Test your basic knowledge |

GIAC

Subjects : certifications, giac, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Infected millions through various methods - vulnerability in the MS Server Service - brute force admin password through network shares - infect removable devices with a malicious autorun script
Alteration of code
UDP packet headers
Proxy or application gateway
The conficker worm

2. Uniform protection - protected enclaves - information centric - threat vector analysis
Some network design objectives
No State Inspection ACK flag set
The four basic approaches to defense in depth
Types of viruses

3. 53 bytes - 48 bytes for data - 5 bytes for the header
Total cell size for asynchronous transfer mode (ATM)
Switches
Honeyd
File integrity checking work

4. Infects MBR - no network spreading potential
Boot record infector
Nmap scanning techniques
Total cell size for asynchronous transfer mode (ATM)
IDS signature analysis work

5. Slow - requires stateful data tracking - inspects all fields - including variable-length fields
Deep packet inspection
What categories do vulnerabilities fall into?
Stateless packet filter
PAN

6. An attempt to gain access by bombarding it with guesses until the password is found.
Kismet
Brute force
Arbitrary substitution
Proxy or application gateway

7. Protocol for mapping an IP address to a physical machine address that is recognized on the local network - A table - usually called the ARP cache - is used to maintain a correlation between each MAC and it's corresponding IP address
What ways should the crypto key be protected?
Address Resolution Protocol (ARP)
Datagram length of a UDP packet
A network protocol

8. logic bomb - trojan horse - trap door
The network layer
Types of ATM virtual circuits
Some types of malicious code
Log monitoring work?

9. A sends a SYN packet to B - B acknowledges with a SYN/ACK - A replies with ACK
NIDS challenges
A network protocol
3-way handshake
Risk

10. One is for talking - one is for implementing
Permutation
The difference in stacks
Integrity of Data
Stateless packet filter

11. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.
Stateless packet filter
Buffer overflow
Defense in depth
The OSI Protocol Stack

12. packet filter firewalls rely on TCP flags to determine connection state. Attacker can send ACK packets only to bypass firewall.
What primary threats should be protected against
No State Inspection ACK flag set
The difference in stacks
Social engineering

13. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0
Some reasons to use UDP over TCP
Risk
What range is a class B network?
WAN

14. A hash is produced when applied to a monitored file. The hash always generates the same value unless a change was made. HIDS software checks the hashes of monitored files and if a change is found - analyst is notified. - ie: tripwire
Router
Boot record infector
Denial of service
File Integrity checking work

15. Resource exhaustion like DDoS or fork attack - unexpected input value the machine does not know how to process
Trap door
Denial of service
Some ways to bypass firewall protections
Bridge

16. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere
The four types of events reported by IDS
IDS data normalization
The CIA triad
Remote maintenance

17. Unencrypted message in its original form
Logic bomb
Log monitoring work?
The four basic approaches to defense in depth
Plaintext

18. Attacks systems through known vulnerabilities - automatically scans for more systems to attack - lowers system defenses - installs rootkit or root shell - opens up back doors - self contained malware that can copy itself
Some external threat concerns
Worms
Some NIDS topology limitations
3-way handshake

19. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters
Some ways to bypass firewall protections
Rotation?
No State Inspection ACK flag set
Some malware propagation techniques

20. Not frequently seen on LANs because of expense - because of its traffic predictability and high bandwidth support - it's good for video streaming - encapsulates common protocols - uses virtual path identifiers to create end to end connectivity - has
Firewall
The physical layer stack
the application layer
Asynchronous Transfer Mode

21. It interacts with the application layer to determine which network services will be required
Some Pen Test techniques
DDoS attack
SYN flood
the application layer

22. A cracking tool inserted into the OS that allows the attacker to do as they please.
The CIA triad
Rootkit
The protected enclave to defense in depth
Hubs

23. Attempt to manipulate or trick a person into providing information or access - bypass network security by exploiting humans - vector is often outside attack by telephone or visitor inside
Boot record infector
The five threat vectors
The Information Centric defense in depth
Social engineering

