Communication and Network Security Flashcards
This domain represents 14 percent of the CISSP exam. The Communication and Network Security domain requires a thorough understanding of network fundamentals, secure network design, concepts of network operation, networking technologies and network management techniques.
Q. 1 The purpose of intrusion detection is
To detect attacks and other anomalies Your selection is incorrect To make sure that people aren’t trying to tailgate through security entrances To verify that the honeypot or honeynet is working correctly To detect hacking attempts that the firewall misses
A.
[Communication and Network Security] Intrusion detection identifies intrusion attempts, attacks, and other anomalies on the host or network.
Q. 2 Which of the following are examples of encapsulation protocols? Drag and drop the correct answer(s) from top to bottom. PGP IPSec L2TP SMTP PPP SLIP
IPSec
SLIP
PPP
L2TP
[Communication and Network Security] The Simple Mail Transfer Protocol (SMTP) is used to send email; it is not an encapsulation protocol. Pretty Good Privacy (PGP) is a data encryption program; it is not an encapsulation protocol.
Q. 3 Which of the following cable types is most difficult to tap by eavesdroppers?
Fiber optic UTP Coax STP
Fiber optic
A. [Communication and Network Security] Unshielded twisted pair (UTP), shielded twisted pair (STP), and coax cables all are relatively easy for an eavesdropper to tap. Fiber optic cable is more difficult to tap because it requires specialized equipment to tap light media and the fiber optic cable can be easily damaged, which would make eavesdropping activity easily detectable.
Q. 4 Which of the following are link-state routing protocols? Drag and drop the correct answer(s) from top to bottom.
RIP
BGP
IS-IS
OSPF
IS-IS
OSPF
[Communication and Network Security] Routing Information Protocol (RIP) is a distance vector routing protocol. Border Gateway Protocol (BGP) is distance vector (or path vector) routing protocol.
Q. 5 An access control list is NOT used by
A firewall or screening router to determine which packets should pass through A router to determine which administrative nodes may access it A bastion host to determine which network services should be permitted A client system to record and save passwords
A client system to record and save passwords
D.
[Communication and Network Security] Access control lists (ACLs) commonly are used on firewalls, routers, and bastion hosts. ACLs are not used to save passwords on a computer.
Q. 6 The purpose of a bastion host is to
Be a backup firewall in case the main firewall fails or becomes overloaded Host Internet-facing services Serve as the security management server Serve as the firewall management server
Host Internet-facing services
[Communication and Network Security] A bastion host is used to host Internet-facing services, such as a website or domain name service (DNS) server.
Q. 7 PAP is considered a weak authentication protocol because
It uses a static password that’s not encrypted It uses a changing, but predictable, password that’s not encrypted Its session keys are easily guessed Only the first four characters of the password are significant
It uses a static password that’s not encrypted
[Communication and Network Security] Password Authentication Protocol (PAP) uses a static password that is not encrypted.
Q. 8 Wardriving is the term used to describe
Aggressive driving Sniffing wireless networks to look for vulnerabilities Running multiple concurrent port scanning tools on a system Running Call of Duty™ on a gigabit Ethernet
Sniffing wireless networks to look for vulnerabilities
[Communication and Network Security] War driving is similar to war dialing; an individual uses a wireless mobile device and special software while driving or roaming around looking for vulnerable WiFi networks.
Q. 9 A disadvantage of signature-based intrusion detection is that
It can’t recognize unknown attacks It detects intrusions only on hosts, not on networks It detects intrusions only on networks, not on hosts It can detect only mechanized attacks, not hacker attack
It can’t recognize unknown attacks
[Communication and Network Security] Signature-based IDS only can detect attacks that are defined in its signature file. Therefore, it is of limited effectiveness for zero-day threats.
Q. 10 Operational security issues associated with virtualized environments include which of the following? Drag and drop the correct answer(s) from top to bottom. Keep the correct answers in alphabetical order.
Dynamic DNS Dormant VMs Hypervisor Incompatibility Network Visibilty VM sprawl
Dormant VMs
VM sprawl
Network Visibilty
[Communication and Network Security] The rapid and often unmanaged (uncontrolled) growth of VMs in the data center (VM sprawl), VMs that aren’t actively running and therefore not regularly patched (dormant VMs), and a lack of network visibility to multiple VMs running on a physical host are all operational security issues associated with virtualized environments.
