SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535
The five threat vectors
The difference in stacks
Datagram length of a UDP packet
Trap door
2. An FTP that allows downloads only if the user knows the exact name of the file they're looking for
Switches
A blind FTP
The CIA triad
Internet
3. Uses flow control to handle network congestion - can send larger amounts of data per packet - has guaranteed delivery of transmitted data - better protection against spoofing - reduces need for error checking at higher OSI layers
Some reasons to use TCP over UDP
What categories do vulnerabilities fall into?
The five threat vectors
A blind FTP
4. Message in its encrypted form
SYN flood
The conficker worm
Ciphertext
Some other UDP based protocols
5. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability
Some disadvantages of honeypots
NAC
PAN
Permutation
6. Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.
What's an easy way to test encryption?
The different cable categories
Trojan horse
What categories do vulnerabilities fall into?
7. Uses a 1 to 1 substitution of arbitrary numbers - given a one character mapping - you cannot determine the key
Rotation?
Arbitrary substitution
Kismet
The physical layer stack
8. A sends a SYN packet to B - B acknowledges with a SYN/ACK - A replies with ACK
3-way handshake
The protected enclave to defense in depth
Types of ATM virtual circuits
A network protocol
9. Infects MBR - no network spreading potential
Vulnerabilities
SQL Slammer Worm
IDS signature analysis work
Boot record infector
10. Simplest form of a research honeypot - useful in identifying nature of TCP scans - allows attacker to complete 3-way handshake - listens on a defined port - logs incoming requests for analysis
A netcat listener
Kismet
3-way handshake
Best way to protect wireless networks
11. OSI
To close a TCP session
The OSI model
Some ways to bypass firewall protections
When talking about protocols and referencing layers - what stack is used
12. Publish separate mail - web - and DNS servers to the internet - provide appropriate access from internal network to internet - protect internal from external attack - provide defense in depth - protect all aspects of the system
Some network design objectives
Trap door
Deep packet inspection
Types of viruses
13. Replicates traffic onto all ports - no traffic monitoring - cannot control which ports should or shouldn't receive frames - forming a large collision domain.
The OSI model
Hubs
The data link layer
What categories do vulnerabilities fall into?
14. Full open - half open (stealth scan) - UDP - Ping
Router
Nmap scanning techniques
What's an easy way to test encryption?
UDP packet headers
15. Wide Area Network - Larger than MAN or LAN - uses public network - phone lines - and leased lines to tie LAN and MAN over a dispersed area
CIDR
Some common UDP ports
Rootkit
WAN
16. 53 bytes - 48 bytes for data - 5 bytes for the header
File integrity checking work
Total cell size for asynchronous transfer mode (ATM)
When implementing protocols - what stack should be used?
The three goals of security
17. Trying to ID modems in a telephone exchange that may be susceptible to compromise
CIDR
Some Pen Test techniques
LAN
War Dialing
18. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS
The conficker worm
Wardriving
Honeyd
Log monitoring work?
19. Provides insight into traffic on the network - help detect problems with network operations - provides auditing for other security measures
Shallow packet inspection
NIDS advantages
Switches
Some common UDP ports
20. Attacks systems through known vulnerabilities - automatically scans for more systems to attack - lowers system defenses - installs rootkit or root shell - opens up back doors - self contained malware that can copy itself
Social engineering
Worms
Vulnerabilities
The presentation layer
21. True positive - false positive - true negative - false negative
Some common TCP ports
NIDS advantages
The four types of events reported by IDS
Ack Piggybacking
22. NTP - BootP/DHCP - NFS file systems - SNMP - TFTP
Honeyd
Some firewall challenges
Some other UDP based protocols
What categories do vulnerabilities fall into?
23. -Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom
Some external threat concerns
Hping
DDoS attack
The difference in stacks
24. The practice of sending an ACK inside another packet going to the same destination
Ciphertext
Bus Topology
ACK piggybacking
What range is a class C network?
25. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process
To establish a TCP session
LAN
Denial of service
Permutation
26. destruction of data - leaking confidential information - providing backdoor access
Some malware capabilities
The conficker worm
Total cell size for asynchronous transfer mode (ATM)
The five threat vectors
27. Parasitic malware - boot record infector - macro - COM/Script program infector - EXE program infector
No State Inspection ACK flag set
Types of viruses
Hping
To establish a TCP session
28. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management
Some common UDP ports
Browsing attack
Some firewall challenges
NIDS challenges
29. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks
SQL Slammer Worm
The conficker worm
Some reasons to use UDP over TCP
Trap door
30. It interacts with data and prepares it to be transmitted across the network. It ensures reliable connectivity from end-to-end
Parasitic malware
The transport layer
Some network design objectives
Ciphertext
31. Take the file and try to compress it. If it compresses - it means there is a pattern and it's more easily crackable
32. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con
Proxy or application gateway
ATM work
the application layer
Log monitoring work?
33. Handles the network address scheme and connectivity of multiple network segments. It handles communication.
The network layer
The session layer
Bridge
Alteration of code
34. Protocol for mapping an IP address to a physical machine address that is recognized on the local network - A table - usually called the ARP cache - is used to maintain a correlation between each MAC and it's corresponding IP address
Anomaly analysis work
The difference in stacks
Address Resolution Protocol (ARP)
Switches
35. Infected millions through various methods - vulnerability in the MS Server Service - brute force admin password through network shares - infect removable devices with a malicious autorun script
The conficker worm
Trap door
Some types of malicious code
Firewall
36. CIDR is a shorthand way of specifying which portion of the address is the network - and which portion is the host
CIDR
The goals of cryptography
What categories do vulnerabilities fall into?
What range is a class A network?
37. War dialing - war driving - Sniffing - eavesdropping - dumpster diving - social engineering
Vulnerabilities
Some Pen Test techniques
ATM work
The goals of cryptography
38. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.
Some external threat concerns
LAN
Stateless packet filter
Log monitoring work?
39. Attaches itself to existing program files and activated when the exe is launched
TFTP
Race conditions
Overview of TCP
Program infector
40. Most commonly used transport protocol today - ensures reliable packet delivery - has error handling built in
Anomaly analysis work
Some common UDP ports
Logic bomb
Overview of TCP
41. Free linux WLAN analysis tool - completely passive - cannot be detected - supports advanced GPS integration and mapping features - used for wardriving - WLAN vulerability assessment
Kismet
The OSI Protocol Stack
Deep packet inspection
EXE program infector
42. Simple attack done by simply browsing available information that's allowed on a local network.
The data link layer
LAN
Browsing attack
The different cable categories
43. A cracking tool inserted into the OS that allows the attacker to do as they please.
ACK piggybacking
Network stumbler
Rootkit
Alteration of code
44. When someone has compromised the integrity of data or a program. Allows attackers to create backdoors.
Alteration of code
The presentation layer
The Information Centric defense in depth
Worms
45. Handles transmissions across the physical media like wires - fiber - etc
Stateless packet filter
The physical layer stack
Vulnerabilities
Brute force
46. Attempt to manipulate or trick a person into providing information or access - bypass network security by exploiting humans - vector is often outside attack by telephone or visitor inside
Some firewall challenges
Social engineering
Types of viruses
Some Pen Test techniques
47. It allows the transport layer to detect when the UDP headers or the payload have been modified in transit
A netmask
Permutation
Anomaly analysis work
Checksum in UDP
48. Anonymous FTP - FTP passes through clear text - Bounce attacks with the PORT command - user can cause an FTP to open a connection from the FTP's own commands and bypass a firewall
Some FTP dangers
No State Inspection ACK flag set
Some network design objectives
Datagram length of a UDP packet
49. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored
Honeypot
Log monitoring work?
Bus Topology
Parasitic malware
50. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0
What range is a class A network?
OS Command Injection defenses
Nmap
Honeyd