CHAPTER 4 - Communication and Network Security Flashcards
1
Q
- How does TKIP provide more protection for WLAN environments?
A. It uses the AES algorithm.
B. It decreases the IV size and uses the AES algorithm.
C. It adds more keying material.
D. It uses MAC and IP filtering.
A
C. The TKIP protocol actually works with WEP by feeding it keying material, which is
data to be used for generating random keystreams. TKIP increases the IV size, ensures it is
random for each packet, and adds the sender’s MAC address to the keying material.
2
Q
- Which of the following is not a characteristic of the IEEE 802.11a standard?
A. It works in the 5-GHz range.
B. It uses the OFDM spread spectrum technology.
C. It provides 52 Mbps in bandwidth.
D. It covers a smaller distance than 802.11b.
A
- C. The IEEE standard 802.11a uses the OFDM spread spectrum technology, works in the
5-GHz frequency band, and provides bandwidth of up to 54 Mbps. The operating range is
smaller because it works at a higher frequency.
3
Q
- Why are switched infrastructures safer environments than routed networks?
A. It is more difficult to sniff traffic since the computers have virtual private connections.
B. They are just as unsafe as nonswitched environments.
C. The data link encryption does not permit wiretapping.
D. Switches are more intelligent than bridges and implement security mechanisms.
A
- A. Switched environments use switches to allow different network segments and/or
systems to communicate. When this communication takes place, a virtual connection is set
up between the communicating devices. Since it is a dedicated connection, broadcast and
collision data are not available to other systems, as in an environment that uses only
bridges and routers.
4
Q
- Which of the following protocols is considered connection-oriented?
A. IP
B. ICMP
C. UDP
D. TCP
A
- D. TCP is the only connection-oriented protocol listed. A connection-oriented protocol
provides reliable connectivity and data transmission, while a connectionless protocol
provides unreliable connections and does not promise or ensure data transmission.
5
Q
- Which of the following can take place if an attacker can insert tagging values into networkand
switch-based protocols with the goal of manipulating traffic at the data link layer?
A. Open relay manipulation
B. VLAN hopping attack
C. Hypervisor denial-of-service attack
D. Smurf attack
A
- B. VLAN hopping attacks allow attackers to gain access to traffic in various VLAN
segments. An attacker can have a system act as though it is a switch. The system
understands the tagging values being used in the network and the trunking protocols, and
can insert itself between other VLAN devices and gain access to the traffic going back and
forth. Attackers can also insert tagging values to manipulate the control of traffic at this
data link layer.
6
Q
- Which of the following proxies cannot make access decisions based upon protocol
commands?
A. Application
B. Packet filtering
C. Circuit
D. Stateful
A
- C. Application and circuit are the only types of proxy-based firewall solutions listed here.
The others do not use proxies. Circuit-based proxy firewalls make decisions based on
header information, not the protocol’s command structure. Application-based proxies are
the only ones that understand this level of granularity about the individual protocols.
7
Q
- Which of the following is a bridge-mode technology that can monitor individual traffic
links between virtual machines or can be integrated within a hypervisor component?
A. Orthogonal frequency division
B. Unified threat management modem
C. Virtual firewall
D. Internet Security Association and Key Management Protocol
A
- C. Virtual firewalls can be bridge-mode products, which monitor individual traffic links
between virtual machines, or they can be integrated within the hypervisor. The hypervisor
is the software component that carries out virtual machine management and oversees guest
system software execution. If the firewall is embedded within the hypervisor, then it can
“see” and monitor all the activities taking place within the one system.
8
Q
- Which of the following shows the layer sequence as layers 2, 5, 7, 4, and 3?
A. Data link, session, application, transport, and network
B. Data link, transport, application, session, and network
C. Network, session, application, network, and transport
D. Network, transport, application, session, and presentation
A
- A. The OSI model is made up of seven layers: application (layer 7), presentation (layer 6),
session (layer 5), transport (layer 4), network (layer 3), data link (layer 2), and physical
(layer 1).
9
Q
- Which of the following technologies integrates previously independent security solutions
with the goal of providing simplicity, centralized control, and streamlined processes?
A. Network convergence
B. Security as a service
C. Unified threat management
D. Integrated convergence management
A
- C. It has become very challenging to manage the long laundry list of security solutions
almost every network needs to have in place. The list includes, but is not limited to,
firewalls, antimalware, antispam, IDS\IPS, content filtering, data leak prevention, VPN
capabilities, and continuous monitoring and reporting. Unified threat management (UTM)
appliance products have been developed that provide all (or many) of these functionalities
in a single network appliance. The goals of UTM are simplicity, streamlined installation
and maintenance, centralized control, and the ability to understand a network’s security
from a holistic point of view.
10
Q
- Metro Ethernet is a MAN protocol that can work in network infrastructures made up of
access, aggregation, metro, and core layers. Which of the following best describes these
network infrastructure layers?
A. The access layer connects the customer’s equipment to a service provider’s aggregation
network. Aggregation occurs on a core network. The metro layer is the metropolitan
area network. The core connects different metro networks.
B. The access layer connects the customer’s equipment to a service provider’s core
network. Aggregation occurs on a distribution network at the core. The metro layer is
the metropolitan area network.
C. The access layer connects the customer’s equipment to a service provider’s aggregation
network. Aggregation occurs on a distribution network. The metro layer is the
metropolitan area network. The core connects different access layers.
D. The access layer connects the customer’s equipment to a service provider’s aggregation
network. Aggregation occurs on a distribution network. The metro layer is the
metropolitan area network. The core connects different metro networks.
A
- D. The access layer connects the customer’s equipment to a service provider’s aggregation
network. Aggregation occurs on a distribution network. The metro layer is the metropolitan
area network. The core connects different metro networks.
11
Q
- Which of the following provides an incorrect definition of the specific component or
protocol that makes up IPSec?
A. Authentication Header protocol provides data integrity, data origin authentication, and
protection from replay attacks.
B. Encapsulating Security Payload protocol provides confidentiality, data origin
authentication, and data integrity.
C. Internet Security Association and Key Management Protocol provides a framework for
security association creation and key exchange.
D. Internet Key Exchange provides authenticated keying material for use with encryption
algorithms.
A
- D. Authentication Header protocol provides data integrity, data origin authentication, and
protection from replay attacks. Encapsulating Security Payload protocol provides
confidentiality, data origin authentication, and data integrity. Internet Security Association
and Key Management Protocol provides a framework for security association creation and
key exchange. Internet Key Exchange provides authenticated keying material for use with
ISAKMP.
12
Q
- Systems that are built on the OSI framework are considered open systems. What does this
mean?
A. They do not have authentication mechanisms configured by default.
B. They have interoperability issues.
C. They are built with internationally accepted protocols and standards so they can easily
communicate with other systems.
D. They are built with international protocols and standards so they can choose what types
of systems they will communicate with.
A
- C. An open system is a system that has been developed based on standardized protocols
and interfaces. Following these standards allows the systems to interoperate more
effectively with other systems that follow the same standards.
13
Q
- Which of the following protocols work in the following layers: application, data link,
network, and transport?
A. FTP, ARP, TCP, and UDP
B. FTP, ICMP, IP, and UDP
C. TFTP, ARP, IP, and UDP
D. TFTP, RARP, IP, and ICMP
A
- C. Different protocols have different functionalities. The OSI model is an attempt to
describe conceptually where these different functionalities take place in a networking stack.
The model attempts to draw boxes around reality to help people better understand the
stack. Each layer has a specific functionality and has several different protocols that can
live at that layer and carry out that specific functionality. These listed protocols work at
these associated layers: TFTP (application), ARP (data link), IP (network), and UDP
(transport).
14
Q
- What takes place at the data link layer?
A. End-to-end connection
B. Dialog control
C. Framing
D. Data syntax
A
C. The data link layer, in most cases, is the only layer that understands the environment in
which the system is working, whether it be Ethernet, Token Ring, wireless, or a connection
to a WAN link. This layer adds the necessary headers and trailers to the frame. Other
systems on the same type of network using the same technology understand only the
specific header and trailer format used in their data link technology.
15
Q
- What takes place at the session layer?
A. Dialog control
B. Routing
C. Packet sequencing
D. Addressing
A
- A. The session layer is responsible for controlling how applications communicate, not how
computers communicate. Not all applications use protocols that work at the session layer,
so this layer is not always used in networking functions. A session layer protocol will set
up the connection to the other application logically and control the dialog going back and
forth. Session layer protocols allow applications to keep track of the dialog.
16
Q
- Which best describes the IP protocol?
A. A connectionless protocol that deals with dialog establishment, maintenance, and
destruction
B. A connectionless protocol that deals with the addressing and routing of packets
C. A connection-oriented protocol that deals with the addressing and routing of packets
D. A connection-oriented protocol that deals with sequencing, error detection, and flow
control
A
- B. The IP protocol is connectionless and works at the network layer. It adds source and
destination addresses to a packet as it goes through its data encapsulation process. IP can
also make routing decisions based on the destination address.
17
Q
- Which of the following is not a characteristic of the Protected Extensible Authentication
Protocol?
A. Authentication protocol used in wireless networks and point-to-point connections
B. Designed to provide authentication for 802.11 WLANs
C. Designed to support 802.1X port access control and Transport Layer Security
D. Designed to support password-protected connections
A
- D. PEAP is a version of EAP and is an authentication protocol used in wireless networks
and point-to-point connections. PEAP is designed to provide authentication for 802.11
WLANs, which support 802.1X port access control and TLS. It is a protocol that
encapsulates EAP within a potentially encrypted and authenticated TLS tunnel.
18
Q
- The ______________ is an IETF-defined signaling protocol, widely used for controlling
multimedia communication sessions such as voice and video calls over IP.
A. Session Initiation Protocol
B. Real-time Transport Protocol
C. SS7
D. VoIP
A
- A. The Session Initiation Protocol (SIP) is an IETF-defined signaling protocol, widely used
for controlling multimedia communication sessions such as voice and video calls over IP.
The protocol can be used for creating, modifying, and terminating two-party (unicast) or
multiparty (multicast) sessions consisting of one or several media streams.
19
Q
- Which of the following is not one of the stages of the DHCP lease process?
i. Discover
ii. Offer
iii. Request
iv. Acknowledgment
A. All of them
B. None of them
C. i, ii
D. ii, iii
A
- B. The four-step DHCP lease process is
- DHCPDISCOVER message: This message is used to request an IP address lease from
a DHCP server. - DHCPOFFER message: This message is a response to a DHCPDISCOVER message,
and is sent by one or numerous DHCP servers. - DHCPREQUEST message: The client sends this message to the initial DHCP server
that responded to its request. - DHCPACK message: This message is sent by the DHCP server to the DHCP client
and is the process whereby the DHCP server assigns the IP address lease to the DHCP
client.
20
Q
- An effective method to shield networks from unauthenticated DHCP clients is through the
use of _______________ on network switches.
A. DHCP snooping
B. DHCP protection
C. DHCP shielding
D. DHCP caching
A
- A. DHCP snooping ensures that DHCP servers can assign IP addresses to only selected
systems, identified by their MAC addresses. Also, advance network switches now have the
capability to direct clients toward legitimate DHCP servers to get IP addresses and to
restrict rogue systems from becoming DHCP servers on the network.
21
Q
- Which of the following is most likely the issue that Grace’s team experienced when their
systems went offline?
A. Three critical systems were connected to a dual-attached station.
B. Three critical systems were connected to a single-attached station.
C. The secondary FDDI ring was overwhelmed with traffic and dropped the three critical
systems.
D. The FDDI ring is shared in a metropolitan environment and only allows each company
to have a certain number of systems connected to both rings.
A
- B. A single-attachment station (SAS) is attached to only one ring (the primary) through a
concentrator. If the primary goes down, it is not connected to the backup secondary ring. A
dual-attachment station (DAS) has two ports and each port provides a connection for both
the primary and the secondary rings.
22
Q
- Which of the following is the best type of fiber that should be implemented in this
scenario?
A. Single mode
B. Multimode
C. Optical carrier
D. SONET
A
- B. In single mode, a small glass core is used for high-speed data transmission over long
distances. This scenario specifies campus building-to-building connections, which are
usually short distances. In multimode, a large glass core is used and is able to carry more
data than single-mode fibers, though they are best for shorter distances because of their
higher attenuation levels.
23
Q
- Which of the following is the best and most cost-effective countermeasure for Grace’s
team to put into place?
A. Network address translation
B. Disallowing unnecessary ICMP traffic coming from untrusted networks
C. Application-based proxy firewall
D. Screened subnet using two firewalls from two different vendors
A
- B. The attack description is a smurf attack. In this situation the attacker sends an ICMP
Echo Request packet with a spoofed source address to a victim’s network broadcast
address. This means that each system on the victim’s subnet receives an ICMP Echo
Request packet. Each system then replies to that request with an ICMP Echo Response
packet to the spoof address provided in the packets—which is the victim’s address. All of
these response packets go to the victim system and overwhelm it because it is being
bombarded with packets it does not necessarily know how to process. Filtering out
unnecessary ICMP traffic is the cheapest solution.
24
Q
- Which of the following is most likely taking place to allow spurious packets to gain
unauthorized access to critical servers?
A. TCP sequence hijacking is taking place.
B. Source routing is not restricted.
C. Fragment attacks are underway.
D. Attacker is tunneling communication through PPP.
A
- B. Source routing means the packet decides how to get to its destination, not the routers in
between the source and destination computer. Source routing moves a packet throughout a
network on a predetermined path. To make sure none of this misrouting happens, many
firewalls are configured to check for source routing information within the packet and deny
it if it is present.