Q. 11 The ping command sends
IGRP Echo Reply packets IGRP Echo Request packets ICMP Echo Request packets UDP Echo Request packets
ICMP Echo Request packets
[Communication and Network Security] Packet Internet Groper (ping) is an Internet Control Message Protocol (ICMP) command that sends Echo Reply packets.
Q. 12 Which of the following are private circuit technologies? Drag and drop the correct answer(s) from top to bottom.
MPLS
E1
T3
xDSL
E1
T3
xDSL
[Communication and Network Security] Multiprotocol label switching (MPLS) is a type of data-carrying technique commonly used on carrier networks. It is not a private circuit technology.
Q. 13 The biggest disadvantage of callback security is
The caller can call only from a predetermined location It only works in networks that support caller ID It’s vulnerable to replay attack It works only in networks that support *69 functionality
The caller can call only from a predetermined location
[Communication and Network Security] Callback security associates a dial-in user with a callback phone number, which requires the caller to call from a predetermined phone number (location).
Q. 14 A security engineer has determined that a Wi-Fi access point uses the WEP protocol and broadcasts its SSID. The best course of action is
Change to WPA2 Turn off broadcast Change to WPA2 and turn off broadcast Add MAC address access control
Change to WPA2 and turn off broadcast
[Communication and Network Security] Implementing the WiFi Protected Access 2 (WPA2) security protocol and turning off SSID broadcasting is the most secure solution.
Q. 15 What’s the purpose of NAT?
To convert a session’s private IP address to a public address To detect spoofed IP packets To counterattack hacking attempts To facilitate court-ordered wiretaps
To convert a session’s private IP address to a public address
[Communication and Network Security] Network Address Translation (NAT) is used to convert private, non-routable IP addresses into routable public IP addresses.
Q. 16 The primary security benefit of a switched LAN versus a shared-media LAN is
Switches don’t transmit spoofed IP packets Broadcast packets are sent only to nodes on the local switch Unlike a shared-media LAN, a network sniffer can’t capture all switched LAN traffic Switches aren’t vulnerable to broadcast storms
Unlike a shared-media LAN, a network sniffer can’t capture all switched LAN traffic
[Communication and Network Security] Traffic on a switched LAN is sent only to the physical switch port associated with the destination node. A shared-media LAN broadcasts traffic across ports.
Q. 17 Which of the following are examples of protocols used to create a VPN? Drag and drop the correct answer(s) from top to bottom.
IPSec L2TP P2P PPTP MAC SSL
IPSec
SSL
PPTP
L2TP
Communication and Network Security] P2P is not a VPN protocol standard; it refers to a point-to-point network connection or a peer-to-peer distributed application architecture. Media access control (MAC) is a physical hardware address, not a VPN protocol standard.
Q. 18 A disadvantage of host-based intrusion detection is that
Event correlation isn’t possible It can’t detect broadcast packets It consumes resources on the host It can perform only signature-based detection
It consumes resources on the host
[Communication and Network Security] Host-based IDS consumes resources on the host because the IDS must analyze potentially high volumes of network traffic.
Q. 19 The main disadvantage of signature-based intrusion detection is
It’s considerably more expensive than linguistic intrusion detection Some hackers are good at forging other people’s signatures Signatures must be kept up-to-date Handwriting samples are inconsistent and not always legible
Signatures must be kept up-to-date
[Communication and Network Security] Like antivirus (anti-malware) software, signature-based intrusion detection systems must be frequently updated to be effective against new and evolving (zero-day) threats.
Q. 20 Which of the following is NOT true of an Ethernet network?
Ethernet is a broadcast medium Ethernet is a switched medium IP addresses can be forged on an Ethernet network MAC addresses can be forged on an Ethernet network
Ethernet is a broadcast medium
[Communication and Network Security] Ethernet is a switched medium; it is not a broadcast medium.
Q. 21 The purpose of Layer 1 in the OSI model is to
Transmit and receive bits Sequence packets and calculate checksums Perform application-to-application communications Transmit and receive frames
Transmit and receive bits
[Communication and Network Security] The Physical layer (Layer 1) in the OSI model is concerned with sending and receiving bits.
