I highly doubt a security class would have you do that.
If they did, the tools, knowledge, and methodology would have been prerequisite.
I don't care how ‘secure’ your systems are. If you have stupid people running them and using them, you can't win.
For those that know