SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Protected at rest - protected in transit - secure the key
IDS not
What ways should the crypto key be protected?
A netmask
Permutation
2. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management
NIDS challenges
Some external threat concerns
Vulnerabilities
COM/Script program infector
3. Metropolitan area network - spans across city or town - larger than a LAN - uses fiber for backbone
Proxy or application gateway
Some ways to bypass firewall protections
The difference in stacks
MAN
4. Attaches itself to existing program files and activated when the exe is launched
The different cable categories
The goals of cryptography
Program infector
Nmap scanning techniques
5. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535
Datagram length of a UDP packet
When setting up a virtual circuit
War Dialing
CIDR
6. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0
COM/Script program infector
Deep packet inspection
What range is a class B network?
Some other UDP based protocols
7. Free linux WLAN analysis tool - completely passive - cannot be detected - supports advanced GPS integration and mapping features - used for wardriving - WLAN vulerability assessment
Alteration of code
The difference in stacks
Kismet
Boot record infector
8. True positive - false positive - true negative - false negative
The four types of events reported by IDS
SYN flood
The data link layer
Some firewall benefits
9. Identify critical assets and provide layered protection - data is accessed by applications - applications reside on hosts - hosts operate on networks
File Integrity checking work
Deep packet inspection
The Information Centric defense in depth
The conficker worm
10. Connects the physical part of the network (cables) with the abstract (packets and datastreams)
The data link layer
Some reasons to use TCP over UDP
Some reasons to use UDP over TCP
TFTP
11. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input
NIDS challenges
OS Command Injection defenses
WAN
Nmap scanning techniques
12. An agreement on how different computer will work - protocols define the format and order of messages and what to do upon receipt of the messages - basically the rules of the network
A network protocol
Some common TCP ports
Group
Vulnerabilities
13. Unencrypted message in its original form
IDS not
Some reasons to use TCP over UDP
Smurf attack
Plaintext
14. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.
Snort
The Information Centric defense in depth
3-way handshake
Buffer overflow
15. Most commonly used transport protocol today - ensures reliable packet delivery - has error handling built in
Overview of TCP
Honeypot
IDS
WAN
16. Isolates systems when they initially connect to the network - allows systems to be scanned and checked prior to being put on a trusted segment
Asynchronous Transfer Mode
NAC
When talking about protocols and referencing layers - what stack is used
The data link layer
17. A list of files is defined that should be monitored for a change - HIDS software calculates a one-way hash for each file - if a change is made to the file - the hash is changed
File integrity checking work
What range is a class B network?
Macro virus
Multi protocol label switching
18. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls
Ack Piggybacking
Hubs
What threats should be protected against - based on threat levels
Some firewall challenges
19. Confidentiality - integrity - availability
UDP packet headers
To close a TCP session
The CIA triad
Router
20. Parasitic malware - boot record infector - macro - COM/Script program infector - EXE program infector
The data link layer
Types of viruses
Some honeypot advantages
Rootkit
21. NTP - BootP/DHCP - NFS file systems - SNMP - TFTP
IDS signature analysis work
Some other UDP based protocols
Boot record infector
Denial of service
22. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring
Some other UDP based protocols
Some NIDS topology limitations
Some malware propagation techniques
What primary threats should be protected against
23. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum
UDP packet headers
The four basic approaches to defense in depth
A netmask
Some common UDP ports
24. Uses a 1 to 1 substitution of arbitrary numbers - given a one character mapping - you cannot determine the key
Hubs
Types of viruses
Arbitrary substitution
What primary threats should be protected against
25. Worms and Wireless - modems - tunnel anything through HTTP - social engineering
The threat vector analysis in defense in depth
No State Inspection ACK flag set
The Information Centric defense in depth
Some ways to bypass firewall protections
26. Infected millions through various methods - vulnerability in the MS Server Service - brute force admin password through network shares - infect removable devices with a malicious autorun script
The conficker worm
Some firewall benefits
Stateful firewall
When implementing protocols - what stack should be used?
