SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Parasitic malware - boot record infector - macro - COM/Script program infector - EXE program infector
Integrity of Data
LAN
Parasitic malware
Types of viruses
2. Full open - half open (stealth scan) - UDP - Ping
Nmap scanning techniques
Program infector
Stateless packet filter
TFTP
3. packet filter firewalls rely on TCP flags to determine connection state. Attacker can send ACK packets only to bypass firewall.
No State Inspection ACK flag set
Parasitic malware
A network protocol
Some network design objectives
4. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls
Some malware propagation techniques
Ciphertext
Some disadvantages of honeypots
Some firewall challenges
5. Simple attack done by simply browsing available information that's allowed on a local network.
Browsing attack
The threat vector analysis in defense in depth
A blind FTP
The five threat vectors
6. Handles transmissions across the physical media like wires - fiber - etc
Defense in depth
The physical layer stack
Snort
File Integrity checking work
7. -Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom
Some external threat concerns
Some types of malicious code
Some FTP dangers
Ack Piggybacking
8. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment
Best way to protect wireless networks
The four types of events reported by IDS
What threats should be protected against - based on threat levels
NAC
9. It interacts with data and prepares it to be transmitted across the network. It ensures reliable connectivity from end-to-end
Trap door
Ack Piggybacking
Checksum in UDP
The transport layer
10. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP
Port scan
Nmap scanning techniques
CIDR
Proxy or application gateway
11. One is for talking - one is for implementing
MAN
The difference in stacks
SYN flood
DDoS attack
12. When someone has compromised the integrity of data or a program. Allows attackers to create backdoors.
Social engineering
Stateful firewall
Address resolution protocol
Alteration of code
13. Attempt to manipulate or trick a person into providing information or access - bypass network security by exploiting humans - vector is often outside attack by telephone or visitor inside
Total cell size for asynchronous transfer mode (ATM)
PAN
Social engineering
The TCP/IP model
14. Trying to ID modems in a telephone exchange that may be susceptible to compromise
War Dialing
Multi protocol label switching
The network layer
SQL Slammer Worm
15. Identify critical assets and provide layered protection - data is accessed by applications - applications reside on hosts - hosts operate on networks
The Information Centric defense in depth
Stateful firewall
The conficker worm
Trap door
16. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored
Log monitoring work?
Plaintext
The conficker worm
Remote maintenance
17. It allows the transport layer to detect when the UDP headers or the payload have been modified in transit
Checksum in UDP
Denial of service
Multi protocol label switching
Plaintext
18. Confidentiality - integrity - availability
The CIA triad
Arbitrary substitution
Some common UDP ports
No State Inspection ACK flag set
19. Attaches itself to existing program files and activated when the exe is launched
When setting up a virtual circuit
WAN
Program infector
ACK piggybacking
20. An attacker recruits zombie systems ahead of time to simultaneously release a flood of traffic at a specific target.
DDoS attack
Some malware propagation techniques
Some honeypot advantages
Buffer overflow
21. Personal area network - phone tethering - bluetooth - etc
PAN
Some malware capabilities
The difference in stacks
To establish a TCP session
22. It makes sure the data sent from one side to the other is in a format useful to the other side
Some types of malicious code
SQL Slammer Worm
The presentation layer
The four basic approaches to defense in depth
23. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection
War Dialing
The TCP/IP model
Some firewall benefits
A netcat listener
24. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability
What threats should be protected against - based on threat levels
IDS signature analysis work
Some disadvantages of honeypots
Smurf attack
25. Combines the functionality of a hub and bride into a single device - keeps track of MACs attached to each port
Switches
OS Command Injection defenses
Firewall
File integrity checking work
26. Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.
The five threat vectors
Trojan horse
Brute force
Asynchronous Transfer Mode
27. The Practice of sending an ACK inside another packet going to the same destination
The physical layer stack
Some common TCP ports
Ack Piggybacking
Some honeypot advantages
28. Provides insight into traffic on the network - help detect problems with network operations - provides auditing for other security measures
DDoS attack
IDS not
Macro virus
NIDS advantages
29. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire
Worms
File Integrity checking work
Internet
What categories do vulnerabilities fall into?
30. Malware - insider threat - natural disaster - terrorism - pandemic
Some disadvantages of honeypots
The physical layer stack
What primary threats should be protected against
Nmap
31. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously
Address Resolution Protocol (ARP)
Hping
What primary threats should be protected against
The CIA triad
32. Free linux WLAN analysis tool - completely passive - cannot be detected - supports advanced GPS integration and mapping features - used for wardriving - WLAN vulerability assessment
The transport layer
Some honeypot advantages
Anomaly analysis work
Kismet
33. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector
COM/Script program infector
Bridge
To close a TCP session
The threat vector analysis in defense in depth
34. Most common approach - firewall - VPN - intrusion detection - AV - disk encryption - all parts of the organization receive equal protection - particularly vulnerable to malicious inside attacks
Defense in depth
The Uniform Protection to defense in depth
File Integrity checking work
LAN
35. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input
War Dialing
To close a TCP session
OS Command Injection defenses
Proxy or application gateway
36. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols
IDS signature analysis work
IDS data normalization
Integrity of Data
Stateless packet filter
37. free windows based wireless scanner for 802.1b - detects access point settings - supports GSP integration - identifies networks as encrypted or unencrypted
OS Command Injection defenses
The conficker worm
Network stumbler
Checksum in UDP
38. Used for connecting two physical segments of a network - segments traffic - breaks up collision domains - not generally used because of switches
Port scan
Bridge
Nmap scanning techniques
Some other UDP based protocols
39. Intrusion detection system - it reports attacks against monitored systems/networks
File integrity checking work
IDS
No State Inspection ACK flag set
Some Pen Test techniques
40. Network scanner.
Nmap
LAN
Arbitrary substitution
Wardriving
41. logic bomb - trojan horse - trap door
Some external threat concerns
The protected enclave to defense in depth
Remote maintenance
Some types of malicious code
42. Stateful firewalls maintain state of traffic flows
Stateful firewall
Some ways to bypass firewall protections
Arbitrary substitution
The OSI Protocol Stack
43. A time of check/time of use attack that exploits the difference in between when a security control was applied and the time the service was used.
What range is a class C network?
Race conditions
A network protocol
Some common TCP ports
44. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management
NIDS challenges
To establish a TCP session
Snort
Brute force
45. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code
ATM work
Rotation?
The four basic approaches to defense in depth
EXE program infector
46. Connects many WANs - MANs - and LANs - provided via ISP
Some disadvantages of honeypots
Some other UDP based protocols
Internet
What range is a class A network?
47. NTP - BootP/DHCP - NFS file systems - SNMP - TFTP
The TCP/IP model
Some other UDP based protocols
Switches
Worms
48. 192.0.0.0 through 223.255.255.255 - subnet mask of 255.255.255.0
Plaintext
What range is a class C network?
No State Inspection ACK flag set
The four types of events reported by IDS
49. It handles the establishment and maintenance of connections between systems
The session layer
Defense in depth
Boot record infector
Types of ATM virtual circuits
50. TCP/IP - the IP protoco - The core routing protocol of the internet - - deals with transmission of packets between end points - defines the addressing scheme for the internet
Brute force
Multi protocol label switching
What's a VLAN
When implementing protocols - what stack should be used?