Test your basic knowledge |

GIAC

Subjects : certifications, giac, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored
Defense in depth
Log monitoring work?
Honeypot
Bridge

2. It handles the establishment and maintenance of connections between systems
CIDR
The session layer
Hubs
the application layer

3. An FTP that allows downloads only if the user knows the exact name of the file they're looking for
Wardriving
Permutation
A blind FTP
Some honeypot advantages

4. Publish separate mail - web - and DNS servers to the internet - provide appropriate access from internal network to internet - protect internal from external attack - provide defense in depth - protect all aspects of the system
Some network design objectives
Integrity of Data
Deep packet inspection
The conficker worm

5. Spread as an office attachment with executable code programmed using macro facility - targets are data files - visual basic editor and other macro languages - payload executes when the code is launched
Smurf attack
Macro virus
Shallow packet inspection
Honeyd

6. Trivial File Transfer Protocol - method to transfer files from one device to another without needing authentication
To close a TCP session
TFTP
The OSI model
A blind FTP

7. War dialing - war driving - Sniffing - eavesdropping - dumpster diving - social engineering
Social engineering
Total cell size for asynchronous transfer mode (ATM)
Some Pen Test techniques
Some reasons to use TCP over UDP

8. CIDR is a shorthand way of specifying which portion of the address is the network - and which portion is the host
CIDR
Some ways to bypass firewall protections
SYN flood
IDS not

9. Uniform protection - protected enclaves - information centric - threat vector analysis
the application layer
The four basic approaches to defense in depth
The protected enclave to defense in depth
File integrity checking work

10. Combines the functionality of a hub and bride into a single device - keeps track of MACs attached to each port
Some network design objectives
Social engineering
The session layer
Switches

11. Simplest form of a research honeypot - useful in identifying nature of TCP scans - allows attacker to complete 3-way handshake - listens on a defined port - logs incoming requests for analysis
A netcat listener
Parasitic malware
The OSI Protocol Stack
Checksum in UDP

12. Personal area network - phone tethering - bluetooth - etc
Anomaly analysis work
NIDS challenges
UDP packet headers
PAN

13. OSI
Arbitrary substitution
The transport layer
When implementing protocols - what stack should be used?
When talking about protocols and referencing layers - what stack is used

14. Attacks systems through known vulnerabilities - automatically scans for more systems to attack - lowers system defenses - installs rootkit or root shell - opens up back doors - self contained malware that can copy itself
Some common TCP ports
Some firewall challenges
UDP packet headers
Worms

15. Means multiple iterations won't matter. If you encrypt with a key - then re-encrypt - it's the same as using one key.
ACK piggybacking
What ways should the crypto key be protected?
Group
Worms

16. Protected at rest - protected in transit - secure the key
ACK piggybacking
Social engineering
What ways should the crypto key be protected?
Honeypot

17. Provides insight into the tactics - motives - and attacker tools
Datagram length of a UDP packet
Some honeypot advantages
Integrity of Data
Network stumbler

18. local area network - small network confined to small location - all equipment owned by a single entity - vulnerable to inside threats and logic bombs
The goals of cryptography
LAN
Some external threat concerns
What range is a class B network?

19. Confidentiality - integrity - availability
Honeypot
The CIA triad
Proxy or application gateway
Logic bomb

20. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.
War Dialing
The five threat vectors
Stateless packet filter
File Integrity checking work

21. Considered to be a perimeter device
Router
File integrity checking work
Stateful firewall
Logic bomb

22. flags anomalous conditions in traffic on the network - requires understanding on what is normal - bases good traffic as a baseline
Ack Piggybacking
Anomaly analysis work
Some reasons to use UDP over TCP
What ways should the crypto key be protected?

23. A list of files is defined that should be monitored for a change - HIDS software calculates a one-way hash for each file - if a change is made to the file - the hash is changed
File integrity checking work
Buffer overflow
ATM work
A blind FTP

24. A system resource that has no legitimate purpose or reason for someone to connect to it - its purpose is to draw in attackers to understand how they break into a system
Internet
Honeypot
A blind FTP
Ciphertext

25. Most commonly used transport protocol today - ensures reliable packet delivery - has error handling built in
Overview of TCP
Parasitic malware
ATM work
To establish a TCP session

26. Small program triggered by an event that provides an action. E.g. scheduled file removal if countdown isn't reset - ie: employee was fired
SYN flood
A netmask
The threat vector analysis in defense in depth
Logic bomb

27. Attaches itself to existing program files and activated when the exe is launched
Program infector
A netmask
Some common UDP ports
Nmap scanning techniques

28. FIN 130 - ACK 131 - FIN 570 - ACK 571
Log monitoring work?
Some Pen Test techniques
Rotation?
To close a TCP session

29. Unencrypted message in its original form
Trojan horse
Some honeypot advantages
Plaintext
Some Pen Test techniques

30. Syn - Syn/Ack - Ack
IDS not
To establish a TCP session
The Uniform Protection to defense in depth
Worms

31. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere
Some FTP dangers
No State Inspection ACK flag set
Remote maintenance
War Dialing

32. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks
The goals of cryptography
Some firewall benefits
What range is a class C network?
SQL Slammer Worm

33. An appliance that controls access between public internet and a companies private network - or between a PC NIC and the rest of the PC.
Some network design objectives
Types of ATM virtual circuits
Firewall
Risk

34. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input
Macro virus
OS Command Injection defenses
Proxy or application gateway
Multi protocol label switching

35. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously
Types of ATM virtual circuits
Hping
What's an easy way to test encryption?
Trap door

36. Uses a 1 to 1 substitution of arbitrary numbers - given a one character mapping - you cannot determine the key
Some network design objectives
The goals of cryptography
Arbitrary substitution
Hubs

37. Network scanner.
WAN
Nmap
What primary threats should be protected against
File Integrity checking work

38. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules
Multi protocol label switching
Snort
What's a VLAN
LAN

39. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum
Overview of TCP
UDP packet headers
Defense in depth
HIDS monitor

40. When someone has compromised the integrity of data or a program. Allows attackers to create backdoors.
Alteration of code
IDS
Arbitrary substitution
NIDS challenges

41. NTP - BootP/DHCP - NFS file systems - SNMP - TFTP
Wardriving
Stateless packet filter
Switches
Some other UDP based protocols

42. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0
What range is a class B network?
The presentation layer
Some other UDP based protocols
Multi protocol label switching

43. 53 bytes - 48 bytes for data - 5 bytes for the header
The session layer
A network protocol
The transport layer
Total cell size for asynchronous transfer mode (ATM)

44. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector
3-way handshake
Some disadvantages of honeypots
What ways should the crypto key be protected?
The threat vector analysis in defense in depth

45. Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer
ACK piggybacking
The OSI model
Race conditions
Wardriving

46. An agreement on how different computer will work - protocols define the format and order of messages and what to do upon receipt of the messages - basically the rules of the network
Some network design objectives
A network protocol
SQL Slammer Worm
Some malware propagation techniques

47. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire
File Integrity checking work
NAC
Snort
Rotation?

48. Very simplistic. All systems are attached to the same cable segment. Rarely used because they're unreliable - low fault tolerance - poor traffic isolation - with limited scalability
Some ways to bypass firewall protections
Honeyd
Bus Topology
Smurf attack

49. Connects many WANs - MANs - and LANs - provided via ISP
Browsing attack
NIDS challenges
Internet
A netcat listener

50. Attempt to manipulate or trick a person into providing information or access - bypass network security by exploiting humans - vector is often outside attack by telephone or visitor inside
Proxy or application gateway
Address resolution protocol
A netmask
Social engineering