TestLab

Practice by Category & Subject

Select a subject to start practicing

Business Finance & Management

Excel
1521
Financial Accounting
1463
Operations Management
871
Business Management
860

Industrial Engineering & Manufacturing

Thermodynamics
800
Engineering Mathematics
744
Machine Design
490
Strength of Materials
486

IT & Programming

PHP
926
Python
835
HTML
674
Wordpress
647

Design & Multimedia

Adobe Photoshop
1122
Microsoft PowerPoint
954
Adobe Illustrator
690
CorelDRAW
313

Content Writing & Translation

Microsoft Word
1064
English Language
851
Linguistics
425
Academic Writing
234

Administrative Support

Microsoft Outlook
481
Customer Service
287
Google Search
218
Computer Skills
217

View All Subjects

Features Pricing

Practice Features Pricing Sign In Sign Up

Home
Practice
GIAC
Cyber Security & Ethical Hacking

Quick Navigation

Back to GIAC All Subjects

Other Cyber Security & Ethical Hacking Subjects

CISSP Security Architecture And Design

31 questions

GIAC - Cyber Security & Ethical Hacking

Practice questions to test your knowledge and improve your understanding.

Answered

Correct

Accuracy

Question 1 Easy Mcq

✓ Correct ✗ Incorrect

192.0.0.0 through 223.255.255.255 - subnet mask of 255.255.255.0

Stateful firewall

NIDS challenges

Some Pen Test techniques

What range is a class C network?

Explanation:

The IP range 192.0.0.0 to 223.255.255.255 defines the entire Class C address space in the traditional IPv4 classification system. When combined with a subnet mask of 255.255.255.0, this configuration isolates the network portion to the first three octets, leaving only the final octet for host addresses. This specific combination is the standard definition for identifying Class C networks, which historically supported up to 254 hosts per network. Consequently, this option correctly identifies the technical parameters that distinguish Class C from Class A or Class B ranges. Understanding this structure is fundamental for network segmentation and routing decisions in legacy and modern IP addressing schemes.

Question 2 Easy Mcq

✓ Correct ✗ Incorrect

Going around with equipment to detect wireless networks

Social engineering

Wardriving

What's a VLAN

Brute force

Explanation:

Wardriving involves driving or walking through an area while using a wireless network interface to detect and log available Wi-Fi networks. This activity specifically focuses on mapping wireless access points and their security settings by moving physically through the environment. The term originates from the practice of driving around to find open networks, making it the precise definition for this scenario. It is a common reconnaissance technique used to identify potential security vulnerabilities in wireless infrastructure. Therefore, this action directly matches the description of going around with equipment to detect wireless networks.

Question 3 Easy Mcq

✓ Correct ✗ Incorrect

Switches along the path can be requested to allocate the desired amount of bandwidth. If the circuit has the required bandwidth - the circuit is set up.

When setting up a virtual circuit

Worms

Some common TCP ports

TFTP

Explanation:

This statement describes the resource reservation mechanism inherent in connection-oriented protocols like ATM or MPLS, where switches along a path negotiate bandwidth before data transmission begins. When the network confirms that every switch on the route has sufficient capacity, the virtual circuit is successfully established and ready for use. This process ensures guaranteed Quality of Service by reserving specific network resources prior to sending any actual user data packets. The setup phase is critical because it transforms a best-effort network into a dedicated path with predictable performance characteristics. Therefore, the description accurately applies to the initial configuration and validation steps of creating a virtual circuit.

Question 4 Easy Mcq

✓ Correct ✗ Incorrect

Local area network - small network confined to small location - all equipment owned by a single entity - vulnerable to inside threats and logic bombs

Address resolution protocol

Nmap scanning techniques

LAN

Some reasons to use TCP over UDP

Explanation:

A Local Area Network (LAN) is defined as a small network confined to a single location where all equipment is owned by one entity, making it highly susceptible to internal threats and logic bombs. Unlike wide area networks, the centralized ownership means security controls rely heavily on trust within that specific group, leaving the system vulnerable if an insider acts maliciously. The description provided in the question directly matches the fundamental characteristics and inherent risks associated with a LAN environment. Understanding this definition is crucial for recognizing why organizations must implement strict internal access controls and monitoring. This concept forms the basis of network segmentation and internal threat management strategies. Therefore, identifying a LAN based on these specific constraints is the correct response.

