SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. TCP/IP - the IP protoco - The core routing protocol of the internet - - deals with transmission of packets between end points - defines the addressing scheme for the internet
The four types of events reported by IDS
Defense in depth
When implementing protocols - what stack should be used?
The Information Centric defense in depth
2. Publish separate mail - web - and DNS servers to the internet - provide appropriate access from internal network to internet - protect internal from external attack - provide defense in depth - protect all aspects of the system
Some common TCP ports
Some firewall benefits
Some network design objectives
Multi protocol label switching
3. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies
Defense in depth
Rotation?
Checksum in UDP
What ways should the crypto key be protected?
4. Protocol for mapping an IP address to a physical machine address that is recognized on the local network. A table - usually called the ARP cache - is used to maintain a correlation between each MAC and its corresponding IP address
Port scan
Some other UDP based protocols
Address resolution protocol
Overview of TCP
5. A time of check/time of use attack that exploits the difference in between when a security control was applied and the time the service was used.
LAN
Some types of malicious code
Race conditions
Denial of service
6. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls
Some reasons to use TCP over UDP
What threats should be protected against - based on threat levels
Some firewall challenges
WAN
7. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.
Some malware capabilities
Stateless packet filter
Some types of malicious code
Vulnerabilities
8. Connects many WANs - MANs - and LANs - provided via ISP
Permutation
Some reasons to use UDP over TCP
Internet
MAN
9. rules indicate criteria in packets that represent events of interest - rules are applied to packets as they are received - alerts are created when matches are found
Multi protocol label switching
Some network design objectives
EXE program infector
IDS signature analysis work
10. Network traffic to the host - typically listens on all interface - uses signature analysis to identify events of interest
Integrity of Data
Some ways to bypass firewall protections
ATM work
HIDS monitor
11. risk = threat x vulnerability - impossible to eliminate - security is an exercise in loss reduction
Address Resolution Protocol (ARP)
Trap door
IDS signature analysis work
Risk
12. 192.0.0.0 through 223.255.255.255 - subnet mask of 255.255.255.0
War Dialing
What range is a class C network?
What primary threats should be protected against
Alteration of code
13. Confidentiality - integrity - availability
Group
SYN flood
The network layer
The CIA triad
14. An agreement on how different computer will work - protocols define the format and order of messages and what to do upon receipt of the messages - basically the rules of the network
The OSI model
Deep packet inspection
Ack Piggybacking
A network protocol
15. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS
ATM work
Plaintext
Anomaly analysis work
Honeyd
16. Considered to be a perimeter device
Router
The Uniform Protection to defense in depth
Some common UDP ports
Some malware propagation techniques
17. A system resource that has no legitimate purpose or reason for someone to connect to it - its purpose is to draw in attackers to understand how they break into a system
Worms
Honeypot
The goals of cryptography
UDP packet headers
18. Intellectual property - business goals - validated data - historical
A blind FTP
What threats should be protected against - based on threat levels
The four basic approaches to defense in depth
Firewall
19. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored
Shallow packet inspection
A netcat listener
Log monitoring work?
Ack Piggybacking
20. Simplest form of a research honeypot - useful in identifying nature of TCP scans - allows attacker to complete 3-way handshake - listens on a defined port - logs incoming requests for analysis
3-way handshake
Nmap
A netcat listener
What range is a class B network?
21. An attacker recruits zombie systems ahead of time to simultaneously release a flood of traffic at a specific target.
Ack Piggybacking
When talking about protocols and referencing layers - what stack is used
DDoS attack
Defense in depth
22. Hash Authentication - asymmetric - non repudiation - digital signature - hash + asymmetry
Integrity of Data
Best way to protect wireless networks
Wardriving
Plaintext
23. Malware - insider threat - natural disaster - terrorism - pandemic
What primary threats should be protected against
Stateless packet filter
The transport layer
Nmap
24. A sends a SYN packet to B - B acknowledges with a SYN/ACK - A replies with ACK
The OSI Protocol Stack
The threat vector analysis in defense in depth
To close a TCP session
3-way handshake
25. It handles the establishment and maintenance of connections between systems
The session layer
Shallow packet inspection
The threat vector analysis in defense in depth
Ack Piggybacking
26. Free linux WLAN analysis tool - completely passive - cannot be detected - supports advanced GPS integration and mapping features - used for wardriving - WLAN vulerability assessment
Port scan
Kismet
Log monitoring work?
Multi protocol label switching
27. Handles transmissions across the physical media like wires - fiber - etc
Shallow packet inspection
What ways should the crypto key be protected?
The physical layer stack
Plaintext
28. logic bomb - trojan horse - trap door
The presentation layer
PAN
Ack Piggybacking
Some types of malicious code
29. A cracking tool inserted into the OS that allows the attacker to do as they please.
The OSI Protocol Stack
IDS not
Rootkit
Proxy or application gateway
30. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input
OS Command Injection defenses
Buffer overflow
The difference in stacks
Network stumbler
31. Simple attack done by simply browsing available information that's allowed on a local network.
Browsing attack
Stateful firewall
Risk
UDP packet headers
32. Provides insight into the tactics - motives - and attacker tools
PAN
Some NIDS topology limitations
Some honeypot advantages
Some common TCP ports
33. War dialing - war driving - Sniffing - eavesdropping - dumpster diving - social engineering
Some Pen Test techniques
What's a VLAN
The difference in stacks
the application layer
34. Unified data carrying service - replacing from replay and ATM
What categories do vulnerabilities fall into?
Some firewall challenges
Multi protocol label switching
Arbitrary substitution
35. An FTP that allows downloads only if the user knows the exact name of the file they're looking for
The conficker worm
A network protocol
A blind FTP
Alteration of code
36. 53 bytes - 48 bytes for data - 5 bytes for the header
The Uniform Protection to defense in depth
Total cell size for asynchronous transfer mode (ATM)
Datagram length of a UDP packet
When implementing protocols - what stack should be used?
37. Trivial File Transfer Protocol - method to transfer files from one device to another without needing authentication
The three goals of security
Race conditions
The TCP/IP model
TFTP
38. OSI
Stateless packet filter
When talking about protocols and referencing layers - what stack is used
Log monitoring work?
Some NIDS topology limitations
39. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP
Port scan
The session layer
Race conditions
Stateless packet filter
40. Confidentiality - symmetric encryption
The goals of cryptography
The protected enclave to defense in depth
Stateless packet filter
Port scan
41. 1. physical 2. data 3. network 4. transport 5. session 6. presentation 7. application
NIDS advantages
Some common TCP ports
The OSI Protocol Stack
Some network design objectives
42. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks
Some common UDP ports
The physical layer stack
Honeypot
SQL Slammer Worm
43. True positive - false positive - true negative - false negative
The four types of events reported by IDS
DDoS attack
Risk
Some reasons to use UDP over TCP
44. One is for talking - one is for implementing
Parasitic malware
Datagram length of a UDP packet
The difference in stacks
No State Inspection ACK flag set
45. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability
Program infector
File integrity checking work
Address Resolution Protocol (ARP)
Some disadvantages of honeypots
46. It interacts with data and prepares it to be transmitted across the network. It ensures reliable connectivity from end-to-end
To close a TCP session
WAN
the application layer
The transport layer
47. Replicates traffic onto all ports - no traffic monitoring - cannot control which ports should or shouldn't receive frames - forming a large collision domain.
To establish a TCP session
Hubs
When setting up a virtual circuit
Wardriving
48. When someone has compromised the integrity of data or a program. Allows attackers to create backdoors.
Honeypot
Alteration of code
The network layer
Some disadvantages of honeypots
49. Most common approach - firewall - VPN - intrusion detection - AV - disk encryption - all parts of the organization receive equal protection - particularly vulnerable to malicious inside attacks
Social engineering
Total cell size for asynchronous transfer mode (ATM)
To establish a TCP session
The Uniform Protection to defense in depth
50. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code
EXE program infector
Some firewall challenges
Checksum in UDP
Multi protocol label switching
