explain access management principles.
Explain encryption methods and applications.
Describe TCP/IP protocol vulnerabilities.
Explain how network addresses impact network security.
Describe network infrastructure and technologies.
Set up a secure wireless SOHO network.
Implement secure access technologies.
Describe operating system security concepts.
Demonstrate familiarity with appropriate endpoint tools that

gather security assessment information.
Verify that endpoint systems meet security policies and
standards.
Implement software and hardware updates.
Interpret system logs.
Demonstrate familiarity with malware removal.
Explain vulnerability management.
Use threat intelligence techniques to identify potential network

vulnerabilities.
Explain risk management.
Explain the importance of disaster recovery and business

continuity planning.
Monitor security events and know when escalation is required.
4 | Introduction: Skills Assessment Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Skills 1 2 3 4 5
Explain digital forensics and the attack attribution processes.
Explain the impact of compliance frameworks on incident

handling.
Describe the elements of cybersecurity incident response.
5 | Introduction: Skills Assessment Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Cisco Certified Support Technician:
Cybersecurity Video Times
Domain 1 Video Time
Essential Security Principles 00:26:08
Common Threats and Vulnerabilities 00:17:32
Access Management Principles 00:12:51
Encryption Methods and Applications 00:19:29
Total Time 01:16:00
Domain 2 Video Time

TCP/IP Protocol Vulnerabilities 00:09:53
How Network Addresses Impact Network Security 00:12:51
Network Infrastructure and Technologies 00:07:33
Set Up a Secure Wireless SOHO Network 00:05:03
Implement Secure Access Technologies 00:05:36
Total Time 00:40:56
Domain 3 Video Time

Operating System Security Concepts 00:17:43
Endpoint Tools 00:06:22
Endpoint Systems and Standards 00:09:01
Software and Hardware Updates 00:03:52
Interpret System Logs 00:06:04
Malware Removal 00:04:03
Total Time 00:47:05
Domain 4 Video Time

Vulnerability Management 00:15:03
Threat Intelligence Techniques 00:13:01
Risk Management 00:08:47
Disaster Recovery and Business Continuity 00:09:34
Total Time 00:48:19
Domain 5 Video Time

Security Events 00:10:19
Digital Forensics 00:07:59
Incident Handling 00:04:28
Incident Response Elements 00:02:55
Total Time 00:25:41
6 | Introduction: Cisco Certified Support Technician: Cybersecurity Video Times Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Domain 1 Lesson 1
7 | Domain 1 Lesson 1: Cisco Certified Support Technician: Cybersecurity Video Times Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Fill-in-the-Blanks
Instructions: While watching Domain 1 Lesson 1, fill in the missing words according to the information presented by the
instructor. [References are found in the brackets.]
1. A(n) can be a computer, device, network component, building, or even data.

[Vulnerabilities, Threats, Exploits, and Risks]
2. A threat is any action that could cause harm to an asset. [Vulnerabilities, Threats,
Exploits, and Risks]
3. Cybersecurity attackers use attacks, also known as exploits. [Vulnerabilities,

Threats, Exploits, and Risks]
4. A risk is the that a threat will be realized against a vulnerability.

[Vulnerabilities, Threats, Exploits, and Risks]
5. Attack vectors are paths an attacker takes to exploit threats against specific . [Attack
Vectors]
6. A security is any safeguard that detects, avoids, prevents, or minimizes

damage to a protected asset. [Hardening and Defense-in-Depth]
7. Security professionals should never depend on a(n) security control to protect an asset.
[Hardening and Defense-in-Depth]
8 | Domain 1 Lesson 1: Fill-in-the-Blanks Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Vulnerabilities, Threats, Project Details
Project file
Exploits, and Risks N/A
Estimated completion time

The field of cybersecurity has developed and grown over several decades. As 5 minutes
attacks broaden in size and scope, so does the need for security professionals to Video reference
defend against such attacks. Cybersecurity professionals use a vocabulary and a Domain 1
collection of acronyms specific to the field. We will cover those terms Topic: Essential Security Principles
throughout the course, beginning with vulnerability, a term used to describe any Subtopic: Vulnerabilities, Threats,
characteristic of a system that bad actors may exploit. A threat is any action that Exploits, and Risks; Attack Vectors
could potentially cause harm to an asset. Exploits are planned attacks used to Objectives covered
realize threats against discovered vulnerabilities. Risk is the calculated 1 Essential Security Principles
probability that a threat will be realized against a vulnerability. Risk can be 1.1 Define essential security
expressed either qualitatively or quantitatively. principles
1.1.1 Vulnerabilities, threats,
Purpose exploits, and risks
1.1.2 Attack vectors
Upon completing this project, you will better understand vulnerabilities, threats,
Notes for the teacher
exploits, and risks. If time permits, students should
research the exploit database at
Steps for Completion https://www.exploit-db.com/ for
vulnerabilities related to Log4j. Students
1. A vulnerability is any in a system, should return the CVE (Common
specifically related to one or more assets. Vulnerabilities and Exposures) code for
exploits related to Log4j. The code is
2. Label the following statements as true or false. CVE: 2021-44228.
a. An employee who fails to follow security

procedures with no intent to harm should not be considered a
threat.
b. Threats are planned attacks used to realize exploits against discovered risks.
3. One of the primary phases of attack is discovering vulnerabilities in a victim’s

environment.
4. risk expression is more useful when projecting potential monetary losses if a risk
were to be realized.
5. What is an attack vector?
6. Describe the difference between an exploit and an attack vector.
9 | Domain 1 Lesson 1: Vulnerabilities, Threats, Exploits, and Risks Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Hardening and Defense-in- Project Details
Project file
Depth N/A

Both security professionals and attackers have a vast array of tools available to 5 minutes
them. Using those tools, professionals can harden their systems. Hardening is an Video reference
ongoing process involving evaluating systems, networks, and environments Domain 1
continuously. Those evaluations are then used to select and deploy the best Topic: Essential Security Principles
security controls for the risk associated with each vulnerability. Professionals can Subtopic: Hardening and Defense-
also utilize defense-in-depth, a strategy by which several layers of security in-Depth
measures are layered between an attacker and a target. Each security measure Objectives covered
adds to the overall security posture. 1 Essential Security Principles
1.1 Define essential security
Purpose principles
1.1 3 Hardening
Upon completing this project, you will better understand hardening and defense 1.1 4 Defense-in-depth
in depth.
Steps for Completion If time permits, students should use the
remaining time to harden their personal
1. Define the concept of hardening. computers. Students should detail each
step and describe how each step helps
harden their system.
2. Defense-in-depth is a strategy that requires each resource to be

protected by security controls, preferably deployed at different physical or logical
locations.
3. One common approach to hardening any system is disabling unneeded .
4. Once the Run dialog box has been opened, what command will take a user to the Services window?
5. List two types of controls that security professionals use to protect systems.
a.
b.
10 | Domain 1 Lesson 1: Hardening and Defense-in-Depth Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Domain 1 Lesson 2
11 | Domain 1 Lesson 2: Hardening and Defense-in-Depth Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Fill-in-the-Blanks
1. While discussing the confidentiality, integrity, and availability (CIA) triad, assets and resources are referred to
as . Users or consumers are referred to as . [Confidentiality,
Integrity, and Availability]
2. Building and maintaining a secure environment starts with protecting the three of security.
[Confidentiality, Integrity, and Availability]
3. Integrity ensures that all changes to any object come from subjects. [Confidentiality,
Integrity, and Availability]
4. Availability strategies include , duplication, and layers that detect and stop
attacks. [Confidentiality, Integrity, and Availability]
5. actors are attackers that nation-states use to carry out cyberwarfare activities. [Types of
Attackers and Reasons for Attack]
6. A growing number of now require personnel to adopt their own codes

of ethics. [Code of Ethics]
Confidentiality, Integrity, and Project Details
Project file
Availability N/A

The confidentiality, integrity, and availability (CIA) triad is representative of three 5 minutes
tenets necessary for a secure environment. Each tenet is essential for security Video reference
professionals to conduct secure operations across a dangerous cyber landscape. Domain 1
While the CIA triad does not encompass every aspect of cybersecurity, it is Topic: Essential Security Principles
widely agreed upon that the triad does represent the core cybersecurity Subtopic: Confidentiality, Integrity,
requirements. Each of these properties describes how access to an asset or and Availability
resource, called an object, is accessed and controlled by users or consumers, Objectives covered
also called subjects. 1 Essential Security Principles
Purpose principles
1.1 5 Confidentiality, integrity, and
Upon completing this project, you will better understand the three pillars of the availability (CIA)
CIA triad.
Steps for Completion If time permits, students should visit the
following link for a detailed review of
1. Describe confidentiality as it relates to the CIA triad. the CIA triad published by the multi-
national security corporation Fortinet.
https://www.fortinet.com/resources/cyb
erglossary/cia-triad
2. What is the most common control used to protect confidentiality in a

Windows environment?
3. Describe integrity as it relates to the CIA triad.
4. How does integrity differ from confidentiality?
5. Describe availability as it relates to the CIA triad.
6. Many controls support availability and focus on minimizing or eliminating single points of .
13 | Domain 1 Lesson 2: Confidentiality, Integrity, and Availability Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Attackers Project Details
Project file
Although attackers are unique, they fall into several categories, including script N/A
kiddies, hacktivists, cybercriminals, state actors, insider threats, and advanced
persistent threats (APTs). Cybersecurity professionals can apply security
5 minutes
principles and configurations to like threats by categorizing these criminals.
Video reference
Cyber professionals are typically armed with knowledge about their systems and Domain 1
high-level permissions to those systems. Cyber professionals often find Topic: Essential Security Principles
themselves in a position where they could use what they know for personal Subtopic: Types of Attackers and
gain. A code of ethics is a set of principles and guidelines by which cyber Reasons for Attack; Code of Ethics
professionals must conduct themselves. Failure to adhere to an agreed-upon Objectives covered
code of ethics could result in termination and prosecution. 1 Essential Security Principles
Purpose principles
1.1 6 Types of attackers
Upon completing this project, you will better understand the different types of 1.1.7 Reasons for attacks
attackers, their motivations, and the code of ethics. 1.1 8 Code of ethics
Steps for Completion Notes for the teacher

If time permits, students should review
1. Match the attacker type to their description. the Code of Ethics published by (ISC)2.
https://www.isc2.org/ethics/
A. Script kiddie D. State actor
B. Hacktivist E. Insider threat
C. Cybercriminal F. Advanced persistent threat (APT)
a. The best-funded, trained, and supported of all cyberattackers.
b. An attacker who remains undetected in an environment for an extended period.
c. An attacker motivated by a commitment to their ideology and uses cyberactivity to reach their goals.
d. Any attacker who carries out illegal activity that targets or uses computing equipment.
e. An attacker who lacks mature hacking skills.
f. An attacker who possesses elevated privileges and internal knowledge of the system they attack.
2. A code of ethics is a statement of and that outlines how a group

of individuals should conduct themselves.
14 | Domain 1 Lesson 2: Attackers Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Domain 1 Lesson 3
15 | Domain 1 Lesson 3: Attackers Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Fill-in-the-Blanks
1. is often used by malware designers to collect victim information before an attack, but the software
itself is not directly malicious. [Malware and Ransomware]
2. Following a ransomware attack, is the most common payment method because

transactions are more difficult to trace than traditional financial transactions. [Malware and Ransomware]
3. are most often the weakest link against malware and ransomware. [Malware and Ransomware]
4. Any attack that interrupts the ability of authorized subjects to access permitted objects is an attack on
the principle of security. [Denial of Service and Botnets]
5. Each compromised computer is called a in a distributed denial-of-service (DDoS) attack. [Denial of

Service and Botnets]
6. The term phishing is derived from an early cyberattack called . [Social Engineering
Attacks]
7. A potential phishing attack can often be identified by errors, low-resolution logos,

and odd URLs. [Social Engineering Attacks]
8. A physical attack that results in the removal, alteration, or of physical media violates each
of the pillars of the CIA triad. [Physical Attacks]
9. Man-in-the-middle attacks target the of sessions. [Person-Based Threats and IoT]
10. Internet of Things (IoT) devices are , easy-to-use devices that provide services across
various applications. [Person-Based Threats and IoT]
11. APTs are often associated with state . [Person-Based Threats and IoT]
Malware and Ransomware Project Details
Project file
In the past, software existed to allow users to interact with their computers in N/A
productive ways. As time progressed, programmers discovered ways to use
software to exploit unknowing users. Software used to carry out these undesired
5 minutes
and destructive actions is known as malicious software or malware. Ransomware
is a popular type of malware in today’s personal and corporate environments. Video reference
An attacker demands a ransom be paid before access to compromised data and Domain 3
Topic: Common Threats and
systems is restored. A multilayered approach to security is generally the best
Vulnerabilities
protection against a ransomware attack. Subtopic: Malware and
Ransomware
Purpose
Objectives covered
Upon completing this project, you will better understand several common types 1 Essential Security Principles
of malware. 1.2 Explain common threats and
vulnerabilities
Steps for Completion 1.2 1 Malware
1.2 2 Ransomware
1. Match the type of malware with its description.
A. Virus D. Trojan horse If time permits, students should study
B. Worm E. Spyware details of the popular WannaCry
ransomware attack that occurred in
C. Ransomware
May of 2017.
https://www.malwarebytes.com/wannac
a. Malware that infects other files in a system. ry
b. Malware used to encrypt compromised files before

offering the victim a decryption key, often in exchange for money.
c. Malware that collects behavior and demographic information before sending it to a data collector.
d. A self-contained and self-replicating program that attempts to spread on its own.
e. A malicious program that masquerades as a safe and useful program.
2. Which control layer helps an organization restore affected files and return to operational status?
3. Which control layer helps identify an attack in progress as early as possible?
17 | Domain 1 Lesson 3: Malware and Ransomware Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Denial-of-Service Attacks Project Details
Project file
A common attack on availability is a denial-of-service (DoS) attack. Ransomware N/A
is one type of DoS attack that makes critical files unavailable to everyone,
including unauthorized subjects. A distributed denial-of-service (DDoS) attack
5 minutes
places malware on a compromised computer, turning that victim into a remote
attacker. Cybersecurity professionals must understand DoS and DDoS attacks to Video reference
build an effective defense to protect availability. Domain 3
Purpose Vulnerabilities
Subtopic: Denial of Service and
Upon completing this project, you will better understand DoS attacks, DDoS Botnets
attacks, and botnets. Objectives covered
1 Essential Security Principles
Steps for Completion 1.2 Explain common threats and
vulnerabilities
1. What is the general goal of a traditional DoS attack? 1.2 3 Denial of service
1.2.4 Botnets

