Test your basic knowledge |

GIAC

Subjects : certifications, giac, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Protocol for mapping an IP address to a physical machine address that is recognized on the local network. A table - usually called the ARP cache - is used to maintain a correlation between each MAC and its corresponding IP address
LAN
SQL Slammer Worm
Address resolution protocol
Group

2. 192.0.0.0 through 223.255.255.255 - subnet mask of 255.255.255.0
What range is a class C network?
A netmask
Some external threat concerns
Firewall

3. Most common approach - firewall - VPN - intrusion detection - AV - disk encryption - all parts of the organization receive equal protection - particularly vulnerable to malicious inside attacks
The Uniform Protection to defense in depth
Asynchronous Transfer Mode
File Integrity checking work
Some network design objectives

4. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection
Some firewall benefits
Honeyd
The threat vector analysis in defense in depth
Proxy or application gateway

5. Syn - Syn/Ack - Ack
To establish a TCP session
Stateless packet filter
EXE program infector
War Dialing

6. Hash Authentication - asymmetric - non repudiation - digital signature - hash + asymmetry
Honeypot
What categories do vulnerabilities fall into?
Integrity of Data
File integrity checking work

7. A cracking tool inserted into the OS that allows the attacker to do as they please.
Address Resolution Protocol (ARP)
The protected enclave to defense in depth
Rootkit
No State Inspection ACK flag set

8. Uniform protection - protected enclaves - information centric - threat vector analysis
Best way to protect wireless networks
What range is a class C network?
No State Inspection ACK flag set
The four basic approaches to defense in depth

9. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies
What's a VLAN
Hubs
Some NIDS topology limitations
Defense in depth

10. Considered to be a perimeter device
Hubs
Router
Brute force
COM/Script program infector

11. fast - with little fidelity - examines header information and limited payload data
Kismet
Some Pen Test techniques
Shallow packet inspection
The data link layer

12. removable media - email attachments - web browsing - social networking - network vulnerabilities - IM applications - p2p
Race conditions
IDS
The session layer
Some malware propagation techniques

13. -Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom
Some external threat concerns
Some network design objectives
The OSI model
What ways should the crypto key be protected?

14. Connects many WANs - MANs - and LANs - provided via ISP
Internet
Log monitoring work?
Worms
IDS signature analysis work

15. Bits of code embedded in programs to quickly gain access at a later time
3-way handshake
Defense in depth
Some firewall challenges
Trap door

16. Network scanner.
HIDS monitor
Total cell size for asynchronous transfer mode (ATM)
Log monitoring work?
Nmap

17. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS
Some common TCP ports
Risk
Race conditions
The Information Centric defense in depth

18. Four layers - Network Layer - Internet Layer - Transport Layer - Application layer
The protected enclave to defense in depth
The TCP/IP model
Internet
Address Resolution Protocol (ARP)

19. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring
Some NIDS topology limitations
The four types of events reported by IDS
EXE program infector
Some malware propagation techniques

20. Infects MBR - no network spreading potential
The OSI Protocol Stack
The different cable categories
Bridge
Boot record infector

21. Malware - insider threat - natural disaster - terrorism - pandemic
Some NIDS topology limitations
A network protocol
When talking about protocols and referencing layers - what stack is used
What primary threats should be protected against

22. destruction of data - leaking confidential information - providing backdoor access
Total cell size for asynchronous transfer mode (ATM)
Overview of TCP
Some malware capabilities
Stateful firewall

23. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535
When setting up a virtual circuit
Datagram length of a UDP packet
Buffer overflow
Defense in depth

24. Very simplistic. All systems are attached to the same cable segment. Rarely used because they're unreliable - low fault tolerance - poor traffic isolation - with limited scalability
Some external threat concerns
The goals of cryptography
What ways should the crypto key be protected?
Bus Topology

25. True positive - false positive - true negative - false negative
Overview of TCP
The four types of events reported by IDS
Network stumbler
What ways should the crypto key be protected?

26. Known - unknown - zero day
What categories do vulnerabilities fall into?
What primary threats should be protected against
When talking about protocols and referencing layers - what stack is used
Ciphertext

27. Relies on executable code insertion and user interaction to spread
Worms
MAN
The conficker worm
Parasitic malware

28. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con
The Information Centric defense in depth
Some FTP dangers
Bridge
ATM work

29. Handles transmissions across the physical media like wires - fiber - etc
UDP packet headers
Deep packet inspection
The Uniform Protection to defense in depth
The physical layer stack

30. OSI
Port scan
File integrity checking work
When talking about protocols and referencing layers - what stack is used
Best way to protect wireless networks

31. Simplest form of a research honeypot - useful in identifying nature of TCP scans - allows attacker to complete 3-way handshake - listens on a defined port - logs incoming requests for analysis
Firewall
A netcat listener
MAN
Deep packet inspection

32. An appliance that controls access between public internet and a companies private network - or between a PC NIC and the rest of the PC.
IDS data normalization
Firewall
Trap door
Port scan

33. Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer
The OSI model
The data link layer
IDS data normalization
NAC

34. An attempt to gain access by bombarding it with guesses until the password is found.
Brute force
Deep packet inspection
IDS data normalization
Program infector

35. keeps the same letters - but changes the position within the text - easy to break - can be combined with substitution
IDS not
The four basic approaches to defense in depth
Permutation
Switches

36. TCP/IP - the IP protoco - The core routing protocol of the internet - - deals with transmission of packets between end points - defines the addressing scheme for the internet
Shallow packet inspection
When implementing protocols - what stack should be used?
What range is a class C network?
HIDS monitor

37. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability
Some malware propagation techniques
Some disadvantages of honeypots
A netmask
Honeypot

38. risk = threat x vulnerability - impossible to eliminate - security is an exercise in loss reduction
Permutation
Hping
Risk
Some other UDP based protocols

39. The practice of sending an ACK inside another packet going to the same destination
The session layer
Some common UDP ports
WAN
ACK piggybacking

40. Unified data carrying service - replacing from replay and ATM
Some other UDP based protocols
Multi protocol label switching
Some types of malicious code
The different cable categories

41. An attacker spoofs the victim's IP and sends an ICMP ECHO request to the broadcast address of a network. When every system responds - a DoS occurs.
Some reasons to use TCP over UDP
Some types of malicious code
Smurf attack
Bus Topology

42. Connects the physical part of the network (cables) with the abstract (packets and datastreams)
UDP packet headers
The data link layer
CIDR
Ciphertext

43. A spoofed IP is used to send a SYN to the target. It then responds with a SYN/ACK that never receives the final ACK to complete the handshake. This occupies a portion of the target's pre-established buffer for TCP and can prevent the target from acce
What range is a class A network?
The five threat vectors
SQL Slammer Worm
SYN flood

44. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules
IDS signature analysis work
The physical layer stack
To establish a TCP session
Snort

45. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls
Some malware capabilities
A network protocol
Some firewall challenges
3-way handshake

46. NTP - BootP/DHCP - NFS file systems - SNMP - TFTP
Some other UDP based protocols
HIDS monitor
Some honeypot advantages
War Dialing

47. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks
The OSI Protocol Stack
SQL Slammer Worm
Hping
What's a VLAN

48. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols
Nmap
Some reasons to use TCP over UDP
IDS data normalization
Bridge

49. packet filter firewalls rely on TCP flags to determine connection state. Attacker can send ACK packets only to bypass firewall.
MAN
Some NIDS topology limitations
No State Inspection ACK flag set
Program infector

50. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code
Browsing attack
Logic bomb
EXE program infector
SYN flood