Test your basic knowledge |

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Attaches itself to existing program files and activated when the exe is launched






2. Network traffic to the host - typically listens on all interface - uses signature analysis to identify events of interest






3. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process






4. A cracking tool inserted into the OS that allows the attacker to do as they please.






5. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks






6. Metropolitan area network - spans across city or town - larger than a LAN - uses fiber for backbone






7. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere






8. Protected at rest - protected in transit - secure the key






9. OSI






10. Going around with equipment to detect wireless networks






11. Protocol for mapping an IP address to a physical machine address that is recognized on the local network. A table - usually called the ARP cache - is used to maintain a correlation between each MAC and its corresponding IP address






12. Attempt to manipulate or trick a person into providing information or access - bypass network security by exploiting humans - vector is often outside attack by telephone or visitor inside






13. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.






14. -Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom






15. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0






16. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies






17. Uses flow control to handle network congestion - can send larger amounts of data per packet - has guaranteed delivery of transmitted data - better protection against spoofing - reduces need for error checking at higher OSI layers






18. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters






19. Syn - Syn/Ack - Ack






20. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management






21. Trying to ID modems in a telephone exchange that may be susceptible to compromise






22. Good for multimedia - can use small single packets - multicasting is required - speed is the highest priority






23. Identify critical assets and provide layered protection - data is accessed by applications - applications reside on hosts - hosts operate on networks






24. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored






25. Most commonly used transport protocol today - ensures reliable packet delivery - has error handling built in






26. Infects MBR - no network spreading potential






27. A sends a SYN packet to B - B acknowledges with a SYN/ACK - A replies with ACK






28. TCP/IP - the IP protoco - The core routing protocol of the internet - - deals with transmission of packets between end points - defines the addressing scheme for the internet






29. logic bomb - trojan horse - trap door






30. Uniform protection - protected enclaves - information centric - threat vector analysis






31. Maintains complete TCP connection state and sequencing through 2 connections - address translation built-in by virtue of second connection above






32. Not frequently seen on LANs because of expense - because of its traffic predictability and high bandwidth support - it's good for video streaming - encapsulates common protocols - uses virtual path identifiers to create end to end connectivity - has






33. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection






34. Work groups that require additional protection are segmented from the rest of the internal organization - restricting access to critical segments - system of VPNs - internal firewall - VLANs and ACLs






35. destruction of data - leaking confidential information - providing backdoor access






36. An attacker spoofs the victim's IP and sends an ICMP ECHO request to the broadcast address of a network. When every system responds - a DoS occurs.






37. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment






38. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability






39. Outside attack from network - Outsider attack from telephone - Insider attack from local network - insider attack from local system - attack from malicious code






40. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols






41. Intrusion detection system - it reports attacks against monitored systems/networks






42. Confidentiality - integrity - availability






43. Known - unknown - zero day






44. Wide Area Network - Larger than MAN or LAN - uses public network - phone lines - and leased lines to tie LAN and MAN over a dispersed area






45. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535






46. Personal area network - phone tethering - bluetooth - etc






47. packet filter firewalls rely on TCP flags to determine connection state. Attacker can send ACK packets only to bypass firewall.






48. keeps the same letters - but changes the position within the text - easy to break - can be combined with substitution






49. Used for connecting two physical segments of a network - segments traffic - breaks up collision domains - not generally used because of switches






50. 53 bytes - 48 bytes for data - 5 bytes for the header