Test your basic knowledge |

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS






2. Small program triggered by an event that provides an action. E.g. scheduled file removal if countdown isn't reset - ie: employee was fired






3. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring






4. Most common approach - firewall - VPN - intrusion detection - AV - disk encryption - all parts of the organization receive equal protection - particularly vulnerable to malicious inside attacks






5. 53 - DNS - 67 - BootP - 68 - BootP - 69 - TFTP - 123- NTP - 137-139 NBT - 161 - SNMP - 162 - SNMP - 2049 - NFS






6. Relies on executable code insertion and user interaction to spread






7. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously






8. Hash Authentication - asymmetric - non repudiation - digital signature - hash + asymmetry






9. Weakness in a system - inherent in a complex system - majority are due to poor coding - gateway by which threats are manifested






10. Personal area network - phone tethering - bluetooth - etc






11. Replicates traffic onto all ports - no traffic monitoring - cannot control which ports should or shouldn't receive frames - forming a large collision domain.






12. Uniform protection - protected enclaves - information centric - threat vector analysis






13. It interacts with the application layer to determine which network services will be required






14. Worms and Wireless - modems - tunnel anything through HTTP - social engineering






15. Syn - Syn/Ack - Ack






16. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS






17. logic bomb - trojan horse - trap door






18. risk = threat x vulnerability - impossible to eliminate - security is an exercise in loss reduction






19. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection






20. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored






21. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls






22. It interacts with data and prepares it to be transmitted across the network. It ensures reliable connectivity from end-to-end






23. Simplest form of a research honeypot - useful in identifying nature of TCP scans - allows attacker to complete 3-way handshake - listens on a defined port - logs incoming requests for analysis






24. Provides insight into the tactics - motives - and attacker tools






25. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535






26. A spoofed IP is used to send a SYN to the target. It then responds with a SYN/ACK that never receives the final ACK to complete the handshake. This occupies a portion of the target's pre-established buffer for TCP and can prevent the target from acce






27. When someone has compromised the integrity of data or a program. Allows attackers to create backdoors.






28. removable media - email attachments - web browsing - social networking - network vulnerabilities - IM applications - p2p






29. Confidentiality - symmetric encryption






30. Most commonly used transport protocol today - ensures reliable packet delivery - has error handling built in






31. Handles the network address scheme and connectivity of multiple network segments. It handles communication.






32. destruction of data - leaking confidential information - providing backdoor access






33. It handles the establishment and maintenance of connections between systems






34. A time of check/time of use attack that exploits the difference in between when a security control was applied and the time the service was used.






35. Very simplistic. All systems are attached to the same cable segment. Rarely used because they're unreliable - low fault tolerance - poor traffic isolation - with limited scalability






36. free windows based wireless scanner for 802.1b - detects access point settings - supports GSP integration - identifies networks as encrypted or unencrypted






37. A cracking tool inserted into the OS that allows the attacker to do as they please.






38. Good for multimedia - can use small single packets - multicasting is required - speed is the highest priority






39. A system resource that has no legitimate purpose or reason for someone to connect to it - its purpose is to draw in attackers to understand how they break into a system






40. Confidentiality - integrity - availability






41. Known - unknown - zero day






42. Used for connecting two physical segments of a network - segments traffic - breaks up collision domains - not generally used because of switches






43. Connects the physical part of the network (cables) with the abstract (packets and datastreams)






44. One is for talking - one is for implementing






45. Uses a 1 to 1 substitution of arbitrary numbers - given a one character mapping - you cannot determine the key






46. Attaches itself to existing program files and activated when the exe is launched






47. Means multiple iterations won't matter. If you encrypt with a key - then re-encrypt - it's the same as using one key.






48. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols






49. Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer






50. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP