Test your basic knowledge |

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire






2. Connects many WANs - MANs - and LANs - provided via ISP






3. Identify critical assets and provide layered protection - data is accessed by applications - applications reside on hosts - hosts operate on networks






4. Netmasks or subnets provide a method for identifying what portion of an address is the network - and what portion is the host






5. The Practice of sending an ACK inside another packet going to the same destination






6. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code






7. FIN 130 - ACK 131 - FIN 570 - ACK 571






8. Going around with equipment to detect wireless networks






9. flags anomalous conditions in traffic on the network - requires understanding on what is normal - bases good traffic as a baseline






10. Publish separate mail - web - and DNS servers to the internet - provide appropriate access from internal network to internet - protect internal from external attack - provide defense in depth - protect all aspects of the system






11. Work groups that require additional protection are segmented from the rest of the internal organization - restricting access to critical segments - system of VPNs - internal firewall - VLANs and ACLs






12. Provides insight into traffic on the network - help detect problems with network operations - provides auditing for other security measures






13. Considered to be a perimeter device






14. One is for talking - one is for implementing






15. removable media - email attachments - web browsing - social networking - network vulnerabilities - IM applications - p2p






16. Most commonly used transport protocol today - ensures reliable packet delivery - has error handling built in






17. Unified data carrying service - replacing from replay and ATM






18. When someone has compromised the integrity of data or a program. Allows attackers to create backdoors.






19. NTP - BootP/DHCP - NFS file systems - SNMP - TFTP






20. Attaches itself to existing program files and activated when the exe is launched






21. Spread as an office attachment with executable code programmed using macro facility - targets are data files - visual basic editor and other macro languages - payload executes when the code is launched






22. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks






23. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection






24. Protocol for mapping an IP address to a physical machine address that is recognized on the local network. A table - usually called the ARP cache - is used to maintain a correlation between each MAC and its corresponding IP address






25. Simplest form of a research honeypot - useful in identifying nature of TCP scans - allows attacker to complete 3-way handshake - listens on a defined port - logs incoming requests for analysis






26. Uses a 1 to 1 substitution of arbitrary numbers - given a one character mapping - you cannot determine the key






27. Anonymous FTP - FTP passes through clear text - Bounce attacks with the PORT command - user can cause an FTP to open a connection from the FTP's own commands and bypass a firewall






28. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input






29. Trivial File Transfer Protocol - method to transfer files from one device to another without needing authentication






30. Replicates traffic onto all ports - no traffic monitoring - cannot control which ports should or shouldn't receive frames - forming a large collision domain.






31. Small program triggered by an event that provides an action. E.g. scheduled file removal if countdown isn't reset - ie: employee was fired






32. free windows based wireless scanner for 802.1b - detects access point settings - supports GSP integration - identifies networks as encrypted or unencrypted






33. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules






34. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP






35. 53 bytes - 48 bytes for data - 5 bytes for the header






36. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability






37. A list of files is defined that should be monitored for a change - HIDS software calculates a one-way hash for each file - if a change is made to the file - the hash is changed






38. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters






39. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS






40. Handles transmissions across the physical media like wires - fiber - etc






41. Network scanner.






42. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere






43. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring






44. Confidentiality - symmetric encryption






45. Handles the network address scheme and connectivity of multiple network segments. It handles communication.






46. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment






47. A system resource that has no legitimate purpose or reason for someone to connect to it - its purpose is to draw in attackers to understand how they break into a system






48. Not a replacement for firewalls - hardening - strong policies - or other DiD methods - low maintenance - inexpensive






49. Trying to ID modems in a telephone exchange that may be susceptible to compromise






50. War dialing - war driving - Sniffing - eavesdropping - dumpster diving - social engineering