Test your basic knowledge |

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. flags anomalous conditions in traffic on the network - requires understanding on what is normal - bases good traffic as a baseline






2. NTP - BootP/DHCP - NFS file systems - SNMP - TFTP






3. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks






4. Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.






5. Intrusion detection system - it reports attacks against monitored systems/networks






6. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input






7. fast - with little fidelity - examines header information and limited payload data






8. Free linux WLAN analysis tool - completely passive - cannot be detected - supports advanced GPS integration and mapping features - used for wardriving - WLAN vulerability assessment






9. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment






10. Attempt to manipulate or trick a person into providing information or access - bypass network security by exploiting humans - vector is often outside attack by telephone or visitor inside






11. Provides insight into the tactics - motives - and attacker tools






12. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management






13. Connects the physical part of the network (cables) with the abstract (packets and datastreams)






14. Wide Area Network - Larger than MAN or LAN - uses public network - phone lines - and leased lines to tie LAN and MAN over a dispersed area






15. Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer






16. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire






17. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies






18. removable media - email attachments - web browsing - social networking - network vulnerabilities - IM applications - p2p






19. OSI






20. When someone has compromised the integrity of data or a program. Allows attackers to create backdoors.






21. Spread as an office attachment with executable code programmed using macro facility - targets are data files - visual basic editor and other macro languages - payload executes when the code is launched






22. risk = threat x vulnerability - impossible to eliminate - security is an exercise in loss reduction






23. Bits of code embedded in programs to quickly gain access at a later time






24. Uses flow control to handle network congestion - can send larger amounts of data per packet - has guaranteed delivery of transmitted data - better protection against spoofing - reduces need for error checking at higher OSI layers






25. An attacker spoofs the victim's IP and sends an ICMP ECHO request to the broadcast address of a network. When every system responds - a DoS occurs.






26. Infected millions through various methods - vulnerability in the MS Server Service - brute force admin password through network shares - infect removable devices with a malicious autorun script






27. Replicates traffic onto all ports - no traffic monitoring - cannot control which ports should or shouldn't receive frames - forming a large collision domain.






28. Most commonly used transport protocol today - ensures reliable packet delivery - has error handling built in






29. 1 and 2 - Voice/Low speed data - 3 - Voice/Data 10Mb - 4 - Voice/Data 16Mb - 5 - 5e - Voice/Data 100Mb to 1Gb - 6 - Standard for gigabit






30. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con






31. Going around with equipment to detect wireless networks






32. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0






33. Anonymous FTP - FTP passes through clear text - Bounce attacks with the PORT command - user can cause an FTP to open a connection from the FTP's own commands and bypass a firewall






34. Intellectual property - business goals - validated data - historical






35. logic bomb - trojan horse - trap door






36. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS






37. ATM supports two types of virtual circuits: permanent virtual circuits and switches virtual circuit - PVC is set up in advance - usually manually - SVC is established automatically through a signaling protocol and can be created on the fly - establis






38. Known - unknown - zero day






39. An attacker recruits zombie systems ahead of time to simultaneously release a flood of traffic at a specific target.






40. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector






41. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere






42. Used for connecting two physical segments of a network - segments traffic - breaks up collision domains - not generally used because of switches






43. Attacks systems through known vulnerabilities - automatically scans for more systems to attack - lowers system defenses - installs rootkit or root shell - opens up back doors - self contained malware that can copy itself






44. It interacts with the application layer to determine which network services will be required






45. Weakness in a system - inherent in a complex system - majority are due to poor coding - gateway by which threats are manifested






46. Confidentiality - integrity - availability






47. An appliance that controls access between public internet and a companies private network - or between a PC NIC and the rest of the PC.






48. FIN 130 - ACK 131 - FIN 570 - ACK 571






49. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously






50. Connects many WANs - MANs - and LANs - provided via ISP