SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Weakness in a system - inherent in a complex system - majority are due to poor coding - gateway by which threats are manifested
Port scan
The session layer
Vulnerabilities
DDoS attack
2. fast - with little fidelity - examines header information and limited payload data
Snort
What threats should be protected against - based on threat levels
Shallow packet inspection
Wardriving
3. 1. physical 2. data 3. network 4. transport 5. session 6. presentation 7. application
The OSI model
The OSI Protocol Stack
Some malware capabilities
NAC
4. Network traffic to the host - typically listens on all interface - uses signature analysis to identify events of interest
Trojan horse
HIDS monitor
Internet
EXE program infector
5. Attempt to manipulate or trick a person into providing information or access - bypass network security by exploiting humans - vector is often outside attack by telephone or visitor inside
Social engineering
Bus Topology
Some reasons to use UDP over TCP
What range is a class B network?
6. packet filter firewalls rely on TCP flags to determine connection state. Attacker can send ACK packets only to bypass firewall.
No State Inspection ACK flag set
File Integrity checking work
CIDR
Rotation?
7. When someone has compromised the integrity of data or a program. Allows attackers to create backdoors.
Some ways to bypass firewall protections
Multi protocol label switching
Alteration of code
Port scan
8. It handles the establishment and maintenance of connections between systems
The threat vector analysis in defense in depth
ACK piggybacking
The session layer
UDP packet headers
9. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector
The threat vector analysis in defense in depth
PAN
No State Inspection ACK flag set
NAC
10. Simple attack done by simply browsing available information that's allowed on a local network.
Social engineering
Browsing attack
OS Command Injection defenses
Trojan horse
11. Isolates systems when they initially connect to the network - allows systems to be scanned and checked prior to being put on a trusted segment
NAC
Rootkit
WAN
Nmap
12. rules indicate criteria in packets that represent events of interest - rules are applied to packets as they are received - alerts are created when matches are found
IDS signature analysis work
ATM work
DDoS attack
Kismet
13. OSI
File integrity checking work
Nmap scanning techniques
Macro virus
When talking about protocols and referencing layers - what stack is used
14. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input
TFTP
Bridge
When implementing protocols - what stack should be used?
OS Command Injection defenses
15. Personal area network - phone tethering - bluetooth - etc
Plaintext
Some other UDP based protocols
PAN
CIDR
16. Not frequently seen on LANs because of expense - because of its traffic predictability and high bandwidth support - it's good for video streaming - encapsulates common protocols - uses virtual path identifiers to create end to end connectivity - has
IDS signature analysis work
Some malware capabilities
Nmap
Asynchronous Transfer Mode
17. local area network - small network confined to small location - all equipment owned by a single entity - vulnerable to inside threats and logic bombs
HIDS monitor
Honeyd
Logic bomb
LAN
18. Good for multimedia - can use small single packets - multicasting is required - speed is the highest priority
Some reasons to use UDP over TCP
Race conditions
EXE program infector
Some network design objectives
19. Wide Area Network - Larger than MAN or LAN - uses public network - phone lines - and leased lines to tie LAN and MAN over a dispersed area
War Dialing
Buffer overflow
To close a TCP session
WAN
20. Intrusion detection system - it reports attacks against monitored systems/networks
Port scan
OS Command Injection defenses
IDS
The goals of cryptography
21. free windows based wireless scanner for 802.1b - detects access point settings - supports GSP integration - identifies networks as encrypted or unencrypted
Network stumbler
IDS data normalization
Port scan
The network layer
22. Small program triggered by an event that provides an action. E.g. scheduled file removal if countdown isn't reset - ie: employee was fired
EXE program infector
Logic bomb
Alteration of code
The Information Centric defense in depth
23. Confidentiality - symmetric encryption
The goals of cryptography
A blind FTP
The different cable categories
NAC
24. Outside attack from network - Outsider attack from telephone - Insider attack from local network - insider attack from local system - attack from malicious code
Integrity of Data
The five threat vectors
Vulnerabilities
Boot record infector
25. Full open - half open (stealth scan) - UDP - Ping
Nmap scanning techniques
