W-13
7. Which of the following is inherently efficient and difficult to intercept in the use of wireless technologies? a. Code division multiple access, CDMA b. Time division multiple access, TDMA c. Public switched telephone network, PSTN d. Very small aperture terminal, VSAT
Choice (a) is the correct answer. CDMA is more efficient and secure than TDMA because it uses spread spectrum technology more efficiently. Instead of assigning a time slot on a single channel, CDMA uses many different channels simultaneously. CDMA is also inherently more difficult to crack because the coding scheme changes with each conversation and is given only once at the beginning of the transmission.
239. Which of the following statements about data gateways is not correct? a. Data gateways cannot standardize communication protocols b. Data gateways are devices to adapt heterogeneous clients to servers c. Data gateways absorb diversity in implementation details d. Data gateways provide access control and authentication mechanisms
Choice (a) is the correct answer. Gateways translate between incompatible protocols, such as between SNA and TCP/IP. Data gateways, then, are devices to adapt heterogeneous clients to servers (choice b). They may simply absorb diversity in implementation details (choice c) and provide access control and authentication mechanisms (choice d). It is incorrect to say that data gateways cannot standardize communication protocols.
190. Most remote faxing systems support auditing features. Which of the following audit trails is more detailed than the other? a. File names b. Time c. Phone number d. Call duration
Choice (a) is the correct answer. Remote fax support is a limited form of remote LAN access. It can take three modes of operation: incoming faxes, fax-on-demand, and outgoing fax. Most fax systems support auditing of some sort. The minimal audit trail information includes time, phone number, and call duration (choices b, c, and d). More detailed audit trails include file names and mail-related information (choice a).
55. Secure RPC provides which one of the following security services? a. Authentication b. Confidentiality c. Integrity d. Availability
Choice (a) is the correct answer. Secure RPC provides authentication services only. Confidentiality, integrity, and availability services must be provided by other means.
188. Which of the following security practices is supported by most remote control program products when accessing a host workstation on a LAN? a. Matching user ID and name with password b. Controlling reboot options c. Limiting access to local drives and directories d. Controlling file-transfer rights
Choice (a) is the correct answer. Some remote control products provide minimal security support, while others provide varying degrees of support. User-name-and-password matching and callback modem support are supported by most products. Other security mechanisms, such as the ability to limit access to local drives and directories in order to limit the use of host hardware (such as printer ports) and to control reboot options and file-transfer rights, are not widely supported.
88. The best approach against network attacks is to: a. Prevent and detect b. Detect and correct c. Prevent and correct d. Prevent and intervene
Choice (d) is the correct answer. Preventing network attacks from occurring is the first priority. This should be combined with intervening techniques to minimize or eliminate negative consequences of attacks that may occur. Detection alone is not enough, and the same applies to correction. Intervening is pro-active and action oriented, while correcting is re-active and passive-oriented.
238. Which of the following statements is true in a LAN environment? a. The gateway is responsible for returning acknowledgments b. The destination station is responsible for returning acknowledgments c. The originating station is responsible for returning acknowledgments d. Network operating system is responsible for returning acknowledgments
Choice (a) is the correct answer. A gateway is a device that connects two dissimilar LANs or that connects a LAN to a WAN, a minicomputer, or a mainframe computer. Choices (b), (c), and (d) are incorrect since the gateway is responsible for returning acknowledgments.
210. Conducting a periodic network monitoring to verify proper operation does not normally include: a. Detecting network layers b. Detecting line errors c. Detecting terminal errors d. Detecting modem errors
Choice (a) is the correct answer. A network is composed of distinct layers, which is a network design issue, with each layer providing a specific function for the network. Periodic monitoring of the network does not normally include detection of the network layers. For example, the ISO/OSI Reference Model has seven layers.application layer, presentation layer, session layer, transport layer, network layer, data link layer, and physical layer. Detecting line errors (choice b), terminal errors (choice c), and modem errors (choice d) are routinely detected and monitored to ensure proper network operations
136. Which of the following statements about port protection device (PPD) is not true? a. PPD depends on a callback system b. PPD uses a challenge-response exchange system c. PPD uses encryption d. PPDs are digital systems
Choice (a) is the correct answer. A port is a point in a network at which signals can enter or leave the network en route to or from another network. PPD is a device to protect the port from unauthorized use, as it is located between the telephone network and the modem. PPD does not depend on a callback system. Instead, it uses a DES-encrypted based, one-time password, challenge mechanism with many possible passwords due to its digital nature.
150. A port-protection device: a. Is a hardware system b. Is a software system c. Is a hybrid system d. Is same as the modem Choice
Choice (a) is the correct answer. A port-protection device (PPD), which is a hardware system, provides another layer of security prior to connecting to the host computer system. A PPD may be placed on the host end of the circuit, between the modem and the port, or between the modem and telephone set. All PPDs require the user to enter separate passwords in order to access the computer's dial-up ports.
63. Packet-switching networks use which of the following protocol standard? a. X9.63 b. X9.44 c. X9.17 d. X.25
Choice (d) is the correct answer. X.25 protocol standard is used in packet-switching networks. It operates at the network and data link levels of a communications network. X9.63 is used for key establishment schemes that employ asymmetric techniques. X9.44 is the transport of symmetric algorithm keys using reversible public key cryptography. X9.17 is used for cryptographic key management, especially for financial institution key management.
22. Which one of the following firewalls is simple, inexpensive, and quick to implement? a. Static packet filter firewall b. Dynamic packet filter firewall c. Application gateway firewall d. Stateful inspection gateway firewall
Choice (a) is the correct answer. A static packet filtering firewall is the simplest and least expensive way to stop messages with inappropriate network addresses. It does not take much time to implement when compared to other types of firewalls
177. A major design consideration for LANs that replace the "computing islands" in an organization include: a. Ensuring seamless integration b. Providing connectivity c. Providing standard software d. Allowing distribution processing
Choice (a) is the correct answer. A properly designed LAN can provide a synergistic effect as it ties together different functional areas within the organization, allowing better coordination and aiding the sharing of information and resources. LANs replace the "computing Robbins (Fall 2018) islands" so common in the workplace by providing connectivity (choice b), providing standard software (choice c), and allowing distributed processing (choice d). Computing islands mean computing is occurring in many places without any connection to each other. However, LAN integration involves more than just connecting and configuring system components. A properly designed LAN fits into an organization and connects different functional areas. Proper LAN integration ensures that the network connectivity and services are as transparent and seamless as possible. That is, the parts of the LAN combine in a way that facilitates information management.
221. Which of the following is a preventive control in a local area network environment? a. Quality program b. Change control c. Exception reports d. Alarms
Choice (a) is the correct answer. A quality program and security awareness training are examples of preventive controls. Choice (b) is incorrect because change control is an example of detective controls. Choice (c) is incorrect because exception reports are an example of corrective controls. Choice (d) is incorrect because alarms are an example of detective controls.
142. Risk control is important to minimize the potential impact of threats in a World Wide Web (Web) environment. From a web reader viewpoint, which of the following procedures are based on loss avoidance? 1. Do not download executable code 2. Do not buy goods or services over the Web 3. Do backup the system regularly 4. Do not buy software from unknown sources a. 1 and 2 b. 1 and 3 c. 3 and 4 d. 2 and 4
Choice (a) is the correct answer. A web reader is anyone who uses a web browser to access Web-based information. A web browser is a web client application that typically supports more than one web protocol. Known threats from the Web include error-prone software, impersonation, data corruption, and eavesdropping. The easiest controls to implement are those based on loss avoidance. These controls include not downloading executable code to prevent a computer virus (item 1) and not buying goods or services over the Web thus preventing cheating or fraud (item 2). Backing up the system regularly (item 3) and not buying the software from unknown sources (item 4) are examples of remedies based on loss control or mitigation. Another example of loss control is developing web applications on a stand-alone computer that is isolated from the internal network and does not contain any important data.
194. Determining what components to include in the network configuration is called a: a. Configuration identification b. Configuration control c. Configuration requirements tracing d. Configuration status accounting
Choice (a) is the correct answer. Configuration management provides a valuable baseline for controlling maintenance and enhancement activity. Configuration management typically has four major functions: identification, control, requirements tracing, and status accounting. Configuration identification determines what components to include in the configuration and develops unique identifiers for tracking individual components and adding new ones. Configuration control (choice b) imposes discipline on the change process to ensure that items changed or added to the configuration complete all the necessary testing and approval steps before inclusion. Configuration requirements tracing (choice c) ensures that the configuration changes are traceable back to user requirements either directly (e.g., a user-requested change) or indirectly (e.g., better user support through improved system performance). Configuration status accounting (choice d) reports the current status of components in the configuration as well as components undergoing change or about to be added.
108. Which of the following has both advantages and disadvantages? a. Connecting to the Internet b. Planting viruses c. Stealing corporate data d. Tinkering with configuration settings
Choice (a) is the correct answer. Connection to the Internet has both advantages and disadvantages in that it is needed to do an employee's work and at the same time it could be misused by the same person. Those intent on harming an organization may unleash a computer virus, install a rogue program designed to damage data, or trigger a future attack. Tinkering with configuration settings such as changing parameters and dates is a disadvantage if done with bad intentions, as is stealing corporate data for espionage purposes
187. Remote workstations can be used effectively with client/server applications. In addition to a modem, which of the following devices is required to operate a remote workstation? a. Remote router b. Remote bridge c. Remote brouter d. Remote repeater
Choice (a) is the correct answer. Considering and implementing remote workstation support is a relatively straightforward process. A remote workstation operates and is managed in the same fashion as a normal Robbins (Fall 2018) LAN workstation. A remote router or server-based support is required in addition to a modem. The capabilities of a single LAN are extended by connecting LANs at distant locations. Remote bridge (choice b) is incorrect because it connects two distant LANs through a long distance circuit (which is invisible to the stations on the LANs). Remote brouter (choice c) is incorrect because brouter is the result of combining the router and the bridge functions. Remote repeater (choice d) is incorrect because it simply repeats data packets between cable segments. Repeaters perform data insertion and reception functions. Repeaters exert stress on a network's bandwidth due to difficulty in isolating network traffic.
