Republished with permission from
WatchGuard Technologies, Inc.
Put Your Security Skills to the Test
Over the years, WatchGuard's LiveSecurity columnists have put together a treasure trove of juicy tidbits, meaty primers, and hot tips covering many aspects of network and system security. From locking down VPNs and mobile devices to hardening firewalls, servers, and workstations, LiveSecurity has a little something for everyone. Think you already know it all? Exercise those cerebral cells by answering the following questions, drawn from the LiveSecurity archive.
1. What do you call an attack against networked computers that combines malicious code with exploitation of server vulnerabilities in order to start and spread?
a) A Nastygram
2. Stack attacks, format string attacks, and heap attacks are three forms of what?
a) Denial of Service
3. Which of the following is NOT true about security tokens?
a) Tokens are hardware devices
4. What do you call threats that lurk inside shareware programs, Web pages, and e-mail messages, posing as something purposeful while reporting information about you to others?
a) Easter Eggs
5. Which of the following is NOT a wireless security mechanism?
6. Secret key cryptography is also known by which name?
a) Asymmetric crypto
7. A method that VPN peers use to obtain the same keying material for encryption and authentication without ever exchanging the entirety of any keying material is called:
8. Which of the following is NOT a threat against mobile devices?
9. A Realtime Black Hole List is:
a) The federal budget deficit
10. The binary value "01101110" is what in hexadecimal?
11. A Split DNS is:
a) A splitting headache
12. A popular open-source, signature-based Network Intrusion Detection System is:
To learn more about malware that combines viruses, worms, and other malicious code with vulnerability exploits, read "Terminating Blended Threats." 2: B.
To understand how these and other buffer overflow attacks do their dirty work, read "Foundations: What Are Buffer Overflows?" 3: A.
As explained in "Security Tokens: Why Aren't You Using Them?" tokens are frequently sold as hardware (e. g., a keyfob, pinpad, or USB stick) but are also available as software (e. g., to turn your PDA into a token). 4: D.
I must be hungry. Of course the answer is spyware. For a cautionary tale of the many ways in which spyware can be delivered to your PC, see "Foundations: How Does Spyware Get onto My Computer?" 5: B.
WAP stands for Wireless Access Point, which does not imply any particular level of security. Learn more about some of the security issues related to WAPs in "Ouch! Even a PDA Hurts When It WAPs You," and "Tools and Tactics for Safer WLAN Deployment." 6: B.
No, the answer is not private key (the better half of public key crypto). Secret key crypto is "symmetric" because both the sender and the receiver use the same key. If you missed this one, refresh your memory with "Foundations: Cryptography 101." 7: B.
Diffie-Hellman, Main Mode, and Pre-Shared Secrets are all used in IPsec VPNs, but only Diffie-Hellman is a key exchange protocol. See "Choosing Security Parameters for Site-to-Site VPNs." 8: D.
Cabir, Bradoor, and Mosquitos are Smartphone worms and trojans released in the summer of 2004. To learn how to protect mobile phones, read "Smartphone (In)Security." 9: C.
If your mail server is being overrun with spam, learn about how RBLs can help you defeat this plague. Read, "Can Spam Escape a Black Hole?" 10: B.
If math class made you snore, "Understanding IP Addresses and Binary" can catch you up on the binary essentials that you missed -- or have just forgotten. 11: D.
David Bonn describes the trials, tribulations, and benefits of hosted DNS in "Outsourcing DNS: For Once, Laziness Wins." 12: C.
While this program may sniff and snoop and occasionally snarf, the one and only NIDS represented by a little pink pig is Snort. Learn why in "Sniffing Out Snoopers with Snort."
Rate your Security IQ
To Learn More:
LiveSecurity Topical Index
Copyrightę 2005, WatchGuard Technologies, Inc. All rights reserved. WatchGuard, LiveSecurity, Firebox and ServerLock are trademarks or registered trademarks of WatchGuard Technologies, Inc. in the United States and other countries.