ISC2 - Study Notes 10

Question 1

In some instances, an attacker is able to access a smartphone and issue specific commands to it. This enables the attacker to make phone calls, enable call forwarding, send messages, read and write data, connect to the Internet, and turn on the speaker to eavesdrop on conversations.

Answer 1

Bluebugging

Question 2

??? is relatively harmless. It allows users to send unsolicited messages to nearby Bluetooth devices, but it does not involve modifying a phone’s data.

Answer 2

Bluejacking

Question 3

Security VLANs separate traffic from one broadcast domain to another. This is especially useful if sensitive data is transmitted over a network.

Improved performance VLANs reduce the size of broadcast domains and improve their performance because there is less traffic within each broadcast domain.

Reduced costs A VLAN doesn’t require any additional hardware if the switches support VLANs.

Answer 3

VLAN Info

Question 4

can protect VoIP transmissions and provides confidentiality, authentication, and replay protection.

Answer 4

SRTP

Question 5

are placed logically between the user and the Internet. It’s common to place the ??? in the demilitarized zone (DMZ) and configure web browsers to send all web page requests to the Internet via the ???.

Answer 5

Proxy servers

Question 6

A packet-filtering firewall uses rules within access control lists (ACLs) to filter the traffic. ACLs filter traffic based on source or destination IP addresses, subnet addresses, entire domains, ports, and/or protocols. The ACLs provide segmentation of a network, by restricting traffic into or out of the network.

A packet-filtering firewall uses an implicit deny philosophy. All traffic is blocked (implicitly denied) unless there is a rule in the ACL that explicitly allows the traffic.

Answer 6

Packet-Filtering Firewall

Question 7

allows traffic that is part of an active connection or that is initiating a new connection. It rejects traffic that is not part of an active connection or that is not initiating a new connection. It also includes basic packet-filtering capabilities of a packet-filtering firewall.

Answer 7

A stateful inspection firewall

Question 8

UTM (NGFW) : malware blocking, spam filtering, URL filtering.

A DMZ is typically created with two firewalls. Using firewalls from two separate vendors provides defense diversity for the DMZ.

Answer 8

Info

Question 9

One of the primary risks of a remote access server is that anyone with access to a phone or the Internet can try to connect to the server.

A tunneling protocol encapsulates data used on an internal network and transmits it over the public network.

VPN Tunneling Protocol : L2F provides an authentication mechanism, but does not encrypt the traffic.

Answer 9

Info

Question 10

A significant weakness of PPTP is that the initial authentication connection is not encrypted. Information in the initial session can include usernames and passwords that can be intercepted by attackers. Even though the passwords are sent in a hashed form instead of in cleartext, attackers can capture them with a sniffer and use the usernames and password information in a replay attack.

L2TP : doesnt itself encrypt traffic but is used w/IPSec for encryption and authentication.

Answer 10

Info