SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. FIN 130 - ACK 131 - FIN 570 - ACK 571
The OSI Protocol Stack
The presentation layer
To close a TCP session
Some FTP dangers
2. Malware - insider threat - natural disaster - terrorism - pandemic
WAN
Some disadvantages of honeypots
What primary threats should be protected against
Remote maintenance
3. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.
Some malware capabilities
Stateless packet filter
Trojan horse
Some FTP dangers
4. Publish separate mail - web - and DNS servers to the internet - provide appropriate access from internal network to internet - protect internal from external attack - provide defense in depth - protect all aspects of the system
Trap door
Some reasons to use UDP over TCP
Some network design objectives
Race conditions
5. Netmasks or subnets provide a method for identifying what portion of an address is the network - and what portion is the host
A netmask
What's a VLAN
To close a TCP session
Port scan
6. Prepends to the beginning of the file and gains control when the first instruction of the infected COM file is executed - appending to the end - virus writes its payload to the end and inserts jump instruction as the first instruction - which execute
Program infector
Honeyd
COM/Script program infector
A blind FTP
7. Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer
NIDS challenges
Address resolution protocol
The OSI Protocol Stack
The OSI model
8. It interacts with the application layer to determine which network services will be required
Types of ATM virtual circuits
What's an easy way to test encryption?
the application layer
What range is a class C network?
9. -Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom
The network layer
Some external threat concerns
Browsing attack
Rotation?
10. Known - unknown - zero day
Shallow packet inspection
What categories do vulnerabilities fall into?
File Integrity checking work
Some common TCP ports
11. Provides insight into the tactics - motives - and attacker tools
TFTP
Race conditions
Hubs
Some honeypot advantages
12. Network scanner.
The three goals of security
Asynchronous Transfer Mode
Address Resolution Protocol (ARP)
Nmap
13. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input
The conficker worm
Datagram length of a UDP packet
The five threat vectors
OS Command Injection defenses
14. Uses flow control to handle network congestion - can send larger amounts of data per packet - has guaranteed delivery of transmitted data - better protection against spoofing - reduces need for error checking at higher OSI layers
Hping
Some reasons to use TCP over UDP
Some Pen Test techniques
The session layer
15. It interacts with data and prepares it to be transmitted across the network. It ensures reliable connectivity from end-to-end
WAN
The transport layer
The data link layer
When implementing protocols - what stack should be used?
16. Anonymous FTP - FTP passes through clear text - Bounce attacks with the PORT command - user can cause an FTP to open a connection from the FTP's own commands and bypass a firewall
A netcat listener
NIDS challenges
Some FTP dangers
Permutation
17. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.
Alteration of code
When implementing protocols - what stack should be used?
Buffer overflow
What's an easy way to test encryption?
18. Handles transmissions across the physical media like wires - fiber - etc
Arbitrary substitution
Datagram length of a UDP packet
Nmap
The physical layer stack
19. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies
Defense in depth
Types of ATM virtual circuits
The different cable categories
CIDR
20. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP
Smurf attack
What categories do vulnerabilities fall into?
Port scan
The four types of events reported by IDS
21. Infected millions through various methods - vulnerability in the MS Server Service - brute force admin password through network shares - infect removable devices with a malicious autorun script
Denial of service
The conficker worm
Router
Defense in depth
22. Isolates systems when they initially connect to the network - allows systems to be scanned and checked prior to being put on a trusted segment
IDS data normalization
NAC
Nmap scanning techniques
CIDR
23. Protocol for mapping an IP address to a physical machine address that is recognized on the local network. A table - usually called the ARP cache - is used to maintain a correlation between each MAC and its corresponding IP address
OS Command Injection defenses
When talking about protocols and referencing layers - what stack is used
Address resolution protocol
Browsing attack
24. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability
Some other UDP based protocols
Parasitic malware
Race conditions
Some disadvantages of honeypots
25. ATM supports two types of virtual circuits: permanent virtual circuits and switches virtual circuit - PVC is set up in advance - usually manually - SVC is established automatically through a signaling protocol and can be created on the fly - establis
Types of ATM virtual circuits
Risk
NAC
Wardriving
26. When someone has compromised the integrity of data or a program. Allows attackers to create backdoors.
Race conditions
Program infector
Hping
Alteration of code
27. An appliance that controls access between public internet and a companies private network - or between a PC NIC and the rest of the PC.
