Test your basic knowledge |

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector






2. One is for talking - one is for implementing






3. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment






4. Wide Area Network - Larger than MAN or LAN - uses public network - phone lines - and leased lines to tie LAN and MAN over a dispersed area






5. Four layers - Network Layer - Internet Layer - Transport Layer - Application layer






6. ATM supports two types of virtual circuits: permanent virtual circuits and switches virtual circuit - PVC is set up in advance - usually manually - SVC is established automatically through a signaling protocol and can be created on the fly - establis






7. Known - unknown - zero day






8. An attacker spoofs the victim's IP and sends an ICMP ECHO request to the broadcast address of a network. When every system responds - a DoS occurs.






9. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols






10. NTP - BootP/DHCP - NFS file systems - SNMP - TFTP






11. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters






12. Relies on executable code insertion and user interaction to spread






13. True positive - false positive - true negative - false negative






14. Message in its encrypted form






15. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls






16. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code






17. Bits of code embedded in programs to quickly gain access at a later time






18. destruction of data - leaking confidential information - providing backdoor access






19. Outside attack from network - Outsider attack from telephone - Insider attack from local network - insider attack from local system - attack from malicious code






20. Attacks systems through known vulnerabilities - automatically scans for more systems to attack - lowers system defenses - installs rootkit or root shell - opens up back doors - self contained malware that can copy itself






21. packet filter firewalls rely on TCP flags to determine connection state. Attacker can send ACK packets only to bypass firewall.






22. 1 and 2 - Voice/Low speed data - 3 - Voice/Data 10Mb - 4 - Voice/Data 16Mb - 5 - 5e - Voice/Data 100Mb to 1Gb - 6 - Standard for gigabit






23. Trivial File Transfer Protocol - method to transfer files from one device to another without needing authentication






24. Malware - insider threat - natural disaster - terrorism - pandemic






25. removable media - email attachments - web browsing - social networking - network vulnerabilities - IM applications - p2p






26. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con






27. Slow - requires stateful data tracking - inspects all fields - including variable-length fields






28. Take the file and try to compress it. If it compresses - it means there is a pattern and it's more easily crackable

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


29. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management






30. Uses flow control to handle network congestion - can send larger amounts of data per packet - has guaranteed delivery of transmitted data - better protection against spoofing - reduces need for error checking at higher OSI layers






31. Confidentiality - integrity - availability






32. Combines the functionality of a hub and bride into a single device - keeps track of MACs attached to each port






33. flags anomalous conditions in traffic on the network - requires understanding on what is normal - bases good traffic as a baseline






34. It interacts with the application layer to determine which network services will be required






35. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks






36. Good for multimedia - can use small single packets - multicasting is required - speed is the highest priority






37. 53 bytes - 48 bytes for data - 5 bytes for the header






38. Weakness in a system - inherent in a complex system - majority are due to poor coding - gateway by which threats are manifested






39. fast - with little fidelity - examines header information and limited payload data






40. Protocol for mapping an IP address to a physical machine address that is recognized on the local network - A table - usually called the ARP cache - is used to maintain a correlation between each MAC and it's corresponding IP address






41. It handles the establishment and maintenance of connections between systems






42. Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer






43. A system resource that has no legitimate purpose or reason for someone to connect to it - its purpose is to draw in attackers to understand how they break into a system






44. keeps the same letters - but changes the position within the text - easy to break - can be combined with substitution






45. Intrusion detection system - it reports attacks against monitored systems/networks






46. Infected millions through various methods - vulnerability in the MS Server Service - brute force admin password through network shares - infect removable devices with a malicious autorun script






47. risk = threat x vulnerability - impossible to eliminate - security is an exercise in loss reduction






48. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS






49. Spread as an office attachment with executable code programmed using macro facility - targets are data files - visual basic editor and other macro languages - payload executes when the code is launched






50. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection