Telecommunications, Network, and Internet Security Flashcards

Question 1

Q

QUESTION NO: 815 Frame-relay uses a public switched network to provide: A. Local Area Network (LAN) connectivity B. Metropolitan Area Network (MAN) connectivity C. Wide Area Network (WAN) connectivity D. World Area Network (WAN) connectivity

Answer

A

Answer: C

Question 2

Q

QUESTION NO: 816 Which of the following technologies has been developed to support TCP/IP networking over lowspeed serial interfaces? A. ISDN B. SLIP C. xDSL D. T1

Answer

A

Answer: B Explanation: SLIP, Serial Line IP, is a currently a de facto standard, commonly used for point-to-point serial connections running TCP/IP.

Question 3

Q

QUESTION NO: 817 Which of the following provide network redundancy in a local network environment? A. Mirroring B. Shadowing C. Dual backbones D. Duplexing

Answer

A

Answer: C

Question 4

Q

QUESTION NO: 818 Which of the following is a Wide Area Network that was originally funded by the Department of Defense, which uses TCP/IP for data interchange? A. the Internet B. the Intranet C. the Extranet D. The Ethernet

Answer

A

Answer: A

Question 5

Q

QUESTION NO: 819 Internet specifically refers to the global network of: A. public networks and Internet Service Providers (ISPs) throughout the world B. private networks and Internet Services Providers (ISPs) through the world C. limited networks and Internet Service Providers (ISPs) throughout the world D. point networks and Internet Service Providers (ISPs) throughout the world

Answer

A

Answer: A

Question 6

Q

QUESTION NO: 820 To improve the integrity of asynchronous communications in the realm of personal computers, the Microcom Networking Protocol (MNP) uses a highly effective communications error-control technique known as A. Cyclic redundancy check. B. Vertical redundancy check. C. Checksum. D. Echoplex.

Answer

A

Answer: D

Question 7

Q

QUESTION NO: 821 Organizations should consider which of the following first before connecting their LANs to the Internet? A. plan for implementing W/S locking mechanisms B. plan for protecting the modem pool C. plan for providing the user with his account usage information D. plan for considering all authentication options

Answer

A

Answer: D

Question 8

Q

QUESTION NO: 822 Which xDSL flavour delivers both downstream and upstream speeds of 1.544 Mbps over two copper twisted pairs? A. HDSL B. SDSL C. ADSL D. VDSL

Answer

A

Answer: A Explanation: HDSL – High-Data-Rate Digital Subscriber Line – 1.544 Mbps each way over 2 copper twisted pair

Question 9

Q

QUESTION NO: 823 Which of the following statements pertaining to Asynchronous Transfer Mode (ATM) is false? A. It can be used for voice B. It can be used for data C. It carries various sizes of packets D. It can be used for video

Answer

A

Answer: C Explanation: “Asynchronous transfer mode (ATM) is a cell-switching technology, as opposed to a packet-switching technology like Frame Relay. ATM uses virtual circuits much like Frame Relay, but because it uses fixed-size frames or cells, it can guarantee throughput. This makes ATM an excellent WAN technology for voice and video conferencing.”

Question 10

Q

QUESTION NO: 824 Satellite communications are easily intercepted because__ A. transmissions are continuous 24 hours per day. B. a satellite footprint is narrowly focused. C. a satellite footprint is very large. D. a satellite footprint does not change.

Answer

A

Answer: C Explanation: I think it may have to do with the footprint of the satellite. Footprint - The area of Earth with sufficient antenna gain to receive a signal from a satellite. - http://www.aero.org/publications/crosslink/winter2002/backpage.html Not A: Granted Satellites transmit but they may not do it 24x7 as it could be only when traffic is sent.

Question 11

Q

QUESTION NO: 825 Which one of the following protocols CANNOT be used for full duplex Wide Area Network (WAN) communications? A. Synchronous Data Link Control (SDLC) B. Serial Line Internet Protocol (SLIP) C. Point-to-Point Protocol (PPP) D. High-Level Data Link Control (HDLC)

Answer

A

Answer: B Explanation: By exclusion SLIP is the correct answer. Note: Serial Line Internet Protocol (SLIP) is an older technology developed to support TCP/IP communications over asynchronous serial connections, such as serial cables or modem dial-up. Pg 96. Tittel: CISSP Study Guide. SLIP is serial protocol opposed to WAN protocol. Not SDLC: SDLC is full duplex. “SDLC was developed to enable mainframes to communicate with remote locations.” Pg 456 Shon Harris CISSP Certification Exam Guide. This is a WAN protocol. Not C. “PPP is a full-duplex protocol that provides bi-directional links over synchronous, asynchronous, ISDN, frame relay and SONET connections.” Pg. 472 Shon Harris CISSP All-In-One Certification Exam Guide. PPP is full-duplex. Not D. “HDLC is an extension of SDLC, which is mainly used in SNA environments. HDLC provides high throughput because it supports full-duplex transmissions and is used in point-to-point and multipoint connections.” Pg 456 Shon Harris CISSP All-In-One Certification Exam Guide. PPP is full-duplex.

Question 12

Q

QUESTION NO: 826 Fast ethernet operates at which of the following? A. 10 Mbps B. 100 Mbps C. 1000 Mbps D. All of the above

Answer

A

Answer: B Explanation: “Fast Ethernet 100Mbps – IEE 802.3u”

Question 13

Q

QUESTION NO: 827 Which of the following statements about the “Intranet” is NOT true? A. It is an add-on to a local area network. B. It is unrestricted and publicly available. C. It is usually restricted to a community of users D. it can work with MANS or WANS

Answer

A

Answer: B Explanation: “An intranet is a ‘private’ network that uses Internet technologies, such as TCP/IP. The company has Web servers and client machines using Web browsers, and it uses the TCP/IP protocol suite. The Web pages are written in Hypertext Markup Language (HTML) or Extensible Markup Language (XML) and are accessed via HTTP.” Pg 395 Shon Harris: All-In-One CISSP Certification Guide.

Question 14

Q

QUESTION NO: 828 Frame relay and X.25 networks are part of which of the following? A. Circuit-switched services B. Cell-switched services C. Packet-switched services D. Dedicated digital services

Answer

A

Answer: C Explanation: Packet-Switched Technologies: X.25 Link Access Procedure-Balanced (LAPB) Frame Relay Switched Multimegabit Data Service (SMDS) Asynchronous Transfer Mode (ATM) Voice over IP (VoIP)

Question 15

Q

QUESTION NO: 829 A Wide Area Network (WAN) may be privately operated for a specific user community, may support multiple communication protocols, or may provide network connectivity and services via: A. interconnected network segments (extranets, intranets, and Virtual Private Networks) B. interconnected network segments (extranets, internets, and Virtual Private Networks) C. interconnected netBIOS segments (extranets, intranets, and Virtual Private Networks) D. interconnected NetBIOS segments (extranets, interest, and Virtual Private Networks)

Answer

A

Answer: A

Question 16

Q

QUESTION NO: 830 What is the proper term to refer to a single unit of Ethernet data? A. Ethernet segment B. Ethernet datagram C. Ethernet frame D. Ethernet packet

Answer

A

Answer: C Explanation: When the Ethernet software receives a datagram from the Internet layer, it performs the following steps: 1.) Breaks IP layer data into smaller chunks if necessary which will be in the data field of ethernet frames. Pg. 40 Sams Teach Yourself TCP/IP in 24 hrs.

Question 17

Q

QUESTION NO: 831 Which of the following is a LAN transmission protocol? A. Ethernet B. Ring Topology C. Unicast D. Polling

Answer

A

Answer: C Reference: “LAN Transmission Methods. LAN data is transmitted from the sender to one or more receiving stations using either a unicast, multicast, or broadcast transmission.” pg 528 Hansche: Official (ISC)2 Guide to the CISSP Exam

Question 18

Q

QUESTION NO: 832 Which of the following access methods is used by Ethernet? A. CSMA/CD B. CSU/DSU C. TCP/IP D. FIFO

Answer

A

Answer: A Explanation: “Under the Ethernet CSMA/CD media-access process, any computer on a CSMA/CD LAN can access the network at any time.” Pg. 103 Krutz: The CISSP Prep Guide.

