SANS GISCP and GIAC UPDATED Exam Questions and CORRECT Answers
2 mal angesehen 0 mal verkauft
Kurs
SANS GISCP
Hochschule
SANS GISCP
SANS GISCP and GIAC UPDATED Exam
Questions and CORRECT Answers
Ack Piggybacking - Correct Answer- The Practice of sending an ACK inside another packet
going to the same destination
Address resolution protocol - Correct Answer- Protocol for mapping an IP address to a
physical machine address...
SANS GISCP and GIAC UPDATED Exam
Questions and CORRECT Answers
Ack Piggybacking - Correct Answer- The Practice of sending an ACK inside another packet
going to the same destination
Address resolution protocol - Correct Answer- Protocol for mapping an IP address to a
physical machine address that is recognized on the local network.
A table, usually called the ARP cache, is used to maintain a correlation between each MAC
and its corresponding IP address
What are the five threat vectors? - Correct Answer- Outside attack from network
Outsider attack from telephone
Insider attack from local network
insider attack from local system
attack from malicious code
What are some external threat concerns? - Correct Answer- -Malicious code might execute
destructive overwrite to hard disks
-Malicious mas mailing code might expose sensitive information to the internet
- web server compromise might expose organization to ridicule
- Web server compromise might expose customer private data
What are some ways to bypass firewall protections? - Correct Answer- - Worms and Wireless
- modems
- tunnel anything through HTTP
- social engineering
What is social engineering? - Correct Answer- - attempt to manipulate or trick a person into
providing information or access
- bypass network security by exploiting humans
,- vector is often outside attack by telephone or visitor inside
What is Hping? - Correct Answer- - a TCP version of ping
- sends custom TCP packets to a host and listens for replies
- enables port scanning and spoofing simultaneously
What is a group? - Correct Answer- A group means multiple iterations won't matter. If you
encrypt with a key, then re-encrypt, it's the same as using one key.
What is a port scan? - Correct Answer- - common backdoor to open a port
- port scan scans for open ports on remote host
- scans 0 - 65,535 twice. TCP and UDP
What is nmap? - Correct Answer- Network scanner.
What are nmap scanning techniques? - Correct Answer- - Full open
- half open (stealth scan)
- UDP
- Ping
What is network stumbler? - Correct Answer- - free windows based wireless scanner for
802.1b
- detects access point settings
- supports GSP integration
- identifies networks as encrypted or unencrypted
What is Kismet? - Correct Answer- - Free linux WLAN analysis tool
- completely passive, cannot be detected
- supports advanced GPS integration and mapping features
- used for wardriving, WLAN vulerability assessment
,What is Wardriving? - Correct Answer- Going around with equipment to detect wireless
networks
What is War Dialing? - Correct Answer- - trying to ID modems in a telephone exchange that
may be susceptible to compromise
What are some Pen Test techniques? - Correct Answer- - War dialing
- war driving
- Sniffing
- eavesdropping
- dumpster diving
- social engineering
What is IDS? - Correct Answer- - intrusion detection system
- it reports attacks against monitored systems/networks
What is IDS not? - Correct Answer- - not a replacement for firewalls, hardening, strong
policies, or other DiD methods
- low maintenance
- inexpensive
What are the four types of events reported by IDS? - Correct Answer- - true positive
- false positive
- true negative
- false negative
How does IDS signature analysis work? - Correct Answer- - rules indicate criteria in packets
that represent events of interest
- rules are applied to packets as they are received
- alerts are created when matches are found
, How does anomaly analysis work? - Correct Answer- - flags anomalous conditions in traffic
on the network
- requires understanding on what is normal
- bases good traffic as a baseline
What is deep packet inspection? - Correct Answer- - slow, requires stateful data tracking
- inspects all fields, including variable-length fields
What is shallow packet inspection? - Correct Answer- - fast, with little fidelity
- examines header information and limited payload data
What is Honeyd? - Correct Answer- - low interaction production honeypot
- network daemon that can simulate other hosts
- each host can appear as a different OS
What is a netcat listener? - Correct Answer- - simplest form of a research honeypot
- useful in identifying nature of TCP scans, allows attacker to complete 3-way handshake
- listens on a defined port, logs incoming requests for analysis
What are some disadvantages of honeypots? - Correct Answer- - improper deployment can
increase attack risk - if production systems aren't sufficiently protected, they can be
vulnerable from a honeypot
- legal liability
What are some honeypot advantages? - Correct Answer- - provides insight into the tactics,
motives, and attacker tools
What is a honeypot? - Correct Answer- - a system resource that has no legitimate purpose or
reason for someone to connect to it
- its purpose is to draw in attackers to understand how they break into a system
Alle Vorteile der Zusammenfassungen von Stuvia auf einen Blick:
Garantiert gute Qualität durch Reviews
Stuvia Verkäufer haben mehr als 700.000 Zusammenfassungen beurteilt. Deshalb weißt du dass du das beste Dokument kaufst.
Schnell und einfach kaufen
Man bezahlt schnell und einfach mit iDeal, Kreditkarte oder Stuvia-Kredit für die Zusammenfassungen. Man braucht keine Mitgliedschaft.
Konzentration auf den Kern der Sache
Deine Mitstudenten schreiben die Zusammenfassungen. Deshalb enthalten die Zusammenfassungen immer aktuelle, zuverlässige und up-to-date Informationen. Damit kommst du schnell zum Kern der Sache.
Häufig gestellte Fragen
Was bekomme ich, wenn ich dieses Dokument kaufe?
Du erhältst eine PDF-Datei, die sofort nach dem Kauf verfügbar ist. Das gekaufte Dokument ist jederzeit, überall und unbegrenzt über dein Profil zugänglich.
Zufriedenheitsgarantie: Wie funktioniert das?
Unsere Zufriedenheitsgarantie sorgt dafür, dass du immer eine Lernunterlage findest, die zu dir passt. Du füllst ein Formular aus und unser Kundendienstteam kümmert sich um den Rest.
Wem kaufe ich diese Zusammenfassung ab?
Stuvia ist ein Marktplatz, du kaufst dieses Dokument also nicht von uns, sondern vom Verkäufer MGRADES. Stuvia erleichtert die Zahlung an den Verkäufer.
Werde ich an ein Abonnement gebunden sein?
Nein, du kaufst diese Zusammenfassung nur für 9,97 €. Du bist nach deinem Kauf an nichts gebunden.