25
Q
- Which of the following best describes the firewall configuration issues Sean’s team
member is describing?
A. Clean-up rule, stealth rule
B. Stealth rule, silent rule
C. Silent rule, negate rule
D. Stealth rule, silent rule
A
- C. The following describes the different firewall rule types:
* Silent rule Drops “noisy” traffic without logging it. This reduces log sizes by not
responding to packets that are deemed unimportant.
* Stealth rule Disallows access to firewall software from unauthorized systems.
* Cleanup rule The last rule in the rule base, which drops and logs any traffic that does
not meet the preceding rules.
* Negate rule Used instead of the broad and permissive “any rules.” Negate rules provide
tighter permission rights by specifying what system can be accessed and how.
26
Q
- Which of the following best describes why Sean’s team wants to put in the mentioned
countermeasure for the most commonly attacked systems?
A. Prevent production system hijacking
B. Reduce DoS attack effects
C. Gather statistics during the process of an attack
D. Increase forensic capabilities
A
- B. A tarpit is commonly a piece of software configured to emulate a vulnerable, running
service. Once the attackers start to send packets to this “service,” the connection to the
victim system seems to be live and ongoing, but the response from the victim system is
slow and the connection may time out. Most attacks and scanning activities take place
through automated tools that require quick responses from their victim systems. If the
victim systems do not reply or are very slow to reply, the automated tools may not be
successful because the protocol connection times out. This can reduce the effects of a DoS
attack.
27
Q
- Based upon the information in the scenario, what should the network team implement as it
pertains to IPv6 tunneling?
A. Teredo should be configured on IPv6-aware hosts that reside behind the NAT device.
B. 6to4 should be configured on IPv6-aware hosts that reside behind the NAT device.
C. Intra-Site Automatic Tunnel Addressing Protocol should be configured on IPv6-aware
hosts that reside behind the NAT device.
D. IPv6 should be disabled on all systems.
A
- A. Teredo encapsulates IPv6 packets within UDP datagrams with IPv4 addressing. IPv6-
aware systems behind the NAT device can be used as Teredo tunnel endpoints even if they
do not have a dedicated public IPv4 address.
28
Q
- Which of the following is the best countermeasure for the attack type addressed in the
scenario?
A. DNSSEC
B. IPSec
C. Split server configurations
D. Disabling zone transfer
A
- A. DNSSEC protects DNS servers from forged DNS information, which is commonly used
to carry out DNS cache poisoning attacks. If DNSSEC is implemented, then all responses
that the server receives will be verified through digital signatures. This helps ensure that an
attacker cannot provide a DNS server with incorrect information, which would point the
victim to a malicious website.
29
Q
- Which of the following technologies should Lance’s team investigate for increased
authentication efforts?
A. Challenge Handshake Authentication Protocol
B. Simple Authentication and Security Layer
C. IEEE 802.2AB
D. EAP-SSL
A
- B. Simple Authentication and Security Layer is a protocol-independent authentication
framework. This means that any protocol that knows how to interact with SASL can use its
various authentication mechanisms without having to actually embed the authentication
mechanisms within its code.
30
Q
- Wireless LAN technologies have gone through different versions over the years to address
some of the inherent security issues within the original IEEE 802.11 standard. Which of the
following provides the correct characteristics of Wi-Fi Protected Access 2 (WPA2)?
A. IEEE 802.1X, WEP, MAC
B. IEEE 802.1X, EAP, TKIP
C. IEEE 802.1X, EAP, WEP
D. IEEE 802.1X, EAP, CCMP
A
- D. Wi-Fi Protected Access 2 requires IEEE 802.1X or preshared keys for access control,
EAP or preshared keys for authentication, and AES algorithm in counter mode with CBCMAC
Protocol (CCMP) for encryption.
31
Q
- Alice wants to send a message to Bob, who is several network hops away from her. What is
the best approach to protecting the confidentiality of the message?
A. PPTP
B. S/MIME
C. Link encryption
D. SSH
A
- B. Secure Multipurpose Internet Mail Extensions (S/MIME) is a standard for encrypting
and digitally signing e-mail and for providing secure data transmissions using public key
infrastructure (PKI).
32
Q
- Charlie uses PGP on his Linux-based e-mail client. His friend Dave uses S/MIME on his
Windows-based e-mail. Charlie is unable to send an encrypted e-mail to Dave. What is the
likely reason?
A. PGP and S/MIME are incompatible.
B. Each has a different secret key.
C. Each is using a different CA.
D. There is not enough information to determine the likely reason.
A
- A. PGP uses a decentralized web of trust for its PKI, while S/MIME relies on centralized
