SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. fast - with little fidelity - examines header information and limited payload data
Shallow packet inspection
Rootkit
File integrity checking work
Logic bomb
2. Most commonly used transport protocol today - ensures reliable packet delivery - has error handling built in
Defense in depth
Overview of TCP
NIDS advantages
The three goals of security
3. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector
Firewall
The threat vector analysis in defense in depth
3-way handshake
Brute force
4. Unencrypted message in its original form
Plaintext
Some firewall challenges
MAN
Nmap scanning techniques
5. Not a replacement for firewalls - hardening - strong policies - or other DiD methods - low maintenance - inexpensive
Some types of malicious code
Permutation
Deep packet inspection
IDS not
6. Very simplistic. All systems are attached to the same cable segment. Rarely used because they're unreliable - low fault tolerance - poor traffic isolation - with limited scalability
Bus Topology
IDS
To establish a TCP session
The Uniform Protection to defense in depth
7. Full open - half open (stealth scan) - UDP - Ping
Nmap scanning techniques
Race conditions
A network protocol
When setting up a virtual circuit
8. local area network - small network confined to small location - all equipment owned by a single entity - vulnerable to inside threats and logic bombs
The session layer
To establish a TCP session
LAN
Honeypot
9. True positive - false positive - true negative - false negative
The protected enclave to defense in depth
No State Inspection ACK flag set
The four types of events reported by IDS
Stateless packet filter
10. removable media - email attachments - web browsing - social networking - network vulnerabilities - IM applications - p2p
File Integrity checking work
Stateful firewall
The OSI model
Some malware propagation techniques
11. An FTP that allows downloads only if the user knows the exact name of the file they're looking for
File Integrity checking work
Some Pen Test techniques
A blind FTP
Types of ATM virtual circuits
12. It interacts with the application layer to determine which network services will be required
When talking about protocols and referencing layers - what stack is used
Hubs
the application layer
Ack Piggybacking
13. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input
The goals of cryptography
Kismet
Checksum in UDP
OS Command Injection defenses
14. risk = threat x vulnerability - impossible to eliminate - security is an exercise in loss reduction
Vulnerabilities
Some firewall benefits
Risk
Port scan
15. 1 and 2 - Voice/Low speed data - 3 - Voice/Data 10Mb - 4 - Voice/Data 16Mb - 5 - 5e - Voice/Data 100Mb to 1Gb - 6 - Standard for gigabit
The different cable categories
ATM work
The five threat vectors
Boot record infector
16. Weakness in a system - inherent in a complex system - majority are due to poor coding - gateway by which threats are manifested
Router
Vulnerabilities
The TCP/IP model
NIDS challenges
17. Wide Area Network - Larger than MAN or LAN - uses public network - phone lines - and leased lines to tie LAN and MAN over a dispersed area
WAN
What's an easy way to test encryption?
Nmap scanning techniques
IDS data normalization
18. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection
Honeypot
Multi protocol label switching
Some firewall benefits
What categories do vulnerabilities fall into?
19. Spread as an office attachment with executable code programmed using macro facility - targets are data files - visual basic editor and other macro languages - payload executes when the code is launched
Macro virus
The session layer
COM/Script program infector
Some ways to bypass firewall protections
20. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS
MAN
The five threat vectors
The session layer
Some common TCP ports
21. A sends a SYN packet to B - B acknowledges with a SYN/ACK - A replies with ACK
3-way handshake
Types of viruses
No State Inspection ACK flag set
A blind FTP
22. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP
HIDS monitor
Types of viruses
Port scan
Shallow packet inspection
23. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules
What range is a class C network?
What threats should be protected against - based on threat levels
Snort
To establish a TCP session
24. One is for talking - one is for implementing
What categories do vulnerabilities fall into?
Remote maintenance
Router
The difference in stacks
25. The practice of sending an ACK inside another packet going to the same destination
What categories do vulnerabilities fall into?
Some honeypot advantages
ACK piggybacking
The data link layer
26. Provides insight into traffic on the network - help detect problems with network operations - provides auditing for other security measures
Group
No State Inspection ACK flag set
What primary threats should be protected against
NIDS advantages
27. packet filter firewalls rely on TCP flags to determine connection state. Attacker can send ACK packets only to bypass firewall.
Anomaly analysis work
Some disadvantages of honeypots
ACK piggybacking
No State Inspection ACK flag set
28. Stateful firewalls maintain state of traffic flows
The Uniform Protection to defense in depth
The OSI Protocol Stack
Program infector
Stateful firewall
29. keeps the same letters - but changes the position within the text - easy to break - can be combined with substitution
Some types of malicious code
Permutation
When talking about protocols and referencing layers - what stack is used
IDS data normalization
30. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously
Some reasons to use UDP over TCP
What's a VLAN
The four types of events reported by IDS
Hping
31. Handles the network address scheme and connectivity of multiple network segments. It handles communication.
The conficker worm
File Integrity checking work
Social engineering
The network layer
32. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies
EXE program infector
Stateless packet filter
Defense in depth
Trap door
33. Most common approach - firewall - VPN - intrusion detection - AV - disk encryption - all parts of the organization receive equal protection - particularly vulnerable to malicious inside attacks
Some common UDP ports
The Uniform Protection to defense in depth
Proxy or application gateway
Some common TCP ports
34. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment
Some types of malicious code
Best way to protect wireless networks
MAN
Integrity of Data
35. It handles the establishment and maintenance of connections between systems
Nmap
PAN
The session layer
The transport layer
36. Personal area network - phone tethering - bluetooth - etc
PAN
Some Pen Test techniques
Brute force
MAN
37. -Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom
Nmap
WAN
Some external threat concerns
Risk
38. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire
Parasitic malware
Some Pen Test techniques
The TCP/IP model
File Integrity checking work
39. Trivial File Transfer Protocol - method to transfer files from one device to another without needing authentication
The CIA triad
Defense in depth
TFTP
the application layer
40. Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.
Types of viruses
Trojan horse
Brute force
COM/Script program infector
41. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0
NAC
What range is a class A network?
The network layer
Buffer overflow
42. An attacker spoofs the victim's IP and sends an ICMP ECHO request to the broadcast address of a network. When every system responds - a DoS occurs.
The TCP/IP model
Some types of malicious code
The OSI model
Smurf attack
43. Outside attack from network - Outsider attack from telephone - Insider attack from local network - insider attack from local system - attack from malicious code
PAN
The five threat vectors
Types of ATM virtual circuits
Some external threat concerns
44. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process
Race conditions
Parasitic malware
Denial of service
Boot record infector
45. rules indicate criteria in packets that represent events of interest - rules are applied to packets as they are received - alerts are created when matches are found
Port scan
IDS signature analysis work
Shallow packet inspection
CIDR
46. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored
Log monitoring work?
Total cell size for asynchronous transfer mode (ATM)
SQL Slammer Worm
The three goals of security
47. 53 - DNS - 67 - BootP - 68 - BootP - 69 - TFTP - 123- NTP - 137-139 NBT - 161 - SNMP - 162 - SNMP - 2049 - NFS
Some honeypot advantages
Rotation?
Network stumbler
Some common UDP ports
48. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0
Parasitic malware
What range is a class B network?
Rotation?
Overview of TCP
49. flags anomalous conditions in traffic on the network - requires understanding on what is normal - bases good traffic as a baseline
File Integrity checking work
COM/Script program infector
What's a VLAN
Anomaly analysis work
50. destruction of data - leaking confidential information - providing backdoor access
The four basic approaches to defense in depth
Some malware capabilities
Logic bomb
DDoS attack