SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Provides insight into the tactics - motives - and attacker tools
Internet
Shallow packet inspection
SQL Slammer Worm
Some honeypot advantages
2. Network scanner.
A netcat listener
What range is a class C network?
Anomaly analysis work
Nmap
3. Known - unknown - zero day
Parasitic malware
Some ways to bypass firewall protections
What categories do vulnerabilities fall into?
Some NIDS topology limitations
4. 53 - DNS - 67 - BootP - 68 - BootP - 69 - TFTP - 123- NTP - 137-139 NBT - 161 - SNMP - 162 - SNMP - 2049 - NFS
Some common UDP ports
Firewall
SQL Slammer Worm
Worms
5. It interacts with data and prepares it to be transmitted across the network. It ensures reliable connectivity from end-to-end
DDoS attack
The transport layer
Browsing attack
Types of ATM virtual circuits
6. Uses a 1 to 1 substitution of arbitrary numbers - given a one character mapping - you cannot determine the key
Arbitrary substitution
ACK piggybacking
Router
The physical layer stack
7. Confidentiality - integrity - availability
The Information Centric defense in depth
Hubs
The three goals of security
Defense in depth
8. Hash Authentication - asymmetric - non repudiation - digital signature - hash + asymmetry
Program infector
Integrity of Data
OS Command Injection defenses
Some disadvantages of honeypots
9. The practice of sending an ACK inside another packet going to the same destination
Brute force
Some other UDP based protocols
Router
ACK piggybacking
10. Weakness in a system - inherent in a complex system - majority are due to poor coding - gateway by which threats are manifested
Total cell size for asynchronous transfer mode (ATM)
Some reasons to use UDP over TCP
Deep packet inspection
Vulnerabilities
11. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.
A blind FTP
Stateless packet filter
The physical layer stack
NIDS challenges
12. Confidentiality - integrity - availability
Nmap
The CIA triad
The goals of cryptography
The network layer
13. ATM supports two types of virtual circuits: permanent virtual circuits and switches virtual circuit - PVC is set up in advance - usually manually - SVC is established automatically through a signaling protocol and can be created on the fly - establis
Types of ATM virtual circuits
Multi protocol label switching
When talking about protocols and referencing layers - what stack is used
When setting up a virtual circuit
14. Relies on executable code insertion and user interaction to spread
IDS
Parasitic malware
the application layer
Group
15. Not a replacement for firewalls - hardening - strong policies - or other DiD methods - low maintenance - inexpensive
A netmask
IDS not
War Dialing
Smurf attack
16. Combines the functionality of a hub and bride into a single device - keeps track of MACs attached to each port
Some malware capabilities
Wardriving
Switches
Some malware propagation techniques
17. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con
ATM work
A netmask
Worms
What range is a class B network?
18. Handles the network address scheme and connectivity of multiple network segments. It handles communication.
Shallow packet inspection
What ways should the crypto key be protected?
The network layer
No State Inspection ACK flag set
19. 1 and 2 - Voice/Low speed data - 3 - Voice/Data 10Mb - 4 - Voice/Data 16Mb - 5 - 5e - Voice/Data 100Mb to 1Gb - 6 - Standard for gigabit
The different cable categories
Risk
NIDS challenges
Some network design objectives
20. A sends a SYN packet to B - B acknowledges with a SYN/ACK - A replies with ACK
IDS not
The difference in stacks
3-way handshake
Some malware capabilities
21. One is for talking - one is for implementing
The difference in stacks
Asynchronous Transfer Mode
Vulnerabilities
SYN flood
22. Protocol for mapping an IP address to a physical machine address that is recognized on the local network. A table - usually called the ARP cache - is used to maintain a correlation between each MAC and its corresponding IP address
Address resolution protocol
Ack Piggybacking
IDS data normalization
CIDR
23. Going around with equipment to detect wireless networks
MAN
Remote maintenance
The data link layer
Wardriving
24. The Practice of sending an ACK inside another packet going to the same destination
Ack Piggybacking
3-way handshake
Proxy or application gateway
Stateless packet filter
25. NTP - BootP/DHCP - NFS file systems - SNMP - TFTP
Some other UDP based protocols
Asynchronous Transfer Mode
The OSI model
Program infector
26. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls
The transport layer
Some firewall challenges
TFTP
Permutation
27. Isolates systems when they initially connect to the network - allows systems to be scanned and checked prior to being put on a trusted segment
Some common TCP ports
What primary threats should be protected against
NAC
Some reasons to use TCP over UDP
28. Intellectual property - business goals - validated data - historical
Permutation
Ack Piggybacking
What threats should be protected against - based on threat levels
Snort
29. An attacker recruits zombie systems ahead of time to simultaneously release a flood of traffic at a specific target.
The threat vector analysis in defense in depth
DDoS attack
The session layer
Boot record infector
30. It makes sure the data sent from one side to the other is in a format useful to the other side
The presentation layer
TFTP
War Dialing
Kismet
31. Network traffic to the host - typically listens on all interface - uses signature analysis to identify events of interest
The session layer
Honeypot
HIDS monitor
Nmap scanning techniques
32. It allows the transport layer to detect when the UDP headers or the payload have been modified in transit
Checksum in UDP
Bus Topology
Types of viruses
File Integrity checking work
33. Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer
Trap door
Wardriving
The OSI model
Browsing attack
34. 192.0.0.0 through 223.255.255.255 - subnet mask of 255.255.255.0
Worms
To close a TCP session
What range is a class C network?
Alteration of code
35. OSI
When talking about protocols and referencing layers - what stack is used
What ways should the crypto key be protected?
What's an easy way to test encryption?
Integrity of Data
36. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0
What range is a class B network?
What range is a class A network?
Vulnerabilities
Race conditions
37. A spoofed IP is used to send a SYN to the target. It then responds with a SYN/ACK that never receives the final ACK to complete the handshake. This occupies a portion of the target's pre-established buffer for TCP and can prevent the target from acce
SYN flood
Some firewall benefits
Stateless packet filter
Some disadvantages of honeypots
38. A cracking tool inserted into the OS that allows the attacker to do as they please.
The network layer
A netmask
Nmap
Rootkit
39. local area network - small network confined to small location - all equipment owned by a single entity - vulnerable to inside threats and logic bombs
LAN
TFTP
IDS signature analysis work
3-way handshake
40. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535
IDS not
Some malware capabilities
Datagram length of a UDP packet
The physical layer stack
41. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management
the application layer
The Uniform Protection to defense in depth
NIDS challenges
IDS not
42. Confidentiality - symmetric encryption
The goals of cryptography
PAN
Some honeypot advantages
The Information Centric defense in depth
43. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.
Buffer overflow
OS Command Injection defenses
Network stumbler
DDoS attack
44. Spread as an office attachment with executable code programmed using macro facility - targets are data files - visual basic editor and other macro languages - payload executes when the code is launched
Macro virus
What categories do vulnerabilities fall into?
Rotation?
IDS not
45. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring
File Integrity checking work
Some NIDS topology limitations
Permutation
Some network design objectives
46. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP
Ack Piggybacking
Port scan
The three goals of security
What categories do vulnerabilities fall into?
47. Outside attack from network - Outsider attack from telephone - Insider attack from local network - insider attack from local system - attack from malicious code
NIDS challenges
Some reasons to use TCP over UDP
The five threat vectors
A netmask
48. rules indicate criteria in packets that represent events of interest - rules are applied to packets as they are received - alerts are created when matches are found
Worms
IDS signature analysis work
Remote maintenance
Address Resolution Protocol (ARP)
49. Small program triggered by an event that provides an action. E.g. scheduled file removal if countdown isn't reset - ie: employee was fired
Multi protocol label switching
WAN
The three goals of security
Logic bomb
50. Malware - insider threat - natural disaster - terrorism - pandemic
Some malware capabilities
The three goals of security
Defense in depth
What primary threats should be protected against