Telecommunications, Network, and Internet Security Flashcards Preview

CISSP > Telecommunications, Network, and Internet Security > Flashcards

Flashcards in Telecommunications, Network, and Internet Security Deck (161)
Loading flashcards...
1
Q

Frame-relay uses a public switched network to provide:
A. Local Area Network (LAN) connectivity
B. Metropolitan Area Network (MAN) connectivity
C. Wide Area Network (WAN) connectivity
D. World Area Network (WAN) connectivity

A

Answer: C
Explanation:

2
Q
Which of the following technologies has been developed to support TCP/IP networking over low speed serial interfaces?  
A. ISDN 
B. SLIP 
C. xDSL 
D. T1
A

Answer: B
Explanation: SLIP, Serial Line IP, is a currently a de facto standard, commonly used for point-to-point serial connections running TCP/IP.
Reference: http://tools.ietf.org/html/rfc1055

3
Q
Which of the following provide network redundancy in a local network environment?  
A. Mirroring 
B. Shadowing 
C. Dual backbones 
D. Duplexing
A

Answer: C
Explanation:

4
Q
Which of the following is a Wide Area Network that was originally funded by the Department of Defense, which uses TCP/IP for data interchange?  
A. the Internet 
B. the Intranet 
C. the Extranet 
D. The Ethernet
A

Answer: A
Explanation:

5
Q

Internet specifically refers to the global network of:
A. public networks and Internet Service Providers (ISPs) throughout the world
B. private networks and Internet Services Providers (ISPs) through the world
C. limited networks and Internet Service Providers (ISPs) throughout the world
D. point networks and Internet Service Providers (ISPs) throughout the world

A

Answer: A
Explanation:

6
Q
To improve the integrity of asynchronous communications in the realm of personal computers, the Microcom Networking Protocol (MNP) uses a highly effective communications error-control technique known as    
A. Cyclic redundancy check. 
B. Vertical redundancy check. 
C. Checksum. 
D. Echoplex.
A

Answer: D
Explanation:

7
Q

Organizations should consider which of the following first before connecting their LANs to the Internet?
A. plan for implementing W/S locking mechanisms
B. plan for protecting the modem pool
C. plan for providing the user with his account usage information
D. plan for considering all authentication options

A

Answer: D
Explanation:

8
Q
Which xDSL flavour delivers both downstream and upstream speeds of 1.544 Mbps over two copper twisted pairs?  
A. HDSL 
B. SDSL 
C. ADSL 
D. VDSL
A

Answer: A
Explanation: HDSL – High-Data-Rate Digital Subscriber Line – 1.544 Mbps each way over 2 copper twisted pair (http://www.cisco.com/en/US/tech/tk175/tk318/tsd_technology_support_protocol_home.html)

9
Q
Which of the following statements pertaining to Asynchronous Transfer Mode (ATM) is false?  
A. It can be used for voice 
B. It can be used for data 
C. It carries various sizes of packets 
D. It can be used for video
A

Answer: C
Explanation: “Asynchronous transfer mode (ATM) is a cell-switching technology, as opposed to a packet-switching technology like Frame Relay. ATM uses virtual circuits much like Frame Relay, but because it uses fixed-size frames or cells, it can guarantee throughput. This makes ATM an excellent WAN technology for voice and video conferencing.” Pg 87 Tittel: CISSP Study Guide

10
Q

Satellite communications are easily intercepted because__
A. transmissions are continuous 24 hours per day.
B. a satellite footprint is narrowly focused.
C. a satellite footprint is very large.
D. a satellite footprint does not change.

A

Answer: C
Explanation: I think it may have to do with the footprint of the satellite. Footprint - The area of Earth with sufficient antenna gain to receive a signal from a satellite. http://www.aero.org/publications/crosslink/winter2002/backpage.html
Not A: Granted Satellites transmit but they may not do it 24x7 a

11
Q
Which one of the following protocols CANNOT be used for full duplex Wide Area Network (WAN) communications?
A. Synchronous Data Link Control (SDLC) 
B. Serial Line Internet Protocol (SLIP) 
C. Point-to-Point Protocol (PPP) 
D. High-Level Data Link Control (HDLC)
A

Answer: B
Explanation: By exclusion SLIP is the correct answer.
Note: Serial Line Internet Protocol (SLIP) is an older technology developed to support TCP/IP communications over asynchronous serial connections, such as serial cables or modem dial-up. Pg 96. Tittel: CISSP Study Guide. SLIP is serial protocol opposed to WAN protocol.
Not SDLC: SDLC is full duplex. “SDLC was developed to enable mainframes to communicate with remote locations.” Pg 456 Shon Harris CISSP Certification Exam Guide. This is a WAN protocol.
Not C. “PPP is a full-duplex protocol that provides bi-directional links over synchronous, asynchronous, ISDN, frame relay and SONET connections.” Pg. 472 Shon Harris CISSP All-In-One Certification Exam Guide. PPP is full-duplex.
Not D. “HDLC is an extension of SDLC, which is mainly used in SNA environments. HDLC provides high throughput because it supports full-duplex transmissions and is used in point-to-point and multipoint connections.” Pg 456 Shon Harris CISSP All-In-One Certification Exam Guide. PPP is full-duplex.

12
Q
Fast ethernet operates at which of the following?  
A. 10 Mbps 
B. 100 Mbps 
C. 1000 Mbps 
D. All of the above
A

Answer: B
Explanation: “Fast Ethernet 100Mbps – IEE 802.3u” pg 810 Shon Harris CISSP All-In-One Exam Guide

13
Q

Which of the following statements about the “Intranet” is NOT true?
A. It is an add-on to a local area network.
B. It is unrestricted and publicly available.
C. It is usually restricted to a community of users
D. it can work with MANS or WANS

A

Answer: B
Explanation: “An intranet is a ‘private’ network that uses Internet technologies, such as TCP/IP. The company has Web servers and client machines using Web browsers, and it uses the TCP/IP protocol suite. The Web pages are written in Hypertext Markup Language (HTML) or Extensible Markup Language (XML) and are accessed via HTTP.” Pg 395 Shon Harris: All-In-One CISSP Certification Guide.

14
Q
Frame relay and X.25 networks are part of which of the following?  
A. Circuit-switched services 
B. Cell-switched services 
C. Packet-switched services 
D. Dedicated digital services
A

Answer: C
Explanation: Packet-Switched Technologies: X.25 Link Access Procedure-Balanced (LAPB) Frame Relay Switched Multimegabit Data Service (SMDS) Asynchronous Transfer Mode (ATM) Voice over IP (VoIP)

15
Q

A Wide Area Network (WAN) may be privately operated for a specific user community, may support multiple communication protocols, or may provide network connectivity and services via:
A. interconnected network segments (extranets, intranets, and Virtual Private Networks)
B. interconnected network segments (extranets, internets, and Virtual Private Networks)
C. interconnected netBIOS segments (extranets, intranets, and Virtual Private Networks)
D. interconnected NetBIOS segments (extranets, interest, and Virtual Private Networks)

A

Answer: A Explanation:

16
Q
What is the proper term to refer to a single unit of Ethernet data?  
A. Ethernet segment 
B. Ethernet datagram 
C. Ethernet frame 
D. Ethernet packet
A

Answer: C
Explanation: When the Ethernet software receives a datagram from the Internet layer, it performs the following steps: 1.) Breaks IP layer data into smaller chunks if necessary which will be in the data field of ethernet frames. Pg. 40 Sams Teach Yourself TCP/IP in 24 hrs.

17
Q
Which of the following is a LAN transmission protocol? 
A. Ethernet 
B. Ring Topology 
C. Unicast 
D. Polling
A

Answer: C
Reference: “LAN Transmission Methods. LAN data is transmitted from the sender to one or more receiving stations using either a unicast, multicast, or broadcast transmission.” pg 528 Hansche: Official (ISC)2 Guide to the CISSP Exam

18
Q
Which of the following access methods is used by Ethernet?  
A. CSMA/CD 
B. CSU/DSU 
C. TCP/IP 
D. FIFO
A

Answer: A
Explanation: “Under the Ethernet CSMA/CD media-access process, any computer on a CSMA/CD LAN can access the network at any time.” Pg. 103 Krutz: The CISSP Prep Guide.

19
Q

Which one of the following data transmission technologies is NOT packet-switch based?
A. X.25
B. ATM (Asynchronous Transfer Mode)
C. CSMA/CD (Carrier Sense Multiple Access/Collision Detection)
D. Frame Relay

A

Answer: B
Explanation: “Examples of packet-switching networks are X.25, Link Access Procedure-Balanced (LAPB),
ISC CISSP Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 394
Frame Relay, Switched Multimegabit Data Systems (SMDS), Asynchronous Transfer Mode (ATM), and Voice over IP (VoIP).” Pg 146 Krutz: CISSP Prep Guide: Gold Edition. http://en.wikipedia.org/wiki/Virtual_circuit

20
Q

Unshielded (UTP) does not require the fixed spacing between connections that is:
A. necessary with telephone-type connections
B. necessary with coaxial-type connections
C. necessary with twisted pair-type connections
D. necessary with fiber optic-type connections

A

Answer: B
Explanation: “Fixed spacing between connections” is referring to the fixed-sized insulation that separates the inner wire from the shielding.

21
Q

What type of cable is used with 100Base-TX Fast Ethernet?
A. Fiber-optic cable
B. Four pairs of Category 3, 4, or 5 unshielded twisted-pair (UTP) wires.
C. Two pairs of Category 5 unshielded twisted-pair (UTP) or Category 1 shielded twisted-pair (STP) wires
D. RG-58 Cable

A

Answer: C
Explanation:

22
Q
Which cable technology refers to the CAT 3 and Cat5 Categories?  
A. Coaxial cables 
B. Fiber Optic cables 
C. Axial cables 
D. Twisted Pair cables
A

Answer: D
Explanation:

23
Q
On which Open System Interconnection (OSI) Reference Model layer are repeaters used as communications transfer devices?    
A. Data-link 
B. Physical 
C. Network 
D. Transport
A

Answer: B
Explanation: This original answer is wrong (network) repeater is physical layer. Repeaters just regenerates the signal “Hubs are multi port repeaters, and as such they obey the same rules as repeaters (See previous section OSI Operating Layer). They operate at the OSI Model Physical Layer.” http://www.thelinuxreview.com/howto/intro_to_networking/c5434.htm

24
Q
In the OSI/ISO model, at what layer are some of the SLIP, CSLIP, PPP, control functions are provided?  
A. Data Link 
B. Transport 
C. Presentation 
D. Application
A

Answer: A
Explanation:

25
Q
In the OSI/ISO model, at what level are TCP and UDP provided?  
A. Transport 
B. Network 
C. Presentation 
D. Application
A

Answer: A
Explanation: Transport Layer. …. TCP and UDP operate on this layer.’ Pg 82. Krutz: The CISSP Prep Guide.

26
Q
DNS, FTP, TFTP, SNMP are provided at what level of the OSI/ISO model?  
A. Application 
B. Network 
C. Presentation 
D. Transport
A

Answer: A
Explanation:

27
Q
Which of the following OSI layers does not provide confidentiality?  
A. Presentation 
B. Network 
C. Transport 
D. Session
A
Answer: C 
Explanation:  
1. Reference: “[Network Layer] The routing protocols are located at this layer and include the following: …..Internet Protocol Security (IPSec)”. “The following protocols operate within the Session layer: Secure Sockets Layer (SSL)”. “The Presentation layer is also responsible for encryption and compression.” Pg 61-62 Tittel: CISSP Study Guide
2. 
According to this chart: 
http://en.wikipedia.org/wiki/OSI_model 
Network - IPSEC 
Presentation – SSL/TLS 
Session – L2TP 
Transport – remains an answer.  
3. According to Shon Harris / CISSP 5th edition, SSL is at the TRANSPORT layer  
Conclusion: 
So, 3 different sources put SSL at 3 completely different layers. But using 1 of the 2 sources does get you with ‘transport’ as being the answer.
28
Q
Which of the following OSI layers provides routing and related services?  
A. Network 
B. Presentation 
C. Session 
D. Physical
A

Answer: A
Explanation:

29
Q

The International Standards Organization/Open Systems Interconnection (ISO/OSI) Layers does NOT have which of the following characteristics?
A. Standard model for network communications
B. Used to gain information from network devices such as count of packets received and routing tables
C. Allows dissimilar networks to communicate
D. Defines 7 protocol layers (a.k.a. protocol stacks)

A

Answer: B
Explanation: Not A. “The Open System Interconnect (OSI) is a worldwide federation that works to provide international standards. “ Not C. “A protocol is a standard set of rules that determine how systems will communicate across networks. Two different systems can communicate and understand each other because they use the same protocols in spite of their differences.” Pg. 343-344 Shon Harris: CISSP All-In-One Certification Exam Guide

30
Q
Which of the following layers supervises the control rate of packet transfers in an Open Systems Interconnections (OSI) implementation?    
A. Physical 
B. Session 
C. Transport 
D. Network
A

Answer: C
Explanation: The transport layer defines how to address the physical locations and /or devices on the network, how to make connections between nodes, and how to handle the networking of messages. It is responsible for maintaining the end-to-end integrity and control of the session.
Services located in the transport layer both segment and reassemble the data from upper-layer applications and unite it onto the same data stream, which provides end-to-end data transport services and establishes a logical connection between the sending host and destination host on a network. The transport layer is also responsible for providing mechanisms for multiplexing upperlayer applications, session establishment, and the teardown of virtual circuits. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 275-276
“Transport Layer The agreement on these issues before transferring data helps provide more reliable data transfer, error detection and correction, and flow control and it optimizes network services needed to perform these tasks.” Pg. 318 – 319 Shon Harris: All-In-One CISSP Certification Guide.

31
Q
Which Open Systems Interconnect (OSI) layers provide Transport Control Protocol/Internet Protocol (TCP/IP) end-to-end security?    
A. Application and presentation 
B. Presentation and session 
C. Network and application 
D. Application and transport
A

Answer: B
Explanation: “The Session layer (layer 5) is responsible for establishing, maintaining, and terminating communication sessions between two computers. The primary technology within layer 5 is a gateway. The following protocols operate within the Session layer: Secure Sockets Layer (SSL)
Network File System (NFS)
Structured Query Language (SQL)
Remote Procedure Call (RPC)
The presentation layer (layer 6) is responsible for transforming data received from the application layer into a format that any system following the OSI model can understand. It imposes common or standardized structure and formatting rules onto the data. The Presentation layer is also responsible for encryption and compression.” Pg. 79-80 Tittel: CISSP Study Guide.

32
Q

Which one of the following is a TRUE statement about the bottom three layers of the Open Systems Interconnection (OSI) Reference Model?
A. They generally pertain to the characteristics of the communicating end systems.
B. They cover synchronization and error control of network data transmissions.
C. They support and manage file transfer and distribute process resources.
D. They support components necessary to transmit network messages.

A

Answer: D
Explanation: By exclusion: Not A.
“The Session layer (layer 5) is responsible for establish, maintaining, and terminating communication sessions between two computers.” Pg 79 Tittel: CISSP Study Guide.
Not B.
“The Transport layer (layer 4) ….This layer includes mechanisms for segmentation, sequencing, error checking, controlling the flow of data, error correction and network service optimization.” Pg 79 Tittel: CISSP Study Guide.
Not C.
“The Application itself it is not located within this layer [Application]; rather the protocols and services required to transmit files, exchange messages, connect to remote terminals, and so on are here.” Pg. 80 Tittel: CISSP Study Guide

33
Q
ICMP and IGMP belong to which layer of the OSI model?  
A. Datagram 
B. Network 
C. Transport 
D. Link
A

Answer: B
Explanation: The Network layer (layer 3) is responsible for adding routing information to the data. The Network layer accepts the segment from the Transport layer and adds information to it to create a packet. The packet includes the source and destination IP addresses. T
The routing protocols are located at this layer and include the following: Internet Control Message Protocol (ICMP) Routing Information Protocol (RIP) Open Shortest Path First (OSPF) Border Gateway Protocol (BGP) Internet Group Management Protocol (IGMP) Internet Protocol (IP) Internet Packet Exchange (IPX) Pg. 78 Tittel: CISSP Study Guide

34
Q
The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers 6 is which of the following?  
A. Application Layer 
B. Presentation Layer 
C. Data Link Layer 
D. Network Layer
A

Answer: B
Explanation: “Presentation Layer (Layer 6).” Pg 81 Krutz The CISSP Prep Guide.

35
Q
Which OSI/ISO layer is IP implemented at?  
A. Session layer 
B. Transport layer 
C. Network layer 
D. Data link layer
A

Answer: C
Explanation:

36
Q

Which of the following security-focused protocols operates at a layer different from the others?
A. Secure HTTP
B. Secure shell (SSH-2)
C. Secure socket layer (SSL)
D. Simple Key Management for Internet Protocols (SKIP)

A

Answer: A
Explanation:

37
Q
In the OSI/ISO model, at what layer are some of the SLIP, CSLIP, PPP control functions are provided?  
A. Data Link 
B. Transport 
C. Presentation 
D. Application
A

Answer: A
Explanation:

38
Q

ICMP and IGMP belong to which layer of the OSI Model? (Fill in the blank)

A

Answer:

Network

39
Q

The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers 6 is which of the following? (Fill in the blank)

A

Answer: Presentation

40
Q

Which of the following OSI layers provides non-repudiation services? (Fill in the blank)

A

Answer: Application

41
Q
The OSI model contains seven layers. TCP/IP is generally accepted as having how many layers?  
A. four 
B. five 
C. six 
D. eight
A

Answer: A
Explanation: The TCP/IP Protocol Model is similar to the OSI model, but it defines only the following four layers instead of seven: Application Layer, Host-to-Host Transport Layer, Internet Layer, Network Access or Link Layer. Pg. 84 Krutz: The CISSP Prep Guide.

42
Q
Which of the following layers provides end-to-end service?  
A. Network Layer 
B. Link Layer 
C. Transport Layer 
D. Presentation Layer
A

Answer: C
Explanation: Session services located in the Transport Layer both segment and reassemble the data from upper-layer applications and unite it onto the same data stream, which provides end-toend data transport services and establishes a logical connection between the sending host and destination host on a network. Pg. 82 Krutz: The CISSP Prep Guide.

43
Q
Both TCP and UDP use port numbers of what length?  
A. 32 bits 
B. 16 bits 
C. 8 bits 
D. 4 bits
A

Answer: B
Explanation:

44
Q
Which one of the following is an effective communications error-control technique usually implemented in software?   
A. Redundancy check 
B. Packet filtering 
C. Packet checksum 
D. Bit stuffing
A

Answer: C
Explanation:

45
Q

What is the proper term to refer to a single unit of IP data? (Fill in the blank)

A

Answer:
Datagram “When the Ethernet software receives a datagram from the Internet layer, it performs the following steps: 1.) Breaks IP layer data into smaller chunks if necessary which will be in the data field of ethernet frames.” Pg. 40 Sams Teach Yourself TCP/IP in 24 hrs.

46
Q
What is the proper term to refer to a single unit of TCP data at the transport layer?  
A. TCP segment 
B. TCP datagram 
C. TCP frame 
D. TCP packet
A

Answer: A
Explanation: The data package created at the transport layer, which encapsulates the Application layer message is called a segment if it comes from TCP/IP.” Pg. 27 Pg. 55 Casad: Sams Teach Yourself TCP/IP in 24 hrs.

47
Q
Each data packet is assigned the IP address of the sender and the IP address of the:  
A. recipient 
B. host 
C. node 
D. network
A

Answer: A
Explanation:

48
Q
Both TCP and UDP use port numbers of what length?  
A. 32 bits 
B. 16 bits 
C. 8 bits 
D. 4 bits
A

Answer: B
Explanation: 2 to 16th power = 65,536
“TCP and UDP each have 65,536 ports”. Pg 75 Tittel: CISSP Study Guide

49
Q
Which of the following type of packets can *easily* be denied with a stateful packet filter?  
A. ICMP 
B. TCP 
C. UDP 
D. IP
A

Answer: B
Explanation:

50
Q
Which ports are the “Register ports”, registered by the IANA?  
A. Ports 128 to 255 
B. Ports 1024 to 49151 
C. Ports 1023 to 65535 
D. Ports 1024 to 32767
A

Answer: B
Explanation: * the System Ports, also known as the Well Known Ports, from 0-1023 (assigned by IANA) * the User Ports, also known as the Registered Ports, from 1024- 49151 (assigned by IANA) * the Dynamic Ports, also known as the Private or Ephemeral Ports, from 49152-65535 (never assigned)
Reference: http://tools.ietf.org/html/draft-ietf-tsvwg-iana-ports-10

51
Q
What protocol was UDP based and mainly intended to provide validation of dial up user login passwords?    
A. PPTP 
B. L2TP 
C. IPSec 
D. TACACS
A

Answer: D
Explanation: The original TACACS protocol was developed by BBN for MILNET. It was UDP based and mainly intended to provide validation of dial up user login passwords. The TACACS protocol was formally specified, but the spec is not generally available.