114. In a distributed computing environment, system security takes on an important role. Two types of network attacks exist: passive and active attacks. Which of the following is the best definition of active attack? a. Nonpreventable b. Preventable c. Detectable d. Correctable
Choice (a) is the correct answer. Data communication channels are often insecure, subjecting messages transmitted over the channels to passive and active threats or attacks. An active attack is where the threat makes an overt change or modification to the system in an attempt to take advantage of a vulnerability. Active attacks are nonpreventable and detectable. A passive attack occurs when the threat merely watches information move across the system and when information is being siphoned off the network. Passive attacks are preventable but difficult to detect, since no modification is done to the information and audit trails do not exist. All attacks are correctable with varying degrees of effort and cost.
178. A data communication switch that enables many computer terminals to share a single modem and a line is called a: a. Bypass switch b. Fallback switch c. Crossover switch d. Matrix switch
Choice (a) is the correct answer. Data communications switches are useful for routing data, on-line monitoring, fault diagnosis, and digital/analog testing. A switch is a mechanical, electro-mechanical, or electronic device for making, breaking, or changing the connection in or among circuits. It is used to transfer a connection from one circuit to another. There are four basic types of switches: bypass, fallback, crossover, and matrix. A bypass switch enables many terminals to share a single modem and line. A fallback switch (choice b) turns network components from on-line to standby equipment when there is a problem in the circuit. A crossover switch (choice c) provides an easy method of interchanging data flows between two pairs of communications components. With a matrix switch (choice d) a user can interconnect any combination of a group of incoming interfaces to any combination of a group of outgoing interfaces.
240. Which of the following modems protect computers from unauthorized access? a. Encrypting modems b. Regular modems c. Password modems d. Callback modems
Choice (a) is the correct answer. Encrypting modems encrypt all information transmitted and received over the telephone lines. These modems are useful against individuals attempting to gain unauthorized access as well as wiretapping. Regular modems (choice b) do not have cryptographic keys, as do the encrypting modems. Password modems (choice c) require the caller to enter a password before the modem connects the caller to the computer. Password guessing and sharing is the major problem with password modems. Callback modems (choice d) call the caller back on a predetermined telephone number. Callback modems offer a higher degree of security than regular modems, but they can be defeated by the call forwarding feature of the telephone or by not hanging up Robbins (Fall 2018) the telephone line when the computer attempts to dial back
232. Which of the following statements is not true? Intranets differ from the Groupware concept in that intranets: a. are platform-dependent b. are platform-independent c. use layered communication protocols d. are easy to set up
Choice (a) is the correct answer. Groupware is an alternative to intranets, where the former is good for document sharing, mail exchange, and group discussion. On the other hand, intranets facilitate external and internal communications more efficiently. One major advantage of the intranet over groupware is the Internet's inherent platform independence. For example, webpages written on a Macintosh computer look the same when viewed from a Sun workstation regardless of the distance between them. In addition to being easy to set up, Intranets use the concept of layered communication protocols. There are seven layers between the physical network media and the applications running on the host machines.
202. Which of the following is not a required component in providing integrated services digital network (ISDN) services? a. A modem b. A separate control channel c. A motion video picture d. A spreadsheet
Choice (a) is the correct answer. ISDN is a set of integrated telecommunications services, available over public and private telecommunications networks. The services are defined over a digital point-to-point circuit-switched medium. ISDN establishes a dedicated circuit between two machines (e.g., computers or bridges). It can transmit either packetized or asynchronous digital information without a modem, so it can be used for anything a modem can, including connecting two LANs. Choice (b) is incorrect. A key feature of ISDN is the use of a separate control channel: call setup, network management, automatic number identification (ANI, also known as Caller ID), and so forth. Choice (c) is Robbins (Fall 2018) incorrect. With ISDN, still and motion video pictures can be sent between two or more parties without the need for special conference rooms full of expensive equipment. Choice (d) is incorrect. With ISDN, many activities can take place simultaneously. This includes colleagues jointly editing a report, graphics, and/or spreadsheet data while talking on the telephone, even though they are hundreds of miles apart.
156. Which of the following network architectures is designed to provide data services using physical networks that are more reliable and offer greater bandwidth? a. Integrated services digital network (ISDN) b. Transmission control protocol/Internet Protocol (TCP/IP) c. File transfer protocol d. The open system interconnection (OSI) protocol
Choice (a) is the correct answer. ISDN was designed to provide both voice and a wide variety of data services, initially using the existing phone network. Broadband ISDN was designed to provide a more sophisticated set of services using reliable high-speed networks that can be provided using optical fiber physical networks of higher bandwidth. Both the TCP/IP and OSI (choices b and d) protocol suites are designed to provide communications between heterogeneous systems. These two platforms support applications such as file transfer (choice (c)), electronic mail, and virtual terminal protocols. Interoperability between TCP/IP and OSI cannot be accomplished without building special software, or gateways, to translate between protocols. However, these architectures were designed to provide data services using physical networks that were not always reliable and offered limited bandwidth.
174. A disadvantage of a leased line over a dial-up is: a. Reliability b. Security c. Data transfer rates d. Retransmissions Choice
Choice (a) is the correct answer. In a leased line, two computers at each end of a network are permanently connected. Both terminals and modems cannot operate with a third computer. When a leased line experiences an outage, the user must wait until the problem is corrected before transmission can restart. Choices (b), (c), and (d) are advantages of leased lines. Security is good because it does not use a public switched network. Higher data transfer rates (choice c) can be experienced due to fixed routing. Retransmissions (choice d) are low due to minimal errors during original transmission.
212. The distinguishing feature of a packet-switching network is that: a. Messages are broken up into smaller packets b. It provides data transmission only c. It provides voice transmission only d. It provides video transmission only
Choice (a) is the correct answer. In a packet-switching network, the messages, the data traffic is divided into packets, which is the distinguishing feature. Choice (b) is incorrect. Transmitting data is not the unique feature of packet switching since other networks such as circuit switching and message switching also transmit data. Robbins (Fall 2018) Choices (c) and (d) are incorrect. Integrated Services Digital Networks (ISDN) combined with packet switching can handle data, voice, and video transmissions.
154. Telecommuting from home requires special considerations to ensure integrity and confidentiality of data stored and used at home. Which of the following is not an effective control? a. Employee accountability b. Removable hard drives c. Storage encryption d. Communications encryption
Choice (a) is the correct answer. In addition to risks to internal corporate systems and data in transit, telecommuting from home raises other concerns related to whether employees are using their own computers or using computers supplied to them by the organization. Other members of the employee's household may wish to use the computer used for telecommuting. Children, spouses, or other household members may inadvertently corrupt files, introduce viruses, or snoop. Therefore, employee accountability is difficult to monitor or enforce. Choice (b) is incorrect. Removable hard drives reduces the risk if corporate data is stored on them due to their removability, which can be safely stored away. Choices (c and d) are incorrect because both storage and communication encryption provides confidentiality of data Robbins (Fall 2018) during its storage as well as in transit. Choices (b), (c), and (d) provide effective controls.
208. Which of the following is an inappropriate control over telecommunication hardware? a. Logical access controls b. Security over wiring closets c. Contingency plans d. Restricted access to test equipment
Choice (a) is the correct answer. Logical access control is a software-based control, not a hardware-based control. Security over wiring closets, circuits, transmission media, and hardware devices, and restricting access to test equipment are appropriate to protect hardware. Contingency plans to minimize losses from equipment failure or damage are important and appropriate. Choices (b), (c), and (d) are physical security controls over telecommunications hardware. They minimize risks such as physical damage or unauthorized access to telecommunications hardware.
205. A major risk involving the use of the packet-switching network technique is that: a. It is possible that packets can arrive at their destinations out of sequence b. It is not possible to vary the routing of packets depending on network conditions Robbins (Fall 2018) c. Terminals that are attached to a public data network may not have enough intelligence d. Terminals that are attached to a public data network may not have enough storage capacity
Choice (a) is the correct answer. Most packet-switching networks can vary the routing of packets depending on network conditions. Because of this, it is possible that packets can arrive at their destinations out of sequence. Terminals that are attached directly to a public data network (choices c and d) must have enough intelligence and storage capacity to be able to break large messages into packets and to reassemble them into proper sequence. A packet assembly and disassembly (PAD) facility can help accommodate intelligence and storage problems.
118. Secure gateways block or filter access between two networks. Which of the following benefits resulting from the use of secure gateways is not true? a. Secure gateways prevent the spread of computer viruses b. Secure gateways reduce risks from malicious hackers c. Secure gateways reduce internal system security overhead d. Secure gateways can centralize management services
Choice (a) is the correct answer. Questions frequently arise as to whether secure gateways (also known as firewalls) prevent the spread of viruses. In general, having a gateway scan transmitted files for viruses requires more system overhead than is practical, especially since the scanning would have to handle many different file formats. Secure gateways allow internal users to connect to external networks and at the same time prevent malicious hackers from compromising the internal systems (choice b). In addition to reducing the risks from malicious hackers, secure gateways have several other benefits. They can reduce internal system security overhead, since they allow an organization to concentrate security efforts on a limited number of machines (choice c). Another benefit is the centralization of services. A secure gateway can be used to provide a central management point for various services, such as advanced authentication, e-mail, or public dissemination of information. Having a central management point can reduce system overhead and improve service (choice d).
199. Telecommuting can be effectively facilitated by which of the following? a. Integrated services digital network b. Regular modems c. Facsimile/modems d. Intelligent modems
Choice (a) is the correct answer. Telecommuting allows employees to work at a desktop computer at home. Integrated services digital network (ISDN) can be considered as an "intermediate" step between the current analog local loop and the use of fiber optics. Because of the cost of deploying fiber, it may take a long time before homes are connected. ISDN is cheaper than fiber, can be deployed sooner, and while its capacity is only a fraction of fiber's, represents a significant improvement over the current analog local loop. To connect to the office computers, employees need a device called a modem, which lets them send digital computer data over the analog local loop. ISDN provides higher bits per second channels than modems. This would allow videoconferencing of reasonable quality, faster transfer of graphics information, and better quality fax transmission. It would also permit much-improved access to the Internet for home users. Regular modems (choice b), facsimile/modems (choice c), and intelligent modems (choice d) do not have the "bits per second channel" capacity as that of ISDN. A modem is a device that modulates and demodulates. Modems are primarily used for converting digital signals into quasi-analog Robbins (Fall 2018) signals for transmission over analog communication channels and reconverting the quasi-analog signals into digital signals. Facsimile/modem (choice c) combines the features of fax and modem. Intelligent modems (choice d) have intelligence to them by adding random-access memory, read-only memory, and erasable programmable readonly memory. Some major functions of intelligent modems include automatic dialing, negotiation of the method of modulation used to communicate with a distant modem, error detection and correction operations to ensure data integrity, and responses to status requests. Regular modems (choice b) do not have the intelligence so that they cannot perform fax operations.
167. When constructing the communications infrastructure for moving data over a local-area network, the major implementation choices involve decisions about all of the following except: a. Terminal controllers b. Repeaters c. File servers d. Bridges
Choice (a) is the correct answer. Terminal controllers are used in wide area networks in accessing mainframe computers. Repeaters (choice b), file servers (choice c), and bridges (choice d) are used in local area networks. The controller is a logic device. It directs all the tasks that the terminal must perform to convert, for example, a keystroke into a sequence of bits for transmission on the communications link. The terminal controller is either hard wired or programmable so that its functions and tasks can be suited to one or several applications. One of its simpler tasks is to handle the signals that govern the input or output device. Repeaters (choice b) offer the simplest form of connectivity. They merely generate or repeat data packets or electrical signals between cable segments. They receive a message and then retransmit it, regenerating the signal at its original strength. File servers (choice c) are incorrect. They send and receive data between a workstation and the server. A file server is the heart of a LAN and its primary purpose is to make files, printers, and plotters Robbins (Fall 2018) available to users. The file server would have to transfer the entire file across the network in order to process it. In a file server approach, each workstation has to provide the services of both a front end and a back end. Bridge (choice d) is incorrect because it is a device that connects similar or dissimilar LANs together to form an extended LAN. It can also connect LANs and WANs. Bridges are protocol independent devices and are designed to store and then forward frames destined for another LAN.
206. Which of the following layers of the ISO/OSI Reference Model addresses a "deadlock" situation? a. Network b. Application c. Session d. Transport
Choice (a) is the correct answer. The ISO/OSI Reference Model layer No.3, network layer, handles deadlock, along with other functions. It provides routing services to establish connections across communications networks. Choice (b) is incorrect because the application layer handles data flow modeling, etc. It provides services directly to users such as file transfer protocols. Choice (c) is incorrect because the session layer handles dialog management, etc. It establishes, manages, and terminates connections between applications. Choice (d) is incorrect because the transport layer handles protocols, etc. It ensures error-free, in-sequence exchange of data between end points.
236. The most important element of Intranet security is: a. Monitoring b. Encryption c. Authentication d. Filtering
Choice (a) is the correct answer. The basic elements of Intranet security tools are encryption, authentication, and filtering. For example, encryption may use pretty good privacy (PGP) for encrypting e-mail, digital certificates for code signing, and site certificates for Secure Socket Layers securing of intranet servers. Authentication deals with user and group specific access. Filtering deals with the Remote Windows Sockets server that doubles as a firewall. In addition to the use of these tools, vigilant monitoring of all network connections is required on a regular basis. Each time a new feature is added to a network, the security implications should be reviewed.
213. Which of the following layers of the ISO/OSI Reference Model handles "error detection and correction?" a. Data link b. Physical c. Network d. Application
Choice (a) is the correct answer. The data link layer addresses protocols, models, error detection and correction, etc. It provides reliable transfer of data across physical links, error and flow control, link level encryption and decryption, and synchronization. Choice (b) is incorrect because the physical layer addresses transmission media, medium access, etc. It provides transmission of unstructured bit streams over the communications channel. Choice (c) is incorrect because the network layer addresses deadlocks, etc. It provides routing services to establish connections across communications networks. Choice (d) is incorrect because the application layer addresses data flow modeling and file management, etc. It provides services directly to users such as file transfer protocols
241. Which one of the following ISO/OSI layers provide confidentiality, authentication, and data integrity services? a. Network layer b. Presentation layer c. Session layer d. Physical layer
Choice (a) is the correct answer. The network layer is responsible for transmitting a message from source to estination. It provides routing (path control) services to establish connections across communications networks. Therefore, it requires confidentiality, authentication, and data integrity services to achieve this goal. Presentation layer (choice b) is incorrect because it provides authentication and confidentiality services, but not data integrity. The presentation layer defines and transforms the format of data to make it useful to the receiving application. Session layer (choice c) is incorrect because it does not provide any security-related services. It establishes, manages, and terminates connections between applications and provides checkpoint recovery services. It helps users interact with the system and other users. Physical layer (choice d) is incorrect because it provides confidentiality service only. The physical layer provides for the transmission of unstructured bit streams over the communications channel. It is the innermost software that handles the electrical interface between a terminal and a modem.
162. Network designers must be able to predict network performance if they are to optimize a network. The probability of a lost call is referred to as: a. Grade of Service b. Throughput c. Availability d. Reliability
Choice (a) is the correct answer. The purpose in predicting network performance is to determine the equipment, circuits, and topology required to satisfy users' requirements in such performance areas as response time, throughput, availability, and reliability. The probability of a lost call is referred to as grade of service. A call is lost if a call attempt results in a busy signal, and if the called system does not permit the caller to camp on the called device. A caller camps on a device when his call is placed in a queue and is answered when a device becomes available. Throughput (choice b) is incorrect because it measures how much user information can be transmitted over a network or circuit by a device. It can be expressed as a percent of circuit capacity. Availability (choice c) is incorrect because it is the probability that service will be available when it is required. Reliability (choice d) is incorrect because it is the probability that a system will operate without failure for a specified time period.
195. Which of the following network topologies is best suited where each terminal has a large volume of data traffic and must operate at a high data rate on a leased line? a. Star b. Tree c. Ring d. Mixed
Choice (a) is the correct answer. The star topology is suitable where each terminal has a large volume of data traffic and must operate at a high data rate on a leased line, or each terminal has a low traffic Robbins (Fall 2018) volume and a correspondingly low connect time via the public-switched telephone network. Tree/bus topology (choice b) is incorrect due to installation of the long, single, main cable. Ring topology (choice c) is incorrect because the data is looped around the ring until it reaches the proper host computer. Mixed topology (choice d) is incorrect because of mixed structures resulting in unpredictable performance rates.
175. "If any link should fail, only the terminal on that specific link will be affected by the line outage" is true with which of the following network topologies? a. Star b. Tree c. Ring d. Mixed
Choice (a) is the correct answer. The star topology uses a central hub connecting workstations and servers. The topology facilitates the sharing of resources such as hard disks, communications devices, printers, or common data files which are located at the central node. The strength of the star topology is that when one workstation fails, all other workstations do not fail because of the central hub. Robbins (Fall 2018) Tree topology (choice b) is incorrect. A tree topology, which is a variation of bus topology, is complex where all stations receive all transmissions. A disadvantage of tree topology is that if one workstation fails, all other workstations fail because of their interdependence. Ring topology (choice c) is incorrect. The ring/loop topology interconnects nodes in a circular fashion where personal computers are connected successively forming a ring. Unlike the star topology, there is no central hub through which all traffic flows. A disadvantage of the ring topology is that if one workstation fails, all other workstations fail because of their interdependence. Mixed topology (choice d) is incorrect because it can be any combination of star, bus/tree, and ring topologies thus making it difficult to predict its performance. A tree structure can be combined with a star or stars can be combined with terminals to become a distributed or multistar structure.
122. Which of the following attacks are outside the scope of electronic-mail security programs? a. Traffic analysis b. Playback attacks c. Cryptanalytic attacks d. Key management attacks
Choice (a) is the correct answer. To prevent traffic analysis, bogus traffic is injected into real traffic, thus flooding the network channels. This increases load on the network. However, the e-mail security program cannot prevent or detect the bogus traffic. In a playback attack (choice b), an entire message is captured and played back later. To prevent playback attacks, the plaintext of each message should include some indication of the sender and recipient and a unique identifier (e.g., the date). The intruder could change the originator-name in the e-mail message. In cryptanalytic attacks (choice c), the intruder tries to break into the algorithm to find out the private key. For example, breaking the data encryption standard algorithm would allow an intruder to read any given e-mail message since the message itself is encrypted with a data encryption standard. In key management attacks (choice d), the intruder tries to get a copy of the private key file and its associated pass-phrase. It is important to run the e-mail program on a trusted machine with keys exchanged in person
113. Traffic flow confidentiality uses which of the following security controls? a. Traffic padding and address hiding b. Testwords and traffic padding c. Traffic padding and seals/signatures d. Address hiding and seals/signatures
Choice (a) is the correct answer. Traffic flow confidentiality protects against sensitive information being disclosed by observing network traffic flows. It uses traffic padding and address-hiding controls. In traffic padding, "dummy" traffic is generated to confuse the intruder. Address hiding requires that protocol header information be protected from unauthorized attack via cryptographic means. Test word is incorrect Robbins (Fall 2018) because a string of characters is appended to a transaction by the sending party and verified by the receiving party. A testword is an early-technology realization of a seal or signature used in financial transactions. A seal or signature involves cryptographically generating a value that is appended to a plaintext data item. Both testwords and seals are used to increase the data integrity of financial transactions.
