SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. It makes sure the data sent from one side to the other is in a format useful to the other side
Overview of TCP
The four basic approaches to defense in depth
The presentation layer
Some other UDP based protocols
2. Anonymous FTP - FTP passes through clear text - Bounce attacks with the PORT command - user can cause an FTP to open a connection from the FTP's own commands and bypass a firewall
ATM work
Some FTP dangers
The physical layer stack
The session layer
3. logic bomb - trojan horse - trap door
UDP packet headers
Best way to protect wireless networks
Firewall
Some types of malicious code
4. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector
What range is a class C network?
Macro virus
The threat vector analysis in defense in depth
Network stumbler
5. Attempt to manipulate or trick a person into providing information or access - bypass network security by exploiting humans - vector is often outside attack by telephone or visitor inside
What ways should the crypto key be protected?
Hubs
Social engineering
NAC
6. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS
Some common TCP ports
Log monitoring work?
What range is a class B network?
The Uniform Protection to defense in depth
7. Replicates traffic onto all ports - no traffic monitoring - cannot control which ports should or shouldn't receive frames - forming a large collision domain.
When talking about protocols and referencing layers - what stack is used
Firewall
When setting up a virtual circuit
Hubs
8. Simple attack done by simply browsing available information that's allowed on a local network.
The TCP/IP model
Browsing attack
Some firewall benefits
When implementing protocols - what stack should be used?
9. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input
The different cable categories
The five threat vectors
File Integrity checking work
OS Command Injection defenses
10. An agreement on how different computer will work - protocols define the format and order of messages and what to do upon receipt of the messages - basically the rules of the network
A network protocol
Bridge
Network stumbler
The physical layer stack
11. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere
Bus Topology
Switches
Remote maintenance
Some honeypot advantages
12. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.
Kismet
Stateless packet filter
Smurf attack
Internet
13. local area network - small network confined to small location - all equipment owned by a single entity - vulnerable to inside threats and logic bombs
LAN
Parasitic malware
Some reasons to use TCP over UDP
The threat vector analysis in defense in depth
14. OSI
Group
Honeyd
What's a VLAN
When talking about protocols and referencing layers - what stack is used
15. One is for talking - one is for implementing
The OSI Protocol Stack
What ways should the crypto key be protected?
The difference in stacks
Address Resolution Protocol (ARP)
16. Used for connecting two physical segments of a network - segments traffic - breaks up collision domains - not generally used because of switches
Bridge
What ways should the crypto key be protected?
Wardriving
The Information Centric defense in depth
17. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS
Honeyd
PAN
LAN
Some firewall benefits
18. True positive - false positive - true negative - false negative
The four types of events reported by IDS
Switches
Ciphertext
Trap door
19. An attempt to gain access by bombarding it with guesses until the password is found.
Brute force
Rotation?
Some disadvantages of honeypots
Bus Topology
20. Small program triggered by an event that provides an action. E.g. scheduled file removal if countdown isn't reset - ie: employee was fired
A netcat listener
Browsing attack
Log monitoring work?
Logic bomb
21. Slow - requires stateful data tracking - inspects all fields - including variable-length fields
The four types of events reported by IDS
Deep packet inspection
EXE program infector
Race conditions
22. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process
File integrity checking work
The three goals of security
Denial of service
A netcat listener
23. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks
SQL Slammer Worm
Ciphertext
File Integrity checking work
Some external threat concerns
24. Message in its encrypted form
Permutation
What range is a class C network?
Shallow packet inspection
Ciphertext
25. Handles transmissions across the physical media like wires - fiber - etc
Honeyd
What primary threats should be protected against
DDoS attack
The physical layer stack
26. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con
MAN
ATM work
Group
Nmap scanning techniques
27. Intrusion detection system - it reports attacks against monitored systems/networks
Types of ATM virtual circuits
UDP packet headers
IDS
The five threat vectors
28. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies
What range is a class C network?
No State Inspection ACK flag set
Defense in depth
HIDS monitor
29. Full open - half open (stealth scan) - UDP - Ping
Firewall
Address Resolution Protocol (ARP)
The conficker worm
Nmap scanning techniques
30. 192.0.0.0 through 223.255.255.255 - subnet mask of 255.255.255.0
Checksum in UDP
The protected enclave to defense in depth
What range is a class C network?
Trap door
31. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols
What range is a class B network?
COM/Script program infector
IDS data normalization
Hping
32. flags anomalous conditions in traffic on the network - requires understanding on what is normal - bases good traffic as a baseline
The three goals of security
Anomaly analysis work
UDP packet headers
The Information Centric defense in depth
33. Connects the physical part of the network (cables) with the abstract (packets and datastreams)
Router
The physical layer stack
The data link layer
Buffer overflow
34. Confidentiality - symmetric encryption
Multi protocol label switching
the application layer
The transport layer
The goals of cryptography
35. 53 bytes - 48 bytes for data - 5 bytes for the header
Ack Piggybacking
Total cell size for asynchronous transfer mode (ATM)
Switches
Some reasons to use TCP over UDP
36. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code
Remote maintenance
Boot record infector
Overview of TCP
EXE program infector
37. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters
MAN
Some firewall benefits
IDS not
Rotation?
38. It interacts with the application layer to determine which network services will be required
Smurf attack
The physical layer stack
SQL Slammer Worm
the application layer
39. An attacker recruits zombie systems ahead of time to simultaneously release a flood of traffic at a specific target.
The transport layer
File Integrity checking work
Race conditions
DDoS attack
40. Attacks systems through known vulnerabilities - automatically scans for more systems to attack - lowers system defenses - installs rootkit or root shell - opens up back doors - self contained malware that can copy itself
Macro virus
Address Resolution Protocol (ARP)
Worms
Snort
41. A spoofed IP is used to send a SYN to the target. It then responds with a SYN/ACK that never receives the final ACK to complete the handshake. This occupies a portion of the target's pre-established buffer for TCP and can prevent the target from acce
SYN flood
The threat vector analysis in defense in depth
The five threat vectors
Plaintext
42. Stateful firewalls maintain state of traffic flows
Nmap scanning techniques
Stateful firewall
Program infector
Race conditions
43. Good for multimedia - can use small single packets - multicasting is required - speed is the highest priority
Kismet
What range is a class B network?
Some reasons to use UDP over TCP
Anomaly analysis work
44. Worms and Wireless - modems - tunnel anything through HTTP - social engineering
Some external threat concerns
Rootkit
Some ways to bypass firewall protections
What categories do vulnerabilities fall into?
45. rules indicate criteria in packets that represent events of interest - rules are applied to packets as they are received - alerts are created when matches are found
The difference in stacks
Nmap
IDS signature analysis work
A netcat listener
46. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules
Plaintext
File Integrity checking work
A blind FTP
Snort
47. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously
The threat vector analysis in defense in depth
Wardriving
When implementing protocols - what stack should be used?
Hping
48. Weakness in a system - inherent in a complex system - majority are due to poor coding - gateway by which threats are manifested
Some malware capabilities
Vulnerabilities
A netmask
Types of viruses
49. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.
Buffer overflow
Switches
To establish a TCP session
Log monitoring work?
50. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0
The session layer
Program infector
What range is a class A network?
Best way to protect wireless networks
