CISSP Domain 4 Flashcards

Question 1

Q

Communication and Network Security

Answer

A

OSI and TCP/IP Models
Protocol types and security issues
LAN, WAN, MAN, Intranet, and extranet technologies
Cable types and data transmission types
Network devices and services
Communications security management
Telecommunications devices and technologies
Wireless technologies
Network Encryption
Threats and attacks
Software defined routing
Content distribution networks
Multilayer protocols
Convergent network technologies

Question 2

Q

Telecommunications

Answer

A

the electromagnetic transmission of data among systems

Question 3

Q

OSI Reference Model

Answer

A

ISO standard 7498 provides important guidelines used by vendors, engineers, developers, and others.

Question 4

Q

Encapsulation

Answer

A

Message moves down one stack and up another through the OSI model

Question 5

Q

Application Layer 7

Answer

A

works closest to the user and provides file transmissions, message exchanges, terminal sessions, and much more.
Does not include applications
passes instructions and data

Question 6

Q

Application Layer protocols

Answer

A

SMTP
HRRP
DNS
IRC
LDP

Question 7

Q

Presentation Layer 6

Answer

A

puts information in a format

common means of representing data in a structure

Question 8

Q

Presentation layer works as a

Answer

A

Translator.
Not concerned with the meaning of data,
but syntax and format

Question 9

Q

Presentation Layer formats

Answer

A

TIFF
GIF
JPEG
Compression

Question 10

Q

Presentation Layer handles

Answer

A

data compression and encryption

Only layer without protocols

Question 11

Q

Session Layer 5

Answer

A

Responsible for establishing a connection between two applications, maintaining it during the data transfer, and controlling the release of the connections.

Question 12

Q

Session Layer phases

Answer

A

Establish connection
data transfer
connection release

restart and connection if necessary
maintenance of the session.

Question 13

Q

Session Layer Protocols

Answer

A

Password Authentication Protocol (PAP)
Point to Point Tunneling Protocol (PPTP)
Network Basic Output System (NetBIOS)
Remote Procedure Call (RPC)

Question 14

Q

Session Layer modes

Answer

A

Simplex
Half Duplex
Full Duplex

Question 15

Q

difference between Session and Transport layers

Answer

A

Session is between 2 applications

Transport is between 2 computers

Question 16

Q

Security issue with RPC

Answer

A

lack of authentication or weak authentication

Question 17

Q

Session Layer protocols are

Answer

A

the least used in a network environment

Should be disabled

Question 18

Q

ATM

Answer

A

Asynchronous Transfer Mode

Question 19

Q

OSI Layers vs TCP/IP Layers

Answer

A

Application Application
Presentation
Session
___________________________________
Transport Host to Host
___________________________________
Network Internet
___________________________________
Data Link Network Access
Physical

Question 20

Q

Network Attacks can be

Answer

A

used as a channel for an attack
or
be the target of attack

Question 21

Q

Transport Layer 4

Answer

A

When 2 computers communicate

Handshaking process

Question 22

Q

Transport Layer provides

Answer

A

reliable data transfer
error detection
correction
recovery
flow control
Optimization
end to end data transport services
establishes logical connection between two computers

Question 23

Q

Transport Layer Protocols

Answer

A

TCP Transport Control Protocol
UDP User Datagram Protocol
IPX

Question 24

Q

TCP vs UDP

Answer

A

connection vs best effort

Question 25

Q

Network Layer 3

Answer

A

inserts address and routing to packet’s header

Question 26

Q

Network Layer Protocols

Answer

A

IP Internet Protocol
ICMP Internet Control Message Protocol
RIP Routing Information Protocol
OSPF Open Shortest Path First
IGMP Internet Group Management Protocol
BGP Border Gateway Protocol

Question 27

Q

Data Link Layer 2

Answer

A

formats in order to transmit over 
Token ring
ATM
Ethernet
ATM
FDDI

Question 28

Q

Data Link sub layers

Answer

A

Logical Link Control LLC

Media Access Control MAC

Question 29

Q

Data Link LLC is defined in ISO

Answer

A

802-2

Flow control and Error checking

Question 30

Q

Ethernet is defined in ISO

Question 31

Q

Data Link MAC knows if the network is

Answer

A

Ethernet, Token Ring, or ATM

Question 32

Q

Token Ring is ISO is

Question 33

Q

Wireless LAN ISO is

Answer

A

802.11

Not to be confused with 802.1 for authentication

Question 34

Q

Data Link Protocols

Answer

A

Point to Point Protocol  (PPP)
ATM
Layer 2 Tunneling Protocol  (L2TP)
FDDI
Ethernet
Token Ring

Question 35

Q

IEE 802 Layers

Question 36

Q

Network Cards bridge the

Answer

A

Data Link and Physical Layers

Question 37

Q

Data Link Layer unit of data

Question 38

Q

Physical Layer 1

Answer

A

converts bits into voltage for transmission

Question 39

Q

Physical Layer controls

Answer

A

Synchronization
Data rates
Line Noise
Transmission Techniques

Question 40

Q

Presentation Layer Standards

Answer

A

American Standard Code for Information Interchange (ASCII)
Extended Binary Coded Decimal Interchange Mode (EBCDOC)
Tagged Image File Format (TIFF)
Joint Photographic Experts Group (JPEG)
Motion Picture Experts Group (MPEG)
Musical Instrument Digital Interface (MIDI)

Question 41

Q

Bridges and Switches understand only up to the

Answer

A

Data Link Layer

Question 42

Q

Repeaters only understand traffic at the

Answer

A

Physical Layer

Question 43

Q

Layer 3 device works at the

Answer

A

Network Layer

Question 44

Q

Distributed Network Protocol 3

Answer

A

Designed for use in SCADA systems
Not a general purpose protocol
No routing functionality

Question 45

Q

SCADA systems

Answer

A

Hierarchical architecture
Sensors connected to Remote Terminal Units (RTUs)
RTUs aggregate data and relay to the SCADA master

Question 46

Q

Remote Terminal Unit

Answer

A

In Distributred Network Protocol 3, SCADA, the RTU relays information to the SCADA

Control instructions and configurations changes are sent from SCADA to RTUs

Question 47

Q

SCADA master

Answer

A

It the Human Machine Interface (HMI)

Question 48

Q

Controller Area Network Bus

Answer

A

Run most automobiles worldwide

Question 49

Q

TCP/IP: Model

Answer

A

IP is a network layer protocol and provides routing services

Question 50

Q

Main protocols of Transport Protocol

Answer

A

TCP and UDP

Question 51

Q

Socket

Answer

A

Is the combination of protocol (TCP or UDP), port, and IP address.

Question 52

Q

Well Known Ports

Question 53

Q

Registered Ports

Answer

A

1024-49151

Question 54

Q

Dynamic Ports

Answer

A

49152-65535 available to be used by any application on an “as needed” basis

Question 55

Q

TCP Handshake

Answer

A

1 Syn
2 Syn//ACK
3. ACK

TCP must setup connection before any data is sent

Question 56

Q

SYN flood

Answer

A

SYN packets sent with never an ACK.

Floods system with SYN packets

Denial of Service attack

Question 57

Q

Syn Flood defenses

Answer

A

SYN caches

delays allocation of a socket until handshakes are complete.

Question 58

Q

Segment vs Datagram

Answer

A

TCP is segment

UDP is Datagram

Question 59

Q

IP 4 vs IP 6 bits

Answer

A

IP4 is 32 bit

IP6 is 128 bit

Question 60

Q

IP 4 Class Ranges

Answer

A

A is 0.0.0.0 to 127.255.255.255
First byte is network remaining for hosts

B is 128.0.0.0 to 191.255.255.255
First 2 bytes are network and the remaining are hosts

C is 192.0.0.0 to 223.255.255.255
First 3 are network and the last one is hosts

D is 224.0.0.0 to 239.255.255.255
Used for multicast addresses

E 240.0.0.0 to 255.255.255
Reserved for research

Question 61

Q

CIDR

Answer

A

Classless Interdomain Routing

Provides flexibility to increase of decrease class sized

Question 62

Q

TTL

Answer

A

Time to Live

Keeps packets from traversing a network forever

Question 63

Q

TOS

Answer

A

Type of Service

Prioritizes different packets

Question 64

Q

IP 6

Answer

A

Has IPSEC built in
allows scoped addresses
Does not require NAT

Answer 60

A

Intersite Tunneling Mechanism using UDP encapsulation

Answer 61

A

Intrasite tunneling mechanism

Answer 62

A

Attackers can use open ports for unintended traffic in and out of the network

Answer 63

A

MAC security standard (MACSec)

Provides a unique ID for a device

EAP-TLS digital certificate

Only communication over network is device authentication

Answer 64

A

provides hop by hop protection at layer 2

Only authenticated and trusted devices on the network can communicate with each other.

Answer 65

A

Each device compliant with 802.1AR comes with a built in device identifier (iDevID)

Answer 66

A

Provides data encryption, integrity, and origin authentication

Answer 67

A

Key agreement

carries out key agreement functions for the session keys used for data encryption

Answer 68

A

Remote Authentication Dial In Service

Authenticates devices by digital certificates using 802.1AR EAP-TLS

Answer 69

A

Trusted Platform Module

Answer 70

A

VOIP
FCoE
MPLS
ISCSI

Answer 71

A

Fiber Channel over Ethernet

allows fiberchannel frames to ride on Ethernet

Mostly used in SAN storage

Not common

Answer 72

A

Multiprotocol Label Switching

Frequently used to create Layer 2 VPNs

Called a layer 2.5 protocol
Data Link 2 and Network 3

Answer 73

A

ISCSI

Encapsulates SCSI data to TCP segments

Answer 74

A

addresses specific type of converged protocols

Transitions services from disparate media and protocols to IP

Answer 75

A

One channel transmission

Answer 76

A

Uses several channels

Answer 77

A

Analog signals are measured in amplitude and frequency

Digital signals represent binary digits

Answer 78

A

Asynchronous Transfer Mode

Data Link layer framed with start and stop indicators

Transfer data in a stream

Synchronous employs timing mechanisms

Answer 79

A

No timing component
Surrounds each bit with processing bits
Parity bit used for error control
Each byte requires three bits of instruction
  start  stop  parity

Answer 80

A

Timing component for data transmission synchronization
Robust error checking, commonly through
Cyclic Redundancy Checking (CRC)
Used for high speed, high volume transmissions
Minimal overhead compared to asynchronous communication

Answer 81

A

copper core that is surrounded by a shielding layer and grounding wire.

more resistant to electromagnetic interference (EMI)

Answer 82

A

loss of signal strength as it travels

Answer 83

A

signals of one wire spill over to the signals of another wire

Answer 84

A

Linear

Tree

Answer 85

A

all nodes connect to a central device

Ethernet

Answer 86

A

multiple connection routes

Answer 87

A

Maximum Transmission Unit

How much data a frame can carry

Answer 88

A

24 bit control frame used to control which computers communicate.

Token is passed from computer to computer.
Only the computer with the token can put frames on the wire.

used by token ring and FDDI technologies

Do not have problems with collisions

Answer 89

A

Used by ethernet
Carrier Sense Multiple Access with Collision Detection
Fasterthan token passing
Wireless uses
CSMA/Collision Avoidance
Each computer signals its intent to transmit data before it actually does so.

Answer 90

A

increased voltage on the line

Answer 91

A

a group of computers contending or competing for the same shared communication medium

Answer 92

A

are sets of computing nodes that all receive a layer 2 broadcast frame

Answer 93

A

When 2 distinct LANs are connected by a router

Answer 94

A

When 2 LANs are connected by a data link layer technology such as frame relay or ATM, they are a WAN

Answer 95

A

Contention based technology using a shared medium
Uses broadcast and collision domains
Uses CSMA CD or CA
Supports full duplex communication
Can use twisted pair, coaxal, or fiber optic cabling
Defined by standard IEEE 802.3

Answer 96

A

developed by ANSI
usually used as a backbone using fiber optic cabling
provides fault tolerance by offering a second counter rotating ring
primary ring sends data clockwise
secondary ring transmits data counterclockwise and invoked only if the primary goes down
Each node is connected to both rings

Answer 97

A

provides fixed bandwidth that can be allocated for specific applications

Answer 98

A

CDDI can work over UTP cabling

Answer 99

A

Ethernet is 802.3
FDDI is 802.4
Token ring is 802.5

Answer 100

A

Internet Group Management Protocol
used to report multiport group membership to routers
When a user access multicast traffic, they become a member of a multi cast group.

Answer 101

A

Data that is not fully encapsulated

Answer 102

A

Address Resolution Protocol
When data link layer receives a frame, the network layer has already assigned a destination IP
ARP broadcasts a frame requesting the MAC address for the destination IP.

Answer 103

A

Goal is to receive packets intended for another computer

This is a masquerading attack

Answer 104

A

Client broadcast on the network to discover the DHCP server

Answer 105

A

Server’s response to DHCP discover seeking an IP address

Answer 106

A

Client responds to confirm its acceptance of an IP address

Answer 107

A

DHCP
Discover
Offer
Request
Acknowledgement

Answer 108

A

method to shield networks from unauthenticated DHCP clients

Switches can direct clients to legitimate DHCP servers

Ensures DHCP servers can assign IP Addresses only to selected systems, identified by their MAC addresses

Answer 109

A

for diskless workstations to obtain IP addresses

Answer 110

A

Bootstrap Protocol for diskless workstations to obtain IP addresses

BootP is an enhancement to RARP

Answer 111

A

Internet Control Message Protocol

IP's messenger boy
delivers status messages
reports errors
replies to certain requests
reports routing information
PING

Answer 112

A

Ping is an ICMP utility to test connectivity to another system

Echo replies

Answer 113

A

data can be inserted to ICMP packets

Answer 114

A

sets up covert channel to send data illegitimately

Answer 115

A

used to view network status, traffic flows, and hosts

Answer 116

A

managers and agents

Manager is server that polls devices

Community string is a password

Answer 117

A

a password for SNMP

Community strings are sent in clear text in SNMP v1 and v2

Answer 118

A

161 and 162

Should be closed to untrusted networks

Version 3 of SNMP has encrypted passwords

Answer 119

A

implements PKI and digital signatures which allows DNS servers to validate the origin of a message to ensure it is not spoofed and potentially malicious

Answer 120

A

DNS in DMZ handles external hostname to IP addresses.

Internal DNS handles internal hostname to IP addresses

Answer 121

A

stolen domain registration

Answer 122

A

Simple Authentication and Security Layer

protocol independent framework for performing authentication

Answer 123

A

mail servers in DMZs may not be locked down enough

This enables spammers to spoof email via loosely configured relays

Answer 124

A

social engineering

Answer 125

A

Sender Policy Framework

Answer 126

A

zeroes in on certain people

Answer 127

A

zero in on a big fish

Answer 128

A

0.0.0 to 10.255.255.255 Class A
16.0.0 to 172.31.255.255 Class B
168.0.0 to 192.168.255.255 Class C

Answer 129

A

Static Mapping a pool of public IP addresses configured. Private addresses are statically mapped to specific public addresses

Dynamic Mapping Pool of IP addresses works as first come first serve

Port Address Translation Only one public IP address for all systems

Answer 130

A

routing decisions based on distance (or number of hops) and a vector (direction)

Looks only at the number of hops

RIP is a distance vector routing protocol

Answer 131

A

sees more than just number of hops

OSPF is a Link State Routing Protocol

Answer 132

A

RIP

outlines how routers exchange routing table data. calculates the shortest difference.

Considered legacy

Answer 133

A

OSPF
link state
allows for a hierarchical routing network
OSPF has replaced RIP

Answer 134

A

IGRP distance vector routing protocol

proprietary to CISCO

Answer 135

A

EIGRP
Cisco proprietary
faster routing than IGRP

Answer 136

A

adds intelligence to bridges
Ensures frames do not circle networks forever.
provides redundant paths
assigns priority valuies

Answer 137

A

tell the bridges where to send the packets

Answer 138

A

Public Branch Exchange

private telephone switch

Answer 139

A

Phone Hacker

Uses default passwords to enter PBX switches

Answer 140

A

Packet Filtering
Stateful
Proxy
Dynamic Packet Filtering
Kernel Proxy

Answer 141

A

Screened Host

Multihome

Screened Subnet

Answer 142

A

based on network level protocol values
configured with ACLs
dictate type of traffic

Answer 143

A

Packet filtering

Only have capability of reviewing protocol header at network and transport layers

Answer 144

A

Inbound traffic filtering

Answer 145

A

outbound traffic filtering

Answer 146

A

Packet filtering

device does not understand the content packets are working within

Answer 147

A

Packet filtering

gets the obvious junk

Answer 148

A

Cannot prevent attacks that employ application specific vulnerabilities or functions
have limited logging functionality
do not support advanced user authentication
cannot detect spoofed addresses
not able to detect packet fragmentation attacks

Answer 149

A

scalable
not application dependent
high performance
commonly used as first line of defense

Answer 150

A

remembers and keeps track of packets until connection is closed

Keeps state of connection

Answer 151

A

Maintains a state table that tracks each communication session
Provides a high degree of security and does not introduce the performance hit that application proxy firewalls introduce
Is scalable and transparent to users
Provides data for tracking connectionless protocols such as UDP and ICMP
Stores and updates the state and context of data within the packets

Answer 152

A

Middleman
intercepts and inspects messages before delivering them
Stands between a trusted and untrusted network.
Breaks the communication channel

Answer 153

A

creates a connection between two communicating systems.
Works at the session layer of the OSI model
cannot look into contents of a packet
Considered application dependent
Traffic appears to have come from the proxy

Answer 154

A

inspect the packet up through the application layer
Understands the packet as a whole
can make access decisions based on content
Understands services and protocols
can distinguish commands
Has one proxy per protocol

Answer 155

A

extensive logging capabilities

capable of authenticating users directly

Answer 156

A

not generally well suited to high bandwidth or real time applications
tend to be limited in terms of support for new network applications and protocols
They create performance issues because of the per-packet processing requirements.

Answer 157

A

a circuit level proxy gateway

provides secure channel between 2 computers

Answer 158

A

Creates an ACL that allows and external entity to communicate with an internal system via a high numbered port

Without this, you would punch holes in your firewalls for ports above 1023

Answer 159

A

faster than application level proxy firewalls

Connection between internal and external is broken

Answer 160

A

Kernel Proxy Firewall

Answer 161

A

Incorporates a signature based IPS engine

Connects to external data sources such as Active Directory

Answer 162

A

Packet Filtering  Network Layer
Stateful               Network Layer
Application Level
Proxy                    Application Layer
Circuit Level 
Proxy                    Session Layer
Dynamic packet filtering  Network Layer
Kernel Proxy         Application Layer
Next Generation   Multiple Layers

Answer 163

A

highly exposed device most likely to be targeted by attackers
Can be on the public side of a DMZ or directly connected to an untrusted network
Should have all unnecessary services and accounts disabled and administrative tools removed

Answer 164

A

device that has 2 interfaces
One connected to one network and one connected to another network
Should have packet forwarding and routing turned off

Answer 165

A

firewall that communicates directly with perimeter router and internal network

Answer 166

A

2 firewalls create a DMZ

Answer 167

A

attacker modifies a packet header to have the source address of a host inside the network to be attacked.

No reason for a packet with an internal address to come in from the outside.

Answer 168

A

IP Fragmentation

Teardrop attack

Overlapping fragment attack

Answer 169

A

Flaws within IP are exploited.

Causes DoS attacks

Answer 170

A

Malformed fragments are created by the attacker

When reassembled, cause system instability

Answer 171

A

overwrites a previously approved fragment and executes an attack on the victim system.

Answer 172

A

the packet defines the network path. bypasses the router.

Source routing is often disabled

Answer 173

A

intended to be exploited by attackers

Usually sits in the screened subnet or DMZ

Answer 174

A

slow down attacker

Answer 175

A

provide multiple functionalities in a single network appliance

Considered all in one devices

Answer 176

A

Single point of failure for traffic
Single point of compromise
Performance issues

Answer 177

A

multiple servers distributed across a large region optimized for users closest to it.

More resistant to Denial of Service attacks

Answer 178

A

dynamically route traffic to services and platforms

Answer 179

A

Cloud Computing

Big Data

Mobile computing

Answer 180

A

Where the internetwork routing decision are made

Part of the router that runs the routing protocol like OSPF.

Responsible for discovering the topology of the network and maintaining routing tables

Answer 181

A

where traffic forwarding decisions are made
Follows the directions of the control plane
Control plane is the strategic, methodical planner of traffic routing.
Forwarding plane is the tactical, fast executioner of those plans

Answer 182

A

Control plane is central

Forwarding is in each device

Answer 183

A

Open
API
Overlay

Answer 184

A

strictly internal vs internal with external links

Extranets are often used in business to business communication

Answer 185

A

Use EDI for internal communications and with other companies

commonly used with supplier companies to provide inventory for like Target, Walmart

Answer 186

A

Electronic Data Interchange

Provides structure and organization for electronic documents, orders, invoices, purchase orders, and data flow

Answer 187

A

usually a backbone that connects LANs to eachother and LAN to WAN, the internet, and telecommunication networks

Answer 188

A

Synchronous Optical Networks

Majority of Metropolitan Area networks are SONET or FDDI

Answer 189

A

telecommunications transmissions over fiber optic cables

SONET is self healing. If a break in a line occurs, it can use a backup redundant ring

Answer 190

A

Virtual LAN Service is a multipoint, Layer 2, VPN that connects 2 or more customer devices using ethernet bridging techniques

VPLS emulates a LAN over a managed IP/MPLS network

Answer 191

A

When a computer on one network needs to communicate with a network on the other side of the country or in a different country altogether, WAN technologies kick in

Answer 192

A

Telecommunication packets that travel on SONET

High speed network technology used in WAN implementations by carriers, ISPs, and telephone companies

Answer 193

A

Copper lines carry purely analog signals
T1 lines carry up to 24 conversations
T3 lines carry up to 28 T1 lines
Fiber Optics over SONET networks
ATM over SONET

Answer 194

A

also called a leased line or point to point link

Link is not shared with any other entities

Answer 195

A

Statistical time division Multiplexing

Transmits several types of data simultaneously across a single transmission line such as T1 or T3

Answer 196

A

Required when digital equipment will be used to communicate with telecommunication lines

Converts data from routers, switches, and multiplexers to be transmitted over service provider digital lines

Answer 197

A

Circuit switching and packet switching

Answer 198

A

Sets up a virtual connection that acts like a dedicated link between 2 systems

Answer 199

A

is not dedicated

flow may use various routes

Answer 200

A

Connection oriented virtual links
Traffic travels in a predictable and consistent manner
Fixed delays
Usually caries voice oriented data

Answer 201

A

packets can use many dynamic path
traffic is usually bursty in nature
variable delays
usually carries data oriented data

Answer 202

A

a WAN technology that operates at the data link layer

uses packet switching technology to let multiple companies and networks share the same WAN medium

Is considered legacy

Answer 203

A

like a private line with agreed upon availability

has guaranteed bandwidth

Answer 204

A

similar to dial up connections

Variable bandwidth

Answer 205

A

distinguishes between different classes of messages and assigns priority levels

Answer 206

A

Variable bit Rate VBR

Unspecified bit rate UBR

Available Bit Rate ABR

Answer 207

A

used in networks that use dedicated leased lines with permanent physical connections

Answer 208

A

a framing protocol that is used mainly for device to device communication

Answer 209

A

a data link protocol that carries out framing and encapsulation for point to point connections

encapsulation of multiprotocol packets

Often used in telecom

Answer 210

A

PAP Password Authentication Protocol
CHAP Challenge Handshake Authentication Protocol
EAP Extensible Authentication Protocol

Answer 211

A

Insecure as it sends passwords in cleartext

If must be used, use it over an encrypted connection

Answer 212

A

establishes, configures, and maintains connections

Used to carry out encapsulation format options
handles variable limits on packet sizes, detects loopback sizes

Answer 213

A

control how devices talk to eachother

Answer 214

A

High Speed Serial Interface

used to connect multiplexers and routers to high speed communication services such as ATM and frame relay

Answer 215

A

Session Initiation Protocol
sets up and breaks down call sessions
Application Layer Protocol that can work over TCP or UDP

A signaling protocol widely used for VOIP communication sessions

Answer 216

A

an ip telephony device
a call processing manager
voicemail system
gateway

Answer 217

A

Spam over Internet Telephony

Answer 218

A

Integrated Service Digital Network

Answer 219

A

Point to Point Tunneling Protocol
Used to secure PPP connections
Encapsulates PPP

Answer 220

A

PAP
CHAP
MS-CHAP
EAP TLS

Answer 221

A

Microsoft Point to Point Encryption

Answer 222

A

Restricted to IP
cannot support multiple connections
can be used for system to system communication but not gateway to gateway
PPTP relies on PPP functionality for a majority of its security functions
Never became an industry standard

Answer 223

A

combines features of PPTP and Cisco’s Layer 2 Forwarding (L2F)
L2TP tunnels PPP traffic over various network types
(IP, ATM, X25)
not just restricted to IP
Integrates with IPSec to provide confidentiality, integrity, and potentially another layer of authentication

Answer 224

A

A suite of protocols developed to protect IP traffic
bolts onto IP 4
PPTP and L2TP work at the data link layer.
IPSec works at the network layer

Answer 225

A

Authentication Header (AH)
Encapsulating Security Payload (ESP)
Internet Security Association and Key Management Protocol (ISAKMP)

Answer 226

A

AH and ESP

Answer 227

A

High Assurance Internet Protocol Encryptor
is a Type 1 encryption device based on IP
secure gateway that allows 2 enclaves to exchange date over an untrusted network
works at the Network layer
has largely replaces link layer encryption

Answer 228

A

Works at the session layer
used mainly to protect HTTP traffic
already embedded in most web browsers

Answer 229

A

to provide transport adjacency

more than one security protocol (ESP and AH) is used in a VPN tunnel

Answer 230

A

an IPSEC tunnel tunneled through another IPSec tunnel

Answer 231

A

TLS portal VPN

TLS tunnel VPN

Answer 232

A

single standard TLS connection to a website
called a portal because a single location provides access to other resources
remote user accesses TLS/VPN gateway using a browser, is authenticated, and presented with a webpage for services

Answer 233

A

Individual uses a web browser to securely access multiple network services including applications and services that are not web based

Answer 234

A

Works in a client server model
Extends and protects PPP connections
Works at the data link layer
Transmits over IP networks only