24. Parasitic malware - boot record infector - macro - COM/Script program infector - EXE program infector
Switches
Parasitic malware
Types of viruses
The five threat vectors

25. Hash Authentication - asymmetric - non repudiation - digital signature - hash + asymmetry
Denial of service
A blind FTP
What range is a class C network?
Integrity of Data

26. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection
Some firewall benefits
Boot record infector
The transport layer
What primary threats should be protected against

27. It allows the transport layer to detect when the UDP headers or the payload have been modified in transit
Bridge
COM/Script program infector
Checksum in UDP
Some other UDP based protocols

28. An attacker recruits zombie systems ahead of time to simultaneously release a flood of traffic at a specific target.
Switches
DDoS attack
To establish a TCP session
Wardriving

29. OSI
War Dialing
When talking about protocols and referencing layers - what stack is used
IDS signature analysis work
IDS

30. Most commonly used transport protocol today - ensures reliable packet delivery - has error handling built in
Overview of TCP
HIDS monitor
The data link layer
The Information Centric defense in depth

31. Network scanner.
Proxy or application gateway
Best way to protect wireless networks
Honeyd
Nmap

32. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks
File integrity checking work
TFTP
SQL Slammer Worm
To establish a TCP session

33. Combines the functionality of a hub and bride into a single device - keeps track of MACs attached to each port
Anomaly analysis work
Some external threat concerns
Switches
Types of ATM virtual circuits

34. It makes sure the data sent from one side to the other is in a format useful to the other side
Some malware capabilities
The presentation layer
Some malware propagation techniques
A netcat listener

35. Relies on executable code insertion and user interaction to spread
Parasitic malware
The OSI model
Worms
The network layer

36. Trivial File Transfer Protocol - method to transfer files from one device to another without needing authentication
Honeypot
NAC
DDoS attack
TFTP

37. Take the file and try to compress it. If it compresses - it means there is a pattern and it's more easily crackable

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

38. Stateful firewalls maintain state of traffic flows
Rotation?
Brute force
Network stumbler
Stateful firewall

39. The practice of sending an ACK inside another packet going to the same destination
Kismet
The goals of cryptography
Types of ATM virtual circuits
ACK piggybacking

40. Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector
Wardriving
To close a TCP session
Port scan
The threat vector analysis in defense in depth

41. Full open - half open (stealth scan) - UDP - Ping
The protected enclave to defense in depth
Deep packet inspection
Trap door
Nmap scanning techniques

42. -Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom
The network layer
Some external threat concerns
IDS not
Bus Topology

43. Simplest form of a research honeypot - useful in identifying nature of TCP scans - allows attacker to complete 3-way handshake - listens on a defined port - logs incoming requests for analysis
Address resolution protocol
A netcat listener
The presentation layer
Plaintext

44. Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.
Hubs
Trojan horse
What's an easy way to test encryption?
HIDS monitor

45. size is whatever the length of the UDP portion of the packet. Could be as large as 65 -535
A network protocol
Some other UDP based protocols
Datagram length of a UDP packet
Types of ATM virtual circuits

46. Spread as an office attachment with executable code programmed using macro facility - targets are data files - visual basic editor and other macro languages - payload executes when the code is launched
The goals of cryptography
The difference in stacks
Some firewall benefits
Macro virus

47. Syn - Syn/Ack - Ack
To establish a TCP session
What range is a class B network?
The conficker worm
To close a TCP session

48. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP
The OSI model
HIDS monitor
Port scan
What range is a class B network?

49. Uses flow control to handle network congestion - can send larger amounts of data per packet - has guaranteed delivery of transmitted data - better protection against spoofing - reduces need for error checking at higher OSI layers
Hping
Risk
Some reasons to use TCP over UDP
The TCP/IP model

50. Personal area network - phone tethering - bluetooth - etc
The different cable categories
Some common UDP ports
PAN
Some FTP dangers