SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Metropolitan area network - spans across city or town - larger than a LAN - uses fiber for backbone
When setting up a virtual circuit
MAN
Nmap scanning techniques
What range is a class C network?
2. Used for connecting two physical segments of a network - segments traffic - breaks up collision domains - not generally used because of switches
Some types of malicious code
Bridge
The protected enclave to defense in depth
To close a TCP session
3. 53 - DNS - 67 - BootP - 68 - BootP - 69 - TFTP - 123- NTP - 137-139 NBT - 161 - SNMP - 162 - SNMP - 2049 - NFS
ATM work
Some common UDP ports
SQL Slammer Worm
Router
4. Protocol for mapping an IP address to a physical machine address that is recognized on the local network. A table - usually called the ARP cache - is used to maintain a correlation between each MAC and its corresponding IP address
Address resolution protocol
Stateful firewall
What's an easy way to test encryption?
The physical layer stack
5. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535
Some malware capabilities
EXE program infector
Datagram length of a UDP packet
What threats should be protected against - based on threat levels
6. Going around with equipment to detect wireless networks
Datagram length of a UDP packet
The four types of events reported by IDS
Wardriving
File Integrity checking work
7. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring
Some NIDS topology limitations
IDS signature analysis work
Some disadvantages of honeypots
Address resolution protocol
8. Confidentiality - symmetric encryption
The goals of cryptography
Race conditions
Router
Hubs
9. Replicates traffic onto all ports - no traffic monitoring - cannot control which ports should or shouldn't receive frames - forming a large collision domain.
The three goals of security
Hubs
Ciphertext
Group
10. A spoofed IP is used to send a SYN to the target. It then responds with a SYN/ACK that never receives the final ACK to complete the handshake. This occupies a portion of the target's pre-established buffer for TCP and can prevent the target from acce
3-way handshake
SYN flood
A netmask
No State Inspection ACK flag set
11. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters
The presentation layer
Rotation?
Port scan
Some ways to bypass firewall protections
12. Uniform protection - protected enclaves - information centric - threat vector analysis
The four basic approaches to defense in depth
Bus Topology
The TCP/IP model
Plaintext
13. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously
COM/Script program infector
The five threat vectors
Hping
CIDR
14. Attaches itself to existing program files and activated when the exe is launched
Asynchronous Transfer Mode
Bus Topology
Hping
Program infector
15. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire
Bus Topology
The Information Centric defense in depth
File Integrity checking work
Worms
16. The practice of sending an ACK inside another packet going to the same destination
CIDR
Network stumbler
The transport layer
ACK piggybacking
17. One is for talking - one is for implementing
Address resolution protocol
The difference in stacks
Buffer overflow
Some Pen Test techniques
18. 53 bytes - 48 bytes for data - 5 bytes for the header
Total cell size for asynchronous transfer mode (ATM)
Trap door
To close a TCP session
Logic bomb
19. -Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom
The different cable categories
The protected enclave to defense in depth
The network layer
Some external threat concerns
20. Confidentiality - integrity - availability
Race conditions
The four basic approaches to defense in depth
The three goals of security
EXE program infector
21. Provides insight into the tactics - motives - and attacker tools
Trap door
A blind FTP
Some honeypot advantages
Address resolution protocol
22. free windows based wireless scanner for 802.1b - detects access point settings - supports GSP integration - identifies networks as encrypted or unencrypted
Some NIDS topology limitations
Browsing attack
Network stumbler
Datagram length of a UDP packet
23. Spread as an office attachment with executable code programmed using macro facility - targets are data files - visual basic editor and other macro languages - payload executes when the code is launched
Total cell size for asynchronous transfer mode (ATM)
IDS data normalization
IDS signature analysis work
Macro virus
24. Infected millions through various methods - vulnerability in the MS Server Service - brute force admin password through network shares - infect removable devices with a malicious autorun script
The conficker worm
Best way to protect wireless networks
War Dialing
Some malware propagation techniques
25. Connects many WANs - MANs - and LANs - provided via ISP
Address resolution protocol
PAN
What threats should be protected against - based on threat levels
Internet
26. Considered to be a perimeter device
Snort
What range is a class C network?
Some common TCP ports
Router
27. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment
When setting up a virtual circuit
Group
What range is a class B network?
Best way to protect wireless networks
28. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules
Alteration of code
Snort
Group
Some firewall benefits
29. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS
Race conditions
Honeyd
A blind FTP
Shallow packet inspection
30. Handles transmissions across the physical media like wires - fiber - etc
What range is a class C network?
The four types of events reported by IDS
The physical layer stack
Router
31. OSI
SQL Slammer Worm
What primary threats should be protected against
When talking about protocols and referencing layers - what stack is used
Address resolution protocol
32. rules indicate criteria in packets that represent events of interest - rules are applied to packets as they are received - alerts are created when matches are found
Types of viruses
WAN
IDS signature analysis work
Brute force
33. Good for multimedia - can use small single packets - multicasting is required - speed is the highest priority
The difference in stacks
NIDS advantages
Some reasons to use UDP over TCP
Multi protocol label switching
34. It interacts with the application layer to determine which network services will be required
Some common UDP ports
the application layer
SQL Slammer Worm
What's an easy way to test encryption?
35. Message in its encrypted form
Ciphertext
A blind FTP
Address Resolution Protocol (ARP)
Deep packet inspection
36. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector
Some common UDP ports
Rotation?
Total cell size for asynchronous transfer mode (ATM)
The threat vector analysis in defense in depth
37. local area network - small network confined to small location - all equipment owned by a single entity - vulnerable to inside threats and logic bombs
Bus Topology
Some malware propagation techniques
The Information Centric defense in depth
LAN
38. A system resource that has no legitimate purpose or reason for someone to connect to it - its purpose is to draw in attackers to understand how they break into a system
Some external threat concerns
The Information Centric defense in depth
Honeypot
Alteration of code
39. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0
IDS not
File Integrity checking work
What primary threats should be protected against
What range is a class B network?
40. keeps the same letters - but changes the position within the text - easy to break - can be combined with substitution
Vulnerabilities
Rotation?
What primary threats should be protected against
Permutation
41. 1 and 2 - Voice/Low speed data - 3 - Voice/Data 10Mb - 4 - Voice/Data 16Mb - 5 - 5e - Voice/Data 100Mb to 1Gb - 6 - Standard for gigabit
Logic bomb
Best way to protect wireless networks
The different cable categories
What's a VLAN
42. Very simplistic. All systems are attached to the same cable segment. Rarely used because they're unreliable - low fault tolerance - poor traffic isolation - with limited scalability
NIDS challenges
Bus Topology
Bridge
Anomaly analysis work
43. CIDR is a shorthand way of specifying which portion of the address is the network - and which portion is the host
The five threat vectors
What's a VLAN
CIDR
Vulnerabilities
44. It allows the transport layer to detect when the UDP headers or the payload have been modified in transit
Stateful firewall
Some reasons to use TCP over UDP
Checksum in UDP
Arbitrary substitution
45. An FTP that allows downloads only if the user knows the exact name of the file they're looking for
Ciphertext
A blind FTP
The CIA triad
The conficker worm
46. Slow - requires stateful data tracking - inspects all fields - including variable-length fields
A netcat listener
Denial of service
UDP packet headers
Deep packet inspection
47. Bits of code embedded in programs to quickly gain access at a later time
Some firewall benefits
Trap door
Brute force
No State Inspection ACK flag set
48. Intrusion detection system - it reports attacks against monitored systems/networks
Denial of service
IDS
OS Command Injection defenses
Group
49. TCP/IP - the IP protoco - The core routing protocol of the internet - - deals with transmission of packets between end points - defines the addressing scheme for the internet
Some FTP dangers
When implementing protocols - what stack should be used?
Wardriving
The four basic approaches to defense in depth
50. ATM supports two types of virtual circuits: permanent virtual circuits and switches virtual circuit - PVC is set up in advance - usually manually - SVC is established automatically through a signaling protocol and can be created on the fly - establis
Internet
Types of ATM virtual circuits
The transport layer
Proxy or application gateway