Question 19

Q

QUESTION NO: 833 Which one of the following data transmission technologies is NOT packet-switch based? A. X.25 B. ATM (Asynchronous Transfer Mode) C. CSMA/CD (Carrier Sense Multiple Access/Collision Detection) D. Frame Relay

Answer

A

Answer: B Explanation: “Examples of packet-switching networks are X.25, Link Access Procedure-Balanced (LAPB), Frame Relay, Switched Multimegabit Data Systems (SMDS), Asynchronous Transfer Mode (ATM), and Voice over IP (VoIP).” Pg 146 Krutz: CISSP Prep Guide: Gold Edition. http://en.wikipedia.org/wiki/Virtual_circuit

Question 20

Q

QUESTION NO: 834 Unshielded (UTP) does not require the fixed spacing between connections that is: A. necessary with telephone-type connections B. necessary with coaxial-type connections C. necessary with twisted pair-type connections D. necessary with fiber optic-type connections

Answer

A

Answer: B Explanation: “Fixed spacing between connections” is referring to the fixed-sized insulation that separates the inner wire from the shielding.

Question 21

Q

QUESTION NO: 835 What type of cable is used with 100Base-TX Fast Ethernet? A. Fiber-optic cable B. Four pairs of Category 3, 4, or 5 unshielded twisted-pair (UTP) wires. C. Two pairs of Category 5 unshielded twisted-pair (UTP) or Category 1 shielded twisted-pair (STP) wires D. RG-58 Cable

Answer

A

Answer: C

Question 22

Q

QUESTION NO: 836 Which cable technology refers to the CAT 3 and Cat5 Categories? A. Coaxial cables B. Fiber Optic cables C. Axial cables D. Twisted Pair cables

Answer

A

Answer: D

Question 23

Q

QUESTION NO: 837 On which Open System Interconnection (OSI) Reference Model layer are repeaters used as communications transfer devices? A. Data-link B. Physical C. Network D. Transport

Answer

A

Answer: B Explanation: This original answer is wrong (network) repeater is physical layer. Repeaters just regenerates the signal “Hubs are multi port repeaters, and as such they obey the same rules as repeaters (See previous section OSI Operating Layer). They operate at the OSI Model Physical Layer.” http://www.thelinuxreview.com/howto/intro_to_networking/c5434.htm

Question 24

Q

QUESTION NO: 838 In the OSI/ISO model, at what layer are some of the SLIP, CSLIP, PPP, control functions are provided? A. Data Link B. Transport C. Presentation D. Application

Answer

A

Answer: A

Question 25

Q

QUESTION NO: 839 In the OSI/ISO model, at what level are TCP and UDP provided? A. Transport B. Network C. Presentation D. Application

Answer

A

Answer: A Explanation: Transport Layer. …. TCP and UDP operate on this layer.’ Pg 82. Krutz: The CISSP Prep Guide.

Question 26

Q

QUESTION NO: 840 DNS, FTP, TFTP, SNMP are provided at what level of the OSI/ISO model? A. Application B. Network C. Presentation D. Transport

Answer

A

Answer: A

Question 27

Q

QUESTION NO: 841 Which of the following OSI layers does not provide confidentiality? A. Presentation B. Network C. Transport D. Session

Answer

A

Answer: C Explanation: 1. Reference: “[Network Layer] The routing protocols are located at this layer and include the following: …..Internet Protocol Security (IPSec)”. “The following protocols operate within the Session layer: Secure Sockets Layer (SSL)”. “The Presentation layer is also responsible for encryption and compression.” Pg 61-62 Tittel: CISSP Study Guide 2. According to this chart: http://en.wikipedia.org/wiki/OSI_model Network - IPSEC Presentation – SSL/TLS Session – L2TP Transport – remains an answer. 3. According to Shon Harris / CISSP 5th edition, SSL is at the TRANSPORT layer Conclusion: So, 3 different sources put SSL at 3 completely different layers. But using 1 of the 2 sources does get you with ‘transport’ as being the answer.

Question 28

Q

QUESTION NO: 842 Which of the following OSI layers provides routing and related services? A. Network B. Presentation C. Session D. Physical

Answer

A

Answer: A

Question 29

Q

QUESTION NO: 843 The International Standards Organization/Open Systems Interconnection (ISO/OSI) Layers does NOT have which of the following characteristics? A. Standard model for network communications B. Used to gain information from network devices such as count of packets received and routing tables C. Allows dissimilar networks to communicate D. Defines 7 protocol layers (a.k.a. protocol stacks)

Answer

A

Answer: B Explanation: Not A. “The Open System Interconnect (OSI) is a worldwide federation that works to provide international standards. “ Not C. “A protocol is a standard set of rules that determine how systems will communicate across networks. Two different systems can communicate and understand each other because they use the same protocols in spite of their differences.” Pg. 343-344 Shon Harris: CISSP All-In-One Certification Exam Guide

Question 30

Q

QUESTION NO: 844 Which of the following layers supervises the control rate of packet transfers in an Open Systems Interconnections (OSI) implementation? A. Physical B. Session C. Transport D. Network

Answer

A

Answer: C Explanation: The transport layer defines how to address the physical locations and /or devices on the network, how to make connections between nodes, and how to handle the networking of messages. It is responsible for maintaining the end-to-end integrity and control of the session. Services located in the transport layer both segment and reassemble the data from upper-layer applications and unite it onto the same data stream, which provides end-to-end data transport services and establishes a logical connection between the sending host and destination host on a network. The transport layer is also responsible for providing mechanisms for multiplexing upperlayer applications, session establishment, and the teardown of virtual circuits. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 275-276 “Transport Layer The agreement on these issues before transferring data helps provide more reliable data transfer, error detection and correction, and flow control and it optimizes network services needed to perform these tasks.” Pg. 318 – 319 Shon Harris: All-In-One CISSP Certification Guide.

Question 31

Q

QUESTION NO: 845 Which Open Systems Interconnect (OSI) layers provide Transport Control Protocol/Internet Protocol (TCP/IP) end-to-end security? A. Application and presentation B. Presentation and session C. Network and application D. Application and transport

Answer

A

Answer: B Explanation: “The Session layer (layer 5) is responsible for establishing, maintaining, and terminating communication sessions between two computers. The primary technology within layer 5 is a gateway. The following protocols operate within the Session layer: Secure Sockets Layer (SSL) Network File System (NFS) Structured Query Language (SQL) Remote Procedure Call (RPC) The presentation layer (layer 6) is responsible for transforming data received from the application layer into a format that any system following the OSI model can understand. It imposes common or standardized structure and formatting rules onto the data. The Presentation layer is also responsible for encryption and compression.” Pg. 79-80 Tittel: CISSP Study Guide.

Question 32

Q

QUESTION NO: 846 Which one of the following is a TRUE statement about the bottom three layers of the Open Systems Interconnection (OSI) Reference Model? A. They generally pertain to the characteristics of the communicating end systems. B. They cover synchronization and error control of network data transmissions. C. They support and manage file transfer and distribute process resources. D. They support components necessary to transmit network messages.

Answer

A

Answer: D Explanation: By exclusion: Not A. “The Session layer (layer 5) is responsible for establish, maintaining, and terminating communication sessions between two computers.” Pg 79 Tittel: CISSP Study Guide. Not B. “The Transport layer (layer 4) ….This layer includes mechanisms for segmentation, sequencing, error checking, controlling the flow of data, error correction and network service optimization.” Pg 79 Tittel: CISSP Study Guide. Not C. “The Application itself it is not located within this layer [Application]; rather the protocols and services required to transmit files, exchange messages, connect to remote terminals, and so on are here.” Pg. 80 Tittel: CISSP Study Guide.

Question 33

Q

QUESTION NO: 847 ICMP and IGMP belong to which layer of the OSI model? A. Datagram B. Network C. Transport D. Link

Answer

A

Answer: B Explanation: The Network layer (layer 3) is responsible for adding routing information to the data. The Network layer accepts the segment from the Transport layer and adds information to it to create a packet. The packet includes the source and destination IP addresses. T The routing protocols are located at this layer and include the following: Internet Control Message Protocol (ICMP) Routing Information Protocol (RIP) Open Shortest Path First (OSPF) Border Gateway Protocol (BGP) Internet Group Management Protocol (IGMP) Internet Protocol (IP) Internet Packet Exchange (IPX) Pg. 78 Tittel: CISSP Study Guide

Question 34

Q

QUESTION NO: 848 The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers 6 is which of the following? A. Application Layer B. Presentation Layer C. Data Link Layer D. Network Layer

Answer

A

Answer: B Explanation: “Presentation Layer (Layer 6).” Pg 81 Krutz The CISSP Prep Guide.

Question 35

Q

QUESTION NO: 849 Which OSI/ISO layer is IP implemented at? A. Session layer B. Transport layer C. Network layer D. Data link layer

Answer

A

Answer: C

Question 36

Q

QUESTION NO: 850 Which of the following security-focused protocols operates at a layer different from the others? A. Secure HTTP B. Secure shell (SSH-2) C. Secure socket layer (SSL) D. Simple Key Management for Internet Protocols (SKIP)

Answer

A

Answer: A

Question 37

Q

QUESTION NO: 851 In the OSI/ISO model, at what layer are some of the SLIP, CSLIP, PPP control functions are provided? A. Data Link B. Transport C. Presentation D. Application

Answer

A

Answer: A

Question 38

Q

QUESTION NO: 852 CORRECT TEXT ICMP and IGMP belong to which layer of the OSI Model? (Fill in the blank)

Answer

A

Answer: Network

Question 39

Q

QUESTION NO: 853 CORRECT TEXT The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers 6 is which of the following? (Fill in the blank)

Answer

A

Answer: Presentation

Question 40

Q

QUESTION NO: 854 CORRECT TEXT Which of the following OSI layers provides non-repudiation services? (Fill in the blank)

Answer

A

Answer: Application

Question 41

Q

QUESTION NO: 855 The OSI model contains seven layers. TCP/IP is generally accepted as having how many layers? A. four B. five C. six D. eight

Answer

A

Answer: A Explanation: The TCP/IP Protocol Model is similar to the OSI model, but it defines only the following four layers instead of seven: Application Layer, Host-to-Host Transport Layer, Internet Layer, Network Access or Link Layer. Pg. 84 Krutz: The CISSP Prep Guide.

Question 42

Q

QUESTION NO: 856 Which of the following layers provides end-to-end service? A. Network Layer B. Link Layer C. Transport Layer D. Presentation Layer

Answer

A

Answer: C Explanation: Session services located in the Transport Layer both segment and reassemble the data from upper-layer applications and unite it onto the same data stream, which provides end-toend data transport services and establishes a logical connection between the sending host and destination host on a network. Pg. 82 Krutz: The CISSP Prep Guide.

Question 43

Q

QUESTION NO: 857 Both TCP and UDP use port numbers of what length? A. 32 bits B. 16 bits C. 8 bits D. 4 bits

Answer

A

Answer: B

Question 44

Q

QUESTION NO: 858 Which one of the following is an effective communications error-control technique usually implemented in software? A. Redundancy check B. Packet filtering C. Packet checksum D. Bit stuffing

Answer

A

Answer: C

Question 45

Q

QUESTION NO: 859 CORRECT TEXT What is the proper term to refer to a single unit of IP data? (Fill in the blank)

Answer

A

Answer: Datagram “When the Ethernet software receives a datagram from the Internet layer, it performs the following steps: 1.) Breaks IP layer data into smaller chunks if necessary which will be in the data field of ethernet frames.” Pg. 40 Sams Teach Yourself TCP/IP in 24 hrs.

Question 46

Q

QUESTION NO: 860 What is the proper term to refer to a single unit of TCP data at the transport layer? A. TCP segment B. TCP datagram C. TCP frame D. TCP packet

Answer

A

Answer: A Explanation: The data package created at the transport layer, which encapsulates the Application layer message is called a segment if it comes from TCP/IP.” Pg. 27 Pg. 55 Casad: Sams Teach Yourself TCP/IP in 24 hrs.

Question 47

Q

QUESTION NO: 861 Each data packet is assigned the IP address of the sender and the IP address of the: A. recipient B. host C. node D. network

Answer

A

Answer: A

Question 48

Q

QUESTION NO: 862 Both TCP and UDP use port numbers of what length? A. 32 bits B. 16 bits C. 8 bits D. 4 bits

Answer

A

Answer: B Explanation: 2 to 16th power = 65,536 “TCP and UDP each have 65,536 ports”. Pg 75 Tittel: CISSP Study Guide

Question 49

Q

QUESTION NO: 863 Which of the following type of packets can *easily* be denied with a stateful packet filter? A. ICMP B. TCP C. UDP D. IP

Answer

A

Answer: B

Question 50

Q

QUESTION NO: 864 Which ports are the “Register ports”, registered by the IANA? A. Ports 128 to 255 B. Ports 1024 to 49151 C. Ports 1023 to 65535 D. Ports 1024 to 32767

Answer

A

Answer: B Explanation: * the System Ports, also known as the Well Known Ports, from 0-1023 (assigned by IANA) * the User Ports, also known as the Registered Ports, from 1024- 49151 (assigned by IANA) * the Dynamic Ports, also known as the Private or Ephemeral Ports, from 49152-65535 (never assigned)

Question 51

Q

QUESTION NO: 865 What protocol was UDP based and mainly intended to provide validation of dial up user login passwords? A. PPTP B. L2TP C. IPSec D. TACACS

Answer

A

Answer: D Explanation: The original TACACS protocol was developed by BBN for MILNET. It was UDP based and mainly intended to provide validation of dial up user login passwords. The TACACS protocol was formally specified, but the spec is not generally available.

Question 52

Q

QUESTION NO: 866 On which port is POP3 usually run? A. 110 B. 109 C. 139 D. 119

Answer

A

Answer: A

Question 53

Q

QUESTION NO: 867 The primary function of this protocol is to send messages between network devices regarding the health of the network: A. Internet Control Message Protocol (ICMP) B. Reverse Address Resolution Protocol (RARP) C. Address Resolution Protocol (AR) D. Internet Protocol (IP)

Answer

A

Answer: A

Question 54

Q

QUESTION NO: 868 Telnet and rlogin use which protocol? A. UDP B. SNMP C. TCP D. IGP

Answer

A

Answer: C

Question 55

Q

QUESTION NO: 869 The IP header contains a protocol field. If this file contains the value of 2, what type of data is contained within the IP datagram? A. TCP B. ICMP C. UDP D. IGMP

Answer

A

Answer: D Explanation: ICMP = 1 IGMP = 2 TCP = 6 UDP = 17

Question 56

Q

QUESTION NO: 870 The IP header contains a protocol field. If this field contains the value of 17, what type of data is contained within the ip datagram? A. TCP B. ICMP C. UDP D. IGMP

Answer

A

Answer: C Explanation: ICMP = 1 IGMP = 2 TCP = 6 UDP = 17

Question 57

Q

QUESTION NO: 871 Why do some sites choose not to implement Trivial File Transfer Protocol (TFTP)? A. list restrictions B. inherent security risks C. user authentication requirement D. directory restriction

Answer

A

Answer: B

Question 58

Q

QUESTION NO: 872 The IP header contains a protocol field. If this field contains the value of 6, what type of data is contained within the ip datagram? A. TCP B. ICMP C. UDP D. IGMP

Answer

A

Answer: A Explanation: ICMP = 1 TCP = 6 UDP = 17

Question 59

Q

QUESTION NO: 873 Which of the following is not a basic security service defined by the OSI? A. Routing control B. Authentication C. Data Confidentiality D. Logging and monitoring

Answer

A

Answer: D Explanation: Routing control IS defined, but no mention of Logging & Monitoring.

Question 60

Q

QUESTION NO: 874 Which of the following is not an OSI architecture-defined broad category of security standards? A. Security techniques standards B. Layer security protocol standards C. Application-specific security D. Firewall security standards

Answer

A

Answer: D

Question 61

Q

QUESTION NO: 875 Which one of the following is the Open Systems Interconnection (OSI) protocol for message handling? A. X.25 B. X.400 C. X.500 D. X.509

Answer

A

Answer: B Explanation: An ISO and ITU standard for addressing and transporting e-mail messages. It conforms to layer 7 of the OSI model and supports several types of transport mechanisms, including Ethernet, X.25, TCP/IP, and dial-up lines. - http://www.webopedia.com/TERM/X/X_400.html

Question 62

Q

QUESTION NO: 876 The IP header contains a protocol field. If this field contains the value of 1, what type of data is contained within the IP datagram? A. TCP B. ICMP C. UDP D. IGMP

Answer

A

Answer: B Explanation: ICMP = 1 IGMP = 2 TCP = 6 UDP = 17

Question 63

Q

QUESTION NO: 877 Which of the following is true? A. TCP is connection-oriented. UDP is not B. UDP provides for Error Correction. TCP does not. C. UDP is useful for longer messages D. UDP guarantees delivers of data. TCP does not guarantee delivery of data.

Answer

A

Answer: A

Question 64

Q

QUESTION NO: 878 What works as an E-mail message transfer agent? A. SMTP B. SNMP C. S-RPC D. S/MIME

Answer

A

Answer: A

Answer 65

A

Answer: B

Answer 66

A

Answer: A

Answer 67

A

Answer: A

Answer 68

A

Answer: B

Answer 69

A

Answer: B Explanation: The original answer to this question was RED however I think this is incorrect because of this reason. Both Red and MPLS deal with qos/cos issues, there by increasing speed. Mpls more so the RED. However I have not been able to find any documents that state RED is a security implementation while MPLS is heavy used in the ISP VPN market. See this link for MPLS security http://www.nwfusion.com/research/2001/0521feat2.html Below are the link that are formation of the ration for this answer of B (MPLS) Congestion avoidance algorithm in which a small percentage of packets are dropped when congestion is detected and before the queue in question overflows completely http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/r12.htm Multiprotocol Label Switching. Switching method that forwards IP traffic using a label. This label instructs the routers and the switches in the network where to forward the packets based on preestablished IP routing information http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/m12.htm Resource Reservation Protocol. Protocol that supports the reservation of resources across an IP network. Applications running on IP end systems can use RSVP to indicate to other nodes the nature (bandwidth, jitter, maximum burst, and so on) of the packet streams they want to receive. RSVP depends on IPv6. Also known as Resource Reservation Setup Protocol. http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/r12.htm Random Early Detection (RED) is the recommended approach for queue congestion management in routers (Braden et al., 1998). Although in its basic form RED can be implemented in a relatively short C program, as the speed of ports and the number of queues per port increase, the implementation moves more and more into hardware. Different vendors choose different ways to implement and support RED in their silicon implementations. The degree of programmability, the number of queues, the granularity among queues, and the calculation methods of the RED parameters all vary from implementation to implementation. Some of these differences are irrelevant to the behavior of the algorithm-and hence to the resulting network behavior. Some of the differences, however, may result in a very different behavior of the RED algorithm-and hence of the network efficiency. http://www.cisco.com/en/US/products/hw/routers/ps167/products_white_paper09186a0080091fe4. shtml Based on label swapping, a single forwarding mechanism provides opportunities for new control paradigms and applications. MPLS Label Forwarding is performed with a label lookup for an incoming label, which is then swapped with the outgoing label and finally sent to the next hop. Labels are imposed on the packets only once at the edge of the MPLS network and removed at the other end. These labels are assigned to packets based on groupings or forwarding equivalence classes (FECs). Packets belonging to the same FEC get similar treatment. The label is added between the Layer 2 and the Layer 3 header (in a packet environment) or in the virtual path identifier/virtual channel identifier (VPI/VCI) field (in ATM networks). The core network merely reads labels, applies appropriate services, and forwards packets based on the labels. This MPLS lookup and forwarding scheme offers the ability to explicitly control routing based on destination and source addresses, allowing easier introduction of new IP services. http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/xlsw_ds.htm

Answer 70

A

Answer: B

Answer 71

A

Answer: B Explanation: Adding a second router to connect between the LAN and DMZ won’t increase security, but will give them a second path to attack (in case the routers aren’t kept identically patched & configured)

Answer 72

A

Answer: B

Answer 73

A

Answer: D Explanation: The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private Internets – 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255- that are known as “global non-routable addresses.”” Pg. 94 Krutz: The CISSP Prep Guide.

Answer 74

A

Answer: A Explanation: The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private Internets – 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255- that are known as “global non-routable addresses.”” Pg. 94 Krutz: The CISSP Prep Guide.

Answer 75

A

Answer: C Explanation: The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private Internets – 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255- that are known as “global non-routable addresses.”” Pg. 94 Krutz: The CISSP Prep Guide.

Answer 76

A

Answer: C

Answer 77

A

Answer: A

Answer 78

A

Answer: A Explanation: “Ipv4 uses 32 bits for addresses, and Ipv6 uses 128 bits; thus v6 provides more possible addresses to work with.” Pg 331 Shon Harris: All-in-One CISSP Certification

Answer 79

A

Answer: D Explanation: An Ethernet address is a 48-bit address that is hard-wired into the NIC of the network node. ARP matches up the 32-bit IP address with this hardware address, which is technically referred to as the Media Access Control (MAC) address or the physical address. Pg. 87 Krutz: The CISSP Prep Guide.

Answer 80

A

Answer: B Explanation: “As with ARP, Reverse Address Resolution Protocol (RARP) frames go to all systems on the subnet, but only the RARP server responds. Once the RARP server receives this request, it looks in its table to see which IP address matches the broadcast hardware address. The server then sends a message back to the requesting computer that contains its IP address. The system now has an IP address and can function on the network.” Pg 357 Shon Harris: All-in- One CISSP Certification

Answer 81

A

Answer: D Explanation: Bastion Host: A system that has been hardened to resist attack at some critical point of entry, and which is installed on a network in such a way that it is expected to come under attack. Bastion hosts are often components of firewalls, or may be ‘outside” Web servers or public access systems. Generally, a bastion host is running some form of general purpose operating system (e.g., LNIX, VMS, WNT, etC.) rather than a ROM-based or firmware operating system. http://www.securesynergy.com/library/articles/it_glossary/glossary_b.php

Answer 82

A

Answer: C Explanation: A bastion host or screened host is just a firewall system logically positioned between a private network and an untrusted network. - Ed Tittle CISSP Study Guide (sybex) pg 93

Answer 83

A

Answer: B

Answer 84

A

Answer: C Explanation: “An application-level gateway firewall is also called a proxy firewall. A proxy is a mechanism that copies packets from one network into another; the copy process also changes the source and destination address to protect the identity of the internal or private network. An application-level gateway firewall filters traffic based on the Internet service (i.e., application) used to transmit or receive the data.” - Shon Harris All-in-one CISSP Certification Guide pg 92

Answer 85

A

Answer: A Explanation: Circuit-level proxy creates a circuit between the client computer and the server. It does not understand or care about the higher-level issues that an application-level proxy deals with. It knows the source and destinations addresses and makes access decisions based on this information…IT looks at the data within the packet header versus the data within the payload of the packet. It does not know if the contents within the packet are actually safe or not. - Shon Harris All-in-one CISSP Certification Guide pg 419-420

Answer 86

A

Answer: C

Answer 87

A

Answer: B

Answer 88

A

Answer: B

Answer 89

A

Answer: B

Answer 90

A

Answer: B

Answer 91

A

Answer: C

Answer 92

A

Answer: B

Answer 93

A

Answer: C

Answer 94

A

Answer: D

Answer 95

A

Answer: C Explanation: “Stateful Inspection Characteristics The firewall maintains a state table that tracks each and every communication channel. Frames are analyzed at all communication layers. It provides a high degree of security and does not introduce the performance hit that proxy firewalls introduce. It is scaleable and transparent to users It provides data tracking for tracking connectionless protocols such as UDP and ICMP The stat and context of the data within the packets are stored and updated continuously. It is considered a third-generation firewall.” Pg. 375 Shon Harris: All-in-One CISSP Certification Not A: “Packet filtering is the first generation firewall—that is, it was the first type that was created and used, and other types were developed fall into different generations.” Pg 373 Shon Harris: All-in- One CISSP Certification

Answer 96

A

Answer: D

Answer 97

A

Answer: C Explanation: The original answer was A (translated source destination address). I did not come across this term in my reading. Screening router A screening router is one of the simplest firewall strategies to implement. This is a popular design because most companies already have the hardware in place to implement it. A screening router is an excellent first line of defense in the creation of your firewall strategy. It’s just a router that has filters associated with it to screen outbound and inbound traffic based on IP address and UDP and TCP ports.

Answer 98

A

Answer: D Explanation: This is a sort of iffy question. Hardware allows faster performance then software and does not need to utilize an underlying OS to make the security software operate. (An example is PIX firewall vs checkpoint). The meantime to failure answer to me is ok but the hardware that the software security also has a MTFF. A few people looked over this question and had no problem with the answer of B (meantime to failure question) but as I looked into it I have picked D. MTTF is typical the time to failure. “MTFF is the expected typical functional lifetime of the device given a specific operating environment” (- Ed Tittle CISSP Study Guide (sybex) pg 657). This leads me to think that this question says hardware has a SHORTER lifespan then software. Thus I am going to have to go with D (higher performance). This can be because of ASICs. As always uses your best judgment, knowledge and experience on this question. Below are some points of view. Few things to consider when deploying software based firewall: Patching OS or firewall software could bring down firewall or open additional holes OS Expertise vs. firewall expertise (you may need two administrators). Support contract (One for hardware, one for OS, one for firewall), who do you call? Administration (One for OS and one for firewall). If your not an expert in both then forget it. High-availability (Stateful failover) (usually requires additional software and costs a lot of money). As a result it adds to support costs. Is software firewalls a bad idea it depends. Every situation is different. -Bob http://www.securityfocus.com/archive/105/322401/2003-05-22/2003-05-28/2 A software firewall application is designed to be installed onto an existing operating system running on generic server or desktop hardware. The application may or may not ‘harden’ the underlying operating system by replacing core components. Typical host operating systems include Windows NT, 2000 server or Solaris. Software firewall applications all suffer from the following key disadvantages: They run on a generic operating system that may or may not be hardened by the Firewall installation itself. A generic operating system is non-specialized and more complex than is necessary to operate the firewall. This leads to reliability problems and hacking opportunities were peripheral/unnecessary services are kept running. Generic operating systems have their own CPU and memory overheads making software based firewalls slower than their dedicated hardware counterparts. If the software firewalls uses PC hardware as the host platform, then there may be additional reliability problems with the hardware itself. Sub-optimal performance of generic hardware also affects software applications bundled with their own operating systems. There is no physical or topological separation of the firewalling activity. A dedicated hardware firewall is a software firewall application and operating system running on dedicated hardware. This means the hardware used is optimized for the task, perhaps including digital signal processors (DSPs) and several network interfaces. There may also be special hardware used to accelerate the encryption/decryption of VPN data. It may be rack mounted for easy installation into a comms’ cabinet. We recommend dedicated hardware firewalls as they offer several key advantages over software applications: Dedicated hardware is typically more reliable. Hardware firewalls are simpler, hence more secure. Hardware firewalls are more efficient and offer superior performance, especially in support of VPNs. The firewalling activity is physically and topologically distinct.

Answer 99

A

Answer: A Explanation: A firewall is a device that supports and enforces the company’s network security policy. - Shon Harris All-in-one CISSP Certification Guide pg 412

Answer 100

A

Answer: B Explanation: Session control is protected (Cisco - http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/product_data_sheet0 9186a0080117962.html) Session initialization is protected (protection against SYN attacks/DoS) Session termination is protected – they terminate idle connection so they don’t consume resources So, by the process of elimination, the correct answer is ‘session support’.

Answer 101

A

Answer: A

Answer 102

A

Answer: A

Answer 103

A

Answer: D Explanation: “IPSec can work in one of two modes: transport mode, where the payload of the message is protected, and tunnel mode, where the payload and the routing and header information is protected.” Pg 527 Shon Harris: All-in-One CISSP Certification Not:” Encapsulating Security Payload (ESP) authentication must be used” “IPSec is not a strict protocol that dictates the type of algorithm, keys, and authentication method to be used, but it is an open, modular framework that provides a lot of flexibility for companies when they choose to use this type of technology. IPSec uses two basic security protocols: Authentication Header (AH) and the Encapsulating Security Payload (ESP). AH is the authenticating protocol, and ESP is an authenticating and encrypting protocol that uses cryptographic mechanisms to provide source authentication, confidentiality, and message integrity.” Pg 527 Shon Harris: All-in-One CISSP Certification

Answer 104

A

Answer: A

Answer 105

A

Answer: B Explanation: “IPSec uses two basic security protocols: Authentication Header (AH) and the Encapsulating Security Payload (ESP).” pg 575 Shon Harris CISSP All-In-One Certification Exam Guide

Answer 106

A

Answer: B,C

Answer 107

A

Answer: D

Answer 108

A

Answer: B Explanation: “Encapsulating Security Payload (ESP). AH is the authenticating protocol and ESP is an authenticating and encrypting protocol that uses cryptographic mechanisms to provide source authentication, confidentiality, and message integrity.” Pg 575 Shon Harris CISSP All-In- One Certification Exam Guide

Answer 109

A

Answer: A Explanation: “Socks Proxy Server Characteristics Circuit-level proxy server Requires clients to be SOCKS-fied with SOCKS client software Mainly used for outbound Internet access and virtual private network (VPN) functionality Can be resource-intensive Provides authentication and encryption features to other VPN protocols, but not considered a traditional VPN protocol” Pg. 422 Shon Harris CISSP All-In-One Certification Exam Guide Reference: The SOCKS is an example of a circuit-level proxy gateway that provides a secure channel between two computers. pg. 379 Shon Harris CISSP

Answer 110

A

Answer: D Explanation: “SOCKS is an example of a circuit-level proxy gateway that provides a secure channel between two computers. When a SOCKS-enabled client sends a request to a computer on the Internet, this request actually goes to the network’s SOCKS proxy server…” pg 379 Shon Harris: All-in-One CISSP Certification

Answer 111

A

Answer: A Explanation: The major functional groups of protocols and methods are the Application Layer, the Transport Layer, the Internet Layer, and the Link Layer (RFC 1122). It should be noted that this model was not intended to be a rigid reference model into which new protocols have to fit in order to be accepted as a standard.

Answer 112

A

Answer: B

Answer 113

A

Answer: A

Answer 114

A

Answer: B Explanation: “Client Authentication using Digital IDs Enable access by certificates

Answer 115

A

Answer: A Explanation: Secure Sockets Layer (SSL). An encryption technology that is used to provide secure transactions such as the exchange of credit card numbers. SSL is a socket layer security protocol and is a two-layered protocol that contains the SSL Record Protocol and the SSL Handshake Protocol. Similiar to SSH, SSL uses symmetric encryption for private connections and asymmetric or public key cryptography (certificates) for peer authentication. It also uses a Message Authentication Code for message integrity checking. Krutz: The CISSP Prep Guide pg. 89. It prevents a man in the middle attack by confirming that you are authenticating with the server desired prior entering your user name and password. If the server was not authenticated, a man-in-the-middle could retrieve the username and password then use it to login. The SSL protocol has been known to be vulnerable to some man-in-the-middle attacks. The attacker injects herself right at the beginning of the authentication phase so that she obtains both parties’ keys. This enables her to decrypt and view messages that were not intended for her. Using digital signatures during the session-key exchange can circumvent the man-in-the-middle attack. If using kerberos, when Lance and Tanya obtain each other’s public keys from the KDC, the public keys are signed by the KDC. Because Tanya and Lanace have the public key of the KDC, they both can decrypt and verify the signature on each other’s public key and be sure that it came from the KDC itself. Because David does not have the private key of the KDC, he cannot substitute his pubic key during this type of transmission. Shon Harris All-In-One CISSP Certification pg. 579. One of the most important pieces a PKI is its public key certificate. A certificate is the mechanism used to associate a public key with a collection of components sufficient to uniquely authenticate the claimed owner. Shon Harris All-In-One CISSP Certification pg. 540.

Answer 116

A

Answer: A

Answer 117

A

Answer: D Explanation: This is a question that I disagreed with. The premises that SSH does use RSA and 3DES, thus susceptible to cryptographic attack (namely birthday attach) has merit but I think the answer is more simple, in that you SSH cant protect against a compromised source/destination. You can safely rule out spoofing and manipulation (that is the job of ssh to protect the transmission). Original answer was C birthday attack. Use your best judgment based on knowledge and experience. The use of ssh helps to correct these vulnerabilities. Specifically, ssh protects against these attacks: IP spoofing (where the spoofer is on either a remote or local host), IP source routing, DNS spoofing, interception of cleartext passwords/data and attacks based on listening to X authentication data and spoofed connections to an X11 server. http://wwwarc. com/sara/cve/SSH_vulnerabilities.html Birthday attack - Usually applied to the probability of two different messages using the same hash function that produces a common message digest; or given a message and its corresponding message digest, finding another message that when passed through the same hash function generates the same specific message digest. The term “birthday” comes from the fact that in a room with 23 people, the probability of two people having the same birthday is great than 50 percent. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 212

Answer 118

A

Answer: A

Answer 119

A

Answer: B Explanation: Active attacks find identities by being a man-in-the-middle or by replacing the responder in the negotiation. The attacker proceeds through the key negotiation with the attackee until the attackee has revealed its identity. In a well-designed system, the negotiation will fail after the attackee has revealed its identity because the attacker cannot spoof the identity of the originally-intended system. The attackee might then suspect that there was an attack because the other side failed before it gave its identity. Therefore, an active attack cannot be persistent because it would prevent all legitimate access to the desired IPsec system. http://msgs.securepoint.com/cgi-bin/get/ipsec-0201/18.html Not C: Traffic analysis is a good attack but not the most effective as it is passive in nature, while Man in the middle is active.

Answer 120

A

Answer: B

Answer 121

A

Answer: B

Answer 122

A

Answer: D Explanation: “The following are the three most common VPN communications protocol standards: Point-to-Point Tunneling Protocol(PPTP). PPTP works at the Data Link Layer of the OSI model. Designed for individual client to server connections, it enables only a single point-to-point connection per session. This standard is very common with asynchronous connections that use Win9x or NT clients. PPTP uses native Point-to-Point Protocol (PPP) authentication and encryption services. Layer 2 Tunneling Protocol (L2TP). L2TP is a combination of PPTP and the earlier Layer 2 Forwarding (L2F) Protocol that works at the Data Link Layer like PPTP. It has become an accepted tunneling standard for VPN’s. In fact, dial-up VPNs use this standard quite frequently. Like PPTP, this standard was designed for single point-to-point client to server connections. Not that multiple protocols can be encapsulated within the L2TP tunnel, but do not use encryption like PPTP. Also, L2TP supports TACACS+ and RADIUS, but PPTP does not. IPSEC. IPSec operates at the Network Layer and it enables multiple and simultaneous tunnels, unlike the single connection of the previous standards. IPSec has the functionality to encrypt and authenticate IP data. It is built into the new Ipv6 standard, and is used as an add-on to the current Ipv4. While PPTP and L2TP are aimed more at dial-up VPNs, IPSec focuses more on network-tonetwork connectivity.” Pg. 123-125 Krutz: The CISSP Prep Guide: Gold Edition.

Answer 123

A

Answer: B Explanation: A SYN attack occurs when an attacker exploits the use of the buffer space during a Transmission Control Protocol (TCP) session initialization handshake. The attacker floods the target system’s small “in-process” queue with connection requests, but it does not respond when a target system replies to those requests. This causes the target system to time out while waiting for the proper response, which makes the system crash or become unusable. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 103 “In a SYN flood attack, hackers use special software that sends a large number of fake packets with the SYN flag set to the targeted system. The victim then reserves space in memory for the connection and attempts to send the standard SYN/ACK reply but never hears back from the originator. This process repeats hundreds or even thousands of times, and the targeted computer eventually becomes overwhelmed and runs out of available resources for the half-opened connections. At that time, it either crashes or simply ignores all inbound connection requests because it can’t possibly handle any more half-open connections.”

Answer 124

A

Answer: B Explanation: This reference is close to the one listed DNS poisoning is the correct answer however, Harris does not say the name when describing the attack but later on the page she state the following. This is how DNS DOS attack can occur. If the actual DNS records are unattainable to the attacker for him to alter in this fashion, which they should be, the attacker can insert this data into the cache of there server instead of replacing the actual records, which is referred to as cache poisoning. - Shon Harris All-in-one CISSP Certification Guide pg 795

Answer 125

A

Answer: C Explanation: Reference “This paper is for those who want a practical approach to writing buffer overflow exploits. As the title says, this text will teach you how to write these exploits in Perl. There are reasons why we construct the buffer this way. First we have a lot of NOPs, then the shellcode (which in this example will execute /bin/sh), and at last the ESP + offset values.” http://hackersplayground.org/papers/perl-buffer.txt

Answer 126

A

Answer: D Reference: “TCP Port 5000 Buffer Overflow Attack The attack on Port 5000 was part of this scan pattern Mar 14, 2004 15:58:17.837 - (TCP) 68.144.13.102 : 2282 >>> 192.168.1.36 : 2745 Mar 14, 2004 15:58:17.857 - (TCP) 68.144.13.102 : 2283 >>> 68.144.193.246 : 135 Mar 14, 2004 15:58:17.887 - (TCP) 68.144.13.102 : 2284 >>> 192.168.1.38 : 1025 Mar 14, 2004 15:58:17.907 - (TCP) 68.144.13.102 : 2285 >>> 68.144.193.246 : 445 Mar 14, 2004 15:58:17.938 - (TCP) 68.144.13.102 : 2286 >>> 192.168.1.36 : 3127 Mar 14, 2004 15:58:17.958 - (TCP) 68.144.13.102 : 2287 >>> 68.144.193.246 : 6129 Mar 14, 2004 15:58:17.988 - (TCP) 68.144.13.102 : 2288 >>> 68.144.193.246 : 139 Mar 14, 2004 15:58:18.008 - (TCP) 68.144.13.102 : 2289 >>> 192.168.1.36 : 5000 Mar 14, 2004 15:58:29.164 - (TCP) 68.144.13.102 : 1442 >>> 68.144.193.246 : 1981 Mar 14, 2004 15:58:33.470 - (TCP) 68.144.13.102 : 1442 >>> 68.144.193.246 : 1981 Mar 14, 2004 15:58:39.288 - (TCP) 68.144.13.102 : 1442 >>> 68.144.193.246 : 1981 The attack appears to be a buffer overfull attack on the Plug and Play service on TCP Port 5000, which likely contains instructions to download and execute the rest of the worm. TCP Connection Request —- 14/03/2004 15:40:57.910 68.144.193.124 : 4560 TCP Connected ID = 1 —- 14/03/2004 15:40:57.910 Status Code: 0 OK 68.144.193.124 : 4560 TCP Data In Length 697 bytes MD5 = 19323C2EA6F5FCEE2382690100455C17 —- 14/03/2004 15:40:57.920 0000 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 0010 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 0020 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 0030 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 0040 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 0050 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 0060 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 0070 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 0080 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 0090 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 00A0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 00B0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 00C0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 00D0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 00E0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 00F0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 0100 90 90 90 90 90 90 90 90 90 90 90 90 4D 3F E3 77 …………M?.w 0110 90 90 90 90 FF 63 64 90 90 90 90 90 90 90 90 90 …..cd……… 0120 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ……………. 0130 90 90 90 90 90 90 90 90 EB 10 5A 4A 33 C9 66 B9 ……….ZJ3.f. 0140 66 01 80 34 0A 99 E2 FA EB 05 E8 EB FF FF FF 70 f..4………..p 0150 99 98 99 99 C3 21 95 69 64 E6 12 99 12 E9 85 34 …..!.id……4 0160 12 D9 91 12 41 12 EA A5 9A 6A 12 EF E1 9A 6A 12 ….A….j….j. 0170 E7 B9 9A 62 12 D7 8D AA 74 CF CE C8 12 A6 9A 62 …b….t……b 0180 12 6B F3 97 C0 6A 3F ED 91 C0 C6 1A 5E 9D DC 7B .k…j?…..^..{ 0190 70 C0 C6 C7 12 54 12 DF BD 9A 5A 48 78 9A 58 AA p….T….ZHx.X. 01A0 50 FF 12 91 12 DF 85 9A 5A 58 78 9B 9A 58 12 99 P…….ZXx..X.. 01B0 9A 5A 12 63 12 6E 1A 5F 97 12 49 F3 9A C0 71 E5 .Z.c.n._..I…q. 01C0 99 99 99 1A 5F 94 CB CF 66 CE 65 C3 12 41 F3 9D …._…f.e..A.. 01D0 C0 71 F0 99 99 99 C9 C9 C9 C9 F3 98 F3 9B 66 CE .q…………f. 01E0 69 12 41 5E 9E 9B 99 9E 24 AA 59 10 DE 9D F3 89 i.A^….$.Y….. 01F0 CE CA 66 CE 6D F3 98 CA 66 CE 61 C9 C9 CA 66 CE ..f.m…f.a…f. 0200 65 1A 75 DD 12 6D AA 42 F3 89 C0 10 85 17 7B 62 e.u..m.B……{b 0210 10 DF A1 10 DF A5 10 DF D9 5E DF B5 98 98 99 99 ………^…… 0220 14 DE 89 C9 CF CA CA CA F3 98 CA CA 5E DE A5 FA …………^… 0230 F4 FD 99 14 DE A5 C9 CA 66 CE 7D C9 66 CE 71 AA ……..f.}.f.q. 0240 59 35 1C 59 EC 60 C8 CB CF CA 66 4B C3 C0 32 7B Y5.Y.`….fK..2{ 0250 77 AA 59 5A 71 62 67 66 66 DE FC ED C9 EB F6 FA w.YZqbgff……. 0260 D8 FD FD EB FC EA EA 99 DA EB FC F8 ED FC C9 EB ……………. 0270 F6 FA FC EA EA D8 99 DC E1 F0 ED C9 EB F6 FA FC ……………. 0280 EA EA 99 D5 F6 F8 FD D5 F0 FB EB F8 EB E0 D8 99 ……………. 0290 EE EA AB C6 AA AB 99 CE CA D8 CA F6 FA F2 FC ED ……………. 02A0 D8 99 FB F0 F7 FD 99 F5 F0 EA ED FC F7 99 F8 FA ……………. 02B0 FA FC E9 ED 99 0D 0A 0D 0A ……… “

Answer 127

A

Answer: A Explanation: Sniffing is the action of capture / monitor the traffic going over the network. Because, in a normal networking environment, account and password information is passed along Ethernet in clear-text, it is not hard for an intruder to put a machine into promiscuous mode and by sniffing, compromise all the machines on the net by capturing password in an illegal fashion.

Answer 128

A

Answer: D Explanation: SPAM - The term describing unwanted email, newsgroup, or discussion forum messages. Spam can be innocuous as an advertisement from a well-meaning vendor or as malignant as floods or unrequested messages with viruses or Trojan horses attached SYN Flood Attack - A type of DoS. A Syn flood attack is waged by not sending the final ACK packet, which breaks the standard three-way handshake used by TCP/IP to initiate communication sessions. Ping of death attack - A type of DoS. A ping of death attack employs an oversized ping packet. Using special tools, an attacker can send numerous oversized ping packets to a victim. In many cases, when the victimized system attempts to process the packets, an error occurs causing the system to freeze, crash, or reboot. Macro Viruses - A virus that utilizes crude technologies to infect documents created in the Microsoft Word environment. - Ed Tittle CISSP Study Guide

Answer 129

A

Answer: B Explanation: “[SYN Flood] Attackers can take advantage of this design flaw by continually sending the victim SYN messages with spoofed packets. The victim will commit the necessary resources to setup this communication socket, and it will send its SYN/ACK message waiting for the ACK message in return. However, the victim will never receive the ACK message, because the packet is spoofed, and victim system sent the SYN/ACK message to a computer that does not exist. So the victim system receives a SYN message, add it dutifully commits the necessary resources to setup a connection with another computer. This connection is queued waiting for the ACK message, and the attacker sends another SYN message. The victim system does what is supposed to can commits more resources, sends the SYN/ACK message, and queues this connection. This may only need to happen a dozen times before the victim system no longer has the necessary resources to open up another connection. This makes the victim computer unreachable from legitimate computers, denying other systems service from the victim computer.” Pg. 735 Shon Harris CISSP All-In-One Exam Guide

Answer 130

A

Answer: D Explanation: Flaw exploitation attacks exploit a flaw in the target system’s software in order to cause a processing failure or to cause it to exhaust system resources. An example of such a processing failure is the ‘ping of death’ attack. This attack involved sending an unexpectedly large ping packet to certain Windows systems. The target system could not handle this abnormal packet, and a system crash resulted. With respect to resource exhaustion attacks, the resources targeted include CPU time, memory, disk space, space in a special buffer, or network bandwidth. In many cases, simply patching the software can circumvent this type of DOS attack.

Answer 131

A

Answer: D Explanation: The problem is that most users do not request to connect to DNS names or even URLs, they follow hyperlinks… But, whereas DNS names are subject to “DNS spoofing” (whereby a DNS server lies about the internet address of a server) so too are URLs subject to what I call “hyperlink spoofing” or “Trojan HTML”, whereby a page lies about an URLs DNS name. Both forms of spoofing have the same effect of steering you to the wrong internet site, however hyperlink spoofing is technically much easier than DNS spoofing. http://www.brd.ie/papers/sslpaper/sslpaper.html

Answer 132

A

Answer: D Explanation: Another form of attack is called the distributed denial of service (DDOS). A distributed denial of service occurs when the attacker compromises several systems and uses them as launching platforms against on or more victims. - Ed Tittle CISSP Study Guide (sybex) pg 51

Answer 133

A

Answer: B Explanation: “Network Address Hijacking. It might be possible for an intruder to reroute data traffic from a server or network device to a personal machine, either by device address modification or network address “hijacking.” This diversion enables the intruder to capture traffic to and from the devices for data analysis or modification or to steal the password file from the server and gain access to user accounts. By rerouting the data output, the intruder can obtain supervisory terminal functions and bypass the system logs.”

Answer 134

A

Answer: B Explanation: The problem is that most users do not request to connect to DNS names or even URLs, they follow hyperlinks… But, whereas DNS names are subject to “DNS spoofing” (whereby a DNS server lies about the internet address of a server) so too are URLs subject to what I call “hyperlink spoofing” or “Trojan HTML”, whereby a page lies about an URLs DNS name. Both forms of spoofing have the same effect of steering you to the wrong internet site, however hyperlink spoofing is technically much easier than DNS spoofing. http://www.brd.ie/papers/sslpaper/sslpaper.html

Answer 135

A

Answer: C

Answer 136

A

Answer: B Explanation: Another form of DoS. A distributed denial of service occurs when the attacker compromises several systems to be used as launching platforms against one or more victims. The compromised systems used in the attacks are often called claves or zombies. A DDoS attack results in the victims being flooded with data from numerous sources. - Ed Tittle CISSP Study Guide (sybex) pg 693

Answer 137

A

Answer: D Explanation: “Because a network-based IDS reviews packets and headers, it can also detect denial of service (DoS) attacks.” Pg. 64 Krutz: The CISSP Prep Guide Not A or B: “The following sections discuss some of the possible DoS attacks available. Smurf Fraggle SYN Flood Teardrop DNS DoS Attacks”

Answer 138

A

Answer: B Explanation: “Traffic analysis and trend analysis are forms of monitoring that examine the flow of packets rather than the actual content of packets. Traffic and trend analysis can be used to infer a large amount of information, such as primary communication routes, sources of encrypted traffic, location of primary servers, primary and backup communication pathways, amount of traffic supported by the network, typical direction of traffic flow, frequency of communications, and much more.” Pg 429 Tittel: CISSP Study Guide

Answer 139

A

Answer: D

Answer 140

A

Answer: B

Answer 141

A

Answer: B

Answer 142

A

Answer: C Explanation: Denial of Service is an attack on the operating system or software using buffer overflows. The result is that the target is unable to reply to service requests. This is too a large an area of information to try to cover here, so I will limit my discussion to the types of denial of service (DoS) attacks:

Answer 143

A

Answer: C Explanation: Ping of Death – This exploit is based on the fragmentation implementation of IP whereby large packets are reassembled and can cause machines to crash. ‘Ping of Death takes advantage of the fact that it is possible to send an illegal ICMP Echo packet with more than the allowable 65, 507 octets of data because of the way fragmentation is performed. A temporary fix is block ping packets. Ideally, an engineer should secure TCP/IP from overflow when reconstructing IP fragments.

Answer 144

A

Answer: C Explanation: Land.c. attack – Attacks an established TCP connection. A program sends a TCP SYN packet giving the target host address as both the sender and destination using the same port causing the OS to hang.

Answer 145

A

Answer: A Explanation: Teardrop attack - This is based on the fragmentation implementation of IP whereby reassembly problems can cause machines to crash. The attack uses a reassembly bug with overlapping fragments and causes systems to hang or crash. It works for any Internet Protocol type because it hits the IP layer itself. Engineers should turn off directed broadcast capability.

Answer 146

A

Answer: D Explanation: SMURF attack – This attack floods networks with broadcast traffic so that the network is congested. The perpetrator sends a large number of spoofed ICMP (Internet Control Message Protocol) echo requests to broadcast addresses hoping packets will be sent to the spoofed addresses. You need to understand the OSI model and how protocols are transferred between layer 3 and layer 2 to understand this attack. The layer 2 will respond to the ICMP echo request with an ICMP echo reply each time, multiplying the traffic by the number of hosts involved. Engineers should turn off broadcast capability (if possible in your environment) to deter this kind of attack.

Answer 147

A

Answer: D Explanation: Spamming – Involves repeatedly sending identical e-message to a particular address. It is a variant of bombing, and is made worse when the recipient replies – i.e. recent cases where viruses or worms were attached to the e-mail message and ran a program that forwarded the message from the reader to any one on the user’s distribution lists. This attack cannot be prevented, but you should ensure that entrance and exit of such mail is only through central mail hubs.

Answer 148

A

Answer: B

Answer 149

A

Answer: B Explanation: “The Land denial of service attack causes many older operating systems (such as Windows NT 4, Windows 95, and SunOS 4.1.4) to freeze and behave in an unpredictable manner. It works by creating an artificial TCP packet that has the SYN flag set. The attacker set the destination IP address to the address of the victim machine and the destination port to an open port on that machine. Next, the attacker set the source IP address and source port to the same values as the destination IP address and port. When the targeted host receives this unusual packet, the operating system doesn’t know how to process it and freezes, crashes, or behaves in an unusual manner as a result.” Pg 237 Tittel: CISSP Study Guide

Answer 150

A

Answer: C Explanation: Trojan Horse attacks - This attack involves a rogue, Trojan horse application that has been planted on an unsuspecting user’s workstation. The Trojan horse waits until the user submits a valid PIN from a trusted application, thus enabling usage of the private key, and then asks the smartcard to digitally sign some rogue data. The operation completes but the user never knows that their private key was just used against their will.

Answer 151

A

Answer: D Explanation: The weakest point in the communication based on asymmetric encryption is the knowledge about the real owners of keys. Somebody evil could generate a key pair, give the public key away and tell everybody, that it belongs to somebody else. Now, everyone believing it will use this key for encryption, resulting in the evil man being able to read the messages. If he encrypts the messages again with the public key of the real recipient, he will not be easily recognized. This sort of attack is called ``man-in-the-middle’’ attack and can only be prevented by making sure, public keys really belong to the one being designated as owner.

Answer 152

A

Answer: D

Answer 153

A

Answer: C Explanation: Traffic analysis, which is sometimes called trend analysis, is a technique employed by an intruder that involves analyzing data characteristics (message length, message frequency, and so forth) and the patterns of transmissions (rather than any knowledge of the actual information transmitted) to infer information that is useful to an intruder) . -Ronald Krutz The CISSP PREP Guide (gold edition) pg 323

Answer 154

A

Answer: A Explanation: Zone transfer is method that DNS uses to transfer zone information between servers. In some un-secure DNS installations zone transfers are allowed to un-trusted DNS servers. This allows the hacker to determine internal host names and ip addresses to provide additional information for an attack.

Answer 155

A

Answer: B Explanation: In telecommunications Telecommunication the local loop is the wiring between the central office and the customer’s premises demarcation point. The telephony local loop connection is typically a copper twisted pair carrying current from the central office to the customer premises and back again. Individual local loop telephone lines are connected to the local central office or to a remote concentrator. Local loop connections can be used to carry a range of technologies, including: Analog Voice ISDN DSL

Answer 156

A

Answer: C

Answer 157

A

Answer: B Explanation: The potential for fraud to occur in voice telecommunications equipment is a serious threat. PBX’s (Private Branch Exchange) are telephone switches used within state agencies to allow employees to make out-going and receive in- coming phone calls. These PBX’s can also provide connections for communications between personal computers and local and wide area networks. Security measures must be taken to avoid the possibility of theft of either phone service or information through the telephone systems. Direct Inward System Access (DISA) is the ability to call into a PBX, either on an 800 number or a local dial-in, and by using an authorization code, gain access to the long distance lines and place long distance calls through the PBX http://www.all.net/books/Texas/chap10.html

Answer 158

A

Answer: D

Answer 159

A

Answer: C

Answer 160

A

Answer: D Explanation: The name “TDMA”( Time Division Multiple Access) is also used to refer to a specific second generation mobile phone standard - more properly referred to as IS-136, which uses the TDMA technique to timeshare the bandwidth of the carrier wave. It provides between 3 to 6 times the capacity of its predecessor AMPS, and also improved security and privacy. In the United States, for example, AT&T Wireless uses the IS-136 TDMA standard. Prior to the introduction of IS-136, there was another TDMA North American digital cellular standard called IS-54(which was also referred to just as “TDMA”).

Answer 161

A

Answer: B

Brainscape's Knowledge GenomeTM

Telecommunications, Network, and Internet Security Flashcards

Brainscape's Knowledge Genome^TM