Question 5 Medium Mcq

✓ Correct ✗ Incorrect

Connection oriented - before systems can communicate over an ATM network - they must establish a virtual circuit between each other - this can span across multiple ATM switches that also handle communications for other systems - at the end of the con

Some reasons to use UDP over TCP

The data link layer

Hubs

ATM work

Explanation:

ATM networks rely on connection-oriented communication, requiring a virtual circuit to be established before data transfer can occur. This process involves setting up a logical path across multiple switches, which is the fundamental function of ATM work in managing network resources. Unlike connectionless protocols, ATM ensures reliable delivery by maintaining these dedicated paths, making the establishment of virtual circuits the core operational task of the ATM system.

Question 6 Easy Mcq

✓ Correct ✗ Incorrect

Outside attack from network - Outsider attack from telephone - Insider attack from local network - insider attack from local system - attack from malicious code

COM/Script program infector

The five threat vectors

What range is a class A network?

The application layer

Explanation:

The five threat vectors represent the primary pathways attackers use to compromise systems, including external network attacks, telephone-based intrusions, local network breaches, local system exploits, and malicious code infections. This classification covers the full spectrum of entry points from outside sources to insider threats and software-based attacks. Understanding these distinct categories helps organizations implement targeted security controls for each specific risk. It provides a foundational framework for analyzing how different attack methods originate and propagate within an IT environment. Recognizing these vectors is essential for developing a comprehensive incident response and prevention strategy.

Question 7 Easy Mcq

✓ Correct ✗ Incorrect

Protected at rest - protected in transit - secure the key

What ways should the crypto key be protected?

Router

Worms

Rootkit

Explanation:

Protecting the cryptographic key is the critical step that ensures data remains secure both at rest and in transit. Without a robust key protection strategy, even the strongest encryption algorithms can be easily compromised by unauthorized access. This involves using secure storage mechanisms like Hardware Security Modules (HSMs) or Trusted Platform Modules (TPMs) to prevent key theft. Proper key management ensures that only authorized entities can decrypt sensitive information, maintaining the integrity of the entire security architecture. Consequently, focusing on key protection directly addresses the core requirement of maintaining confidentiality across all data states.

Question 8 Easy Mcq

✓ Correct ✗ Incorrect

Wide Area Network - Larger than MAN or LAN - uses public network - phone lines - and leased lines to tie LAN and MAN over a dispersed area

A netcat listener

The conficker worm

File Integrity checking work

WAN

Explanation:

A Wide Area Network (WAN) is defined by its ability to span large geographical distances, connecting multiple Local Area Networks (LANs) and Metropolitan Area Networks (MANs) across dispersed regions. It achieves this extensive reach by utilizing public infrastructure like telephone lines or dedicated leased lines to transmit data between distant locations. This architecture specifically addresses the need for connectivity beyond the limits of local networks, making it the only option that fits the description of a large-scale network using public or leased connections.

Question 9 Easy Mcq

✓ Correct ✗ Incorrect

Handles the network address scheme and connectivity of multiple network segments. It handles communication.

Buffer overflow

The network layer

The transport layer

Some common TCP ports

Explanation:

The network layer is responsible for managing logical addressing through schemes like IP, enabling devices across different segments to locate one another. It handles routing decisions to determine the best path for data packets to travel between these diverse network segments. By establishing end-to-end connectivity, this layer ensures that communication can occur effectively regardless of the underlying physical topology. Consequently, it serves as the fundamental foundation for inter-network communication and data forwarding.

