Test your basic knowledge |

GIAC

Subjects : certifications, giac, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS
Bus Topology
Some common TCP ports
Brute force
Checksum in UDP

2. Small program triggered by an event that provides an action. E.g. scheduled file removal if countdown isn't reset - ie: employee was fired
Logic bomb
The network layer
Address Resolution Protocol (ARP)
Some firewall benefits

3. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring
Some reasons to use TCP over UDP
Some external threat concerns
Some NIDS topology limitations
Bus Topology

4. Most common approach - firewall - VPN - intrusion detection - AV - disk encryption - all parts of the organization receive equal protection - particularly vulnerable to malicious inside attacks
What categories do vulnerabilities fall into?
The Uniform Protection to defense in depth
Some disadvantages of honeypots
Trap door

5. 53 - DNS - 67 - BootP - 68 - BootP - 69 - TFTP - 123- NTP - 137-139 NBT - 161 - SNMP - 162 - SNMP - 2049 - NFS
Some common UDP ports
Trap door
Bus Topology
The OSI Protocol Stack

6. Relies on executable code insertion and user interaction to spread
Parasitic malware
Social engineering
Switches
Checksum in UDP

7. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously
COM/Script program infector
The data link layer
Anomaly analysis work
Hping

8. Hash Authentication - asymmetric - non repudiation - digital signature - hash + asymmetry
Some common UDP ports
NIDS challenges
Integrity of Data
Datagram length of a UDP packet

9. Weakness in a system - inherent in a complex system - majority are due to poor coding - gateway by which threats are manifested
Switches
3-way handshake
Vulnerabilities
File integrity checking work

10. Personal area network - phone tethering - bluetooth - etc
PAN
Hping
Some Pen Test techniques
Port scan

11. Replicates traffic onto all ports - no traffic monitoring - cannot control which ports should or shouldn't receive frames - forming a large collision domain.
No State Inspection ACK flag set
Hubs
Browsing attack
Checksum in UDP

12. Uniform protection - protected enclaves - information centric - threat vector analysis
When setting up a virtual circuit
The four basic approaches to defense in depth
Social engineering
Shallow packet inspection

13. It interacts with the application layer to determine which network services will be required
the application layer
Some firewall challenges
Router
Boot record infector

14. Worms and Wireless - modems - tunnel anything through HTTP - social engineering
Some ways to bypass firewall protections
WAN
DDoS attack
Some NIDS topology limitations

15. Syn - Syn/Ack - Ack
To establish a TCP session
IDS signature analysis work
What's a VLAN
Some reasons to use UDP over TCP

16. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS
Honeyd
Defense in depth
Multi protocol label switching
Some FTP dangers

17. logic bomb - trojan horse - trap door
Honeyd
Some types of malicious code
Denial of service
The CIA triad

18. risk = threat x vulnerability - impossible to eliminate - security is an exercise in loss reduction
The OSI model
Risk
File Integrity checking work
Race conditions

19. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection
The Information Centric defense in depth
Some firewall benefits
Stateless packet filter
Nmap scanning techniques

20. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored
Log monitoring work?
Boot record infector
Anomaly analysis work
PAN

21. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls
The OSI model
Datagram length of a UDP packet
Some firewall challenges
File Integrity checking work

22. It interacts with data and prepares it to be transmitted across the network. It ensures reliable connectivity from end-to-end
To close a TCP session
IDS not
The transport layer
When implementing protocols - what stack should be used?

23. Simplest form of a research honeypot - useful in identifying nature of TCP scans - allows attacker to complete 3-way handshake - listens on a defined port - logs incoming requests for analysis
Some NIDS topology limitations
Integrity of Data
A netcat listener
File Integrity checking work

24. Provides insight into the tactics - motives - and attacker tools
Some honeypot advantages
Logic bomb
Macro virus
Bridge

25. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535
Datagram length of a UDP packet
The TCP/IP model
Logic bomb
What categories do vulnerabilities fall into?