52
Q
On which port is POP3 usually run?  
A. 110 
B. 109 
C. 139 
D. 119
A

Answer: A
Explanation:

53
Q

The primary function of this protocol is to send messages between network devices regarding the health of the network:
A. Internet Control Message Protocol (ICMP)
B. Reverse Address Resolution Protocol (RARP)
C. Address Resolution Protocol (AR)
D. Internet Protocol (IP)

A

Answer: A
Explanation:

54
Q
Telnet and rlogin use which protocol?  
A. UDP 
B. SNMP 
C. TCP 
D. IGP
A

Answer: C
Explanation:

55
Q
The IP header contains a protocol field. If this file contains the value of 2, what type of data is contained within the IP datagram?  
A. TCP 
B. ICMP 
C. UDP 
D. IGMP
A

Answer: D
Explanation: ICMP = 1 IGMP = 2 TCP = 6 UDP = 17
Pg. 55 Casad: Sams Teach Yourself TCP/IP in 24 hrs.

56
Q
The IP header contains a protocol field. If this field contains the value of 17, what type of data is contained within the ip datagram?  
A. TCP 
B. ICMP 
C. UDP 
D. IGMP
A

Answer: C
Explanation: ICMP = 1 IGMP = 2 TCP = 6 UDP = 17
Pg. 55 Casad: Sams Teach Yourself TCP/IP in 24 hrs.

57
Q
Why do some sites choose not to implement Trivial File Transfer Protocol (TFTP)?
A. list restrictions 
B. inherent security risks 
C. user authentication requirement 
D. directory restriction
A

Answer: B
Explanation:

58
Q
The IP header contains a protocol field. If this field contains the value of 6, what type of data is contained within the ip datagram?  
A. TCP 
B. ICMP 
C. UDP 
D. IGMP
A

Answer: A
Explanation: ICMP = 1 TCP = 6 UDP = 17
Pg. 55 Casad: Sams Teach Yourself TCP/IP in 24 hrs.

59
Q
Which of the following is not a basic security service defined by the OSI?  
A. Routing control 
B. Authentication 
C. Data Confidentiality 
D. Logging and monitoring
A

Answer: D
Explanation: Routing control IS defined, but no mention of Logging & Monitoring.
Reference:
http://en.wikipedia.org/wiki/Security_service_(telecommunication)
And
http://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-X.800-199103-I!!PDF-E&type=items

60
Q
Which of the following is not an OSI architecture-defined broad category of security standards?  
A. Security techniques standards 
B. Layer security protocol standards 
C. Application-specific security 
D. Firewall security standards
A

Answer: D
Explanation:

61
Q
Which one of the following is the Open Systems Interconnection (OSI) protocol for message handling?    
A. X.25 
B. X.400 
C. X.500 
D. X.509
A

Answer: B
Explanation: An ISO and ITU standard for addressing and transporting e-mail messages. It conforms to layer 7 of the OSI model and supports several types of transport mechanisms, including Ethernet, X.25, TCP/IP, and dial-up lines. http://www.webopedia.com/TERM/X/X_400.html

62
Q
The IP header contains a protocol field. If this field contains the value of 1, what type of data is contained within the IP datagram?  
A. TCP 
B. ICMP 
C. UDP 
D. IGMP
A

Answer: B
Explanation: ICMP = 1 IGMP = 2 TCP = 6 UDP = 17
Pg. 55 Casad: Sams Teach Yourself TCP/IP in 24 hrs.

63
Q

Which of the following is true?
A. TCP is connection-oriented. UDP is not
B. UDP provides for Error Correction. TCP does not.
C. UDP is useful for longer messages
D. UDP guarantees delivers of data. TCP does not guarantee delivery of data.

A

Answer: A
Explanation:

64
Q
What works as an E-mail message transfer agent?  
A. SMTP 
B. SNMP 
C. S-RPC 
D. S/MIME
A

Answer: A
Explanation:

65
Q
A common way to create fault tolerance with leased lines is to group several T-1’s together with an inverse multiplexer placed:  
A. at one end of the connection 
B. at both ends of the connection 
C. somewhere between both end points 
D. in the middle of the connection
A

Answer: B
Explanation:

66
Q
Several methods provide telecommunications continuity, which of the following is a method of routing traffic through split cable or duplicate cable facilities?  
A. diverse routing 
B. alternative routing 
C. last mile circuit protection 
D. long haul network diversity
A

Answer: A
Explanation:

67
Q
Which of the following is the primary security feature of a proxy server?  
A. Client hiding 
B. URL blocking 
C. Route blocking 
D. Content filtering
A

Answer: A
Explanation:

68
Q
Which of the following Common Data Network Services is used to send and receive email internally or externally through an email gateway device?  
A. File services 
B. Mail services 
C. Print Services 
D. Client/Server services
A

Answer: B
Explanation:

69
Q

Which one of the following is a technical solution for the quality of service, speed, and security problems facing the Internet?
A. Random Early Detection (RED) queuing
B. Multi-protocol label-switching (MPLS)
C. Public Key Cryptography Standard (PKCS)
D. Resource Reservation Protocol (RSVP)

A

Answer: B Explanation: The original answer to this question was RED however I think this is incorrect because of this reason. Both Red and MPLS deal with qos/cos issues, there by increasing speed. Mpls more so the RED. However I have not been able to find any documents that state RED is a security implementation while MPLS is heavy used in the ISP VPN market. See this link for MPLS security http://www.nwfusion.com/research/2001/0521feat2.html Below are the link that are formation of the ration for this answer of B (MPLS)
Congestion avoidance algorithm in which a small percentage of packets are dropped when congestion is detected and before the queue in question overflows completely http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/r12.htm Multiprotocol Label Switching. Switching method that forwards IP traffic using a label. This label instructs the routers and the switches in the network where to forward the packets based on preestablished IP routing information http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/m12.htm Resource Reservation Protocol. Protocol that supports the reservation of resources across an IP network. Applications running on IP end systems can use RSVP to indicate to other nodes the nature (bandwidth, jitter, maximum burst, and so on) of the packet streams they want to receive. RSVP depends on IPv6. Also known as Resource Reservation Setup Protocol. http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/r12.htm Random Early Detection (RED) is the recommended approach for queue congestion management in routers (Braden et al., 1998). Although in its basic form RED can be implemented in a relatively short C program, as the speed of ports and the number of queues per port increase, the implementation moves more and more into hardware. Different vendors choose different ways to implement and support RED in their silicon implementations. The degree of programmability, the number of queues, the granularity among queues, and the calculation methods of the RED parameters all vary from implementation to implementation. Some of these differences are irrelevant to the behavior of the algorithm-and hence to the resulting network behavior. Some of the differences, however, may result in a very different behavior of the RED algorithm-and hence of the network efficiency. http://www.cisco.com/en/US/products/hw/routers/ps167/products_white_paper09186a0080091fe4. shtml
Based on label swapping, a single forwarding mechanism provides opportunities for new control paradigms and applications. MPLS Label Forwarding is performed with a label lookup for an incoming label, which is then swapped with the outgoing label and finally sent to the next hop. Labels are imposed on the packets only once at the edge of the MPLS network and removed at the other end. These labels are assigned to packets based on groupings or forwarding equivalence classes (FECs). Packets belonging to the same FEC get similar treatment. The label is added between the Layer 2 and the Layer 3 header (in a packet environment) or in the virtual path identifier/virtual channel identifier (VPI/VCI) field (in ATM networks). The core network merely reads labels, applies appropriate services, and forwards packets based on the labels. This MPLS lookup and forwarding scheme offers the ability to explicitly control routing based on destination and source addresses, allowing easier introduction of new IP services. http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/xlsw_ds.htm

70
Q

How do you distinguish between a bridge and a router?
A. The router connects two networks at the data-link layer, while bridge connects two networks at the network layer
B. The bridge connects two networks at the data-link layer, while router connects two networks at the network layer
C. It is not possible to distinguish them. They have the same functionality.

A

Answer: B
Explanation:

71
Q

Why should you avoid having two routers connect your trusted internal LAN to your demilitarized zone?
A. Network congestion might cause the routers to pass data from your private network through the demilitarized zone
B. This provides attackers with multiple paths to access your trusted network
C. There is a substantial increase in cost with only a nominal increase in security
D. You may overlook an attack on one of your routers because your data still teaches the outside world from your other router

A

Answer: B
Explanation: Adding a second router to connect between the LAN and DMZ won’t increase security, but will give them a second path to attack (in case the routers aren’t kept identically patched & configured)

72
Q

In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a Class B network?
A. The first bit of the ip address would be set to zero
B. The first bit of the ip address would be set to one and the second bit set to zero
C. The first two bits of an ip address would be set to one, and the third bit set to zero
D. The first three bits of the ip address would be set to one

A

Answer: B
Explanation:

73
Q
Which of the following is an ip address that is private (i.e. reserved for internal networks, and not a valid address to use on the internet)?  
A. 172.5.42.5 
B. 172.76.42.5 
C. 172.90.42.5 
D. 172.16.42.5
A

Answer: D
Explanation: The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private Internets – 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255- that are known as “global non-routable addresses.”” Pg. 94 Krutz: The CISSP Prep Guide.

74
Q
Which of the following is an ip address that is private (i.e. reserved for internal networks, and not a valid address to use on the internet)?  
A. 10.0.42.5 
B. 11.0.42.5 
C. 12.0.42.5 
D. 13.0.42.5
A

Answer: A
Explanation: The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private Internets – 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255- that are known as “global non-routable addresses.”” Pg. 94 Krutz: The CISSP Prep Guide.

75
Q
Which of the following is an ip address that is private (i.e. reserved for internal networks, and not a valid address to use on the internet)?  
A. 172.12.42.5 
B. 172.140.42.5 
C. 172.31.42.5 
D. 172.15.45.5
A

Answer: C
Explanation: The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private Internets – 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255- that are known as “global non-routable addresses.”” Pg. 94 Krutz: The CISSP Prep Guide.

76
Q

In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a Class C network?
A. The first bit of the ip address would be set to zero
B. The first bit of the ip address would be set to one and the second bit set to zero
C. The first two bits of the ip address would be set to one, and the third bit set to zero
D. The first three bits of the ip address would be set to one

A

Answer: C
Explanation: Pg. 80 Sams Teach Yourself TCP/IP in 24 hrs.

