Portfolio

Google Cybersecurity Professional Course Security Audit Conduct a security audit Incident Report Use the NIST Cybersecurity Framework to respond to a security incident Linux Commands Use Linux commands to manage file permissions SQL Queries Apply filters to SQL queries Vulnerability Assessment Conduct a vulnerability assessment based on NIST SP-800-30 Incident Handler’s Journal Documenting of incident responses File handling in Python Using Python to maintain a security related file (allow-list_ How-to articles Wazuh XDR and SIEM ...

Back to index Project description This project describes an activity of updating a text file, based on the necessity of the business. It is designed for a process to maintain allow-list-based access control list. In order to restrict access of unauthorized users, businesses are required to review the list and remove access privileges on a need-to basis. With a given list of IP addresses, the program will remove them from the allow-list and write IP addresses back to the text file. ...

Back to index Entry 1: Analyzing ransomeware incident Entry 2: Analyzing phishing email Entry 3: Following up with playbook Entry 4: Review on incident final report Entry 5: Using Splunk to analyze malicious logins Entry 6: Using Chronicle to analyze phishing attempts Entry 1 Date: 07/19/2023 Description Ransomeware damaged a clinic. A small U.S. health care clinic experienced a security incident on Tuesday at 9:00 a.m. which severely disrupted their business operations. ...

Back to index NIST SP 800-30 Rev.1 (given) Vulnerability Assessment Report NIST SP 800-30 Rev.1 Guide to assessing risk NIST SP 800-30 is a publication that provides guidance on performing risk assessments. It outlines strategies for identifying, analyzing, and remediating risks. Organizations use NIST SP 800-30 to gain insights into the potential likelihood and severity of risks—helping them make informed decisions about allocating resources, implementing controls, and prioritizing remediation efforts. ...

Back to index Scenario(given) Apply filters to SQL queries Scenario You are a security professional at a large organization. Part of your job is to investigate security issues to help keep the system secure. You recently discovered some potential security issues that involve login attempts and employee machines. Your task is to examine the organization’s data in their employees and log_in_attempts tables. You’ll need to use SQL filters to retrieve records from different datasets and investigate the potential security issues.

Back to index Scenario(given) Current file permissions(given) File permissions in Linux Scenario You are a security professional at a large organization. You mainly work with their research team. Part of your job is to ensure users on this team are authorized with the appropriate permissions. This helps keep the system secure. Your task is to examine existing permissions on the file system. You’ll need to determine if the permissions match the authorization that should be given. If they do not match, you’ll need to modify the permissions to authorize the appropriate users and remove any unauthorized access. ...

Back to index Project Setup Incident Report Analysis Project Setup Review the scenario below. Then complete the step-by-step instructions. You are a cybersecurity analyst working for a multimedia company that offers web design services, graphic design, and social media marketing solutions to small businesses. Your organization recently experienced a DDoS attack, which compromised the internal network for two hours until it was resolved. During the attack, your organization’s network services suddenly stopped responding due to an incoming flood of ICMP packets. Normal internal network traffic could not access any network resources. The incident management team responded by blocking incoming ICMP packets, stopping all non-critical network services offline, and restoring critical network services. ...

Back to index Project Setup Controls assessment Compliance checklist Stakeholder memorandum Project Setup Summary Perform an audit of Botium Toys’ cybersecurity program. The audit needs to align current business practices with industry standards and best practices. The audit is meant to provide mitigation recommendations for vulnerabilities found that are classified as “high risk,” and present an overall strategy for improving the security posture of the organization. The audit team needs to document their findings, provide remediation plans and efforts, and communicate with stakeholders. ...

Back to Vulnerbility Assessment System Description The server hardware consists of a powerful CPU processor and 128GB of memory. It runs on the latest version of Linux operating system and hosts a MySQL database management system. It is configured with a stable network connection using IPv4 addresses and interacts with other servers on the network. Security measures include SSL/TLS encrypted connections. Scope The scope of this vulnerability assessment relates to the current access controls of the system. The assessment will cover a period of three months, from June 20XX to August 20XX. NIST SP 800-30 Rev. 1 is used to guide the risk analysis of the information system. ...

Back to SQL Queries Project description This project is for investigating security issues to help keep the system secure. Based on findings that some potential security issues involve login attempts and employee machines. We use SQL filters to retrieve records from different datasets and investigate potential security issues. Retrieve after hours failed login attempts In order to list all after-hours failed logins, which are suspicious in this case, we performed a SQL query as follows. Since hour regular hour ends at 18:00:00, we set the condition accordingly. ...