INT-2690: CISSP Chapter 4 Communication and Network Security Questions
Which best describes the IP protocol?
A connectionless protocol that deals with the addressing and routing of packets
Which of the following proxies cannot make access decisions based upon protocol commands?
Circuit
An effective method to shield networks from unauthenticated DHCP clients is through the use of _______________ on network switches.
DHCP snooping
Which of the following is the best countermeasure for the attack type addressed in the scenario?
DNSSEC
Which of the following is the best countermeasure that John's team should implement to protect from improper caching issues?
DNSSEC
Which of the following shows the layer sequence as layers 2, 5, 7, 4, and 3?
Data link, session, application, transport, and network
Which of the following is not a characteristic of the Protected Extensible Authentication Protocol?
Designed to support password-protected connections
What takes place at the session layer?
Dialog control
Which of the following is the best and most cost-effective countermeasure for Grace's team to put into place?
Disallowing unnecessary ICMP traffic coming from untrusted networks
What type of client ports should Don make sure the institution's software is using when client-to-server communication needs to take place?
Dynamic
Which of the following solutions is best to meet the company's need to protect wireless traffic?
EAP-TTLS
What takes place at the data link layer?
Framing
What should Tom's team implement to provide source authentication and data encryption at the data link level?
IEEE 802.1X
Wireless LAN technologies have gone through different versions over the years to address some of the inherent security issues within the original IEEE 802.11 standard. Which of the following provides the correct characteristics of Wi-Fi Protected Access 2 (WPA2)?
IEEE 802.1X, EAP, CCMP
Which of the following provides an incorrect definition of the specific component or protocol that makes up IPSec?
Internet Key Exchange provides authenticated keying material for use with encryption algorithms.
How does TKIP provide more protection for WLAN environments?
It adds more keying material.
Why are switched infrastructures safer environments than routed networks?
It is more difficult to sniff traffic since the computers have virtual private connections.
Which of the following is not a characteristic of the IEEE 802.11a standard?
It provides 52 Mbps in bandwidth.
Which of the following is the best type of fiber that should be implemented in this scenario?
Multimode
Which of the following is not one of the stages of the DHCP lease process?
None of Them
Charlie uses PGP on his Linux-based email client. His friend Dave uses S/MIME on his Windows-based e-mail. Charlie is unable to send an encrypted email to Dave. What is the likely scenario?
PGP and S/MIME are incompatible
Which of the following best describes why Sean's team wants to put in the mentioned countermeasure for the most commonly attacked systems?
Reduce DoS attack effects
Alice wants to send a message to Bob, who is several network hops away from her. What is the best approach to protecting the confidentiality of the message?
S/MIME
Which of the following is the best countermeasure to put into place to help reduce the threat of network sniffers viewing network management traffic?
SNMP v3
What should Don's team put into place to stop the masquerading attacks that have been taking place?
SRPC
Which of the following is a cost-effective countermeasure that Don's team should implement?
SYN proxy
The ______________ is an IETF-defined signaling protocol, widely used for controlling multimedia communication sessions such as voice and video calls over IP.
Session Initiation Protocol
Which of the following best describes the firewall configuration issues Sean's team member is describing?
Silent rule, negate rule
Which of the following technologies should Lance's team investigate for increased authentication efforts?
Simple Authentication and Security Layer
Which of the following is most likely taking place to allow spurious packets to gain unauthorized access to critical servers?
Source routing is not restricted
Which of the following protocols is considered connection-oriented?
TCP
Which of the following protocols work in the following layers: application, data link, network, and transport?
TFTP, ARP, IP, and UDP
Based upon the information in the scenario, what should the network team implement as it pertains to IPv6 tunneling?
Teredo should be configured on IPv6-aware hosts that reside behind the NAT device.
Metro Ethernet is a MAN protocol that can work in network infrastructures made up of access, aggregation, metro, and core layers. Which of the following best describes these network infrastructure layers?
The access layer connects the customer's equipment to a service provider's aggregation network. Aggregation occurs on a distribution network. The metro layer is the metropolitan area network. The core connects different metro networks.
Systems that are built on the OSI framework are considered open systems. What does this mean?
They are built with internationally accepted protocols and standards so they can easily communicate with other systems.
Which of the following is most likely the issue that Grace's team experienced when their systems went offline?
Three critical systems were connected to a single-attached station.
Which of the following technologies integrates previously independent security solutions with the goal of providing simplicity, centralized control, and streamlined processes?
Unified Threat Management
Which of the following can take place if an attacker can insert tagging values into network- and switch-based protocols with the goal of manipulating traffic at the data link layer?
VLAN hopping attack
Which of the following is a bridge-mode technology that can monitor individual traffic links between virtual machines or can be integrated within a hypervisor component?
Virtual firewall
Which of the following is the best solution to meet the company's need for broadband wireless connectivity?
WiMAX
Which of the following unauthorized activities have most likely been taking place in this situation?
Zone transfer