77
Q
Which of the following is an ip address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)?  
A. 192.168.42.5 
B. 192.166.42.5 
C. 192.175.42.5 
D. 172.1.42.5
A

Answer: A
Explanation:

78
Q
How long are IPv4 addresses:  
A. 32 bits long 
B. 64 bits long 
C. 128 bits long 
D. 16 bits long
A

Answer: A
Explanation: “Ipv4 uses 32 bits for addresses, and Ipv6 uses 128 bits; thus v6 provides more possible addresses to work with.” Pg 331 Shon Harris: All-in-One CISSP Certification

79
Q

ARP and RARP map between which of the following?
A. DNS addresses and IP addresses B. 32-bit hardware addresses and 48-bit IPv6 addresses C. 32-bit hardware addresses and 48-bit IPv4 addresses D. 32-bit addresses in IPv4 and 48-bit hardware addresses
uide.

A

Answer: D
Explanation: An Ethernet address is a 48-bit address that is hard-wired into the NIC of the network node. ARP matches up the 32-bit IP address with this hardware address, which is technically referred to as the Media Access Control (MAC) address or the physical address. Pg. 87 Krutz: The CISSP Prep G

80
Q

Which protocol matches an Ethernet address to an Internet Protocol (IP) address?
A. Address Resolution Protocol (ARP)
B. Reverse Address Resolution Protocol (RARP)
C. Internet Control Message Protocol (ICMP)
D. User Datagram Protocol (UDP)

A

Answer: B
Explanation: “As with ARP, Reverse Address Resolution Protocol (RARP) frames go to all systems on the subnet, but only the RARP server responds. Once the RARP server receives this request, it looks in its table to see which IP address matches the broadcast hardware address. The server then sends a message back to the requesting computer that contains its IP address. The system now has an IP address and can function on the network.” Pg 357 Shon Harris: All-inOne CISSP Certification

81
Q
In a typical firewall configuration, what is the central host in organization’s network security?    
A. Stateful 
B. Screen 
C. Gateway 
D. Bastion
A

Answer: D
Explanation: Bastion Host: A system that has been hardened to resist attack at some critical point of entry, and which is installed on a network in such a way that it is expected to come under
ISC CISSP Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 421
attack. Bastion hosts are often components of firewalls, or may be ‘outside” Web servers or public access systems. Generally, a bastion host is running some form of general purpose operating system (e.g., LNIX, VMS, WNT, etC.) rather than a ROM-based or firmware operating system. http://www.securesynergy.com/library/articles/it_glossary/glossary_b.php

82
Q

Which one of the following describes a bastion host?
A. A physically shielded computer located in a data center or vault.
B. A computer which maintains important data about the network.
C. A computer which plays a critical role in a firewall configuration.
D. A computer used to monitor the vulnerability of a network.

A

Answer: C
Explanation: A bastion host or screened host is just a firewall system logically positioned between a private network and an untrusted network. - Ed Tittle CISSP Study Guide (sybex) pg 93

83
Q

Which of the following statements pertaining to firewalls is incorrect?
A. Firewalls should not run NIS (Network Information Systems)
B. Firewalls should mount files systems via NFS
C. All system logs on the firewall should log to a separate host
D. Compilers should be deleted from the firewall

A

Answer: B
Explanation:

84
Q

Which is the MAIN advantage of having an application gateway?
A. To perform change control procedures for applications.
B. To provide a means for applications to move into production.
C. To log and control incoming and outgoing traffic.
D. To audit and approve changes to applications.

A

Answer: C
Explanation: “An application-level gateway firewall is also called a proxy firewall. A proxy is a mechanism that copies packets from one network into another; the copy process also changes the source and destination address to protect the identity of the internal or private network. An application-level gateway firewall filters traffic based on the Internet service (i.e., application) used to transmit or receive the data.” - Shon Harris All-in-one CISSP Certification Guide pg 92

85
Q
Which process on a firewall makes permit/deny forwarding decisions based solely on address and service port information?    
A. Circuit Proxy 
B. Stateful Packet Inspection Proxy 
C. Application Proxy 
D. Transparency Proxy
A

Answer: A
Explanation: Circuit-level proxy creates a circuit between the client computer and the server. It does not understand or care about the higher-level issues that an application-level proxy deals with. It knows the source and destinations addresses and makes access decisions based on this information…IT looks at the data within the packet header versus the data within the payload of the packet. It does not know if the contents within the packet are actually safe or not. - Shon Harris All-in-one CISSP Certification Guide pg 419-420

86
Q

A proxy based firewall has which one of the following advantages over a firewall employing stateful packet inspection?
A. It has a greater throughput.
B. It detects intrusion faster.
C. It has greater network isolation.
D. It automatically configures the rule set.

A

Answer: C
Explanation:

87
Q
Firewalls filter incoming traffic according to   
A. The packet composition. 
B. A security policy. 
C. Stateful packet rules. 
D. A security process.
A

Answer: B
Explanation:

88
Q

Application Level Firewalls create:
A. a real circuit between the workstation client and the server
B. a virtual circuit between the workstation client and the server
C. a imaginary circuit between the workstation guest and the server
D. a temporary circuit between the workstation host and the server

A

Answer: B

Explanation

89
Q

Which of the following is the biggest concern with firewall security?
A. Internal hackers
B. Complex configuration rules leading to misconfiguration
C. Buffer overflows
D. Distributed denial of service (DDOS) attacks

A

Answer: B
Explanation:

90
Q

Which of the following is true of network security?
A. A firewall is not a necessity in today’s connected world
B. A firewall is a necessity in today’s connected world
C. A whitewall is a necessity in today’s connected world
D. A black firewall is a necessity in today’s connected world

A

Answer: B
Explanation:

91
Q

Which of the following statements pertaining to firewalls is incorrect?
A. Firewall create bottlenecks between the internal and external network
B. Firewalls allow for centralization of security services in machines optimized and dedicated to the task
C. Strong firewalls can protect a network at all layers of the OSI models
D. Firewalls are used to create security checkpoints at the boundaries of private networks

A

Answer: C
Explanation:

92
Q
Which of the following is the least important security service provided by a firewall?  
A. Packet filtering 
B. Encrypted tunnels 
C. Network Address Translation 
D. Proxy services
A

Answer: B
Explanation:

93
Q

Which of the following firewall rules is less likely to be found on a firewall installed between an organization’s internal network and internet?
A. Permit all traffic to and from local host
B. Permit all inbound ssh traffic
C. Permit all inbound tcp connections
D. Permit all syslog traffic to log-server.abc.org

A

Answer: C
Explanation:

94
Q

Which of the following packets should NOT be dropped at a firewall protecting an organization’s internal network?
A. Inbound packets with Source Routing option set
B. Router information exchange protocols
C. Inbound packets with an internal source IP address
D. Outbound packets with an external destination IP address

A

Answer: D
Explanation:

95
Q
By examining the “state” and “context” of the incoming data packets, it helps to track the protocols that are considered “connectionless”, such as UDP-based applications and Remote Procedure Calls (RPC). This type of firewall system is used in:  
A. first generation firewall systems 
B. second generation firewall systems 
C. third generation firewall systems 
D. fourth generation firewall systems
A

Answer: C
Explanation: “Stateful Inspection Characteristics The firewall maintains a state table that tracks each and every communication channel. Frames are analyzed at all communication layers. It provides a high degree of security and does not introduce the performance hit that proxy firewalls introduce. It is scaleable and transparent to users It provides data tracking for tracking connectionless protocols such as UDP and ICMP The stat and context of the data within the packets are stored and updated continuously. It is considered a third-generation firewall.” Pg. 375 Shon Harris: All-in-One CISSP Certification
Not A:
“Packet filtering is the first generation firewall—that is, it was the first type that was created and used, and other types were developed fall into different generations.” Pg 373 Shon Harris: All-inOne CISSP Certification

96
Q

Which of the following statements pertaining to packet filtering is incorrect?
A. It is based on ACLs
B. It is not application dependant
C. It operates at the network layer
D. It keeps track of the state of a connection

A

Answer: D
Explanation:

97
Q

A screening router can perform packet filtering based upon what data?
A. Translated source destination addresses.
B. Inverse address resolution.
C. Source and destination port number.
D. Source and destination addresses and application data.

A

Answer: C
Explanation: The original answer was A (translated source destination address). I did not come across this term in my reading. Screening router A screening router is one of the simplest firewall strategies to implement. This is a popular design because most companies already have the hardware in place to implement it. A screening router is an excellent first line of defense in the creation of your firewall strategy. It’s just a router that has filters associated with it to screen outbound and inbound traffic based on IP address and UDP and TCP ports. http://www.zdnet.co.uk/news/specials/2000/10/enterprise/techrepublic/2002/10/article002c.html

98
Q

Why are hardware security features preferred over software security features?
A. They lock in a particular implementation.
B. They have a lower meantime to failure.
C. Firmware has fever software bugs.
D. They permit higher performance.

A

Answer: D
Explanation: This is a sort of iffy question. Hardware allows faster performance then software and does not need to utilize an underlying OS to make the security software operate. (An example is PIX firewall vs checkpoint). The meantime to failure answer to me is ok but the hardware that the software security also has a MTFF. A few people looked over this question and had no problem with the answer of B (meantime to failure question) but as I looked into it I have picked D. MTTF is typical the time to failure. “MTFF is the expected typical functional lifetime of the device given a specific operating environment” (- Ed Tittle CISSP Study Guide (sybex) pg 657). This leads me to think that this question says hardware has a SHORTER lifespan then software. Thus I am going to have to go with D (higher performance). This can be because of ASICs. As always uses your best judgment, knowledge and experience on this question. Below are some points of view.
Few things to consider when deploying software based firewall: Patching OS or firewall software could bring down firewall or open additional holes OS Expertise vs. firewall expertise (you may need two administrators). Support contract (One for hardware, one for OS, one for firewall), who do you call? Administration (One for OS and one for firewall). If your not an expert in both then forget it. High-availability (Stateful failover) (usually requires additional software and costs a lot of money). As a result it adds to support costs. Is software firewalls a bad idea it depends. Every situation is different. -Bob http://www.securityfocus.com/archive/105/322401/2003-05-22/2003-05-28/2
A software firewall application is designed to be installed onto an existing operating system running on generic server or desktop hardware. The application may or may not ‘harden’ the underlying operating system by replacing core components. Typical host operating systems include Windows NT, 2000 server or Solaris. Software firewall applications all suffer from the following key disadvantages: They run on a generic operating system that may or may not be hardened by the Firewall installation itself. A generic operating system is non-specialized and more complex than is necessary to operate the firewall. This leads to reliability problems and hacking opportunities were peripheral/unnecessary services are kept running. Generic operating systems have their own CPU and memory overheads making software based firewalls slower than their dedicated hardware counterparts. If the software firewalls uses PC hardware as the host platform, then there may be additional reliability problems with the hardware itself. Sub-optimal performance of generic hardware also affects software applications bundled with their own operating systems.
There is no physical or topological separation of the firewalling activity.
A dedicated hardware firewall is a software firewall application and operating system running on dedicated hardware. This means the hardware used is optimized for the task, perhaps including digital signal processors (DSPs) and several network interfaces. There may also be special hardware used to accelerate the encryption/decryption of VPN data. It may be rack mounted for easy installation into a comms’ cabinet. We recommend dedicated hardware firewalls as they offer several key advantages over software applications: Dedicated hardware is typically more reliable. Hardware firewalls are simpler, hence more secure. Hardware firewalls are more efficient and offer superior performance, especially in support of VPNs. The firewalling activity is physically and topologically distinct. http://www.zensecurity.co.uk/default.asp?URL=hardware%20software%20firewall

99
Q
Firewalls can be used to    
A. Enforce security policy. 
B. Protect data confidentiality. 
C. Protect against protocol redirects. 
D. Enforce Secure Network Interface addressing.
A

Answer: A
Explanation: A firewall is a device that supports and enforces the company’s network security policy. - Shon Harris All-in-one CISSP Certification Guide pg 412

100
Q
Which one of the following operations of a secure communication session cannot be protected?
A. Session initialization 
B. Session support 
C. Session termination 
D. Session control
A

Answer: B
Explanation: Session control is protected (Cisco http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/product_data_sheet0 9186a0080117962.html) Session initialization is protected (protection against SYN attacks/DoS) Session termination is protected – they terminate idle connection so they don’t consume resources So, by the process of elimination, the correct answer is ‘session support’.

