SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules
Browsing attack
Some other UDP based protocols
Buffer overflow
Snort
2. Netmasks or subnets provide a method for identifying what portion of an address is the network - and what portion is the host
A netmask
The difference in stacks
Kismet
Race conditions
3. One is for talking - one is for implementing
The difference in stacks
Brute force
IDS not
What categories do vulnerabilities fall into?
4. Network traffic to the host - typically listens on all interface - uses signature analysis to identify events of interest
The five threat vectors
Trojan horse
HIDS monitor
Permutation
5. Simple attack done by simply browsing available information that's allowed on a local network.
Browsing attack
ATM work
Best way to protect wireless networks
Plaintext
6. Isolates systems when they initially connect to the network - allows systems to be scanned and checked prior to being put on a trusted segment
File Integrity checking work
NAC
Defense in depth
Network stumbler
7. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.
Bus Topology
Ciphertext
Buffer overflow
UDP packet headers
8. An appliance that controls access between public internet and a companies private network - or between a PC NIC and the rest of the PC.
Some types of malicious code
Firewall
Best way to protect wireless networks
Some disadvantages of honeypots
9. Confidentiality - symmetric encryption
Some ways to bypass firewall protections
Rootkit
The goals of cryptography
Some reasons to use TCP over UDP
10. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire
File Integrity checking work
Rotation?
Honeyd
Stateful firewall
11. True positive - false positive - true negative - false negative
The four types of events reported by IDS
ACK piggybacking
Asynchronous Transfer Mode
NAC
12. Maintains complete TCP connection state and sequencing through 2 connections - address translation built-in by virtue of second connection above
Stateless packet filter
3-way handshake
Stateful firewall
Proxy or application gateway
13. Metropolitan area network - spans across city or town - larger than a LAN - uses fiber for backbone
LAN
MAN
Port scan
Program infector
14. 192.0.0.0 through 223.255.255.255 - subnet mask of 255.255.255.0
What range is a class B network?
Browsing attack
What range is a class C network?
Network stumbler
15. removable media - email attachments - web browsing - social networking - network vulnerabilities - IM applications - p2p
the application layer
The data link layer
Some malware propagation techniques
The goals of cryptography
16. An attacker spoofs the victim's IP and sends an ICMP ECHO request to the broadcast address of a network. When every system responds - a DoS occurs.
Smurf attack
The presentation layer
Vulnerabilities
WAN
17. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP
Port scan
What's a VLAN
Some common TCP ports
The protected enclave to defense in depth
18. Weakness in a system - inherent in a complex system - majority are due to poor coding - gateway by which threats are manifested
Honeypot
The Information Centric defense in depth
The session layer
Vulnerabilities
19. risk = threat x vulnerability - impossible to eliminate - security is an exercise in loss reduction
NIDS challenges
Risk
Internet
Race conditions
20. Connects the physical part of the network (cables) with the abstract (packets and datastreams)
MAN
The OSI model
The data link layer
The protected enclave to defense in depth
21. Means multiple iterations won't matter. If you encrypt with a key - then re-encrypt - it's the same as using one key.
Some reasons to use UDP over TCP
the application layer
The data link layer
Group
22. Known - unknown - zero day
What categories do vulnerabilities fall into?
Shallow packet inspection
IDS
Some reasons to use UDP over TCP
23. 53 - DNS - 67 - BootP - 68 - BootP - 69 - TFTP - 123- NTP - 137-139 NBT - 161 - SNMP - 162 - SNMP - 2049 - NFS
The threat vector analysis in defense in depth
Stateful firewall
Bus Topology
Some common UDP ports
24. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored
Log monitoring work?
Port scan
WAN
IDS not
25. Most commonly used transport protocol today - ensures reliable packet delivery - has error handling built in
Switches
Overview of TCP
What threats should be protected against - based on threat levels
Some ways to bypass firewall protections
26. Protocol for mapping an IP address to a physical machine address that is recognized on the local network. A table - usually called the ARP cache - is used to maintain a correlation between each MAC and its corresponding IP address
The network layer
File Integrity checking work
Address resolution protocol
Alteration of code
27. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS
The conficker worm
Honeyd
Integrity of Data
Asynchronous Transfer Mode
28. A sends a SYN packet to B - B acknowledges with a SYN/ACK - A replies with ACK
3-way handshake
Macro virus
Browsing attack
The transport layer
29. Not a replacement for firewalls - hardening - strong policies - or other DiD methods - low maintenance - inexpensive
UDP packet headers
IDS not
ACK piggybacking
Wardriving
30. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks
Bus Topology
SQL Slammer Worm
Browsing attack
Some ways to bypass firewall protections
31. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously
Rootkit
The five threat vectors
Proxy or application gateway
Hping
32. An FTP that allows downloads only if the user knows the exact name of the file they're looking for
Macro virus
Some reasons to use TCP over UDP
A blind FTP
Nmap
33. destruction of data - leaking confidential information - providing backdoor access
Some malware capabilities
Honeyd
Proxy or application gateway
Port scan
34. Network scanner.
Nmap
File integrity checking work
Group
EXE program infector
35. Malware - insider threat - natural disaster - terrorism - pandemic
Port scan
What primary threats should be protected against
What categories do vulnerabilities fall into?
The conficker worm
36. Parasitic malware - boot record infector - macro - COM/Script program infector - EXE program infector
The presentation layer
Types of viruses
Trap door
Some malware propagation techniques
37. free windows based wireless scanner for 802.1b - detects access point settings - supports GSP integration - identifies networks as encrypted or unencrypted
Proxy or application gateway
Honeypot
The physical layer stack
Network stumbler
38. 1. physical 2. data 3. network 4. transport 5. session 6. presentation 7. application
The OSI Protocol Stack
Some reasons to use TCP over UDP
Checksum in UDP
The session layer
39. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection
Some firewall benefits
Stateless packet filter
The five threat vectors
What range is a class C network?
40. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols
A netcat listener
When implementing protocols - what stack should be used?
IDS data normalization
Permutation
41. packet filter firewalls rely on TCP flags to determine connection state. Attacker can send ACK packets only to bypass firewall.
The five threat vectors
No State Inspection ACK flag set
Proxy or application gateway
Some FTP dangers
42. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535
Browsing attack
Router
Datagram length of a UDP packet
The physical layer stack
43. Attaches itself to existing program files and activated when the exe is launched
The three goals of security
Some NIDS topology limitations
Router
Program infector
44. Personal area network - phone tethering - bluetooth - etc
The OSI model
PAN
Total cell size for asynchronous transfer mode (ATM)
Macro virus
45. Publish separate mail - web - and DNS servers to the internet - provide appropriate access from internal network to internet - protect internal from external attack - provide defense in depth - protect all aspects of the system
Snort
Rotation?
Proxy or application gateway
Some network design objectives
46. Confidentiality - integrity - availability
Datagram length of a UDP packet
The CIA triad
Parasitic malware
The protected enclave to defense in depth
47. Anonymous FTP - FTP passes through clear text - Bounce attacks with the PORT command - user can cause an FTP to open a connection from the FTP's own commands and bypass a firewall
Some FTP dangers
The different cable categories
Datagram length of a UDP packet
Some malware propagation techniques
48. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0
Arbitrary substitution
Wardriving
What range is a class B network?
Kismet
49. Connects many WANs - MANs - and LANs - provided via ISP
Defense in depth
Internet
The three goals of security
The transport layer
50. Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.
Network stumbler
Trojan horse
Denial of service
Alteration of code