SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Provides insight into traffic on the network - help detect problems with network operations - provides auditing for other security measures
Denial of service
No State Inspection ACK flag set
NIDS advantages
To establish a TCP session
2. A list of files is defined that should be monitored for a change - HIDS software calculates a one-way hash for each file - if a change is made to the file - the hash is changed
NIDS challenges
File integrity checking work
What range is a class A network?
Program infector
3. Hash Authentication - asymmetric - non repudiation - digital signature - hash + asymmetry
Trap door
IDS signature analysis work
Risk
Integrity of Data
4. Personal area network - phone tethering - bluetooth - etc
LAN
What primary threats should be protected against
PAN
Types of ATM virtual circuits
5. Anonymous FTP - FTP passes through clear text - Bounce attacks with the PORT command - user can cause an FTP to open a connection from the FTP's own commands and bypass a firewall
Overview of TCP
Some FTP dangers
Some types of malicious code
The five threat vectors
6. Not frequently seen on LANs because of expense - because of its traffic predictability and high bandwidth support - it's good for video streaming - encapsulates common protocols - uses virtual path identifiers to create end to end connectivity - has
Deep packet inspection
Some malware capabilities
Asynchronous Transfer Mode
Some ways to bypass firewall protections
7. Full open - half open (stealth scan) - UDP - Ping
The protected enclave to defense in depth
Nmap scanning techniques
Some Pen Test techniques
Group
8. FIN 130 - ACK 131 - FIN 570 - ACK 571
The CIA triad
The Information Centric defense in depth
To close a TCP session
Alteration of code
9. Unified data carrying service - replacing from replay and ATM
Defense in depth
Honeyd
Multi protocol label switching
Asynchronous Transfer Mode
10. An attempt to gain access by bombarding it with guesses until the password is found.
Overview of TCP
Some disadvantages of honeypots
Brute force
ACK piggybacking
11. Intrusion detection system - it reports attacks against monitored systems/networks
Rootkit
The difference in stacks
IDS
What categories do vulnerabilities fall into?
12. Protocol for mapping an IP address to a physical machine address that is recognized on the local network. A table - usually called the ARP cache - is used to maintain a correlation between each MAC and its corresponding IP address
The goals of cryptography
OS Command Injection defenses
Address resolution protocol
Shallow packet inspection
13. fast - with little fidelity - examines header information and limited payload data
Shallow packet inspection
A blind FTP
What range is a class A network?
Some firewall challenges
14. Four layers - Network Layer - Internet Layer - Transport Layer - Application layer
The TCP/IP model
Some honeypot advantages
The physical layer stack
To close a TCP session
15. NTP - BootP/DHCP - NFS file systems - SNMP - TFTP
A blind FTP
When implementing protocols - what stack should be used?
Some other UDP based protocols
The Uniform Protection to defense in depth
16. Slow - requires stateful data tracking - inspects all fields - including variable-length fields
Address Resolution Protocol (ARP)
Parasitic malware
Deep packet inspection
Hping
17. Intellectual property - business goals - validated data - historical
When talking about protocols and referencing layers - what stack is used
What threats should be protected against - based on threat levels
Nmap
What's an easy way to test encryption?
18. Syn - Syn/Ack - Ack
Race conditions
Some reasons to use TCP over UDP
To establish a TCP session
IDS not
19. Identify critical assets and provide layered protection - data is accessed by applications - applications reside on hosts - hosts operate on networks
Nmap scanning techniques
NAC
Buffer overflow
The Information Centric defense in depth
20. 53 bytes - 48 bytes for data - 5 bytes for the header
Total cell size for asynchronous transfer mode (ATM)
When implementing protocols - what stack should be used?
War Dialing
Smurf attack
21. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters
Some common TCP ports
Bridge
Rotation?
Types of ATM virtual circuits
22. It handles the establishment and maintenance of connections between systems
When talking about protocols and referencing layers - what stack is used
The session layer
Deep packet inspection
Defense in depth
23. Trying to ID modems in a telephone exchange that may be susceptible to compromise
Multi protocol label switching
No State Inspection ACK flag set
War Dialing
Some reasons to use TCP over UDP
24. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS
When setting up a virtual circuit
A netcat listener
IDS data normalization
Honeyd
25. Network scanner.
Wardriving
Multi protocol label switching
Nmap
Bridge
26. Very simplistic. All systems are attached to the same cable segment. Rarely used because they're unreliable - low fault tolerance - poor traffic isolation - with limited scalability
The threat vector analysis in defense in depth
Bus Topology
The different cable categories
Types of ATM virtual circuits
27. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con
ATM work
Some types of malicious code
Deep packet inspection
What categories do vulnerabilities fall into?
28. Uniform protection - protected enclaves - information centric - threat vector analysis
COM/Script program infector
The four basic approaches to defense in depth
WAN
Defense in depth
29. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.
Browsing attack
Stateless packet filter
What ways should the crypto key be protected?
The four types of events reported by IDS
30. It makes sure the data sent from one side to the other is in a format useful to the other side
Risk
The presentation layer
No State Inspection ACK flag set
Stateless packet filter
31. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.
Remote maintenance
Buffer overflow
Types of ATM virtual circuits
Some common UDP ports
32. Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer
The OSI model
Some network design objectives
The threat vector analysis in defense in depth
What range is a class B network?
33. -Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom
Some external threat concerns
The TCP/IP model
Some disadvantages of honeypots
Types of viruses
34. Confidentiality - symmetric encryption
The goals of cryptography
The different cable categories
Anomaly analysis work
Some NIDS topology limitations
35. Used for connecting two physical segments of a network - segments traffic - breaks up collision domains - not generally used because of switches
When implementing protocols - what stack should be used?
WAN
To establish a TCP session
Bridge
36. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection
The data link layer
IDS data normalization
The network layer
Some firewall benefits
37. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment
Some external threat concerns
Best way to protect wireless networks
Worms
The physical layer stack
38. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process
Ciphertext
The CIA triad
Denial of service
Internet
39. Means multiple iterations won't matter. If you encrypt with a key - then re-encrypt - it's the same as using one key.
Some firewall challenges
The Information Centric defense in depth
Group
Defense in depth
40. An FTP that allows downloads only if the user knows the exact name of the file they're looking for
The Information Centric defense in depth
Asynchronous Transfer Mode
NAC
A blind FTP
41. War dialing - war driving - Sniffing - eavesdropping - dumpster diving - social engineering
Trojan horse
Some firewall challenges
WAN
Some Pen Test techniques
42. Free linux WLAN analysis tool - completely passive - cannot be detected - supports advanced GPS integration and mapping features - used for wardriving - WLAN vulerability assessment
Remote maintenance
Types of viruses
SQL Slammer Worm
Kismet
43. When someone has compromised the integrity of data or a program. Allows attackers to create backdoors.
A blind FTP
Plaintext
Alteration of code
Remote maintenance
44. Connects the physical part of the network (cables) with the abstract (packets and datastreams)
The data link layer
Some reasons to use UDP over TCP
File Integrity checking work
The goals of cryptography
45. keeps the same letters - but changes the position within the text - easy to break - can be combined with substitution
the application layer
LAN
Overview of TCP
Permutation
46. A cracking tool inserted into the OS that allows the attacker to do as they please.
Rootkit
Logic bomb
A netmask
Datagram length of a UDP packet
47. Stateful firewalls maintain state of traffic flows
Stateful firewall
Trojan horse
Some firewall challenges
A netcat listener
48. Attaches itself to existing program files and activated when the exe is launched
Some malware capabilities
the application layer
Program infector
IDS not
49. Confidentiality - integrity - availability
The CIA triad
Some disadvantages of honeypots
Checksum in UDP
Firewall
50. Protected at rest - protected in transit - secure the key
Ciphertext
Hubs
ACK piggybacking
What ways should the crypto key be protected?