101
Q

The general philosophy for DMZ’s are that:
A. any system on the DMZ can be compromised because it’s accessible from the Internet
B. any system on the DMZ cannot be compromised because it’s not accessible from the Internet
C. some systems on the DMZ can be compromised because they are accessible from the Internet
D. any system on the DMZ cannot be compromised because it’s by definition 100% safe and not accessible from the Internet

A

Answer: A
Explanation:

102
Q
What is NOT an authentication method within IKE and IPsec:  
A. CHAP 
B. Pre-shared Key 
C. certificate based authentication 
D. Public Key authentication
A

Answer: A
Explanation:

103
Q

In IPSec, if the communication mode is gateway-gateway or host-gateway:
A. Only tunnel mode can be used
B. Only transport mode can be used
C. Encapsulating Security Payload (ESP) authentication must be used
D. Both tunnel and transport mode can be used

A

Answer: D
Explanation: “IPSec can work in one of two modes: transport mode, where the payload of the message is protected, and tunnel mode, where the payload and the routing and header information is protected.” Pg 527 Shon Harris: All-in-One CISSP Certification
Not:” Encapsulating Security Payload (ESP) authentication must be used”
“IPSec is not a strict protocol that dictates the type of algorithm, keys, and authentication method to be used, but it is an open, modular framework that provides a lot of flexibility for companies when they choose to use this type of technology. IPSec uses two basic security protocols: Authentication Header (AH) and the Encapsulating Security Payload (ESP). AH is the authenticating protocol, and ESP is an authenticating and encrypting protocol that uses cryptographic mechanisms to provide source authentication, confidentiality, and message integrity.” Pg 527 Shon Harris: All-in-One CISSP Certification

104
Q

Internet Protocol Security (IPSec) provides security service within the Internet Protocol (IP) by doing all of the following EXCEPT
A. Enabling a system to select required security protocols.
B. Providing traffic analysis protection.
C. Determining the algorithm(s) to use for the IPsec services.
D. Putting in place any cryptographic keys required to provide the requested services.

A

Answer: A
Explanation: Pg 527 Shon Harris CISSP All-In-One Certification Exam Guide

105
Q

Which of the following Internet Protocol (IP) security headers are defined by the Security Architecture for IP (IPSEC)?
A. The IPv4 and IPv5 Authentication Headers
B. The Authentication Header Encapsulating Security Payload
C. The Authentication Header and Digital Signature Tag
D. The Authentication Header and Message Authentication Code

A

Answer: B
Explanation: “IPSec uses two basic security protocols: Authentication Header (AH) and the Encapsulating Security Payload (ESP).” pg 575 Shon Harris CISSP All-In-One Certification Exam Guide

106
Q

Which of the following statements are true of IPSec Transport mode? Select best two.
A. It is required for gateways providing access to internal systems
B. It can be set-up when end-point is host or communications terminates at end-points
C. If used in gateway-to-host communication, gateway must act as host
D. Detective/Administrative Pairing

A

Answer: B,C
Explanation:

107
Q

What is called the standard format that was established to set up and manage Security Associations (SA) on the Internet in IPSec?
A. Internet Key Exchange
B. Secure Key Exchange Mechanism
C. Oakley
D. Internet Security Association and Key Management Protocol

A

Answer: D
Reference: pg 221 Krutz

108
Q

What is the purpose of the Encapsulation Security Payload (ESP) in the Internet Protocol (IP) Security Architecture for Internet Protocol Security?
A. To provide non-repudiation and confidentiality for IP transmission.
B. To provide integrity and confidentiality for IP transmissions.
C. To provide integrity and authentication for IP transmissions.
D. To provide key management and key distribution for IP transmissions.

A

Answer: B
Explanation: “Encapsulating Security Payload (ESP). AH is the authenticating protocol and ESP is an authenticating and encrypting protocol that uses cryptographic mechanisms to provide source authentication, confidentiality, and message integrity.” Pg 575 Shon Harris CISSP All-InOne Certification Exam Guide

109
Q

Which one of the following is a circuit level application gateway and works independent of any supported TCP/IP application protocol?
A. SOCK-et-S (SOCKS)
B. Common Information Model (CIM)
C. Secure Multipurpose Internet Mail Extension (S/MIME)
D. Generic Security Service Application Programming Interface (GSS-API)

A

Answer: A
Explanation: “Socks Proxy Server Characteristics Circuit-level proxy server Requires clients to be SOCKS-fied with SOCKS client software Mainly used for outbound Internet access and virtual private network (VPN) functionality Can be resource-intensive Provides authentication and encryption features to other VPN protocols, but not considered a traditional VPN protocol” Pg. 422 Shon Harris CISSP All-In-One Certification Exam Guide
Reference:
The SOCKS is an example of a circuit-level proxy gateway that provides a secure channel between two computers. pg. 379 Shon Harris CISSP

110
Q

How does the SOCKS protocol secure Internet Protocol (IP) connections?
A. By negotiating encryption keys during the connection setup.
B. By attaching Authentication Headers (AH) to each packet.
C. By distributing encryption keys to SOCKS enabled applications.
D. By acting as a connection proxy.

A

Answer: D
Explanation: “SOCKS is an example of a circuit-level proxy gateway that provides a secure channel between two computers. When a SOCKS-enabled client sends a request to a computer on the Internet, this request actually goes to the network’s SOCKS proxy server…” pg 379 Shon Harris: All-in-One CISSP Certification

111
Q
In the TCP/IP protocol stack, at what level is the SSL (Secure Sockets Layer) protocol provided?  
A. Application 
B. Network 
C. Presentation 
D. Session
A

Answer: A
Explanation: The major functional groups of protocols and methods are the Application Layer, the Transport Layer, the Internet Layer, and the Link Layer (RFC 1122). It should be noted that this model was not intended to be a rigid reference model into which new protocols have to fit in order to be accepted as a standard.

112
Q
SSL (Secure Sockets Layer) has two possible 'session key' lengths, what are they?  
A. 40 bit & 54 bit 
B. 40 bit & 128 bit 
C. 64 bit & 128 bit 
D. 128 bit & 256 bit
A

Answer: B
Explanation:

113
Q

Which of the following is NOT true of SSL?
A. By convention is uses ‘s-http://’ instead of ‘http://’.
B. It stands for Secure Sockets Layer
C. It was developed by Netscape
D. IT is used for transmitting private documents over the internet

A

Answer: A
Explanation:

114
Q
Which SSL version offers client-side authentication  
A. SSL v1 
B. SSL v2 
C. SSL v3 
D. SSL v4
A

Answer: B
Explanation: “Client Authentication using Digital IDs Enable access by certificates http://www.verisign.com/repository/clientauth/ent_ig.htm#clientauth

115
Q

In which way does a Secure Socket Layer (SSL) server prevent a “man-in-the-middle” attack?
A. It uses signed certificates to authenticate the server’s public key.
B. A 128 bit value is used during the handshake protocol that is unique to the connection.
C. It uses only 40 bits of secret key within a 128 bit key length.
D. Every message sent by the SSL includes a sequence number within the message contents.

A

Answer: A
Explanation: Secure Sockets Layer (SSL). An encryption technology that is used to provide secure transactions such as the exchange of credit card numbers. SSL is a socket layer security protocol and is a two-layered protocol that contains the SSL Record Protocol and the SSL Handshake Protocol. Similiar to SSH, SSL uses symmetric encryption for private connections and asymmetric or public key cryptography (certificates) for peer authentication. It also uses a Message Authentication Code for message integrity checking.
Krutz: The CISSP Prep Guide pg. 89. It prevents a man in the middle attack by confirming that you are authenticating with the server desired prior entering your user name and password. If the server was not authenticated, a man-in-the-middle could retrieve the username and password then use it to login.
The SSL protocol has been known to be vulnerable to some man-in-the-middle attacks. The attacker injects herself right at the beginning of the authentication phase so that she obtains both parties’ keys. This enables her to decrypt and view messages that were not intended for her. Using digital signatures during the session-key exchange can circumvent the man-in-the-middle attack. If using kerberos, when Lance and Tanya obtain each other’s public keys from the KDC, the public keys are signed by the KDC. Because Tanya and Lanace have the public key of the KDC, they both can decrypt and verify the signature on each other’s public key and be sure that it came from the KDC itself. Because David does not have the private key of the KDC, he cannot substitute his pubic key during this type of transmission. Shon Harris All-In-One CISSP Certification pg. 579.
One of the most important pieces a PKI is its public key certificate. A certificate is the mechanism used to associate a public key with a collection of components sufficient to uniquely authenticate the claimed owner. Shon Harris All-In-One CISSP Certification pg. 540.

116
Q
Secure Shell (SSH) and Secure Sockets Layer (SSL) are very heavily used for protecting  
A. Internet transactions 
B. Ethernet transactions 
C. Telnet transactions 
D. Electronic Payment transactions
A

Answer: A
Explanation:

117
Q

Which one of the following CANNOT be prevented by the Secure Shell (SSH) program?
A. Internet Protocol (IP) spoofing.
B. Data manipulation during transmissions.
C. Network based birthday attack.
D. Compromise of the source/destination host.

A

Answer: D
Explanation: This is a question that I disagreed with. The premises that SSH does use RSA and 3DES, thus susceptible to cryptographic attack (namely birthday attach) has merit but I think the answer is more simple, in that you SSH cant protect against a compromised source/destination. You can safely rule out spoofing and manipulation (that is the job of ssh to protect the transmission). Original answer was C birthday attack. Use your best judgment based on knowledge and experience. The use of ssh helps to correct these vulnerabilities. Specifically, ssh protects against these attacks: IP spoofing (where the spoofer is on either a remote or local host), IP source routing, DNS spoofing, interception of cleartext passwords/data and attacks based on listening to X authentication data and spoofed connections to an X11 server. http://wwwarc.com/sara/cve/SSH_vulnerabilities.html Birthday attack - Usually applied to the probability of two different messages using the same hash function that produces a common message digest; or given a message and its corresponding message digest, finding another message that when passed through the same hash function generates the same specific message digest. The term “birthday” comes from the fact that in a room with 23 people, the probability of two people having the same birthday is great than 50 percent. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 212

118
Q
Another name for a VPN is a:  
A. tunnel 
B. one-time password 
C. pipeline 
D. bypass
A

Answer: A
Explanation:

119
Q
Which one of the following attacks is MOST effective against an Internet Protocol Security (IPSEC) based virtual private network (VPN)?    
A. Brute force 
B. Man-in-the-middle 
C. Traffic analysis 
D.. Replay
A

Answer: B
Explanation: Active attacks find identities by being a man-in-the-middle or by replacing the responder in the negotiation. The attacker proceeds through the key negotiation with the attackee until the attackee has revealed its identity. In a well-designed system, the negotiation will fail after the attackee has revealed its identity because the attacker cannot spoof the identity of the originally-intended system. The attackee might then suspect that there was an attack because the other side failed before it gave its identity. Therefore, an active attack cannot be persistent because it would prevent all legitimate access to the desired IPsec system.
http://msgs.securepoint.com/cgi-bin/get/ipsec-0201/18.html
Not C: Traffic analysis is a good attack but not the most effective as it is passive in nature, while Man in the middle is active.

120
Q
Which of the following is NOT an essential component of a VPN?  
A. VPN Server 
B. NAT Server 
C. authentication 
D. encryption
A

Answer: B
Explanation:

121
Q
Virtual Private Network software typically encrypts all of the following EXCEPT   
A. File transfer protocol 
B. Data link messaging 
C. HTTP protocol 
D. Session information
A

Answer: B

Explanation

122
Q
Which of the following is less likely to be used in creating a Virtual Private Network?  
A. L2TP 
B. PPTP 
C. IPSec 
D. L2F
A

Answer: D
Explanation: “The following are the three most common VPN communications protocol standards:
Point-to-Point Tunneling Protocol(PPTP). PPTP works at the Data Link Layer of the OSI model. Designed for individual client to server connections, it enables only a single point-to-point connection per session. This standard is very common with asynchronous connections that use Win9x or NT clients. PPTP uses native Point-to-Point Protocol (PPP) authentication and encryption services.
Layer 2 Tunneling Protocol (L2TP). L2TP is a combination of PPTP and the earlier Layer 2 Forwarding (L2F) Protocol that works at the Data Link Layer like PPTP. It has become an accepted tunneling standard for VPN’s. In fact, dial-up VPNs use this standard quite frequently. Like PPTP, this standard was designed for single point-to-point client to server connections. Not that multiple protocols can be encapsulated within the L2TP tunnel, but do not use encryption like PPTP. Also, L2TP supports TACACS+ and RADIUS, but PPTP does not.
IPSEC. IPSec operates at the Network Layer and it enables multiple and simultaneous tunnels, unlike the single connection of the previous standards. IPSec has the functionality to encrypt and authenticate IP data. It is built into the new Ipv6 standard, and is used as an add-on to the current Ipv4. While PPTP and L2TP are aimed more at dial-up VPNs, IPSec focuses more on network-tonetwork connectivity.” Pg. 123-125 Krutz: The CISSP Prep Guide: Gold Edition.

123
Q

Which one of the following instigates a SYN flood attack?
A. Generating excessive broadcast packets.
B. Creating a high number of half-open connections.
C. Inserting repetitive Internet Relay Chat (IRC) messages.
D. A large number of Internet Control Message Protocol (ICMP) traces.

A

Answer: B
Explanation: A SYN attack occurs when an attacker exploits the use of the buffer space during a Transmission Control Protocol (TCP) session initialization handshake. The attacker floods the target system’s small “in-process” queue with connection requests, but it does not respond when a target system replies to those requests. This causes the target system to time out while waiting for the proper response, which makes the system crash or become unusable. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 103
“In a SYN flood attack, hackers use special software that sends a large number of fake packets with the SYN flag set to the targeted system. The victim then reserves space in memory for the connection and attempts to send the standard SYN/ACK reply but never hears back from the originator. This process repeats hundreds or even thousands of times, and the targeted computer eventually becomes overwhelmed and runs out of available resources for the half-opened connections. At that time, it either crashes or simply ignores all inbound connection requests because it can’t possibly handle any more half-open connections.” Pg 266 Tittel: CISSP Study Guide.

124
Q

Which one of the following is defined as the process of distributing incorrect Internet Protocol (IP) addresses/names with the intent of diverting traffic?
A. Network aliasing
B. Domain Name Server (DNS) poisoning
C. Reverse Address Resolution Protocol (ARP)
D. Port scanning

A

Answer: B
Explanation: This reference is close to the one listed DNS poisoning is the correct answer however, Harris does not say the name when describing the attack but later on the page she state the following. This is how DNS DOS attack can occur. If the actual DNS records are unattainable to the attacker for him to alter in this fashion, which they should be, the attacker can insert this data into the cache of there server instead of replacing the actual records, which is referred to as cache poisoning. - Shon Harris All-in-one CISSP Certification Guide pg 795

125
Q

A Packet containing a long string of NOP’s followed by a command is usually indicative of what?
A. A syn scan
B. A half-port scan
C. A buffer overflow
D. A packet destined for the network’s broadcast address
yground.org/papers/perl-buffer.txt

A

Answer: C
Explanation: Reference “This paper is for those who want a practical approach to writing buffer overflow exploits. As the title says, this text will teach you how to write these exploits in Perl.
….. There are reasons why we construct the buffer this way. First we have a lot of NOPs, then the shellcode (which in this example will execute /bin/sh), and at last the ESP + offset values.” http://hackerspla

126
Q

You are running a packet sniffer on a network and see a packet with a long string of long string of “90 90 90 90….” in the middle of it traveling to an x86-based machine. This could be indicative of what?
A. Over-subscription of the traffic on a backbone
B. A source quench packet
C. a FIN scan
D. A buffer overflow

A

Answer: D
Reference: “TCP Port 5000 Buffer Overflow Attack
The attack on Port 5000 was part of this scan pattern
Mar 14, 2004 15:58:17.837 - (TCP) 68.144.13.102 : 2282&raquo_space;> 192.168.1.36 : 2745
Mar 14, 2004 15:58:17.857 - (TCP) 68.144.13.102 : 2283&raquo_space;> 68.144.193.246 : 135
Mar 14, 2004 15:58:17.887 - (TCP) 68.144.13.102 : 2284&raquo_space;> 192.168.1.38 : 1025
Mar 14, 2004 15:58:17.907 - (TCP) 68.144.13.102 : 2285&raquo_space;> 68.144.193.246 : 445
Mar 14, 2004 15:58:17.938 - (TCP) 68.144.13.102 : 2286&raquo_space;> 192.168.1.36 : 3127
Mar 14, 2004 15:58:17.958 - (TCP) 68.144.13.102 : 2287&raquo_space;> 68.144.193.246 : 6129
Mar 14, 2004 15:58:17.988 - (TCP) 68.144.13.102 : 2288&raquo_space;> 68.144.193.246 : 139
Mar 14, 2004 15:58:18.008 - (TCP) 68.144.13.102 : 2289&raquo_space;> 192.168.1.36 : 5000
Mar 14, 2004 15:58:29.164 - (TCP) 68.144.13.102 : 1442&raquo_space;> 68.144.193.246 : 1981
Mar 14, 2004 15:58:33.470 - (TCP) 68.144.13.102 : 1442&raquo_space;> 68.144.193.246 : 1981
Mar 14, 2004 15:58:39.288 - (TCP) 68.144.13.102 : 1442&raquo_space;> 68.144.193.246 : 1981
ISC CISSP Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 444
The attack appears to be a buffer overfull attack on the Plug and Play service on TCP Port 5000, which likely contains instructions to download and execute the rest of the worm.
TCP Connection Request
—- 14/03/2004 15:40:57.910
68.144.193.124 : 4560 TCP Connected ID = 1
—- 14/03/2004 15:40:57.910
Status Code: 0 OK
68.144.193.124 : 4560 TCP Data In Length 697 bytes
MD5 = 19323C2EA6F5FCEE2382690100455C17
—- 14/03/2004 15:40:57.920
0000 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0010 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0020 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0030 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0040 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0050 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0060 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0070 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0080 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0090 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
00A0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
00B0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
00C0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
00D0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
00E0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
00F0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
ISC CISSP Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 445
0100 90 90 90 90 90 90 90 90 90 90 90 90 4D 3F E3 77 …………M?.w
0110 90 90 90 90 FF 63 64 90 90 90 90 90 90 90 90 90 …..cd………
0120 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0130 90 90 90 90 90 90 90 90 EB 10 5A 4A 33 C9 66 B9 ……….ZJ3.f.
0140 66 01 80 34 0A 99 E2 FA EB 05 E8 EB FF FF FF 70 f..4………..p
0150 99 98 99 99 C3 21 95 69 64 E6 12 99 12 E9 85 34 …..!.id……4
0160 12 D9 91 12 41 12 EA A5 9A 6A 12 EF E1 9A 6A 12 ….A….j….j.
0170 E7 B9 9A 62 12 D7 8D AA 74 CF CE C8 12 A6 9A 62 …b….t……b
0180 12 6B F3 97 C0 6A 3F ED 91 C0 C6 1A 5E 9D DC 7B .k…j?…..^..{
0190 70 C0 C6 C7 12 54 12 DF BD 9A 5A 48 78 9A 58 AA p….T….ZHx.X.
01A0 50 FF 12 91 12 DF 85 9A 5A 58 78 9B 9A 58 12 99 P…….ZXx..X..
01B0 9A 5A 12 63 12 6E 1A 5F 97 12 49 F3 9A C0 71 E5 .Z.c.n...I…q.
01C0 99 99 99 1A 5F 94 CB CF 66 CE 65 C3 12 41 F3 9D ….
…f.e..A..
01D0 C0 71 F0 99 99 99 C9 C9 C9 C9 F3 98 F3 9B 66 CE .q…………f.
01E0 69 12 41 5E 9E 9B 99 9E 24 AA 59 10 DE 9D F3 89 i.A^….$.Y…..
01F0 CE CA 66 CE 6D F3 98 CA 66 CE 61 C9 C9 CA 66 CE ..f.m…f.a…f.
0200 65 1A 75 DD 12 6D AA 42 F3 89 C0 10 85 17 7B 62 e.u..m.B……{b
0210 10 DF A1 10 DF A5 10 DF D9 5E DF B5 98 98 99 99 ………^……
0220 14 DE 89 C9 CF CA CA CA F3 98 CA CA 5E DE A5 FA …………^…
0230 F4 FD 99 14 DE A5 C9 CA 66 CE 7D C9 66 CE 71 AA ……..f.}.f.q.
0240 59 35 1C 59 EC 60 C8 CB CF CA 66 4B C3 C0 32 7B Y5.Y.`….fK..2{
0250 77 AA 59 5A 71 62 67 66 66 DE FC ED C9 EB F6 FA w.YZqbgff…….
0260 D8 FD FD EB FC EA EA 99 DA EB FC F8 ED FC C9 EB …………….
0270 F6 FA FC EA EA D8 99 DC E1 F0 ED C9 EB F6 FA FC …………….
0280 EA EA 99 D5 F6 F8 FD D5 F0 FB EB F8 EB E0 D8 99 …………….
0290 EE EA AB C6 AA AB 99 CE CA D8 CA F6 FA F2 FC ED …………….
02A0 D8 99 FB F0 F7 FD 99 F5 F0 EA ED FC F7 99 F8 FA …………….
ISC CISSP Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 446
02B0 FA FC E9 ED 99 0D 0A 0D 0A ……… “ http://www.linklogger.com/TCP5000_Overflow.htm

