SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
GIAC
Start Test
Study First
Subjects
:
certifications
,
giac
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ATM supports two types of virtual circuits: permanent virtual circuits and switches virtual circuit - PVC is set up in advance - usually manually - SVC is established automatically through a signaling protocol and can be created on the fly - establis
UDP packet headers
Types of ATM virtual circuits
CIDR
The protected enclave to defense in depth
2. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management
Defense in depth
NIDS challenges
LAN
Network stumbler
3. Parasitic malware - boot record infector - macro - COM/Script program infector - EXE program infector
Group
EXE program infector
Types of viruses
Some malware capabilities
4. It allows the transport layer to detect when the UDP headers or the payload have been modified in transit
Checksum in UDP
Defense in depth
The Information Centric defense in depth
A netcat listener
5. Going around with equipment to detect wireless networks
What primary threats should be protected against
OS Command Injection defenses
Some other UDP based protocols
Wardriving
6. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters
OS Command Injection defenses
File integrity checking work
Address resolution protocol
Rotation?
7. Infects MBR - no network spreading potential
Boot record infector
the application layer
Social engineering
Shallow packet inspection
8. Confidentiality - integrity - availability
The CIA triad
Nmap scanning techniques
To establish a TCP session
The transport layer
9. Outside attack from network - Outsider attack from telephone - Insider attack from local network - insider attack from local system - attack from malicious code
Some disadvantages of honeypots
The five threat vectors
What's an easy way to test encryption?
Remote maintenance
10. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0
What range is a class B network?
Multi protocol label switching
Deep packet inspection
PAN
11. Attaches itself to existing program files and activated when the exe is launched
Logic bomb
IDS data normalization
When talking about protocols and referencing layers - what stack is used
Program infector
12. Identify critical assets and provide layered protection - data is accessed by applications - applications reside on hosts - hosts operate on networks
Browsing attack
The Information Centric defense in depth
Remote maintenance
Router
13. A system resource that has no legitimate purpose or reason for someone to connect to it - its purpose is to draw in attackers to understand how they break into a system
Honeypot
Honeyd
Internet
Some honeypot advantages
14. 20 - FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS
Multi protocol label switching
No State Inspection ACK flag set
Overview of TCP
Some common TCP ports
15. Handles the network address scheme and connectivity of multiple network segments. It handles communication.
Some other UDP based protocols
The network layer
IDS signature analysis work
The presentation layer
16. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules
ACK piggybacking
Snort
Router
Anomaly analysis work
17. Confidentiality - symmetric encryption
When setting up a virtual circuit
The goals of cryptography
Boot record infector
What's an easy way to test encryption?
18. 1. physical 2. data 3. network 4. transport 5. session 6. presentation 7. application
The difference in stacks
The OSI Protocol Stack
Deep packet inspection
3-way handshake
19. Netmasks or subnets provide a method for identifying what portion of an address is the network - and what portion is the host
A netcat listener
A netmask
Overview of TCP
NIDS advantages
20. FIN 130 - ACK 131 - FIN 570 - ACK 571
What range is a class C network?
Total cell size for asynchronous transfer mode (ATM)
To close a TCP session
Datagram length of a UDP packet
21. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment
NIDS advantages
HIDS monitor
Best way to protect wireless networks
To close a TCP session
22. Not a replacement for firewalls - hardening - strong policies - or other DiD methods - low maintenance - inexpensive
ACK piggybacking
The transport layer
Vulnerabilities
IDS not
23. local area network - small network confined to small location - all equipment owned by a single entity - vulnerable to inside threats and logic bombs
Stateless packet filter
The CIA triad
LAN
The physical layer stack
24. It makes sure the data sent from one side to the other is in a format useful to the other side
A network protocol
The presentation layer
Hubs
The protected enclave to defense in depth
25. Trying to ID modems in a telephone exchange that may be susceptible to compromise
War Dialing
A netmask
the application layer
Rootkit
26. 53 bytes - 48 bytes for data - 5 bytes for the header
The five threat vectors
the application layer
Total cell size for asynchronous transfer mode (ATM)
Stateful firewall
27. 192.0.0.0 through 223.255.255.255 - subnet mask of 255.255.255.0
Total cell size for asynchronous transfer mode (ATM)
Types of ATM virtual circuits
What range is a class C network?
The presentation layer
28. Provides insight into traffic on the network - help detect problems with network operations - provides auditing for other security measures
Vulnerabilities
A blind FTP
Switches
NIDS advantages
29. It handles the establishment and maintenance of connections between systems
Boot record infector
What primary threats should be protected against
War Dialing
The session layer
30. Handles transmissions across the physical media like wires - fiber - etc
The Information Centric defense in depth
The physical layer stack
OS Command Injection defenses
Arbitrary substitution
31. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored
Some other UDP based protocols
Some firewall challenges
Some honeypot advantages
Log monitoring work?
32. Means multiple iterations won't matter. If you encrypt with a key - then re-encrypt - it's the same as using one key.
Group
When setting up a virtual circuit
SYN flood
Some malware propagation techniques
33. One is for talking - one is for implementing
Alteration of code
WAN
The difference in stacks
Bridge
34. It interacts with the application layer to determine which network services will be required
What categories do vulnerabilities fall into?
Address Resolution Protocol (ARP)
The threat vector analysis in defense in depth
the application layer
35. Wide Area Network - Larger than MAN or LAN - uses public network - phone lines - and leased lines to tie LAN and MAN over a dispersed area
Logic bomb
NIDS advantages
Multi protocol label switching
WAN
36. True positive - false positive - true negative - false negative
Best way to protect wireless networks
Stateless packet filter
The four types of events reported by IDS
Nmap
37. Very simplistic. All systems are attached to the same cable segment. Rarely used because they're unreliable - low fault tolerance - poor traffic isolation - with limited scalability
Bus Topology
Wardriving
Arbitrary substitution
SQL Slammer Worm
38. A time of check/time of use attack that exploits the difference in between when a security control was applied and the time the service was used.
Race conditions
The different cable categories
Some firewall benefits
PAN
39. Spread as an office attachment with executable code programmed using macro facility - targets are data files - visual basic editor and other macro languages - payload executes when the code is launched
What's an easy way to test encryption?
When talking about protocols and referencing layers - what stack is used
Macro virus
Some types of malicious code
40. Trivial File Transfer Protocol - method to transfer files from one device to another without needing authentication
Firewall
A network protocol
When setting up a virtual circuit
TFTP
41. Slow - requires stateful data tracking - inspects all fields - including variable-length fields
File Integrity checking work
Defense in depth
Deep packet inspection
3-way handshake
42. Unencrypted message in its original form
Plaintext
NIDS advantages
The OSI model
File Integrity checking work
43. Message in its encrypted form
Ciphertext
When setting up a virtual circuit
Anomaly analysis work
ACK piggybacking
44. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS
What primary threats should be protected against
The four types of events reported by IDS
Rotation?
Honeyd
45. Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.
Trojan horse
SQL Slammer Worm
Rootkit
Plaintext
46. Protocol for mapping an IP address to a physical machine address that is recognized on the local network. A table - usually called the ARP cache - is used to maintain a correlation between each MAC and its corresponding IP address
Address resolution protocol
What primary threats should be protected against
The Uniform Protection to defense in depth
The Information Centric defense in depth
47. Malware - insider threat - natural disaster - terrorism - pandemic
What threats should be protected against - based on threat levels
COM/Script program infector
What ways should the crypto key be protected?
What primary threats should be protected against
48. Isolates systems when they initially connect to the network - allows systems to be scanned and checked prior to being put on a trusted segment
Honeypot
Browsing attack
CIDR
NAC
49. free windows based wireless scanner for 802.1b - detects access point settings - supports GSP integration - identifies networks as encrypted or unencrypted
MAN
Total cell size for asynchronous transfer mode (ATM)
What ways should the crypto key be protected?
Network stumbler
50. risk = threat x vulnerability - impossible to eliminate - security is an exercise in loss reduction
Hping
Risk
Trap door
Port scan