Answer 235

A

Hybrid of L2F and PPTP
Extends and protects PPP connections
Works at the data link layer
Transmits over multiple types of networks, not just IP
Combined wiht IPSec for security

Answer 236

A

Handles multiple VPN connections at the same time
Provides secure authentication and encryption
Supports only IP Networks
Focuses on LAN to LAN communication rather than user to user communication
Works at the network layer, and provides security on top of IP

Answer 237

A

Works at the session layer and protects mainly web and email traffic
Granular access control and configuration available
Easy deployment since TLS is already embedded in web browsers
Can only protect a small number of protocol types
Not an infrastructure level VPN solution

Answer 238

A

used by remove users to authenticate over PPP connections
Provides identification and authentication
Credentials are sen to the authentication server after a connection has been established via PPP
Authentication server has a database to authenticate users
PAP security is the least secure because credentials are sent in cleartext

Answer 239

A

addresses vulnerabilities found in PAP
uses a challenge/response instead of having the user send password over the wire
Server sends a one time challenge (NONCE)
Challenge is encrypted

Answer 240

A

Microsoft version of CHAP provides mutual authentication functionality
Has 2 versions that are incompatible
Not vulnerable to P
man in the middle attacks because it continues the challenge/response activity

Answer 241

A

supported by PPP provides a framework to enable many types of authentication techniques.
Can use one time passwords, token cards, biometrics, Kerberos, digital certificates

Answer 242

A

FHSS uses only a portion of the total bandwidth available.

DSSS uses all available bandwidth

Answer 243

A

No APs
called infrastructure WLAN used to extend an existing wired network
acts as a wireless hub stream symmetric cipher

Answer 244

A

use of static encryption keys
ineffective use of initialization vectors
Lack of packet integrity assurance

Answer 245

A

backward compatible with WLAN devices
TKIP generates new dynamic keys
Made to increase security of WE{ or replace it without the need for hardware upgrade

Answer 246

A

AirSnort

WEPCrack

Answer 247

A

CISCO proprietary

Answer 248

A

used by Microsoft and others

Authenticates by digital certificates

Answer 249

A

is server side only EAP

Answer 250

A

Multipurpose Internet Mail Extensions

specifies how multimedia and email binary attachments are to be transferred

Answer 251

A

Secure MIME is a standard for encrypting and digitally signing email and providing secure transmission

Answer 252

A

PGP
Phil Zimmerman freeware email security program
First widespread public key encryption program
is a complete cryptosystem that protects email and files
Can use RSA public key encryption for key management and IDEA symmetric cipher for bulk encryption of data
Uses MD5 hashing algorithm,
authentication by using public key certificates

Answer 253

A

Used by PGP instead of Certificate Authorities (CA)

Answer 254

A

HTTP running over Secure Sockets Layer (SSL)or TLS.

Answer 255

A

uses public key encryption and provides data encryption, server authentication, message integrity, and optional client authentication
SSL developed by Netscape and not open community pits security protocol

Answer 256

A

Padding Oracle On Downgraded Legacy Encryption attach in 2014 was death for SSL Forces SSL to downgrade its security for the sake of interoperabiity

Answer 257

A

functions as a type of tunneling mechanism
provides terminal like access to remote computers. SSH is a program and protocol that can be used to log into another computer over a network

Answer 258

A

compromises the availability of a system

results in a service or resource degraded or made unavailable to legitimate users

Answer 259

A

Ping of death
ICMP echo attack
early networks did not enforce the maximum length of a ICMP packet which is 65536 bytes. Operating systems could not handle packets larger

Answer 260

A

overwhelm the target computer with packets.

Answer 261

A

exploits the three way handshake that TCP users

Answer 262

A

High volume DOS
uses an army of hijacked or zombie computers
Best defense is a content based distribution network

Answer 263

A

Is the attack of confidentiality of your data

Requires NICs to be in promiscuous mode

Brainscape's Knowledge GenomeTM

CISSP Domain 4 Flashcards

Brainscape's Knowledge Genome^TM