CISSP Domain #4

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which of these protocols is NOT found on layer 3 of the OSI model? ​ IP. ICMP. IKE. IMAP.

IMAP IMAP is a layer 7 protocol. IP, IPSEC, IKE, ICMP, ... are all layer 3 protocols.

We are blocking unused ports on our servers as part of our server hardening. When we block TCP port 143, what are we blocking? ​ NetBIOS datagram service. Microsoft Terminal Server (RDP). IMAP. NetBIOS name service.

IMAP. Internet Message Access Protocol (IMAP) uses TCP port 143.

To establish a TCP session, we are using the TCP 3-way handshake. What is the correct order of the handshake? ​ 1. SYN > SYN/ACK > ACK. 2. SYN > SYN/ACK > SYN. 3. SYN/ACK > ACK > SYN. 4. SYN > ACK > ACK.

1. SYN > SYN/ACK > ACK. The 3-way handshake is client SYN > Server SYN/ACK > Client ACK.

Question 10: CorrectJane is considering using Shielded Twisted Pair (STP) copper Ethernet cables over Unshielded Twisted Pair (UTP) copper Ethernet cables. What would be a reason to consider that? ​ 1. They are less susceptible to EMI. 2. There is never a good reason to use STP over UTP. 3. They cost less. 4. They are more flexible.

1. They are less susceptible to EMI. STP (Shielded Twisted Pair): Has extra metal mesh shielding around each pair of cables, making them less susceptible to EMI, but also making the cables thicker, stiffer and more expensive.

What would happen if we are using a Bus topology in our LAN design, and a cable breaks? ​ 1. Traffic stops at the break. 2. Nothing all nodes are connected to the switch by themselves. 3. Nothing the traffic just moves the other way. 4. The traffic is redirected.

1. Traffic stops at the break. Bus: All nodes are connected in a line, each node inspects traffic and passes it along. Not very stable, a single break in the cable will break the signal to all nodes past that point, including communication between nodes way past the break. Faulty NICs (Network Interface Card) can also break the chain.

We are slowly migrating from IPv4 to IPv6. In the process we are using dual stack routers. One of your colleagues has asked how large IPv6 addresses are. What do you answer? ​ 128 bit. 256 bit. 32 bit 64 bit.

128 bit IPv6 is 128 bit in hexadecimal numbers (uses 0-9 and a-f). 8 groups of 4 hexadecimals, making addresses look like this: fd01:fe91:aa32:342d:74bb:234c:ce19:123b

At a financial steering committee meeting, you are asked about the difference between private and public IP addresses. Which of these IPs are public addresses? (Select all that apply). ​ 10.2.4.255 154.12.5.1 192.168.44.12 172.15.11.45 172.32.1.0

154.12.5.1 172.15.11.45 172.32.1.0 The easiest way to remember if an IP is private or public is to remember the 3 private ranges. Private Addresses (RFC 1918 - Not routable on the internet): 10.0.0.0 - 10.255.255.255 (10.0.0.0/8), 172.16.0.0 - 172.31.255.255 (172.16.0.0/12) and 192.168.0.0 - 192.168.255.255 (192.168.0.0/16)

A system is requesting an IP address using DHCP. How would the traffic flow look? ​ 1. Request > Offer > Acceptance > Acknowledge. 2. Discovery > Offer > Request > Acknowledge. 3. Request > Offer >Discovery > Acknowledge. 4. Request > Discovery > Offer > Acknowledge.

2. Discovery > Offer > Request > Acknowledge. DHCP (Dynamic Host Configuration Protocol) uses the Discovery > Offer > Request > Acknowledge flow. It is the protocol we use to assign IP's. Controlled by a DHCP Server for your environment.

Jane is implementing Quality of Service (QoS) on our network. Which of these is one of the KEY benefit of QOS? ​ 1. All traffic gets equal preference on the network. 2. Priority traffic (often VoIP) gets higher priority. 3. We have less traffic congestion, because we spread the traffic over multiple paths. 4. Larger data gets priority. This could be file uploads or downloads.

