100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
SANS GISCP and GIAC Questions with correct Answers $13.99   Add to cart

Exam (elaborations)

SANS GISCP and GIAC Questions with correct Answers

 7 views  0 purchase
  • Course
  • SANS
  • Institution
  • SANS

Exam of 49 pages for the course SANS at SANS (SANS GISCP and GIAC)

Preview 4 out of 49  pages

  • August 3, 2024
  • 49
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • SANS
  • SANS
avatar-seller
julianah420
SANS GISCP and GIAC


Ack Piggybacking - answerThe Practice of sending an ACK inside another packet going
to the same destination

Address resolution protocol - answerProtocol for mapping an IP address to a physical
machine address that is recognized on the local network.
A table, usually called the ARP cache, is used to maintain a correlation between each
MAC and its corresponding IP address

What are the five threat vectors? - answerOutside attack from network
Outsider attack from telephone
Insider attack from local network
insider attack from local system
attack from malicious code

What are some external threat concerns? - answer-Malicious code might execute
destructive overwrite to hard disks
-Malicious mas mailing code might expose sensitive information to the internet
- web server compromise might expose organization to ridicule
- Web server compromise might expose customer private data

What are some ways to bypass firewall protections? - answer- Worms and Wireless
- modems
- tunnel anything through HTTP
- social engineering

What is social engineering? - answer- attempt to manipulate or trick a person into
providing information or access
- bypass network security by exploiting humans
- vector is often outside attack by telephone or visitor inside

What is Hping? - answer- a TCP version of ping
- sends custom TCP packets to a host and listens for replies
- enables port scanning and spoofing simultaneously

What is a group? - answerA group means multiple iterations won't matter. If you encrypt
with a key, then re-encrypt, it's the same as using one key.

What is a port scan? - answer- common backdoor to open a port
- port scan scans for open ports on remote host

,- scans 0 - 65,535 twice. TCP and UDP

What is nmap? - answerNetwork scanner.

What are nmap scanning techniques? - answer- Full open
- half open (stealth scan)
- UDP
- Ping

What is network stumbler? - answer- free windows based wireless scanner for 802.1b
- detects access point settings
- supports GSP integration
- identifies networks as encrypted or unencrypted

What is Kismet? - answer- Free linux WLAN analysis tool
- completely passive, cannot be detected
- supports advanced GPS integration and mapping features
- used for wardriving, WLAN vulerability assessment

What is Wardriving? - answerGoing around with equipment to detect wireless networks

What is War Dialing? - answer- trying to ID modems in a telephone exchange that may
be susceptible to compromise

What are some Pen Test techniques? - answer- War dialing
- war driving
- Sniffing
- eavesdropping
- dumpster diving
- social engineering

What is IDS? - answer- intrusion detection system
- it reports attacks against monitored systems/networks

What is IDS not? - answer- not a replacement for firewalls, hardening, strong policies, or
other DiD methods
- low maintenance
- inexpensive

What are the four types of events reported by IDS? - answer- true positive
- false positive
- true negative
- false negative

How does IDS signature analysis work? - answer- rules indicate criteria in packets that
represent events of interest

,- rules are applied to packets as they are received
- alerts are created when matches are found

How does anomaly analysis work? - answer- flags anomalous conditions in traffic on the
network
- requires understanding on what is normal
- bases good traffic as a baseline

What is deep packet inspection? - answer- slow, requires stateful data tracking
- inspects all fields, including variable-length fields

What is shallow packet inspection? - answer- fast, with little fidelity
- examines header information and limited payload data

What is Honeyd? - answer- low interaction production honeypot
- network daemon that can simulate other hosts
- each host can appear as a different OS

What is a netcat listener? - answer- simplest form of a research honeypot
- useful in identifying nature of TCP scans, allows attacker to complete 3-way
handshake
- listens on a defined port, logs incoming requests for analysis

What are some disadvantages of honeypots? - answer- improper deployment can
increase attack risk - if production systems aren't sufficiently protected, they can be
vulnerable from a honeypot
- legal liability

What are some honeypot advantages? - answer- provides insight into the tactics,
motives, and attacker tools

What is a honeypot? - answer- a system resource that has no legitimate purpose or
reason for someone to connect to it
- its purpose is to draw in attackers to understand how they break into a system

What is a proxy or application gateway? - answer- maintains complete TCP connection
state and sequencing through 2 connections
- address translation built-in by virtue of second connection above

What is a stateful firewall? - answerStateful firewalls maintain state of traffic flows

What is No State Inspection ACK flag set? - answerpacket filter firewalls rely on TCP
flags to determine connection state. Attacker can send ACK packets only to bypass
firewall.

What is IDS data normalization? - answer- used by IDS for a baseline before analysis

, - attackers will try to de-normalize traffic to evade detection
- IDS will normalize data for understood protocols

What are NIDS advantages? - answer- provides insight into traffic on the network
- help detect problems with network operations
- provides auditing for other security measures

What are NIDS challenges? - answer- deployment challenges including topology and
access limitations
- analyzing encrypted traffic
- quantity vs. quality of signatures
- performance limitations with extensive analysis techniques
- very costly for proper management

What are some NIDS topology limitations? - answer- switches networks make it difficult
to monitor traffic in promiscuous mode
- topology must be able to support traffic aggregation for monitoring

What is Snort? - answer- open source tool for monitoring
- can be used as a NIDS
- has quick updates and flexibility for custom rules

What is a stateless packet filter? - answerA low end firewall that can quickly be
deployed using existing hardware. They examine packets themselves with no content.

What are some firewall benefits? - answer- protects internal/external systems from
attack
- filters communications based on content
- performs NAT
- encrypts communications for VPN
- logging to aid in intrusion detection

What are some firewall challenges? - answer- application layer attacks may get through
- dialup, VPN, extranet connections may bypass firewalls

What is a firewall? - answerAn appliance that controls access between public internet
and a companies private network, or between a PC NIC and the rest of the PC.

What is a rootkit? - answerA cracking tool inserted into the OS that allows the attacker
to do as they please.

What is alteration of code? - answerWhen someone has compromised the integrity of
data or a program. Allows attackers to create backdoors.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller julianah420. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $13.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

71947 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$13.99
  • (0)
  Add to cart