Some common TCP ports
The OSI Protocol Stack
SYN flood
26. Free linux WLAN analysis tool - completely passive - cannot be detected - supports advanced GPS integration and mapping features - used for wardriving - WLAN vulerability assessment
Some FTP dangers
Kismet
Ack Piggybacking
The session layer
27. Four layers - Network Layer - Internet Layer - Transport Layer - Application layer
The TCP/IP model
Some reasons to use UDP over TCP
When talking about protocols and referencing layers - what stack is used
Router
28. Infected millions through various methods - vulnerability in the MS Server Service - brute force admin password through network shares - infect removable devices with a malicious autorun script
Nmap
The conficker worm
Some common TCP ports
IDS not
29. It interacts with data and prepares it to be transmitted across the network. It ensures reliable connectivity from end-to-end
The transport layer
Remote maintenance
No State Inspection ACK flag set
IDS not
30. Connects the physical part of the network (cables) with the abstract (packets and datastreams)
The data link layer
UDP packet headers
Shallow packet inspection
Risk
31. Very simplistic. All systems are attached to the same cable segment. Rarely used because they're unreliable - low fault tolerance - poor traffic isolation - with limited scalability
Some ways to bypass firewall protections
The goals of cryptography
Snort
Bus Topology
32. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0
Parasitic malware
Program infector
Router
What range is a class A network?
33. An attacker recruits zombie systems ahead of time to simultaneously release a flood of traffic at a specific target.
The goals of cryptography
Risk
The four basic approaches to defense in depth
DDoS attack
34. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored
Permutation
Some disadvantages of honeypots
War Dialing
Log monitoring work?
35. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process
IDS signature analysis work
Denial of service
The five threat vectors
Boot record infector
36. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring
The three goals of security
Hping
Some NIDS topology limitations
War Dialing
37. Attaches itself to existing program files and activated when the exe is launched
Address resolution protocol
Snort
Program infector
What ways should the crypto key be protected?
38. ATM supports two types of virtual circuits: permanent virtual circuits and switches virtual circuit - PVC is set up in advance - usually manually - SVC is established automatically through a signaling protocol and can be created on the fly - establis
Asynchronous Transfer Mode
The three goals of security
CIDR
Types of ATM virtual circuits
39. Provides insight into traffic on the network - help detect problems with network operations - provides auditing for other security measures
Plaintext
Asynchronous Transfer Mode
NIDS advantages
To establish a TCP session
40. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies
IDS
Defense in depth
Anomaly analysis work
The OSI model
41. Worms and Wireless - modems - tunnel anything through HTTP - social engineering
Some ways to bypass firewall protections
What's an easy way to test encryption?
Plaintext
Internet
42. destruction of data - leaking confidential information - providing backdoor access
Hubs
Browsing attack
A netmask
Some malware capabilities
43. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum
Social engineering
UDP packet headers
The different cable categories
IDS signature analysis work
44. Metropolitan area network - spans across city or town - larger than a LAN - uses fiber for backbone
Group
MAN
Total cell size for asynchronous transfer mode (ATM)
Network stumbler
45. Message in its encrypted form
Network stumbler
Program infector
Ciphertext
The conficker worm
46. Uses a 1 to 1 substitution of arbitrary numbers - given a one character mapping - you cannot determine the key
Arbitrary substitution
Some external threat concerns
DDoS attack
When talking about protocols and referencing layers - what stack is used
47. A spoofed IP is used to send a SYN to the target. It then responds with a SYN/ACK that never receives the final ACK to complete the handshake. This occupies a portion of the target's pre-established buffer for TCP and can prevent the target from acce
IDS
SYN flood
3-way handshake
What ways should the crypto key be protected?
48. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls
Some firewall challenges
UDP packet headers
The session layer
Trap door
49. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535
Hubs
Datagram length of a UDP packet
EXE program infector
The four types of events reported by IDS
50. Syn - Syn/Ack - Ack
IDS signature analysis work
Types of viruses
LAN
To establish a TCP session