Overview

Introduction

Welcome to the Working with Tools and Methods of Malware Prevention, Detection and Removal Practice Lab. In this module you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

  • Exercise 1 - Use Recovery console
  • Exercise 2 - Using Backup and Restore
  • Exercise 3 - Educate the End User
  • Exercise 4 - Learn About Malware
  • Exercise 5 - Learn About Social Engineering
  • Exercise 6 - Learn about the Denial-of-Service (DoS) Attack
  • Exercise 7 - Learn about the Distributed Denial-of-Service Attack
  • Exercise 8 - Learn about Zero Day
  • Exercise 9 - Learn about Man-in-the-middle Attack
  • Exercise 10 - Learn about the Brute Force Attack
  • Exercise 11 - Learn about the Dictionary Attack
  • Exercise 12 - Learn About the Rainbow Table
  • Exercise 13 - Learn About the Spoofing Attack
  • Exercise 14 - Learn About Non-compliant Systems
  • Exercise 15 - Learn about Zombie Systems

After completing this lab, you will be able to:

  • Using the Recovery Console
  • Use Backup and Restore (Windows 7) in Windows 10
  • Educate the End User
  • Learn about Malware
  • Identify Different Types of Social Engineering
  • Learn about the Denial of service attack
  • Learn about the Distributed Denial-of-Service Attack
  • Learn about Zero-day
  • Learn about Man-in-the-middle Attack
  • Learn about the Brute Force Attack
  • Learn about the Dictionary Attack
  • Learn About the Rainbow Table
  • Learn About the Spoofing Attack
  • Learn About Non-compliant Systems
  • Learn about Zombie Systems

Exam Objectives

The following exam objectives is covered in this lab:

  • 220-1002: 2.3 Given a scenario, detect, remove, and prevent malware using appropriate tools and methods

Lab Duration

It will take approximately 1 hour to complete this lab.

Exercise 1 - Use Recovery console

The Recovery Console contains a set of computer recovery related options, which allow you to perform the following activities:

  • Solving issues related to the operating system’s loading
  • Restoring an operating system
  • Performing the windows memory diagnostics activity
  • Starting the Command Prompt
  • Performing a factory restoration activity

The Recovery Console is accessed during the booting process of a machine.

In this exercise, you will learn about the Windows Recovery Console.

Learning Outcomes

After completing this exercise, you will be able to:

  • Using the Recovery Console

Exercise 2 - Using Backup and Restore

Data loss means that the data is no longer available to the owner and has been deleted from the system. There can be various reasons due to which data loss on a system can occur. Some of the key reasons are:

  • Hard drive failure
  • Virus attacks
  • Accidental or unintentional deletion

To prevent data loss, backups should be taken. A backup is a copy of the data. You should never take the backup on the same system. Assume that you have taken the backup of a critical data folder in C drive and saved it on another drive, which is drive D. Both C and D are two partitions on the same hard drive. If the hard drive fails, then the user will lose the main data and the backup data. Therefore, it is always recommended that the data must be taken on a different system or backup media, such as DVD or tape drive. With technology advancement over the years, cloud backups are more popular than the first two methods. However, there may be an organizational policy or a restriction due to law. In that case, you will be forced to take backups on the tape drives, DVDs, or another server within your network, which can also extend to remote offices.

Restore is the process of retrieving the data from an archive. When a user loses the data, the backups are retrieved, and data is restored.

In this exercise, you will learn to use Backup and Restore (Windows 7) in Windows 10.

Learning Outcomes

After completing this exercise, you will be able to:

  • Use Backup and Restore (Windows 7) in Windows 10

Exercise 3 - Educate the End User

User mistakes are one of the major security concerns today. Majority of the cyber-attacks are possible due to a human error. This fact highlights the importance of educating the end user about data security. It is necessary to educate end users about some of the key aspects of system security:

  • Social Engineering
  • Password Protection
  • Device security
  • Physical security

Learning Outcomes

After completing this exercise, you will be able to:

  • Educate the end user

Exercise 4 - Learn About Malware

Malware is a type of software that is designed to harm a system.

