Test your basic knowledge |

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Connects many WANs - MANs - and LANs - provided via ISP






2. Personal area network - phone tethering - bluetooth - etc






3. Full open - half open (stealth scan) - UDP - Ping






4. A system resource that has no legitimate purpose or reason for someone to connect to it - its purpose is to draw in attackers to understand how they break into a system






5. Bits of code embedded in programs to quickly gain access at a later time






6. Known - unknown - zero day






7. Spread as an office attachment with executable code programmed using macro facility - targets are data files - visual basic editor and other macro languages - payload executes when the code is launched






8. Handles transmissions across the physical media like wires - fiber - etc






9. One is for talking - one is for implementing






10. Four layers - Network Layer - Internet Layer - Transport Layer - Application layer






11. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.






12. destruction of data - leaking confidential information - providing backdoor access






13. Relies on executable code insertion and user interaction to spread






14. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum






15. flags anomalous conditions in traffic on the network - requires understanding on what is normal - bases good traffic as a baseline






16. Provides insight into traffic on the network - help detect problems with network operations - provides auditing for other security measures






17. Switches along the path can be requested to allocate the desired amount of bandwidth. If the circuit has the required bandwidth - the circuit is set up.






18. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector






19. A spoofed IP is used to send a SYN to the target. It then responds with a SYN/ACK that never receives the final ACK to complete the handshake. This occupies a portion of the target's pre-established buffer for TCP and can prevent the target from acce






20. Malware - insider threat - natural disaster - terrorism - pandemic






21. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.






22. Maintains complete TCP connection state and sequencing through 2 connections - address translation built-in by virtue of second connection above






23. NTP - BootP/DHCP - NFS file systems - SNMP - TFTP






24. Unencrypted message in its original form






25. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols






26. TCP/IP - the IP protoco - The core routing protocol of the internet - - deals with transmission of packets between end points - defines the addressing scheme for the internet






27. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring






28. Message in its encrypted form






29. Trivial File Transfer Protocol - method to transfer files from one device to another without needing authentication






30. A sends a SYN packet to B - B acknowledges with a SYN/ACK - A replies with ACK






31. FIN 130 - ACK 131 - FIN 570 - ACK 571






32. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS






33. Infects MBR - no network spreading potential






34. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored






35. 1. physical 2. data 3. network 4. transport 5. session 6. presentation 7. application






36. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process






37. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input






38. Means multiple iterations won't matter. If you encrypt with a key - then re-encrypt - it's the same as using one key.






39. Wide Area Network - Larger than MAN or LAN - uses public network - phone lines - and leased lines to tie LAN and MAN over a dispersed area






40. It interacts with the application layer to determine which network services will be required






41. Network traffic to the host - typically listens on all interface - uses signature analysis to identify events of interest






42. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS






43. Considered to be a perimeter device






44. packet filter firewalls rely on TCP flags to determine connection state. Attacker can send ACK packets only to bypass firewall.






45. Protected at rest - protected in transit - secure the key






46. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535






47. risk = threat x vulnerability - impossible to eliminate - security is an exercise in loss reduction






48. Confidentiality - integrity - availability






49. local area network - small network confined to small location - all equipment owned by a single entity - vulnerable to inside threats and logic bombs






50. Simplest form of a research honeypot - useful in identifying nature of TCP scans - allows attacker to complete 3-way handshake - listens on a defined port - logs incoming requests for analysis