SANS GISCP and GIAC questions with |\ |\ |\ |\ |\ |\
answers
Ack Piggybacking - CORRECT ANSWERS ✔✔The Practice of sending an ACK
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
inside another packet going to the same destination
|\ |\ |\ |\ |\ |\ |\ |\
Address resolution protocol - CORRECT ANSWERS ✔✔Protocol for mapping
|\ |\ |\ |\ |\ |\ |\ |\ |\
an IP address to a physical machine address that is recognized on the local
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
network. |\
A table, usually called the ARP cache, is used to maintain a correlation
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
between each MAC and its corresponding IP address
|\ |\ |\ |\ |\ |\ |\
What are the five threat vectors? - CORRECT ANSWERS ✔✔Outside attack
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
from network |\
Outsider attack from telephone |\ |\ |\
Insider attack from local network |\ |\ |\ |\
insider attack from local system |\ |\ |\ |\
attack from malicious code |\ |\ |\
What are some external threat concerns? - CORRECT ANSWERS ✔✔-
|\ |\ |\ |\ |\ |\ |\ |\ |\
Malicious code might execute destructive overwrite to hard disks
|\ |\ |\ |\ |\ |\ |\ |\
-Malicious mas mailing code might expose sensitive information to the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
internet
,- web server compromise might expose organization to ridicule
|\ |\ |\ |\ |\ |\ |\ |\
- Web server compromise might expose customer private data
|\ |\ |\ |\ |\ |\ |\ |\
What are some ways to bypass firewall protections? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔- Worms and Wireless
|\ |\ |\
- modems
|\
- tunnel anything through HTTP
|\ |\ |\ |\
- social engineering
|\ |\
What is social engineering? - CORRECT ANSWERS ✔✔- attempt to
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
manipulate or trick a person into providing information or access
|\ |\ |\ |\ |\ |\ |\ |\ |\
- bypass network security by exploiting humans
|\ |\ |\ |\ |\ |\
- vector is often outside attack by telephone or visitor inside
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
What is Hping? - CORRECT ANSWERS ✔✔- a TCP version of ping
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
- sends custom TCP packets to a host and listens for replies
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
- enables port scanning and spoofing simultaneously
|\ |\ |\ |\ |\ |\
What is a group? - CORRECT ANSWERS ✔✔A group means multiple
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
iterations won't matter. If you encrypt with a key, then re-encrypt, it's the same
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
as using one key.
|\ |\ |\ |\
What is a port scan? - CORRECT ANSWERS ✔✔- common backdoor to open
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
a port|\
,- port scan scans for open ports on remote host
|\ |\ |\ |\ |\ |\ |\ |\ |\
- scans 0 - 65,535 twice. TCP and UDP
|\ |\ |\ |\ |\ |\ |\ |\
What is nmap? - CORRECT ANSWERS ✔✔Network scanner.
|\ |\ |\ |\ |\ |\ |\
What are nmap scanning techniques? - CORRECT ANSWERS ✔✔- Full open
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
- half open (stealth scan)
|\ |\ |\ |\
- UDP
|\
- Ping
|\
What is network stumbler? - CORRECT ANSWERS ✔✔- free windows based
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
wireless scanner for 802.1b
|\ |\ |\
- detects access point settings
|\ |\ |\ |\
- supports GSP integration
|\ |\ |\
- identifies networks as encrypted or unencrypted
|\ |\ |\ |\ |\ |\
What is Kismet? - CORRECT ANSWERS ✔✔- Free linux WLAN analysis tool
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
- completely passive, cannot be detected
|\ |\ |\ |\ |\
- supports advanced GPS integration and mapping features
|\ |\ |\ |\ |\ |\ |\
- used for wardriving, WLAN vulerability assessment
|\ |\ |\ |\ |\ |\
What is Wardriving? - CORRECT ANSWERS ✔✔Going around with
|\ |\ |\ |\ |\ |\ |\ |\ |\
equipment to detect wireless networks |\ |\ |\ |\
, What is War Dialing? - CORRECT ANSWERS ✔✔- trying to ID modems in a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
telephone exchange that may be susceptible to compromise
|\ |\ |\ |\ |\ |\ |\
What are some Pen Test techniques? - CORRECT ANSWERS ✔✔- War dialing
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
- war driving
|\ |\
- Sniffing
|\
- eavesdropping
|\
- dumpster diving
|\ |\
- social engineering
|\ |\
What is IDS? - CORRECT ANSWERS ✔✔- intrusion detection system
|\ |\ |\ |\ |\ |\ |\ |\ |\
- it reports attacks against monitored systems/networks
|\ |\ |\ |\ |\ |\
What is IDS not? - CORRECT ANSWERS ✔✔- not a replacement for firewalls,
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
hardening, strong policies, or other DiD methods
|\ |\ |\ |\ |\ |\ |\
- low maintenance
|\ |\
- inexpensive
|\
What are the four types of events reported by IDS? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔- true positive
|\ |\
- false positive
|\ |\
- true negative
|\ |\
- false negative
|\ |\
answers
Ack Piggybacking - CORRECT ANSWERS ✔✔The Practice of sending an ACK
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
inside another packet going to the same destination
|\ |\ |\ |\ |\ |\ |\ |\
Address resolution protocol - CORRECT ANSWERS ✔✔Protocol for mapping
|\ |\ |\ |\ |\ |\ |\ |\ |\
an IP address to a physical machine address that is recognized on the local
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
network. |\
A table, usually called the ARP cache, is used to maintain a correlation
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
between each MAC and its corresponding IP address
|\ |\ |\ |\ |\ |\ |\
What are the five threat vectors? - CORRECT ANSWERS ✔✔Outside attack
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
from network |\
Outsider attack from telephone |\ |\ |\
Insider attack from local network |\ |\ |\ |\
insider attack from local system |\ |\ |\ |\
attack from malicious code |\ |\ |\
What are some external threat concerns? - CORRECT ANSWERS ✔✔-
|\ |\ |\ |\ |\ |\ |\ |\ |\
Malicious code might execute destructive overwrite to hard disks
|\ |\ |\ |\ |\ |\ |\ |\
-Malicious mas mailing code might expose sensitive information to the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
internet
,- web server compromise might expose organization to ridicule
|\ |\ |\ |\ |\ |\ |\ |\
- Web server compromise might expose customer private data
|\ |\ |\ |\ |\ |\ |\ |\
What are some ways to bypass firewall protections? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔- Worms and Wireless
|\ |\ |\
- modems
|\
- tunnel anything through HTTP
|\ |\ |\ |\
- social engineering
|\ |\
What is social engineering? - CORRECT ANSWERS ✔✔- attempt to
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
manipulate or trick a person into providing information or access
|\ |\ |\ |\ |\ |\ |\ |\ |\
- bypass network security by exploiting humans
|\ |\ |\ |\ |\ |\
- vector is often outside attack by telephone or visitor inside
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
What is Hping? - CORRECT ANSWERS ✔✔- a TCP version of ping
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
- sends custom TCP packets to a host and listens for replies
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
- enables port scanning and spoofing simultaneously
|\ |\ |\ |\ |\ |\
What is a group? - CORRECT ANSWERS ✔✔A group means multiple
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
iterations won't matter. If you encrypt with a key, then re-encrypt, it's the same
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
as using one key.
|\ |\ |\ |\
What is a port scan? - CORRECT ANSWERS ✔✔- common backdoor to open
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
a port|\
,- port scan scans for open ports on remote host
|\ |\ |\ |\ |\ |\ |\ |\ |\
- scans 0 - 65,535 twice. TCP and UDP
|\ |\ |\ |\ |\ |\ |\ |\
What is nmap? - CORRECT ANSWERS ✔✔Network scanner.
|\ |\ |\ |\ |\ |\ |\
What are nmap scanning techniques? - CORRECT ANSWERS ✔✔- Full open
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
- half open (stealth scan)
|\ |\ |\ |\
- UDP
|\
- Ping
|\
What is network stumbler? - CORRECT ANSWERS ✔✔- free windows based
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
wireless scanner for 802.1b
|\ |\ |\
- detects access point settings
|\ |\ |\ |\
- supports GSP integration
|\ |\ |\
- identifies networks as encrypted or unencrypted
|\ |\ |\ |\ |\ |\
What is Kismet? - CORRECT ANSWERS ✔✔- Free linux WLAN analysis tool
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
- completely passive, cannot be detected
|\ |\ |\ |\ |\
- supports advanced GPS integration and mapping features
|\ |\ |\ |\ |\ |\ |\
- used for wardriving, WLAN vulerability assessment
|\ |\ |\ |\ |\ |\
What is Wardriving? - CORRECT ANSWERS ✔✔Going around with
|\ |\ |\ |\ |\ |\ |\ |\ |\
equipment to detect wireless networks |\ |\ |\ |\
, What is War Dialing? - CORRECT ANSWERS ✔✔- trying to ID modems in a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
telephone exchange that may be susceptible to compromise
|\ |\ |\ |\ |\ |\ |\
What are some Pen Test techniques? - CORRECT ANSWERS ✔✔- War dialing
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
- war driving
|\ |\
- Sniffing
|\
- eavesdropping
|\
- dumpster diving
|\ |\
- social engineering
|\ |\
What is IDS? - CORRECT ANSWERS ✔✔- intrusion detection system
|\ |\ |\ |\ |\ |\ |\ |\ |\
- it reports attacks against monitored systems/networks
|\ |\ |\ |\ |\ |\
What is IDS not? - CORRECT ANSWERS ✔✔- not a replacement for firewalls,
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
hardening, strong policies, or other DiD methods
|\ |\ |\ |\ |\ |\ |\
- low maintenance
|\ |\
- inexpensive
|\
What are the four types of events reported by IDS? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔- true positive
|\ |\
- false positive
|\ |\
- true negative
|\ |\
- false negative
|\ |\
