SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Message in its encrypted form
Overview of TCP
Some ways to bypass firewall protections
Ciphertext
Shallow packet inspection
2. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters
Deep packet inspection
Integrity of Data
War Dialing
Rotation?
3. An attacker recruits zombie systems ahead of time to simultaneously release a flood of traffic at a specific target.
Stateful firewall
Port scan
DDoS attack
Some other UDP based protocols
4. Anonymous FTP - FTP passes through clear text - Bounce attacks with the PORT command - user can cause an FTP to open a connection from the FTP's own commands and bypass a firewall
Some Pen Test techniques
Social engineering
SYN flood
Some FTP dangers
5. The practice of sending an ACK inside another packet going to the same destination
ACK piggybacking
The five threat vectors
Some malware propagation techniques
TFTP
6. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire
Brute force
File Integrity checking work
No State Inspection ACK flag set
The three goals of security
7. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules
Integrity of Data
Boot record infector
Snort
Some Pen Test techniques
8. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0
Some reasons to use UDP over TCP
OS Command Injection defenses
What range is a class A network?
What's an easy way to test encryption?
9. Identify critical assets and provide layered protection - data is accessed by applications - applications reside on hosts - hosts operate on networks
The TCP/IP model
The Information Centric defense in depth
Some NIDS topology limitations
Some malware propagation techniques
10. Uses flow control to handle network congestion - can send larger amounts of data per packet - has guaranteed delivery of transmitted data - better protection against spoofing - reduces need for error checking at higher OSI layers
Network stumbler
PAN
Some reasons to use UDP over TCP
Some reasons to use TCP over UDP
11. Infects MBR - no network spreading potential
Boot record infector
No State Inspection ACK flag set
OS Command Injection defenses
Proxy or application gateway
12. logic bomb - trojan horse - trap door
DDoS attack
What's an easy way to test encryption?
Some Pen Test techniques
Some types of malicious code
13. Hash Authentication - asymmetric - non repudiation - digital signature - hash + asymmetry
Some reasons to use TCP over UDP
Vulnerabilities
When setting up a virtual circuit
Integrity of Data
14. Free linux WLAN analysis tool - completely passive - cannot be detected - supports advanced GPS integration and mapping features - used for wardriving - WLAN vulerability assessment
Rotation?
Kismet
Some other UDP based protocols
EXE program infector
15. Provides insight into traffic on the network - help detect problems with network operations - provides auditing for other security measures
The four basic approaches to defense in depth
What categories do vulnerabilities fall into?
The Uniform Protection to defense in depth
NIDS advantages
16. Combines the functionality of a hub and bride into a single device - keeps track of MACs attached to each port
Switches
Denial of service
Defense in depth
The difference in stacks
17. Publish separate mail - web - and DNS servers to the internet - provide appropriate access from internal network to internet - protect internal from external attack - provide defense in depth - protect all aspects of the system
MAN
Some network design objectives
Program infector
ATM work
18. Metropolitan area network - spans across city or town - larger than a LAN - uses fiber for backbone
Rootkit
MAN
NIDS challenges
CIDR
19. Worms and Wireless - modems - tunnel anything through HTTP - social engineering
Some ways to bypass firewall protections
The protected enclave to defense in depth
Some firewall benefits
Ack Piggybacking
20. Considered to be a perimeter device
Shallow packet inspection
Types of viruses
Address resolution protocol
Router
21. A list of files is defined that should be monitored for a change - HIDS software calculates a one-way hash for each file - if a change is made to the file - the hash is changed
The four types of events reported by IDS
Brute force
File integrity checking work
A netmask
22. It allows the transport layer to detect when the UDP headers or the payload have been modified in transit
Internet
Checksum in UDP
Worms
The presentation layer
23. Used for connecting two physical segments of a network - segments traffic - breaks up collision domains - not generally used because of switches
What's a VLAN
Nmap
The network layer
Bridge
24. Confidentiality - integrity - availability
Some disadvantages of honeypots
NIDS advantages
The CIA triad
What range is a class C network?
25. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP
SQL Slammer Worm
Asynchronous Transfer Mode
Some types of malicious code
Port scan
26. Confidentiality - symmetric encryption
To close a TCP session
The goals of cryptography
Snort
Honeypot
27. An attempt to gain access by bombarding it with guesses until the password is found.
Brute force
IDS data normalization
ACK piggybacking
Types of ATM virtual circuits
28. A time of check/time of use attack that exploits the difference in between when a security control was applied and the time the service was used.
The four types of events reported by IDS
What threats should be protected against - based on threat levels
A netcat listener
Race conditions
29. Maintains complete TCP connection state and sequencing through 2 connections - address translation built-in by virtue of second connection above
Some external threat concerns
Address Resolution Protocol (ARP)
Some Pen Test techniques
Proxy or application gateway
30. One is for talking - one is for implementing
IDS data normalization
Shallow packet inspection
Firewall
The difference in stacks
31. TCP/IP - the IP protoco - The core routing protocol of the internet - - deals with transmission of packets between end points - defines the addressing scheme for the internet
Some disadvantages of honeypots
Some other UDP based protocols
DDoS attack
When implementing protocols - what stack should be used?
32. Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer
Log monitoring work?
The protected enclave to defense in depth
What categories do vulnerabilities fall into?
The OSI model
33. An appliance that controls access between public internet and a companies private network - or between a PC NIC and the rest of the PC.
Plaintext
SYN flood
Firewall
Wardriving
34. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process
Denial of service
Vulnerabilities
Ciphertext
Rotation?
35. Switches along the path can be requested to allocate the desired amount of bandwidth. If the circuit has the required bandwidth - the circuit is set up.
When setting up a virtual circuit
NIDS challenges
IDS signature analysis work
Some firewall benefits
36. CIDR is a shorthand way of specifying which portion of the address is the network - and which portion is the host
The four types of events reported by IDS
CIDR
Logic bomb
Kismet
37. Good for multimedia - can use small single packets - multicasting is required - speed is the highest priority
Port scan
Trojan horse
Best way to protect wireless networks
Some reasons to use UDP over TCP
38. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con
NIDS advantages
To close a TCP session
ATM work
Deep packet inspection
39. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection
Some malware propagation techniques
Some firewall benefits
When implementing protocols - what stack should be used?
TFTP
40. Network scanner.
A network protocol
Integrity of Data
Nmap
Total cell size for asynchronous transfer mode (ATM)
41. Uses a 1 to 1 substitution of arbitrary numbers - given a one character mapping - you cannot determine the key
Arbitrary substitution
Ack Piggybacking
Asynchronous Transfer Mode
Alteration of code
42. Weakness in a system - inherent in a complex system - majority are due to poor coding - gateway by which threats are manifested
Some Pen Test techniques
Stateful firewall
When setting up a virtual circuit
Vulnerabilities
43. Connects the physical part of the network (cables) with the abstract (packets and datastreams)
When setting up a virtual circuit
Some firewall challenges
The data link layer
Vulnerabilities
44. -Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom
PAN
Some external threat concerns
Integrity of Data
Kismet
45. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management
The presentation layer
NIDS challenges
Overview of TCP
Honeypot
46. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.
Address Resolution Protocol (ARP)
LAN
Hping
Stateless packet filter
47. Intellectual property - business goals - validated data - historical
When setting up a virtual circuit
What threats should be protected against - based on threat levels
Some malware propagation techniques
Honeypot
48. Unencrypted message in its original form
Parasitic malware
Risk
Rotation?
Plaintext
49. Prepends to the beginning of the file and gains control when the first instruction of the infected COM file is executed - appending to the end - virus writes its payload to the end and inserts jump instruction as the first instruction - which execute
TFTP
Smurf attack
The transport layer
COM/Script program infector
50. Network traffic to the host - typically listens on all interface - uses signature analysis to identify events of interest
HIDS monitor
Bridge
The OSI Protocol Stack
The data link layer