Test your basic knowledge |

GIAC

Subjects : certifications, giac, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. packet filter firewalls rely on TCP flags to determine connection state. Attacker can send ACK packets only to bypass firewall.
Rotation?
Some common UDP ports
Some malware capabilities
No State Inspection ACK flag set

2. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls
Some firewall challenges
File integrity checking work
The four basic approaches to defense in depth
Switches

3. An FTP that allows downloads only if the user knows the exact name of the file they're looking for
Trap door
IDS not
What primary threats should be protected against
A blind FTP

4. Network traffic to the host - typically listens on all interface - uses signature analysis to identify events of interest
HIDS monitor
The OSI model
Bridge
The protected enclave to defense in depth

5. Trivial File Transfer Protocol - method to transfer files from one device to another without needing authentication
TFTP
What categories do vulnerabilities fall into?
The protected enclave to defense in depth
Boot record infector

6. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment
The four types of events reported by IDS
The physical layer stack
Denial of service
Best way to protect wireless networks

7. An attempt to gain access by bombarding it with guesses until the password is found.
Log monitoring work?
LAN
Brute force
The TCP/IP model

8. Stateful firewalls maintain state of traffic flows
Trap door
Race conditions
Stateful firewall
Program infector

9. Simple attack done by simply browsing available information that's allowed on a local network.
The OSI model
Browsing attack
Defense in depth
Shallow packet inspection

10. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP
Types of ATM virtual circuits
Smurf attack
The four basic approaches to defense in depth
Port scan

11. 53 bytes - 48 bytes for data - 5 bytes for the header
Some honeypot advantages
Logic bomb
Some external threat concerns
Total cell size for asynchronous transfer mode (ATM)

12. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules
ACK piggybacking
Types of viruses
Snort
What ways should the crypto key be protected?

13. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0
Address Resolution Protocol (ARP)
The TCP/IP model
What range is a class A network?
Port scan

14. Uses a 1 to 1 substitution of arbitrary numbers - given a one character mapping - you cannot determine the key
Arbitrary substitution
Internet
OS Command Injection defenses
Logic bomb

15. Used for connecting two physical segments of a network - segments traffic - breaks up collision domains - not generally used because of switches
LAN
Checksum in UDP
Bridge
The Uniform Protection to defense in depth

16. Bits of code embedded in programs to quickly gain access at a later time
The network layer
Types of viruses
Smurf attack
Trap door

17. The Practice of sending an ACK inside another packet going to the same destination
To establish a TCP session
Ack Piggybacking
Stateless packet filter
Multi protocol label switching

18. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con
Network stumbler
Anomaly analysis work
ATM work
ACK piggybacking

19. destruction of data - leaking confidential information - providing backdoor access
SQL Slammer Worm
Some malware capabilities
Snort
LAN

20. One is for talking - one is for implementing
The difference in stacks
Best way to protect wireless networks
Some NIDS topology limitations
A netmask

21. Simplest form of a research honeypot - useful in identifying nature of TCP scans - allows attacker to complete 3-way handshake - listens on a defined port - logs incoming requests for analysis
Kismet
Buffer overflow
A netcat listener
Ack Piggybacking

22. Trying to ID modems in a telephone exchange that may be susceptible to compromise
What range is a class B network?
File Integrity checking work
The CIA triad
War Dialing

23. Known - unknown - zero day
Parasitic malware
the application layer
What categories do vulnerabilities fall into?
The network layer

24. Confidentiality - symmetric encryption
The goals of cryptography
Stateless packet filter
Firewall
The data link layer

25. Protocol for mapping an IP address to a physical machine address that is recognized on the local network. A table - usually called the ARP cache - is used to maintain a correlation between each MAC and its corresponding IP address
Permutation
Address resolution protocol
Kismet
The goals of cryptography

26. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies
HIDS monitor
Checksum in UDP
UDP packet headers
Defense in depth

27. It makes sure the data sent from one side to the other is in a format useful to the other side
The presentation layer
Remote maintenance
Ciphertext
The difference in stacks

28. Malware - insider threat - natural disaster - terrorism - pandemic
Trojan horse
Address Resolution Protocol (ARP)
What primary threats should be protected against
UDP packet headers

29. 53 - DNS - 67 - BootP - 68 - BootP - 69 - TFTP - 123- NTP - 137-139 NBT - 161 - SNMP - 162 - SNMP - 2049 - NFS
Some other UDP based protocols
The Information Centric defense in depth
What's an easy way to test encryption?
Some common UDP ports

30. CIDR is a shorthand way of specifying which portion of the address is the network - and which portion is the host
Some types of malicious code
Some reasons to use TCP over UDP
CIDR
Stateful firewall

31. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability
Macro virus
Some disadvantages of honeypots
Switches
Some FTP dangers

32. fast - with little fidelity - examines header information and limited payload data
Integrity of Data
Shallow packet inspection
What threats should be protected against - based on threat levels
Race conditions

33. Most commonly used transport protocol today - ensures reliable packet delivery - has error handling built in
Overview of TCP
Smurf attack
Parasitic malware
The five threat vectors

34. Infected millions through various methods - vulnerability in the MS Server Service - brute force admin password through network shares - infect removable devices with a malicious autorun script
NIDS challenges
The conficker worm
Some network design objectives
Macro virus

35. Wide Area Network - Larger than MAN or LAN - uses public network - phone lines - and leased lines to tie LAN and MAN over a dispersed area
The presentation layer
A netmask
Datagram length of a UDP packet
WAN

36. War dialing - war driving - Sniffing - eavesdropping - dumpster diving - social engineering
Trap door
Some reasons to use TCP over UDP
Some Pen Test techniques
Some common UDP ports

37. Uses flow control to handle network congestion - can send larger amounts of data per packet - has guaranteed delivery of transmitted data - better protection against spoofing - reduces need for error checking at higher OSI layers
Log monitoring work?
Anomaly analysis work
Wardriving
Some reasons to use TCP over UDP

38. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.
Port scan
ATM work
Shallow packet inspection
Buffer overflow

39. -Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom
Some external threat concerns
Arbitrary substitution
Logic bomb
Honeyd

40. Unencrypted message in its original form
The difference in stacks
Plaintext
Ack Piggybacking
The network layer

41. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks
Checksum in UDP
SQL Slammer Worm
The four types of events reported by IDS
Router

42. An attacker recruits zombie systems ahead of time to simultaneously release a flood of traffic at a specific target.
ACK piggybacking
HIDS monitor
Permutation
DDoS attack

43. Relies on executable code insertion and user interaction to spread
The three goals of security
Types of viruses
Parasitic malware
Snort

44. Message in its encrypted form
Some FTP dangers
Ciphertext
Macro virus
NIDS challenges

45. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input
OS Command Injection defenses
UDP packet headers
Race conditions
Router

46. Confidentiality - integrity - availability
NIDS challenges
Parasitic malware
The three goals of security
Buffer overflow

47. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management
Some malware propagation techniques
Overview of TCP
NIDS challenges
Parasitic malware

48. Netmasks or subnets provide a method for identifying what portion of an address is the network - and what portion is the host
A netmask
Logic bomb
Shallow packet inspection
Total cell size for asynchronous transfer mode (ATM)

49. Good for multimedia - can use small single packets - multicasting is required - speed is the highest priority
Some reasons to use UDP over TCP
Risk
3-way handshake
The threat vector analysis in defense in depth

50. Unified data carrying service - replacing from replay and ATM
Some common TCP ports
COM/Script program infector
Multi protocol label switching
WAN