SI110 Spring AY13
choose one:
(or more)
Alpha:___________
□ Received
no help
Name:________________________________ Page 1 of 1
□ Received help from:
□ Collaborated with:________________________________________
Homework:
/SI110/Cyber Operations/Case Studies
Read the section Anatomy of an Attack (Appendix from the article:
http://rona.cs.usna.edu/~si110/lec/l39/hw/index2.html
1. What does the acronym "APT" used in this article mean?
10 / 8 / 6 / 0
2. What kind of file was attached to the phishing e-mail (circle one):
.html
.doc
.xls
.ppt
.pdf
.exe
.fls
.jsx
.php
10 / 8 / 6 / 0
.pl
3. The attached file containd an exploit of a vulnerability in (circle one):
a.
b.
c.
d.
Java Virtual Machine
Windows Media Player
Windows Operating System
Linux Operating System
e.
f.
g.
h.
10 / 8 / 6 / 0
Mac OS X
Adobe Flash
Acrobat PDF Viewer
none of the above
4. The exploit in the attached file was used to install malware. The malware was a
customized version of what (give the name):
10 / 8 / 6 / 0
5. What does the article give as one of the key reasons why detecting an attack like this
one as soon as possible after the initial social engineering / phishing attack is so
40 / 30 / 20 / 0
important.
6. What did the attacker do with the stolen data prior to extracting it (i.e. prior to
10 / 8 / 6 / 0
transferring it from RSA's network to an outside host)?
7. What did the attacker use to transfer the stolen data from RSA's network to an outside
host (circle one):
ssh
http
dns
sftp
rdp
dhcp
smb
irc
aes
rsa
ftp
jsx
pdq
10 / 8 / 6 / 0