SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules
Snort
Switches
IDS signature analysis work
What's a VLAN
2. 192.0.0.0 through 223.255.255.255 - subnet mask of 255.255.255.0
No State Inspection ACK flag set
What range is a class C network?
Some firewall benefits
3-way handshake
3. CIDR is a shorthand way of specifying which portion of the address is the network - and which portion is the host
The physical layer stack
CIDR
The transport layer
ACK piggybacking
4. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment
The conficker worm
Some network design objectives
Best way to protect wireless networks
What's an easy way to test encryption?
5. Network scanner.
Buffer overflow
Asynchronous Transfer Mode
MAN
Nmap
6. A system resource that has no legitimate purpose or reason for someone to connect to it - its purpose is to draw in attackers to understand how they break into a system
Internet
Boot record infector
Honeypot
Types of ATM virtual circuits
7. Worms and Wireless - modems - tunnel anything through HTTP - social engineering
Nmap scanning techniques
Some ways to bypass firewall protections
The transport layer
Smurf attack
8. rules indicate criteria in packets that represent events of interest - rules are applied to packets as they are received - alerts are created when matches are found
Plaintext
HIDS monitor
Anomaly analysis work
IDS signature analysis work
9. Considered to be a perimeter device
What's an easy way to test encryption?
Router
Boot record infector
MAN
10. Not frequently seen on LANs because of expense - because of its traffic predictability and high bandwidth support - it's good for video streaming - encapsulates common protocols - uses virtual path identifiers to create end to end connectivity - has
Stateful firewall
The network layer
Bridge
Asynchronous Transfer Mode
11. Uses flow control to handle network congestion - can send larger amounts of data per packet - has guaranteed delivery of transmitted data - better protection against spoofing - reduces need for error checking at higher OSI layers
the application layer
OS Command Injection defenses
Some reasons to use TCP over UDP
Some FTP dangers
12. Protocol for mapping an IP address to a physical machine address that is recognized on the local network - A table - usually called the ARP cache - is used to maintain a correlation between each MAC and it's corresponding IP address
The protected enclave to defense in depth
The four types of events reported by IDS
Address Resolution Protocol (ARP)
EXE program infector
13. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0
What range is a class B network?
Trap door
A blind FTP
Best way to protect wireless networks
14. Hash Authentication - asymmetric - non repudiation - digital signature - hash + asymmetry
Honeypot
Integrity of Data
OS Command Injection defenses
The Information Centric defense in depth
15. Personal area network - phone tethering - bluetooth - etc
Some network design objectives
The presentation layer
Honeyd
PAN
16. A list of files is defined that should be monitored for a change - HIDS software calculates a one-way hash for each file - if a change is made to the file - the hash is changed
File integrity checking work
The OSI Protocol Stack
The three goals of security
Port scan
17. Very simplistic. All systems are attached to the same cable segment. Rarely used because they're unreliable - low fault tolerance - poor traffic isolation - with limited scalability
To close a TCP session
Bus Topology
A blind FTP
Asynchronous Transfer Mode
18. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.
Group
3-way handshake
Stateless packet filter
Some ways to bypass firewall protections
19. Uses a 1 to 1 substitution of arbitrary numbers - given a one character mapping - you cannot determine the key
Arbitrary substitution
Honeyd
What threats should be protected against - based on threat levels
The transport layer
20. The Practice of sending an ACK inside another packet going to the same destination
Some reasons to use UDP over TCP
Ack Piggybacking
Some honeypot advantages
TFTP
21. ATM supports two types of virtual circuits: permanent virtual circuits and switches virtual circuit - PVC is set up in advance - usually manually - SVC is established automatically through a signaling protocol and can be created on the fly - establis
Ack Piggybacking
Types of ATM virtual circuits
Some firewall challenges
A netcat listener
22. Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer
Datagram length of a UDP packet
Program infector
What threats should be protected against - based on threat levels
The OSI model
23. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum
What's an easy way to test encryption?