127
Q

Which of the following is true related to network sniffing?
A. Sniffers allow an attacker to monitor data passing across a network.
B. Sniffers alter the source address of a computer to disguise and exploit weak authentication methods.
C. Sniffers take over network connections
D. Sniffers send IP fragments to a system that overlap with each other.

A

Answer: A
Explanation: Sniffing is the action of capture / monitor the traffic going over the network. Because, in a normal networking environment, account and password information is passed along Ethernet in clear-text, it is not hard for an intruder to put a machine into promiscuous mode and by sniffing, compromise all the machines on the net by capturing password in an illegal fashion.

128
Q
Which one of the following threats does NOT rely on packet size or large volumes of data?    
A. SYN flood 
B. Spam 
C. Ping of death 
D. Macro virus
A

Answer: D
Explanation: SPAM - The term describing unwanted email, newsgroup, or discussion forum messages. Spam can be innocuous as an advertisement from a well-meaning vendor or as malignant as floods or unrequested messages with viruses or Trojan horses attached SYN Flood Attack - A type of DoS. A Syn flood attack is waged by not sending the final ACK packet, which breaks the standard three-way handshake used by TCP/IP to initiate communication
ISC CISSP Exam
“Pass Any Exam. Any Time.” - www.actualtests.com 447
sessions. Ping of death attack - A type of DoS. A ping of death attack employs an oversized ping packet. Using special tools, an attacker can send numerous oversized ping packets to a victim. In many cases, when the victimized system attempts to process the packets, an error occurs causing the system to freeze, crash, or reboot. Macro Viruses - A virus that utilizes crude technologies to infect documents created in the Microsoft Word environment. - Ed Tittle CISSP Study Guide (sybex) pg 550 740, 743, 723, 713

129
Q

A TCP SYN Attack:
A. requires a synchronized effort by multiple attackers
B. takes advantage of the way a TCP session is established
C. may result in elevation of privileges.
D. is not something system users would notice

A

Answer: B
Explanation: “[SYN Flood] Attackers can take advantage of this design flaw by continually sending the victim SYN messages with spoofed packets. The victim will commit the necessary resources to setup this communication socket, and it will send its SYN/ACK message waiting for the ACK message in return. However, the victim will never receive the ACK message, because the packet is spoofed, and victim system sent the SYN/ACK message to a computer that does not exist. So the victim system receives a SYN message, add it dutifully commits the necessary resources to setup a connection with another computer. This connection is queued waiting for the ACK message, and the attacker sends another SYN message. The victim system does what is supposed to can commits more resources, sends the SYN/ACK message, and queues this connection. This may only need to happen a dozen times before the victim system no longer has the necessary resources to open up another connection. This makes the victim computer unreachable from legitimate computers, denying other systems service from the victim computer.” Pg. 735 Shon Harris CISSP All-In-One Exam Guide

130
Q
What attack is typically used for identifying the topology of the target network?    
A. Spoofing 
B. Brute force 
C. Teardrop 
D. Scanning
A

Answer: D
Explanation: Flaw exploitation attacks exploit a flaw in the target system’s software in order to cause a processing failure or to cause it to exhaust system resources. An example of such a processing failure is the ‘ping of death’ attack. This attack involved sending an unexpectedly large ping packet to certain Windows systems. The target system could not handle this abnormal packet, and a system crash resulted. With respect to resource exhaustion attacks, the resources targeted include CPU time, memory, disk space, space in a special buffer, or network bandwidth. In many cases, simply patching the software can circumvent this type of DOS attack.

131
Q

Which one of the following is the reason for why hyperlink spoofing attacks are usually successful?
A. Most users requesting DNS name service do not follow hyperlinks.
B. The attack performs user authentication with audit logs.
C. The attack relies on modifications to server software.
D. Most users do not make a request to connect to a DNS names, they follow hyperlinks.
subject to what I call “hyperlink spoofing” or “Trojan HTML”, whereby a page lies about an URLs DNS name. Both forms of spoofing have the same effect of steering you to the wrong internet site, however hyperlink spoofing is technically much easier than DNS spoofing. http://www.brd.ie/papers/sslpaper/sslpaper.html

A

Answer:
D Explanation: The problem is that most users do not request to connect to DNS names or even URLs, they follow hyperlinks… But, whereas DNS names are subject to “DNS spoofing” (whereby a DNS server lies about the internet address of a server) so too are URLs

132
Q

Which of the following identifies the first phase of a Distributed Denial of Service attack?
A. Establishing communications between the handler and agent.
B. Disrupting the normal traffic to the host.
C. Disabling the router so it cannot filter traffic.
D. Compromising as many machines as possible.

A

Answer: D
Explanation: Another form of attack is called the distributed denial of service (DDOS). A distributed denial of service occurs when the attacker compromises several systems and uses them as launching platforms against on or more victims. - Ed Tittle CISSP Study Guide (sybex) pg 51

133
Q
This type of vulnerability enables the intruder to re-route data traffic from a network device to a personal machine? This diversion enables the intruder to capture data traffic to and from the devices for analysis or modification, or to steal the password file from the server and gain access to user accounts.  
A. Network Address Translation 
B. Network Address Hijacking 
C. Network Address Supernetting 
D. Network Address Sniffing
A

Answer: B
Explanation: “Network Address Hijacking. It might be possible for an intruder to reroute data traffic from a server or network device to a personal machine, either by device address modification or network address “hijacking.” This diversion enables the intruder to capture traffic to and from the devices for data analysis or modification or to steal the password file from the server and gain access to user accounts. By rerouting the data output, the intruder can obtain supervisory terminal functions and bypass the system logs.”
Pg. 324 Krutz: The CISSP Prep Guide: Gold Edition

134
Q

Which one of the following is an example of hyperlink spoofing?
A. Compromising a web server Domain Name Service reference.
B. Connecting the user to a different web server.
C. Executing Hypertext Transport Protocol Secure GET commands.
D. Starting the user’s browser on a secured page.

A

Answer: B
Explanation: The problem is that most users do not request to connect to DNS names or even URLs, they follow hyperlinks… But, whereas DNS names are subject to “DNS spoofing” (whereby a DNS server lies about the internet address of a server) so too are URLs subject to what I call “hyperlink spoofing” or “Trojan HTML”, whereby a page lies about an URLs DNS name. Both forms of spoofing have the same effect of steering you to the wrong internet site, however hyperlink spoofing is technically much easier than DNS spoofing. http://www.brd.ie/papers/sslpaper/sslpaper.html

135
Q

Why are packet filtering routers NOT effective against mail bomb attacks?
A. The bomb code is obscured by the message encoding algorithm.
B. Mail bombs are polymorphic and present no consistent signature to filter on.
C. Filters do not examine the data portion of a packet.
D. The bomb code is hidden in the header and appears as a normal routing information.

A

Answer: C
Explanation:

136
Q
Which one of the following correctly identifies the components of a Distributed Denial of Service Attack?    
A. Node, server, hacker, destination 
B. Client, handler, agent, target 
C. Source, destination, client, server 
D. Attacker, proxy, handler, agent
A

Answer: B
Explanation: Another form of DoS. A distributed denial of service occurs when the attacker compromises several systems to be used as launching platforms against one or more victims. The compromised systems used in the attacks are often called claves or zombies. A DDoS attack results in the victims being flooded with data from numerous sources. - Ed Tittle CISSP Study Guide (sybex) pg 693

137
Q
Which one of the following attacks will pass through a network layer intrusion detection system undetected?    
A. A teardrop attack 
B. A SYN flood attack 
C. A DNS spoofing attack 
D. A test.cgi attack
A

Answer: D
Explanation: “Because a network-based IDS reviews packets and headers, it can also detect denial of service (DoS) attacks.” Pg. 64 Krutz: The CISSP Prep Guide
Not A or B:
“The following sections discuss some of the possible DoS attacks available.
Smurf Fraggle SYN Flood Teardrop DNS DoS Attacks”
Pg. 732-737 Shon Harris: All-In-One CISSP Certification Exam Guide

138
Q
Which one of the following is a passive network attack?    
A. Spoofing 
B. Traffic Analysis 
C. Playback 
D. Masquerading
A

Answer: B
Explanation: “Traffic analysis and trend analysis are forms of monitoring that examine the flow of packets rather than the actual content of packets. Traffic and trend analysis can be used to infer a large amount of information, such as primary communication routes, sources of encrypted traffic, location of primary servers, primary and backup communication pathways, amount of traffic supported by the network, typical direction of traffic flow, frequency of communications, and much more.” Pg 429 Tittel: CISSP Study Guide

139
Q
Which one of the following can NOT typically be accomplished using a Man-in-the-middle attack?   
A. DNS spoofing 
B. Session hijacking 
C. Denial of service flooding 
D. Digital signature spoofing
A

Answer: D
Explanation:

140
Q
What is called an attach where the attacker spoofs the source IP address in an ICMP ECHO broadcast packet so it seems to have originated at the victim's system, in order to flood it with REPLY packets?  
A. SYN flood attack 
B. Smurf attack 
C. Ping of Dead Attack 
D. Denial of Service (DOS) Attack
A

Answer: B
Reference: pg 158 Hansche: Official (ISC)2 Guide to the CISSP Exam

141
Q
Which type of attack involves the alteration of a packet at the IP level to convince a system that it is communicating with a known entity in order to gain access to a system?  
A. TCP sequence number attack 
B. IP spoofing attack 
C. Piggybacking attack 
D. Teardrop attack
A

Answer: B
Explanation:

142
Q
What attack takes advantage of operating system buffer overflows?    
A. Spoofing 
B. Brute force 
C. DoS 
D. Exhaustive
A

Answer: C
Explanation: Denial of Service is an attack on the operating system or software using buffer overflows. The result is that the target is unable to reply to service requests. This is too a large an area of information to try to cover here, so I will limit my discussion to the types of denial of service (DoS) attacks:

143
Q
What attack is primarily based on the fragmentation implementation of IP and large ICMP packet size?    
A. Exhaustive 
B. Brute force 
C. Ping of Death 
D. Spoofing
A

Answer: C
Explanation: Ping of Death – This exploit is based on the fragmentation implementation of IP whereby large packets are reassembled and can cause machines to crash. ‘Ping of Death takes advantage of the fact that it is possible to send an illegal ICMP Echo packet with more than the allowable 65, 507 octets of data because of the way fragmentation is performed. A temporary fix is block ping packets. Ideally, an engineer should secure TCP/IP from overflow when reconstructing IP fragments.
ISC

144
Q

Land attack attacks a target by:
A. Producing large volume of ICMP echos.
B. Producing fragmented IP packets.
C. Attacking an established TCP connection.
D. None of the choices.

A

Answer: C
Explanation: Land.c. attack – Attacks an established TCP connection. A program sends a TCP SYN packet giving the target host address as both the sender and destination using the same port causing the OS to hang.

145
Q
What attack is primarily based on the fragmentation implementation of IP?    
A. Teardrop 
B. Exhaustive 
C. Spoofing 
D. Brute force
A

Answer: A
Explanation: Teardrop attack - This is based on the fragmentation implementation of IP whereby reassembly problems can cause machines to crash. The attack uses a reassembly bug with overlapping fragments and causes systems to hang or crash. It works for any Internet Protocol type because it hits the IP layer itself. Engineers should turn off directed broadcast capability.

146
Q
What attack floods networks with broadcast traffic so that the network is congested?    
A. Spoofing 
B. Teardrop 
C. Brute force 
D. SMURF
A

Answer: D
Explanation: SMURF attack – This attack floods networks with broadcast traffic so that the network is congested. The perpetrator sends a large number of spoofed ICMP (Internet Control Message Protocol) echo requests to broadcast addresses hoping packets will be sent to the spoofed addresses. You need to understand the OSI model and how protocols are transferred between layer 3 and layer 2 to understand this attack. The layer 2 will respond to the ICMP echo request with an ICMP echo reply each time, multiplying the traffic by the number of hosts involved. Engineers should turn off broadcast capability (if possible in your environment) to deter this kind of attack.

147
Q
What attack involves repeatedly sending identical e-message to a particular address?    
A. SMURF 
B. Brute force 
C. Teardrop 
D. Spamming
A

Answer: D
Explanation:
Spamming – Involves repeatedly sending identical e-message to a particular address. It is a variant of bombing, and is made worse when the recipient replies – i.e. recent cases where viruses or worms were attached to the e-mail message and ran a program that forwarded the message from the reader to any one on the user’s distribution lists. This attack cannot be prevented, but you should ensure that entrance and exit of such mail is only through central mail hubs.

148
Q

A stack overflow attack that “crashes” a Transmission Control Protocol/Internet Protocol (TCP/IP) service daemon can result in a serious security breach because the
A. Process does not implement proper object reuse.
B. Process is executed by a privileged entity.
C. Network interface becomes promiscuous.
D. Daemon can be replaced by a trojan horse.

A

Answer: B
Explanation:

149
Q

The intrusion detection system at your site has detected Internet Protocol (IP) packets where the IP source address is the same as the destination address.
This situation indicates
A. Misdirected traffic jammed to the internal network.
B. A denial of service attack.
C. An error in the internal address matrix.
D. A hyper overflow in the IP stack.

A

Answer: B
Explanation: “The Land denial of service attack causes many older operating systems (such as Windows NT 4, Windows 95, and SunOS 4.1.4) to freeze and behave in an unpredictable manner.
It works by creating an artificial TCP packet that has the SYN flag set. The attacker set the destination IP address to the address of the victim machine and the destination port to an open port on that machine. Next, the attacker set the source IP address and source port to the same values as the destination IP address and port. When the targeted host receives this unusual packet, the operating system doesn’t know how to process it and freezes, crashes, or behaves in an unusual manner as a result.” Pg 237 Tittel: CISSP Study Guide

150
Q
What type of attacks occurs when a rogue application has been planted on an unsuspecting user’s workstation?    
A. Physical attacks 
B. Logical attacks 
C. Trojan Horse attacks 
D. Social Engineering attacks
A

Answer: C
Explanation: Trojan Horse attacks - This attack involves a rogue, Trojan horse application that has been planted on an unsuspecting user’s workstation. The Trojan horse waits until the user submits a valid PIN from a trusted application, thus enabling usage of the private key, and then asks the smartcard to digitally sign some rogue data. The operation completes but the user never knows that their private key was just used against their will.

151
Q

Man-in-the-middle attacks are a real threat to what type of communication?
A. Communication based on random challenge.
B. Communication based on face to face contact
C. Communication based on token.
D. Communication based on asymmetric encryption.

A

Answer: D
Explanation: The weakest point in the communication based on asymmetric encryption is the knowledge about the real owners of keys. Somebody evil could generate a key pair, give the public key away and tell everybody, that it belongs to somebody else. Now, everyone believing it will use this key for encryption, resulting in the evil man being able to read the messages. If he encrypts the messages again with the public key of the real recipient, he will not be easily recognized. This sort of attack is called ``man-in-the-middle’’ attack and can only be prevented by making sure, public keys really belong to the one being designated as owner.

152
Q
Which of the following threats is not addressed by digital signature and token technologies?  
A. Spoofing 
B. replay attacks 
C. password compromise 
D. denial-of-service
A

Answer: D
Explanation:

153
Q
Which one of the following is concerned with masking the frequency, length, and origin-destination patterns of the communications between protocol entities?    
A. Masking analysis 
B. Protocol analysis 
C. Traffic analysis 
D. Pattern analysis
A

Answer: C
Explanation: Traffic analysis, which is sometimes called trend analysis, is a technique employed by an intruder that involves analyzing data characteristics (message length, message frequency, and so forth) and the patterns of transmissions (rather than any knowledge of the actual information transmitted) to infer information that is useful to an intruder) . -Ronald Krutz The CISSP PREP Guide (gold edition) pg 323

154
Q
Which of the following would NOT be considered a Denial of Service Attack?  
A. Zone Transfer 
B. Smurf 
C. Syn Flood 
D. TearDrop
A

Answer: A
Explanation: Zone transfer is method that DNS uses to transfer zone information between servers. In some un-secure DNS installations zone transfers are allowed to un-trusted DNS servers. This allows the hacker to determine internal host names and ip addresses to provide additional information for an attack.

155
Q
The connection using fiber optics from a phone company's branch office to local customers is which of the following?  
A. new loop 
B. local loop 
C. loopback
D. indigenous loop
A

Answer:
B Explanation: In telecommunications Telecommunication the local loop is the wiring between the central office and the customer’s premises demarcation point. The telephony local loop connection is typically a copper twisted pair carrying current from the central office to the customer premises and back again. Individual local loop telephone lines are connected to the local central office or to a remote concentrator.
Local loop connections can be used to carry a range of technologies, including: Analog Voice ISDN DSL

156
Q

Which step ensures the confidentiality of a facsimile transmission?
A. Pre-schedule the transmission of the information.
B. Locate the facsimile equipment in a private area.
C. Encrypt the transmission.
D. Phone ahead to the intended recipient.

A

Answer: C
Explanation:

157
Q
Which one of the following could a company implement to help reduce PBX fraud?    
A. Call vectoring 
B. Direct Inward System Access (DISA) 
C. Teleconferencing bridges 
D. Remote maintenance ports
A

Answer: B
Explanation: The potential for fraud to occur in voice telecommunications equipment is a serious threat. PBX’s (Private Branch Exchange) are telephone switches used within state agencies to allow employees to make out-going and receive in- coming phone calls. These PBX’s can also provide connections for communications between personal computers and local and wide area networks. Security measures must be taken to avoid the possibility of theft of either phone service or information through the telephone systems.
Direct Inward System Access (DISA) is the ability to call into a PBX, either on an 800 number or a local dial-in, and by using an authorization code, gain access to the long distance lines and place long distance calls through the PBX http://www.all.net/books/Texas/chap10.html

158
Q
Phreakers are hackers who specialize in telephone fraud. What type of telephone fraud manipulates the line voltage to receive a toll-free call?  
A. Red boxes 
B. Blue boxes 
C. White boxes 
D. Black boxes
A

Answer: D
Explanation:

159
Q
Which one of the following devices might be used to commit telecommunications fraud using the “shoulder surfing” technique?    
A. Magnetic stripe copier 
B. Tone generator 
C. Tone recorder 
D. Video recorder
A

Answer: C
Explanation:

160
Q
What technique is used to prevent eavesdropping of digital cellular telephone conversations?    
A. Encryption 
B. Authentication 
C. Call detail suppression 
D. Time-division multiplexing
A

Answer: D
Explanation: The name “TDMA”( Time Division Multiple Access) is also used to refer to a specific second generation mobile phone standard - more properly referred to as IS-136, which uses the TDMA technique to timeshare the bandwidth of the carrier wave. It provides between 3 to 6 times the capacity of its predecessor AMPS, and also improved security and privacy. In the United States, for example, AT&T Wireless uses the IS-136 TDMA standard. Prior to the introduction of IS-136, there was another TDMA North American digital cellular standard called IS-54(which was also referred to just as “TDMA”).

161
Q
Which of the following is a telecommunication device that translates data from digital to analog form and back to digital?  
A. Multiplexer 
B. Modem 
C. Protocol converter 
D. Concentrator
A

Answer: B

Explanation