Test your basic knowledge |

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Stateful firewalls maintain state of traffic flows






2. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies






3. Used for connecting two physical segments of a network - segments traffic - breaks up collision domains - not generally used because of switches






4. Wide Area Network - Larger than MAN or LAN - uses public network - phone lines - and leased lines to tie LAN and MAN over a dispersed area






5. Bits of code embedded in programs to quickly gain access at a later time






6. Trying to ID modems in a telephone exchange that may be susceptible to compromise






7. Prepends to the beginning of the file and gains control when the first instruction of the infected COM file is executed - appending to the end - virus writes its payload to the end and inserts jump instruction as the first instruction - which execute






8. Identify critical assets and provide layered protection - data is accessed by applications - applications reside on hosts - hosts operate on networks






9. Uniform protection - protected enclaves - information centric - threat vector analysis






10. The Practice of sending an ACK inside another packet going to the same destination






11. Strips OS commands and characters from input - avoid making system calls from within the app * especially based on user input






12. Intellectual property - business goals - validated data - historical






13. TCP/IP - the IP protoco - The core routing protocol of the internet - - deals with transmission of packets between end points - defines the addressing scheme for the internet






14. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0






15. Netmasks or subnets provide a method for identifying what portion of an address is the network - and what portion is the host






16. A low end firewall that can quickly be deployed using existing hardware. They examine packets themselves with no content.






17. 8 bytes per packet - UDP SRC port - UDP DST Ports - UDP length - UDP Checksum






18. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment






19. Outside attack from network - Outsider attack from telephone - Insider attack from local network - insider attack from local system - attack from malicious code






20. open source tool for monitoring - can be used as a NIDS - has quick updates and flexibility for custom rules






21. A time of check/time of use attack that exploits the difference in between when a security control was applied and the time the service was used.






22. Slow - requires stateful data tracking - inspects all fields - including variable-length fields






23. Network scanner.






24. Protected at rest - protected in transit - secure the key






25. NTP - BootP/DHCP - NFS file systems - SNMP - TFTP






26. Network traffic to the host - typically listens on all interface - uses signature analysis to identify events of interest






27. An appliance that controls access between public internet and a companies private network - or between a PC NIC and the rest of the PC.






28. Protects internal/external systems from attack - filters communications based on content - performs NAT - encrypts communications for VPN - logging to aid in intrusion detection






29. Infected millions through various methods - vulnerability in the MS Server Service - brute force admin password through network shares - infect removable devices with a malicious autorun script






30. It interacts with the application layer to determine which network services will be required






31. A cracking tool inserted into the OS that allows the attacker to do as they please.






32. Confidentiality - symmetric encryption






33. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters






34. Improper deployment can increase attack risk - if production systems aren't sufficiently protected - they can be vulnerable from a honeypot - legal liability






35. Provides insight into traffic on the network - help detect problems with network operations - provides auditing for other security measures






36. Most commonly used transport protocol today - ensures reliable packet delivery - has error handling built in






37. An agreement on how different computer will work - protocols define the format and order of messages and what to do upon receipt of the messages - basically the rules of the network






38. Provides insight into the tactics - motives - and attacker tools






39. Attacks systems through known vulnerabilities - automatically scans for more systems to attack - lowers system defenses - installs rootkit or root shell - opens up back doors - self contained malware that can copy itself






40. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP






41. Known - unknown - zero day






42. Infects MBR - no network spreading potential






43. Not a replacement for firewalls - hardening - strong policies - or other DiD methods - low maintenance - inexpensive






44. A list of files is defined that should be monitored for a change - HIDS software calculates a one-way hash for each file - if a change is made to the file - the hash is changed






45. Most common approach - firewall - VPN - intrusion detection - AV - disk encryption - all parts of the organization receive equal protection - particularly vulnerable to malicious inside attacks






46. Weakness in a system - inherent in a complex system - majority are due to poor coding - gateway by which threats are manifested






47. Connects the physical part of the network (cables) with the abstract (packets and datastreams)






48. ATM supports two types of virtual circuits: permanent virtual circuits and switches virtual circuit - PVC is set up in advance - usually manually - SVC is established automatically through a signaling protocol and can be created on the fly - establis






49. Anonymous FTP - FTP passes through clear text - Bounce attacks with the PORT command - user can cause an FTP to open a connection from the FTP's own commands and bypass a firewall






50. Not frequently seen on LANs because of expense - because of its traffic predictability and high bandwidth support - it's good for video streaming - encapsulates common protocols - uses virtual path identifiers to create end to end connectivity - has