Creekside High School – 10:20 AM It started like any normal school day. Students were working on coding assign

Question

Creekside High School – 10:20 AM
It started like any normal school day. Students were working on coding assignments, submitting projects online, and reviewing for tests using interactive tools.
Suddenly, things began to go wrong.
•	Websites started loading very slowly
•	Some students saw “Connection Timed Out” errors
•	Others received “Page Not Found (404)” messages
•	A few computers froze completely
Teachers quickly reported the issue to the IT department.
________________________________________
The Investigation Begins
The school’s Security Analyst opened the network monitoring dashboard and immediately noticed something unusual.
There was a huge spike in network traffic.
One computer inside the school network was sending hundreds of requests per second to an unknown external server.
________________________________________
Suspicious Activity Detected
As the analyst looked deeper, they discovered:
•	A program called revshell.exe was running
•	The system was executing commands like:
o	whoami
o	net user
This confirmed that the school network had likely been compromised by malware.
________________________________________
Why the Network Became Slow
The infected computer was:
•	Sending massive amounts of data outside the network
•	Increasing overall bandwidth usage
•	Creating network congestion
•	Causing high latency
________________________________________
The Response
The Security Analyst:
1.	Disconnected the infected device
2.	Blocked the suspicious server
3.	Ran malware scans
4.	Reset user accounts
________________________________________
Career Spotlight: Security Analyst
•	📈 High demand (30%+ growth)
•	💰 Salary: $65K – $160K+
•	🛠️ Skills: Networking, cybersecurity, problem-solving
How to Start (Student Pathway):
1.	Learn networking basics (like this class 👀)
2.	Practice labs (TryHackMe, LetsDefend)
3.	Earn certifications (Security+ — like your teacher 👨‍🏫)
4.	Build projects (detect attacks, analyze logs)

DOK 2 — Application (5 Questions)
6.	Why did the network slow down even though Internet access was available?
________________________________________________________________________________________________________________________________________________________________________________________________________________________
7.	How did the infected computer affect other users?
________________________________________________________________________________________________________________________________________________________________________________________________________________________
8.	Why is high latency a problem for users?
________________________________________________________________________________________________________________________________________________________________________________________________________________________
9.	What role did bandwidth play in this issue?
________________________________________________________________________________________________________________________________________________________________________________________________________________________
10.	Why was blocking the external server important?
________________________________________________________________________________________________________________________________________________________________________________________________________________________
________________________________________


DOK 3 — Analysis (5 Questions)
11.	Identify TWO signs that the system was compromised.
________________________________________________________________________________________________________________________________________________________________________________________________________________________
12.	Explain why disconnecting the infected computer fixed the problem.
________________________________________________________________________________________________________________________________________________________________________________________________________________________
13.	Suggest TWO ways to prevent this type of attack in the future.
________________________________________________________________________________________________________________________________________________________________________________________________________________________
14.	Explain how this situation relates to both network performance and cybersecurity.
________________________________________________________________________________________________________________________________________________________________________________________________________________________
15.	Why is a Security Analyst important in an organization like a school?
________________________________________________________________________
________________________________________________________________________________________________________________________________________________

GPT-5 mini · Answer

DOK 2 — Application

6. Why did the network slow down even though Internet access was available?
- The infected computer was saturating the school's bandwidth by sending huge amounts of data outside the network. That congestion increased latency and packet loss, so web pages and services responded very slowly even though the Internet link was still up.

7. How did the infected computer affect other users?
- By consuming most of the available bandwidth and creating high latency, it caused timeouts, failed requests, slow page loads, and even freezes on other machines that relied on the network.

8. Why is high latency a problem for users?
- High latency delays the round-trip time for requests and responses, making interactive tasks (web browsing, video, online tests, remote labs) feel slow, causing timeouts and poor user experience.

9. What role did bandwidth play in this issue?
- Bandwidth is the network’s capacity. The malware used so much of that capacity that normal traffic couldn’t get through, so throughput for legitimate users dropped and the network became congested.

10. Why was blocking the external server important?
- Blocking the external server cut off the attacker’s command-and-control and stopped further data exfiltration and malicious traffic, helping contain the incident and protecting the rest of the network.

DOK 3 — Analysis

11. Identify TWO signs that the system was compromised.
- A suspicious program named revshell.exe was running.  
- A huge spike in outbound network traffic from one internal computer and unusual commands being executed (e.g., whoami, net user).

12. Explain why disconnecting the infected computer fixed the problem.
- Disconnecting removed the source of the malicious traffic, stopping the bandwidth drain and command-and-control communications so the rest of the network could recover normal performance and the infection could be contained.

13. Suggest TWO ways to prevent this type of attack in the future.
- Implement endpoint protection/EDR and application whitelisting to detect and block malicious binaries.  
- Enforce egress filtering and network segmentation (firewalls, block unknown external servers) plus regular patching and user security training.

14. Explain how this situation relates to both network performance and cybersecurity.
- The incident shows that cybersecurity breaches can directly degrade network performance (availability) by overwhelming resources. Conversely, performance monitoring helped detect the security incident early — so network operations and security are tightly linked and both must be managed together.

15. Why is a Security Analyst important in an organization like a school?
- A Security Analyst monitors networks, detects and responds to incidents quickly, protects student/staff data, and restores services so teaching and learning can continue safely and without interruption.

All Answers 1

Submit Your Answer