Cyber Case Scenario – Network Misconfiguration and Lateral Movement In 2020–2021, several organizations experienced data breaches that did not begin with advanced malware, but instead with basic network misconfigurations. In these cases, attackers gained initial access through a compromised workstation and were then able to move laterally across the network due to weak segmentation and improperly configured network devices. In one such incident, a company operated a flat Local Area Network (LAN) where employee workstations, printers, and internal servers all shared the same network segment. The network relied on switches and routers to forward traffic, but no VLANs or access control rules were in place to limit communication between devices. Once an employee unknowingly installed malicious software, the attacker gained access to the network through the infected system’s Network Interface Card (NIC). Using basic network scanning tools, the attacker identified other active devices on the LAN by discovering IP addresses and open ports. Because internal traffic was unrestricted, the attacker was able to communicate freely with file servers and administrative systems. The lack of network segmentation allowed the attacker to send packets directly to sensitive systems without passing through security controls. The attacker exploited weaknesses in network protocols and services running on internal systems, including unprotected file-sharing services and improperly configured ports. By leveraging standard TCP/IP communication, the attacker accessed shared resources and gradually expanded control across the network. No alerts were triggered because the traffic appeared to be normal internal communication. The breach was eventually discovered when administrators noticed unusual network activity and abnormal traffic patterns. During remediation, the organization reconfigured routers and switches to implement network segmentation, restricted device-to-device communication, and enforced stricter firewall rules. Network monitoring tools were also deployed to better observe traffic at different layers of the TCP/IP and OSI models. This incident demonstrates that network fundamentals are directly tied to cybersecurity. Poor IP configuration, lack of segmentation, exposed services, and unrestricted internal communication can allow a single compromised system to lead to a large-scale breach. Understanding how data moves across networks—and how devices, protocols, and layers interact—is essential for designing secure network environments.

Section 2 — Cyber Case Scenario: Cloud Misconfiguration and the Capital One Breach Read Before Answering Read the scenario below carefully.Questions 5–8 refer ONLY to this scenario.

Developmental psychology is defined as:

Research has shown that people learn and grow more from feedback that tells them:

Cyber Case Scenario – Misconfigured File Shares and Excessive Permissions In 2019–2022, many ransomware attacks targeting healthcare systems, school districts, and local governments followed a similar pattern: attackers did not initially break encryption or exploit advanced malware flaws. Instead, they took advantage of misconfigured user accounts and shared network resources within Windows-based environments. In one such incident, a municipal office used a Windows Server file server to host shared folders for departmental documents, backups, and administrative scripts. To simplify access, administrators assigned broad permissions to shared folders, granting the “Everyone” group read and write access. Over time, user accounts were added, removed, and reassigned without regular permission reviews. The attack began when an employee fell victim to a phishing email and unknowingly entered valid login credentials into a fake website. The attacker used those legitimate credentials to authenticate to the internal network as a standard user. Because authentication was successful, no alerts were triggered. Once logged in, the attacker explored the network and discovered multiple shared folders accessible through SMB file sharing. Due to excessive permissions and poor group management, the attacker could access sensitive data, administrative tools, and backup files. In several cases, the attacker found scripts and configuration files that revealed additional account information. The attacker then used these shared resources to move laterally, escalating privileges by exploiting accounts with unnecessary access. Ransomware was deployed from within the network, encrypting files across shared folders that multiple users depended on daily. Because file shares were centrally managed, the impact was immediate and widespread. During recovery, administrators realized that the breach was not caused by a failure of authentication technology, but by poor authorization practices. Users had more access than necessary, group membership was outdated, and permissions were not regularly audited. Applying the principle of least privilege, tightening share permissions, and properly managing user and group accounts significantly reduced risk moving forward. This incident demonstrates that account and resource management is a core cybersecurity defense, not just an administrative task. Even when authentication works correctly, excessive permissions and poorly managed shared resources can allow attackers to cause extensive damage using valid credentials.

Research has shown that delaying gratification:

Cyber Case Scenario – Cloud Misconfiguration and the Capital One Breach In 2019, Capital One disclosed a major data breach that exposed personal information for over 100 million individuals. The incident did not involve breaking cloud infrastructure itself, but rather exploiting a misconfigured cloud environment running on virtualized infrastructure provided by a cloud service provider. Capital One used cloud computing services built on virtualization, where multiple virtual machines and services shared underlying physical hardware. While the cloud provider was responsible for securing the physical infrastructure and hypervisor layer, Capital One was responsible for configuring access controls, permissions, and network security settings within its virtual environment. An attacker exploited a misconfigured firewall and overly permissive access controls associated with a virtualized server. This allowed unauthorized access to cloud-hosted storage containing sensitive customer data. Because the attacker gained access through legitimate cloud interfaces, the breach bypassed traditional security defenses. The attack demonstrated that virtualization isolation alone is not enough to guarantee security. Although virtual machines were isolated from one another at the hypervisor level, weak configuration of identity and access management (IAM) permissions allowed the attacker to move within the cloud environment and extract data at scale. This incident highlighted the importance of the shared responsibility model in cloud computing. While cloud providers secure the underlying virtualization platform, customers must properly configure virtual machines, storage access, network rules, and monitoring tools. Failure to do so can turn the flexibility and scalability of cloud computing into a significant security risk. The Capital One breach reinforced a key Chapter 7 concept: virtualization and cloud technologies are powerful, but security depends heavily on correct configuration, isolation, and access control. Cloud environments are not inherently insecure—but misconfigured virtual resources can expose vast amounts of data with a single mistake.

When a shopper who witnessed someone steal a bracelet from the store is asked to describe what happened, which measure of memory is being used?

Repeated exposure to sexually violent movies leads viewers to experience _____ sympathy for survivors of domestic violence and to rate survivors’ injuries as _____ severe.

Some psychologists believe that mirror neurons in the brain’s frontal lobes enable: