SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. It interacts with the application layer to determine which network services will be required
the application layer
The different cable categories
Address Resolution Protocol (ARP)
War Dialing
2. Infects MBR - no network spreading potential
Vulnerabilities
Social engineering
Total cell size for asynchronous transfer mode (ATM)
Boot record infector
3. ATM supports two types of virtual circuits: permanent virtual circuits and switches virtual circuit - PVC is set up in advance - usually manually - SVC is established automatically through a signaling protocol and can be created on the fly - establis
Denial of service
What ways should the crypto key be protected?
Types of ATM virtual circuits
OS Command Injection defenses
4. TCP/IP - the IP protoco - The core routing protocol of the internet - - deals with transmission of packets between end points - defines the addressing scheme for the internet
Shallow packet inspection
When implementing protocols - what stack should be used?
Stateful firewall
File Integrity checking work
5. Allows segmentation of a switch into different networks - regardless of where a system is plugged in - creates separate networks through software not hardware
6. An appliance that controls access between public internet and a companies private network - or between a PC NIC and the rest of the PC.
Firewall
The five threat vectors
What's a VLAN
PAN
7. Means multiple iterations won't matter. If you encrypt with a key - then re-encrypt - it's the same as using one key.
ATM work
What ways should the crypto key be protected?
Trojan horse
Group
8. Good for multimedia - can use small single packets - multicasting is required - speed is the highest priority
Macro virus
The protected enclave to defense in depth
Some reasons to use UDP over TCP
What range is a class C network?
9. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks
The transport layer
SQL Slammer Worm
Rootkit
Remote maintenance
10. Simple attack done by simply browsing available information that's allowed on a local network.
Some honeypot advantages
Browsing attack
File Integrity checking work
The five threat vectors
11. 1. physical 2. data 3. network 4. transport 5. session 6. presentation 7. application
The OSI Protocol Stack
The difference in stacks
Deep packet inspection
Macro virus
12. Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.
Snort
Trojan horse
the application layer
Address resolution protocol
13. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector
Datagram length of a UDP packet
PAN
Macro virus
The threat vector analysis in defense in depth
14. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input
A blind FTP
OS Command Injection defenses
Some malware capabilities
HIDS monitor
15. Protocol for mapping an IP address to a physical machine address that is recognized on the local network - A table - usually called the ARP cache - is used to maintain a correlation between each MAC and it's corresponding IP address
Address resolution protocol
The different cable categories
Address Resolution Protocol (ARP)
the application layer
16. Network scanner.
The five threat vectors
COM/Script program infector
Nmap
Types of ATM virtual circuits
17. Take the file and try to compress it. If it compresses - it means there is a pattern and it's more easily crackable
18. CIDR is a shorthand way of specifying which portion of the address is the network - and which portion is the host
CIDR
Browsing attack
EXE program infector
Group
19. A cracking tool inserted into the OS that allows the attacker to do as they please.
Brute force
Honeypot
Buffer overflow
Rootkit
20. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum
MAN
UDP packet headers
File integrity checking work
Bridge
21. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.
Stateless packet filter
NIDS advantages
Types of viruses
Some other UDP based protocols
22. Considered to be a perimeter device
To close a TCP session
Asynchronous Transfer Mode
Router
File Integrity checking work
23. Unencrypted message in its original form
Social engineering
Boot record infector
The network layer
Plaintext
24. It makes sure the data sent from one side to the other is in a format useful to the other side
No State Inspection ACK flag set
The presentation layer
Vulnerabilities
The three goals of security
25. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously
Switches
Hping
Shallow packet inspection
The physical layer stack
26. A list of files is defined that should be monitored for a change - HIDS software calculates a one-way hash for each file - if a change is made to the file - the hash is changed
File integrity checking work
The difference in stacks
TFTP
Some types of malicious code
27. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.
When implementing protocols - what stack should be used?
Firewall
Buffer overflow
NIDS challenges
28. Provides insight into the tactics - motives - and attacker tools
COM/Script program infector
Some honeypot advantages
Macro virus
Integrity of Data
29. Trivial File Transfer Protocol - method to transfer files from one device to another without needing authentication
Worms
TFTP
Remote maintenance
Vulnerabilities
30. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS
Some malware capabilities
Nmap scanning techniques
The OSI Protocol Stack
Honeyd
31. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code
EXE program infector
Stateless packet filter
Alteration of code
Remote maintenance
32. Connects many WANs - MANs - and LANs - provided via ISP
Plaintext
Internet
IDS
What threats should be protected against - based on threat levels
33. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules
What range is a class B network?
What range is a class C network?
Snort
What range is a class A network?
34. Handles transmissions across the physical media like wires - fiber - etc
Ack Piggybacking
Boot record infector
The physical layer stack
DDoS attack
35. Attempt to manipulate or trick a person into providing information or access - bypass network security by exploiting humans - vector is often outside attack by telephone or visitor inside
ACK piggybacking
COM/Script program infector
Social engineering
Honeypot
36. It handles the establishment and maintenance of connections between systems
Port scan
What ways should the crypto key be protected?
A network protocol
The session layer
37. packet filter firewalls rely on TCP flags to determine connection state. Attacker can send ACK packets only to bypass firewall.
File Integrity checking work
To close a TCP session
What's an easy way to test encryption?
No State Inspection ACK flag set
38. The Practice of sending an ACK inside another packet going to the same destination
Denial of service
Ack Piggybacking
The OSI Protocol Stack
IDS data normalization
39. Infected millions through various methods - vulnerability in the MS Server Service - brute force admin password through network shares - infect removable devices with a malicious autorun script
Types of viruses
The conficker worm
When talking about protocols and referencing layers - what stack is used
Defense in depth
40. Replicates traffic onto all ports - no traffic monitoring - cannot control which ports should or shouldn't receive frames - forming a large collision domain.
Port scan
Some NIDS topology limitations
Hubs
HIDS monitor
41. Simplest form of a research honeypot - useful in identifying nature of TCP scans - allows attacker to complete 3-way handshake - listens on a defined port - logs incoming requests for analysis
Browsing attack
A netcat listener
Proxy or application gateway
Nmap scanning techniques
42. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols
Hping
Log monitoring work?
IDS data normalization
What's an easy way to test encryption?
43. Work groups that require additional protection are segmented from the rest of the internal organization - restricting access to critical segments - system of VPNs - internal firewall - VLANs and ACLs
NAC
Some types of malicious code
The protected enclave to defense in depth
Firewall
44. Parasitic malware - boot record infector - macro - COM/Script program infector - EXE program infector
To close a TCP session
Anomaly analysis work
Wardriving
Types of viruses
45. One is for talking - one is for implementing
Nmap scanning techniques
Some common TCP ports
Kismet
The difference in stacks
46. Prepends to the beginning of the file and gains control when the first instruction of the infected COM file is executed - appending to the end - virus writes its payload to the end and inserts jump instruction as the first instruction - which execute
COM/Script program infector
A netcat listener
Network stumbler
Macro virus
47. Worms and Wireless - modems - tunnel anything through HTTP - social engineering
IDS data normalization
Bus Topology
Some ways to bypass firewall protections
Logic bomb
48. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring
No State Inspection ACK flag set
Some reasons to use UDP over TCP
DDoS attack
Some NIDS topology limitations
49. Confidentiality - integrity - availability
Checksum in UDP
Some Pen Test techniques
The CIA triad
Rotation?
50. Uses a 1 to 1 substitution of arbitrary numbers - given a one character mapping - you cannot determine the key
Arbitrary substitution
TFTP
Total cell size for asynchronous transfer mode (ATM)
The transport layer