SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Outside attack from network - Outsider attack from telephone - Insider attack from local network - insider attack from local system - attack from malicious code
Address Resolution Protocol (ARP)
The five threat vectors
Browsing attack
The four basic approaches to defense in depth
2. Most commonly used transport protocol today - ensures reliable packet delivery - has error handling built in
LAN
The OSI model
Overview of TCP
Total cell size for asynchronous transfer mode (ATM)
3. Not frequently seen on LANs because of expense - because of its traffic predictability and high bandwidth support - it's good for video streaming - encapsulates common protocols - uses virtual path identifiers to create end to end connectivity - has
Some malware propagation techniques
The OSI Protocol Stack
Asynchronous Transfer Mode
Arbitrary substitution
4. Isolates systems when they initially connect to the network - allows systems to be scanned and checked prior to being put on a trusted segment
When setting up a virtual circuit
NAC
Browsing attack
Network stumbler
5. fast - with little fidelity - examines header information and limited payload data
3-way handshake
Logic bomb
Kismet
Shallow packet inspection
6. It interacts with the application layer to determine which network services will be required
Denial of service
IDS signature analysis work
the application layer
The Uniform Protection to defense in depth
7. Full open - half open (stealth scan) - UDP - Ping
the application layer
Types of viruses
When implementing protocols - what stack should be used?
Nmap scanning techniques
8. Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer
Total cell size for asynchronous transfer mode (ATM)
Port scan
NIDS challenges
The OSI model
9. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability
Address Resolution Protocol (ARP)
The network layer
Some disadvantages of honeypots
IDS data normalization
10. Very simplistic. All systems are attached to the same cable segment. Rarely used because they're unreliable - low fault tolerance - poor traffic isolation - with limited scalability
What threats should be protected against - based on threat levels
Some external threat concerns
CIDR
Bus Topology
11. Malware - insider threat - natural disaster - terrorism - pandemic
TFTP
Some other UDP based protocols
The goals of cryptography
What primary threats should be protected against
12. 1 and 2 - Voice/Low speed data - 3 - Voice/Data 10Mb - 4 - Voice/Data 16Mb - 5 - 5e - Voice/Data 100Mb to 1Gb - 6 - Standard for gigabit
PAN
Asynchronous Transfer Mode
CIDR
The different cable categories
13. An attacker recruits zombie systems ahead of time to simultaneously release a flood of traffic at a specific target.
Some other UDP based protocols
Some honeypot advantages
DDoS attack
The difference in stacks
14. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum
Trap door
Multi protocol label switching
What range is a class C network?
UDP packet headers
15. Personal area network - phone tethering - bluetooth - etc
PAN
Macro virus
COM/Script program infector
Best way to protect wireless networks
16. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process
Some common TCP ports
Denial of service
TFTP
Port scan
17. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0
File Integrity checking work
Plaintext
What range is a class B network?
What primary threats should be protected against
18. packet filter firewalls rely on TCP flags to determine connection state. Attacker can send ACK packets only to bypass firewall.
Brute force
NIDS challenges
When talking about protocols and referencing layers - what stack is used
No State Inspection ACK flag set
19. Allows segmentation of a switch into different networks - regardless of where a system is plugged in - creates separate networks through software not hardware
20. Confidentiality - integrity - availability
Address Resolution Protocol (ARP)
The three goals of security
What range is a class A network?
Honeypot
21. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.
A network protocol
Stateless packet filter
Log monitoring work?
Ack Piggybacking
22. Small program triggered by an event that provides an action. E.g. scheduled file removal if countdown isn't reset - ie: employee was fired
Logic bomb
PAN
Parasitic malware
The transport layer
23. rules indicate criteria in packets that represent events of interest - rules are applied to packets as they are received - alerts are created when matches are found
IDS signature analysis work
The four basic approaches to defense in depth
When talking about protocols and referencing layers - what stack is used
Some FTP dangers
24. Provides insight into the tactics - motives - and attacker tools
Parasitic malware
Anomaly analysis work
Defense in depth
Some honeypot advantages
25. TCP/IP - the IP protoco - The core routing protocol of the internet - - deals with transmission of packets between end points - defines the addressing scheme for the internet
To establish a TCP session
Firewall
A network protocol
When implementing protocols - what stack should be used?
26. An appliance that controls access between public internet and a companies private network - or between a PC NIC and the rest of the PC.
LAN
Firewall
What range is a class C network?
The four types of events reported by IDS
27. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment
Best way to protect wireless networks
IDS not
File Integrity checking work
Arbitrary substitution
28. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols
Best way to protect wireless networks
IDS data normalization
Kismet
Router
29. logic bomb - trojan horse - trap door
The OSI Protocol Stack
IDS
EXE program infector
Some types of malicious code
30. Unified data carrying service - replacing from replay and ATM
A netcat listener
What ways should the crypto key be protected?
Hping
Multi protocol label switching
31. Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.
What range is a class B network?
Trojan horse
The network layer
Some firewall challenges
32. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS
Some external threat concerns
Worms
Program infector
Honeyd
33. Attaches itself to existing program files and activated when the exe is launched
To establish a TCP session
The OSI Protocol Stack
Program infector
UDP packet headers
34. Uniform protection - protected enclaves - information centric - threat vector analysis
IDS data normalization
UDP packet headers
The four basic approaches to defense in depth
Hping
35. An attempt to gain access by bombarding it with guesses until the password is found.
Trap door
Some other UDP based protocols
Brute force
Rotation?
36. Attempt to manipulate or trick a person into providing information or access - bypass network security by exploiting humans - vector is often outside attack by telephone or visitor inside
NIDS challenges
Nmap
Social engineering
War Dialing
37. Used for connecting two physical segments of a network - segments traffic - breaks up collision domains - not generally used because of switches
Bus Topology
The Uniform Protection to defense in depth
Bridge
The network layer
38. Network traffic to the host - typically listens on all interface - uses signature analysis to identify events of interest
HIDS monitor
War Dialing
Datagram length of a UDP packet
The different cable categories
39. Take the file and try to compress it. If it compresses - it means there is a pattern and it's more easily crackable
40. destruction of data - leaking confidential information - providing backdoor access
The five threat vectors
NAC
When setting up a virtual circuit
Some malware capabilities
41. Going around with equipment to detect wireless networks
Wardriving
Nmap scanning techniques
To establish a TCP session
Switches
42. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring
Some honeypot advantages
Proxy or application gateway
Nmap
Some NIDS topology limitations
43. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con
NAC
ATM work
Some NIDS topology limitations
Router
44. It allows the transport layer to detect when the UDP headers or the payload have been modified in transit
Snort
IDS not
Alteration of code
Checksum in UDP
45. Identify critical assets and provide layered protection - data is accessed by applications - applications reside on hosts - hosts operate on networks
The Information Centric defense in depth
When implementing protocols - what stack should be used?
Kismet
Brute force
46. A cracking tool inserted into the OS that allows the attacker to do as they please.
Some types of malicious code
Some network design objectives
Smurf attack
Rootkit
47. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies
Honeyd
What range is a class C network?
Defense in depth
Alteration of code
48. Infected millions through various methods - vulnerability in the MS Server Service - brute force admin password through network shares - infect removable devices with a malicious autorun script
ACK piggybacking
Nmap scanning techniques
The conficker worm
Honeyd
49. Message in its encrypted form
What ways should the crypto key be protected?
Ciphertext
Some network design objectives
Hubs
50. 1. physical 2. data 3. network 4. transport 5. session 6. presentation 7. application
Checksum in UDP
The OSI Protocol Stack
Wardriving
Some NIDS topology limitations