Test your basic knowledge |

GIAC

Subjects : certifications, giac, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS
Honeyd
Permutation
Logic bomb
NIDS advantages

2. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.
Checksum in UDP
Some other UDP based protocols
Stateless packet filter
Some FTP dangers

3. Confidentiality - integrity - availability
Total cell size for asynchronous transfer mode (ATM)
IDS signature analysis work
The three goals of security
Permutation

4. Known - unknown - zero day
War Dialing
What categories do vulnerabilities fall into?
Multi protocol label switching
Some reasons to use TCP over UDP

5. Allows segmentation of a switch into different networks - regardless of where a system is plugged in - creates separate networks through software not hardware

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

6. Hash Authentication - asymmetric - non repudiation - digital signature - hash + asymmetry
Hubs
Integrity of Data
Ciphertext
IDS signature analysis work

7. Syn - Syn/Ack - Ack
SYN flood
To establish a TCP session
The TCP/IP model
UDP packet headers

8. Most commonly used transport protocol today - ensures reliable packet delivery - has error handling built in
Datagram length of a UDP packet
Overview of TCP
Address resolution protocol
When implementing protocols - what stack should be used?

9. Infected millions through various methods - vulnerability in the MS Server Service - brute force admin password through network shares - infect removable devices with a malicious autorun script
Worms
Parasitic malware
The session layer
The conficker worm

10. Full open - half open (stealth scan) - UDP - Ping
Some firewall benefits
Bus Topology
What threats should be protected against - based on threat levels
Nmap scanning techniques

11. 53 - DNS - 67 - BootP - 68 - BootP - 69 - TFTP - 123- NTP - 137-139 NBT - 161 - SNMP - 162 - SNMP - 2049 - NFS
Some common UDP ports
What threats should be protected against - based on threat levels
The OSI model
Program infector

12. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code
What threats should be protected against - based on threat levels
What range is a class A network?
EXE program infector
The difference in stacks

13. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector
The threat vector analysis in defense in depth
Checksum in UDP
NIDS challenges
Denial of service

14. Work groups that require additional protection are segmented from the rest of the internal organization - restricting access to critical segments - system of VPNs - internal firewall - VLANs and ACLs
The protected enclave to defense in depth
What range is a class C network?
MAN
Rotation?

15. 53 bytes - 48 bytes for data - 5 bytes for the header
Boot record infector
What's a VLAN
Total cell size for asynchronous transfer mode (ATM)
Stateless packet filter

16. A time of check/time of use attack that exploits the difference in between when a security control was applied and the time the service was used.
Race conditions
Some malware propagation techniques
Rotation?
Some malware capabilities

17. ATM supports two types of virtual circuits: permanent virtual circuits and switches virtual circuit - PVC is set up in advance - usually manually - SVC is established automatically through a signaling protocol and can be created on the fly - establis
Defense in depth
ACK piggybacking
Types of ATM virtual circuits
Program infector

18. 192.0.0.0 through 223.255.255.255 - subnet mask of 255.255.255.0
The four types of events reported by IDS
Defense in depth
Permutation
What range is a class C network?

19. Intellectual property - business goals - validated data - historical
What's a VLAN
Checksum in UDP
Buffer overflow
What threats should be protected against - based on threat levels

20. Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.
Trojan horse
Rootkit
Vulnerabilities
WAN

21. Trivial File Transfer Protocol - method to transfer files from one device to another without needing authentication
EXE program infector
UDP packet headers
TFTP
Some common UDP ports

22. Small program triggered by an event that provides an action. E.g. scheduled file removal if countdown isn't reset - ie: employee was fired
Macro virus
Logic bomb
Boot record infector
Trojan horse

23. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols
Honeyd
Worms
Boot record infector
IDS data normalization

24. -Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom
Stateless packet filter
Defense in depth
Some external threat concerns
What primary threats should be protected against

25. Attacks systems through known vulnerabilities - automatically scans for more systems to attack - lowers system defenses - installs rootkit or root shell - opens up back doors - self contained malware that can copy itself
Types of ATM virtual circuits
Checksum in UDP
Some external threat concerns
Worms

26. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring
CIDR
Some Pen Test techniques
Some NIDS topology limitations
What categories do vulnerabilities fall into?

27. keeps the same letters - but changes the position within the text - easy to break - can be combined with substitution
Permutation
IDS data normalization
Parasitic malware
NIDS challenges

28. It handles the establishment and maintenance of connections between systems
The session layer
No State Inspection ACK flag set
To close a TCP session
DDoS attack

29. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP
War Dialing
Total cell size for asynchronous transfer mode (ATM)
Snort
Port scan

30. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS
What range is a class B network?
NIDS advantages
Stateful firewall
Some common TCP ports

31. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously
A blind FTP
What ways should the crypto key be protected?
Hping
The session layer

32. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535
To close a TCP session
Stateless packet filter
Some disadvantages of honeypots
Datagram length of a UDP packet

33. An agreement on how different computer will work - protocols define the format and order of messages and what to do upon receipt of the messages - basically the rules of the network
When setting up a virtual circuit
Defense in depth
Some common TCP ports
A network protocol

34. Combines the functionality of a hub and bride into a single device - keeps track of MACs attached to each port
War Dialing
IDS not
Switches
Nmap scanning techniques

35. Relies on executable code insertion and user interaction to spread
War Dialing
Network stumbler
Parasitic malware
The four types of events reported by IDS

36. packet filter firewalls rely on TCP flags to determine connection state. Attacker can send ACK packets only to bypass firewall.
No State Inspection ACK flag set
What primary threats should be protected against
The session layer
Rotation?

37. Unencrypted message in its original form
DDoS attack
Stateful firewall
Plaintext
What primary threats should be protected against

38. It makes sure the data sent from one side to the other is in a format useful to the other side
Ack Piggybacking
Alteration of code
The three goals of security
The presentation layer

39. destruction of data - leaking confidential information - providing backdoor access
Some malware capabilities
ACK piggybacking
Some types of malicious code
Plaintext

40. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire
File Integrity checking work
IDS signature analysis work
Some reasons to use TCP over UDP
Group

41. free windows based wireless scanner for 802.1b - detects access point settings - supports GSP integration - identifies networks as encrypted or unencrypted
The different cable categories
Network stumbler
Stateless packet filter
IDS data normalization

42. Attaches itself to existing program files and activated when the exe is launched
Program infector
UDP packet headers
SYN flood
The physical layer stack

43. Metropolitan area network - spans across city or town - larger than a LAN - uses fiber for backbone
MAN
Some external threat concerns
Datagram length of a UDP packet
The data link layer

44. Netmasks or subnets provide a method for identifying what portion of an address is the network - and what portion is the host
Honeypot
The four types of events reported by IDS
A netmask
War Dialing

45. Network scanner.
Bus Topology
Nmap
3-way handshake
What range is a class A network?

46. CIDR is a shorthand way of specifying which portion of the address is the network - and which portion is the host
Anomaly analysis work
The Information Centric defense in depth
CIDR
Some Pen Test techniques

47. Confidentiality - integrity - availability
DDoS attack
Trojan horse
The CIA triad
OS Command Injection defenses

48. logic bomb - trojan horse - trap door
Worms
Some types of malicious code
Best way to protect wireless networks
Deep packet inspection

49. Connects many WANs - MANs - and LANs - provided via ISP
Worms
Internet
A netmask
Some types of malicious code

50. An FTP that allows downloads only if the user knows the exact name of the file they're looking for
Arbitrary substitution
A blind FTP
Some reasons to use TCP over UDP
Overview of TCP