Q. 22 Which of the following are basic types of wireless antennas? Drag and drop the correct answer(s) from top to bottom.
omnidirectional Parabolic Sectorized Compartmentalized Anabolic Yagi
omnidirectional
Parabolic
Sectorized
Yagi
[Communication and Network Security] Compartmentalized and anabolic are not antenna types.
Q. 23 Which of the following are examples of routed protocols? Drag and drop the correct answer(s) from top to bottom.
OSPF
EIGRP
BGP
IPX
IPX
[Communication and Network Security] Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), and Border Gateway Protocol (BGP) are all routing protocols, not routed protocols.
Q. 24 Which of the following authentication technologies are commonly used in federated environments? Drag and drop the correct answer(s) from top to bottom.
OAuth OTP OpenID SAML API SSO
OAuth OTP OpenID SAML SSO
[Identity and Access Management] Neither one-time passwords (OTPs) nor application programming interfaces (APIs) are authentication technologies.
Q. 25 A system used to identify anomalies on a network is known as a
Protocol analyzer Network-based intrusion detection system Signature-based intrusion prevention system Packet sniffer
Network-based intrusion detection system
[Communication and Network Security] A network-based IDS is used to detect possible intrusions based on signature- or anomaly-based methods.
Q. 26 Stateful inspection firewalls
Are no longer used because all network traffic is stateless Record the state of each packet in their logs Are more CPU intensive than simple packet-filtering firewalls Are easy to manage because their rule sets are self-healing
Are more CPU intensive than simple packet-filtering firewalls
[Communication and Network Security] Stateful inspection firewalls require more CPU power than packet-filtering firewalls because they maintain state information about all active sessions traversing the firewall.
Q. 27 132.116.72.5 is a(n)
MAC address IPv4 address Subnet mask IPv6 address
IPv4 address
[Communication and Network Security] An IP address is a 32-bit numeric address separated into four octets.
Q. 28 TCP is a poor choice for streaming video because
It’s too bursty for large networks Acknowledgement and sequencing add significantly to its overhead Checksums in video packets are meaningless TCP address space is nearly exhausted
Acknowledgement and sequencing add significantly to its overhead
[Communication and Network Security] TCP is a connection-oriented protocol that adds overhead to guarantee delivery, sequencing, and acknowledgement of packets that are sent over a network, which typically is not necessary for streaming video communications.
Q. 29 10.20.30.40 is an example of
A Boolean operator on a complex firewall rule A subnet mask The default step function for VPN encryption A private, non-routable IP address
A private, non-routable IP address
[Communication and Network Security] Private, non-routable IP addresses include addresses in the following ranges: 10.0.0.0 – 10.255.255.255, 172.16.0.0 – 172.31.255.255, and 192.168.0.0 – 192.168.255.255.
Q. 30 SMTP is used to
Transmit network management messages Tunnel private sessions through the Internet Simulate modems Transport email
Transport email
[Communication and Network Security] The Simple Mail Transfer Protocol (SMTP) is used to send email messages on the Internet.
Q. 31 04:c6:d1:45:87:E8 is a(n)
MAC address IPv4 address Subnet mask IPv6 address
MAC address
[Communication and Network Security] A media access control (MAC) address is a 48-bit hardware or physical address separated in 6 byte segments.
Q. 32 A denial of service attack
Is the result when an administrator disables unnecessary network services Is designed to prevent legitimate users from being able to use a resource Occurs when a user lacks sufficient security credentials Is when an intruder replays a previous session to establish non-repudiation
Is designed to prevent legitimate users from being able to use a resource
[Communication and Network Security] A denial of service (DOS) attack denies the availability of a system, application, or network from legitimate users.
Q. 33 Which of the following diagrams depicts a private, non-routable IP address? Click one of the four panels below to select your answer choice.
00: 50:56:b8:03:bb
172. 16.256.12
192. 168.250.24
172. 15.222.22
192.168.250.24
[Communication and Network Security] 192.168.250.24 is an example of a private, non-routable Class C address in the range 192.168.0.0 to 192.168.255.255.