the following article from Cloudflare,
2. Describe a botnet. which details the largest DDoS attacks
of all time.
https://www.cloudflare.com/learning/dd
3. Label the following statement as true or false. os/famous-ddos-attacks/
A DoS attack is far more effective than a DDoS attack

because a single attacker carries out a DoS attack.
4. During a DDoS attack, an attacker takes what step once a victim’s computer has been compromised?
5. Why is it more difficult to defend against DDoS attacks than DoS attacks?
18 | Domain 1 Lesson 3: Denial-of-Service Attacks Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Social Engineering Attacks Project Details
Project file
Social engineering attacks are effective because they focus on the human N/A
element of computer usage. The purpose of social engineering attacks is to
mislead users into carrying out actions on behalf of their attackers. Attackers
5 minutes
using social engineering commonly prey on victims by pretending to be
vulnerable and asking for assistance. Cybersecurity personnel should ensure that Video reference
all users are educated on social engineering techniques. Domain 3
Purpose Vulnerabilities
Subtopic: Social Engineering
Upon completing this project, you will better understand basic social Attacks
engineering attacks. Objectives covered
Steps for Completion 1.2 Explain common threats and
vulnerabilities
1. What is the primary reason for the effectiveness of social engineering 1.2 5 Social engineering attacks
attacks? (tailgating, spear phishing,
phishing, vishing, and smishing)

2. Describe a tailgating attack. the following article published by
Norton.
https://us.norton.com/internetsecurity-
online-scams-phishing-email-
examples.html
3. Describe a phishing attack.
4. A personalized phishing attack for a specific target is known as phishing.
5. uses voice calls to trick someone into divulging information,

whereas uses SMS messages.
6. Give an example of vishing.
19 | Domain 1 Lesson 3: Social Engineering Attacks Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Physical Attacks Project Details
Project file
The public generally associates the term cyberattack with an attack on password N/A
storage, system functionality, or data. A physical cyberattack is an attack on an
IT environment where the target is tangible and visible. In other words, physical
5 minutes
cyberattacks target aspects of a system that a person can touch. The goal of a
physical attack is to either steal or destroy those physical elements which Video reference
support an IT infrastructure. While technical security is critical, it is widely Domain 3
accepted that other security efforts are meaningless without physical security.
Vulnerabilities
Subtopic: Physical Attacks
Purpose
Objectives covered
Upon completing this project, you will better understand the potential for a 1 Essential Security Principles
physical attack to disrupt business operations. 1.2 Explain common threats and
vulnerabilities
Steps for Completion 1.2.6 Physical attacks
1. An attacker may plan a(n) or targeted as Notes for the teacher

part of a physical attack on a business. If time permits, students should list
three physical security controls that are
2. Attacks on physical assets may include natural disasters. List three used at a location of their choice.
examples of natural disasters that may impact physical security.
May dammage media storrage and affect building security.
3. A secure environment must include controls against physical attacks. List five examples of physical controls.
locked doors fences fire extingushers fire supressesent systems redudnent media storage.
20 | Domain 1 Lesson 3: Physical Attacks Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Common Attacks and Project Details
Project file
Vulnerabilities N/A

As cloud computing expands, identities used to access cloud components are 5-10 minutes
treated as the outer edge of a security perimeter. Many of the cyberattacks that Video reference
exist today focus on compromising user identity. Man-in-the-middle attacks, Domain 3
attacks on IoT devices, insider attacks, and advanced persistent threats (APTs) Topic: Common Threats and
are examples of cybercrimes that rely on the broad use of remote identities. A Vulnerabilities
security professional should study each of these common threats to develop the Subtopic: Person-Based Threats
and IoT
skills to organize and manage defenses for a system properly.
Objectives covered
Purpose 1 Essential Security Principles
1.2 Explain common threats and
Upon completing this project, you will understand man-in-the-middle attacks, vulnerabilities
IoT vulnerabilities, insider threats, and APTs. 1.2.7 Man in the middle
1.2.8 IoT vulnerabilities
Steps for Completion 1.2.9 Insider threats
1.2.10 Advanced persistent threat
1. Attackers carry out man-in-the-middle attacks, attacks on IoT devices, (APT)
and insider attacks by using an increased reliance
on identities . Notes for the teacher
2. A man-in-the-middle attack works when the consumer sends a message the following article from Norton, which
further details APTs and suggested
to a service provider, but an attacker intercepts that message.
control measures.
3. An IoT device is an atypical computing device that connects to a https://us.norton.com/internetsecurity-
emerging-threats-advanced-persistent-
network and transmits data for a specific purpose. List five examples of
threat.html
IoT devices.
refrigerators light controlers doorbells temp controllers.
4. IoT devices typically are hardened at a much lower rate than other devices.
5. Label the following statement as true or false.

