Test your basic knowledge |

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols






2. Connects many WANs - MANs - and LANs - provided via ISP






3. Means multiple iterations won't matter. If you encrypt with a key - then re-encrypt - it's the same as using one key.






4. Unencrypted message in its original form






5. An attacker spoofs the victim's IP and sends an ICMP ECHO request to the broadcast address of a network. When every system responds - a DoS occurs.






6. Netmasks or subnets provide a method for identifying what portion of an address is the network - and what portion is the host






7. Handles the network address scheme and connectivity of multiple network segments. It handles communication.






8. free windows based wireless scanner for 802.1b - detects access point settings - supports GSP integration - identifies networks as encrypted or unencrypted






9. A sends a SYN packet to B - B acknowledges with a SYN/ACK - A replies with ACK






10. Confidentiality - integrity - availability






11. Outside attack from network - Outsider attack from telephone - Insider attack from local network - insider attack from local system - attack from malicious code






12. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire






13. Good for multimedia - can use small single packets - multicasting is required - speed is the highest priority






14. Parasitic malware - boot record infector - macro - COM/Script program infector - EXE program infector






15. A cracking tool inserted into the OS that allows the attacker to do as they please.






16. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored






17. OSI






18. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere






19. Simple attack done by simply browsing available information that's allowed on a local network.






20. It makes sure the data sent from one side to the other is in a format useful to the other side






21. Small program triggered by an event that provides an action. E.g. scheduled file removal if countdown isn't reset - ie: employee was fired






22. Slow - requires stateful data tracking - inspects all fields - including variable-length fields






23. A time of check/time of use attack that exploits the difference in between when a security control was applied and the time the service was used.






24. Network traffic to the host - typically listens on all interface - uses signature analysis to identify events of interest






25. A spoofed IP is used to send a SYN to the target. It then responds with a SYN/ACK that never receives the final ACK to complete the handshake. This occupies a portion of the target's pre-established buffer for TCP and can prevent the target from acce






26. An attempt to gain access by bombarding it with guesses until the password is found.






27. Connects the physical part of the network (cables) with the abstract (packets and datastreams)






28. The Practice of sending an ACK inside another packet going to the same destination






29. Infects MBR - no network spreading potential






30. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules






31. Most commonly used transport protocol today - ensures reliable packet delivery - has error handling built in






32. It handles the establishment and maintenance of connections between systems






33. risk = threat x vulnerability - impossible to eliminate - security is an exercise in loss reduction






34. Attaches itself to existing program files and activated when the exe is launched






35. flags anomalous conditions in traffic on the network - requires understanding on what is normal - bases good traffic as a baseline






36. Confidentiality - symmetric encryption






37. Uniform protection - protected enclaves - information centric - threat vector analysis






38. Four layers - Network Layer - Internet Layer - Transport Layer - Application layer






39. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability






40. FIN 130 - ACK 131 - FIN 570 - ACK 571






41. Attacks systems through known vulnerabilities - automatically scans for more systems to attack - lowers system defenses - installs rootkit or root shell - opens up back doors - self contained malware that can copy itself






42. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input






43. keeps the same letters - but changes the position within the text - easy to break - can be combined with substitution






44. 53 - DNS - 67 - BootP - 68 - BootP - 69 - TFTP - 123- NTP - 137-139 NBT - 161 - SNMP - 162 - SNMP - 2049 - NFS






45. Considered to be a perimeter device






46. Most common approach - firewall - VPN - intrusion detection - AV - disk encryption - all parts of the organization receive equal protection - particularly vulnerable to malicious inside attacks






47. Going around with equipment to detect wireless networks






48. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.






49. Used for connecting two physical segments of a network - segments traffic - breaks up collision domains - not generally used because of switches






50. Simplest form of a research honeypot - useful in identifying nature of TCP scans - allows attacker to complete 3-way handshake - listens on a defined port - logs incoming requests for analysis