Module 3: Cyber Attacks, Malware & Threat Hunting

Test your understanding of attack techniques, malware analysis, threat intelligence, and digital forensics

📋 20 Questions ⏱️ 30 Minutes ✅ 70% to Pass

📋 Assessment Instructions

This assessment contains 20 multiple-choice questions
You have 30 minutes to complete the assessment
You need 70% (14 correct answers) to pass
Questions cover attack types, malware, threat intelligence, and forensics
You can review and change answers before final submission
Passing unlocks Module 4: Incident Response & Management

" ], correct: 2, explanation: "The input ' OR '1'='1 modifies the SQL query logic. The condition '1'='1' is always true, potentially bypassing authentication checks entirely." }, { id: 3, question: "What is the primary purpose of ransomware?", options: [ "Stealing banking credentials", "Encrypting files and demanding payment for decryption", "Mining cryptocurrency using victim's resources", "Creating a botnet for DDoS attacks" ], correct: 1, explanation: "Ransomware encrypts victim files and demands payment (usually in cryptocurrency) for the decryption key. Modern variants also threaten to publish stolen data (double extortion)." }, { id: 4, question: "Which malware type specifically records keystrokes to capture passwords and sensitive information?", options: [ "Rootkit", "Keylogger", "Adware", "Worm" ], correct: 1, explanation: "Keyloggers record keystrokes to capture passwords, credit card numbers, and other sensitive information as users type them." }, { id: 5, question: "What distinguishes a worm from a virus?", options: [ "Worms require user interaction to spread", "Viruses can self-replicate across networks without user action", "Worms can self-replicate across networks without user action", "Viruses only affect mobile devices" ], correct: 2, explanation: "Worms are self-replicating malware that spread automatically across networks without requiring user action or host files. Viruses require a host file and often user interaction." }, { id: 6, question: "In the MITRE ATT&CK framework, what do 'Tactics' represent?", options: [ "Specific tools used by attackers", "The adversary's goal or objective (the 'why')", "Step-by-step attack procedures", "Network indicators of compromise" ], correct: 1, explanation: "In MITRE ATT&CK, Tactics represent the adversary's tactical goal or objective—the 'why' of an attack step. Examples include Initial Access, Persistence, and Exfiltration." }, { id: 7, question: "According to the Pyramid of Pain, which indicator type causes the MOST difficulty for attackers when detected?", options: [ "Hash values", "IP addresses", "Domain names", "TTPs (Tactics, Techniques, Procedures)" ], correct: 3, explanation: "TTPs are at the top of the Pyramid of Pain. When defenders detect and block TTPs, attackers must fundamentally change how they operate—their entire methodology." }, { id: 8, question: "What is the primary difference between IDS and IPS?", options: [ "IDS blocks traffic while IPS only alerts", "IPS blocks traffic inline while IDS only monitors and alerts", "IDS works at Layer 7 while IPS works at Layer 3", "IPS is signature-based while IDS is anomaly-based" ], correct: 1, explanation: "IPS (Intrusion Prevention System) operates inline and can block malicious traffic in real-time. IDS (Intrusion Detection System) operates out-of-band and only monitors/alerts." }, { id: 9, question: "In threat hunting, what is a 'hypothesis'?", options: [ "A confirmed security incident", "An educated assumption about potential malicious activity to investigate", "A list of known malware signatures", "An automated alert from SIEM" ], correct: 1, explanation: "In threat hunting, a hypothesis is an educated assumption about potential malicious activity (e.g., 'APT29 may be using OAuth token theft in our environment') that guides the proactive investigation." }, { id: 10, question: "Which tool is commonly used for memory forensics analysis?", options: [ "Wireshark", "Volatility", "Nmap", "Burp Suite" ], correct: 1, explanation: "Volatility is the premier open-source memory forensics framework, used to analyze RAM captures for running processes, network connections, injected code, and other volatile artifacts." }, { id: 11, question: "What is the purpose of a 'write blocker' in digital forensics?", options: [ "To encrypt evidence data", "To prevent any writes to the source evidence drive during imaging", "To compress forensic images", "To delete sensitive data before analysis" ], correct: 1, explanation: "A write blocker (hardware or software) prevents any writes to the source evidence drive, ensuring the original evidence remains pristine and unmodified during forensic imaging." }, { id: 12, question: "Under Indian law, what is MANDATORY for electronic evidence to be admissible in court?", options: [ "Expert witness testimony", "Section 65B certificate", "Original device presented in court", "Police verification report" ], correct: 1, explanation: "Section 65B(4) of the Indian Evidence Act mandates a certificate certifying the authenticity of electronic evidence. Without it, electronic evidence is inadmissible (Anvar P.V. v. P.K. Basheer, 2014)." }, { id: 13, question: "What is 'dwell time' in cybersecurity?", options: [ "Time taken to patch a vulnerability", "Time between breach and detection", "Time to complete a penetration test", "Time users spend on security training" ], correct: 1, explanation: "Dwell time is the period between initial compromise and detection. The longer the dwell time, the more damage attackers can cause. Average dwell time is still over 200 days globally." }, { id: 14, question: "Which attack type involves intercepting communication between two parties?", options: [ "Denial of Service", "Man-in-the-Middle", "SQL Injection", "Cross-Site Scripting" ], correct: 1, explanation: "Man-in-the-Middle (MitM) attacks involve an attacker positioning themselves between two communicating parties, intercepting and potentially modifying their communication." }, { id: 15, question: "What is 'fileless malware'?", options: [ "Malware that doesn't exist", "Malware that operates entirely in memory without touching disk", "Malware stored in cloud services", "Encrypted malware files" ], correct: 1, explanation: "Fileless malware operates entirely in memory without writing files to disk, making it extremely difficult to detect with traditional file-based antivirus solutions." }, { id: 16, question: "In the context of APTs, what does 'persistent' mean?", options: [ "The attack is very fast", "The attacker maintains long-term access to the target", "The malware is difficult to remove", "The attack affects persistent storage" ], correct: 1, explanation: "In Advanced Persistent Threat (APT), 'persistent' refers to the attacker's goal of maintaining long-term, ongoing access to the target environment, often for months or years." }, { id: 17, question: "What is the purpose of CERT-In in India?", options: [ "Issuing digital certificates", "National computer emergency response and coordination", "Prosecuting cyber criminals", "Regulating cryptocurrency" ], correct: 1, explanation: "CERT-In (Indian Computer Emergency Response Team) is the national nodal agency for responding to cybersecurity incidents, issuing advisories, and coordinating incident response across India." }, { id: 18, question: "Which forensic image format includes compression and metadata while being widely accepted in court?", options: [ "Raw DD", "E01 (EnCase)", "ISO", "ZIP" ], correct: 1, explanation: "E01 (EnCase Evidence File) format supports compression, metadata storage, and segmentation while being widely accepted in legal proceedings globally." }, { id: 19, question: "What is 'lateral movement' in the context of cyber attacks?", options: [ "Moving malware between geographic regions", "Attackers moving through a network from system to system after initial access", "Shifting attack techniques over time", "Data moving across network segments" ], correct: 1, explanation: "Lateral movement describes attackers moving from system to system within a network after gaining initial access, typically to reach high-value targets like domain controllers or databases." }, { id: 20, question: "In the Anvar P.V. v. P.K. Basheer (2014) case, what did the Supreme Court rule about Section 65B certificates?", options: [ "They are optional for government agencies", "They are mandatory for electronic evidence admissibility", "They only apply to criminal cases", "They can be submitted after the trial" ], correct: 1, explanation: "The Supreme Court ruled that Section 65B(4) certificate is MANDATORY for admissibility of electronic evidence as secondary evidence. Without it, the evidence is inadmissible." } ]; let currentQuestion = 0; let userAnswers = new Array(questions.length).fill(null); let timerInterval; let timeRemaining = 30 * 60; function startAssessment() { document.getElementById('instructions').style.display = 'none'; document.getElementById('quizContainer').style.display = 'block'; startTimer(); displayQuestion(); } function startTimer() { timerInterval = setInterval(function() { timeRemaining--; const minutes = Math.floor(timeRemaining / 60); const seconds = timeRemaining % 60; document.getElementById('timer').textContent = `${minutes.toString().padStart(2, '0')}:${seconds.toString().padStart(2, '0')}`; if (timeRemaining <= 0) { clearInterval(timerInterval); submitQuiz(); } if (timeRemaining === 300) { alert('⚠️ 5 minutes remaining!'); } }, 1000); } function displayQuestion() { const q = questions[currentQuestion]; const container = document.getElementById('questionContainer'); let optionsHTML = ''; q.options.forEach((option, index) => { const isSelected = userAnswers[currentQuestion] === index; optionsHTML += ` ${option} `; }); container.innerHTML = `

