SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. TCP/IP - the IP protoco - The core routing protocol of the internet - - deals with transmission of packets between end points - defines the addressing scheme for the internet
When implementing protocols - what stack should be used?
MAN
Switches
When setting up a virtual circuit
2. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment
LAN
Proxy or application gateway
Best way to protect wireless networks
Some types of malicious code
3. 53 bytes - 48 bytes for data - 5 bytes for the header
The different cable categories
Total cell size for asynchronous transfer mode (ATM)
Smurf attack
Some firewall challenges
4. Network scanner.
Ciphertext
Nmap
Some types of malicious code
The difference in stacks
5. Not a replacement for firewalls - hardening - strong policies - or other DiD methods - low maintenance - inexpensive
Kismet
IDS not
Total cell size for asynchronous transfer mode (ATM)
The network layer
6. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum
Social engineering
What primary threats should be protected against
UDP packet headers
Ciphertext
7. Message in its encrypted form
Ciphertext
Hping
LAN
A netcat listener
8. Confidentiality - integrity - availability
Kismet
Multi protocol label switching
Some ways to bypass firewall protections
The CIA triad
9. Attacks systems through known vulnerabilities - automatically scans for more systems to attack - lowers system defenses - installs rootkit or root shell - opens up back doors - self contained malware that can copy itself
Address resolution protocol
IDS not
Remote maintenance
Worms
10. Good for multimedia - can use small single packets - multicasting is required - speed is the highest priority
WAN
Some reasons to use UDP over TCP
Some NIDS topology limitations
ACK piggybacking
11. An agreement on how different computer will work - protocols define the format and order of messages and what to do upon receipt of the messages - basically the rules of the network
A network protocol
Stateful firewall
Datagram length of a UDP packet
NIDS challenges
12. Metropolitan area network - spans across city or town - larger than a LAN - uses fiber for backbone
MAN
Program infector
The five threat vectors
Address Resolution Protocol (ARP)
13. Uses a 1 to 1 substitution of arbitrary numbers - given a one character mapping - you cannot determine the key
NIDS challenges
Firewall
Arbitrary substitution
The CIA triad
14. Infects MBR - no network spreading potential
HIDS monitor
Boot record infector
Multi protocol label switching
Internet
15. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con
ATM work
Some malware capabilities
The threat vector analysis in defense in depth
Router
16. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters
Internet
Some common UDP ports
Group
Rotation?
17. 1 and 2 - Voice/Low speed data - 3 - Voice/Data 10Mb - 4 - Voice/Data 16Mb - 5 - 5e - Voice/Data 100Mb to 1Gb - 6 - Standard for gigabit
Overview of TCP
The transport layer
The different cable categories
Some ways to bypass firewall protections
18. logic bomb - trojan horse - trap door
A blind FTP
Some types of malicious code
DDoS attack
The data link layer
19. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code
Some ways to bypass firewall protections
EXE program infector
Some honeypot advantages
Stateful firewall
20. Going around with equipment to detect wireless networks
Wardriving
Remote maintenance
Some firewall benefits
Some reasons to use TCP over UDP
21. Connects many WANs - MANs - and LANs - provided via ISP
Internet
Switches
Rotation?
The conficker worm
22. Confidentiality - symmetric encryption
Some network design objectives
The goals of cryptography
Smurf attack
Macro virus
23. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies
NIDS challenges
The TCP/IP model
Defense in depth
Switches
24. Worms and Wireless - modems - tunnel anything through HTTP - social engineering
Datagram length of a UDP packet
The Uniform Protection to defense in depth
IDS data normalization
Some ways to bypass firewall protections
25. It interacts with data and prepares it to be transmitted across the network. It ensures reliable connectivity from end-to-end
The transport layer
What range is a class C network?
IDS signature analysis work
Rotation?
26. Handles the network address scheme and connectivity of multiple network segments. It handles communication.
The network layer
The four types of events reported by IDS
A netmask
Plaintext
27. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS
CIDR
DDoS attack
Honeyd
The four basic approaches to defense in depth
28. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process
Some malware capabilities
Shallow packet inspection
Proxy or application gateway
Denial of service
29. Isolates systems when they initially connect to the network - allows systems to be scanned and checked prior to being put on a trusted segment
Deep packet inspection
NIDS challenges
NAC
File Integrity checking work
30. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously
Hping
To establish a TCP session
Nmap
HIDS monitor
31. destruction of data - leaking confidential information - providing backdoor access
Group
When talking about protocols and referencing layers - what stack is used
Some malware capabilities
Race conditions
32. Wide Area Network - Larger than MAN or LAN - uses public network - phone lines - and leased lines to tie LAN and MAN over a dispersed area
What range is a class A network?
Honeyd
WAN
Some malware propagation techniques
33. Intrusion detection system - it reports attacks against monitored systems/networks
DDoS attack
Alteration of code
IDS
Overview of TCP
34. Protocol for mapping an IP address to a physical machine address that is recognized on the local network - A table - usually called the ARP cache - is used to maintain a correlation between each MAC and it's corresponding IP address
SQL Slammer Worm
EXE program infector
Address Resolution Protocol (ARP)
ATM work
35. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS
To close a TCP session
Some common TCP ports
Snort
Firewall
36. An attempt to gain access by bombarding it with guesses until the password is found.
Defense in depth
War Dialing
Brute force
No State Inspection ACK flag set
37. A system resource that has no legitimate purpose or reason for someone to connect to it - its purpose is to draw in attackers to understand how they break into a system
Honeypot
Nmap
Buffer overflow
Nmap scanning techniques
38. Connects the physical part of the network (cables) with the abstract (packets and datastreams)
Some network design objectives
Rotation?
When setting up a virtual circuit
The data link layer
39. Considered to be a perimeter device
To establish a TCP session
Router
Datagram length of a UDP packet
To close a TCP session
40. Network traffic to the host - typically listens on all interface - uses signature analysis to identify events of interest
Integrity of Data
The threat vector analysis in defense in depth
HIDS monitor
Alteration of code
41. An FTP that allows downloads only if the user knows the exact name of the file they're looking for
Trap door
A blind FTP
Some Pen Test techniques
Snort
42. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection
Some firewall benefits
Rotation?
Total cell size for asynchronous transfer mode (ATM)
What categories do vulnerabilities fall into?
43. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire
File Integrity checking work
Firewall
Browsing attack
Group
44. Intellectual property - business goals - validated data - historical
What threats should be protected against - based on threat levels
Some external threat concerns
Some network design objectives
Overview of TCP
45. FIN 130 - ACK 131 - FIN 570 - ACK 571
What ways should the crypto key be protected?
The Information Centric defense in depth
Types of ATM virtual circuits
To close a TCP session
46. An appliance that controls access between public internet and a companies private network - or between a PC NIC and the rest of the PC.
The protected enclave to defense in depth
ACK piggybacking
Firewall
Some common UDP ports
47. removable media - email attachments - web browsing - social networking - network vulnerabilities - IM applications - p2p
The transport layer
What ways should the crypto key be protected?
Some malware propagation techniques
Switches
48. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.
The presentation layer
PAN
Buffer overflow
Group
49. Outside attack from network - Outsider attack from telephone - Insider attack from local network - insider attack from local system - attack from malicious code
To close a TCP session
The five threat vectors
The OSI model
OS Command Injection defenses
50. War dialing - war driving - Sniffing - eavesdropping - dumpster diving - social engineering
What range is a class B network?
Some Pen Test techniques
3-way handshake
When talking about protocols and referencing layers - what stack is used