Test your basic knowledge |

GIAC

Subjects : certifications, giac, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Prepends to the beginning of the file and gains control when the first instruction of the infected COM file is executed - appending to the end - virus writes its payload to the end and inserts jump instruction as the first instruction - which execute
COM/Script program infector
Some ways to bypass firewall protections
What range is a class C network?
What's an easy way to test encryption?

2. Weakness in a system - inherent in a complex system - majority are due to poor coding - gateway by which threats are manifested
The presentation layer
Nmap scanning techniques
Trap door
Vulnerabilities

3. Slow - requires stateful data tracking - inspects all fields - including variable-length fields
Snort
Some ways to bypass firewall protections
SQL Slammer Worm
Deep packet inspection

4. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management
Some types of malicious code
Network stumbler
NIDS challenges
Nmap

5. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP
Port scan
Router
Multi protocol label switching
What range is a class C network?

6. logic bomb - trojan horse - trap door
Some types of malicious code
IDS data normalization
Bridge
What's an easy way to test encryption?

7. Provides insight into traffic on the network - help detect problems with network operations - provides auditing for other security measures
Address resolution protocol
NIDS advantages
Rootkit
When setting up a virtual circuit

8. -Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom
Group
The network layer
HIDS monitor
Some external threat concerns

9. Infects MBR - no network spreading potential
What primary threats should be protected against
When setting up a virtual circuit
Boot record infector
Risk

10. Isolates systems when they initially connect to the network - allows systems to be scanned and checked prior to being put on a trusted segment
IDS not
NAC
ATM work
Some external threat concerns

11. An appliance that controls access between public internet and a companies private network - or between a PC NIC and the rest of the PC.
Risk
Firewall
The transport layer
DDoS attack

12. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks
The physical layer stack
LAN
A blind FTP
SQL Slammer Worm

13. The practice of sending an ACK inside another packet going to the same destination
ACK piggybacking
When setting up a virtual circuit
IDS signature analysis work
When implementing protocols - what stack should be used?

14. An attempt to gain access by bombarding it with guesses until the password is found.
To establish a TCP session
To close a TCP session
Brute force
What ways should the crypto key be protected?

15. Wide Area Network - Larger than MAN or LAN - uses public network - phone lines - and leased lines to tie LAN and MAN over a dispersed area
The presentation layer
When implementing protocols - what stack should be used?
Checksum in UDP
WAN

16. 1. physical 2. data 3. network 4. transport 5. session 6. presentation 7. application
NAC
Internet
The OSI Protocol Stack
Ciphertext

17. Considered to be a perimeter device
Router
Some malware propagation techniques
Macro virus
Some reasons to use UDP over TCP

18. When someone has compromised the integrity of data or a program. Allows attackers to create backdoors.
EXE program infector
Social engineering
The session layer
Alteration of code

19. Most common approach - firewall - VPN - intrusion detection - AV - disk encryption - all parts of the organization receive equal protection - particularly vulnerable to malicious inside attacks
The Uniform Protection to defense in depth
Hubs
Buffer overflow
Switches

20. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0
What range is a class A network?
Shallow packet inspection
Some reasons to use UDP over TCP
OS Command Injection defenses

21. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored
To establish a TCP session
Log monitoring work?
The TCP/IP model
The presentation layer

22. It makes sure the data sent from one side to the other is in a format useful to the other side
MAN
The presentation layer
Some NIDS topology limitations
Race conditions

23. keeps the same letters - but changes the position within the text - easy to break - can be combined with substitution
The Information Centric defense in depth
Wardriving
Permutation
Plaintext

24. Attaches itself to existing program files and activated when the exe is launched
A netcat listener
Program infector
Some common TCP ports
What primary threats should be protected against

25. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process
What threats should be protected against - based on threat levels
Denial of service
Logic bomb
Some disadvantages of honeypots

