Test your basic knowledge |

GIAC

Subjects : certifications, giac, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum
The five threat vectors
Some NIDS topology limitations
DDoS attack
UDP packet headers

2. Prepends to the beginning of the file and gains control when the first instruction of the infected COM file is executed - appending to the end - virus writes its payload to the end and inserts jump instruction as the first instruction - which execute
When talking about protocols and referencing layers - what stack is used
The difference in stacks
SQL Slammer Worm
COM/Script program infector

3. When someone has compromised the integrity of data or a program. Allows attackers to create backdoors.
The data link layer
Parasitic malware
Alteration of code
NIDS advantages

4. Unencrypted message in its original form
Plaintext
Address resolution protocol
Some network design objectives
The transport layer

5. It interacts with data and prepares it to be transmitted across the network. It ensures reliable connectivity from end-to-end
The transport layer
NIDS advantages
Overview of TCP
IDS data normalization

6. Switches along the path can be requested to allocate the desired amount of bandwidth. If the circuit has the required bandwidth - the circuit is set up.
Some reasons to use TCP over UDP
Plaintext
When setting up a virtual circuit
The different cable categories

7. Stateful firewalls maintain state of traffic flows
Stateful firewall
Checksum in UDP
IDS data normalization
No State Inspection ACK flag set

8. One is for talking - one is for implementing
The five threat vectors
CIDR
The presentation layer
The difference in stacks

9. 192.0.0.0 through 223.255.255.255 - subnet mask of 255.255.255.0
What range is a class C network?
The presentation layer
Deep packet inspection
What's a VLAN

10. Syn - Syn/Ack - Ack
To establish a TCP session
The TCP/IP model
Denial of service
Bridge

11. A spoofed IP is used to send a SYN to the target. It then responds with a SYN/ACK that never receives the final ACK to complete the handshake. This occupies a portion of the target's pre-established buffer for TCP and can prevent the target from acce
File integrity checking work
What primary threats should be protected against
SYN flood
Smurf attack

12. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire
Wardriving
MAN
File Integrity checking work
When setting up a virtual circuit

13. flags anomalous conditions in traffic on the network - requires understanding on what is normal - bases good traffic as a baseline
The different cable categories
Some firewall challenges
Anomaly analysis work
Port scan

14. NTP - BootP/DHCP - NFS file systems - SNMP - TFTP
A blind FTP
Some other UDP based protocols
Stateful firewall
Buffer overflow

15. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters
WAN
DDoS attack
Rotation?
Hping

16. Hash Authentication - asymmetric - non repudiation - digital signature - hash + asymmetry
The physical layer stack
Some common UDP ports
Plaintext
Integrity of Data

17. Slow - requires stateful data tracking - inspects all fields - including variable-length fields
What's an easy way to test encryption?
Some types of malicious code
Deep packet inspection
The CIA triad

18. It allows the transport layer to detect when the UDP headers or the payload have been modified in transit
The transport layer
Checksum in UDP
Some common UDP ports
Switches

19. Confidentiality - symmetric encryption
Address resolution protocol
Some disadvantages of honeypots
The OSI model
The goals of cryptography

20. Full open - half open (stealth scan) - UDP - Ping
Social engineering
Vulnerabilities
Nmap scanning techniques
Datagram length of a UDP packet

21. Attacks systems through known vulnerabilities - automatically scans for more systems to attack - lowers system defenses - installs rootkit or root shell - opens up back doors - self contained malware that can copy itself
Program infector
Types of viruses
The four basic approaches to defense in depth
Worms

22. It interacts with the application layer to determine which network services will be required
the application layer
HIDS monitor
Some firewall benefits
File integrity checking work

23. Netmasks or subnets provide a method for identifying what portion of an address is the network - and what portion is the host
Types of ATM virtual circuits
A netmask
The OSI Protocol Stack
Vulnerabilities

24. Infected millions through various methods - vulnerability in the MS Server Service - brute force admin password through network shares - infect removable devices with a malicious autorun script
The conficker worm
COM/Script program infector
What ways should the crypto key be protected?
Bus Topology

25. Protected at rest - protected in transit - secure the key
What ways should the crypto key be protected?
Program infector
TFTP
No State Inspection ACK flag set

26. Intellectual property - business goals - validated data - historical
No State Inspection ACK flag set
Trojan horse
When implementing protocols - what stack should be used?
What threats should be protected against - based on threat levels

27. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere
The threat vector analysis in defense in depth
What ways should the crypto key be protected?
Bus Topology
Remote maintenance

28. destruction of data - leaking confidential information - providing backdoor access
Some NIDS topology limitations
Some malware capabilities
Address resolution protocol
Permutation

29. Unified data carrying service - replacing from replay and ATM
The three goals of security
Multi protocol label switching
The session layer
File integrity checking work

30. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.
A blind FTP
Rotation?
SQL Slammer Worm
Buffer overflow

31. Handles transmissions across the physical media like wires - fiber - etc
Best way to protect wireless networks
A network protocol
OS Command Injection defenses
The physical layer stack

32. A list of files is defined that should be monitored for a change - HIDS software calculates a one-way hash for each file - if a change is made to the file - the hash is changed
File integrity checking work
Wardriving
The TCP/IP model
The presentation layer

33. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con
Vulnerabilities
A netmask
Bus Topology
ATM work

34. FIN 130 - ACK 131 - FIN 570 - ACK 571
Some firewall challenges
Some common UDP ports
To close a TCP session
CIDR

35. Isolates systems when they initially connect to the network - allows systems to be scanned and checked prior to being put on a trusted segment
Bus Topology
Some types of malicious code
Logic bomb
NAC

36. 53 bytes - 48 bytes for data - 5 bytes for the header
Total cell size for asynchronous transfer mode (ATM)
Boot record infector
Buffer overflow
Snort

37. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process
Firewall
Trojan horse
Denial of service
Switches

38. Confidentiality - integrity - availability
the application layer
The three goals of security
SQL Slammer Worm
Permutation

39. Work groups that require additional protection are segmented from the rest of the internal organization - restricting access to critical segments - system of VPNs - internal firewall - VLANs and ACLs
Arbitrary substitution
The protected enclave to defense in depth
Rootkit
CIDR

40. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring
Some NIDS topology limitations
Anomaly analysis work
The transport layer
Some types of malicious code

41. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0
HIDS monitor
OS Command Injection defenses
What range is a class A network?
A netmask

42. Very simplistic. All systems are attached to the same cable segment. Rarely used because they're unreliable - low fault tolerance - poor traffic isolation - with limited scalability
The presentation layer
Bus Topology
Browsing attack
What threats should be protected against - based on threat levels

43. TCP/IP - the IP protoco - The core routing protocol of the internet - - deals with transmission of packets between end points - defines the addressing scheme for the internet
Smurf attack
Some firewall benefits
When implementing protocols - what stack should be used?
Trojan horse

44. Means multiple iterations won't matter. If you encrypt with a key - then re-encrypt - it's the same as using one key.
The four basic approaches to defense in depth
Alteration of code
Group
The four types of events reported by IDS

45. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls
Arbitrary substitution
File integrity checking work
Some firewall challenges
SQL Slammer Worm

46. Intrusion detection system - it reports attacks against monitored systems/networks
Internet
IDS
Deep packet inspection
Rotation?

47. free windows based wireless scanner for 802.1b - detects access point settings - supports GSP integration - identifies networks as encrypted or unencrypted
The transport layer
Vulnerabilities
The difference in stacks
Network stumbler

48. True positive - false positive - true negative - false negative
The CIA triad
Plaintext
The four types of events reported by IDS
Some malware propagation techniques

49. Metropolitan area network - spans across city or town - larger than a LAN - uses fiber for backbone
MAN
What range is a class B network?
Some ways to bypass firewall protections
What's an easy way to test encryption?

50. An agreement on how different computer will work - protocols define the format and order of messages and what to do upon receipt of the messages - basically the rules of the network
Plaintext
Hubs
What range is a class B network?
A network protocol