true APTs are usually supported by larger organizations rather than smaller organizations.
21 | Domain 1 Lesson 3: Common Attacks and Vulnerabilities Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Domain 1 Lesson 4
22 | Domain 1 Lesson 4: Common Attacks and Vulnerabilities Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Fill-in-the-Blanks
1. The most common authentication technique is the . [AAA and RADIUS]
2. Authorization associates and rights with identities. [AAA and RADIUS]
3. Evidence provided by a subject during authentication is referred to as authentication credentials. [Multifactor

Authentication]
4. Type authentication involves possessing a token or similar device that generates a number or character
string that a server will recognize. [Multifactor Authentication]
5. Authentication that combines two authentication credentials is known

as . [Multifactor Authentication]
6. The Group Policy Editor can be accessed by entering the command into a Windows run dialog
box. [Password Policies]
AAA and RADIUS Project Details
Project file
Authentication, authorization, and accounting (AAA) relate to building trust, and N/A
AAA provides a framework for differentiating between authorized and
unauthorized subjects. Layering each element of AAA is the best process for
10 minutes
correctly processing identity claims and monitoring permissions and access. The
main goal of AAA is to ensure that resources are accessed and modified only by Video reference
authorized subjects. Domain 1
Topic: Access Management Principles
Purpose Subtopic: AAA and RADIUS
Objectives covered
Upon completing this project, you will better understand the roles of AAA in a
security posture. 1.1 Explain access management
principles
Steps for Completion 1.3.1 Authentication, authorization,
and accounting (AAA)
1. Describe the difference between authentication and authorization. 1.3 2 RADIUS
Athentication is whether a person is who they say they are and
authorization is whether that person has permision to do somthing.
If time permits, students should
research an additional AAA protocol.
This protocol was developed by Cisco
and runs on port 49. (Answer:
TACACS+)
2. What is the purpose of accounting as it relates to AAA?
Ensures that identities operate withen their authorized privleges
3. Remote Authentication Dial-In User Service (RADIUS) provides a centralized standard for establishing trust
for remote users.
4. Despite current systems moving away from dial-in services, RADIUS is still used as a(n) centralized
service to authenticate and authorize remote users.
24 | Domain 1 Lesson 4: AAA and RADIUS Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Multifactor Authentication Project Details
Project file
Authentication is the process of verifying that a subject is the identity they claim N/A
to be. During the authentication process, subjects can be asked to provide
evidence supporting their identity claim; that evidence is referred to as
5 minutes
authentication credentials. Authentication credentials are separated into three
categories to support multifactor authentication (MFA). It is far more difficult for Video reference
hackers to compromise an account when two different authentication types Domain 1
protect that account. Therefore, MFA is a best practice for securing systems and
Subtopic: Multifactor
accounts. Authentication
Purpose Objectives covered

Upon completing this project, you will better understand how the three most 1.3 Explain access management
common types of authentication support MFA. principles
1.3.3 Multifactor authentication
Steps for Completion (MFA)
1. Complete each of the following descriptions for the three Notes for the teacher
If time permits, students should enable
authentication categories.
multifactor authentication on at least
a. Type 1: what you know one of their personal accounts. After
doing so, students should detail which
b. Type 2: what you have authentication credential types were
used.
c. Type 3: what you are and what you do
2. An administrator has implemented a password complexity policy

requiring all employees to create long and difficult to memorize passwords. Explain how an attacker might benefit
from this type of policy?
employes will use birthdays or names to make the password easier to memorize thus making it easier to guess
3. In the past, type 2 authentication tokens were often hardware devices. However, today, digital
tokens are far more common.
4. Type 3 authentication is often referred to as biometrics .
5. List three examples of evidence that can be used to support type 3 authentication.
fingerprints retinal scans handwriting
6. Multifactor authentication uses more than one types of authentication credentials.
25 | Domain 1 Lesson 4: Multifactor Authentication Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Password Policies Project Details
Project file
While MFA remains the best balance between security and utility for secure N/A
authentication, MFA is not universal across all login schemes. Many systems still
only require a user to provide a password. Password policies include
5 minutes
requirements on password complexity, password lifespan, reuse restrictions, and
recovery procedures. These policies aim to enhance the effectiveness of Video reference
passwords used in an organization, which is especially important in situations Domain 1
where MFA is not utilized or required. Security professionals can customize each
Subtopic: Password Policies
of these policies to suit the needs of their organization properly.
Objectives covered
1.3 Explain access management
Upon completing this project, you will better understand password policies and principles
how an organization uses those policies to protect employee passwords and 1.3.4 Password policies
business assets.
Steps for Completion the following post by Microsoft, which
further details password policies in a
1. List four general requirements that are often outlined in a password
Windows environment.
policy. https://docs.microsoft.com/en-
us/windows/security/threat-
a. complexity
protection/security-policy-
b. lifespan settings/password-policy
c. reuse restrictions
d. recovery procedures
2. Password complexity restrictions typically place restrictions on which three characteristics of a password?
a. length
b. allowed chracters
c. types of chatacters that must be included
3. Many information systems today include the option for a(n) self password reset. This type of
password reset requires some other form of authentication and ultimately results in a user resetting a password
without the assistance of help desk personnel.
4. An organization has put a policy in place that does not allow users to choose a password they have used in the
last six months. This example demonstrates a password reuse restriction.
26 | Domain 1 Lesson 4: Password Policies Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Domain 1 Lesson 5
27 | Domain 1 Lesson 5: Password Policies Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Fill-in-the-Blanks
1. An encryption algorithm, or series of steps to encrypt data, uses a special value called an encryption key to
scramble the data, resulting in . [Types of Encryption]
2. Symmetric encryption, also known as key encryption, uses the same key to encrypt and
decrypt data. [Types of Encryption]
3. is a property that guarantees the authenticity of a sender. [Types of

