# Cybersecurity

**Cybersecurity Intern (MSP + Training role)**.

---


### A. Managed IT & Security Services (MSP)

You support and help protect **real client systems**.

Key ideas:

* Tier 1 helpdesk support
* Monitoring security alerts
* Assisting senior engineers
* Following procedures carefully

### B. Training & Education Support

You help **students and beginners** understand cybersecurity.

Key ideas:

* Explaining technical concepts clearly
* Supporting labs and virtual environments
* Assisting during live training sessions

---

## 2. Core Cybersecurity Concepts

### What Is Cybersecurity?

Cybersecurity is the practice of **protecting systems, networks, and data** from digital attacks.

---

### The CIA Triad (Very Important)

| Principle       | Meaning (Plain English)                     |
| --------------- | ------------------------------------------- |
| Confidentiality | Only authorized people can access data      |
| Integrity       | Data is accurate and not altered            |
| Availability    | Systems and data are accessible when needed |

You should be able to explain each in **one sentence**.

---

## 3. Common Cyber Threats (Recognition Only)

| Threat      | Simple Explanation                    |
| ----------- | ------------------------------------- |
| Phishing    | Fake emails/messages that trick users |
| Malware     | Harmful software                      |
| Ransomware  | Locks files and demands payment       |
| Brute-force | Repeated password guessing            |
| Zero-day    | A vulnerability with no patch yet     |

You do **not** need technical depth here.

---

## 4. Service Desk / Tier 1 Support

### What Is Tier 1 Support?

Tier 1 is the **first line of support** for users who experience IT or security issues.

### Typical Workflow

| Step | Action                        |
| ---- | ----------------------------- |
| 1    | User reports an issue         |
| 2    | Verify the user               |
| 3    | Perform basic troubleshooting |
| 4    | Document actions taken        |
| 5    | Escalate if necessary         |

### Common Issues

* Password resets
* Software errors
* MFA problems

**Strong intern statement**:

> I document everything and escalate issues when needed.

---

## 5. SIEM and Security Monitoring

### What Is SIEM?

A SIEM is a system that **collects logs from many sources and raises alerts** when suspicious activity is detected.

### Your Role as an Intern

* Monitor dashboards
* Review alerts
* Identify false positives
* Escalate real threats

### Example Alerts

* Multiple failed login attempts
* Unusual traffic from a single IP address

---

## 6. Vulnerability Management

### What Is Vulnerability Scanning?

The process of finding **weaknesses in systems** before attackers exploit them.

### Tools You Can Mention

| Tool   | Purpose                |
| ------ | ---------------------- |
| Nmap   | Network scanning       |
| Nessus | Vulnerability scanning |

### Your Involvement

* Assist in scans
* Help document findings
* Support remediation reports

---

## 7. Endpoint Protection and MFA

### Endpoint Protection (AV / EDR)

Protects computers and devices from malware and suspicious behavior.

### Multi-Factor Authentication (MFA)

Requires more than a password (e.g., phone code or app).

**Key idea**: Even if a password is stolen, access is still blocked.

---

## 8. Networking Fundamentals (Intern Level)

### What Is a Network?

A network allows devices to **communicate and share data**.

---

### Common Network Devices

| Device    | Purpose                                  |
| --------- | ---------------------------------------- |
| PC / Host | Sends and receives data                  |
| Switch    | Connects devices in a local network      |
| Router    | Connects different networks              |
| Firewall  | Allows or blocks traffic                 |
| Server    | Provides services (DNS, websites, email) |

---

### IP Address

A unique number that identifies a device on a network.

Example: 192.168.1.10

---

### DNS (Frequently Asked)

DNS converts **domain names into IP addresses**.

Example: google.com → IP address

---

### HTTP vs HTTPS

| Protocol | Description          |
| -------- | -------------------- |
| HTTP     | Not encrypted        |
| HTTPS    | Encrypted and secure |

---

### TCP vs UDP (Concept Only)

| TCP           | UDP                   |
| ------------- | --------------------- |
| Reliable      | Faster                |
| Error-checked | No delivery guarantee |

---

### VPN

A VPN creates an **encrypted connection** over the internet to protect data.

---

## 9. Tools You Should Recognize

| Tool             | Basic Purpose             |
| ---------------- | ------------------------- |
| Wireshark        | Packet analysis           |
| Nmap             | Network scanning          |
| Linux CLI        | Command-line interaction  |
| Virtual Machines | Safe testing environments |

Suggested phrase:

> I have basic exposure to these tools and I am eager to gain more hands-on experience.

---

## 10. Training and Communication Skills

You may be asked to explain a concept to a beginner.

### Example: Explain Phishing

Phishing is when attackers pretend to be trusted companies to trick people into clicking links or sharing information.

They evaluate:

* Clarity
* Calm explanation
* Ability to simplify

---

## 11. Possible Demonstration Scenarios

### Phishing Identification

* Inspect sender and links
* Do not click attachments
* Report and escalate

### SIEM Alert Review

* Check alert details
* Identify false positives
* Escalate real incidents

### Helpdesk Roleplay

* Verify user
* Troubleshoot calmly
* Document actions

---

## 13. Key Statements to Remember

1. Security is about prevention, detection, and response.
2. Networking is the foundation of cybersecurity.
3. I understand my limits and escalate when needed.
4. Clear communication is critical in cybersecurity.
5. I am eager to learn and improve continuously.




# Cybersecurity

*(Questions + Ideal Answers)*

---

## Section A: Core Cybersecurity Knowledge

### 1. What is cybersecurity?

**Answer:**
Cybersecurity is the practice of protecting systems, networks, and data from digital attacks, unauthorized access, and damage.

---

### 2. Explain the CIA Triad.

**Answer:**

* **Confidentiality** ensures only authorized users can access data.
* **Integrity** ensures data is accurate and not altered.
* **Availability** ensures systems and data are accessible when needed.

---

### 3. What is phishing?

**Answer:**
Phishing is a social engineering attack where attackers pretend to be trusted sources to trick users into clicking links or revealing sensitive information.

---

### 4. What is a zero-day vulnerability?

**Answer:**
A zero-day vulnerability is a security flaw that is exploited before a patch or fix is available.

---

## Section B: MSP / Service Desk Scenarios

### 5. A user reports they cannot log in. What steps do you take?

**Answer:**
I would verify the user’s identity, ask for details about the issue, perform basic troubleshooting, document the actions taken, and escalate if the issue cannot be resolved.

---

### 6. Why is documentation important in an MSP environment?

**Answer:**
Documentation ensures accountability, helps other team members understand what was done, and allows issues to be resolved faster in the future.

---

### 7. What would you do if you are unsure about fixing a client issue?

**Answer:**
I would check documentation, ask a senior engineer if needed, and avoid making changes that could impact the client system.

---

## Section C: Security Monitoring & SIEM

### 8. What is a SIEM?

**Answer:**
A SIEM is a system that collects and analyzes logs from multiple sources to detect suspicious activity and generate security alerts.

---

### 9. You see many failed login attempts from one IP address. What does this indicate?

**Answer:**
It may indicate a brute-force attack or suspicious activity and should be reviewed and escalated.

---

### 10. What is a false positive?

**Answer:**
A false positive is an alert that appears suspicious but is actually normal or harmless activity.

---

## Section D: Vulnerability Management

### 11. What is vulnerability scanning?

**Answer:**
Vulnerability scanning is the process of identifying weaknesses in systems so they can be fixed before attackers exploit them.

---

### 12. Name one tool used for vulnerability scanning.

**Answer:**
Nmap or Nessus.

---

## Section E: Networking Fundamentals

### 13. What is an IP address?

**Answer:**
An IP address is a unique identifier assigned to a device on a network so it can communicate with other devices.

---

### 14. What does DNS do?

**Answer:**
DNS translates domain names into IP addresses.

---

### 15. What is the difference between HTTP and HTTPS?

**Answer:**
HTTPS encrypts data to make communication more secure, while HTTP does not.

---

### 16. What is a router?

**Answer:**
A router connects different networks and directs traffic between them.

---

### 17. What is a VPN?

**Answer:**
A VPN creates an encrypted connection over the internet to protect data and privacy.

---

## Section F: Tools & Concepts

### 18. What is Wireshark used for?

**Answer:**
Wireshark is used to capture and analyze network traffic.

---

### 19. What is Nmap used for?

**Answer:**
Nmap is used for network discovery and scanning.

---

### 20. Why are virtual machines used in cybersecurity training?

**Answer:**
Virtual machines allow safe testing and practice without affecting real systems.

---

## Section G: Training & Communication

### 21. Explain MFA to a non-technical person.

**Answer:**
MFA adds an extra step when logging in, like a code sent to your phone, so even if someone knows your password, they still cannot access your account.

---

### 22. Why is communication important in cybersecurity?

**Answer:**
Clear communication helps prevent mistakes, ensures users understand security risks, and allows teams to respond effectively to incidents.

---


