Chapter 12

_________ attack provides false MAC addresses for requested IP-addressed systems to redirect traffic to alternate destinations

ARP spoofing

What is the speed of a T3 line: (1) 44.736 Mbps, or (2) 155 Mbps

(1) 44.736 Mbps A T1 is often 1.544 Mbps, ATM is 155 Mbps, and ISDN is often 64 or 128 kbps

In ________ switching, a dedicated physical pathway is created between the two communicating parties. _____ switching occurs when the message or communication is broken up into small segments and sent across the intermediary networks to the destination.

(1) Circuit, (2) Packet

What are the two types of communication paths/virtual circuits for packet-switching systems?

(1) Permanent virtual circuits [PVCs], or (2) Switched virtual circuits [SVCs]

_________ are used to ensure sequence integrity of a transmission, whereas ______ helps detect communication abuses

(1) Record sequences (2) Transmission logging

NAT can be used in two types of modes: (1) and (2)

(1) Static NAT - when internal IP address is given permanent mapping to specific external public IP address. (2) Dynamic NAT - use to grant multiple internal clients access to a few leased public IP addresses NAT is not directly compatible with IPsec because it modifies packet headers, which IPsec relies on to prevent security violations.

If an organization has deployed VoIP on the same switches that the desktop PCs are on, this could create a security issue. What is the issue, and what would help: (1) VLAN hopping, use physically separate switches, or (2) VLAN hopping, use encryption

(1) VLAN hopping, use physically separate switches VLAN hopping can occur when devices share the same switch infrastructure. Using physically separate switches can prevent this attack. Encryption won't help the VLAN hopping because it relies on header data that the switch needs to read (and this is unencrypted).

Which of the following is the least important when designing a security system for internet-delivered email: (1) Nonrepudiation, (2) Availability, (3) Message Integrity, or (4) Access Restriction

(2) Availability Although it is a key aspect of security in general, it is the least important aspect of security systems for internet-delivered mail

ISDN, cable modems, DSL, and T1 and T3 lines are all examples of _________ technology: (1) Digital, or (2) Broadband

(2) Broadband - They can support multiple simultaneous signals. Further, they are analog, not digital, and are not broadcast technologies.

Which of the following is a more effective countermeasure against PBX fraud and abuse: (1) Encrypting communications, or (2) Changing default passwords

(2) Changing default passwords It provides the most effective increase in security.

_________ occurs when data transmitted on one set of wires is picked up on another set of wires: (1) Magnetic interference, or (2) Crosstalk

(2) Crosstalk Interference like this is electromagnetic rather than simply magnetic

Modern dial-up protocol use what dial-up protocol: (1) SLIP, (2) PPP, or (3) PPTP

(2) PPP It is used for dial-up connections for modems, ISDN, Frame Relay, and other technologies. It replaced SLIP in almost all cases. PPTP is used for VPNs.

What is needed to allow an external client to initiate a communication session with an internal system if the network uses a NAT proxy? (1) IPsec tunnel, (2) Static mode NAT, or (3) Static private IP address

(2) Static mode NAT. It is needed to allow an outside entity to initiate communications with an internal system behind a NAT proxy.

A denial of service (DoS) attack that sends fragmented TCP packets is known as what kind of attack: (1) Christmas tree, (2) Teardrop

(2) Teardrop A teardrop attack uses fragmented packets to target a flaw in how the TCP stack on a system handles fragment reassembly. If the attack is successful, the TCP stack fails, resulting in a denial of service. Christmas tree attacks set all of the possible TCP flags on a packet, thus "lighting it up like a Christmas tree".

If someone wants to be able to validate the identity of other organizations based on their domain name when receiving and sending email, which tool should be used: (1) S/MIME, (2) MOSS, or (3) DKIM

(3) DKIM - Domain Keys Identified Mail It is designed to allow assertions of domain to validate email. S/MIME, PEM, and MOSS are all solutions that can provide authentication, integrity, nonrepudiation, and confidentiality, depending on how they are used.

The IP address 127.0.0.1 is a ___________ address: (1) RFC 1918, (2) a public IP address, or (3) a loopback address

(3) Loopback address The IP address 127.0.0.1 is a loopback address and will resolve to the local machine. Public IP addresses are non-RFC 1918, non-reserved addresses. RFC 1918 addresses are reserved and include ranges like 10.x.x.x. Further, an APIPA address is a self-assigned address when a DHCP server cannot be found.

Tunnel connections can be established over all except for which of the following: (1) WAN links, (2) LAN pathways, or (3) Stand-alone systems

(3) Stand-alone systems A stand-alone system has no need for tunneling because no communications between systems are occurring and no intermediary network is present.

__________ is often done to replace a target's cache entry for a destination IP, allowing the attacker to conduct a man-in-the-middle attack.

ARP spoofing A DoS attack would be aimed at disrupting services rather than spoofing an ARP response, a replay attack will involve existing sessions, and a Trojan is malware that is disguised in a way that make it look harmless.

PAP, CHAP, PEAP (EAP or LEAP), RADIUS, and TACACS+ are examples of what?

Authentication protocols for data traffic (ensuring logon credentials are secured)

_______ is a means to assert that valid mail is sent by an organization through verification of domain name identity

DomainKeys Identified Mail (DKIM)

_______ boxes, which are used by phreakers, are designed to steal long-distance service by manipulating line voltages.

Black boxes Red boxes simulate tones of coins being deposited into pay phones, blue boxes were tone generators used to simulate the tones used for telephone networks, and white boxes included a dual tone, multi-frequency generator to control phone systems.

________ is a mechanism that disconnects a remote user upon initial contact and then immediately attempts to reconnect them using a predefined phone number

Callback

Ethernet networks use ________________ technology. When a collision is detected and a jam signal is sent, the hosts wait a random period of time before attempting re-transmission

Carrier Sense Multiple Access with Collision Detection (CSMA/CD)

______, which is one of the protocols used over Point to Point protocol (PPP) links, encrypts usernames and passwords. It performs authentication using a challenge response dialog that cannot be replayed.

Challenge Handshake Authentication Protocol (CHAP). Also periodically reauthenticates the remote system through an established communications sessision.

Cut and paste between virtual machines can bypass normal network-based data loss prevention tools and monitoring tools like an IDS or IPS. Thus, it can act as a ______________, allowing the transport of data between security zones

Covert channel

_____ is an attack in which the attacker alters the domain-name-to-IP-address mappings in the DNS name to redirect traffic to a rogue system, or simply perform a denial of service against the system.

DNS poisoning Hyperlink spoofing is similar - involves phishing.

A _________ line is always on and is reserved for a specific customer. Examples include T1, T3, E1, E3, and cable modems.

Dedicated line.

A ______ attack has the primary goal of preventing legitimate activity on a victimized system

Denial of Service attack Can attack either the hardware or software vulnerabilities directly or the communication (flooding) medium. Bots, zombies, agents can be used to carry out the attacks. This collectively is a botnet.

______ is an often-touted "security" improvement to PBX systems. It is designed to help manage external access and external control of a PBX by assigning access codes to users.

Direct Inward System Access (DISA). Although great in concept, is being compromised and abused by phreakers.

_________________ uses access codes assigned to users to add a control layer for external access and control of the PBX. If the codes are compromised, attackers can make calls through the PBX or even control it.

Direct System Inward Access (DISA)

S/MIME, MOSS, PEM, or PGP are security solutions that can be used to secure ______?

Emails

_____, which is an authentication framework (not an actual auth protocol), allows customized authentication security solutions, such as smart cards, tokens, and biometrics.

Extensible Authentication Protocol (EAP).

True or False: A brute-force is considered a denial of service

False

True or False: Bluetooth provides for strong encryption

False. Bluetooth should only be used for activities that are not confidential. Bluetooth PINs are often four-digit codes that pften default to 0000. Turning it off and ensuring that your devices are not in discovery mode can help prevent Bluetooth attacks.

True or False: Spam is so difficult to stop because it requires little expertise.

False. It is difficult to stop because the source address (source of the messages) is usually spoofed.

True or False: The following IP address is a private IP address as defined by RFC 1918: 169.254.1.119

False. The 169.254.x.x subnet is in the APIPA range, which is not part of RFC 1918. The addresses in RFC 1918 are: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255

True or False: PPTP, L2F, and L2TP operate at the network layer (3)

False. They operate at layer 2 (Data Link). Common VPN protocols.

