GIAC Information Security Professional (GISP)

Technical Breakdown of SSID Standards

Character Limit: According to the IEEE 802.11 wireless standards, a Service Set Identifier (SSID) can be a maximum of 32 octets (typically 32 characters) long.

Case Sensitivity: As noted in your question content, SSIDs are case-sensitive, meaning "MyWiFi" and "mywifi" are treated as two completely different networks.

Encoding: While most modern routers use UTF-8, the 32-octet limit remains the hard physical constraint for the header.

✅

Reasoning: Ciphertext is the output of an encryption algorithm applied to plaintext. It represents the encrypted or scrambled form of the original message, making it unreadable without the proper decryption key. This term directly defines encrypted text in cryptography. ❌ Why the other choices are incorrect:

• Option A is incorrect: Plaintext refers to the original, unencrypted message or data before any cryptographic transformation. It is readable without a key.
• Option B is incorrect: Cookies are small data files websites store on a user's browser, typically for session management, tracking, or personalization. They are unrelated to the general concept of "encrypted text."
• Option C is incorrect: Hypertext is text that contains links to other text or resources, commonly found in web documents (e.g., HTML). It is a concept related to document structure and navigation, not encryption.

✅

Reasoning: Log files contain crucial evidence regarding the hacker's actions, access times, and methods. Preserving them ensures this critical digital evidence is available for forensic analysis without alteration or deletion, which is fundamental to understanding and investigating the breach.

Reasoning: Restricting access to the server room treats it as a crime scene. This prevents unauthorized personnel, including well-meaning employees, from inadvertently contaminating, altering, or destroying physical evidence or interfering with the compromised systems, thus preserving the scene's integrity.

Reasoning: Detaching the network cable immediately stops the hacker's active access to the database server. This action prevents further unauthorized data exfiltration, modification, or deletion by the attacker, effectively preserving the current state of evidence on the server from immediate external alteration. ❌ Why the other choices are incorrect:

• Option A is incorrect: Preventing a forensics experts team from entering the server room is counterproductive. Forensic experts are essential for proper evidence collection, analysis, and preservation. Hindering their access actively prevents the investigation and evidence preservation process.

✅

Reasoning: A DoS (Denial of Service) attack specifically aims to make a machine or network resource unavailable. It achieves this by overwhelming the target server with a flood of traffic or requests, consuming its resources and preventing it from responding to legitimate users, thus slowing down or stopping the service. ❌ Why the other choices are incorrect:

• Option A is incorrect: A vulnerability attack exploits a weakness in a system but doesn't specifically describe the method of overloading with requests to cause a slowdown or stoppage. It's a broader category.
• Option B is incorrect: An impersonation attack involves an attacker pretending to be another entity to gain unauthorized access or information, which is distinct from overwhelming a server with requests.
• Option C is incorrect: "Network attack" is a broad term for any malicious activity targeting a computer network. While a DoS attack is a type of network attack, this option is not specific enough to describe the mechanism of overloading requests.

✅ **Security **

Reasoning: Browser security settings directly control how a web browser handles various types of content, scripts, active elements, file downloads, and pop-ups. These settings allow users to define policies for how the browser receives and processes information and content from websites. ❌ Why the other choices are incorrect:

• Option A is incorrect: A proxy server acts as an intermediary, filtering traffic before it reaches the browser. While it can control access, it doesn't primarily define the browser's internal mechanisms for how it receives and processes content.
• Option C is incorrect: Cookies are small data pieces for session management and personalization. While browsers manage them, cookie settings do not broadly control script execution, active content handling, or general file downloads.
• Option D is incorrect: Certificates verify website identity and encrypt communication (HTTPS). They ensure trusted connections but do not control the browser's general handling of content types or file download behaviors.

