SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. True positive - false positive - true negative - false negative
A network protocol
Ack Piggybacking
The transport layer
The four types of events reported by IDS
2. Wide Area Network - Larger than MAN or LAN - uses public network - phone lines - and leased lines to tie LAN and MAN over a dispersed area
WAN
Buffer overflow
COM/Script program infector
Risk
3. Hash Authentication - asymmetric - non repudiation - digital signature - hash + asymmetry
Integrity of Data
Stateless packet filter
Rootkit
File integrity checking work
4. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input
OS Command Injection defenses
Some Pen Test techniques
Brute force
Parasitic malware
5. free windows based wireless scanner for 802.1b - detects access point settings - supports GSP integration - identifies networks as encrypted or unencrypted
The transport layer
Network stumbler
IDS data normalization
The goals of cryptography
6. Intellectual property - business goals - validated data - historical
IDS
When setting up a virtual circuit
What threats should be protected against - based on threat levels
The OSI model
7. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability
Arbitrary substitution
Some disadvantages of honeypots
Ciphertext
Internet
8. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls
Nmap
Smurf attack
Some firewall challenges
Firewall
9. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS
OS Command Injection defenses
Some common TCP ports
The network layer
Some other UDP based protocols
10. Free linux WLAN analysis tool - completely passive - cannot be detected - supports advanced GPS integration and mapping features - used for wardriving - WLAN vulerability assessment
Multi protocol label switching
Log monitoring work?
No State Inspection ACK flag set
Kismet
11. Isolates systems when they initially connect to the network - allows systems to be scanned and checked prior to being put on a trusted segment
File integrity checking work
NAC
Some NIDS topology limitations
Address Resolution Protocol (ARP)
12. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire
Honeyd
3-way handshake
File Integrity checking work
Browsing attack
13. Connects the physical part of the network (cables) with the abstract (packets and datastreams)
Boot record infector
Best way to protect wireless networks
The data link layer
Types of viruses
14. A time of check/time of use attack that exploits the difference in between when a security control was applied and the time the service was used.
To establish a TCP session
Race conditions
Address resolution protocol
Macro virus
15. Attaches itself to existing program files and activated when the exe is launched
Program infector
Arbitrary substitution
When talking about protocols and referencing layers - what stack is used
What categories do vulnerabilities fall into?
16. 1. physical 2. data 3. network 4. transport 5. session 6. presentation 7. application
Arbitrary substitution
Overview of TCP
Bus Topology
The OSI Protocol Stack
17. Publish separate mail - web - and DNS servers to the internet - provide appropriate access from internal network to internet - protect internal from external attack - provide defense in depth - protect all aspects of the system
Some network design objectives
Hubs
Bridge
What categories do vulnerabilities fall into?
18. Work groups that require additional protection are segmented from the rest of the internal organization - restricting access to critical segments - system of VPNs - internal firewall - VLANs and ACLs
The protected enclave to defense in depth
IDS not
The threat vector analysis in defense in depth
WAN
19. Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.
Total cell size for asynchronous transfer mode (ATM)
Trojan horse
IDS
Ack Piggybacking
20. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.
What ways should the crypto key be protected?
Buffer overflow
When setting up a virtual circuit
ACK piggybacking
21. It allows the transport layer to detect when the UDP headers or the payload have been modified in transit
Some honeypot advantages
Checksum in UDP
IDS data normalization
Defense in depth
22. Trying to ID modems in a telephone exchange that may be susceptible to compromise
Rotation?
Trojan horse
Some types of malicious code
War Dialing
23. TCP/IP - the IP protoco - The core routing protocol of the internet - - deals with transmission of packets between end points - defines the addressing scheme for the internet
Internet
IDS
Some NIDS topology limitations
When implementing protocols - what stack should be used?
24. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector
The threat vector analysis in defense in depth
What ways should the crypto key be protected?
Bus Topology
Program infector
25. destruction of data - leaking confidential information - providing backdoor access
Vulnerabilities
Group
Some malware capabilities
Stateless packet filter
26. local area network - small network confined to small location - all equipment owned by a single entity - vulnerable to inside threats and logic bombs
LAN
Plaintext
A netcat listener
Some ways to bypass firewall protections
27. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0
Checksum in UDP
SQL Slammer Worm
What range is a class A network?
A network protocol
28. A sends a SYN packet to B - B acknowledges with a SYN/ACK - A replies with ACK
Integrity of Data
Some common TCP ports
Switches
3-way handshake
29. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring
File Integrity checking work
Macro virus
Some NIDS topology limitations
A network protocol
30. Prepends to the beginning of the file and gains control when the first instruction of the infected COM file is executed - appending to the end - virus writes its payload to the end and inserts jump instruction as the first instruction - which execute
COM/Script program infector
Social engineering
ATM work
Shallow packet inspection
31. Not a replacement for firewalls - hardening - strong policies - or other DiD methods - low maintenance - inexpensive
IDS not
What range is a class A network?
Some malware capabilities
COM/Script program infector
32. Unencrypted message in its original form
Some disadvantages of honeypots
Plaintext
A netcat listener
Internet
33. Confidentiality - integrity - availability
MAN
IDS
Some Pen Test techniques
The CIA triad
34. It handles the establishment and maintenance of connections between systems
The session layer
CIDR
Race conditions
A network protocol
35. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0
The TCP/IP model
What range is a class B network?
Snort
Smurf attack
36. CIDR is a shorthand way of specifying which portion of the address is the network - and which portion is the host
Some reasons to use TCP over UDP
Some firewall challenges
OS Command Injection defenses
CIDR
37. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere
Remote maintenance
Program infector
Social engineering
The five threat vectors
38. Good for multimedia - can use small single packets - multicasting is required - speed is the highest priority
Some reasons to use UDP over TCP
Address Resolution Protocol (ARP)
Snort
Port scan
39. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.
What range is a class A network?
NAC
Some external threat concerns
Stateless packet filter
40. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum
ATM work
The conficker worm
UDP packet headers
Some malware capabilities
41. Going around with equipment to detect wireless networks
WAN
Some common UDP ports
Vulnerabilities
Wardriving
42. It makes sure the data sent from one side to the other is in a format useful to the other side
3-way handshake
The presentation layer
Vulnerabilities
Hping
43. Netmasks or subnets provide a method for identifying what portion of an address is the network - and what portion is the host
WAN
When setting up a virtual circuit
UDP packet headers
A netmask
44. fast - with little fidelity - examines header information and limited payload data
COM/Script program infector
Types of viruses
Shallow packet inspection
Vulnerabilities
45. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS
UDP packet headers
What categories do vulnerabilities fall into?
The different cable categories
Honeyd
46. An agreement on how different computer will work - protocols define the format and order of messages and what to do upon receipt of the messages - basically the rules of the network
A network protocol
Address resolution protocol
Snort
COM/Script program infector
47. A cracking tool inserted into the OS that allows the attacker to do as they please.
Rootkit
Hubs
Group
Stateless packet filter
48. An appliance that controls access between public internet and a companies private network - or between a PC NIC and the rest of the PC.
Some NIDS topology limitations
Some reasons to use UDP over TCP
Switches
Firewall
49. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process
ATM work
Alteration of code
Hping
Denial of service
50. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters
What range is a class A network?
Rotation?
A network protocol
Stateless packet filter