27. keeps the same letters - but changes the position within the text - easy to break - can be combined with substitution
Plaintext
Permutation
Worms
NAC
28. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0
The different cable categories
SYN flood
To close a TCP session
What range is a class A network?
29. Small program triggered by an event that provides an action. E.g. scheduled file removal if countdown isn't reset - ie: employee was fired
Program infector
The OSI model
Datagram length of a UDP packet
Logic bomb
30. Malware - insider threat - natural disaster - terrorism - pandemic
What primary threats should be protected against
HIDS monitor
Some firewall benefits
What range is a class B network?
31. Attacks systems through known vulnerabilities - automatically scans for more systems to attack - lowers system defenses - installs rootkit or root shell - opens up back doors - self contained malware that can copy itself
Some common TCP ports
Worms
ACK piggybacking
Stateless packet filter
32. Very simplistic. All systems are attached to the same cable segment. Rarely used because they're unreliable - low fault tolerance - poor traffic isolation - with limited scalability
LAN
Some common TCP ports
The physical layer stack
Bus Topology
33. It handles the establishment and maintenance of connections between systems
The session layer
SQL Slammer Worm
3-way handshake
What range is a class B network?
34. local area network - small network confined to small location - all equipment owned by a single entity - vulnerable to inside threats and logic bombs
LAN
The OSI model
Ciphertext
Anomaly analysis work
35. Uniform protection - protected enclaves - information centric - threat vector analysis
Plaintext
Remote maintenance
The data link layer
The four basic approaches to defense in depth
36. An attempt to gain access by bombarding it with guesses until the password is found.
Brute force
Snort
To close a TCP session
Logic bomb
37. It interacts with data and prepares it to be transmitted across the network. It ensures reliable connectivity from end-to-end
The transport layer
ACK piggybacking
Plaintext
Arbitrary substitution
38. An appliance that controls access between public internet and a companies private network - or between a PC NIC and the rest of the PC.
SYN flood
War Dialing
Firewall
Denial of service
39. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment
Best way to protect wireless networks
CIDR
Risk
HIDS monitor
40. Publish separate mail - web - and DNS servers to the internet - provide appropriate access from internal network to internet - protect internal from external attack - provide defense in depth - protect all aspects of the system
A network protocol
Some network design objectives
Best way to protect wireless networks
The four basic approaches to defense in depth
41. Known - unknown - zero day
Some firewall challenges
What range is a class B network?
Nmap
What categories do vulnerabilities fall into?
42. Provides insight into traffic on the network - help detect problems with network operations - provides auditing for other security measures
Snort
COM/Script program infector
TFTP
NIDS advantages
43. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP
Some common TCP ports
Trojan horse
PAN
Port scan
44. Protocol for mapping an IP address to a physical machine address that is recognized on the local network - A table - usually called the ARP cache - is used to maintain a correlation between each MAC and it's corresponding IP address
COM/Script program infector
Address Resolution Protocol (ARP)
Some malware capabilities
Internet
45. It allows the transport layer to detect when the UDP headers or the payload have been modified in transit
Snort
Trap door
Checksum in UDP
Some external threat concerns
46. An FTP that allows downloads only if the user knows the exact name of the file they're looking for
LAN
The network layer
Port scan
A blind FTP
47. Bits of code embedded in programs to quickly gain access at a later time
Trap door
Some firewall challenges
The goals of cryptography
What categories do vulnerabilities fall into?
48. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector
DDoS attack
Router
What ways should the crypto key be protected?
The threat vector analysis in defense in depth
49. Network traffic to the host - typically listens on all interface - uses signature analysis to identify events of interest
What's a VLAN
No State Inspection ACK flag set
A netcat listener
HIDS monitor
50. Message in its encrypted form
Multi protocol label switching
SYN flood
Checksum in UDP
Ciphertext