182. Mobile computing is gaining popularity due, in part, to wireless LANs. Which of the following is a barrier to the use of wireless LANs? a. Cost b. Productivity c. Timeliness d. Flexibility
Choice (a) is the correct answer. Usually cost is a barrier to many, especially when low data rates cannot support newer technologies such as multimedia and client/server computing. Wireless technologies have higher start-up costs and complicated technology costs due to more components involved. In addition, wireless LANs are normally slower because they are less efficient. They are more subject to certain types of interferences than wired links and, hence, more prone to errors. Choices (b), (c), and (d) are incorrect because they are not barriers to the use of wireless LANs. Productivity (choice b), timeliness (choice c), and flexibility (choice d) are examples of the benefits of wireless LANs. Office layouts can be planned with much greater flexibility. The ability to contact employees immediately increases their productivity and responsiveness.
184. Wireless LANs operate in which of the following layers of the ISO/OSI Reference Model? a. Physical and data layers b. Data and network link layers c. Transport and presentation layers d. Application and session layers
Choice (a) is the correct answer. Wireless LANs operate in the physical layer and the data link layer of the ISO/OSI Reference Model because they define the physical characteristics and access rules for the network. The physical layer addresses areas such as frequencies used and modulation techniques employed. The data link layer deals with how the network is shared between nodes. It defines rules such as who can talk on the network and how much they can say.
139. Which of the following identifies calls originating from nonexistent telephone extensions to detect voice mail fraud? a. Antihacker software b. Call-accounting system c. Antihacker hardware d. Toll-fraud monitoring system
Choice (b) is the correct answer. A call-accounting system can indicate calls originating from nonexistent "phantom" telephone extensions or trunks. Unused telephone extensions and uncontrolled maintenance ports are the reasons for voice-mail fraud. Callaccounting systems provide hacking patterns. Antihacker software and hardware (choices a and c) can provide multi-level passwords and a self-destruct feature that lets users delete all messages in their mailboxes if they forget their password. Toll-fraud monitoring systems (choice d) allow one to catch the voice hacker quickly as the fraud is taking place.
166. Which of the following operates through several layers of the ISO/OSI Reference Model? a. Bridge b. Gateway c. Router d. Repeater
Choice (b) is the correct answer. A gateway is a communications device that provides a translation service for the data on one network and the format required by a host application on another network. To provide this translation capability, a gateway normally operates in any layer from 4 to 7 of the ISO/OSI Reference Model. A bridge (choice a) operates at the data link layer of the ISO/OSI Reference Model and is used to join segmented LANs. A bridge examines the source addresses in frames flowing on the LAN connected to one of its ports. A router (choice c) operates at the network layer and uses network addresses to make routing decisions. A repeater (choice d) operates at the physical layer of the model and is transparent to data content. A LAN's cable length can be extended by using a repeater.
225. Which of the following is not a major advantage of a leased line over a public (switched) line? a. Lower cost due to high usage b. Higher cost due to high usage c. Low error rates d. Less noise and distortion
Choice (b) is the correct answer. A leased line offers a permanent or semi-permanent connection between the transmitting machines. Lower cost due to high usage (choice a), no switching delay, low error rates (choice c), and less noise and distortion (choice d) are the major advantages of a leased line over the public (switched) line. Robbins (Fall 2018) Higher cost due to high usage (choice b) is incorrect since it pays a fixed fee regardless of the actual usage.
163. When constructing the communications infrastructure for moving data over a wide-area network, the major implementation choices involve decisions about all of the following except: a. Multiplexers b. Network interface cards c. Concentrators d. Front-end processors
Choice (b) is the correct answer. A network interface card is used in implementing local-area networks (LANs), not WANs. It is a device used primarily within a LAN to allow a number of independent devices, with varying protocols, to communicate with each other. This communication is accomplished by converting each device protocol into a common transmission protocol. Choice (a) is incorrect. A multiplexer is a device that combines the functions of multiplexing and demultiplexing of digital signals. It combines two or more information channels onto a common transmission medium. Robbins (Fall 2018) Choice (c) is incorrect. A concentrator is a device that connects a number of circuits, which are not all used at once, to a smaller group of circuits for economy. It usually provides communication capability between many low-speed, usually asynchronous, channels and one or more high-speed, usually synchronous channels. Different speeds, codes, and protocols can be accommodated on the low-speed side. The low-speed channels operate in contention and require buffering. A concentrator permits a common path to handle more data sources than there are channels currently available within the path. Choice (d) is incorrect. A front-end processor is a programmed-logic or stored-program device that interfaces data communication equipment with the input/output bus or memory of a data processing computer.
193. Network management, operations, and user support for large distributed system together represent a complex undertaking. Which of the following issue increases the complexity of network management? a. Multiple topologies b. Multiple transmission media c. Multiple protocols d. Multiple access
Choice (b) is the correct answer. A number of issues affect network management in a large distributed system. They result from multiple network topologies (i.e., structures), multiple transmission media (e.g., wiring), multiple protocols (i.e., rules that govern communications across a network), and multiple network owners. Increases in the number of transmission media increase the complexity of large distributed system network management. For example, each medium may require different protocols, equipment, and software, with additional expertise in a network administrator. An increased number of transmission media may complicate the standardization of management procedures across a large distributed system. Using different transmission media may result in different costs, system reliability, or performance. A number of network "owners" may support a large distributed system. The sense of ownership can result from a variety of factors, including different organizations involved, functionality included, and geographic areas covered. Increases in the number of owners increase the complexity of network management due to coordination and communication required. Choices (a), (c), and (d) are incorrect. A topology is a pattern of interconnection between nodes (i.e., end points) in a network. A large distributed system may require the use of one or more topologies to Robbins (Fall 2018) support the varying needs of subsystems, organizations, and individual users or to accommodate existing network architectures. Factors to consider include applications supported, robustness required, network architecture supported, protocols required, and local and remote connections needed. Multiple protocols establish the rules that govern data transmission and generally cover the method to represent and code data, the method to transmit and receive data, and the method of nonstandard information exchange. Multiple access is a scheme that allows temporary access to the network by individual users, on a demand basis, for the purpose of transmitting information. Multiple topologies and protocols are a necessary part of the infrastructure and are dictated by multiple transmission media and network owners.
180. A sophisticated network line monitoring device is a(n): a. Line monitor b. Protocol analyzer c. Voltmeter d. Oscilloscope
Choice (b) is the correct answer. A protocol analyzer is a sophisticated networking line monitoring tool because it traps data, simulates predefined activity, or performs statistical analysis of line activity. A line monitor (choice a) is incorrect because it is a passive device that enables users to display line activity as it occurs or after the fact. In other words, the line monitor is not as sophisticated a device as is the protocol analyzer. Voltmeter (choice c) is incorrect because it measures the direct current (dc) voltages on the interface leads. Oscilloscope (choice d) is incorrect because it permits viewing of activity and wave-shapes on data and clock lines. Both voltmeter and oscilloscope are examples of digital signal monitoring devices.
191. An on-line testing device to check for degradation of network service is called a(n): a. Line monitor b. Protocol analyzer c. Voltmeter d. Oscilloscope
Choice (b) is the correct answer. A protocol analyzer is a valuable tool for on-line testing of service degradation. Problems found during such tests can be corrected before they cause costly breakdowns. Line monitors (choice (a)) cannot print or display without a decoding mechanism. Voltmeter and oscilloscope (choices c and d) are more batch measuring devices, not on-line testing devices.
112. Which of the following would be inherently in conflict with a traffic padding security mechanism? a. Security labels and data splitting b. Packet-switching network and local-area network c. Packet-switching network and security labels d. Local-area network and data splitting
Choice (b) is the correct answer. A traffic-padding security mechanism provides security services such as traffic flow confidentiality. It involves collecting and transmitting spurious cases of communication and data and is used in conjunction with encryption so that "dummy" data is separated from the real data. A packet-switching network is in conflict with the traffic-padding security mechanism because it divides the data traffic into blocks, called packets. These packets, a group of binary digits, are delivered to the destination address in a data envelope. Because of a routing function used in packet switching, it is possible that packets can reach their destination out of sequence. The intended traffic-padding security mechanism will not be achieved with the use of a packet-switching network. A local-area network refers to a network that interconnects systems located in a small geographic area, such as a building or a complex of buildings (campus). Traffic padding operates a network up to its full capacity thereby curtailing the resource-sharing potential of the LAN. Security label is a designation assigned to a system resource such as a file, which cannot be changed except in emergency situations. Security labels protect the confidentiality of data. Similarly, data splitting increases the confidentiality of data where the file is broken up into two or more separate files so that an intruder cannot make any sense out of them. The separate files are then transferred independently via different routes and/or at different times.
111. An attack that attempts to exploit a weakness in a system at a level below the developers' design level (such as through operating system code versus application code) is called a(n): a. Technical attack b. Tunneling attack c. Nak attack d. Active attack
Choice (b) is the correct answer. A tunneling attack attempts to exploit a weakness in a system that exists at a level of abstraction Robbins (Fall 2018) lower than that used by the developer to design the system. For example, an attacker might discover a way to modify the microcode of a processor that is used when encrypting data, rather than attempting to break the system's encryption algorithm. Preventing a tunneling attack can be very costly. A technical attack (choice a) is perpetrated by circumventing or nullifying hardware and software protection mechanisms, rather than by subverting system personnel or other users. A nak attack (choice c) capitalizes on a potential weakness in an operating system that does not handle asynchronous interrupts properly and thus leaves the system in an unprotected state during such interrupts. An active attack (choice d) alters data by bypassing security controls on a computer system.
119. Attacks by hackers pose major problems. Which of the following control techniques prevent hackers from trying to login to computer systems? a. Access control lists and smart tokens b. Dial-back modems and firewalls c. Access control lists and dial-back modems d. Dial-back modems and smart tokens
Choice (b) is the correct answer. Access controls are needed to protect the authentication database. Identification and authentication is often the basis for access controls. Dial-back modems and firewalls can help prevent hackers from trying to log-in. When used for authentication, a smart token is another example of authentication based on something a user possesses (i.e., the token itself). A smart token typically requires a user to also provide something the user knows (i.e., a PIN or password) in order to "unlock" the smart token for use. Smart tokens would not be applicable to hackers since they would not have them. Access control lists refer to a register of users who have been given permission to use a particular system resource and the types of access they have been permitted. Hackers are good at breaking into access control lists. Access control lists and smart tokens are mostly applicable to insiders, not outsiders such as hackers.
223. Which of the following establishes accountability in a local-area network environment? a. Network monitoring tools b. Access logs c. Lock and key systems d. Card key systems
Choice (b) is the correct answer. Access logs along with user IDs and passwords provide a reasonable amount of accountability in a LAN environment since user actions are recorded. Network monitoring tools (choice a) are an example of a detective control used by network management. As such they do not show any accountability of the user. They watch the network traffic and develop trends. Lock and key systems (choice c) and card key systems (choice d) are examples of preventive controls as a part of physical security. Keys can be lost or stolen, and, therefore, accountability is difficult to prove and control
237. Security mechanisms implement security services. Which of the following security mechanisms does not implement the "confidentiality" security service? a. Encryption b. Access control c. Traffic padding d. Routing control
Choice (b) is the correct answer. An access control security mechanism provides access control security service only. This mechanism controls access to authenticated entities to resources. They may be based upon security labels (tags), the time of attempted access, the route of attempted access, and the duration of access. Encryption (choice a) is incorrect because it implements confidentiality security service. Encryption refers to cryptographic technology using keys. Two classes of encryption exist: symmetric (using secret key) and asymmetric (using public key). Traffic padding (choice c) is incorrect because it provides confidentiality services. It is observation of traffic patterns, even when enciphered, which may yield information to an intruder. This mechanism may be used to confound the analysis of traffic patterns. Routing control (choice d) is incorrect because it provides confidentiality service. With routing control, routes can be chosen so as to use only secure links in the communication line.
243. Which one of the following ISO/OSI layers provides nonrepudiation services? a. Presentation layer b. Application layer c. Transport layer d. Data link layer
Choice (b) is the correct answer. Application layer provides nonrepudiation services, meaning that entities involved in a communication cannot deny having participated. It is a technique that assures genuine communication and that cannot subsequently be refuted. Presentation layer (choice a) is incorrect because it provides authentication and confidentiality services, but not non-repudiation. The presentation layer defines and transforms the format of data to make it useful to the receiving application. It provides a common means of representing a data structure in transit from one end system to another. Transport layer (choice c) is incorrect because it provides confidentiality, authentication, data integrity, and access control services, but not non-repudiation. It ensures error-free, in-sequence exchange of data between end points. It is responsible for transmitting a message between one network user and another. Data link layer (choice d) is incorrect because it provides confidentiality service, but not non-repudiation. Data link layer provides reliable transfer of data across physical links, error flow control, link level encryption and decryption, and synchronization. It handles the physical transmission of frames over a single data link.
151. Network security and integrity do not depend on which of the following combination controls? a. Logical access controls b. Application system controls c. Hardware controls d. Procedural controls
Choice (b) is the correct answer. Application system controls include data editing and validation routines to ensure integrity of the system. It has nothing to do with the network security and integrity. Choices (a), (c), and (d) are incorrect. Logical access controls prevent unauthorized users from connecting to network nodes or gaining access to applications through computer terminals. Hardware controls include controls over modem usage, the dial-in connection, and the like. A public-switched network is used to dial into the internal network. Modems enable the user to link to a network from a remote site through a dial-in connection. Procedural controls include (1) limiting the distribution of modem telephone numbers on a need-to-know basis, (2) turning the modem off when not in use, and (3) frequent changes of modem telephone numbers.
170. Which of the following design objectives is most important for a local area network? a. Security b. Availability c. Throughput d. Responsiveness
Choice (b) is the correct answer. Availability is the ratio of the total time a functional unit is capable of being used during a given interval to the length of the interval. It is the time during which a functional unit can be used. What good are security, throughput, and response time if the system is shutdown, that is, not available. Therefore, system availability is the most important objective for a LAN or any other network.
157. Which of the following is a simple networking device that interconnects two or more local area networks (LANs)? a. Routers b. Bridges c. Gateways d. Routers
Choice (b) is the correct answer. Bridges are simple networking devices that interconnect two or more LANs. Bridges operate at the lowest network level such as data link layer of the OSI model. Routers (choice a) are sophisticated networking devices that interconnect and regulate traffic flow between two or more LANs. Gateways (choice c) serve to interconnect dissimilar networks. Brouters (choice d) have the combined features of routers and bridges.
140. Which of the following voice-mail fraud prevention controls can be counter-productive and at the same time counterbalancing? 1. Turning off direct inward system access (DISA) ports during nonworking hours 2. Separating internal and external call forwarding privileges 3. Implementing call vectoring 4. Disconnecting dial-in maintenance ports a. 1 and 2 b. 1 and 4 c. 3 and 4 d. 2 and 3
Choice (b) is the correct answer. DISA is used to allow an inwardcalling person access to an outbound line, which is a security weakness. Since hackers work during non-working hours (evenings and weekends), turning off DISA appears to be a preventive control (item 1). However, employees who must make business phone calls during these hours cannot use these lines. They have to use their company personal credit cards when the DISA is turned off. Similarly, disconnecting dial-in maintenance ports (item 4) appears to be a preventive control, although hackers can get into the system through these ports. Robbins (Fall 2018) Emergency problems cannot be handled when the maintenance ports are disabled. Items 1 and 4 are counterproductive and counterbalancing. By separating internal and external call forwarding privileges (item 2) for internal lines, an inbound call cannot be forwarded to an outside line unless authorized. Call vectoring (item 3) can be implemented by answering a call with a recorded message or nothing at all, which may frustrate an attacker. Items 2 and 3 are counterproductive but not counterbalancing.
148. Communications between computers can take several approaches. Which of the following approaches is most secure? a. Public telephone network b. Fiber optic cables c. Direct wiring of lines between the computer and the user workstation d. Microwave transmission or satellites
Choice (b) is the correct answer. Due to their design, fiber optic cables are relatively safer and more secure than other types of computer links. A dial-up connection through a public telephone network (choice a) is not secure unless a dial-back control is established. Direct wiring of lines between the computer and the user workstation (choice c) is relatively secure when compared to the public telephone network. Microwave transmissions or satellites (choice d) are subject to sabotage, electronic warfare, and wiretapv
121. Network downtime can be costly. Which of the following network monitoring devices is best suited in a multivendor data center? a. Line monitor b. Protocol analyzer c. Voltmeter d. Oscilloscope
Choice (b) is the correct answer. In a multivendor installation, a protocol analyzer can pinpoint a problem so that the proper service provider can be called to make repairs. This is facilitated by providing precise pictures of line activity and by eliminating the guessing of a problem. They provide readouts for data and control Robbins (Fall 2018) characters. Line monitors (choice a), voltmeter (choice c), and oscilloscope (choice d) are conventional troubleshooting devices requiring more expertise than is ordinarily available in many data communications departments.
127. Wireless local-area networks (LANs) have greater risks than wired LANs in which of the following areas? a. Masquerading and modification/substitution b. Modification/substitution and theft of equipment c. Eavesdropping and masquerading d. Eavesdropping and theft of equipment
Choice (b) is the correct answer. In wireless LANs, the stronger node could block the weaker one, substitute its own messages, and even acknowledge responses from other nodes. Similarly, theft of equipment is a major risk in wireless LANs due to their portability. When equipment moves around, things can become missing very easily. Eavesdropping and masquerading are common to both the wired and wireless LANs. Eavesdropping is an unauthorized interception of information. Masquerading is an attempt to gain access to a computer system by posing as an authorized user.
137. Local-area network (LAN) security is threatened by: a. Terminal servers b. Broadcasting services c. Authentication mechanisms d. Hub security
Choice (b) is the correct answer. LANs broadcast everything to everyone on the same LAN segment, thus violating the need-to-know security principle. The broadcasting mechanism jeopardizes the LAN security. Terminal servers (choice a) are secure due to an additional password required between the terminal server and workstation before network access is allowed. Strong authentication mechanisms (choice c) such as token-based and biometric-based systems provide good security. Hub security (choice d) is hardware-based, independent of protocol, cost effective, and properly managed.
214. Which of the following local-area network (LAN) transmission media is most reliable? a. Coaxial cable b. Fiber optics cable c. Twisted-Pair (shielded) cable d. Twisted-pair (unshielded) cable
Choice (b) is the correct answer. Optical fiber (fiber optics) is more reliable, smaller, lightning-fast, and lighter than the others. Optical fiber is difficult to eavesdrop, hence more secure. The cable reliability of both coaxial (choice a) and twisted-pair (choices c and d) is poor compared to fiber optics. Coaxial cables and twisted-pair cables can be damaged by excessive bending, crimping, stapling, or stretching
125. Controls to keep password sniffing attacks from compromising computer systems include which of the following? a. Static and recurring passwords b. One-time passwords and encryption c. Encryption and recurring passwords d. Static and one-time passwords
Choice (b) is the correct answer. Password sniffing programs are able to monitor all traffic on areas of a network and collect the first 128 or more bytes of each network session. They extract log-in and password information. One-time passwords are non-reusable as they are used only once. A series of passwords are generated by a cryptographic secure algorithm and given to the user for use at the time of login. Each password expires after its initial use and is not repeated or stored anywhere. This approach is very productive in keeping the passwords secure. Onetime passwords are not susceptible to eavesdropping. Encryption can Robbins (Fall 2018) protect data both inside and outside the boundaries of a computer system. Both secret key and public key cryptography can be used for data encryption although not all public key algorithms provide for data encryption. Password sniffers can easily collect static passwords and recurring passwords and use them in an unauthorized manner since they are changed at defined time frames. They easily compromise a computer system. Both static and recurring passwords are the same and have the same problems.
197. Which of the following is an operational issue in data communications networks? a. Network modularity and adaptability b. Network performance and throughput c. Network availability and redundancy d. Network size and interoperability
Choice (b) is the correct answer. Performance management consists of day-to-day system requirements and evaluation to assess current performance and to identify and implement system adjustments that can improve performance. To ensure efficiency, the performance management staff must know the workloads imposed by users, the levels of service required to satisfy workloads, and current capacity. Choices (a), (c), and (d) are incorrect because they are examples of network planning and design issues.
186. Which of the following alternatives to direct local area network access is most costly and high risk to install and operate? a. Electronic-mail gateways b. Internet c. Network bulletin board systems d. Commercial communication services
Choice (b) is the correct answer. Remote LAN access keeps people in touch with each other. It can be used to provide services such as technical support, diagnostics, and maintenance. Connecting an organization's network into the Internet has advantages and disadvantages. Security and cost are major issues when considering the Internet as a remote LAN access method. Electronic mail gateways (choice a) is incorrect because it simply sends and receives messages, which do not have much risk and cost. A mail gateway is a special communications program that communicates with a remote personal computer and a LAN-based post office via a modem. Network bulletin board systems (choice c) is incorrect because they send and receive messages, transfer files, and talk to the system operators. Commercial communication service providers (choice d) can act as extensions to mail gateways for exchanging of messages.
153. Which of the following controls over telecommuting use tokens and/or one-time passwords? a. Firewalls b. Robust authentication c. Port protection devices d. Encryption
Choice (b) is the correct answer. Robust authentication increases security in two significant ways. It can require the user to possess a token in addition to a password or personal identification numbers (PINs). Tokens, when used with PINs, provide significantly more Robbins (Fall 2018) security than passwords. For a hacker or other would-be impersonator to pretend to be someone else, the impersonator must have both a valid token and the corresponding PIN. This is much more difficult than obtaining a valid password and user ID combination. Robust authentication can also create one-time passwords. Electronic monitoring (eavesdropping or sniffing) or observing a user type in a password is not a threat with one-time passwords because each time a user is authenticated to the computer, a different "password" is used. (A hacker could learn the one-time password through electronic monitoring, but it would be of no value). Choice (a) is incorrect because firewalls use a secure gateway or series of gateways to block or filter access between two networks, often between a private network and a larger, more public network such as the Internet or public-switched network (i.e., the telephone system). Choice (c) is incorrect. A port protection device (PPD) is fitted to a communications port of a host computer and authorizes access to the port itself, prior to and independent of the computer's own access control functions. A PPD can be a separate device in the communications stream or it may be incorporated into a communications device (e.g. a modem). PPDs typically require a separate authenticator, such as a password, in order to access the communications port. One of the most common PPDs is the dial-back modem. Choice (d) is incorrect because encryption is more expensive than robust authentication. It is most useful if highly confidential data needs to be transmitted or if moderately confidential data is transmitted in a high-threat area. Encryption is most widely used to protect the confidentiality of data and its integrity (detects changes to files).
102. Which of the following potential problems in electronic mail (email) depends mostly on the organization? a. Errors b. Personal use c. Solicited direct marketing d. Unsolicited direct marketing
Choice (b) is the correct answer. Since e-mail is usually provided as an organizational tool, like a telephone, facsimile machine or photocopier, nonbusiness use is normally limited or forbidden (depending on the organization). The other three choices are outside the control of an organization
228. Bandwidth requirements when building the first wide-area network should be based on: a. Sampling of wide-area network traffic b. Surveying network users c. Analyzing telephone bills d. Studying traffic by telecommunications carrier
Choice (b) is the correct answer. Since it is the first wide-area link, the manager needs to estimate the telecommunications traffic. One of the best ways to do this is by conducting a survey of potential network users. Questions to be asked include: How often they use the network, what resources they need, and what type of uses they would have? Possible uses may include file transfers, videoconferencing, or electronic mail. Choices (a), (c), and (d) are incorrect because they would not occur since it is the first wide area link. Sampling does not work because there is no population to sample from. There would not be any telephone bills to analyze since it is the first wide area link. Traffic cannot be studied since the network does not exist yet.
130. A source of eavesdropping on the World Wide Web server is: a. Access logs b. System logs c. Agent logs d. Error logs
Choice (b) is the correct answer. System logs are vulnerable to traffic analysis, a form of eavesdropping. These log files contain information about each request made to the server. These logs are analyzed by the attacker to find out the transactions performed, access codes used, and other information. Access logs (choice a) Robbins (Fall 2018) provide a list of all accesses to the server. Agent logs (choice c) provide a list of programs that have been used to access the server. Error logs (choice d) show a list of the errors that the server has experienced. The attacker cannot gain useful information from access, agent, and error logs as he would from system logs.
106. All of the following are true about the Internet except: a. It has an electronic-mail system b. It has a central computer system c. It has a bulletin board system d. It has an on-line banking system
Choice (b) is the correct answer. The Internet connects millions of computers in many countries in the world. It has no central computer system in one place. Its applications include electronic mail, on-line chat sessions, or on-line banking, the World Wide Web, bulletin boards, research, news and information, entertainment, and education. The goal was to develop a computer system that would not be destroyed by enemies for security reasons. It is a network of computers that were connected in such a way that if any one of the computers were damaged, the other computers on the network would continue to function. Consequently, a backbone network was created, connecting many computers and individual networks. The Internet, therefore, is a network of networks without a big central computer system.
172. Network growth is inevitable. Which of the following components of such growth is the most important and difficult to predict? a. Network utilization by the original users b. Extension of the network to new users c. Modifications to physical facilities d. Increased business activity
Choice (b) is the correct answer. The biggest cause of expanded network use comes from the addition of new users. Predicting growth rates for new customers is generally more difficult than for existing users. Marketing research, surveys, personal contacts, and industry knowledge are needed to estimate this growth. Choice (a) can be tracked and monitored with network tools available, choice (c) can be handled properly, and choice (d) can be predicted from internal sales data, user activity data, and industry sales.
101. From a security viewpoint, which of the following should be the goal for a virtual private network (VPN)? a. Make only one exit point from a company's network to the Internet b. Make only one entry point to a company's network from the Internet c. Make only one destination point from a company's network to the Internet d. Make only one transmission point from the Internet to a company's network
Choice (b) is the correct answer. The goal for a VPN should be to make it the only entry point to an organization's network from the Internet. This requires blocking all of the organization's systems or making them inaccessible from the Internet unless outside users connect to the organization's network via its VPN.
217. LAN administrator responsibilities require a close coordination and communication with which of the following staff? a. Database group b. Functional user department staff c. Applications programming staff d. Systems programming staff
Choice (b) is the correct answer. The help-desk staff filters initial trouble reports and passes urgent problems requiring in-person assistance to local LAN administrators. It is the functional user department staff who calls in most with problems. Therefore, the LAN administrator requires a close coordination and communication with the help desk and user department staff. The LAN administrator also talks to applications and systems programming staff and database group about problems, but they are fewer in number compared to functional users.
128. The World Wide Web (WWW) can be protected against the risk of eavesdropping in an economical and convenient manner through the use of: a. Link and document encryption b. Secure socket layer and secure HTTP c. Link encryption and secure socket layer d. Document encryption and secure HTTP
Choice (b) is the correct answer. The risk of eavesdropping occurs on the Internet in at least two ways: traffic analysis and stealing of sensitive information such as credit card numbers. SSL, secure socket layer provides an encrypted TCP/IP pathway between two hosts on the Internet. Secure socket layer (SSL) can be used to encrypt any TCP/IP protocol, such as HTTP, TELNET, or FTP. SSL can use a variety of public-key and token-based systems for exchanging a session key. SHTTP (secure HTTP) is an encryption system designed for HTTP and only works with HTTP. Link encryption provides encryption for all traffic, but it can only be performed with prior arrangement. It is very expensive. Document encryption is cumbersome since it requires the documents to be encrypted before they are placed on the server, and they must be decrypted when they are received. Link and document encryption can use either TCP/IP or other protocols.
234. A web browser is closely related to: a. A webpage b. A web client c. A web server d. A web document
Choice (b) is the correct answer. The web browser is the user interface of an intranet. The most standard form of a web client is a stand-alone desktop computer connected to the LAN running a web browser such as Netscape Navigator or Microsoft Internet Explorer. Thus a web browser is closely related to a web client. Choice (a) is incorrect because a webpage is a document on the World Wide Web containing links to other webpages. It consists of a hypertext markup language (HTML) file, a graphics file, and a script file. Choice (c) is incorrect because a web server provides documents and files requested by a client such as a web browser. Choice (d) is incorrect because a web document is synonymous with a webpage.
149. An unauthorized user or an outsider (e.g., a hacker) can try to gain access to a computer system via a public telephone by repetitive guesswork at system codes, user IDs, or passwords. A PC can be employed to continuously dial into the system and use different identification codes. This "brute-force" approach is effective when: a. The unauthorized user is automatically disconnected after a specific number of invalid password attempts b. Commonly known characters or personal information is used as a password c. User IDs and passwords that have a large number of possible combination and permutations are used d. A record of all log-on attempts is maintained
Choice (b) is the correct answer. This "brute-force" method is called password cracking. It is a technique used to surreptitiously gain system access by using other user accounts. Users often select weak passwords (spouse's first name) and passwords that are susceptible to dictionary attacks (guessing of passwords using a dictionary as the source of guesses). Choices (a), (c), and (d) are countermeasures to minimize the "brute force" approach. A log, or detective control, can reveal attempted security breaches. However, the log by itself cannot prevent the "brute-force" approach.
215. Communication networks between a group of microcomputers in the same office or building are called: a. Wide-area networks b. Local-area networks c. Value-added networks d. Metropolitan-area networks
Choice (b) is the correct answer. This is the definition of the localarea network (LAN) in that the network is confined to a department or Robbins (Fall 2018) a building. Choice (a) is incorrect because a wide-area network (WAN) connects system users who are geographically dispersed through public telecommunication facilities. The scope of a WAN reaches cities, nations, and the world. Choice (c) is incorrect because value-added network (VAN) vendors operate in a secondary network market. They lease communication facilities from primary, common carriers. The scope of a VAN spans cities. Choice (d) is incorrect because a metropolitan-area network (MAN) links an organization's factory or office buildings within a small geographic area such as a town or a city.
138. Voice hackers can: a. Steal information and damage computer systems b. Attack modem pools and access data networks c. Access data networks and steal information d. Attack modem pools and damage computer systems
Choice (b) is the correct answer. Voice hackers attack modem pools directly and access data networks through the private branch exchange (PBX) system thus requiring a joint responsibility of data and voice management. Modem pools consist of a group of modems connected to a server, whether it is a communications or terminal server. Data hackers can steal information and damage computer systems (choice a). Voice hackers steal telephone services (toll fraud) through modem pools and data networks. This question differentiates between voice hackers and data hackers.
110. Major vulnerabilities stemming from the use of the World Wide Web are associated with which of the following? a. External websites and hypertext markup language (HTML) b. Web browser software and web server software c. External websites and hypertext transfer protocol (HTTP) d. Internal websites and webpages
Choice (b) is the correct answer. Vulnerabilities stemming from the use of the Web are associated with browser software and server software. While browser software can introduce vulnerabilities to an organization, these vulnerabilities are generally less severe than the threat posed by servers. Many organizations now support an external website describing their products and services. For security reasons, these servers are usually posted outside the organization's firewall, thus creating more exposure. Web clients, also called Web browsers, enable a user to navigate through information by pointing and clicking. Web servers deliver hypertext markup language (HTML) and other media to browsers through the hypertext transfer protocol (HTTP). The browsers interpret, format, and present the documents to users. The end result is a multimedia view of the Internet.
185. Wireless LANs are connected to wired LANs through the use of which of the following? a. Repeaters Robbins (Fall 2018) b. Bridges c. Brouters d. Routers
Choice (b) is the correct answer. Wireless LANs are often connected to wired LANs through a bridge, or they depend on a central hub to pass messages between nodes. These devices make good targets to alter traffic passing between wireless nodes. Choices (a), (c), and (d) are incorrect. A repeater simply extends the range of one LAN. It rebuilds all the signals it hears on one LAN segment and passes them on to the other. A router connects LANs of different hardware types. They examine network addresses for forwarding packets on to another LAN. A brouter is a combined bridge and router that operates without protocol restrictions, routes data using a protocol it supports, and bridges data it cannot route.
161. Which of the following controls over facsimile transmission is most effective to prevent unintentional (eyeball) leaks of information? a. Cover all faxes b. Discourage messages on cover sheets c. Use a fax server d. Delegate all fax work to one person
Choice (c) is the correct answer. A fax server can send and receive faxes directly from computers. Eyeball leaks are also referred to as "shoulder surfing." People can still see the cover page on faxes (choice a). It is not economical to discourage messages on cover sheets as some faxes are very short, not requiring a second page (choice b). Delegating all fax work to one person does not protect the leaks of information since this person can disclose to others (choice d).
209. The least effective control in mitigating communication network failures would be which of the following? a. Network contingency plans b. Network capacity planning c. Network application system d. Network performance monitoring
Choice (c) is the correct answer. A network application system that collects traffic statistics and provides reports to alert the network management does not help in minimizing communication network failures. Choices (a), (b), and (d) are important to minimize losses from a network failure. Network contingency plans (choice a) deal with redundant switching equipment, parallel physical circuits, and standby power supplies to address network disasters. Network capacity plans (choice b) assist in forecasting computer resource requirements to ensure that adequate capacity exists when needed. For example, the capacity studies may call for higher bandwidth to accommodate newer technologies such as multimedia and videoconferencing. Capacity planning activities use current system performance data as a starting point to predict future resource needs. Network performance monitoring (choice d) involves analyzing the performance of a computer system to determine how resources are currently utilized and how such utilization can be improved.
141. The use of the World Wide Web (Web) can lead to potential threats for a web reader. Which of the following threats is most difficult to detect? a. Error-prone software b. Impersonation c. Data corruption d. Eavesdropping
Choice (c) is the correct answer. A web reader is anyone who uses a web browser to access Web-based information. A web browser is a web client application that typically supports more than one web protocol. Web threats stem from shortcuts in the software development process, shortcomings in popular operating systems, deficiencies in the Internet protocols, and the problems inherent in managing the Internet. Data corruption, say from virus infection, can be more difficult to discover and recover from, since there may be no obvious symptoms. Error-prone software (choice a) is endemic to the software development process. Developers continually add new features to differentiate their products and increase market share. Much of the software is provided on a try-before-you-buy basis, allowing people to test-drive software but providing no warranty in the event of bugs (errors). This is not a major problem since the developer's reaction time is reasonably fast. Impersonation (choice b) of an individual or organization is difficult to prevent on the Internet. An electronic mail address may or may not uniquely identify an individual, and many organizations do not provide outside access to internal e-mail addresses. Secure e-mail protocols have been proposed and slowly being implemented. Eavesdropping (choice d), also known as sniffing or snooping of network traffic, is unavoidable as long as local-area networks use broadcast protocols, and the data is unencrypted and travels over public networks. One should be as cautious when using the Web for sensitive matters, as he would be discussing something confidential on a public or cellular telephone.
159. Which of the following characteristics represents the full features of integrated services digital network (ISDN)? a. Manual bandwidth allocation, high throughput, and higher cost b. Automatic bandwidth allocation, medium throughput, and medium cost c. Automatic bandwidth allocation, high throughput, and low cost d. Manual bandwidth allocation, low throughput, and low cost
Choice (c) is the correct answer. An ISDN is defined as an end-to-end digital network that provides customer services using existing subscriber loops. Digital technologies provide greater benefit for data communications. This is because digital data signals do not have to be converted from their original digital form into analog signals for transmission or for switching and because very high bit rates can be sent economically over digital transmission facilities. It has the ability to provide bandwidth on an as needed basis to support digital connection. Because of this, ISDN uses automatic bandwidth allocation method, produces high throughput, and low cost.
230. Intranet uses all of the following except: a. Java programming language b. TCP/IP protocol c. Public networks d. Electronic mail
Choice (c) is the correct answer. An Intranet is a private network that relies on the same protocols used by computers on the Internet to talk to each other. This includes TCP/IP (choice b), the World Wide Web, and electronic-mail (choice d) protocols. Java programming language (choice a) is the de facto standard of the intranet and the Internet. Java is an object-oriented language based in part on the popular C++.
229. Which of the following statements about an Intranet is not true? a. It facilitates collaborative work b. It facilitates telecommuting work c. It requires the knowledge of specific data location d. It permits customers to access an organization's data
Choice (c) is the correct answer. An intranet can provide e-mail, display webpages from internal websites created by various departments, offer access to company databases, and more. Because of this versatility, workers do not need to know where the specific data is located. Intranets will find the required data and delivers it to the requester. Intranets encourage and allow collaboration among workers, even if they are in different buildings, cities, or countries (choice a). Intranets also facilitate telecommuting work and employees on the road because remote access is built in (choice b). Through external connections to the world, customers can have selective access to an organization's data
117. Which of the following attacks take advantage of dynamic system actions and the ability to manipulate the timing of those actions? a. Active attacks b. Passive attacks c. Asynchronous attacks d. Tunneling attacks
Choice (c) is the correct answer. Asynchronous attacks take advantage of dynamic system activity to get access. User requests are placed into a queue and are satisfied by a set of predetermined criteria. An attacker can penetrate the queue and modify the data that is waiting to be processed or printed. He might change a queue entry to replace someone else's name or data with his own or to subvert that user's data by replacing it. Here, the time variable is manipulated. With an active attack (choice a), the intruder modifies the intercepted messages. An effective tool for protecting messages against the active and passive attacks is cryptography. With a passive attack (choice b), an intruder intercepts messages to view the data. This intrusion is also known as eavesdropping. Tunneling attacks (choice d) use one data transfer method to carry data for another method. It may carry unauthorized data in legitimate data packets. It exploits a weakness in a system at a low level of abstraction.
123. Enforcing effective data communications security requires the effective use of other types of security such as physical security. Which of the following can easily compromise such an objective? a. Smart cards with PINs b. Nonreusable passwords c. Network cabling d. Last login messages
Choice (c) is the correct answer. Data communications security requires physical security and password controls. The network cables that carry data are very vulnerable to intruders. It is a simple matter to tap into cabling and relatively easy to cut the wiring. Therefore, a basic physical security control such as locking up the wiring closet is important. Smart cards with PINs (choice a) are incorrect because they do not compromise data communications. In fact, they enhance security by using cryptographic keys. Nonreusable passwords (choice b) are used only once. A series of passwords are generated by a cryptographic secure algorithm and given to the user for use at the time of login. Robbins (Fall 2018) Each password expires after its initial use and is not repeated or stored anywhere. Last login messages (choice d) are incorrect because they alert unauthorized uses of a user's password and ID combination.
104. Which of the following is a preventive control to address the potential threat of eavesdropping in an e-mail environment? a. Digital signature and message digest algorithm b. Message digest algorithm and encrypting the contents of the message c. Encrypting the contents of the message or encrypting the contents of the channel d. Digital signature and encrypting the contents of the message
Choice (c) is the correct answer. Eavesdropping can be prevented by encrypting the contents of the message or the channel over which it is transmitted. In a typical e-mail system, where mail is sent and received via a central server, if just the channel is encrypted, system administrators at the sending or receiving ends could still read or alter the messages. To provide the highest degree of confidentiality, a secure channel must be used from sender computer to receiver computer, or the contents of the message must be encrypted. A digital signature is a cryptographic method used by a message's recipient to verify the identity of the message's sender and the integrity of the message. A message digest algorithm gives a value (or hash) that is calculated based on arbitrary data. These do not prevent eavesdropping
222. Which of the following is a detective control in a local-area network environment? a. File backup b. Contingency plan c. Electronic surveillance d. Locks and keys
Choice (c) is the correct answer. Electronic surveillance is an example of detective controls. Choice (a) is incorrect because file backup is an example of recovery controls. Choice (b) is incorrect because a contingency plan is an example of recovery controls. Choice (d) is incorrect because locks and keys are an example of preventive controls.
