Test your basic knowledge |

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. It interacts with data and prepares it to be transmitted across the network. It ensures reliable connectivity from end-to-end






2. Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.






3. Confidentiality - symmetric encryption






4. Infects MBR - no network spreading potential






5. A sends a SYN packet to B - B acknowledges with a SYN/ACK - A replies with ACK






6. Uses flow control to handle network congestion - can send larger amounts of data per packet - has guaranteed delivery of transmitted data - better protection against spoofing - reduces need for error checking at higher OSI layers






7. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.






8. A system resource that has no legitimate purpose or reason for someone to connect to it - its purpose is to draw in attackers to understand how they break into a system






9. Spread as an office attachment with executable code programmed using macro facility - targets are data files - visual basic editor and other macro languages - payload executes when the code is launched






10. Unified data carrying service - replacing from replay and ATM






11. One is for talking - one is for implementing






12. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere






13. Confidentiality - integrity - availability






14. rules indicate criteria in packets that represent events of interest - rules are applied to packets as they are received - alerts are created when matches are found






15. Most common approach - firewall - VPN - intrusion detection - AV - disk encryption - all parts of the organization receive equal protection - particularly vulnerable to malicious inside attacks






16. ATM supports two types of virtual circuits: permanent virtual circuits and switches virtual circuit - PVC is set up in advance - usually manually - SVC is established automatically through a signaling protocol and can be created on the fly - establis






17. An attacker recruits zombie systems ahead of time to simultaneously release a flood of traffic at a specific target.






18. A spoofed IP is used to send a SYN to the target. It then responds with a SYN/ACK that never receives the final ACK to complete the handshake. This occupies a portion of the target's pre-established buffer for TCP and can prevent the target from acce






19. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls






20. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS






21. -Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom






22. Worms and Wireless - modems - tunnel anything through HTTP - social engineering






23. Handles the network address scheme and connectivity of multiple network segments. It handles communication.






24. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535






25. Wide Area Network - Larger than MAN or LAN - uses public network - phone lines - and leased lines to tie LAN and MAN over a dispersed area






26. Anonymous FTP - FTP passes through clear text - Bounce attacks with the PORT command - user can cause an FTP to open a connection from the FTP's own commands and bypass a firewall






27. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector






28. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring






29. Simplest form of a research honeypot - useful in identifying nature of TCP scans - allows attacker to complete 3-way handshake - listens on a defined port - logs incoming requests for analysis






30. Work groups that require additional protection are segmented from the rest of the internal organization - restricting access to critical segments - system of VPNs - internal firewall - VLANs and ACLs






31. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management






32. An attacker spoofs the victim's IP and sends an ICMP ECHO request to the broadcast address of a network. When every system responds - a DoS occurs.






33. An agreement on how different computer will work - protocols define the format and order of messages and what to do upon receipt of the messages - basically the rules of the network






34. Connects the physical part of the network (cables) with the abstract (packets and datastreams)






35. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols






36. Network scanner.






37. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code






38. Considered to be a perimeter device






39. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection






40. Attempt to manipulate or trick a person into providing information or access - bypass network security by exploiting humans - vector is often outside attack by telephone or visitor inside






41. An FTP that allows downloads only if the user knows the exact name of the file they're looking for






42. Protected at rest - protected in transit - secure the key






43. It makes sure the data sent from one side to the other is in a format useful to the other side






44. 53 - DNS - 67 - BootP - 68 - BootP - 69 - TFTP - 123- NTP - 137-139 NBT - 161 - SNMP - 162 - SNMP - 2049 - NFS






45. Attacks systems through known vulnerabilities - automatically scans for more systems to attack - lowers system defenses - installs rootkit or root shell - opens up back doors - self contained malware that can copy itself






46. Very simplistic. All systems are attached to the same cable segment. Rarely used because they're unreliable - low fault tolerance - poor traffic isolation - with limited scalability






47. Known - unknown - zero day






48. It allows the transport layer to detect when the UDP headers or the payload have been modified in transit






49. A time of check/time of use attack that exploits the difference in between when a security control was applied and the time the service was used.






50. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules