cancel
Showing results for 
Search instead for 
Did you mean: 

THWACK Monthly Mission - October 2019

Community Manager
1909_Core_October_THWACK_Mission_Blog_Header_900x300_noCTA.png

October is Cyber Security Awareness Month and all the contestants line up to play a game of Security Sleuth. It seems fun, and in a way it is, until you realize the stakes. You look around you as the game is about to begin and think to yourself which one of these people is the planted mole?

It’s a good ol’ whodunit, and the security of your network, the integrity of your privacy, the very foundation on which you’ve built your IT organization is at risk. So, security sleuth, master of mystery, will you detect defects capable of destroying our data, will you investigate infections imperiling our information, will you expose the evildoers endangering our eudemonia?

Protect us, cybersecurity connoisseur, start your mission.



OCTOBER MISSION

Use the mission’s resources to complete the tasks and answer the questions for a chance to win!

Correctly answer each question during the week and you'll be entered for a chance to win the weekly prize.

Correctly answer all 20 questions over the course of the month and you'll be entered for a chance to win the grand prize.

150 points are being awarded for each correctly answered question. There are 20 questions, which means you can earn a maximum of 3,000 points for this mission.

Want to join the mission, but not a member? Sign up FREE now!

PRIZES

Weekly Prizes & Drawing Dates:
October 14, 2019: Best of Agatha Christie Volume 1-4 (Region 1)

October 21, 2019: Apple Airpods

October 28, 2019: Clue Board Game and Culinario Mortale Deadly Fame - Murder Mystery Dinner Party Game

November 4, 2019: Anker PowerCore

Grand Prize:
November 4, 2019: SimpliSafe Wireless Home Security System



MISSION RULES

A new question will open every day (Monday - Friday) starting on October 7, 2019. Once a question has opened, it will remain open until November 3, 2019 at 11:59 p.m. CT. Check the schedule below for exact open/close times.



MISSION SHORTCUT

Complete the mission shortcut between October 7, 2019 and November 3, 2019 to be entered to win a Go Pro HERO 7 Black!

Security is the responsibility of all IT staff. However, not everyone has the same amount of time or resources available to increase their networks’ security posture. Security Event Manager (SEM) is designed to be another pair of eyes, always on the lookout for suspicious behaviour, and can alert you when it finds potential threats. For this shortcut we’ll have you take the first step towards automating threat detection by setting up a log source in SEM.

Shortcut Steps:

  1. Download a free trial of Security Event Manager (or if you already use SEM you can skip this step, but be sure you’re on version 6.7 or higher)
  2. Navigate to “Nodes”
  3. Click on “Add agent node,” select the appropriate agent for local installation, and follow the instructions or read more here
  4. Once the server is connected, navigate to “Events” and take a screen shot of events coming in from the log source and post to the mission
    1. Please anonymize any sensitive data like machine name or user names

DOWNLOAD FREE TRIAL  SUBMIT SCREENSHOT

WEEKLY PRIZESMONTUEWEDTHUFRIWINNERS
Week 1: Complete questions 1-5 by October 13, 2019 to be entered to win: Best of Agatha Christie Volume 1-4 (Region 1)
Week 2: Complete questions 6-10 by October 20, 2019 to be entered to win: Apple Airpods
Week 3: Complete questions 11-15 by October 27, 2019 to be entered to win: Clue Board Game and Culinario Mortale Deadly Fame - Murder Mystery Dinner Party Game
Week 4: Complete questions 16-20 by November 3, 2019 to be entered to win: Anker PowerCore

Correctly answer all 20 questions by November 3, 2019 and get entered to win the Grand Prize! SimpliSafe Wireless Home Security System



September Mission Terms & Conditions: US, UK, and Canada | Germany | Australia

September Mission Shortcut Terms & Conditions: US, UK, and Canada | Germany | Australia

157 Comments
superfly99
Level 17

Hooray new month Good luck everyone.

melonizame
Level 12

Man you guys are outdoing your selves with the prizes.....

rschroeder
Level 21

There seems to be some problem with the link to Week 4's prize description at Amazon.

https://www.amazon.com/Anker-PowerCore-Portable-Double-Speed-Recharging/dp/B01JIWQPMW/ref=sr_1_4?key...