2. Priority traffic (often VoIP) gets higher priority. QoS (Quality of Service) gives specific traffic priority over other traffic; this is most commonly VoIP (Voice over IP), or other UDP traffic needing close to real time communication. Other non real time traffic is down prioritized; the 0.25 second delay won't be noticed.

Which of these is a layer 3 broadcast address? ​ FF:FF:FF:FF:FF:FF 255.255.255.255 0.0.0.0 127.0.0.1

255.255.255.255 Layer 3 uses IP addresses, for broadcast it uses the 255.255.255.255 broadcast IP address, routers do not pass it, they drop it.

Which layer of the Open Systems Interconnect (OSI) model isolates traffic into broadcast domains? ​ 5 4 3 1

3 Layer 3: Network Layer: Expands to many different nodes (IP) - The Internet is IP based. Isolates traffic into broadcast domains.

Looking at legacy internet speeds. What was the speed of the European E3 connections? ​ 2.048Mbps. 1.544Mbps. 34.368Mbps.​ 44.736Mbps.

34.368Mbps.​ E3 (Europe): 16 bundled E1 lines, creating a dedicated 34.368 Mbps circuit.

Which port is used by our DHCP servers to communicate with the clients? ​ 68 67 23 22

67 DHCP uses UDP Port 67 for the DHCP Server and UDP Port 68 for the Client.

In a new data center implementation, we are wanting to use IPv6 addresses. Which of these statements are TRUE about IPv6 addresses? (Select all that apply). ​ A. They use the fe80: prefix for link local addresses. B. They can use EUI/MAC48 addresses, by adding fffe in the middle of the mac address. C. They are 128 bit binary. D. They use broadcast addresses. E. They are 32-bit binary.

A. They use the fe80: prefix for link local addresses. B. They can use EUI/MAC48 addresses, by adding fffe in the middle of the mac address. C. They are 128 bit binary. IPv6 is 128-bit binary, often expressed in hexadecimal numbers (using 0-9 and a-f); for Link Local addresses we add the fe80: prefix to an address, and for EUI/MAC48 addresses we add "fffe" to make it an EUI/MAC64 address.

Who is the organization responsible for delegating IP addresses to the ISPs in Asia, Australia, New Zealand, and the Pacific? ​ ARIN. APNIC. RIPE NNC. LACNIC.

APNIC The world is divided into RIR (Regional Internet Registry) regions and organizations in those areas delegate the address space they have control over. APNIC (Asia-Pacific Network Information Centre): Asia, Australia, New Zealand, and neighboring countries.

Which organization is responsible for delegating IP address ranges to ISPs in North America? ​ APNIC. RIPE NNC. ARIN. LACNIC.

ARIN The world is divided into RIR (Regional Internet Registry) regions and organizations in those areas delegate the address space they have control over. ARIN (American Registry for Internet Numbers): United States, Canada, several parts of the Caribbean region, and Antarctica.

We are using the OSI model to categorize attacks and threats. Which of these are COMMON layer 2 threats? ​ SYN floods. Eavesdropping. ARP spoofing. Ping of death.

ARP spoofing. ARP spoofing is an attack where an attacker sends a fake ARP (Address Resolution Protocol) messages over a local area network. This results in associating the attacker's MAC address with the IP address of an authorized computer or server on our network.

We are building a new data center, and we will use the new site for real-time backups of our most critical systems. In the conduits between the demarc and the new server room, there are a lot of power cables. Which type of networking cables would be the BEST to use between the demarc and the server room? ​ Wireless.​ Coax copper.​ Fiber Ethernet. Copper Ethernet.

Fiber Ethernet. Fiber Optic Cables are not susceptible to EMI, so the cables can be run next to power cables with no adverse effects.

Which of these is a TRUE statement about the TCP protocol? ​ It is connection oriented. It is proprietary. It is always encrypted. It is connectionless.

It is connection oriented. TCP (Transmission Control Protocol): Reliable, Connection oriented, Guaranteed delivery, 3 way handshake, slower/more overhead, data reassembled.

