Test your basic knowledge |

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Malware - insider threat - natural disaster - terrorism - pandemic






2. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored






3. Message in its encrypted form






4. NTP - BootP/DHCP - NFS file systems - SNMP - TFTP






5. Stateful firewalls maintain state of traffic flows






6. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability






7. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum






8. Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.






9. Work groups that require additional protection are segmented from the rest of the internal organization - restricting access to critical segments - system of VPNs - internal firewall - VLANs and ACLs






10. OSI






11. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code






12. Netmasks or subnets provide a method for identifying what portion of an address is the network - and what portion is the host






13. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS






14. Protocol for mapping an IP address to a physical machine address that is recognized on the local network - A table - usually called the ARP cache - is used to maintain a correlation between each MAC and it's corresponding IP address






15. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment






16. A system resource that has no legitimate purpose or reason for someone to connect to it - its purpose is to draw in attackers to understand how they break into a system






17. One is for talking - one is for implementing






18. 192.0.0.0 through 223.255.255.255 - subnet mask of 255.255.255.0






19. Identify critical assets and provide layered protection - data is accessed by applications - applications reside on hosts - hosts operate on networks






20. It interacts with the application layer to determine which network services will be required






21. Prepends to the beginning of the file and gains control when the first instruction of the infected COM file is executed - appending to the end - virus writes its payload to the end and inserts jump instruction as the first instruction - which execute






22. Connects many WANs - MANs - and LANs - provided via ISP






23. 1 and 2 - Voice/Low speed data - 3 - Voice/Data 10Mb - 4 - Voice/Data 16Mb - 5 - 5e - Voice/Data 100Mb to 1Gb - 6 - Standard for gigabit






24. Infected millions through various methods - vulnerability in the MS Server Service - brute force admin password through network shares - infect removable devices with a malicious autorun script






25. Unencrypted message in its original form






26. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0






27. Considered to be a perimeter device






28. Anonymous FTP - FTP passes through clear text - Bounce attacks with the PORT command - user can cause an FTP to open a connection from the FTP's own commands and bypass a firewall






29. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input






30. It allows the transport layer to detect when the UDP headers or the payload have been modified in transit






31. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management






32. Attaches itself to existing program files and activated when the exe is launched






33. Going around with equipment to detect wireless networks






34. Provides insight into the tactics - motives - and attacker tools






35. Metropolitan area network - spans across city or town - larger than a LAN - uses fiber for backbone






36. It makes sure the data sent from one side to the other is in a format useful to the other side






37. Outside attack from network - Outsider attack from telephone - Insider attack from local network - insider attack from local system - attack from malicious code






38. Unified data carrying service - replacing from replay and ATM






39. Trying to ID modems in a telephone exchange that may be susceptible to compromise






40. Publish separate mail - web - and DNS servers to the internet - provide appropriate access from internal network to internet - protect internal from external attack - provide defense in depth - protect all aspects of the system






41. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS






42. 53 - DNS - 67 - BootP - 68 - BootP - 69 - TFTP - 123- NTP - 137-139 NBT - 161 - SNMP - 162 - SNMP - 2049 - NFS






43. Handles transmissions across the physical media like wires - fiber - etc






44. An attacker spoofs the victim's IP and sends an ICMP ECHO request to the broadcast address of a network. When every system responds - a DoS occurs.






45. destruction of data - leaking confidential information - providing backdoor access






46. Free linux WLAN analysis tool - completely passive - cannot be detected - supports advanced GPS integration and mapping features - used for wardriving - WLAN vulerability assessment






47. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection






48. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring






49. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.






50. An attacker recruits zombie systems ahead of time to simultaneously release a flood of traffic at a specific target.