Malware can cause the following:

  • System lockups
  • System slowness
  • Application crashes
  • Applications generating unexpected output

Malware is divided into a number of categories based on its nature. The different type of malware is listed below.

Learning Outcomes

After completing this exercise, you will be able to:

  • Learn about Malware

Exercise 5 - Learn About Social Engineering

Social engineering is an act of getting people to perform an activity, such as revealing information. People are made to believe that they are doing a harmless activity. However, the true consequences of that activity are hidden from them. Social engineering is carried out by attackers for various reasons. For example, gathering confidential information, gaining unauthorized access to a protected area, etc. By using this gathered information or by gaining the unauthorized access, the attacker then performs activities that are harmful for a user.

Learning Outcomes

After completing this exercise, you will be able to:

  • Identify Different Types of Social Engineering

Exercise 6 - Learn about the Denial-of-Service (DoS) Attack

Denial of Service (DoS) attack, as the name implies, is intended to deny legitimate users the access to websites and other online services. Most DoS attacks exploit vulnerabilities in applications or in the communication protocols.

Sometimes, a legitimate activity can be mistaken as a DoS attack. This would be due to a very large number of legitimate users trying to access the server at the same time. In the case of a DoS attack, the end result is the same, though for a different reason.

The basic purpose of a Denial of Service Attack (DoS) is to block legitimate users from accessing the system. The attacker does it without actually accessing the system. In most other Cyberattacks, the attacker’s primary motive is to breach the security of your network to access valuable or sensitive information. However, in DoS attacks, the purpose is to make the target website and servers unavailable to legitimate users.

Learning Outcomes

After completing this exercise, you will be able to:

  • Learn about the Denial of service attack

Exercise 7 - Learn about the Distributed Denial-of-Service Attack

Learning Outcomes

After completing this exercise, you will be able to:

  • Learn about the Distributed Denial-of-Service Attack

Exercise 8 - Learn about Zero-Day

In a zero-day attack, an unknown vulnerability of an application or device is exploited. Since it is unknown and undetected at the time of the attack, it is named as the zero-day attack.

Learning Outcomes

After completing this exercise, you will be able to:

  • Learn about Zero-day

Exercise 9 - Learn about Man-in-the-middle Attack

Learning Outcomes

After completing this exercise, you will be able to:

  • Learn about Man in the middle attack

Exercise 10 - Learn about the Brute Force Attack

Learning Outcomes

After completing this exercise, you will be able to:

  • Learn about the Brute Force Attack

Exercise 11 - Learn about the Dictionary Attack

Learning Outcomes

After completing this exercise, you will be able to:

  • Learn about the Dictionary Attack

Exercise 12 - Learn About the Rainbow Table

Learning Outcomes

After completing this exercise, you will be able to:

  • Learn About the Rainbow Table

Exercise 13 - Learn About the Spoofing Attack

Learning Outcomes

After completing this exercise, you will be able to:

  • Learn About the Spoofing Attack

Exercise 14 - Learn About Non-compliant Systems

A system is said to be non-compliant if it does not follow set standards or guidelines. Such systems are poorly maintained, and they cause various security issues, such as data loss or theft. In the information security context, a system is said to be non-compliant, if it does not meet the set security standards.

Learning Outcomes

After completing this exercise, you will be able to:

  • Learn About Non-compliant Systems

Exercise 15 - Learn about Zombie Systems

A zombie system, which is connected to the Internet, is typically either infected by malware or is being controlled by a hacker. The owner of a zombie system is unaware that his or her system is being used for various malicious tasks, such as sending out spam or launching Denial-of-Service attacks. A zombie network consists of hundreds or thousands of zombie systems and is known as a botnet.

Learning Outcomes

After completing this exercise, you will be able to:

  • Learn about Zombie Systems

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.