True or False: Backup methods typically should be discussed with end users in regard to email retention policies

False. It is not an important factor to discuss with end users. Privacy, Auditor Review, and Length of Retainer however should be discussed with end users.

True or False: L2F, L2TP, IPsec, PPTP all offer native data encryption

False. Only IPsec includes native data encryption

True or False: Serial Line Internet Protocol (SLIP) is used prevalently today

False. PPP replaced SLIP.

True or False: NAT operates at layer 2

False: Network Address Translation operates at layer 3 - Network NAT is part of a number of hardware devices and software products, including firewalls, routers, gateways, and proxies.

________ is a layer 2 connection mechanism that uses packet-switching technology to establish virtual circuits between the communication endpoints: (1) ISDN, (2) Frame Relay, or (3) SMDS

Frame Relay. The frame relay network is a shared medium across which virtual circuits are created to provide point-to-point connections. All virtual circuits are independent of and invisible to each other.

_______ and _______ can be used to verify message integrity

Hash totals and CRC checks

_______ is a refined version of Synchronous Data Link Control (SDLC), specifically designed for serial synchronous connections. It also operates at Layer 2, offers flow control, and includes error detection and correction.

High-level Data Link Control (SDLC)

______ uses public key cryptography to provide encryption, access control, nonrepudiation, and message authentication, all using IP-based protocols

IPSec - Internet protocol security Primary use if for VPNs. Can operate in either tunnel mode or transport mode.

Authentication Header and Encapsulating Security Payload are the two primary functions of which VPN protocol?

IPsec IP Security

______ is a standards-based mechanism for providing encryption for point-to-point TCP/IP traffic

IPsec (IP Security)

SMTP, POP3, and IMAP are all what?

Internet email protocols. Internet email is inherently insecure.

_________ offers a single-sign on solution for users and provides protection for logon credentials

Kerberos Modern implementations use hybrid encryption to provide reliable authentication protection.

______ was Cisco's initial response to insecure WEP. Supported frequent reauthentication and changing of WEP keys, but is not crackable using a number of tools.

Lightweight Extensible Authentication Protocol (LEAP). PEAP is preferred.

______ can provide authentication, confidentiality, integrity, and nonrepudiation for email messages. It employs MD2 and MD5 algorithms, RSA public key encryption, and DES for authentication and encryption

MOSS (MIME Object Security Services)

_________ is the use of email as an attack mechanism. Flooding a system with messages causes a denial of service attack.

Mail-bombing

How is masquerading/impersonation different than spoofing?

Masquerading is pretending that you are someone else with legitimate authentication. Spoofing is when an entity puts forth a false identity but without any proof.

_______ protects the addressing scheme of a private network, allows the use of the private IP addresses, and enables multiple internal clients to obtain internet access through a few public IP addresses

NAT (Network Address Translation ) mechanism for converting the internal IP addresses found in packet headers into public IP addresses for transmission over the internet. Supported by many security border devices, such as firewalls, routers, gateways, and proxies.

______ is a mechanism for converting the internal IP addresses found in packet headers into public IP addresses for transmission over the internet

Network Address Translation (NAT)

A _________ line requires a connection to be established before data transmission can occur. Standard modems, DSL, and ISDN are examples.

Nondedicated line It can be used to connect with any remote system that uses the same type of nondedicated line.

______ is a standardized authentication protocol for PPP. It transmits usernames and passwords in plaintext, offers no form of encryption, and simply provides a means to transport the logon credentials from the client to the authentication server

Password Authentication Protocol (PAP)

________ is a standardized authentication protocol for PPP. It is transmits usernames and passwords in the clear. It provides no form of encryption. It simply provides a means to transport the logon credentials from the client to the authentication server.

Password Authentication Protocol (PAP)

A ________ can be described as a logical circuit that always exists and is waiting for the customer to send data

Permanent virtual circuit (PVC)

______ is a specific type of attack in which various types of technology are used to circumvent the telephone system to make free long-distance calls, to alter the function of the telephone service, to steal specialized services, or even to cause service disruptions.

Phreaking. Common tools of phreakers include black, red, blue, and white boxes.

________ is an encapsulation protocol designed to support the transmission of IP traffic over dial-up or point-to-point links. The protocol offers a wide range of communication services, including assignment and management of IP addresses, management of synchronous communications, standardized encapsulation, multiplexing, link configuration, error detection, and feature or option negotiation (Such as compression).

Point-to-Point Protocol (PPP) It was originally designed to support CHAP and PAP for authentication, however recent versions of PPP also support MS-CHAP, EAP, and SPAP. PPP replaced Serial Line Internet Protocol (SLIP).

________ is a public-private key system that uses a variety of encryption algorithms to encrypt files and email messages

Pretty Good Privacy (PGP). Independently developed product that has wide internet grassroots support.

A remote site has only one ISDN as an option for connectivity. Which type of ISDN should be obtained to get the maximum speed possible? (1) BRI, (2) PRI, or (3) D channel

Primary Rate Interface (PRI). Can use between 2 and 23 64 Kbps channelsActual speeds will be lower due to the D channel, which can't be used for actual data transmission, but PRI beats BRI's two B channels paired with a D channel for 144 Kbps of bandwidth.

_______ is an email encryption mechanism that provides authentication, integrity, confidentiality, and nonrepudiation. Uses RSA, DES, and X.509.

Privacy Enhanced Mail (PEM)

_______ encapsulates EAP in a TLS tunnel

Protected Extensible Authentication Protocol (PEAP). it is use for secure communications over 802.11 wireless connections. it can be employed on WPA and WPA-2 connections.

SKIP, SWIPE, SET, PPP, SLIP, CHAP, PAP, EAP, and S-RPC are considered what?

Protocols and mechanisms used on LANs and WANs for data communications. They can also include VPN, TLS/SSL, and VLAN

________ is used to centralize the authentication of remote dial-up connections. A network that employs this server is configured so that remote access server passes dial-up user logon credentials to the ______ server for authentication

Remote Authentication Dial-In User Service (RADIUS) The TCP version of RADIUS was designed in 2012 to take advantage of TLS encryption.

Service specific, remote control, screen scraping, and remote node operation are examples of what?

Remote access techniques

Cellular/mobile services, modems, Digital Subscriber Line (DSL), Integrated Services Digital Network (ISDN), wireless networking, satellite, and cable modems are examples of what?

Remote connectivity technology

_________ is an authentication service and is simply a means to prevent unauthorized execution of code on remote systems.

S-RPC (Secure Remote Procedure Call)

____________ supports both signed messages and a secure envelope method. While the functionality of this can be replicated with other tools, the secure envelope is specific to this concept

S/MIME. MOSS, or MIME Object Security Services, and PEM can also provide authentication, confidentiality, integrity, and nonrepudiation, while DKIM, or Domain Keys Identified Mail, is a domain validation tool.

______ (compared to PPP) offered no authentication, supported only half-duplex communications, had no error-detection capabilities, and required manual link establishment and teardown

SLIP. Serial Line Internet Protocol (SLIP).

______ is a good example of end-to-end encryption. This tool can be used to encrypt numerous plaintext utilities (such as rcp, rlogin, rexec), serve as a protocol encounter (such as with SFTP), and function as a VPN.

SSH (Secure Shell)

_______, which is a protocol that can be used to add security to email communications, offers authentication and confidentiality to email through public key encryption and digital signatures.

Secure Multipurpose Internet Mail Extension (S/MIME) Authentication is provided through X.509 digital certificates. Privacy is provided through public key encryption. Two types of messages can be formed: (1) signed messages - which offer integrity, sender authentication, and nonrepudiation, and (2) secured enveloped messages - which offer integrity, sender authentication, and confidentiality.

__________ is an encryption protocol developed by Netscape to protect communications between a web server and a web browser

Secure Sockets Layer (SSL). It can be used to secure web email, File Transfer Protocol (FTP), or even Telnet traffic. Session oriented protocol that is superseded by TLS (Transport Layer Security).

A _________ can be the division between one secured area and another secured area. It can also be the division between a secured area and an unsecured area.