Encryption]
4. A hashing function is called a(n) function because it is very easy to calculate in one direction
but extremely difficult to reverse. [Hashing]
5. A certificate is a(n) that includes a trusted identity and that identity's public key,
which a trusted entity has validated. [Certificates and Public Key Infrastructure]
6. A public key infrastructure (PKI) enables numerous senders and recipients to exchange public keys
and certificates. [Certificates and Public Key Infrastructure]
7. After significant technological advances, it was discovered that the data encryption standard (DES) could be
cracked in about minutes. [Strong vs. Weak Encryption Algorithms]
8. Advanced Encryption Standard (AES) is based on the Rijndael block cipher, which uses keys as large as
bits. [Strong vs. Weak Encryption Algorithms]
9. The three most common data states are data at rest, data in transit, and data in . [States of Data and
Appropriate Encryption]
10. Data at refers to data stored on storage media. [States of Data and Appropriate
Encryption]
11. Windows is an effective tool for inspecting data at rest. [States of Data and
12. Data in generally refers to data being transmitted over a network. [States of Data and
13. Data in use describes data that resides in the of a device or computer. [States of Data and
14. The only way different computers or devices can talk to one another over connections is to agree
on the communication rules, also called protocols. [Protocols Using Encryption]
15. is a popular program that transfers files over File Transfer Protocol (FTP). [Protocols
Using Encryption]
Encryption Project Details
Project file
Encryption is a cryptographic technique that converts data from plaintext to N/A
ciphertext and ciphertext to plaintext. Plaintext is human-readable data that is
unencrypted, and ciphertext, the product of an encryption algorithm, is
5 minutes
unreadable by humans. The two main categories of encryption are symmetric
and asymmetric. Symmetric encryption differs from asymmetric encryption Video reference
because it uses the same key to encrypt and decrypt data, whereas asymmetric Domain 1
Topic: Encryption Methods and
encryption uses public and private keys.
Applications
Subtopic: Types of Encryption
Purpose
Objectives covered
Upon completing this project, you will better understand encryption and how 1 Essential Security Principles
encryption is used to protect data and authenticate senders. 1.4 Explain encryption methods and
applications
Steps for Completion 1.4.1 Types of encryption
1. Which type of encryption is commonly used to encrypt disk Notes for the teacher
drives? c If time permits, students should
experiment with different encryption
a. Ciphertext encryption algorithms using the encryption tool
found at
b. Plaintext encryption https://codebeautify.org/encrypt-
decrypt
c. Symmetric encryption An additional exercise could consist of
students passing short phrases to each
d. Asymmetric encryption other by providing only an algorithm
type, public key, and the encrypted data
2. Explain why symmetric encryption is better suited for storing data than (symmetric encryption).
transmitting data.
Transm
3. Bob and Alice have each created a key pair consisting of a public and private key. Which key should Bob use to
encrypt data before transmitting the data to Alice, ensuring that the data is protected and that only Alice can
decrypt the data?
a. Bob’s private key
b. Bob’s public key
c. Alice’s private key
d. Alice’s public key
4. How could encryption key pairs be used to guarantee the authenticity of a sender?
29 | Domain 1 Lesson 5: Encryption Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Hashing Project Details
Project file
Cryptography is the study of encrypting and decrypting data. The previous N/A
project covered encryption, one example of a cryptographic function. Hashing is
another example of a cryptographic function. The product of a hashing function
5 minutes
is known as a hash, and a hash is virtually irreversible. For that reason, it is
standard practice to store passwords as hashes. Video reference
Domain 1
When a user attempts to authenticate to a system, the password they provide is Topic: Encryption Methods and
entered into a hashing function, and the resulting hash is compared to a Applications
password hash in a database. If the two hashes match, it can be assumed that Subtopic: Hashing
the user has supplied the correct password. Objectives covered
Purpose 1.4 Explain encryption methods and
applications
Upon completing this project, you will better understand hashing and how it 1.4.2 Hashing
differs from encryption.
Steps for Completion If time permits, students should create a
list of five to ten similar phrases and
1. A standard hashing algorithm takes an arbitrary-sized input and returns select one as the target phrase.
a(n) fixed length string. Students should share those phrases
and a hash with a partner. The partner
2. Label the following statements as true or false. should use the hash to discover which is
the target phrase. The hash calculator
a. true Hashing algorithms are well-suited for found at
protecting data integrity. https://andersbrownworth.com/blockch
ain/hash is an easy-to-use hashing tool.
b. false Constructing two different inputs that produce
that same output is exceedingly common.
3. The properties of hashing algorithms make them well-suited for protecting data integrety .
4. Alice calculates a message's hash value before sending it to Bob, and Bob receives the message and calculates a
hash value using the same hash function. What assumptions can be made if the two hashes do not match?
the message was modified
30 | Domain 1 Lesson 5: Hashing Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Certificates and Public Key Project Details
Project file
Infrastructure N/A

Certificates and certificate management were developed to address the growing 5 minutes
need for trusted public keys. A certificate includes a trusted identity and a public Video reference
key verified by a trusted entity referred to as a certificate authority (CA). Domain 1
Certificates ultimately provide a secure and trusted means for sharing public Topic: Encryption Methods and
keys. A public key infrastructure (PKI) accommodates many senders and Applications
recipients who wish to exchange public keys and trust certificates. PKI assists in Subtopic: Certificates and Public
Key Infrastructure
finding public keys, verifying senders, and decrypting data to enforce CIA.
Objectives covered
1.4 Explain encryption methods and
Upon completing this project, you will better understand certificates, PKI, and applications
how each helps to provide a level of trust between consumers and providers 1.4.3 Certificates
over the internet. 1.4.4 Public key infrastructure (PKI)

If time permits, students should view a
1. A trusted entity is known as certificate in Google Chrome. Students
may use the following blog post as a
a(n) .
guide.
2. Certificates enable the sharing of keys and trust in the https://www.howtogeek.com/292076/h
ow-do-you-view-ssl-certificate-details-
source of those keys.
in-google-chrome/
3. The Certificates Manager can be accessed by entering
the command into a Windows run
dialog box.
4. A digital signature is very similar to encrypting and decrypting data using cryptography.
5. In your own words, describe the purpose of a PKI.
31 | Domain 1 Lesson 5: Certificates and Public Key Infrastructure Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Encryption Algorithms Project Details
Project file
Encryption algorithms vary in strength and complexity. As hardware becomes N/A
faster, encryption algorithms must evolve using longer keys and more complex
techniques. Selecting the correct algorithm for a specific application is not as
5 minutes
simple as selecting the most complex algorithm. The necessary strength of an
algorithm should be dictated by the period that the data needs to be secure. For Video reference
example, data that only needs to be protected for 24 hours does not need to be Domain 1
encrypted using an algorithm that takes an estimated 72 hours to crack.
Applications
Subtopic: Strong vs. Weak
Purpose Encryption Algorithms
Upon completing this project, you will better understand the characteristics of Objectives covered
encryption algorithms that determine the strength of that algorithm. 1 Essential Security Principles
Steps for Completion applications
1.4.5 Strong vs. weak encryption
1. How is the strength of an algorithm measured? algorithms

If time permits, students should explore
this short article from IBM that covers
AES and DES in more detail.
2. In the 1970s, which algorithm was adopted by the US government as its https://www.ibm.com/docs/en/zos/2.4.0
standard encryption algorithm? ?topic=encryption-what-is-des-aes
3. What is the name of the state-of-the-art symmetric encryption algorithm based on the Rijndael block cipher?
4. Label the following statements as true or false.
a. Data that only needs to be protected for short periods does not need the strongest
encryption algorithms.
b. Advanced Encryption Standard (AES) is expected to keep data secure for the foreseeable
future.
c. The relative time it takes to crack an encryption algorithm is based on the attacker’s IP
address and the state of technology at the time of the attack.
32 | Domain 1 Lesson 5: Encryption Algorithms Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
States of Data Project Details
Project file
Data should be treated differently at each stage of its lifecycle. This lifecycle N/A
consists of three states: data in transit, data at rest, and data in use. Data in
transit refers to data moving from one storage location to another, typically
5 minutes
across a network. Data at rest refers to data that resides on physical storage
media, and data in use refers to data that resides in computer memory. Security Video reference
professionals are responsible for utilizing the proper protocols and procedures Domain 1
for securing data at each stage of the data lifecycle.
Applications
Subtopic: States of Data and
Purpose Appropriate Encryption
Upon completing this project, you will better understand the three most Objectives covered
common data states used to determine the best possible encryption algorithm. 1 Essential Security Principles
Steps for Completion applications
1.4.6 States of data and
1. List four examples of storage media that are commonly used for data appropriate
that is at rest. encryption (data in transit, data at
rest, data in use)
a.
b. If time permits, students should list
three examples of each data state (data
c. in transit, data at rest, and data in use).
d.
2. What are the two types of encryption typically best suited for data at rest?
3. Which protocol is used to secure HTTP traffic?
4. Label the following statement as true or false.
Symmetric encryption algorithms are faster than asymmetric encryption algorithms.
5. Which Windows tool can be used to view data in transit?
6. Why is symmetric encryption the most common encryption type when working with data in use?
33 | Domain 1 Lesson 5: States of Data Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Protocols Using Encryption Project Details
Project file
Computers and devices rely on communication protocols to communicate with N/A
one another over a network. A protocol is a set of rules that dictates how data is
formatted and processed between nodes. The most common example of a
5 minutes
communication protocol is the Hypertext Transfer Protocol (HTTP). HTTP is an
insecure protocol because the data travels in plaintext. Hypertext Transfer Video reference
Protocol Secure (HTTPS) is the secure version of HTTP by which traffic is Domain 1
encrypted while in transit. It is not uncommon for a protocol to have a secure
Applications
and insecure version. Security professionals should restrict the use of insecure Subtopic: Protocols Using
protocols whenever possible. Encryption
Purpose Objectives covered

Upon completing this project, you will better understand common encryption 1.4 Explain encryption methods and
protocols. applications
1.4.7 Protocols that use encryption
If time permits, students should
1. The most common control in use today for data in transit
experiment with transferring dummy
is . text files using Filezilla.
2. List three functionalities IP Security (IPsec) protocol provides for
communication between two entities.
a.
b.
c.
3. HTTPS is transmitted over one of two protocols. List those two protocols.
a.
b.
4. Which protocol supports remote communication in a secure manner?
34 | Domain 1 Lesson 5: Protocols Using Encryption Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition

Cisco Certified Support Technician Cybersecurit Workbook D1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cisco Certified Support Technician Cybersecurit Workbook D1

Uploaded by

Copyright:

Available Formats

Cisco Certified Support Technician:

All rights reserved. Unauthorized reproduction or distribution is prohibited.

Our Instructional Technology

Course Training Model

• LearnKey’s Cisco Certified Support Technician: Cybersecurity courseware.

• Refer to your course representatives for further support.

Explain common threats and vulnerabilities.

Explain access management principles.

Explain encryption methods and applications.

Describe TCP/IP protocol vulnerabilities.

Explain how network addresses impact network security.

Describe network infrastructure and technologies.

Set up a secure wireless SOHO network.

Implement secure access technologies.

Describe operating system security concepts.

Demonstrate familiarity with appropriate endpoint tools that

Implement software and hardware updates.

Interpret system logs.

Demonstrate familiarity with malware removal.

Explain vulnerability management.

Use threat intelligence techniques to identify potential network

Explain risk management.

Explain the importance of disaster recovery and business

Monitor security events and know when escalation is required.

Explain the impact of compliance frameworks on incident

Describe the elements of cybersecurity incident response.

Domain 2 Video Time

Domain 3 Video Time

Domain 4 Video Time

Domain 5 Video Time

1. A(n) can be a computer, device, network component, building, or even data.

3. Cybersecurity attackers use attacks, also known as exploits. [Vulnerabilities,

4. A risk is the that a threat will be realized against a vulnerability.

6. A security is any safeguard that detects, avoids, prevents, or minimizes

Estimated completion time

a. An employee who fails to follow security

3. One of the primary phases of attack is discovering vulnerabilities in a victim’s

5. What is an attack vector?

6. Describe the difference between an exploit and an attack vector.

Estimated completion time

2. Defense-in-depth is a strategy that requires each resource to be

3. One common approach to hardening any system is disabling unneeded .

6. A growing number of now require personnel to adopt their own codes

Estimated completion time

2. What is the most common control used to protect confidentiality in a

3. Describe integrity as it relates to the CIA triad.

4. How does integrity differ from confidentiality?

5. Describe availability as it relates to the CIA triad.

Steps for Completion Notes for the teacher

a. The best-funded, trained, and supported of all cyberattackers.

b. An attacker who remains undetected in an environment for an extended period.

e. An attacker who lacks mature hacking skills.

2. A code of ethics is a statement of and that outlines how a group

2. Following a ransomware attack, is the most common payment method because

5. Each compromised computer is called a in a distributed denial-of-service (DDoS) attack. [Denial of

7. A potential phishing attack can often be identified by errors, low-resolution logos,

9. Man-in-the-middle attacks target the of sessions. [Person-Based Threats and IoT]

b. Malware used to encrypt compromised files before

d. A self-contained and self-replicating program that attempts to spread on its own.

e. A malicious program that masquerades as a safe and useful program.

3. Which control layer helps identify an attack in progress as early as possible?

Notes for the teacher

A DoS attack is far more effective than a DDoS attack