Question 10 Medium Mcq

✓ Correct ✗ Incorrect

Switches networks make it difficult to monitor traffic in promiscuous mode - topology must be able to support traffic aggregation for monitoring

Hubs

Some NIDS topology limitations

HIDS monitor

MAN

Explanation:

Network switches operate by inspecting packet headers and forwarding data only to the specific destination port, which prevents a single monitoring device from seeing all traffic on a segment like a hub would. This selective forwarding creates inherent topology limitations for Network Intrusion Detection Systems (NIDS) that rely on promiscuous mode to capture a complete view of network activity. To overcome this, administrators must implement traffic aggregation techniques, such as using span ports or network taps, to ensure the monitoring system receives a comprehensive copy of the traffic. Without these specific architectural adjustments, the NIDS cannot effectively detect threats that traverse multiple switch ports. Therefore, the difficulty stems directly from these structural constraints inherent to switched environments.

Question 11 Easy Mcq

✓ Correct ✗ Incorrect

53 bytes - 48 bytes for data - 5 bytes for the header

Total cell size for asynchronous transfer mode (ATM)

The Uniform Protection to defense in depth

Integrity of Data

Brute force

Explanation:

This calculation represents the standard structure of an Asynchronous Transfer Mode (ATM) cell, which is a fundamental unit of data transmission in ATM networks. The 5-byte header contains routing and control information, while the remaining 48 bytes form the fixed-size payload used to carry user data. This rigid 53-byte total size is a defining characteristic of ATM technology, ensuring efficient switching and low latency for real-time applications.

Question 12 Easy Mcq

✓ Correct ✗ Incorrect

1.0.0.0 through 127.255.255.255 - subnet mask starts at 255.0.0.0

What categories do vulnerabilities fall into?

IDS signature analysis work

What ways should the crypto key be protected?

What range is a class A network?

Explanation:

Class A networks are defined by the first octet ranging from 1 to 126, which corresponds to the IP address block starting at 1.0.0.0 and ending at 127.255.255.255. This range utilizes a subnet mask of 255.0.0.0, allocating the first bit for the network portion and the remaining 31 bits for host addresses. The value 127 is reserved for loopback testing, making 126 the highest usable number for this class. Therefore, the specified range accurately describes the standard definition of a Class A network address space.

Question 13 Medium Mcq

✓ Correct ✗ Incorrect

Application layer attacks may get through - dialup - VPN - extranet connections may bypass firewalls

Some firewall challenges

HIDS monitor

Race conditions

The TCP/IP model

Explanation:

Application layer attacks often exploit the fact that firewalls traditionally focus on network and transport layer protocols, potentially overlooking complex application-specific traffic. Connections like dial-up, VPN, or extranet can bypass these perimeter defenses by establishing trusted tunnels or using legacy protocols that firewalls do not inspect deeply. Consequently, these channels allow malicious payloads to slip past standard filtering rules, representing a specific challenge rather than a fundamental flaw in the TCP/IP model or a race condition. This highlights the need for deep packet inspection and application-aware security policies to effectively mitigate such threats.

Question 14 Easy Mcq

✓ Correct ✗ Incorrect

Allows admins to remotely access a system for troubleshooting. - E.g VNC - GoToMyPc - PC Anywhere

Parasitic malware

Remote maintenance

The Information Centric defense in depth

3-way handshake

Explanation:

Remote maintenance refers to the legitimate capability that permits administrators to connect to a system from a distance to perform troubleshooting or updates. Tools like VNC or PC Anywhere facilitate this by creating secure, authenticated tunnels that allow IT staff to view the desktop and execute commands without physical presence. This functionality is a standard feature in modern operating systems and enterprise management software to ensure rapid issue resolution. It represents a controlled administrative privilege rather than a security vulnerability when properly configured with access controls. Consequently, this definition directly aligns with the description of allowing remote access for system maintenance tasks.

