Test your basic knowledge |

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process






2. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously






3. One is for talking - one is for implementing






4. Isolates systems when they initially connect to the network - allows systems to be scanned and checked prior to being put on a trusted segment






5. Free linux WLAN analysis tool - completely passive - cannot be detected - supports advanced GPS integration and mapping features - used for wardriving - WLAN vulerability assessment






6. An attacker spoofs the victim's IP and sends an ICMP ECHO request to the broadcast address of a network. When every system responds - a DoS occurs.






7. Attacks systems through known vulnerabilities - automatically scans for more systems to attack - lowers system defenses - installs rootkit or root shell - opens up back doors - self contained malware that can copy itself






8. War dialing - war driving - Sniffing - eavesdropping - dumpster diving - social engineering






9. It handles the establishment and maintenance of connections between systems






10. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere






11. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols






12. A cracking tool inserted into the OS that allows the attacker to do as they please.






13. A system resource that has no legitimate purpose or reason for someone to connect to it - its purpose is to draw in attackers to understand how they break into a system






14. A time of check/time of use attack that exploits the difference in between when a security control was applied and the time the service was used.






15. Most common approach - firewall - VPN - intrusion detection - AV - disk encryption - all parts of the organization receive equal protection - particularly vulnerable to malicious inside attacks






16. Weakness in a system - inherent in a complex system - majority are due to poor coding - gateway by which threats are manifested






17. Provides insight into traffic on the network - help detect problems with network operations - provides auditing for other security measures






18. Good for multimedia - can use small single packets - multicasting is required - speed is the highest priority






19. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS






20. A sends a SYN packet to B - B acknowledges with a SYN/ACK - A replies with ACK






21. Uniform protection - protected enclaves - information centric - threat vector analysis






22. Wide Area Network - Larger than MAN or LAN - uses public network - phone lines - and leased lines to tie LAN and MAN over a dispersed area






23. 53 bytes - 48 bytes for data - 5 bytes for the header






24. OSI






25. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0






26. rules indicate criteria in packets that represent events of interest - rules are applied to packets as they are received - alerts are created when matches are found






27. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring






28. Going around with equipment to detect wireless networks






29. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability






30. Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.






31. Prepends to the beginning of the file and gains control when the first instruction of the infected COM file is executed - appending to the end - virus writes its payload to the end and inserts jump instruction as the first instruction - which execute






32. Simplest form of a research honeypot - useful in identifying nature of TCP scans - allows attacker to complete 3-way handshake - listens on a defined port - logs incoming requests for analysis






33. Syn - Syn/Ack - Ack






34. Parasitic malware - boot record infector - macro - COM/Script program infector - EXE program infector






35. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector






36. Spread as an office attachment with executable code programmed using macro facility - targets are data files - visual basic editor and other macro languages - payload executes when the code is launched






37. Intrusion detection system - it reports attacks against monitored systems/networks






38. The practice of sending an ACK inside another packet going to the same destination






39. Combines the functionality of a hub and bride into a single device - keeps track of MACs attached to each port






40. Network scanner.






41. Not frequently seen on LANs because of expense - because of its traffic predictability and high bandwidth support - it's good for video streaming - encapsulates common protocols - uses virtual path identifiers to create end to end connectivity - has






42. Network traffic to the host - typically listens on all interface - uses signature analysis to identify events of interest






43. flags anomalous conditions in traffic on the network - requires understanding on what is normal - bases good traffic as a baseline






44. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters






45. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input






46. Stateful firewalls maintain state of traffic flows






47. Relies on executable code insertion and user interaction to spread






48. ATM supports two types of virtual circuits: permanent virtual circuits and switches virtual circuit - PVC is set up in advance - usually manually - SVC is established automatically through a signaling protocol and can be created on the fly - establis






49. Outside attack from network - Outsider attack from telephone - Insider attack from local network - insider attack from local system - attack from malicious code






50. Known - unknown - zero day