SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Stateful firewalls maintain state of traffic flows
What range is a class C network?
Types of ATM virtual circuits
COM/Script program infector
Stateful firewall
2. Malware - insider threat - natural disaster - terrorism - pandemic
What primary threats should be protected against
The four types of events reported by IDS
Plaintext
Some malware capabilities
3. removable media - email attachments - web browsing - social networking - network vulnerabilities - IM applications - p2p
Some firewall benefits
Some malware propagation techniques
Address resolution protocol
ACK piggybacking
4. Means multiple iterations won't matter. If you encrypt with a key - then re-encrypt - it's the same as using one key.
What range is a class A network?
What ways should the crypto key be protected?
Group
Brute force
5. Infected millions through various methods - vulnerability in the MS Server Service - brute force admin password through network shares - infect removable devices with a malicious autorun script
Integrity of Data
Hubs
The conficker worm
The four types of events reported by IDS
6. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols
Group
Some FTP dangers
IDS data normalization
TFTP
7. An attacker recruits zombie systems ahead of time to simultaneously release a flood of traffic at a specific target.
DDoS attack
The session layer
A netcat listener
Honeypot
8. Simple attack done by simply browsing available information that's allowed on a local network.
IDS data normalization
Browsing attack
Ciphertext
The three goals of security
9. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously
What categories do vulnerabilities fall into?
What threats should be protected against - based on threat levels
Plaintext
Hping
10. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules
Some NIDS topology limitations
Race conditions
The OSI model
Snort
11. Personal area network - phone tethering - bluetooth - etc
Proxy or application gateway
The Uniform Protection to defense in depth
PAN
Honeypot
12. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire
A network protocol
NIDS advantages
What range is a class B network?
File Integrity checking work
13. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls
What threats should be protected against - based on threat levels
Hubs
Race conditions
Some firewall challenges
14. Protocol for mapping an IP address to a physical machine address that is recognized on the local network - A table - usually called the ARP cache - is used to maintain a correlation between each MAC and it's corresponding IP address
The CIA triad
Address Resolution Protocol (ARP)
When setting up a virtual circuit
File integrity checking work
15. 1 and 2 - Voice/Low speed data - 3 - Voice/Data 10Mb - 4 - Voice/Data 16Mb - 5 - 5e - Voice/Data 100Mb to 1Gb - 6 - Standard for gigabit
The different cable categories
the application layer
The transport layer
IDS not
16. Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.
What range is a class B network?
What primary threats should be protected against
Trojan horse
ATM work
17. Going around with equipment to detect wireless networks
DDoS attack
Wardriving
LAN
CIDR
18. CIDR is a shorthand way of specifying which portion of the address is the network - and which portion is the host
Rotation?
Router
CIDR
Arbitrary substitution
19. Unencrypted message in its original form
Network stumbler
Plaintext
Defense in depth
Nmap scanning techniques
20. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters
Some firewall benefits
IDS data normalization
Rotation?
Types of viruses
21. Known - unknown - zero day
Vulnerabilities
What categories do vulnerabilities fall into?
Snort
TFTP
22. Attaches itself to existing program files and activated when the exe is launched
Proxy or application gateway
Log monitoring work?
The presentation layer
Program infector
23. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere
3-way handshake
Datagram length of a UDP packet
Remote maintenance
Multi protocol label switching
24. An agreement on how different computer will work - protocols define the format and order of messages and what to do upon receipt of the messages - basically the rules of the network
the application layer
What range is a class A network?
A network protocol
The four basic approaches to defense in depth
25. It makes sure the data sent from one side to the other is in a format useful to the other side
Some reasons to use UDP over TCP
What range is a class B network?
File integrity checking work
The presentation layer
26. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability
Some disadvantages of honeypots
The goals of cryptography
When talking about protocols and referencing layers - what stack is used
Buffer overflow
27. Attacks systems through known vulnerabilities - automatically scans for more systems to attack - lowers system defenses - installs rootkit or root shell - opens up back doors - self contained malware that can copy itself
Datagram length of a UDP packet
Worms
A netmask
Denial of service
28. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies
The session layer
The TCP/IP model
Defense in depth
IDS signature analysis work
29. ATM supports two types of virtual circuits: permanent virtual circuits and switches virtual circuit - PVC is set up in advance - usually manually - SVC is established automatically through a signaling protocol and can be created on the fly - establis
Types of ATM virtual circuits
Honeypot
SQL Slammer Worm
Bus Topology
30. Connects many WANs - MANs - and LANs - provided via ISP
The three goals of security
Some types of malicious code
Parasitic malware
Internet
31. logic bomb - trojan horse - trap door
Some types of malicious code
Some ways to bypass firewall protections
Ciphertext
Some network design objectives
32. Four layers - Network Layer - Internet Layer - Transport Layer - Application layer
NIDS challenges
Race conditions
The TCP/IP model
The OSI model
33. Message in its encrypted form
Ciphertext
To establish a TCP session
Brute force
Group
34. keeps the same letters - but changes the position within the text - easy to break - can be combined with substitution
Best way to protect wireless networks
Permutation
Some NIDS topology limitations
COM/Script program infector
35. Spread as an office attachment with executable code programmed using macro facility - targets are data files - visual basic editor and other macro languages - payload executes when the code is launched
IDS not
Macro virus
Asynchronous Transfer Mode
TFTP
36. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS
Alteration of code
Rotation?
Some common TCP ports
Brute force
37. Poor programming without error checking can allow commands to be run in an input field. This can point to a command further in the buffer that will execute the attacker's payload.
No State Inspection ACK flag set
What range is a class B network?
Buffer overflow
Some common TCP ports
38. Used for connecting two physical segments of a network - segments traffic - breaks up collision domains - not generally used because of switches
Address resolution protocol
Some other UDP based protocols
Bridge
When setting up a virtual circuit
39. Provides insight into traffic on the network - help detect problems with network operations - provides auditing for other security measures
NIDS advantages
Alteration of code
LAN
The protected enclave to defense in depth
40. It allows the transport layer to detect when the UDP headers or the payload have been modified in transit
IDS not
Social engineering
Some external threat concerns
Checksum in UDP
41. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management
Some common TCP ports
Snort
A blind FTP
NIDS challenges
42. Full open - half open (stealth scan) - UDP - Ping
Some NIDS topology limitations
Plaintext
Nmap scanning techniques
Some malware propagation techniques
43. Intrusion detection system - it reports attacks against monitored systems/networks
The physical layer stack
IDS
The difference in stacks
Internet
44. Netmasks or subnets provide a method for identifying what portion of an address is the network - and what portion is the host
Trap door
The transport layer
A netmask
the application layer
45. War dialing - war driving - Sniffing - eavesdropping - dumpster diving - social engineering
Integrity of Data
MAN
Some Pen Test techniques
Some other UDP based protocols
46. When someone has compromised the integrity of data or a program. Allows attackers to create backdoors.
Alteration of code
To establish a TCP session
Shallow packet inspection
What threats should be protected against - based on threat levels
47. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum
NIDS challenges
Snort
UDP packet headers
The CIA triad
48. Small program triggered by an event that provides an action. E.g. scheduled file removal if countdown isn't reset - ie: employee was fired
Some firewall challenges
The conficker worm
Some types of malicious code
Logic bomb
49. A spoofed IP is used to send a SYN to the target. It then responds with a SYN/ACK that never receives the final ACK to complete the handshake. This occupies a portion of the target's pre-established buffer for TCP and can prevent the target from acce
ATM work
What range is a class B network?
SYN flood
The data link layer
50. Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer
NIDS advantages
Some FTP dangers
The OSI model
Remote maintenance