Test your basic knowledge |

GIAC

Subjects : certifications, giac, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Publish separate mail - web - and DNS servers to the internet - provide appropriate access from internal network to internet - protect internal from external attack - provide defense in depth - protect all aspects of the system
Some network design objectives
The five threat vectors
Rotation?
Proxy or application gateway

2. Handles transmissions across the physical media like wires - fiber - etc
Boot record infector
The transport layer
The physical layer stack
The four basic approaches to defense in depth

3. Confidentiality - integrity - availability
NIDS challenges
IDS data normalization
The three goals of security
LAN

4. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored
Some FTP dangers
Log monitoring work?
Address Resolution Protocol (ARP)
The session layer

5. It makes sure the data sent from one side to the other is in a format useful to the other side
Switches
The presentation layer
Rotation?
File Integrity checking work

6. removable media - email attachments - web browsing - social networking - network vulnerabilities - IM applications - p2p
EXE program infector
Some NIDS topology limitations
The CIA triad
Some malware propagation techniques

7. When someone has compromised the integrity of data or a program. Allows attackers to create backdoors.
Alteration of code
Bus Topology
Stateful firewall
Some firewall challenges

8. An agreement on how different computer will work - protocols define the format and order of messages and what to do upon receipt of the messages - basically the rules of the network
IDS
Group
To close a TCP session
A network protocol

9. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols
IDS data normalization
Multi protocol label switching
Bus Topology
Social engineering

10. Infects MBR - no network spreading potential
UDP packet headers
Boot record infector
The Uniform Protection to defense in depth
Anomaly analysis work

11. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code
Remote maintenance
EXE program infector
Vulnerabilities
Internet

12. Not frequently seen on LANs because of expense - because of its traffic predictability and high bandwidth support - it's good for video streaming - encapsulates common protocols - uses virtual path identifiers to create end to end connectivity - has
Asynchronous Transfer Mode
Integrity of Data
Log monitoring work?
NAC

13. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP
The physical layer stack
The Uniform Protection to defense in depth
The data link layer
Port scan

14. Slow - requires stateful data tracking - inspects all fields - including variable-length fields
Network stumbler
Deep packet inspection
Hping
The Information Centric defense in depth

15. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.
Buffer overflow
Overview of TCP
Some common UDP ports
The threat vector analysis in defense in depth

16. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process
Denial of service
The five threat vectors
Some honeypot advantages
The three goals of security

17. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls
A network protocol
MAN
Hubs
Some firewall challenges

18. Prepends to the beginning of the file and gains control when the first instruction of the infected COM file is executed - appending to the end - virus writes its payload to the end and inserts jump instruction as the first instruction - which execute
Some honeypot advantages
IDS
COM/Script program infector
Alteration of code

19. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks
EXE program infector
SQL Slammer Worm
Race conditions
Parasitic malware

20. An attacker recruits zombie systems ahead of time to simultaneously release a flood of traffic at a specific target.
The conficker worm
DDoS attack
Rootkit
SYN flood

21. Parasitic malware - boot record infector - macro - COM/Script program infector - EXE program infector
When setting up a virtual circuit
Address resolution protocol
Some reasons to use UDP over TCP
Types of viruses

22. Simplest form of a research honeypot - useful in identifying nature of TCP scans - allows attacker to complete 3-way handshake - listens on a defined port - logs incoming requests for analysis
Honeyd
Anomaly analysis work
Address resolution protocol
A netcat listener

23. It interacts with the application layer to determine which network services will be required
Some disadvantages of honeypots
the application layer
Some types of malicious code
Some malware capabilities

24. Good for multimedia - can use small single packets - multicasting is required - speed is the highest priority
Rotation?
What's an easy way to test encryption?
Brute force
Some reasons to use UDP over TCP

25. rules indicate criteria in packets that represent events of interest - rules are applied to packets as they are received - alerts are created when matches are found
Shallow packet inspection
IDS data normalization
Some honeypot advantages
IDS signature analysis work

26. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability
Some disadvantages of honeypots
Some external threat concerns
What ways should the crypto key be protected?
The presentation layer

27. An appliance that controls access between public internet and a companies private network - or between a PC NIC and the rest of the PC.
The difference in stacks
Log monitoring work?
Firewall
SYN flood

28. Identify critical assets and provide layered protection - data is accessed by applications - applications reside on hosts - hosts operate on networks
The Information Centric defense in depth
Hubs
Risk
What's a VLAN

29. Four layers - Network Layer - Internet Layer - Transport Layer - Application layer
Total cell size for asynchronous transfer mode (ATM)
A network protocol
The session layer
The TCP/IP model

30. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously
A blind FTP
Some ways to bypass firewall protections
Hping
Parasitic malware

31. Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer
File Integrity checking work
Worms
The OSI model
Some reasons to use UDP over TCP

32. 1. physical 2. data 3. network 4. transport 5. session 6. presentation 7. application
Some other UDP based protocols
The OSI Protocol Stack
Log monitoring work?
Denial of service

33. Syn - Syn/Ack - Ack
ATM work
To establish a TCP session
What range is a class A network?
Wardriving

34. Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.
Honeyd
Buffer overflow
Trojan horse
The CIA triad

35. Metropolitan area network - spans across city or town - larger than a LAN - uses fiber for backbone
Port scan
The OSI model
MAN
The transport layer

36. An FTP that allows downloads only if the user knows the exact name of the file they're looking for
A netmask
A blind FTP
Logic bomb
Overview of TCP

37. Protocol for mapping an IP address to a physical machine address that is recognized on the local network. A table - usually called the ARP cache - is used to maintain a correlation between each MAC and its corresponding IP address
Snort
Program infector
Deep packet inspection
Address resolution protocol

38. Confidentiality - integrity - availability
Some common TCP ports
Some disadvantages of honeypots
The CIA triad
Deep packet inspection

39. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere
Address Resolution Protocol (ARP)
The protected enclave to defense in depth
The data link layer
Remote maintenance

40. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.
Stateless packet filter
ACK piggybacking
When implementing protocols - what stack should be used?
The transport layer

41. Known - unknown - zero day
What ways should the crypto key be protected?
The OSI model
Rotation?
What categories do vulnerabilities fall into?

42. Free linux WLAN analysis tool - completely passive - cannot be detected - supports advanced GPS integration and mapping features - used for wardriving - WLAN vulerability assessment
IDS signature analysis work
To close a TCP session
Kismet
The goals of cryptography

43. Unified data carrying service - replacing from replay and ATM
Types of viruses
Multi protocol label switching
Trap door
IDS

44. It handles the establishment and maintenance of connections between systems
Denial of service
Buffer overflow
The OSI model
The session layer

45. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management
The network layer
Boot record infector
NIDS challenges
Program infector

46. 192.0.0.0 through 223.255.255.255 - subnet mask of 255.255.255.0
The session layer
Boot record infector
What range is a class A network?
What range is a class C network?

47. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0
What range is a class A network?
Datagram length of a UDP packet
Kismet
Some malware capabilities

48. Connects the physical part of the network (cables) with the abstract (packets and datastreams)
Types of ATM virtual circuits
What ways should the crypto key be protected?
The data link layer
Some malware capabilities

49. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring
The Information Centric defense in depth
Some NIDS topology limitations
The four types of events reported by IDS
A blind FTP

50. flags anomalous conditions in traffic on the network - requires understanding on what is normal - bases good traffic as a baseline
Anomaly analysis work
The goals of cryptography
Some external threat concerns
IDS data normalization