Test your basic knowledge |

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer






2. Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.






3. ATM supports two types of virtual circuits: permanent virtual circuits and switches virtual circuit - PVC is set up in advance - usually manually - SVC is established automatically through a signaling protocol and can be created on the fly - establis






4. Network traffic to the host - typically listens on all interface - uses signature analysis to identify events of interest






5. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire






6. Considered to be a perimeter device






7. Stateful firewalls maintain state of traffic flows






8. Protocol for mapping an IP address to a physical machine address that is recognized on the local network - A table - usually called the ARP cache - is used to maintain a correlation between each MAC and it's corresponding IP address






9. Bits of code embedded in programs to quickly gain access at a later time






10. destruction of data - leaking confidential information - providing backdoor access






11. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.






12. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored






13. Most common approach - firewall - VPN - intrusion detection - AV - disk encryption - all parts of the organization receive equal protection - particularly vulnerable to malicious inside attacks






14. TCP/IP - the IP protoco - The core routing protocol of the internet - - deals with transmission of packets between end points - defines the addressing scheme for the internet






15. Unified data carrying service - replacing from replay and ATM






16. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process






17. The Practice of sending an ACK inside another packet going to the same destination






18. 53 bytes - 48 bytes for data - 5 bytes for the header






19. It makes sure the data sent from one side to the other is in a format useful to the other side






20. Connects the physical part of the network (cables) with the abstract (packets and datastreams)






21. Confidentiality - symmetric encryption






22. Means multiple iterations won't matter. If you encrypt with a key - then re-encrypt - it's the same as using one key.






23. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum






24. True positive - false positive - true negative - false negative






25. Maintains complete TCP connection state and sequencing through 2 connections - address translation built-in by virtue of second connection above






26. It interacts with the application layer to determine which network services will be required






27. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0






28. Syn - Syn/Ack - Ack






29. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies






30. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management






31. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535






32. Infects MBR - no network spreading potential






33. Hash Authentication - asymmetric - non repudiation - digital signature - hash + asymmetry






34. A system resource that has no legitimate purpose or reason for someone to connect to it - its purpose is to draw in attackers to understand how they break into a system






35. Simple attack done by simply browsing available information that's allowed on a local network.






36. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con






37. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment






38. 1 and 2 - Voice/Low speed data - 3 - Voice/Data 10Mb - 4 - Voice/Data 16Mb - 5 - 5e - Voice/Data 100Mb to 1Gb - 6 - Standard for gigabit






39. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code






40. -Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom






41. A time of check/time of use attack that exploits the difference in between when a security control was applied and the time the service was used.






42. local area network - small network confined to small location - all equipment owned by a single entity - vulnerable to inside threats and logic bombs






43. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters






44. Weakness in a system - inherent in a complex system - majority are due to poor coding - gateway by which threats are manifested






45. CIDR is a shorthand way of specifying which portion of the address is the network - and which portion is the host






46. Combines the functionality of a hub and bride into a single device - keeps track of MACs attached to each port






47. fast - with little fidelity - examines header information and limited payload data






48. Personal area network - phone tethering - bluetooth - etc






49. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously






50. FIN 130 - ACK 131 - FIN 570 - ACK 571