172.32.0.0/24 is which type of IPv4 addresses? ​ Link-local. Loopback. Private. Public.

Loopback This is a public address and it is internet routable, not to be confused by the private IPv4 range of 172.16.0.0 - 172.31.255.255, we can use them on our internal network, they are not routable on the internet.

Which type of networking cables would we use in our data center if we need to avoid EMI and save on cost? ​ Single-mode fiber. COAX. Copper Ethernet. Multi-mode fiber.

Multi-mode fiber. In data centers we would use multimode fiber over single mode fiber as they are cheaper, more versatile and neither are susceptible to EMI.

We are blocking unused ports on our servers as part of our server hardening, when we block TCP/UDP port 138. Which protocol are we blocking? ​ NetBIOS datagram service. Microsoft Terminal Server (RDP). IMAP. NetBIOS name service.

NetBIOS datagram service. NetBIOS Datagram Service uses TCP/UCP port 138.

We are blocking unused ports on our servers as part of our server hardening. We have chosen to block UDP port 137. What are we blocking? ​ NetBIOS name service. IMAP. Microsoft Terminal Server (RDP). NetBIOS datagram service.

NetBIOS name service. NetBIOS Name Service uses UDP port 137 and is used for name registration and resolution.

We are blocking unused ports on our servers as part of our server hardening. If we block TCP port 110, what would we be blocking? ​ SMTP.​ POP3. HTTP. HTTPS.

POP3 Post Office Protocol, version 3 (POP3) uses TCP port 110.

Looking at these transport protocol, which of them transports files using Secure Shell (SSH)? ​ FTPS FTP. SFTP. TFTP.

SFTP SFTP (SSH /Secure File Transfer Protocol) - Uses SSH to add security to FTP.

As part of our server hardening we have chosen to block TCP port 25. What are we blocking on the servers? ​ POP3. HTTPS. SMTP. HTTP.

SMTP. Simple Mail Transfer Protocol (SMTP), uses TCP port 25, but can also use port 2525.

As part of our layered defense, and to prevent unauthorized devices on our network, we have added the MAC sticky command. Where would we configure that? Image shows from left to right: Desktop, Switch, File Server, Router, Firewall, then connected to the Internet. ​ Switch. Firewall. Desktop. File server. Router.

Switch Good switch security includes shut down unused ports, add mac-sticky and hardcode if ports are access or trunk ports. Making all ports trunk ports is a bad idea.

Which of these remote access protocol sends all data in plaintext? ​ Telnet. Command prompt. PowerShell. Secure Shell.

Telnet Telnet is used for remote access over a network. Uses TCP port 23, all data is plaintext including usernames and passwords, should not be used. Attackers with network access can easily sniff credentials and alter data and take controls of telnet sessions.

We are, as part of our server hardening, blocking unused ports on our servers. One of the ports we are blocking is TCP port 23. What are we blocking? ​ SSH. FTP data transfer. Telnet. FTP control.

Telnet. Telnet: Remote access over a network. Uses TCP port 23, all data is plaintext including usernames and passwords, should not be used. Attackers with network access can easily sniff credentials and alter data and take controls of telnet sessions.

Which of these protocols is the one Voice over IP (VoIP) PRIMARILY uses? ​ TCP UDP VIP BGP

UDP VoIP uses UDP. It is connectionless; it is better to lose a packet or two than have it retransmitted half a second later.


Conjuntos de estudio relacionados

HEALTH ASSESSMENT (NUR 104) FINAL EXAM

View Set

El uso de la letra H y las homófonas

View Set

4490 - 2: External Analysis, Industry Structure, Competitive Forces

View Set

Analyzing Word Choice and Theme in a Play

View Set

R N352 PrepU Chapter 51 - Diabetes

View Set

Micronutrients FINAL water and minerals

View Set

Hesi Quiz: Health Policy/Systems - Health Care Law

View Set

meteorology ch15 critical questions and review questions

View Set