Test your basic knowledge |

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 1. physical 2. data 3. network 4. transport 5. session 6. presentation 7. application






2. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con






3. Means multiple iterations won't matter. If you encrypt with a key - then re-encrypt - it's the same as using one key.






4. Four layers - Network Layer - Internet Layer - Transport Layer - Application layer






5. Weakness in a system - inherent in a complex system - majority are due to poor coding - gateway by which threats are manifested






6. Protocol for mapping an IP address to a physical machine address that is recognized on the local network - A table - usually called the ARP cache - is used to maintain a correlation between each MAC and it's corresponding IP address






7. Small program triggered by an event that provides an action. E.g. scheduled file removal if countdown isn't reset - ie: employee was fired






8. local area network - small network confined to small location - all equipment owned by a single entity - vulnerable to inside threats and logic bombs






9. Malware - insider threat - natural disaster - terrorism - pandemic






10. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management






11. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.






12. One is for talking - one is for implementing






13. Infects MBR - no network spreading potential






14. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols






15. Personal area network - phone tethering - bluetooth - etc






16. fast - with little fidelity - examines header information and limited payload data






17. Outside attack from network - Outsider attack from telephone - Insider attack from local network - insider attack from local system - attack from malicious code






18. An agreement on how different computer will work - protocols define the format and order of messages and what to do upon receipt of the messages - basically the rules of the network






19. A list of files is defined that should be monitored for a change - HIDS software calculates a one-way hash for each file - if a change is made to the file - the hash is changed






20. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection






21. OSI






22. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535






23. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input






24. 1 and 2 - Voice/Low speed data - 3 - Voice/Data 10Mb - 4 - Voice/Data 16Mb - 5 - 5e - Voice/Data 100Mb to 1Gb - 6 - Standard for gigabit






25. Switches along the path can be requested to allocate the desired amount of bandwidth. If the circuit has the required bandwidth - the circuit is set up.






26. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies






27. 192.0.0.0 through 223.255.255.255 - subnet mask of 255.255.255.0






28. Intellectual property - business goals - validated data - historical






29. Full open - half open (stealth scan) - UDP - Ping






30. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment






31. Slow - requires stateful data tracking - inspects all fields - including variable-length fields






32. War dialing - war driving - Sniffing - eavesdropping - dumpster diving - social engineering






33. logic bomb - trojan horse - trap door






34. Take the file and try to compress it. If it compresses - it means there is a pattern and it's more easily crackable

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


35. Prepends to the beginning of the file and gains control when the first instruction of the infected COM file is executed - appending to the end - virus writes its payload to the end and inserts jump instruction as the first instruction - which execute






36. It allows the transport layer to detect when the UDP headers or the payload have been modified in transit






37. Trying to ID modems in a telephone exchange that may be susceptible to compromise






38. Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer






39. Metropolitan area network - spans across city or town - larger than a LAN - uses fiber for backbone






40. free windows based wireless scanner for 802.1b - detects access point settings - supports GSP integration - identifies networks as encrypted or unencrypted






41. Relies on executable code insertion and user interaction to spread






42. destruction of data - leaking confidential information - providing backdoor access






43. When someone has compromised the integrity of data or a program. Allows attackers to create backdoors.






44. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere






45. NTP - BootP/DHCP - NFS file systems - SNMP - TFTP






46. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters






47. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability






48. Stateful firewalls maintain state of traffic flows






49. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process






50. Good for multimedia - can use small single packets - multicasting is required - speed is the highest priority