SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector
File Integrity checking work
The threat vector analysis in defense in depth
Group
A blind FTP
2. Take the file and try to compress it. If it compresses - it means there is a pattern and it's more easily crackable
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
3. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters
The four basic approaches to defense in depth
Snort
Rotation?
IDS data normalization
4. A sends a SYN packet to B - B acknowledges with a SYN/ACK - A replies with ACK
3-way handshake
Rootkit
Some Pen Test techniques
Honeyd
5. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection
A netcat listener
The data link layer
Some firewall benefits
What range is a class C network?
6. Most common approach - firewall - VPN - intrusion detection - AV - disk encryption - all parts of the organization receive equal protection - particularly vulnerable to malicious inside attacks
Some firewall benefits
The Uniform Protection to defense in depth
Permutation
Logic bomb
7. Parasitic malware - boot record infector - macro - COM/Script program infector - EXE program infector
What ways should the crypto key be protected?
The three goals of security
The TCP/IP model
Types of viruses
8. Spread as an office attachment with executable code programmed using macro facility - targets are data files - visual basic editor and other macro languages - payload executes when the code is launched
NIDS challenges
Macro virus
HIDS monitor
A netmask
9. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management
NIDS challenges
Nmap
Checksum in UDP
Some reasons to use UDP over TCP
10. War dialing - war driving - Sniffing - eavesdropping - dumpster diving - social engineering
Denial of service
Total cell size for asynchronous transfer mode (ATM)
Some Pen Test techniques
Social engineering
11. Intellectual property - business goals - validated data - historical
The conficker worm
The different cable categories
What threats should be protected against - based on threat levels
Brute force
12. An attempt to gain access by bombarding it with guesses until the password is found.
The five threat vectors
Brute force
Checksum in UDP
Kismet
13. An appliance that controls access between public internet and a companies private network - or between a PC NIC and the rest of the PC.
Proxy or application gateway
Firewall
UDP packet headers
Remote maintenance
14. A spoofed IP is used to send a SYN to the target. It then responds with a SYN/ACK that never receives the final ACK to complete the handshake. This occupies a portion of the target's pre-established buffer for TCP and can prevent the target from acce
Some FTP dangers
SQL Slammer Worm
Kismet
SYN flood
15. Protected at rest - protected in transit - secure the key
DDoS attack
What ways should the crypto key be protected?
NIDS challenges
TFTP
16. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP
Some external threat concerns
Stateless packet filter
Firewall
Port scan
17. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies
Firewall
NIDS challenges
Some types of malicious code
Defense in depth
18. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire
File Integrity checking work
The four basic approaches to defense in depth
Port scan
The TCP/IP model
19. Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer
The OSI model
SQL Slammer Worm
The presentation layer
Macro virus
20. Maintains complete TCP connection state and sequencing through 2 connections - address translation built-in by virtue of second connection above
Overview of TCP
Deep packet inspection
Proxy or application gateway
Honeypot
21. Handles transmissions across the physical media like wires - fiber - etc
HIDS monitor
The physical layer stack
Group
Shallow packet inspection
22. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS
The physical layer stack
Honeyd
Parasitic malware
Remote maintenance
23. It interacts with data and prepares it to be transmitted across the network. It ensures reliable connectivity from end-to-end
Ciphertext
Some malware capabilities
The transport layer
Address Resolution Protocol (ARP)
24. Wide Area Network - Larger than MAN or LAN - uses public network - phone lines - and leased lines to tie LAN and MAN over a dispersed area
CIDR
Ack Piggybacking
MAN
WAN
25. destruction of data - leaking confidential information - providing backdoor access
The Information Centric defense in depth
A network protocol
Some malware capabilities
The five threat vectors
26. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS
Firewall
Some common TCP ports
Stateless packet filter
SYN flood
27. Anonymous FTP - FTP passes through clear text - Bounce attacks with the PORT command - user can cause an FTP to open a connection from the FTP's own commands and bypass a firewall
The three goals of security
Some FTP dangers
Ack Piggybacking
Datagram length of a UDP packet
28. Metropolitan area network - spans across city or town - larger than a LAN - uses fiber for backbone
Bridge
MAN
Log monitoring work?