On the bright side, this link sent me to a different part of Amazon I've never chanced to run into--Meet the Dogs of Amazon!  Reload the broken link over and over and be treated to (apparently) dogs owned by Amazon employees.  Cute!

pastedImage_1.pngpastedImage_2.pngpastedImage_3.png

Watch the video of Amazon pups here:    Meet the dogs of Amazon

ferrashoo
Level 12

Love security and the prizes help make it fun!!!

fmasotti
Level 12

i hope this time i will do all green and win something

yumdarling Community Manager
Community Manager

I fixed it... and also spent some time looking at the dogs of Amazon

jeremymayfield
Level 15

even if you are not all green, if you learn something then you win.

Security is backbone of any Network and technology. !! I love security & Thwack Monthly Mission.

rschroeder
Level 21

Thank you, yumdarling​.  Honestly, your handle is the most-fun-one I've ever seen.

melonizame
Level 12

I wouldn't say I lost 30 minutes of time when I found out about the dogs of amazon, but I sure did feel better afterwards.....

fmasotti
Level 12

oh cmon 2 wrong!

jnewell
Level 10

Had to dig a little more on todays (Q3), but quite an interesting read

Found this link the most helpful!

Monitor Multiple Email Domains and IPs in a Data Breach | SolarWinds

subiegirl
Level 8

Today's question - Not nice! 

melonizame
Level 12

So multiple choice on Q3? (10/09/2019)

Not seeing answer in hint link or link provided by jnewell

waiting on more Thwacksters before answering.......

jnewell
Level 10

Hey melonizame​,

The answer is on the page, but it isn't verbatim. CTRL + F isn't that helpful, but it is there, I promise!

melonizame
Level 12

I believe I see it now, but still waiting.......

chayden18
Level 9

Having not used the product, I would think all the answers are possible, even if they are not explicitly mentioned. Looks like you can monitor whatever you enter into the Watchlist for Domains, and I don't see a limitation. Same for Email addresses. I'll hold off a bit as well.

tsadler
Level 8

Kind of ironic that Simplisafe is the grand prize for a Mission Month centered around cybersecurity! SimpliSafe’s home security system can be compromised by a $2 wireless emitter - The Verge

Always take The Verge with a grain of salt, but people seem to think about hardware vulnerabilities a lot less often than software ones...

yumdarling Community Manager
Community Manager

Hey friends,

I can see how today's hint can be a little confusing... I published a brand new one

I reset wrong answers to give everyone a shot to learn from the new hint.

So go forth and answer again.

laurin.beckhusen
Level 10

Maybe I am over thinking this, but when I read "you can extend you protection to any email address as long as that email owner gives permission" Maybe I got my competitors permission...

Jfrazier
Level 18

Agreed, it is a bit ambiguous and then there would be the matter of proof that you got permission.  Is there a requirement other than written to provide proof of permission? 

chipperrocks10
Level 9

Yeah, I should have checked the comments.  The question doesn't address permission very well.  It's pretty easy in my line of work to obtain permission (via disclosure) when you obtain the customer address.

asheppard970
Level 13

Got today's question wrong (I, too, was lead astray by the "[...] you can extend you (SIC) protection [...]" comment so I guess I need a bit of help here.

Looking at the "Your Breached Asset Types" screenshot, what is meant by this:

pastedImage_0.png

Consumers, I presume, are customers but if this is not referring to their email address, then to what is it referring?  Since I have no exposure to this product, I am eager to learn.

chucksimalchik
Level 10

That was my thinking, that getting customer permission wouldn't necessarily be difficult, especially if you are promising them additional data breach protection. In reality, you "can" extend it to anyone.

ScottRich
Level 12

I have seen multiple clues for today's question, but it really is up to one's interpretation as I have not found a definitive answer for all of the options listed. As others have commented, you could infer that all the answers are correct but there is nothing in any of the clues that actually confirm or deny several of them. Not really wanting to just guess, so I will wait until there is a better clue or better answers or maybe a different question.

knucklebusted
Level 11

Knowledge and information are not the same thing. Question 3 is not very good at asking for knowledge and the hint imparts little useful information to test that knowledge.

knucklebusted
Level 11

Agreed, if you had permission, all answers would be technically correct.

danielsayer
Level 8

Email Credentials Breach Exposure Monitoring | SolarWinds

For Q3 above link might help (it did for me) - scroll to the bottom, although its still not definitive

Jfrazier
Level 18

go with the info that is specifically listed in the hints...the speculative items are just that.

cisherwood
Level 10

Sooo…. You got 2 right?

laurin.beckhusen
Level 10

went on a limb and removed the speculative answers and wala. Still don't like the question though haha.

janzzy44
Level 8

i believe that today's question should be able to be all boxes as it states as long as the email address gives you permission you can protect.

knucklebusted
Level 11

Exactly, if permission is granted, it is all.