Question 15 Easy Mcq

✓ Correct ✗ Incorrect

Stateful firewalls maintain state of traffic flows

Stateful firewall

Bridge

Address Resolution Protocol (ARP)

Datagram length of a UDP packet

Explanation:

Stateful firewalls are specifically designed to track the state of active network connections, such as TCP sessions or UDP flows, within a dedicated memory table. By maintaining this context, the firewall can intelligently allow return traffic for established connections without inspecting every single packet individually. This mechanism provides a significant security advantage over simple packet filtering because it ensures that only legitimate responses to internal requests are permitted through the network boundary. Consequently, the device described in the question is definitively identified as a stateful firewall due to its core ability to manage connection states dynamically.

Question 16 Easy Mcq

✓ Correct ✗ Incorrect

Physical layer - Data link layer - Network Layer - Transport Layer - Session Layer - Presentation Layer - Application Layer

Best way to protect wireless networks

IDS data normalization

The OSI model

TFTP

Explanation:

The sequence lists the seven hierarchical layers of the Open Systems Interconnection (OSI) model, which is a conceptual framework used to understand network interactions. Each layer, from the physical transmission of bits at the bottom to application services at the top, performs specific functions to enable communication between different systems. This structured approach allows network engineers to design, troubleshoot, and standardize protocols without needing to know the internal details of other layers, making it the fundamental reference for networking architecture.

Question 17 Easy Mcq

✓ Correct ✗ Incorrect

A cracking tool inserted into the OS that allows the attacker to do as they please.

LAN

Rootkit

What range is a class B network?

NAC

Explanation:

A rootkit is a malicious software package designed to grant an attacker unauthorized access and maintain persistent control over an operating system. By deeply integrating into the kernel or system libraries, it hides its presence and allows the attacker to execute commands, modify files, and bypass security measures as if they were the system administrator. This capability to do as they please while remaining undetected perfectly matches the description of a cracking tool inserted into the OS. Consequently, it represents a severe threat to system integrity and confidentiality.

Question 18 Medium Mcq

✓ Correct ✗ Incorrect

Threat requires a vector to cross the vulnerability - stop the ability of the threat to use the vector

The protected enclave to defense in depth

ATM work

The CIA triad

The threat vector analysis in defense in depth

Explanation:

Defense in depth is a strategic approach that layers multiple security controls to protect assets, effectively stopping threats from exploiting any single vulnerability. By analyzing threat vectors within this layered framework, organizations can identify specific entry points and implement targeted barriers to disrupt the threat's path. This comprehensive analysis ensures that even if one layer fails, subsequent layers prevent the threat from crossing the vulnerability. Consequently, integrating threat vector analysis into a multi-layered defense strategy is the most effective method to neutralize potential risks. This holistic approach transforms passive protection into an active, resilient security posture capable of adapting to evolving threats.

Question 19 Easy Mcq

✓ Correct ✗ Incorrect

Simplest form of a research honeypot - useful in identifying nature of TCP scans - allows attacker to complete 3-way handshake - listens on a defined port - logs incoming requests for analysis

Types of ATM virtual circuits

A netcat listener

3-way handshake

Nmap

Explanation:

A netcat listener serves as the simplest research honeypot by actively listening on a specific port to accept incoming TCP connections. It allows attackers to complete the full three-way handshake, which reveals the nature of the scan without exposing sensitive backend services. By logging these completed handshakes, security analysts can effectively identify and analyze the specific tools and techniques used by potential intruders. This lightweight approach provides valuable intelligence on attack vectors while maintaining a minimal attack surface. Consequently, it is the ideal choice for basic reconnaissance and understanding attacker behavior in a controlled environment.

Question 20 Easy Mcq

✓ Correct ✗ Incorrect

Program disguised as something helpful - only to perform actions the user did not intend. Opening ports - installing other programs - etc.

Types of ATM virtual circuits

Some common UDP ports

When implementing protocols - what stack should be used?

