SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Malware - insider threat - natural disaster - terrorism - pandemic
IDS not
Buffer overflow
What primary threats should be protected against
Nmap scanning techniques
2. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored
Risk
The conficker worm
Log monitoring work?
The transport layer
3. Message in its encrypted form
To establish a TCP session
Ciphertext
What range is a class B network?
Datagram length of a UDP packet
4. NTP - BootP/DHCP - NFS file systems - SNMP - TFTP
Some other UDP based protocols
Permutation
Risk
Datagram length of a UDP packet
5. Stateful firewalls maintain state of traffic flows
Denial of service
Proxy or application gateway
Stateful firewall
Rotation?
6. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability
Vulnerabilities
Permutation
The session layer
Some disadvantages of honeypots
7. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum
Datagram length of a UDP packet
UDP packet headers
Best way to protect wireless networks
EXE program infector
8. Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.
MAN
Ack Piggybacking
Trojan horse
The CIA triad
9. Work groups that require additional protection are segmented from the rest of the internal organization - restricting access to critical segments - system of VPNs - internal firewall - VLANs and ACLs
Firewall
Overview of TCP
The protected enclave to defense in depth
Some firewall benefits
10. OSI
Social engineering
When talking about protocols and referencing layers - what stack is used
The threat vector analysis in defense in depth
The data link layer
11. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code
The Uniform Protection to defense in depth
UDP packet headers
IDS data normalization
EXE program infector
12. Netmasks or subnets provide a method for identifying what portion of an address is the network - and what portion is the host
Address Resolution Protocol (ARP)
Program infector
The four basic approaches to defense in depth
A netmask
13. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS
Denial of service
PAN
Honeyd
Risk
14. Protocol for mapping an IP address to a physical machine address that is recognized on the local network - A table - usually called the ARP cache - is used to maintain a correlation between each MAC and it's corresponding IP address
Hubs
Address Resolution Protocol (ARP)
Integrity of Data
Nmap
15. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment
Alteration of code
PAN
What primary threats should be protected against
Best way to protect wireless networks
16. A system resource that has no legitimate purpose or reason for someone to connect to it - its purpose is to draw in attackers to understand how they break into a system
Honeypot
Alteration of code
Deep packet inspection
CIDR
17. One is for talking - one is for implementing
The difference in stacks
Trap door
Boot record infector
What ways should the crypto key be protected?
18. 192.0.0.0 through 223.255.255.255 - subnet mask of 255.255.255.0
What range is a class C network?
NIDS challenges
The five threat vectors
The transport layer
19. Identify critical assets and provide layered protection - data is accessed by applications - applications reside on hosts - hosts operate on networks
The Information Centric defense in depth
Anomaly analysis work
The TCP/IP model
IDS
20. It interacts with the application layer to determine which network services will be required
the application layer
Program infector
Rotation?
Permutation
21. Prepends to the beginning of the file and gains control when the first instruction of the infected COM file is executed - appending to the end - virus writes its payload to the end and inserts jump instruction as the first instruction - which execute
Risk
COM/Script program infector
IDS
A network protocol
22. Connects many WANs - MANs - and LANs - provided via ISP
Overview of TCP
Asynchronous Transfer Mode
Internet
To establish a TCP session
23. 1 and 2 - Voice/Low speed data - 3 - Voice/Data 10Mb - 4 - Voice/Data 16Mb - 5 - 5e - Voice/Data 100Mb to 1Gb - 6 - Standard for gigabit
UDP packet headers
The different cable categories
Log monitoring work?
To establish a TCP session
24. Infected millions through various methods - vulnerability in the MS Server Service - brute force admin password through network shares - infect removable devices with a malicious autorun script
Browsing attack
DDoS attack
The conficker worm
NIDS advantages
25. Unencrypted message in its original form
The five threat vectors
NIDS advantages
Plaintext
Switches
26. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0
What range is a class B network?
