Ch 12

Question 1

1. __________________ is a layer 2 connection mechanism that uses packet-switching technology to establish virtual circuits between the communication endpoints.

A. ISDN
B. Frame Relay
C. SMDS
D. ATM

Answer 1

Answer: B

Frame Relay is a layer 2 connection mechanism that uses packet-switching technology to establish virtual circuits between the communication endpoints. The Frame Relay network is a shared medium across which virtual circuits are created to provide point-to-point communications. All virtual circuits are independent of and invisible to each other.

Question 2

2. Tunnel connections can be established over all except for which of the following?

A. WAN links
B. LAN pathways
C. Dial-up connections
D. Stand-alone systems

Answer 2

Answer: D

A stand-alone system has no need for tunneling because no communications between systems are occurring and no intermediary network is present.

Question 3

3. __________________ is a standards-based mechanism for providing encryption for point-to-point TCP/IP traffic.

A. UDP
B. IDEA
C. IPSec
D. SDLC

Answer 3

Answer: C

IPSec, or IP Security, is a standards-based mechanism for providing encryption for point-to-point TCP/IP traffic.

Question 4

4. Which of the following IP addresses is not a private IP address as defined by RFC 1918?

A. 10.0.0.18
B. 169.254.1.119
C. 172.31.8.204
D. 192.168.6.43

Answer 4

Answer: B

The 169.254.x.x subnet is in the APIPA range, which is not part of RFC 1918. The addresses in RFC 1918 are 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, and 192.168.0.0–192.168.255.255.

Question 5

5. Which of the following cannot be linked over a VPN?

A. Two distant Internet-connected LANs
B. Two systems on the same LAN
C. A system connected to the Internet and a LAN connected to the Internet
D. Two systems without an intermediary network connection

Answer 5

Answer: D

An intermediary network connection is required for a VPN link to be established.

Question 6

6. What is needed to allow an external client to initiate a communication session with an internal system if the network uses a NAT proxy?

A. IPSec tunnel
B. Static mode NAT
C. Static private IP address
D. Reverse DNS

Answer 6

Answer: B

Static mode NAT is needed to allow an outside entity to initiate communications with an internal system behind a NAT proxy.

Question 7

7. Which of the following VPN protocols do not offer native data encryption? (Choose all that apply.)

A. L2F
B. L2TP
C. IPSec
D. PPTP

Answer 7

Answer: A;B;D

L2F, L2TP, and PPTP all lack native data encryption. Only IPSec includes native data encryption.

Question 8

8. At which OSI model layer does the IPSec protocol function?

A. Data Link
B. Transport
C. Session
D. Network

Answer 8

Answer: D

IPSec operates at the Network layer (layer 3).

Question 9

9. Which of the following is not defined in RFC 1918 as one of the private IP address ranges that are not routed on the Internet?

A. 169.172.0.0–169.191.255.255
B. 192.168.0.0–192.168.255.255
C. 10.0.0.0–10.255.255.255
D. 172.16.0.0–172.31.255.255

Answer 9

Answer: A

The address range 169.172.0.0–169.191.255.255 is not listed in RFC 1918 as a private IP address range. It is, in fact, a public IP address range.

Question 10

10. Which of the following is not a benefit of NAT?

A. Hiding the internal IP addressing scheme
B. Sharing a few public Internet addresses with a large number of internal clients
C. Using the private IP addresses from RFC 1918 on an internal network
D. Filtering network traffic to prevent brute-force attacks

Answer 10

Answer: D

NAT does not protect against or prevent brute-force attacks.

Question 11

11. A significant benefit of a security control is when it goes unnoticed by users. What is this called?

A. Invisibility
B. Transparency
C. Diversion
D. Hiding in plain sight

Answer 11

Answer: B

When transparency is a characteristic of a service, security control, or access mechanism it is unseen by users.

Question 12

12. When you’re designing a security system for Internet-delivered email, which of the following is least important?

A. Nonrepudiation
B. Availability
C. Message integrity
D. Access restriction

Answer 12

Answer: B

Although availability is a key aspect of security in general, it is the least important aspect of security systems for Internet-delivered email.

Question 13

13. Which of the following is typically not an element that must be discussed with end users in regard to email retention policies?

A. Privacy
B. Auditor review
C. Length of retainer
D. Backup method

Answer 13

Answer: D

The backup method is not an important factor to discuss with end users regarding email retention.

Question 14

14. What is it called when email itself is used as an attack mechanism?

A. Masquerading
B. Mail-bombing
C. Spoofing
D. Smurf attack

Answer 14

Answer: B

Mail-bombing is the use of email as an attack mechanism. Flooding a system with messages causes a denial of service.

Question 15

15. Why is spam so difficult to stop?

A. Filters are ineffective at blocking inbound messages.
B. The source address is usually spoofed.
C. It is an attack requiring little expertise.
D. Spam can cause denial-of-service attacks.

Answer 15

Answer: B

It is often difficult to stop spam because the source of the messages is usually spoofed.

Question 16

16. Which of the following is a type of connection that can be described as a logical circuit that always exists and is waiting for the customer to send data?

A. ISDN
B. PVC
C. VPN
D. SVC

Answer 16

Answer: B

A permanent virtual circuit (PVC) can be described as a logical circuit that always exists and is waiting for the customer to send data.

Question 17

17. In addition to maintaining an updated system and controlling physical access, which of the following is the most effective countermeasure against PBX fraud and abuse?

A. Encrypting communications
B. Changing default passwords
C. Using transmission logs
D. Taping and archiving all conversations

Answer 17

Answer: B

Changing default passwords on PBX systems provides the most effective increase in security.

Question 18

18. Which of the following can be used to bypass even the best physical and logical security mechanisms to gain access to a system?

A. Brute-force attacks
B. Denial of service
C. Social engineering
D. Port scanning

Answer 18

Answer: C

Social engineering can often be used to bypass even the most effective physical and logical controls. Whatever activity the attacker convinces the victim to perform, it is usually directed toward opening a back door that the attacker can use to gain access to the network.

Question 19

19. Which of the following is not a denial-of-service attack?

A. Exploiting a flaw in a program to consume 100 percent of the CPU
B. Sending malformed packets to a system, causing it to freeze
C. Performing a brute-force attack against a known user account
D. Sending thousands of emails to a single address

Answer 19

Answer: C

A brute-force attack is not considered a DoS.

Question 20

20. What authentication protocol offers no encryption or protection for logon credentials?

A. PAP
B. CHAP
C. SSL
D. RADIUS

Answer 20

Answer: A

Password Authentication Protocol (PAP) is a standardized authentication protocol for PPP. PAP transmits usernames and passwords in the clear. It offers no form of encryption. It simply provides a means to transport the logon credentials from the client to the authentication server.