✅ **Retention policy **

Reasoning: A retention policy dictates the duration that specific data, such as emails and documents, must be preserved. Network administrators implement these policies to ensure compliance, legal requirements, or operational needs are met, defining how long user data is actively kept before archiving or deletion. ❌ Why the other choices are incorrect:

• Option B is incorrect: A password policy defines rules for user passwords, like length, complexity, and expiration, not data storage duration.
• Option C is incorrect: An audit policy specifies which security events should be logged for review and accountability, unrelated to how long user documents are stored.
• Option D is incorrect: A backup policy outlines how data is copied and stored for disaster recovery purposes, not the fixed period users are allowed to keep active documents and emails.

✅ **Water **

Reasoning: Water effectively suppresses Class A fires (combustible solids like wood and paper) by cooling the fuel below its ignition temperature and stopping the combustion process. It's a primary agent.

Reasoning: Soda acid extinguishers, though largely obsolete, were specifically designed for Class A fires. They discharged a stream of water and sodium bicarbonate solution to cool and smother burning materials. ❌ Why the other choices are incorrect:

• Option B is incorrect: Kerosene is a flammable liquid (Class B fuel) and would exacerbate any fire, not suppress it. Using it would be extremely dangerous and counterproductive.
• Option C is incorrect: CO2 extinguishers primarily suppress Class B (flammable liquids) and Class C (electrical) fires by displacing oxygen. While it can suppress very small Class A fires, it does not cool the material effectively, leading to a high risk of reignition. Water or cooling agents are far superior for Class A.

✅

Reasoning: Digest authentication computes a hash of the user's password, a server-provided nonce, and other request data. This hash value (the response) is sent to the server, ensuring the actual password is never transmitted in clear text across the network.

Reasoning: Digest authentication is fundamentally more secure than Basic authentication. Basic authentication transmits credentials encoded in Base64 (easily decoded, effectively cleartext), whereas Digest authentication uses a challenge-response mechanism with hashing, preventing cleartext password exposure and offering protection against replay attacks. ❌ Why the other choices are incorrect:

• Option A is incorrect: This statement is the opposite of how Digest authentication works. Passwords are never sent as clear text; a hash value is transmitted instead.
• Option B is incorrect: Digest authentication is primarily an HTTP authentication scheme (RFC 2617) used for web services. Wireless LANs (IEEE 802.11) use different authentication protocols like WPA/WPA2/WPA3 or 802.1X (EAP methods) for network access.

✅

Reasoning: A Smurf attack is a classic Denial-of-Service attack that utilizes ICMP echo requests. The attacker spoofs the victim's IP address and sends ICMP requests to an amplifying network's broadcast address. All devices on that network then reply to the spoofed victim, flooding it with ICMP echo-replies, causing a DoS. This method directly involves ICMP, IP spoofing, and network flooding. ❌ Why the other choices are incorrect:

• Option B is incorrect: Smurf attacks are ICMP-based, not UDP-based. While UDP floods are another type of DoS attack, they operate using UDP packets, not the ICMP protocol central to Smurf attacks.
• Option C is incorrect: While a Smurf is a DoS attack, the concept of "leaving TCP ports open" is not a defining characteristic. Smurf primarily targets network bandwidth and ICMP processing, not the state of TCP ports.
• Option D is incorrect: This describes fragmentation attacks (like Teardrop), where an attacker sends malformed or overlapping IP fragments to prevent reassembly, leading to system crashes or reboots. Smurf attacks do not rely on IP fragmentation.

✅ **Confidentiality **

Reasoning: Confidentiality is the principle that protects information from unauthorized access or disclosure. It ensures that only authorized individuals, entities, or processes can view or access sensitive data. ❌ Why the other choices are incorrect:

• Option A is incorrect: Auditing involves examining records and processes to verify compliance or detect anomalies, not directly protecting data access.
• Option B is incorrect: Recovery refers to restoring data or systems after an incident, focusing on availability, not preventing unauthorized access.
• Option D is incorrect: Integrity ensures data accuracy, completeness, and prevents unauthorized modification or destruction, not specifically unauthorized viewing or access.