Test your basic knowledge |

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. It makes sure the data sent from one side to the other is in a format useful to the other side






2. Anonymous FTP - FTP passes through clear text - Bounce attacks with the PORT command - user can cause an FTP to open a connection from the FTP's own commands and bypass a firewall






3. logic bomb - trojan horse - trap door






4. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector






5. Attempt to manipulate or trick a person into providing information or access - bypass network security by exploiting humans - vector is often outside attack by telephone or visitor inside






6. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS






7. Replicates traffic onto all ports - no traffic monitoring - cannot control which ports should or shouldn't receive frames - forming a large collision domain.






8. Simple attack done by simply browsing available information that's allowed on a local network.






9. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input






10. An agreement on how different computer will work - protocols define the format and order of messages and what to do upon receipt of the messages - basically the rules of the network






11. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere






12. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.






13. local area network - small network confined to small location - all equipment owned by a single entity - vulnerable to inside threats and logic bombs






14. OSI






15. One is for talking - one is for implementing






16. Used for connecting two physical segments of a network - segments traffic - breaks up collision domains - not generally used because of switches






17. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS






18. True positive - false positive - true negative - false negative






19. An attempt to gain access by bombarding it with guesses until the password is found.






20. Small program triggered by an event that provides an action. E.g. scheduled file removal if countdown isn't reset - ie: employee was fired






21. Slow - requires stateful data tracking - inspects all fields - including variable-length fields






22. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process






23. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks






24. Message in its encrypted form






25. Handles transmissions across the physical media like wires - fiber - etc






26. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con






27. Intrusion detection system - it reports attacks against monitored systems/networks






28. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies






29. Full open - half open (stealth scan) - UDP - Ping






30. 192.0.0.0 through 223.255.255.255 - subnet mask of 255.255.255.0






31. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols






32. flags anomalous conditions in traffic on the network - requires understanding on what is normal - bases good traffic as a baseline






33. Connects the physical part of the network (cables) with the abstract (packets and datastreams)






34. Confidentiality - symmetric encryption






35. 53 bytes - 48 bytes for data - 5 bytes for the header






36. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code






37. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters






38. It interacts with the application layer to determine which network services will be required






39. An attacker recruits zombie systems ahead of time to simultaneously release a flood of traffic at a specific target.






40. Attacks systems through known vulnerabilities - automatically scans for more systems to attack - lowers system defenses - installs rootkit or root shell - opens up back doors - self contained malware that can copy itself






41. A spoofed IP is used to send a SYN to the target. It then responds with a SYN/ACK that never receives the final ACK to complete the handshake. This occupies a portion of the target's pre-established buffer for TCP and can prevent the target from acce






42. Stateful firewalls maintain state of traffic flows






43. Good for multimedia - can use small single packets - multicasting is required - speed is the highest priority






44. Worms and Wireless - modems - tunnel anything through HTTP - social engineering






45. rules indicate criteria in packets that represent events of interest - rules are applied to packets as they are received - alerts are created when matches are found






46. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules






47. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously






48. Weakness in a system - inherent in a complex system - majority are due to poor coding - gateway by which threats are manifested






49. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.






50. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0