UDP packet headers
CIDR
Rootkit
24. Simple attack done by simply browsing available information that's allowed on a local network.
ACK piggybacking
NAC
Some honeypot advantages
Browsing attack
25. Outside attack from network - Outsider attack from telephone - Insider attack from local network - insider attack from local system - attack from malicious code
ATM work
The five threat vectors
Logic bomb
IDS
26. NTP - BootP/DHCP - NFS file systems - SNMP - TFTP
The conficker worm
Port scan
Plaintext
Some other UDP based protocols
27. A spoofed IP is used to send a SYN to the target. It then responds with a SYN/ACK that never receives the final ACK to complete the handshake. This occupies a portion of the target's pre-established buffer for TCP and can prevent the target from acce
SYN flood
Checksum in UDP
Rotation?
When talking about protocols and referencing layers - what stack is used
28. A sends a SYN packet to B - B acknowledges with a SYN/ACK - A replies with ACK
Firewall
IDS
3-way handshake
Address Resolution Protocol (ARP)
29. OSI
IDS signature analysis work
COM/Script program infector
Nmap
When talking about protocols and referencing layers - what stack is used
30. Stateful firewalls maintain state of traffic flows
Stateful firewall
Buffer overflow
The OSI Protocol Stack
Some malware propagation techniques
31. Uniform protection - protected enclaves - information centric - threat vector analysis
The four basic approaches to defense in depth
What categories do vulnerabilities fall into?
Some common TCP ports
EXE program infector
32. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters
OS Command Injection defenses
Honeyd
Some firewall challenges
Rotation?
33. Isolates systems when they initially connect to the network - allows systems to be scanned and checked prior to being put on a trusted segment
NAC
What range is a class C network?
When setting up a virtual circuit
Nmap scanning techniques
34. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously
Hping
Some external threat concerns
Stateless packet filter
Some disadvantages of honeypots
35. Not a replacement for firewalls - hardening - strong policies - or other DiD methods - low maintenance - inexpensive
The presentation layer
Program infector
IDS not
Kismet
36. Maintains complete TCP connection state and sequencing through 2 connections - address translation built-in by virtue of second connection above
Asynchronous Transfer Mode
SQL Slammer Worm
Proxy or application gateway
UDP packet headers
37. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability
Some disadvantages of honeypots
Buffer overflow
Stateless packet filter
Bus Topology
38. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code
Smurf attack
Firewall
Some malware propagation techniques
EXE program infector
39. Attaches itself to existing program files and activated when the exe is launched
What primary threats should be protected against
File integrity checking work
Defense in depth
Program infector
40. Publish separate mail - web - and DNS servers to the internet - provide appropriate access from internal network to internet - protect internal from external attack - provide defense in depth - protect all aspects of the system
Some reasons to use TCP over UDP
War Dialing
Some external threat concerns
Some network design objectives
41. Bits of code embedded in programs to quickly gain access at a later time
The presentation layer
Trap door
IDS signature analysis work
DDoS attack
42. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols
Smurf attack
IDS data normalization
Wardriving
The protected enclave to defense in depth
43. Protocol for mapping an IP address to a physical machine address that is recognized on the local network. A table - usually called the ARP cache - is used to maintain a correlation between each MAC and its corresponding IP address
Defense in depth
A network protocol
IDS signature analysis work
Address resolution protocol
44. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector
Some other UDP based protocols
The threat vector analysis in defense in depth
Some FTP dangers
Multi protocol label switching
45. Anonymous FTP - FTP passes through clear text - Bounce attacks with the PORT command - user can cause an FTP to open a connection from the FTP's own commands and bypass a firewall
ACK piggybacking
The conficker worm
File integrity checking work
Some FTP dangers
46. An attempt to gain access by bombarding it with guesses until the password is found.
Brute force
Honeypot
Some reasons to use UDP over TCP
Buffer overflow
47. Provides insight into traffic on the network - help detect problems with network operations - provides auditing for other security measures
Rootkit
IDS not
3-way handshake
NIDS advantages
48. flags anomalous conditions in traffic on the network - requires understanding on what is normal - bases good traffic as a baseline
To establish a TCP session
Social engineering
Anomaly analysis work
the application layer
49. Allows segmentation of a switch into different networks - regardless of where a system is plugged in - creates separate networks through software not hardware
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
50. removable media - email attachments - web browsing - social networking - network vulnerabilities - IM applications - p2p
Internet
NAC
The Uniform Protection to defense in depth
Some malware propagation techniques