Trojan horse
29. Uses flow control to handle network congestion - can send larger amounts of data per packet - has guaranteed delivery of transmitted data - better protection against spoofing - reduces need for error checking at higher OSI layers
Some reasons to use TCP over UDP
IDS data normalization
the application layer
A netcat listener
30. 53 - DNS - 67 - BootP - 68 - BootP - 69 - TFTP - 123- NTP - 137-139 NBT - 161 - SNMP - 162 - SNMP - 2049 - NFS
The conficker worm
Some common UDP ports
File Integrity checking work
3-way handshake
31. risk = threat x vulnerability - impossible to eliminate - security is an exercise in loss reduction
The five threat vectors
Some disadvantages of honeypots
Deep packet inspection
Risk
32. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols
Some honeypot advantages
The network layer
Integrity of Data
IDS data normalization
33. Malware - insider threat - natural disaster - terrorism - pandemic
Arbitrary substitution
What primary threats should be protected against
Rotation?
Vulnerabilities
34. Provides insight into the tactics - motives - and attacker tools
Hping
Some honeypot advantages
What primary threats should be protected against
The session layer
35. Known - unknown - zero day
Network stumbler
IDS not
ACK piggybacking
What categories do vulnerabilities fall into?
36. It allows the transport layer to detect when the UDP headers or the payload have been modified in transit
IDS signature analysis work
Checksum in UDP
When implementing protocols - what stack should be used?
Some FTP dangers
37. Outside attack from network - Outsider attack from telephone - Insider attack from local network - insider attack from local system - attack from malicious code
The five threat vectors
Some external threat concerns
NAC
Plaintext
38. Isolates systems when they initially connect to the network - allows systems to be scanned and checked prior to being put on a trusted segment
Some FTP dangers
Anomaly analysis work
NAC
Honeyd
39. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code
The protected enclave to defense in depth
Multi protocol label switching
EXE program infector
Some firewall challenges
40. FIN 130 - ACK 131 - FIN 570 - ACK 571
Anomaly analysis work
To close a TCP session
A netcat listener
Multi protocol label switching
41. Four layers - Network Layer - Internet Layer - Transport Layer - Application layer
Best way to protect wireless networks
Some common TCP ports
The TCP/IP model
Log monitoring work?
42. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring
Some NIDS topology limitations
Honeypot
Some common UDP ports
What primary threats should be protected against
43. TCP/IP - the IP protoco - The core routing protocol of the internet - - deals with transmission of packets between end points - defines the addressing scheme for the internet
Log monitoring work?
When implementing protocols - what stack should be used?
Some honeypot advantages
The OSI Protocol Stack
44. Provides insight into traffic on the network - help detect problems with network operations - provides auditing for other security measures
Overview of TCP
the application layer
Some firewall benefits
NIDS advantages
45. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum
Switches
UDP packet headers
When implementing protocols - what stack should be used?
Integrity of Data
46. Unencrypted message in its original form
Plaintext
OS Command Injection defenses
The Uniform Protection to defense in depth
Checksum in UDP
47. Most commonly used transport protocol today - ensures reliable packet delivery - has error handling built in
SYN flood
Overview of TCP
What primary threats should be protected against
Ciphertext
48. Worms and Wireless - modems - tunnel anything through HTTP - social engineering
Some Pen Test techniques
Some ways to bypass firewall protections
TFTP
The OSI model
49. One is for talking - one is for implementing
ACK piggybacking
The difference in stacks
Honeypot
The transport layer
50. fast - with little fidelity - examines header information and limited payload data
Shallow packet inspection
The five threat vectors
Internet
OS Command Injection defenses