Security boundary. Must be addressed in a security policy.

_______ operates by checking that inbound messages originate from a host authorized to send messages to owners.

Sender Policy Framework (SPF) used to protect against spam and email spoofing.

_________ is a cryptographic protocol that provides end-to-end encryption for voice communications, videoconferencing, and text message service

Signal Protocol It is nonfederated and is the core element in the message app Signal.

The email infrastructure employed on the internet primarily consists of __________ email servers using to accept messages from clients, transport those messages to other servers, and deposit them into a user's server-based inbox.

Simply Mail Transfer Protocol (SMTP) Clients retrieve email from their inboxes using Post Office Protocol 3 (POP3) or Internet Message Access Protocol (IMAP).

__________ is a means by which an unknown person gains the trust of someone inside your organization by convincing employees that they are, for example, associated with upper management, technical support, or the help desk

Social engineering The primary countermeasure for this sort of attack is user training.

The process of using MAC address is called __________

Spoofing. Spoofing a MAC address already in use on the network can lead to an address collision, preventing traffic from reaching one or both systems.

_______ NAT maintains information about communication sessions between clients and external systems

Stateful NAT

_______ is used on permanent physical connections of dedicated leased lines to provide connectivity for mainframes. It uses polling and operates at Layer 2.

Synchronous Data Link Control (SDLC)

True or False: NAT does not protect against or prevent brute-force attacks

True NAT does however (which are all benefits): - Hide the internal IP addressing scheme - share a few public internet addresses with a large number of internal clients - Use private IP addresses from RFC 1918 on an internal network

True or False: The most common security issue that a traditional PBX (used for voice communication) and internal communications are likely to face is eavesdropping. Physical security is the best solution to prevent hthis

True Traditional PBX systems are vulnerable to eavesdropping because voice communications are carried directly over copper wires. Since standard telephones don't provide encryption, physically securing access to the lines and central connection points is the best strategy available.

_________ is an alternative to RADIUS. Integrates authentication and authorization processes.

Terminal Access Controller Access-Control System (TACACS+) TACACS+ is the most current and relevant version of this product line.

The _____________ protocol is used by PPP servers to authenticate remote clients. It encrypts both the username and password and performs periodic re-authentication while connected using techniques to prevent replay attacks (challenge/response dialog).

The Challenge-Handshake Protocol (CHAP)

True or False: A lot of organizations are using Secure SMTP over TLS nowadays, however it is not as widespread as it should be based on lack of awareness

True Will attempt to encrypted connect with every other email server that supports it, otherwise it will downgrade to plaintext.

True or False: IPsec is commonly used as a security mechanism for L2TP

True. L2TP also supports TACAS+ and RADIUS.

True or False: Multilayer protocols like DNP3 allow SCADA and other systems to use TCP/IP-based networks to communicate

True. Many SCADA devices were never designed to be exposed to network, and adding them to a network can pose significant risks.

True or false: PPP and SLIP provide link governance for dial-up connections

True. PPP with full duplex. Can support any LAN protocol, not just TCP/IP.

VPNs, SSLm TLS, SSH, IPsec and Layer 3 Tunneling Protocol (L2TP) are examples of what?

Transmission protection for remote connectivity needs

_______ functions in the same general manner as SSL, but it uses stronger encryption and authentication protocols

Transport Layer Security (TLS). Can be implemented at lower layers, such as at layer 3 to operate as a VPN. Can also be used to encrypt UDP and SIP connections.

True or False: A three-tier firewall design separates three distinct protected zones and can be accomplished with a single firewall that has multiple interfaces

True

True or False: Most WAN technologies require a channel service unit/data service unit (CSU/DSU), sometimes called a WAN switch.

True

True or False: Normal private branch exchange (PBX) or POTS/public switched telephone network (PSTN) voice communications are vulnerable to interception, eavesdropping, tapping, and other exploitations.

True

True or False: POTS and PSTN refer to traditional landline telephone communications.

True

True or False: Security controls should be transparent to users.

True

True or false: signals for cordless phones are rarely encrypted and thus can be easily monitored

True

True or False: Bluesnarfing targets the data or information on Bluetooth-enabled devices

True Blue jacking occurs when attackers send unsolicited messages via Bluetooth.

True or False: A category 3 UTP cable is primarily used for phone cables and was also used for early Ethernet networks where it provided 10 Mbps of throughput.

True Cat 5 cable provides 100 Mbps (1000 Mbps if Cat 5e). Cat 6 cable can also provide 1000 Mbps.

True or False: Sensitive information contained in faxes should not be left in a public area. Disabling automatic printing will help prevent unintended viewing of the faxes. Further purging local memory after the faxes are printed will ensure that unauthorized individuals can't make additional copies of faxes

True Encryption would help keep the fax secure during transmission, but won't help with the public location and accessibility of the fax machine itself.

True or False: While virtual machine escape has only been demonstrated in laboratory environments, the threat is best dealt with by limiting what access to the underlying hypervisor can provide to a successful tracker. Segmenting by data types or access levels can limit the potential impact of a hypervisor compromise.

True If attackers can access the underlying system, restricting the breach to only similar data types or systems will limit the impact. Escape detection tools are not available on the market.

True or False: Fax security is primarily based on using encrypted transmission or encrypted communication lines to protect faxed materials.

True. The primary goal is to prevent interception. Activity logs and exception reports can be used to detect anomalies in fax activity that be could be symptoms of attack.

True or False: Network segmentation can reduce issues with performance as well as diminish the chance of broadcast storms by limiting the number of systems in a segment.

True. This decreases broadcast traffic visible to each system and can reduce congestion.

True or False: Frame relay supports multiple Permanent virtual circuits (PVCs) over a single carrier WAN connection

True. Unlike X.25. It is a packet-switching technology that provides a Committed Information a Committed Information Rate (CIR), which is a minimum bandwidth guarantee provided by the service provider to customers. Frame Relay requires a DTE/DCE at EACH connection point, with the DTE providing access to the Frame Relay network, and a provider-supplied DCE, which transmits the data over the network. - data circuit-terminating equipment (DCE) - data terminal equipment (DTE)

True or False: WEP's implementation of RC4 is weakened by its use of static common key and limited amount of initialization vectors

True. WEP does not use asymmetric encryption, and clients do not select encryption algorithms,

True or False: An intermediary network connection is required for a VPN link to be established between two systems.

True. (1) Two systems on the same LAN, (2) A system connected to the internet and a LAN connected to the internet, and (3) Two distance internet-connected LANs can all be linked over a VPN.

True or False: Logical or technical controls, administrative controls, and physical controls are countermeasures to PBX fraud and abuse that should be employed.

True. Same as those that would be employed to protect a typical computer network.

True or False: Endpoint security solutions face challenges due to the sheer volume of data that they can create. When each workstation is generating data about events, this can be a massive amount of data.

True. This is the most common challenge for endpoint system security deployments. Endpoint security solutions should reduce the number of compromises when properly implemented

_______ is the encapsulation of a protocol-deliverable message within a second protocol

Tunneling The second protocol often performs encryption to protect the message contents

________ is a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an intermediary untrusted network.

VPN

PPTp, L2F, L2TP, and IPsec are the most common protocols for ___________

VPN TLS is also used for an increasingly large percentage of VPN connections and may appear at some point in the CISSP exam.

Common protocols of ______ are PPtP, L2F, L2TP, and IPsec

VPNs

_______ are based on encrypted tunneling. They can offer authentication and data protection as a point-to-point solution

VPNs

One of the visibility risks of ____________ is that communication between servers and systems using virtual interfaces can occur "inside" of the virtual environment

Virtualization This means that visibility into traffic in the virtualization environment has to be purpose built as part of its design

______ is at risk for caller ID spoofing, vishing, SPIT, call manager software/firmware attacks, phone hardware attacks, DoS, MitM, spoofing, and switch hopping

VoIP

SPIT attacks target which technologies: (1) Web services, (2) VoIP systems, or (3) Secure Process Internal Transfers

VoIP systems Stands for Spam over Internet Telephony and targets VoIP systems.

x.25, Frame Relay, ATM, SMDS, SDH, and SONET are examples of what?

WAN technologies. Some WAN connection technologies require additional specialized protocols to support various types of specialized systems or devices.