Q. 34 The Routing Information Protocol (RIP) uses which of the following methods to prevent routing loops? Drag and drop the correct answer(s) from top to bottom.
Dual homing Route poisoning Event horizon Holddown timers Split horizon
Holddown timers
Split horizon
[Communication and Network Security] Split horizon and holddown timers are valid techniques used to prevent routing loops in Routing Information Protocol (RIP) networks.
Q. 35 Which of the following are examples of converged protocols? Drag and drop the correct answer(s) from top to bottom.
FCoe SSL DNP3 BGP iSCSI MPLS SIP
FCoe
iSCSI
MPLS
SIP
[Communication and Network Security] Session Initiation Protocol (SIP), Internet Small Computer System Interface (iSCSI) Fiber Channel over Ethernet (FCoE), and Multiprotocol Label Switching (MPLS) are converged protocols. Border Gateway Protocol (BGP) is a routing protocol. Distributed Network Protocol (DNP3) is a set of communications protocols used between components in process automation systems.
Q. 36 The core component of virtualization technology which runs between a hardware kernel and an operating system is the
Hypervisor Flux capacitor Software kernel API
Hypervisor
[Communication and Network Security] The hypervisor abstracts the hardware kernel from the operating system in virtualized environments.
Q. 37 What’s the purpose of RARP?
When given an IP address, RARP returns a MAC address When given a MAC address, RARP returns an IP address It traces the source address of a spoofed packet It determines the least cost route through a multipath network
When given a MAC address, RARP returns an IP address
[Communication and Network Security] The Reverse Address Resolution Protocol (RARP) is used to translate a MAC address to a IP address.
Q. 38 Which of the following diagrams depicts an IPv6 address?
2016:db6::8000:ac12:fe01
192.168.12.220
00:50:56:b8:03:bb
E3:52:9D:B1
2016:db6::8000:ac12:fe01
[Communication and Network Security] An IPv6 address is represented as eight groups of four hexadecimal digits with each group representing 16 bits (two octets) and separated by a colon.
Q. 39 Common anti-malware approaches include which of the following? Drag and drop the correct answer(s) from top to bottom.
Neural-based Anomaly-based Application whitelisting Container-based Email notification Signature-based
Anomaly-based
Application whitelisting
Container-based
Signature-based
[Communication and Network Security] Neural-based and email notification are not valid anti-malware approaches. Signature-based (most common), anomaly-based, application whitelisting, and container-based anti-malware approaches are commonly used.
Q. 40 UDP is sometimes called the “unreliable data protocol” because
It works only on low-speed wireless LANs UDP packets rarely get through because they have a low priority Few people know how to program UDP The UDP protocol does not guarantee delivery
The UDP protocol does not guarantee delivery
[Communication and Network Security] UDP is a connectionless protocol that does not guarantee delivery, sequencing, or acknowledgement of packets that are sent over a network.
Q. 41 Which of the following diagrams correctly illustrates the levels of the OSI model?
- Application, Session, Presentation, Network, Transport, Data Link, Physical
- Application, Transport, Internet, Network Access
- Application, Presentation, Session, Transport, Network, Data Link, Physical
- Application, Presentation, Session, Transport, Internet, Data Link, Physical
- Application, Presentation, Session, Transport, Network, Data Link, Physical
[Communication and Network Security] The layers of the OSI Model, from Layer 1 to Layer 7, are: Physical, Data Link, Network, Transport, Session, Presentation, Application.
Q. 42 One of the difficulties associated with network-based intrusion detection systems is
Synchronizing the signature file with the firewall The steep learning curve associated with IDS The high number of false negatives that must be eliminated The high number of false positives that must be eliminated
The high number of false positives that must be eliminated
[Communication and Network Security] IDS is known for a high number of false positive results that must be investigated, classified, and eliminated.
Q. 43 What’s the purpose of ARP?
When given an IP address, ARP returns a MAC address When given a MAC address, ARP returns an IP address It calculates the shortest path between two nodes on a network It acquires the next IP address on a circular route
When given an IP address, ARP returns a MAC address
[Communication and Network Security] The Address Resolution Protocol (ARP) is used to translate an IP address to a MAC address.