IDS
A network protocol
War Dialing
27. Considered to be a perimeter device
Some firewall benefits
Router
Macro virus
When setting up a virtual circuit
28. Anonymous FTP - FTP passes through clear text - Bounce attacks with the PORT command - user can cause an FTP to open a connection from the FTP's own commands and bypass a firewall
Some FTP dangers
COM/Script program infector
Bridge
Trojan horse
29. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input
Types of ATM virtual circuits
The data link layer
File integrity checking work
OS Command Injection defenses
30. It allows the transport layer to detect when the UDP headers or the payload have been modified in transit
Some Pen Test techniques
Checksum in UDP
What threats should be protected against - based on threat levels
When implementing protocols - what stack should be used?
31. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management
The three goals of security
Bridge
NIDS challenges
WAN
32. Attaches itself to existing program files and activated when the exe is launched
The OSI model
Program infector
NAC
The four basic approaches to defense in depth
33. Going around with equipment to detect wireless networks
War Dialing
Boot record infector
Wardriving
File integrity checking work
34. Provides insight into the tactics - motives - and attacker tools
Nmap scanning techniques
SYN flood
Some honeypot advantages
Defense in depth
35. Metropolitan area network - spans across city or town - larger than a LAN - uses fiber for backbone
Plaintext
Vulnerabilities
MAN
Boot record infector
36. It makes sure the data sent from one side to the other is in a format useful to the other side
What primary threats should be protected against
What range is a class B network?
The presentation layer
To establish a TCP session
37. Outside attack from network - Outsider attack from telephone - Insider attack from local network - insider attack from local system - attack from malicious code
No State Inspection ACK flag set
The five threat vectors
Some reasons to use UDP over TCP
Boot record infector
38. Unified data carrying service - replacing from replay and ATM
The five threat vectors
Multi protocol label switching
COM/Script program infector
Rootkit
39. Trying to ID modems in a telephone exchange that may be susceptible to compromise
What threats should be protected against - based on threat levels
IDS
To close a TCP session
War Dialing
40. Publish separate mail - web - and DNS servers to the internet - provide appropriate access from internal network to internet - protect internal from external attack - provide defense in depth - protect all aspects of the system
MAN
Some network design objectives
NIDS challenges
SYN flood
41. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS
The protected enclave to defense in depth
Some common TCP ports
ATM work
The OSI Protocol Stack
42. 53 - DNS - 67 - BootP - 68 - BootP - 69 - TFTP - 123- NTP - 137-139 NBT - 161 - SNMP - 162 - SNMP - 2049 - NFS
The protected enclave to defense in depth
Some common UDP ports
Types of ATM virtual circuits
Checksum in UDP
43. Handles transmissions across the physical media like wires - fiber - etc
The physical layer stack
Alteration of code
Internet
Address resolution protocol
44. An attacker spoofs the victim's IP and sends an ICMP ECHO request to the broadcast address of a network. When every system responds - a DoS occurs.
OS Command Injection defenses
Honeypot
Smurf attack
The OSI model
45. destruction of data - leaking confidential information - providing backdoor access
The CIA triad
Some malware capabilities
Checksum in UDP
What range is a class C network?
46. Free linux WLAN analysis tool - completely passive - cannot be detected - supports advanced GPS integration and mapping features - used for wardriving - WLAN vulerability assessment
Bus Topology
When talking about protocols and referencing layers - what stack is used
The threat vector analysis in defense in depth
Kismet
47. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection
Asynchronous Transfer Mode
Anomaly analysis work
Browsing attack
Some firewall benefits
48. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring
The data link layer
Some NIDS topology limitations
EXE program infector
What primary threats should be protected against
49. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.
Some NIDS topology limitations
Buffer overflow
Proxy or application gateway
War Dialing
50. An attacker recruits zombie systems ahead of time to simultaneously release a flood of traffic at a specific target.
Logic bomb
UDP packet headers
COM/Script program infector
DDoS attack