Some malware propagation techniques
Firewall
Nmap
Honeyd
28. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls
COM/Script program infector
Some firewall challenges
Some honeypot advantages
What categories do vulnerabilities fall into?
29. War dialing - war driving - Sniffing - eavesdropping - dumpster diving - social engineering
Router
Some Pen Test techniques
Network stumbler
A blind FTP
30. Allows segmentation of a switch into different networks - regardless of where a system is plugged in - creates separate networks through software not hardware
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
31. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management
The goals of cryptography
CIDR
A netcat listener
NIDS challenges
32. Attacks systems through known vulnerabilities - automatically scans for more systems to attack - lowers system defenses - installs rootkit or root shell - opens up back doors - self contained malware that can copy itself
What range is a class A network?
Honeypot
Worms
The difference in stacks
33. Very simplistic. All systems are attached to the same cable segment. Rarely used because they're unreliable - low fault tolerance - poor traffic isolation - with limited scalability
Some ways to bypass firewall protections
Bus Topology
EXE program infector
Overview of TCP
34. Spread as an office attachment with executable code programmed using macro facility - targets are data files - visual basic editor and other macro languages - payload executes when the code is launched
Macro virus
Alteration of code
ACK piggybacking
The Uniform Protection to defense in depth
35. Relies on executable code insertion and user interaction to spread
Multi protocol label switching
WAN
Parasitic malware
Bus Topology
36. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection
Permutation
IDS
Some external threat concerns
Some firewall benefits
37. 53 - DNS - 67 - BootP - 68 - BootP - 69 - TFTP - 123- NTP - 137-139 NBT - 161 - SNMP - 162 - SNMP - 2049 - NFS
When talking about protocols and referencing layers - what stack is used
Some common UDP ports
Group
Stateless packet filter
38. Going around with equipment to detect wireless networks
Some Pen Test techniques
Firewall
Bus Topology
Wardriving
39. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules
Snort
Alteration of code
When setting up a virtual circuit
The conficker worm
40. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum
Defense in depth
File integrity checking work
UDP packet headers
Honeypot
41. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols
UDP packet headers
The CIA triad
IDS data normalization
The OSI model
42. Message in its encrypted form
The network layer
ATM work
UDP packet headers
Ciphertext
43. Free linux WLAN analysis tool - completely passive - cannot be detected - supports advanced GPS integration and mapping features - used for wardriving - WLAN vulerability assessment
Kismet
Switches
Best way to protect wireless networks
Trojan horse
44. destruction of data - leaking confidential information - providing backdoor access
Some malware capabilities
Router
Defense in depth
Arbitrary substitution
45. Replicates traffic onto all ports - no traffic monitoring - cannot control which ports should or shouldn't receive frames - forming a large collision domain.
Deep packet inspection
Hubs
Parasitic malware
Address Resolution Protocol (ARP)
46. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535
3-way handshake
MAN
Datagram length of a UDP packet
The protected enclave to defense in depth
47. packet filter firewalls rely on TCP flags to determine connection state. Attacker can send ACK packets only to bypass firewall.
No State Inspection ACK flag set
Group
Some ways to bypass firewall protections
TFTP
48. A cracking tool inserted into the OS that allows the attacker to do as they please.
ACK piggybacking
Network stumbler
CIDR
Rootkit
49. Handles the network address scheme and connectivity of multiple network segments. It handles communication.
The network layer
Nmap scanning techniques
Race conditions
Some network design objectives
50. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters
Rotation?
Bridge
Some malware capabilities
Parasitic malware