Test your basic knowledge |

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. rules indicate criteria in packets that represent events of interest - rules are applied to packets as they are received - alerts are created when matches are found






2. Four layers - Network Layer - Internet Layer - Transport Layer - Application layer






3. Prepends to the beginning of the file and gains control when the first instruction of the infected COM file is executed - appending to the end - virus writes its payload to the end and inserts jump instruction as the first instruction - which execute






4. It interacts with the application layer to determine which network services will be required






5. Intellectual property - business goals - validated data - historical






6. A spoofed IP is used to send a SYN to the target. It then responds with a SYN/ACK that never receives the final ACK to complete the handshake. This occupies a portion of the target's pre-established buffer for TCP and can prevent the target from acce






7. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies






8. Network traffic to the host - typically listens on all interface - uses signature analysis to identify events of interest






9. Hash Authentication - asymmetric - non repudiation - digital signature - hash + asymmetry






10. Personal area network - phone tethering - bluetooth - etc






11. Spread as an office attachment with executable code programmed using macro facility - targets are data files - visual basic editor and other macro languages - payload executes when the code is launched






12. CIDR is a shorthand way of specifying which portion of the address is the network - and which portion is the host






13. Infects MBR - no network spreading potential






14. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535






15. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector






16. NTP - BootP/DHCP - NFS file systems - SNMP - TFTP






17. Free linux WLAN analysis tool - completely passive - cannot be detected - supports advanced GPS integration and mapping features - used for wardriving - WLAN vulerability assessment






18. Means multiple iterations won't matter. If you encrypt with a key - then re-encrypt - it's the same as using one key.






19. free windows based wireless scanner for 802.1b - detects access point settings - supports GSP integration - identifies networks as encrypted or unencrypted






20. Not a replacement for firewalls - hardening - strong policies - or other DiD methods - low maintenance - inexpensive






21. Malware - insider threat - natural disaster - terrorism - pandemic






22. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored






23. OSI






24. Syn - Syn/Ack - Ack






25. It interacts with data and prepares it to be transmitted across the network. It ensures reliable connectivity from end-to-end






26. Provides insight into traffic on the network - help detect problems with network operations - provides auditing for other security measures






27. Connects the physical part of the network (cables) with the abstract (packets and datastreams)






28. Simplest form of a research honeypot - useful in identifying nature of TCP scans - allows attacker to complete 3-way handshake - listens on a defined port - logs incoming requests for analysis






29. Going around with equipment to detect wireless networks






30. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks






31. An attacker spoofs the victim's IP and sends an ICMP ECHO request to the broadcast address of a network. When every system responds - a DoS occurs.






32. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire






33. Maintains complete TCP connection state and sequencing through 2 connections - address translation built-in by virtue of second connection above






34. A list of files is defined that should be monitored for a change - HIDS software calculates a one-way hash for each file - if a change is made to the file - the hash is changed






35. Switches along the path can be requested to allocate the desired amount of bandwidth. If the circuit has the required bandwidth - the circuit is set up.






36. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management






37. Unencrypted message in its original form






38. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS






39. Relies on executable code insertion and user interaction to spread






40. Replicates traffic onto all ports - no traffic monitoring - cannot control which ports should or shouldn't receive frames - forming a large collision domain.






41. Message in its encrypted form






42. Used for connecting two physical segments of a network - segments traffic - breaks up collision domains - not generally used because of switches






43. Intrusion detection system - it reports attacks against monitored systems/networks






44. An agreement on how different computer will work - protocols define the format and order of messages and what to do upon receipt of the messages - basically the rules of the network






45. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con






46. Trivial File Transfer Protocol - method to transfer files from one device to another without needing authentication






47. Confidentiality - symmetric encryption






48. ATM supports two types of virtual circuits: permanent virtual circuits and switches virtual circuit - PVC is set up in advance - usually manually - SVC is established automatically through a signaling protocol and can be created on the fly - establis






49. fast - with little fidelity - examines header information and limited payload data






50. -Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom