SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Infects MBR - no network spreading potential
Boot record infector
IDS data normalization
The Uniform Protection to defense in depth
Integrity of Data
2. Simple attack done by simply browsing available information that's allowed on a local network.
Browsing attack
Race conditions
What categories do vulnerabilities fall into?
To establish a TCP session
3. Good for multimedia - can use small single packets - multicasting is required - speed is the highest priority
Port scan
Some reasons to use UDP over TCP
The three goals of security
Address resolution protocol
4. flags anomalous conditions in traffic on the network - requires understanding on what is normal - bases good traffic as a baseline
Anomaly analysis work
Router
Some malware propagation techniques
SQL Slammer Worm
5. Protocol for mapping an IP address to a physical machine address that is recognized on the local network - A table - usually called the ARP cache - is used to maintain a correlation between each MAC and it's corresponding IP address
Address Resolution Protocol (ARP)
File Integrity checking work
Some malware capabilities
Hping
6. Bits of code embedded in programs to quickly gain access at a later time
NIDS advantages
MAN
Trap door
Some common TCP ports
7. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously
Parasitic malware
The threat vector analysis in defense in depth
The difference in stacks
Hping
8. packet filter firewalls rely on TCP flags to determine connection state. Attacker can send ACK packets only to bypass firewall.
Anomaly analysis work
Honeyd
The four types of events reported by IDS
No State Inspection ACK flag set
9. Infected millions through various methods - vulnerability in the MS Server Service - brute force admin password through network shares - infect removable devices with a malicious autorun script
What range is a class C network?
Anomaly analysis work
The conficker worm
The CIA triad
10. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.
TFTP
Anomaly analysis work
Plaintext
Buffer overflow
11. Very simplistic. All systems are attached to the same cable segment. Rarely used because they're unreliable - low fault tolerance - poor traffic isolation - with limited scalability
The four basic approaches to defense in depth
Stateful firewall
Bus Topology
What range is a class B network?
12. Provides insight into traffic on the network - help detect problems with network operations - provides auditing for other security measures
NIDS advantages
IDS not
The OSI model
A netcat listener
13. Provides insight into the tactics - motives - and attacker tools
Proxy or application gateway
Multi protocol label switching
Wardriving
Some honeypot advantages
14. 1 and 2 - Voice/Low speed data - 3 - Voice/Data 10Mb - 4 - Voice/Data 16Mb - 5 - 5e - Voice/Data 100Mb to 1Gb - 6 - Standard for gigabit
Program infector
DDoS attack
Types of viruses
The different cable categories
15. Going around with equipment to detect wireless networks
To establish a TCP session
Wardriving
The OSI Protocol Stack
TFTP
16. removable media - email attachments - web browsing - social networking - network vulnerabilities - IM applications - p2p
Risk
The data link layer
Some malware propagation techniques
When setting up a virtual circuit
17. A spoofed IP is used to send a SYN to the target. It then responds with a SYN/ACK that never receives the final ACK to complete the handshake. This occupies a portion of the target's pre-established buffer for TCP and can prevent the target from acce
Some common TCP ports
SYN flood
Social engineering
The four basic approaches to defense in depth
18. An attacker spoofs the victim's IP and sends an ICMP ECHO request to the broadcast address of a network. When every system responds - a DoS occurs.
Smurf attack
TFTP
When implementing protocols - what stack should be used?
The session layer
19. 53 bytes - 48 bytes for data - 5 bytes for the header
Stateful firewall
To close a TCP session
Trap door
Total cell size for asynchronous transfer mode (ATM)
20. rules indicate criteria in packets that represent events of interest - rules are applied to packets as they are received - alerts are created when matches are found
Snort
TFTP
Ack Piggybacking
IDS signature analysis work
21. War dialing - war driving - Sniffing - eavesdropping - dumpster diving - social engineering
Some firewall challenges
Address resolution protocol
Some Pen Test techniques
NAC
22. OSI
Shallow packet inspection
The OSI Protocol Stack
Race conditions
When talking about protocols and referencing layers - what stack is used
23. Allows segmentation of a switch into different networks - regardless of where a system is plugged in - creates separate networks through software not hardware
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
24. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum
File integrity checking work
The Information Centric defense in depth
Best way to protect wireless networks
UDP packet headers
25. Attaches itself to existing program files and activated when the exe is launched
Checksum in UDP
Some external threat concerns
Program infector
ATM work
26. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP
No State Inspection ACK flag set
IDS data normalization
Port scan
Logic bomb
27. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks
Integrity of Data
The five threat vectors
SQL Slammer Worm
EXE program infector
28. keeps the same letters - but changes the position within the text - easy to break - can be combined with substitution
Address Resolution Protocol (ARP)
Permutation
Some reasons to use UDP over TCP
Best way to protect wireless networks
29. Work groups that require additional protection are segmented from the rest of the internal organization - restricting access to critical segments - system of VPNs - internal firewall - VLANs and ACLs
IDS
Vulnerabilities
The CIA triad
The protected enclave to defense in depth
30. Identify critical assets and provide layered protection - data is accessed by applications - applications reside on hosts - hosts operate on networks
The Information Centric defense in depth
The conficker worm
ATM work
the application layer
31. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0
What threats should be protected against - based on threat levels
What range is a class A network?
What range is a class C network?
Best way to protect wireless networks
32. Attacks systems through known vulnerabilities - automatically scans for more systems to attack - lowers system defenses - installs rootkit or root shell - opens up back doors - self contained malware that can copy itself
PAN
HIDS monitor
Worms
What ways should the crypto key be protected?
33. Maintains complete TCP connection state and sequencing through 2 connections - address translation built-in by virtue of second connection above
Some reasons to use UDP over TCP
The TCP/IP model
Multi protocol label switching
Proxy or application gateway
34. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535
Datagram length of a UDP packet
Some Pen Test techniques
WAN
Plaintext
35. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere
The TCP/IP model
A blind FTP
UDP packet headers
Remote maintenance
36. Relies on executable code insertion and user interaction to spread
The four basic approaches to defense in depth
Trojan horse
The OSI Protocol Stack
Parasitic malware
37. Full open - half open (stealth scan) - UDP - Ping
Multi protocol label switching
The protected enclave to defense in depth
Nmap scanning techniques
NIDS advantages
38. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector
Arbitrary substitution
Some malware propagation techniques
The threat vector analysis in defense in depth
The five threat vectors
39. Outside attack from network - Outsider attack from telephone - Insider attack from local network - insider attack from local system - attack from malicious code
Hubs
SQL Slammer Worm
The five threat vectors
Ciphertext
40. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies
SYN flood
Some other UDP based protocols
Defense in depth
What's an easy way to test encryption?
41. A cracking tool inserted into the OS that allows the attacker to do as they please.
Rootkit
3-way handshake
Some reasons to use UDP over TCP
Honeypot
42. TCP/IP - the IP protoco - The core routing protocol of the internet - - deals with transmission of packets between end points - defines the addressing scheme for the internet
What range is a class B network?
When implementing protocols - what stack should be used?
Ack Piggybacking
Hping
43. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection
Brute force
Some firewall benefits
Internet
WAN
44. Weakness in a system - inherent in a complex system - majority are due to poor coding - gateway by which threats are manifested
Deep packet inspection
Denial of service
Vulnerabilities
Rootkit
45. Hash Authentication - asymmetric - non repudiation - digital signature - hash + asymmetry
The TCP/IP model
The goals of cryptography
Bus Topology
Integrity of Data
46. Handles transmissions across the physical media like wires - fiber - etc
A blind FTP
The physical layer stack
Some disadvantages of honeypots
Some reasons to use TCP over UDP
47. Intellectual property - business goals - validated data - historical
NAC
Logic bomb
What threats should be protected against - based on threat levels
Log monitoring work?
48. Replicates traffic onto all ports - no traffic monitoring - cannot control which ports should or shouldn't receive frames - forming a large collision domain.
Deep packet inspection
Hubs
What categories do vulnerabilities fall into?
To close a TCP session
49. local area network - small network confined to small location - all equipment owned by a single entity - vulnerable to inside threats and logic bombs
The data link layer
LAN
The threat vector analysis in defense in depth
Trojan horse
50. -Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom
Nmap scanning techniques
Some external threat concerns
IDS
Remote maintenance