Test your basic knowledge |

GIAC

Subjects : certifications, giac, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Uniform protection - protected enclaves - information centric - threat vector analysis
Denial of service
The conficker worm
The four basic approaches to defense in depth
The presentation layer

2. One is for talking - one is for implementing
Logic bomb
The difference in stacks
ACK piggybacking
War Dialing

3. Replicates traffic onto all ports - no traffic monitoring - cannot control which ports should or shouldn't receive frames - forming a large collision domain.
Hubs
Deep packet inspection
Vulnerabilities
What threats should be protected against - based on threat levels

4. Used for connecting two physical segments of a network - segments traffic - breaks up collision domains - not generally used because of switches
Some network design objectives
OS Command Injection defenses
ACK piggybacking
Bridge

5. A TCP version of ping - sends custom TCP packets to a host and listens for replies - enables port scanning and spoofing simultaneously
Address resolution protocol
Hping
Program infector
Types of ATM virtual circuits

6. Multiple levels of protection must be deployed - an exercie in detection - measures must be across a wide range of controls - compromises happen when people leave sites - risk - CIA triad - strategies
Deep packet inspection
Defense in depth
Rootkit
Types of viruses

7. 1 and 2 - Voice/Low speed data - 3 - Voice/Data 10Mb - 4 - Voice/Data 16Mb - 5 - 5e - Voice/Data 100Mb to 1Gb - 6 - Standard for gigabit
What range is a class B network?
Address resolution protocol
The different cable categories
IDS not

8. Intrusion detection system - it reports attacks against monitored systems/networks
NIDS advantages
Buffer overflow
IDS
What's a VLAN

9. Uses a 1 to 1 substitution of arbitrary numbers - given a one character mapping - you cannot determine the key
A network protocol
Arbitrary substitution
Address resolution protocol
The session layer

10. Worms and Wireless - modems - tunnel anything through HTTP - social engineering
Nmap scanning techniques
Some other UDP based protocols
Some ways to bypass firewall protections
Some common UDP ports

11. An FTP that allows downloads only if the user knows the exact name of the file they're looking for
A blind FTP
Multi protocol label switching
Denial of service
Program infector

12. Bits of code embedded in programs to quickly gain access at a later time
Some common UDP ports
Brute force
Trap door
The network layer

13. True positive - false positive - true negative - false negative
The four types of events reported by IDS
Smurf attack
Some types of malicious code
Deep packet inspection

14. Parasitic malware - boot record infector - macro - COM/Script program infector - EXE program infector
Types of viruses
A netcat listener
What's a VLAN
Some reasons to use TCP over UDP

15. Protected at rest - protected in transit - secure the key
A blind FTP
What categories do vulnerabilities fall into?
The Uniform Protection to defense in depth
What ways should the crypto key be protected?

16. Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer
The OSI model
To close a TCP session
Bridge
EXE program infector

17. 1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0
SQL Slammer Worm
When implementing protocols - what stack should be used?
Risk
What range is a class A network?

18. rules indicate criteria in packets that represent events of interest - rules are applied to packets as they are received - alerts are created when matches are found
Bus Topology
Shallow packet inspection
IDS signature analysis work
The Information Centric defense in depth

19. Trying to ID modems in a telephone exchange that may be susceptible to compromise
Stateful firewall
What primary threats should be protected against
War Dialing
NIDS challenges

20. Uses a 1 to 1 substitution of characters - rotate the alphabet by 'n' number of characters - rot+X means rotate the letters X characters
The threat vector analysis in defense in depth
Proxy or application gateway
IDS data normalization
Rotation?

21. Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere
Some reasons to use TCP over UDP
Smurf attack
Remote maintenance
The four types of events reported by IDS

22. When someone has compromised the integrity of data or a program. Allows attackers to create backdoors.
Types of ATM virtual circuits
Alteration of code
Integrity of Data
Some honeypot advantages

23. Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring
Some NIDS topology limitations
The different cable categories
The four basic approaches to defense in depth
Defense in depth

24. The Practice of sending an ACK inside another packet going to the same destination
Ack Piggybacking
Some reasons to use TCP over UDP
Hubs
Some NIDS topology limitations

25. 128.0.0.0 through 191.255.255.255 - with a subnet mask of 255.255.0.0
COM/Script program infector
Some malware capabilities
The protected enclave to defense in depth
What range is a class B network?

26. NTP - BootP/DHCP - NFS file systems - SNMP - TFTP
Parasitic malware
Some other UDP based protocols
What's an easy way to test encryption?
Some honeypot advantages

27. -Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom
Some NIDS topology limitations
Some external threat concerns
Address Resolution Protocol (ARP)
Anomaly analysis work

28. Infects the EXE and make them operate slightly different - when infected - exe header sizes are altered to point to the appended viral code
Snort
What ways should the crypto key be protected?
Some common UDP ports
EXE program infector

29. low interaction production honeypot - network daemon that can simulate other hosts - each host can appear as a different OS
Honeyd
Vulnerabilities
Integrity of Data
Some malware capabilities

30. Used by IDS for a baseline before analysis - attackers will try to de-normalize traffic to evade detection - IDS will normalize data for understood protocols
EXE program infector
IDS data normalization
The network layer
Trojan horse

31. Intellectual property - business goals - validated data - historical
File Integrity checking work
Best way to protect wireless networks
Internet
What threats should be protected against - based on threat levels

32. Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con
A network protocol
ATM work
Some types of malicious code
The goals of cryptography

33. TCP/IP - the IP protoco - The core routing protocol of the internet - - deals with transmission of packets between end points - defines the addressing scheme for the internet
The session layer
Some FTP dangers
The TCP/IP model
When implementing protocols - what stack should be used?

34. UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks
SQL Slammer Worm
Smurf attack
Risk
Worms

35. Unified data carrying service - replacing from replay and ATM
Hubs
Multi protocol label switching
The difference in stacks
Deep packet inspection

36. Connects the physical part of the network (cables) with the abstract (packets and datastreams)
The data link layer
Honeyd
The three goals of security
Checksum in UDP

37. Work groups that require additional protection are segmented from the rest of the internal organization - restricting access to critical segments - system of VPNs - internal firewall - VLANs and ACLs
The protected enclave to defense in depth
Trojan horse
Parasitic malware
Snort

38. Metropolitan area network - spans across city or town - larger than a LAN - uses fiber for backbone
IDS signature analysis work
MAN
When talking about protocols and referencing layers - what stack is used
Browsing attack

39. Confidentiality - integrity - availability
The three goals of security
Some ways to bypass firewall protections
Permutation
Deep packet inspection

40. War dialing - war driving - Sniffing - eavesdropping - dumpster diving - social engineering
Honeyd
Firewall
Some Pen Test techniques
Types of viruses

41. An agreement on how different computer will work - protocols define the format and order of messages and what to do upon receipt of the messages - basically the rules of the network
The threat vector analysis in defense in depth
LAN
A network protocol
NIDS advantages

42. 1. physical 2. data 3. network 4. transport 5. session 6. presentation 7. application
The OSI Protocol Stack
Shallow packet inspection
Some types of malicious code
Some FTP dangers

43. Common backdoor to open a port - port scan scans for open ports on remote host - scans 0 - 65 -535 twice. TCP and UDP
Port scan
The different cable categories
What threats should be protected against - based on threat levels
The CIA triad

44. An appliance that controls access between public internet and a companies private network - or between a PC NIC and the rest of the PC.
Firewall
Ciphertext
Ack Piggybacking
Vulnerabilities

45. Considered to be a perimeter device
Integrity of Data
NIDS advantages
Router
TFTP

46. It handles the establishment and maintenance of connections between systems
The session layer
Ciphertext
A netmask
The protected enclave to defense in depth

47. Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls
Some firewall challenges
What threats should be protected against - based on threat levels
Checksum in UDP
The transport layer

48. The practice of sending an ACK inside another packet going to the same destination
Macro virus
Some malware capabilities
ACK piggybacking
The goals of cryptography

49. Free linux WLAN analysis tool - completely passive - cannot be detected - supports advanced GPS integration and mapping features - used for wardriving - WLAN vulerability assessment
Kismet
Multi protocol label switching
Stateful firewall
Logic bomb

50. Migrate to WPA2 - use strong authentication like PEAP or TTLS - audit network installations - require mutual auth between client and infrastructure equipment
Best way to protect wireless networks
Brute force
Some common TCP ports
Plaintext