SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. destruction of data - leaking confidential information - providing backdoor access
SYN flood
Some malware capabilities
File integrity checking work
Group
2. Personal area network - phone tethering - bluetooth - etc
Some firewall benefits
EXE program infector
PAN
The CIA triad
3. Uniform protection - protected enclaves - information centric - threat vector analysis
SQL Slammer Worm
Kismet
The four basic approaches to defense in depth
A netmask
4. OSI
IDS not
When talking about protocols and referencing layers - what stack is used
What categories do vulnerabilities fall into?
Group
5. A system resource that has no legitimate purpose or reason for someone to connect to it - its purpose is to draw in attackers to understand how they break into a system
IDS not
SYN flood
Some FTP dangers
Honeypot
6. A sends a SYN packet to B - B acknowledges with a SYN/ACK - A replies with ACK
Some firewall benefits
Parasitic malware
What's a VLAN
3-way handshake
7. The practice of sending an ACK inside another packet going to the same destination
Honeyd
A netcat listener
ACK piggybacking
Browsing attack
8. When someone has compromised the integrity of data or a program. Allows attackers to create backdoors.
Alteration of code
Network stumbler
Remote maintenance
The network layer
9. Protocol for mapping an IP address to a physical machine address that is recognized on the local network - A table - usually called the ARP cache - is used to maintain a correlation between each MAC and it's corresponding IP address
Kismet
Bus Topology
Firewall
Address Resolution Protocol (ARP)
10. True positive - false positive - true negative - false negative
The four types of events reported by IDS
Some reasons to use TCP over UDP
Types of viruses
Switches
11. Wide Area Network - Larger than MAN or LAN - uses public network - phone lines - and leased lines to tie LAN and MAN over a dispersed area
When setting up a virtual circuit
Defense in depth
Some reasons to use UDP over TCP
WAN
12. Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer
Switches
The OSI model
Some other UDP based protocols
The presentation layer
13. keeps the same letters - but changes the position within the text - easy to break - can be combined with substitution
NAC
MAN
Anomaly analysis work
Permutation
14. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.
Kismet
Some firewall challenges
Some NIDS topology limitations
Buffer overflow
15. Outside attack from network - Outsider attack from telephone - Insider attack from local network - insider attack from local system - attack from malicious code
The five threat vectors
Multi protocol label switching
ACK piggybacking
The session layer
16. Publish separate mail - web - and DNS servers to the internet - provide appropriate access from internal network to internet - protect internal from external attack - provide defense in depth - protect all aspects of the system
Proxy or application gateway
Program infector
Some network design objectives
Multi protocol label switching
17. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum
Browsing attack
Program infector
Hping
UDP packet headers
18. Confidentiality - symmetric encryption
Ciphertext
Some ways to bypass firewall protections
The goals of cryptography
What's an easy way to test encryption?
19. Four layers - Network Layer - Internet Layer - Transport Layer - Application layer
The TCP/IP model
Boot record infector
The four types of events reported by IDS
Hping
20. A list of files is defined that should be monitored for a change - HIDS software calculates a one-way hash for each file - if a change is made to the file - the hash is changed
File integrity checking work
Some Pen Test techniques
What range is a class A network?
When setting up a virtual circuit
21. Free linux WLAN analysis tool - completely passive - cannot be detected - supports advanced GPS integration and mapping features - used for wardriving - WLAN vulerability assessment
Honeypot
Kismet
Some firewall benefits
Internet
22. logic bomb - trojan horse - trap door
Bus Topology
Some Pen Test techniques
Honeypot
Some types of malicious code
23. Bits of code embedded in programs to quickly gain access at a later time
3-way handshake
Trap door
The physical layer stack
Internet
24. Work groups that require additional protection are segmented from the rest of the internal organization - restricting access to critical segments - system of VPNs - internal firewall - VLANs and ACLs
Group
A netcat listener
The protected enclave to defense in depth
Stateful firewall
25. rules indicate criteria in packets that represent events of interest - rules are applied to packets as they are received - alerts are created when matches are found
Macro virus
The OSI Protocol Stack
What primary threats should be protected against
IDS signature analysis work
26. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment
Shallow packet inspection
3-way handshake
Best way to protect wireless networks
The session layer
27. Syn - Syn/Ack - Ack
Bridge
The OSI model
Firewall
To establish a TCP session
28. risk = threat x vulnerability - impossible to eliminate - security is an exercise in loss reduction
Risk
IDS not
What threats should be protected against - based on threat levels
Integrity of Data
29. 1 and 2 - Voice/Low speed data - 3 - Voice/Data 10Mb - 4 - Voice/Data 16Mb - 5 - 5e - Voice/Data 100Mb to 1Gb - 6 - Standard for gigabit
A network protocol
Rootkit
The four types of events reported by IDS
The different cable categories
30. local area network - small network confined to small location - all equipment owned by a single entity - vulnerable to inside threats and logic bombs
Plaintext
LAN
Rotation?
The OSI model
31. Message in its encrypted form
Router
Some types of malicious code
COM/Script program infector
Ciphertext
32. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management
NIDS challenges
What ways should the crypto key be protected?
The threat vector analysis in defense in depth
Plaintext
33. A time of check/time of use attack that exploits the difference in between when a security control was applied and the time the service was used.
IDS
Some network design objectives
Risk
Race conditions
34. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0
Some common TCP ports
What range is a class A network?
File integrity checking work
Rootkit
35. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies
Defense in depth
File Integrity checking work
When implementing protocols - what stack should be used?
Boot record infector
36. An appliance that controls access between public internet and a companies private network - or between a PC NIC and the rest of the PC.
The transport layer
What primary threats should be protected against
File integrity checking work
Firewall
37. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters
Firewall
Rotation?
Datagram length of a UDP packet
The goals of cryptography
38. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0
the application layer
What threats should be protected against - based on threat levels
COM/Script program infector
What range is a class B network?
39. Network traffic to the host - typically listens on all interface - uses signature analysis to identify events of interest
HIDS monitor
Kismet
Group
Internet
40. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector
The Uniform Protection to defense in depth
Log monitoring work?
A netmask
The threat vector analysis in defense in depth
41. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls
Group
Some firewall challenges
Types of ATM virtual circuits
Some malware capabilities
42. free windows based wireless scanner for 802.1b - detects access point settings - supports GSP integration - identifies networks as encrypted or unencrypted
Network stumbler
What's a VLAN
The CIA triad
A network protocol
43. Stateful firewalls maintain state of traffic flows
PAN
The transport layer
Stateful firewall
The TCP/IP model
44. CIDR is a shorthand way of specifying which portion of the address is the network - and which portion is the host
Browsing attack
CIDR
Some honeypot advantages
The Uniform Protection to defense in depth
45. Weakness in a system - inherent in a complex system - majority are due to poor coding - gateway by which threats are manifested
Vulnerabilities
Some firewall benefits
Bridge
Integrity of Data
46. War dialing - war driving - Sniffing - eavesdropping - dumpster diving - social engineering
Some types of malicious code
Firewall
Remote maintenance
Some Pen Test techniques
47. A spoofed IP is used to send a SYN to the target. It then responds with a SYN/ACK that never receives the final ACK to complete the handshake. This occupies a portion of the target's pre-established buffer for TCP and can prevent the target from acce
The Information Centric defense in depth
SYN flood
Vulnerabilities
COM/Script program infector
48. Trying to ID modems in a telephone exchange that may be susceptible to compromise
WAN
HIDS monitor
War Dialing
Some disadvantages of honeypots
49. fast - with little fidelity - examines header information and limited payload data
Address Resolution Protocol (ARP)
The transport layer
Shallow packet inspection
What categories do vulnerabilities fall into?
50. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con
The conficker worm
Deep packet inspection
ATM work
UDP packet headers