Question ${currentQuestion + 1}

${q.question}

${optionsHTML}

`; document.getElementById('questionCounter').textContent = `Question ${currentQuestion + 1} of ${questions.length}`; document.getElementById('quizProgress').style.width = `${((currentQuestion + 1) / questions.length) * 100}%`; document.getElementById('prevBtn').disabled = currentQuestion === 0; if (currentQuestion === questions.length - 1) { document.getElementById('nextBtn').style.display = 'none'; document.getElementById('submitBtn').style.display = 'inline-block'; } else { document.getElementById('nextBtn').style.display = 'inline-block'; document.getElementById('submitBtn').style.display = 'none'; } } function selectAnswer(index) { userAnswers[currentQuestion] = index; document.querySelectorAll('.option-label').forEach((label, i) => { label.classList.toggle('selected', i === index); }); } function nextQuestion() { if (currentQuestion < questions.length - 1) { currentQuestion++; displayQuestion(); } } function previousQuestion() { if (currentQuestion > 0) { currentQuestion--; displayQuestion(); } } function submitQuiz() { clearInterval(timerInterval); const unanswered = userAnswers.filter(a => a === null).length; if (unanswered > 0) { if (!confirm(`You have ${unanswered} unanswered question(s). Submit anyway?`)) { return; } } let correct = 0; questions.forEach((q, index) => { if (userAnswers[index] === q.correct) { correct++; } }); const percentage = Math.round((correct / questions.length) * 100); const passed = percentage >= 70; document.getElementById('quizContainer').style.display = 'none'; document.getElementById('resultsContainer').style.display = 'block'; document.getElementById('scoreValue').textContent = `${percentage}%`; document.getElementById('scoreDetails').textContent = `You answered ${correct} out of ${questions.length} questions correctly.`; if (passed) { document.getElementById('resultsIcon').textContent = '🎉'; document.getElementById('resultsTitle').textContent = 'Congratulations! You Passed!'; document.getElementById('resultsMessage').textContent = 'You have successfully completed Module 3. Module 4 is now unlocked!'; document.getElementById('nextModuleBtn').style.display = 'inline-block'; document.getElementById('retakeBtn').style.display = 'none'; CCPProgress.recordAssessment('module3', percentage, true); } else { document.getElementById('resultsIcon').textContent = '📚'; document.getElementById('resultsTitle').textContent = 'Not Quite There Yet'; document.getElementById('resultsMessage').textContent = 'You need 70% to pass. Review the lessons and try again!'; document.getElementById('nextModuleBtn').style.display = 'none'; document.getElementById('retakeBtn').style.display = 'inline-block'; CCPProgress.recordAssessment('module3', percentage, false); } } function reviewAnswers() { document.getElementById('resultsContainer').style.display = 'none'; document.getElementById('reviewContainer').style.display = 'block'; let reviewHTML = ''; questions.forEach((q, index) => { const userAnswer = userAnswers[index]; const isCorrect = userAnswer === q.correct; reviewHTML += `

Question ${index + 1} ${isCorrect ? '✅ Correct' : '❌ Incorrect'}

${q.question}

${q.options.map((opt, i) => `

${i === q.correct ? '✅' : (i === userAnswer ? '❌' : '○')} ${opt}

`).join('')}

Explanation: ${q.explanation}

`; }); document.getElementById('reviewContent').innerHTML = reviewHTML; } function showResults() { document.getElementById('reviewContainer').style.display = 'none'; document.getElementById('resultsContainer').style.display = 'block'; } function retakeQuiz() { currentQuestion = 0; userAnswers = new Array(questions.length).fill(null); timeRemaining = 30 * 60; document.getElementById('resultsContainer').style.display = 'none'; document.getElementById('quizContainer').style.display = 'block'; startTimer(); displayQuestion(); }

Module 3: Cyber Attacks, Malware & Threat Hunting

📋 Assessment Instructions

Assessment Complete!

📝 Answer Review

Question ${currentQuestion + 1}