26. Anonymous FTP - FTP passes through clear text - Bounce attacks with the PORT command - user can cause an FTP to open a connection from the FTP's own commands and bypass a firewall
Some FTP dangers
Alteration of code
Some common UDP ports
The OSI Protocol Stack

27. Switches along the path can be requested to allocate the desired amount of bandwidth. If the circuit has the required bandwidth - the circuit is set up.
When setting up a virtual circuit
Parasitic malware
The five threat vectors
The physical layer stack

28. Handles transmissions across the physical media like wires - fiber - etc
The TCP/IP model
A network protocol
The physical layer stack
The threat vector analysis in defense in depth

29. It allows the transport layer to detect when the UDP headers or the payload have been modified in transit
When setting up a virtual circuit
Total cell size for asynchronous transfer mode (ATM)
Checksum in UDP
The goals of cryptography

30. Confidentiality - symmetric encryption
LAN
Some other UDP based protocols
The goals of cryptography
Bus Topology

31. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con
NAC
Honeyd
ATM work
Nmap

32. Unencrypted message in its original form
Plaintext
Some malware capabilities
Checksum in UDP
Risk

33. Known - unknown - zero day
Some common TCP ports
Anomaly analysis work
The four basic approaches to defense in depth
What categories do vulnerabilities fall into?

34. Identify critical assets and provide layered protection - data is accessed by applications - applications reside on hosts - hosts operate on networks
Hubs
Anomaly analysis work
The Information Centric defense in depth
Some reasons to use TCP over UDP

35. Protected at rest - protected in transit - secure the key
What ways should the crypto key be protected?
Parasitic malware
Log monitoring work?
Stateful firewall

36. destruction of data - leaking confidential information - providing backdoor access
Ciphertext
Boot record infector
Some malware capabilities
Trojan horse

37. flags anomalous conditions in traffic on the network - requires understanding on what is normal - bases good traffic as a baseline
What threats should be protected against - based on threat levels
The protected enclave to defense in depth
The data link layer
Anomaly analysis work

38. Full open - half open (stealth scan) - UDP - Ping
A netcat listener
Nmap scanning techniques
A network protocol
ATM work

39. Confidentiality - integrity - availability
Logic bomb
Social engineering
A netmask
The CIA triad

40. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS
Network stumbler
Some disadvantages of honeypots
War Dialing
Some common TCP ports

41. True positive - false positive - true negative - false negative
A netcat listener
Some network design objectives
The four types of events reported by IDS
What categories do vulnerabilities fall into?

42. Parasitic malware - boot record infector - macro - COM/Script program infector - EXE program infector
Network stumbler
Trap door
Types of viruses
NIDS challenges

43. A list of files is defined that should be monitored for a change - HIDS software calculates a one-way hash for each file - if a change is made to the file - the hash is changed
File integrity checking work
What ways should the crypto key be protected?
The protected enclave to defense in depth
Some network design objectives

44. FIN 130 - ACK 131 - FIN 570 - ACK 571
CIDR
Some ways to bypass firewall protections
A netcat listener
To close a TCP session

45. Simplest form of a research honeypot - useful in identifying nature of TCP scans - allows attacker to complete 3-way handshake - listens on a defined port - logs incoming requests for analysis
A netcat listener
Port scan
Types of viruses
Address Resolution Protocol (ARP)

46. A sends a SYN packet to B - B acknowledges with a SYN/ACK - A replies with ACK
NIDS challenges
3-way handshake
Trojan horse
The Uniform Protection to defense in depth

47. Personal area network - phone tethering - bluetooth - etc
PAN
Nmap scanning techniques
Some malware capabilities
HIDS monitor

48. Intrusion detection system - it reports attacks against monitored systems/networks
To close a TCP session
IDS
The five threat vectors
Social engineering

49. Relies on executable code insertion and user interaction to spread
NIDS advantages
What range is a class C network?
Parasitic malware
Rotation?

50. risk = threat x vulnerability - impossible to eliminate - security is an exercise in loss reduction
Risk
Some honeypot advantages
What categories do vulnerabilities fall into?
Honeypot