Test your basic knowledge |

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A list of files is defined that should be monitored for a change - HIDS software calculates a one-way hash for each file - if a change is made to the file - the hash is changed






2. 53 bytes - 48 bytes for data - 5 bytes for the header






3. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire






4. Infects MBR - no network spreading potential






5. Switches along the path can be requested to allocate the desired amount of bandwidth. If the circuit has the required bandwidth - the circuit is set up.






6. A cracking tool inserted into the OS that allows the attacker to do as they please.






7. Uses a 1 to 1 substitution of arbitrary numbers - given a one character mapping - you cannot determine the key






8. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS






9. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code






10. keeps the same letters - but changes the position within the text - easy to break - can be combined with substitution






11. Most common approach - firewall - VPN - intrusion detection - AV - disk encryption - all parts of the organization receive equal protection - particularly vulnerable to malicious inside attacks






12. Attaches itself to existing program files and activated when the exe is launched






13. Known - unknown - zero day






14. Most commonly used transport protocol today - ensures reliable packet delivery - has error handling built in






15. It interacts with data and prepares it to be transmitted across the network. It ensures reliable connectivity from end-to-end






16. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols






17. 1. physical 2. data 3. network 4. transport 5. session 6. presentation 7. application






18. Simple attack done by simply browsing available information that's allowed on a local network.






19. Unencrypted message in its original form






20. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere






21. An attacker recruits zombie systems ahead of time to simultaneously release a flood of traffic at a specific target.






22. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0






23. Slow - requires stateful data tracking - inspects all fields - including variable-length fields






24. 192.0.0.0 through 223.255.255.255 - subnet mask of 255.255.255.0






25. Very simplistic. All systems are attached to the same cable segment. Rarely used because they're unreliable - low fault tolerance - poor traffic isolation - with limited scalability






26. It makes sure the data sent from one side to the other is in a format useful to the other side






27. Trivial File Transfer Protocol - method to transfer files from one device to another without needing authentication






28. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules






29. Going around with equipment to detect wireless networks






30. Uses flow control to handle network congestion - can send larger amounts of data per packet - has guaranteed delivery of transmitted data - better protection against spoofing - reduces need for error checking at higher OSI layers






31. Netmasks or subnets provide a method for identifying what portion of an address is the network - and what portion is the host






32. An agreement on how different computer will work - protocols define the format and order of messages and what to do upon receipt of the messages - basically the rules of the network






33. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con






34. Syn - Syn/Ack - Ack






35. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS






36. An attempt to gain access by bombarding it with guesses until the password is found.






37. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP






38. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process






39. Simplest form of a research honeypot - useful in identifying nature of TCP scans - allows attacker to complete 3-way handshake - listens on a defined port - logs incoming requests for analysis






40. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0






41. Intrusion detection system - it reports attacks against monitored systems/networks






42. The practice of sending an ACK inside another packet going to the same destination






43. Good for multimedia - can use small single packets - multicasting is required - speed is the highest priority






44. fast - with little fidelity - examines header information and limited payload data






45. Identify critical assets and provide layered protection - data is accessed by applications - applications reside on hosts - hosts operate on networks






46. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input






47. Provides insight into the tactics - motives - and attacker tools






48. Publish separate mail - web - and DNS servers to the internet - provide appropriate access from internal network to internet - protect internal from external attack - provide defense in depth - protect all aspects of the system






49. Confidentiality - integrity - availability






50. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535