26. A spoofed IP is used to send a SYN to the target. It then responds with a SYN/ACK that never receives the final ACK to complete the handshake. This occupies a portion of the target's pre-established buffer for TCP and can prevent the target from acce
SYN flood
Network stumbler
Some network design objectives
Program infector

27. When someone has compromised the integrity of data or a program. Allows attackers to create backdoors.
The four basic approaches to defense in depth
Smurf attack
Alteration of code
ACK piggybacking

28. removable media - email attachments - web browsing - social networking - network vulnerabilities - IM applications - p2p
Some malware propagation techniques
Some NIDS topology limitations
COM/Script program infector
Plaintext

29. Confidentiality - symmetric encryption
Browsing attack
To close a TCP session
IDS
The goals of cryptography

30. Most commonly used transport protocol today - ensures reliable packet delivery - has error handling built in
IDS
Overview of TCP
Buffer overflow
Best way to protect wireless networks

31. Handles the network address scheme and connectivity of multiple network segments. It handles communication.
The network layer
Honeyd
Brute force
A blind FTP

32. destruction of data - leaking confidential information - providing backdoor access
Some reasons to use TCP over UDP
Some malware capabilities
Browsing attack
What range is a class C network?

33. It handles the establishment and maintenance of connections between systems
Some common UDP ports
Some common TCP ports
Some malware propagation techniques
The session layer

34. A time of check/time of use attack that exploits the difference in between when a security control was applied and the time the service was used.
Race conditions
The network layer
Log monitoring work?
Some reasons to use TCP over UDP

35. Very simplistic. All systems are attached to the same cable segment. Rarely used because they're unreliable - low fault tolerance - poor traffic isolation - with limited scalability
Bus Topology
Trap door
Types of viruses
Race conditions

36. free windows based wireless scanner for 802.1b - detects access point settings - supports GSP integration - identifies networks as encrypted or unencrypted
Network stumbler
Shallow packet inspection
Vulnerabilities
The threat vector analysis in defense in depth

37. A cracking tool inserted into the OS that allows the attacker to do as they please.
Rootkit
Multi protocol label switching
A netmask
the application layer

38. Good for multimedia - can use small single packets - multicasting is required - speed is the highest priority
Some reasons to use UDP over TCP
The four types of events reported by IDS
DDoS attack
Stateless packet filter

39. A system resource that has no legitimate purpose or reason for someone to connect to it - its purpose is to draw in attackers to understand how they break into a system
Honeypot
Some common UDP ports
The goals of cryptography
Permutation

40. Confidentiality - integrity - availability
Some firewall challenges
The OSI Protocol Stack
What categories do vulnerabilities fall into?
The three goals of security

41. Known - unknown - zero day
Nmap
What categories do vulnerabilities fall into?
The four types of events reported by IDS
Some firewall benefits

42. Used for connecting two physical segments of a network - segments traffic - breaks up collision domains - not generally used because of switches
File Integrity checking work
The conficker worm
CIDR
Bridge

43. Connects the physical part of the network (cables) with the abstract (packets and datastreams)
Brute force
The data link layer
Social engineering
Wardriving

44. One is for talking - one is for implementing
Race conditions
The conficker worm
The difference in stacks
Risk

45. Uses a 1 to 1 substitution of arbitrary numbers - given a one character mapping - you cannot determine the key
Arbitrary substitution
SYN flood
Switches
A network protocol

46. Attaches itself to existing program files and activated when the exe is launched
The protected enclave to defense in depth
Program infector
Some firewall challenges
Datagram length of a UDP packet

47. Means multiple iterations won't matter. If you encrypt with a key - then re-encrypt - it's the same as using one key.
Logic bomb
NIDS challenges
Rootkit
Group

48. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols
A netmask
IDS data normalization
The Uniform Protection to defense in depth
ACK piggybacking

49. Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer
WAN
The three goals of security
The OSI model
Hping

50. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP
Some network design objectives
Some firewall benefits
Internet
Port scan