Test your basic knowledge |

GIAC

Subjects : certifications, giac, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls
Social engineering
Some firewall challenges
What categories do vulnerabilities fall into?
The OSI model

2. An attacker recruits zombie systems ahead of time to simultaneously release a flood of traffic at a specific target.
What's an easy way to test encryption?
Some reasons to use UDP over TCP
Alteration of code
DDoS attack

3. Work groups that require additional protection are segmented from the rest of the internal organization - restricting access to critical segments - system of VPNs - internal firewall - VLANs and ACLs
Alteration of code
A netcat listener
Multi protocol label switching
The protected enclave to defense in depth

4. Stateful firewalls maintain state of traffic flows
What threats should be protected against - based on threat levels
The protected enclave to defense in depth
A netmask
Stateful firewall

5. Weakness in a system - inherent in a complex system - majority are due to poor coding - gateway by which threats are manifested
Hping
IDS data normalization
Denial of service
Vulnerabilities

6. Very simplistic. All systems are attached to the same cable segment. Rarely used because they're unreliable - low fault tolerance - poor traffic isolation - with limited scalability
Bus Topology
Smurf attack
Browsing attack
Rootkit

7. Wide Area Network - Larger than MAN or LAN - uses public network - phone lines - and leased lines to tie LAN and MAN over a dispersed area
Hping
Some ways to bypass firewall protections
WAN
Defense in depth

8. logic bomb - trojan horse - trap door
Datagram length of a UDP packet
Some ways to bypass firewall protections
The presentation layer
Some types of malicious code

9. Attaches itself to existing program files and activated when the exe is launched
Address Resolution Protocol (ARP)
NIDS challenges
Firewall
Program infector

10. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment
Permutation
the application layer
Trojan horse
Best way to protect wireless networks

11. Trying to ID modems in a telephone exchange that may be susceptible to compromise
Asynchronous Transfer Mode
Ciphertext
War Dialing
Defense in depth

12. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability
Some common TCP ports
Total cell size for asynchronous transfer mode (ATM)
Some disadvantages of honeypots
Some NIDS topology limitations

13. An agreement on how different computer will work - protocols define the format and order of messages and what to do upon receipt of the messages - basically the rules of the network
Some malware capabilities
The four types of events reported by IDS
ACK piggybacking
A network protocol

14. 53 - DNS - 67 - BootP - 68 - BootP - 69 - TFTP - 123- NTP - 137-139 NBT - 161 - SNMP - 162 - SNMP - 2049 - NFS
A netcat listener
The five threat vectors
Some firewall benefits
Some common UDP ports

15. FIN 130 - ACK 131 - FIN 570 - ACK 571
What threats should be protected against - based on threat levels
Firewall
To close a TCP session
Proxy or application gateway

16. Spread as an office attachment with executable code programmed using macro facility - targets are data files - visual basic editor and other macro languages - payload executes when the code is launched
Brute force
A network protocol
TFTP
Macro virus

17. Four layers - Network Layer - Internet Layer - Transport Layer - Application layer
Some firewall challenges
What ways should the crypto key be protected?
Some disadvantages of honeypots
The TCP/IP model

18. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum
What's a VLAN
Stateless packet filter
Parasitic malware
UDP packet headers

19. Network scanner.
NIDS advantages
Nmap
IDS signature analysis work
The three goals of security

20. Malware - insider threat - natural disaster - terrorism - pandemic
What range is a class A network?
What primary threats should be protected against
To close a TCP session
Arbitrary substitution

21. Personal area network - phone tethering - bluetooth - etc
PAN
The Information Centric defense in depth
The network layer
Rotation?

22. Simple attack done by simply browsing available information that's allowed on a local network.
Browsing attack
Vulnerabilities
A netmask
The different cable categories

23. Slow - requires stateful data tracking - inspects all fields - including variable-length fields
Deep packet inspection
Denial of service
Integrity of Data
When implementing protocols - what stack should be used?

24. Attacks systems through known vulnerabilities - automatically scans for more systems to attack - lowers system defenses - installs rootkit or root shell - opens up back doors - self contained malware that can copy itself
Some common UDP ports
Worms
What range is a class C network?
Snort

25. Message in its encrypted form
HIDS monitor
The five threat vectors
Ciphertext
Shallow packet inspection

26. Network traffic to the host - typically listens on all interface - uses signature analysis to identify events of interest
SYN flood
Anomaly analysis work
What's a VLAN
HIDS monitor

27. Maintains complete TCP connection state and sequencing through 2 connections - address translation built-in by virtue of second connection above
Address resolution protocol
The data link layer
The goals of cryptography
Proxy or application gateway

28. Isolates systems when they initially connect to the network - allows systems to be scanned and checked prior to being put on a trusted segment
SQL Slammer Worm
NIDS challenges
Total cell size for asynchronous transfer mode (ATM)
NAC

29. Connects the physical part of the network (cables) with the abstract (packets and datastreams)
Asynchronous Transfer Mode
What primary threats should be protected against
The data link layer
Macro virus

30. Uses inclusive or exclusive lists - inclusive analysis utilizes a list of keywords - exclusive analysis utilizes a list of events that can be ignored
COM/Script program infector
What categories do vulnerabilities fall into?
Browsing attack
Log monitoring work?

31. deployment challenges including topology and access limitations - analyzing encrypted traffic - quantity vs. quality of signatures - performance limitations with extensive analysis techniques - very costly for proper management
NIDS challenges
NAC
Best way to protect wireless networks
Trap door

32. Handles the network address scheme and connectivity of multiple network segments. It handles communication.
The network layer
Shallow packet inspection
COM/Script program infector
Some common UDP ports

33. Anonymous FTP - FTP passes through clear text - Bounce attacks with the PORT command - user can cause an FTP to open a connection from the FTP's own commands and bypass a firewall
Denial of service
Some FTP dangers
Rotation?
ACK piggybacking

34. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere
The transport layer
MAN
Remote maintenance
SYN flood

35. Uses a 1 to 1 substitution of arbitrary numbers - given a one character mapping - you cannot determine the key
3-way handshake
What primary threats should be protected against
Some disadvantages of honeypots
Arbitrary substitution

36. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks
Some external threat concerns
SQL Slammer Worm
Trap door
The four types of events reported by IDS

37. Unencrypted message in its original form
Plaintext
No State Inspection ACK flag set
Bus Topology
Deep packet inspection

38. Means multiple iterations won't matter. If you encrypt with a key - then re-encrypt - it's the same as using one key.
Group
Honeyd
The four basic approaches to defense in depth
Stateless packet filter

39. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection
The network layer
EXE program infector
Some firewall benefits
WAN

40. Provides insight into the tactics - motives - and attacker tools
NAC
WAN
Some honeypot advantages
Bus Topology

41. 53 bytes - 48 bytes for data - 5 bytes for the header
Total cell size for asynchronous transfer mode (ATM)
Rotation?
Types of ATM virtual circuits
Program infector

42. Small program triggered by an event that provides an action. E.g. scheduled file removal if countdown isn't reset - ie: employee was fired
Some types of malicious code
Trojan horse
The different cable categories
Logic bomb

43. An appliance that controls access between public internet and a companies private network - or between a PC NIC and the rest of the PC.
HIDS monitor
Firewall
What range is a class A network?
The protected enclave to defense in depth

44. Handles transmissions across the physical media like wires - fiber - etc
The physical layer stack
Group
Some firewall challenges
The difference in stacks

45. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules
Group
A netcat listener
The network layer
Snort

46. Intrusion detection system - it reports attacks against monitored systems/networks
Multi protocol label switching
Some reasons to use TCP over UDP
Stateful firewall
IDS

47. rules indicate criteria in packets that represent events of interest - rules are applied to packets as they are received - alerts are created when matches are found
COM/Script program infector
Kismet
IDS signature analysis work
The four basic approaches to defense in depth

48. Syn - Syn/Ack - Ack
Permutation
To establish a TCP session
Bridge
CIDR

49. A list of files is defined that should be monitored for a change - HIDS software calculates a one-way hash for each file - if a change is made to the file - the hash is changed
Some NIDS topology limitations
File integrity checking work
The physical layer stack
Vulnerabilities

50. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con
WAN
IDS not
ATM work
The goals of cryptography