Trojan horse

Explanation:

A Trojan horse is a malicious program that disguises itself as legitimate or helpful software to deceive users into executing it. Once activated, it bypasses security measures to perform unauthorized actions such as opening network ports or installing additional malware without the user's knowledge. This behavior directly matches the description of a program pretending to be useful while secretly compromising the system. Unlike other malware types that may hide in plain sight, Trojans rely entirely on social engineering to trick the victim. The result is a loss of control over the system and potential data theft. Therefore, this definition accurately describes the concept of a Trojan horse.

Question 21 Easy Mcq

✓ Correct ✗ Incorrect

Malicious code might execute destructive overwrite to hard disks -Malicious mas mailing code might expose sensitive information to the internet - web server compromise might expose organization to ridicule - Web server compromise might expose custom

Some external threat concerns

Some network design objectives

Ack Piggybacking

The session layer

Explanation:

Malicious code, malware, and compromised web servers represent specific types of external threats that organizations must defend against. These scenarios illustrate how outside actors can damage hardware, leak data, or harm a company's reputation. Therefore, these examples collectively categorize as various external threat concerns that security teams need to identify and mitigate.

Question 22 Easy Mcq

✓ Correct ✗ Incorrect

An agreement on how different computer will work - protocols define the format and order of messages and what to do upon receipt of the messages - basically the rules of the network

Overview of TCP

A network protocol

PAN

Group

Explanation:

A network protocol acts as a standardized set of rules that governs how devices communicate and exchange data across a network. It strictly defines the format, timing, and sequence of messages to ensure that different systems can understand each other reliably. Without these agreed-upon guidelines, computers would lack a common language, making seamless data transmission impossible. Therefore, the description of rules for message format and order directly identifies the concept as a network protocol.

Question 23 Easy Mcq

✓ Correct ✗ Incorrect

FTP data - 21 - FTP - 23 - Telnet - 25 - SNMP - 53 - DNS - 79 - Finger - 80 - HTTP - 110 - POP - 443 - HTTPS

Some reasons to use TCP over UDP

The protected enclave to defense in depth

Some common TCP ports

The physical layer stack

Explanation:

This list enumerates standard port numbers assigned to widely used network protocols like HTTP, FTP, and DNS, which all operate over the Transmission Control Protocol. These specific ports are reserved to ensure that client applications can reliably connect to their corresponding server services using a connection-oriented approach. The sequence represents a fundamental part of the TCP/IP model where each number identifies a distinct application layer service. Understanding these mappings is essential for network administration and troubleshooting connectivity issues. Consequently, the collection clearly illustrates common TCP ports rather than physical layers or security enclaves.

Question 24 Easy Mcq

✓ Correct ✗ Incorrect

ATM supports two types of virtual circuits: permanent virtual circuits and switches virtual circuit - PVC is set up in advance - usually manually - SVC is established automatically through a signaling protocol and can be created on the fly - establis

Ack Piggybacking

Risk

Anomaly analysis work

Types of ATM virtual circuits

Explanation:

The text explicitly describes the two fundamental categories of connections in Asynchronous Transfer Mode (ATM) networks, distinguishing between Permanent Virtual Circuits (PVC) and Switched Virtual Circuits (SVC). It details that PVCs are pre-configured, often manually, while SVCs are dynamically created using signaling protocols. Therefore, the content directly addresses the classification and operational differences of these specific ATM connection types.

Question 25 Easy Mcq

✓ Correct ✗ Incorrect

UDP based infection - infected through vulnerability in SQL server - caused DoS on saturated networks

Parasitic malware

SQL Slammer Worm

Router

PAN

Explanation:

The SQL Slammer Worm is a UDP-based infection that exploited a critical buffer overflow vulnerability in Microsoft SQL Server. It spread rapidly across saturated networks by flooding systems with denial-of-service packets, causing massive network congestion. This specific attack vector and its impact on SQL Server infrastructure make it the definitive match for the described scenario. The worm's ability to propagate without user interaction highlights its unique threat profile in early 2000s network security.

