View
374
Download
0
Category
Tags:
Preview:
DESCRIPTION
Citation preview
March Geekness March 9, 2010
Only one team will prevail. Who will be the winner?
7DA
How March Geekness Works• On Tuesday March 9, 12-1:30 PM in the Vendor Expo, pick up your entry
card, it has ten questions similar to the ones we will be asking in the contest. Submit your answers by end of lunch session in drop box at entry table.
• SANS reviews all entries. Tuesday March 9, 5 PM: the name of everyone who qualifies will be posted in the Vendor Expo. From the qualifiers, form your teams. A max of five persons on a team, a min of three.
• Space is Limited. We can accommodate a max of sixteen teams first come, first served
• No debate is allowed about whether the answer is right, however the *source* of the question is displayed on the slide and lifelines are allowed
• Short elimination rounds to develop the F1nal F0urF1nal F0ur
Elimination RoundsRULES:• 10 Questions• 2 Teams compete• Question is displayed• Team has to raise a flag to answer• Referee calls on the team: five seconds to begin answer, time delay = wrong answer• If no one knows the answer, the question remains in play until the last question is
answered. Teams can send a runner, or use a lifeline to find the answer. Do NOT interrupt someone speaking, but use CSMA/CD and raise your flag during any period of silence
• Right answer = 1 point• Wrong answer deducts 1 point• Partial credit is possible .5 point• Tiebreaker question in case of tie at the end of 10 questions
Elimination Rounds (2)
• In the case of an odd number of teams, referee may elect to advance to next round by presenting 10 questions, requiring an answer in five seconds, and 6 out of 10 is a pass
• Referee’s choice as to which team is selected as odd team out.
F1nal F0urSANS
7DA
F1nal F0ur Elimination Rounds
• All elimination rules apply• 20 Questions instead of 10• Repeat questions are allowed
Geeks Know How to Have Fun
• March “Geekness” is all about fun. Participation will be limited, but even the casual observer can learn and benefit
• Hosted by Stephen Northcutt and special guests
• Food & Drink brought to you by SANS and Sponsoring Exhibitors
• Prizes!
Prizes!
A big pile of snow (just kidding)
Prize for each Team member(8) Elimination Round Survivors
I survived an elimination round
at SANS 2010
March Geekness
Commemorative T shirt, different color for each team
Prize for each Team member - First Runner Up -
Each member of the First Runner Up team will receive a 5.11 Tactical Ready Bag, a practical carry-all with water bottle pocket, thermos/flashlight pockets, and an internal organizer panel in the lid.
Prize for each Team member - Winning Team -
AIRVIEW2-EXT 2.4GHz Spectrum Analyzer
QuestionsHint: Answers to many "March Geekness” questions can be found by engaging with exhibitors at the Expo. We encourage you to meet them!
What is the name of Palo Alto Networks centralized management capability for managing policies across distributed firewalls?
Sample Question
March Geekness 7DA
v14s5
By what percent have malware threats increased between 2006 and 2008?
Sample Question
March Geekness 7DA
v3s6
Why does LogRhythm keep metadata in a separate database from raw log data?
Sample Question
March Geekness 7DA
v11s4
Does Sunbelt Software CWSandbox require or use virtualization?
Sample Question
March Geekness 7DA
v21s1
What is the name of the company that Cisco acquired that is the market leader in SaaS Web security?
Sample Question
March Geekness 7DA
v8s2
Name an agent used by the Web Application testing vector.
Sample Question
March Geekness 7DA
v9s7
From Screen MMLS output:
A) dd if=disk1.dd bs=512 skip=63 count=1028097 of=windows.disk1.ddB) dd if=disk1.dd of=windows.disk1.dd start=1028159 count=1028097C) dd if=disk1.dd bs=512 skip=1028159 count=1028097 of=windows.disk1.ddD) dd if=disk1.dd start=62 count=1028097 of=windows.disk1.dd
g.147.
Sample Question
March Geekness 7DA
What is the largest number of events currently being captured by LogCenter on a daily basis?
Sample Question
March Geekness 7DA
v10s3
GPEN
You are pen testing a Windows system remotely via a raw netcat shell. You want to get a listing of all the local users on the system, what command would you use?
A) net name B) net userC) net accountD) net localuser
Sample Question
March Geekness 7DA
g.95.
Do all SecureDoc users have the same privileges?
Sample Question
March Geekness 7DA
v23s2
What are two architectural requirements of supporting content awareness in SIEM?
Sample Question
March Geekness 7DA
v12s2
What is Norman best known for worldwide?
Sample Question
March Geekness 7DA
v13s1
Why is recovering the content of a deleted file from a FAT file system difficult?
A) The first letter of the file name is overwritten with the character 0xE5B) The contents of the file are overwrittenC) The entries in the file allocation table are overwrittenD) The directory entry is overwritten
Sample Question
March Geekness 7DA
g.159.
Can Splunk searches support real-time streamed data?
Sample Question
March Geekness 7DA
v20s3
Is QualysGuard host-based or network-based?
Sample Question
March Geekness 7DA
v15s4
GPEN
What is the reason that Cain cannot crack Linux MD5 passwords?
A) Cain does not support salted Unix password representations B) Unix MD5 hashes are not the same as Windows MD5 hashes C) Cain cannot crack MD5 passwords D) Cain only runs on Windows and cannot read a Unix password file
g.47.
Sample Question
March Geekness 7DA
How does CDI know its unit in the field is alive and working?
Sample Question
March Geekness 7DA
v6s7
Sourcefire can help you reduce the number of actionable events you have to pursue by what percentage?
Sample Question
March Geekness 7DA
v19s7
In case of a security violation, what are the response mechanisms available on the Barracuda WAF?
Sample Question
March Geekness 7DA
v2s3
In which Firefox version did the SQLite format begin to be used for storing browser artifacts?
A) Firefox 3.0B) Firefox 1.5C) Firefox 2.0D) Firefox 3.5
g.135.
Sample Question
March Geekness 7DA
According to McAfee what percentage of power plant operators reported that their networks had been infiltrated?
Sample Question
March Geekness 7DA
v5s1
What is Websense Security Labs?
Sample Question
March Geekness 7DA
v22s3
What is Solera Networks’ unique approach to full packet capture?
Sample Question
March Geekness 7DA
v18s5
You are responding to a Windows Vista SP2 32-bit operating system. The machine has 4-GB of RAM installed. You are asked to acquire memory following the order of volatility while maintaining the most forensically sound process. What is the least invasive way to image memory and what is the resultant size of your memory image?
A) Use a memory imaging tool from a CDROM and image to a plugged in USB key:Total memory image = 4 GBB) Use a memory imaging tool from a USB key and image to the same USB key: Total memory image = 3 GBC) Use a memory imaging tool from a USB key and image to a network share:Total memory image = 4 GBD) Use a memory imaging tool from a CDROM and image to a networ'k share: Total memory image = 3 GB
g.144. Sample
Question
March Geekness 7DA
Recommended