Test your basic knowledge |

GIAC

Subjects : certifications, giac, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Four layers - Network Layer - Internet Layer - Transport Layer - Application layer
The TCP/IP model
Some Pen Test techniques
Nmap
The goals of cryptography

2. FIN 130 - ACK 131 - FIN 570 - ACK 571
Internet
War Dialing
Browsing attack
To close a TCP session

3. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS
Some common TCP ports
Overview of TCP
Some firewall benefits
To close a TCP session

4. Take the file and try to compress it. If it compresses - it means there is a pattern and it's more easily crackable

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

5. Infects MBR - no network spreading potential
Boot record infector
War Dialing
Honeypot
Address Resolution Protocol (ARP)

6. logic bomb - trojan horse - trap door
Address resolution protocol
Ciphertext
Some common TCP ports
Some types of malicious code

7. Maintains complete TCP connection state and sequencing through 2 connections - address translation built-in by virtue of second connection above
Best way to protect wireless networks
Proxy or application gateway
Parasitic malware
The OSI Protocol Stack

8. It interacts with the application layer to determine which network services will be required
Overview of TCP
the application layer
Address resolution protocol
Social engineering

9. Trying to ID modems in a telephone exchange that may be susceptible to compromise
The four basic approaches to defense in depth
Some common TCP ports
When implementing protocols - what stack should be used?
War Dialing

10. Full open - half open (stealth scan) - UDP - Ping
Honeypot
Nmap scanning techniques
Firewall
The transport layer

11. 1. physical 2. data 3. network 4. transport 5. session 6. presentation 7. application
The OSI Protocol Stack
the application layer
IDS not
TFTP

12. Not a replacement for firewalls - hardening - strong policies - or other DiD methods - low maintenance - inexpensive
Nmap
IDS not
Router
Honeypot

13. Anonymous FTP - FTP passes through clear text - Bounce attacks with the PORT command - user can cause an FTP to open a connection from the FTP's own commands and bypass a firewall
The difference in stacks
Ciphertext
Anomaly analysis work
Some FTP dangers

14. Trivial File Transfer Protocol - method to transfer files from one device to another without needing authentication
Worms
War Dialing
TFTP
The network layer

15. local area network - small network confined to small location - all equipment owned by a single entity - vulnerable to inside threats and logic bombs
Buffer overflow
Snort
Some malware capabilities
LAN

16. Switches along the path can be requested to allocate the desired amount of bandwidth. If the circuit has the required bandwidth - the circuit is set up.
Some NIDS topology limitations
The five threat vectors
Buffer overflow
When setting up a virtual circuit

17. Malware - insider threat - natural disaster - terrorism - pandemic
Total cell size for asynchronous transfer mode (ATM)
What primary threats should be protected against
CIDR
Honeyd

18. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere
Bridge
Remote maintenance
The five threat vectors
LAN

19. Most common approach - firewall - VPN - intrusion detection - AV - disk encryption - all parts of the organization receive equal protection - particularly vulnerable to malicious inside attacks
Brute force
Types of ATM virtual circuits
Some FTP dangers
The Uniform Protection to defense in depth

20. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP
Address resolution protocol
Port scan
Rootkit
War Dialing

21. Combines the functionality of a hub and bride into a single device - keeps track of MACs attached to each port
WAN
Stateless packet filter
Address Resolution Protocol (ARP)
Switches

22. Confidentiality - integrity - availability
LAN
Integrity of Data
The CIA triad
Macro virus

23. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously
Plaintext
SQL Slammer Worm
Race conditions
Hping

24. Personal area network - phone tethering - bluetooth - etc
Program infector
Some reasons to use UDP over TCP
Deep packet inspection
PAN

25. Syn - Syn/Ack - Ack
NIDS advantages
Honeyd
To establish a TCP session
Some malware capabilities

26. A sends a SYN packet to B - B acknowledges with a SYN/ACK - A replies with ACK
3-way handshake
PAN
The data link layer
A netcat listener

27. Metropolitan area network - spans across city or town - larger than a LAN - uses fiber for backbone
MAN
What's a VLAN
IDS
The Information Centric defense in depth

28. Infected millions through various methods - vulnerability in the MS Server Service - brute force admin password through network shares - infect removable devices with a malicious autorun script
The conficker worm
Stateful firewall
The transport layer
Port scan

29. Confidentiality - integrity - availability
Browsing attack
The three goals of security
Some ways to bypass firewall protections
Risk

30. A cracking tool inserted into the OS that allows the attacker to do as they please.
Nmap
Program infector
Rootkit
What ways should the crypto key be protected?

31. 53 bytes - 48 bytes for data - 5 bytes for the header
The transport layer
Total cell size for asynchronous transfer mode (ATM)
SYN flood
Rotation?

32. Relies on executable code insertion and user interaction to spread
File Integrity checking work
What range is a class B network?
Parasitic malware
Trojan horse

33. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire
Asynchronous Transfer Mode
File Integrity checking work
Some firewall benefits
Rootkit

34. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters
Browsing attack
Rotation?
IDS data normalization
Bridge

35. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls
Some firewall challenges
The TCP/IP model
Some network design objectives
Alteration of code

36. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process
Some firewall benefits
Hubs
Brute force
Denial of service

37. Message in its encrypted form
Some other UDP based protocols
Ciphertext
NIDS challenges
Some malware propagation techniques

38. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored
A netcat listener
IDS signature analysis work
Log monitoring work?
What range is a class B network?

39. Uses flow control to handle network congestion - can send larger amounts of data per packet - has guaranteed delivery of transmitted data - better protection against spoofing - reduces need for error checking at higher OSI layers
Log monitoring work?
Race conditions
Kismet
Some reasons to use TCP over UDP

40. One is for talking - one is for implementing
Some reasons to use UDP over TCP
The four basic approaches to defense in depth
The difference in stacks
Best way to protect wireless networks

41. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0
The session layer
What range is a class A network?
No State Inspection ACK flag set
Some malware capabilities

42. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks
What ways should the crypto key be protected?
ACK piggybacking
Some malware propagation techniques
SQL Slammer Worm

43. Connects many WANs - MANs - and LANs - provided via ISP
CIDR
Internet
Honeypot
A netmask

44. Confidentiality - symmetric encryption
Total cell size for asynchronous transfer mode (ATM)
Some external threat concerns
The goals of cryptography
The four types of events reported by IDS

45. packet filter firewalls rely on TCP flags to determine connection state. Attacker can send ACK packets only to bypass firewall.
No State Inspection ACK flag set
When implementing protocols - what stack should be used?
Rootkit
Network stumbler

46. Not frequently seen on LANs because of expense - because of its traffic predictability and high bandwidth support - it's good for video streaming - encapsulates common protocols - uses virtual path identifiers to create end to end connectivity - has
Asynchronous Transfer Mode
Snort
Internet
Risk

47. Prepends to the beginning of the file and gains control when the first instruction of the infected COM file is executed - appending to the end - virus writes its payload to the end and inserts jump instruction as the first instruction - which execute
Nmap
The goals of cryptography
COM/Script program infector
Honeypot

48. Stateful firewalls maintain state of traffic flows
Stateful firewall
Some Pen Test techniques
The five threat vectors
No State Inspection ACK flag set

49. Intellectual property - business goals - validated data - historical
TFTP
Hping
UDP packet headers
What threats should be protected against - based on threat levels

50. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability
SQL Slammer Worm
Some disadvantages of honeypots
Log monitoring work?
What range is a class A network?