Question 26 Easy Mcq

✓ Correct ✗ Incorrect

An FTP that allows downloads only if the user knows the exact name of the file they're looking for

When talking about protocols and referencing layers - what stack is used

Parasitic malware

Some reasons to use TCP over UDP

A blind FTP

Explanation:

A blind FTP restricts file retrieval to specific, known filenames, preventing users from browsing the directory structure or discovering hidden files. This security mechanism ensures that sensitive data remains inaccessible unless the attacker or user possesses the exact file path and name in advance. By limiting access to predefined targets, it significantly reduces the risk of unauthorized data exfiltration through directory traversal attacks. This controlled access model makes it ideal for environments where only specific files should be downloadable by authenticated users. Consequently, this behavior accurately defines the concept described in the question.

Question 27 Easy Mcq

✓ Correct ✗ Incorrect

True positive - false positive - true negative - false negative

When implementing protocols - what stack should be used?

The four types of events reported by IDS

Honeyd

Port scan

Explanation:

An Intrusion Detection System (IDS) monitors network traffic and classifies every observed activity into one of four fundamental categories based on its validity and malicious nature. These categories are true positives, false positives, true negatives, and false negatives, which represent the core metrics for evaluating an IDS's accuracy and reliability. Understanding these four types is essential for security analysts to assess detection performance and minimize errors in threat identification.

Question 28 Easy Mcq

✓ Correct ✗ Incorrect

Most commonly used transport protocol today - ensures reliable packet delivery - has error handling built in

Overview of TCP

Plaintext

Some network design objectives

The protected enclave to defense in depth

Explanation:

TCP is the most widely used transport protocol because it guarantees reliable data delivery through built-in mechanisms like acknowledgments and retransmissions. It automatically handles errors by detecting lost packets and requesting their resend, ensuring data integrity without requiring complex application-layer fixes. This robust error handling and reliability make it the standard choice for critical internet services like web browsing and email. Consequently, it is the definitive answer for a protocol that prioritizes accuracy and connection stability over raw speed.

Question 29 Easy Mcq

✓ Correct ✗ Incorrect

Simple attack done by simply browsing available information that's allowed on a local network.

Hubs

Shallow packet inspection

Some NIDS topology limitations

Browsing attack

Explanation:

This attack relies on the fundamental principle that devices on a local network can often access each other's shared resources without complex authentication. By simply browsing the network, an attacker can discover vulnerable systems, shared folders, or unsecured services exposed by default configurations. The term "simple" highlights that no sophisticated tools or deep packet analysis are required, just the ability to traverse the network's accessible information. This demonstrates how basic network connectivity can be exploited if security policies are not strictly enforced.

Question 30 Easy Mcq

✓ Correct ✗ Incorrect

Confidentiality - integrity - availability

Some disadvantages of honeypots

Buffer overflow

The three goals of security

Overview of TCP

Explanation:

Confidentiality, integrity, and availability are universally recognized as the three fundamental pillars of information security, often referred to as the CIA triad. Confidentiality ensures data is accessible only to authorized users, integrity guarantees that data remains accurate and unaltered, and availability ensures systems and data are accessible when needed. These three concepts collectively define the primary objectives that security measures aim to protect and maintain within any IT environment.

Filter by Difficulty

easy medium hard

Track Progress

Difficulty Filter

easy Easy

medium Medium

hard Hard

Other Subjects

Business Finance & Management

Industrial Engineering & Manufacturing

IT & Programming

Design & Multimedia

Content Writing & Translation

Administrative Support

Quick Navigation

Other Cyber Security & Ethical Hacking Subjects

GIAC - Cyber Security & Ethical Hacking

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Explanation:

Filter by Difficulty

Track Progress

Difficulty Filter

Other Subjects

Other Cyber Security & Ethical Hacking Subjects

Quick Navigation

Similar Practices