SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols
Hping
A network protocol
Honeyd
IDS data normalization
2. Stateful firewalls maintain state of traffic flows
Stateful firewall
What's a VLAN
Some honeypot advantages
The CIA triad
3. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies
Defense in depth
What's an easy way to test encryption?
Some NIDS topology limitations
Asynchronous Transfer Mode
4. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability
Group
Some disadvantages of honeypots
To close a TCP session
IDS
5. rules indicate criteria in packets that represent events of interest - rules are applied to packets as they are received - alerts are created when matches are found
IDS signature analysis work
What threats should be protected against - based on threat levels
Stateful firewall
CIDR
6. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input
A network protocol
OS Command Injection defenses
Honeyd
Hubs
7. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum
Some FTP dangers
Some NIDS topology limitations
UDP packet headers
Race conditions
8. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management
NIDS challenges
Logic bomb
ACK piggybacking
Defense in depth
9. Attaches itself to existing program files and activated when the exe is launched
The session layer
When implementing protocols - what stack should be used?
Program infector
The physical layer stack
10. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0
SQL Slammer Worm
The four types of events reported by IDS
What range is a class B network?
ACK piggybacking
11. One is for talking - one is for implementing
The difference in stacks
EXE program infector
The network layer
Internet
12. -Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom
Arbitrary substitution
Ack Piggybacking
Boot record infector
Some external threat concerns
13. Anonymous FTP - FTP passes through clear text - Bounce attacks with the PORT command - user can cause an FTP to open a connection from the FTP's own commands and bypass a firewall
IDS not
Some FTP dangers
Browsing attack
What threats should be protected against - based on threat levels
14. Protocol for mapping an IP address to a physical machine address that is recognized on the local network. A table - usually called the ARP cache - is used to maintain a correlation between each MAC and its corresponding IP address
Address resolution protocol
Brute force
Hubs
Worms
15. Not a replacement for firewalls - hardening - strong policies - or other DiD methods - low maintenance - inexpensive
Some NIDS topology limitations
Some malware propagation techniques
IDS not
SYN flood
16. Small program triggered by an event that provides an action. E.g. scheduled file removal if countdown isn't reset - ie: employee was fired
IDS not
Kismet
Logic bomb
The TCP/IP model
17. An attempt to gain access by bombarding it with guesses until the password is found.
File Integrity checking work
The different cable categories
Switches
Brute force
18. It handles the establishment and maintenance of connections between systems
Worms
Stateless packet filter
The session layer
Shallow packet inspection
19. 53 bytes - 48 bytes for data - 5 bytes for the header
Total cell size for asynchronous transfer mode (ATM)
Group
IDS not
Some malware capabilities
20. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks
Some FTP dangers
Some firewall challenges
SQL Slammer Worm
Network stumbler
21. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment
Best way to protect wireless networks
When setting up a virtual circuit
NAC
What range is a class B network?
22. Very simplistic. All systems are attached to the same cable segment. Rarely used because they're unreliable - low fault tolerance - poor traffic isolation - with limited scalability
Some firewall challenges
Bus Topology
Nmap
A network protocol
23. Personal area network - phone tethering - bluetooth - etc
PAN
Some honeypot advantages
Best way to protect wireless networks
Some FTP dangers
24. Provides insight into the tactics - motives - and attacker tools
Some honeypot advantages
Some firewall challenges
Integrity of Data
Some disadvantages of honeypots
25. keeps the same letters - but changes the position within the text - easy to break - can be combined with substitution
Permutation
Some disadvantages of honeypots
Some reasons to use UDP over TCP
NIDS advantages
26. Connects the physical part of the network (cables) with the abstract (packets and datastreams)
What's a VLAN
The four basic approaches to defense in depth
The data link layer
Types of viruses
27. It interacts with the application layer to determine which network services will be required
the application layer
Nmap scanning techniques
HIDS monitor
A netmask
28. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code
Switches
EXE program infector
Kismet
Trojan horse
29. TCP/IP - the IP protoco - The core routing protocol of the internet - - deals with transmission of packets between end points - defines the addressing scheme for the internet
When implementing protocols - what stack should be used?
CIDR
IDS
No State Inspection ACK flag set
30. risk = threat x vulnerability - impossible to eliminate - security is an exercise in loss reduction
Defense in depth
SYN flood
Risk
Permutation
31. Network scanner.
Nmap
Asynchronous Transfer Mode
Alteration of code
To establish a TCP session
32. fast - with little fidelity - examines header information and limited payload data
Shallow packet inspection
The conficker worm
NIDS challenges
Program infector
33. local area network - small network confined to small location - all equipment owned by a single entity - vulnerable to inside threats and logic bombs
The three goals of security
Some malware propagation techniques
File Integrity checking work
LAN
34. An appliance that controls access between public internet and a companies private network - or between a PC NIC and the rest of the PC.
Firewall
Some other UDP based protocols
The five threat vectors
EXE program infector
35. Malware - insider threat - natural disaster - terrorism - pandemic
Logic bomb
What primary threats should be protected against
NIDS challenges
Worms
36. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0
The goals of cryptography
What range is a class A network?
Some ways to bypass firewall protections
Nmap
37. Metropolitan area network - spans across city or town - larger than a LAN - uses fiber for backbone
The OSI model
Some external threat concerns
MAN
Anomaly analysis work
38. Full open - half open (stealth scan) - UDP - Ping
Group
Honeyd
Nmap scanning techniques
Some common UDP ports
39. True positive - false positive - true negative - false negative
Port scan
The four types of events reported by IDS
OS Command Injection defenses
LAN
40. Syn - Syn/Ack - Ack
Browsing attack
Some common TCP ports
The OSI Protocol Stack
To establish a TCP session
41. Uses flow control to handle network congestion - can send larger amounts of data per packet - has guaranteed delivery of transmitted data - better protection against spoofing - reduces need for error checking at higher OSI layers
Hubs
NIDS advantages
Some reasons to use TCP over UDP
Race conditions
42. Relies on executable code insertion and user interaction to spread
Asynchronous Transfer Mode
Parasitic malware
The OSI Protocol Stack
Group
43. Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.
Best way to protect wireless networks
The transport layer
Trojan horse
The Uniform Protection to defense in depth
44. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535
Some Pen Test techniques
Datagram length of a UDP packet
Multi protocol label switching
Some common TCP ports
45. An FTP that allows downloads only if the user knows the exact name of the file they're looking for
A blind FTP
Some types of malicious code
Race conditions
Buffer overflow
46. A sends a SYN packet to B - B acknowledges with a SYN/ACK - A replies with ACK
Permutation
3-way handshake
Bridge
Snort
47. Trivial File Transfer Protocol - method to transfer files from one device to another without needing authentication
Alteration of code
TFTP
SQL Slammer Worm
Multi protocol label switching
48. It makes sure the data sent from one side to the other is in a format useful to the other side
What categories do vulnerabilities fall into?
What's an easy way to test encryption?
The presentation layer
Types of ATM virtual circuits
49. It allows the transport layer to detect when the UDP headers or the payload have been modified in transit
The OSI Protocol Stack
A blind FTP
Checksum in UDP
Types of ATM virtual circuits
50. 53 - DNS - 67 - BootP - 68 - BootP - 69 - TFTP - 123- NTP - 137-139 NBT - 161 - SNMP - 162 - SNMP - 2049 - NFS
No State Inspection ACK flag set
Some common UDP ports
Best way to protect wireless networks
Stateful firewall
