Module 5 challenge: Defense in Depth:IT Security: Defense against the digital dark arts(Google IT Support Professional Certificate) Answers:2025

Question 1

A hacker gained access to a network through malicious email attachments. Which one of these is important when talking about methods that allow a hacker to gain this access?

✅ An attack vector
❌ An attack surface
❌ An ACL
❌ A 0-day

Explanation:
An attack vector is the method or pathway a hacker uses to gain unauthorized access — e.g., malicious email attachments, phishing links, or infected USBs.

---

Question 2

A core authentication server is exposed to the internet and is connected to sensitive services. What measures can you take to secure it?

✅ Patch management
✅ Designate as a bastion host
✅ Access Control Lists (ACLs)
✅ Secure firewall

Explanation:

• Patch management → Keeps vulnerabilities fixed.

• Bastion host → A hardened server designed for internet exposure.

• ACLs → Restrict traffic to authorized IPs only.

• Firewall → Filters and blocks malicious connections.

---

Question 3

A network security analyst received an alert about malware on a user’s computer. What can the analyst review for detailed info?

✅ Security Information and Event Management (SIEM) system
✅ Logs
❌ Full disk encryption (FDE)
❌ Binary whitelisting software

Explanation:
SIEM aggregates and analyzes logs from various sources for threat detection. Reviewing logs helps the analyst trace attack origins and actions taken by malware.

---

Question 4

Which of these play an important role in keeping attack traffic off your systems and help protect users?

✅ Antimalware measures
✅ Antivirus software
❌ Full disk encryption (FDE)
❌ Multiple attack vectors

Explanation:
Antivirus and antimalware software identify, block, and remove malicious code. They prevent infection and reduce system exposure.

---

Question 5

What does full-disk encryption protect against?

✅ Data theft
✅ Data tampering
❌ Eavesdropping
❌ Malware

Explanation:
Full-disk encryption (FDE) ensures that even if a device is stolen, its stored data remains unreadable and unalterable without the encryption key.

---

Question 6

What does applying software patches protect against?

✅ Newly found vulnerabilities
❌ MITM attacks
❌ Data tampering
✅ Undiscovered vulnerabilities

Explanation:
Patching fixes known vulnerabilities and often mitigates zero-day or uncovered exploits, improving overall system resilience.

---

Question 7

Besides software, what else needs patches?

✅ Operating systems
✅ Infrastructure firmware
❌ Hardware no longer supported
❌ NFC tags

Explanation:
Patches apply not just to software but also to firmware (on routers, servers, etc.) and OS updates, which fix bugs and security gaps.

---

Question 8

What are the two primary purposes of application software policies?

✅ To define boundaries of what applications are permitted
✅ To help educate users on how to use software more securely
❌ Convert log data
❌ Identify malware

Explanation:
Application policies outline approved software and secure usage rules, ensuring compliance and reducing security risks from unauthorized applications.

---

Question 9

While antivirus software operates using a ______, binary whitelisting software uses a whitelist instead.

✅ Blacklist
❌ Whitelist
❌ Greylist
❌ Secure list

Explanation:

• Antivirus → uses a blacklist (known bad files).

• Whitelisting → allows only approved executables to run, blocking everything else.

---

Question 10

Ideally, an attack surface is ___

✅ as small as possible.
❌ as large as possible.
❌ open and defended.
❌ frequently updated.

Explanation:
The attack surface is the total of all possible entry points for attackers. Reducing it minimizes the number of ways a hacker can exploit the system.

---

🧾 Summary Table

---