My concern is where did Solarwinds get all this information and what safeguards are they taking to protect it?

jnewell
Level 10

Nice and easy one today, yumdarling

pastedImage_0.png

xaturbatu
Level 9

The challange is to make it red

pastedImage_0.png

pat_m
Level 10

Hello,

seems even I can answer this one, without the hint.

pastedImage_0.png

petergwilson
Level 14

Yep, really bad as you 'CAN' do all of them but you would need permission first for two of them. 

jnewell
Level 10

HAHAHA!!! That is impressive!

I bow down to your superior quizzing technique Hahaha!

yumdarling Community Manager
Community Manager

A swing and a hut.gif

asheppard970
Level 13

yumdarling​, I thank you for the inspiration for another...wait for it..............

EARWORM ALERT!!!!

While I am not a huge Country Music fan, I have liked and admired Trace Atkins over the years.

Trace Adkins - Swing (Official Music Video) - YouTube

knucklebusted
Level 11

Today's hint for question 4 does not have an exact match and I would argue is not properly hinted. The word "attempts" (plural) appears to be transmuted into "attack" (singular). They are not exactly the same meaning but it is the closest I can find. Not gonna click it, not gonna do it. Not gonna be a guinea pig spell/copy checker.

asheppard970
Level 13

I can tell you from having done it, knucklebusted​, that your instinct is correct.  And I don't think it's a singular versus plural issue, because if you look at the hint, "attacks" is, indeed, plural not singular.  Without giving it away, what might throw people off is the addition of a word in the question.  Otherwise, the hint is verbatim.

trf
Level 9

They added an extra word that made it read weird to me, thought it was being tricky and asking for the root cause so it wasn't a control+f one. My answer was correct (root cause) but not right (phrasing being sought).

ebradford
Level 13

Maybe Thwack branded puppies in the Thwack store?

Just sayin'...

ebradford
Level 13

I got yesterday's and today's questions wrong. I guess I'm not understanding the questions.

ebradford
Level 13

So, I signed up for my free account. Seems like a nice server. I have a question on the breach time line. The time line says, "Breach Exposure Timeline (?)" >> "Visual timeline representation of all data breaches affecting you." But when I click on some of the dots, I see no information. Are the dots on the timeline for my domain, or for me? If for me, then why can I not see the results? If for my domain, when could it be possible to indicate as much in the (?) mouse-over?

asheppard970
Level 13

Not the first time, trf , and probably will not be the last where an answer is correct but not factually accurate or factually accurate but not correct.

For those who might be new here (or anyone else who is interested), you will see this occasionally, especially with subjective answers that involve client requirements / endorsements.  For example: Let's say that a certain product is part of a larger suite of products.  If a question asks something like "Which product(s) did the client endorse?", if the "client" (in a case study, perhaps) did not specifically say that they used/liked/endorsed said product, and if said product shows up as an answer, it is incorrect.  Factually accurate, yes, that the product is part of the suite but not a correct answer because it is not what the client said.

There is (most times) no funny business going on - the GEEKS are very good about not intentionally creating conundrums - one just has to pay close attention to what is being asked in the question.  In fact in most cases, letting go of a need for verbatim answers and applying some common sense - as well as realizing that you will not always be able to use CTRL+F - can go a long way towards correctly answering questions and learning.  Not that I always do that, mind you... ;-)

ebradford
Level 13

Okay. I am impressed. When using Identity Monitor, I noted that the three passwords associated with one of my personal e-mail accounts were actual valid old passwords, which I thought I retired. [No data breaches have been recorded for my work email account thankfully.] I went to a referenced site. I was able to use my old password. I had set-up two-factor authentication on that site, so since no other people had my cellphone, likely there was no breach of personal data. I changed my password for that site anyway. Threat extinguished. Wow. Thank you Solarwinds for making this tool available.

trf
Level 9

Yea, my first red X in a few months I think. I blame the lack of caffeine this morning

Thought long and hard and went with the one that made more grammatical sense to me and today it bit me

rschroeder
Level 21

I discovered that if I show up for my annual health exam 45 minutes early, and then spend that time watching Youtube videos of puppies and kittens I can trim 30 points off my systolic blood pressure measurement (the first number, or the top number), and trim 25 points off my diastolic number (the second, or lower, blood pressure number).

That's compared to coming from a stressful work position for hours, where I just sit, and then just walk quickly to my medical appointment. 

The extra time spent relaxing before the exam helps lower the B.P., and the videos of happy, pleasant environments are icing on the cake for knocking the BP points down even more.

Amazon has the right idea.