126. Which of the following security threats is not applicable to wireless local-area networks? a. Message interception b. System unavailability c. System unreliability d. Theft of equipment
Choice (c) is the correct answer. Even with wireless LANs, message interception is possible, the system can go down thus making it unavailable, and equipment can be stolen. However, the wireless LAN is more reliable than the wired LAN due to lack of wiring problems. Cable cuts and jams are the most common problems with the wired LANs. Therefore, system unreliability is not a threat for wireless LANs
173. Which of the following is a disadvantage of satellite communications over a conventional communications method? a. User-owned stations b. Cost c. Frequency bands d. Broadcast ability
Choice (c) is the correct answer. Frequency bands are of two types: low and high frequency. At the lower requency bands have become increasingly crowded and developing higher frequencies is difficult and expensive. Also, transmission problems typically worsen at higher frequencies. In satellite systems, power must be increased at both the original transmission (uplink) site on earth and on the satellite itself. Increased satellite power generally increases costs. Choices (a), (b), and (d) are advantages. Users will be purchasing their own sending and receiving equipment. Satellites have a low-cost, point-to-multipoint broadcast capability that is most expensive to duplicate with conventional techniques.
105. Which of the following e-mail policy items can be a source of computer viruses? a. Retention of e-mail inquiries b. Handling of personal e-mail messages c. Handling of unsolicited e-mail messages d. Handling of business e-mail messages
Choice (c) is the correct answer. Handling of unsolicited e-mail messages can be a source of computer viruses because of the uncertainty of the sender of the message. Anyone can send a message through e-mail to anyone, as long it is a correct and deliverable address. The best advice is to delete any unsolicited advertisements immediately, without downloading or even reading the message, to reduce potential risks of computer viruses.
219. The most frequent cause of local area network hardware failures is: a. Repeater b. Server disk drives c. Network cabling d. Server software
Choice (c) is the correct answer. Hardware failures are grouped as follows: network cabling (60 to 80%), repeater (10 to 20%), and server disk drive (10 to 20%). Cables should be tested before their first use, rather than after a problem surfaces. Testing an installed cable is a tedious job, particularly when there are many network connections (drops) and the organization is large. Failures are caused when electrical conductors either break open, short together, or are exposed to electromagnetic forces. Failures are also caused when cables are poorly routed. Cabling, unlike other computer equipment, is not protected from heat, electrical charges, physical abuse, and damage. Choices (a), (b), and (d) are incorrect. A repeater repeats data packets or electrical signals between cable segments. They receive a message and then retransmit it, regenerating the signal at its original strength. Server disk drive and software are comparatively safe and trouble free device compared to cabling
144. In a wireless LAN environment, the technique that is used to ensure effective data security is called: a. Message authentication code and transponder b. Transmitting in different channels and message authentication code c. Transmitting in different channels and encryption d. Encryption and transponder
Choice (c) is the correct answer. In a wireless LAN environment, transmitting in different channels at the same time or different times ensures that an intruder cannot predict the transmission patterns. Data can be compared from different channels for completeness and accuracy. In addition, data encryption techniques can be used for highly secure applications. It is true that anyone with the appropriate receiver device can capture the signal transmitted from one unit to another. A message authentication code is not applicable here because it is a process for detecting unauthorized changes made to data transmitted between users or machines or to data retrieved from storage. A transponder is not applicable here because it is used in satellites to receive a signal, to change its frequency, and to retransmit it.
233. Web pages are created in which of the following components of the intranet model? a. The server b. The clients c. The publisher d. The network
Choice (c) is the correct answer. Intranets are modeled after the Internet, where the former is a collection of webpages. The publisher is the means by which information is published, web pages created, and applications developed. Intranets will become a quick and efficient method for accessing and publishing information for allowing existing information sources such as databases or company documents to be leveraged. The server (choice a) is the source of web documents and applications and the protocols used to deliver them. The server also interacts via gateway interfaces with databases and other information sources. The clients (choice b) of an Intranet are machines enabled with web browsers that allow them to view documents written in hypertext markup language (HTML). The network (choice d) is the physical media and the communication protocol protected from external networks through a firewall.
218. Under which of the following conditions is a dial-up line not preferred over a dedicated line in a teleprocessing system? a. Low cost b. Low volume c. Higher quality of transmission d. Infrequent communications Choice
Choice (c) is the correct answer. Leased lines (nonswitched networks) are usually private networks between two or more points to keep the line available. Many organizations encrypt leased lines to prevent data disclosure when the risk warrants the cost and transmission overhead. Two types of telephone lines may be used in a teleprocessing system: dedicated private (or leased) lines and dial-up (or switched) lines. Dedicated lines are devoted 100 percent to the transmission of data between the host computer and the end-user device. The consistent quality of transmission and improved security afforded by dedicated lines make them preferable to dial-up lines. However, the versatility and low cost of dial-up lines make them useful in many instances such as low volume, infrequent communications, or as a backup means of transmission should dedicated lines become inoperable. Dial-up (switched) networks provide services through shared switching and transmission facilities. A switched network design assumes that not all users will use the network at the same time and provides alternate paths to increase the probability of call completion. A switched public network may not be able to handle call volume at peak times and can cause delays.
196. A major purpose of diagnostic hardware tools for a LAN troubleshooting is: a. Reporting on the network status b. Resolving alerted problems c. Viewing problems in real time d. Responding to error messages
Choice (c) is the correct answer. Many kinds of diagnostic hardware tools are available at various prices. They serve a variety of functions and require different levels of expertise to understand and use. The protocol analyzer and the time domain reflectometer are commonly used hardware tools. The term "protocol analyzer" is shared by a range of equipment that varies widely in functions and user friendliness. The protocol analyzer allows the LAN administrator to see what is happening on the LAN in real time and observe problems as they occur. The reflectometer is an essential tool for maintaining a LAN that uses copper wiring. It sends a high-speed pulse down the cable; if there is a break in the cable, a short, or a bad connection, the pulse is reflected. The reflectometer translates the time lapse into distance and, depending on the unit, identifies the type of malfunction. Choices (a), (b), and (d) are incorrect since they are examples of software tools, which respond to error messages; shut down the LAN; examine, control, and resolve alerted problems; and assess, change, and report on the network status.
227. Frame relay and X.25 networks are part of: a. Circuit-switched services b. Cell-switched services c. Packet-switched services d. Dedicated digital services
Choice (c) is the correct answer. Packet-switched services are better suited to handle bursts of traffic. In packet-switched services, connections do not need to be established before data transmission begins. Instead, each packet is transmitted separately, and each may take a separate path through the mesh of network. X.25 networks are slow and are not suitable for most LAN-to-LAN traffic because of the time and bandwidth required for error checking by X.25. Frame relays, which are similar to X.25, provide faster and more efficient services. Frame relay does not employ the extensive error checking of X.25. Choice (a) is incorrect because circuit-switched services are better suited for delay-sensitive traffic. They establish a virtual connection before transmitting data. They do not use X.25 and frame relay protocols. Choice (b) is incorrect because cell-switched services use a fixedsize cell rather than a variable-size packet (e.g., asynchronous transfer mode networks). This type of switching is faster and less expensive. They do not use X.25 and frame relay protocols either. Robbins (Fall 2018) Choice (d) is incorrect because dedicated digital services handle voice, video, and data. The dedicated lines are usually leased and installed between two points to provide dedicated, full-time service. T1 and T3 are examples of dedicated digital lines.
158. Possible security threats inherent in a local-area network (LAN) environment include passive and active threats. Which of the following is a passive threat? a. Denial of message service b. Masquerading c. Traffic analysis d. Modification of message service
Choice (c) is the correct answer. Passive threats do not alter any data in a system. They simply read information for the purpose of gaining some knowledge. Since there is no alteration of data and consequently no audit trail exists, passive threats are difficult to detect. Examples of passive threats include release of message contents and traffic analysis. If an attacker can read the packet header, then the source and destination of the message is known, even when the message is encrypted. Through traffic analysis, the attacker knows the total volume in the network and the amount of traffic entering and leaving selected nodes. While encryption can limit the reading of header information and messages, traffic padding is also needed to counteract the traffic analysis. Traffic padding requires generating a continuous stream of random data or ciphertext and padding the communication link so that the attacker would find it difficult to differentiate the useful data from the useless data. Traffic padded data is useless. Choices (a), (b), and (d) are incorrect because they are examples of active threats. Active threats generate or alter the data or control signals rather than to simply read the contents of those signals. A denial of message service (choice a) results when an attacker destroys or delays most or all messages. Masquerading (choice b) is an attempt to gain access to a computer system by posing as an authorized client or host. An attacker poses as an authentic host, switch, router, or similar device in order to communicate with a peer to acquire data or services. Modification of message service (choice d) occurs when an attacker modifies, deletes, delays, reorders existing real messages and adds fake messages.
107. Which of the following protocols is used by the Internet? a. SNA b. DECnet c. TCP/IP d. MAP
Choice (c) is the correct answer. Protocols and network architectures make communication more efficient. Protocols are standards for controlling communications. Architectures use standard protocols. Standard communications hardware, software, and user interfaces are connected to interoperate properly. Transmission Control Protocol/Internet Protocol (TCP/IP) is used by the Internet. System Network Architecture (SNA) is used by IBM. DECnet is used by Digital Equipment Corporation. Manufacturing Automation Protocol (MAP) is used by General Motors Corporation.
133. Most effective security controls over remote maintenance ports include: a. Legal contract and dial-back system b. Dial-back system and modem pools c. Legal contract and modem pools d. Dial-back system and disconnect unneeded connections
Choice (c) is the correct answer. Remote maintenance ports allow the vendor to fix operating problems. The legal contract with the vendor should specify that there be no trap doors and that any maintenance ports should be approved by both parties. Modem pools consist of a group of modems connected to a server (e.g., host, communications, or terminal). This provides a single point of control. Note that attackers can target the modem pool itself, so protect it by installing an application gateway-based firewall control. Dial-back security controls over remote maintenance ports are not effective since they are really authenticating a place, not a person. It is good practice to disconnect unneeded connections to the outside world, but this makes it difficult for a maintenance contractor to access certain ports when needed in an emergency.
192. Which of the following pairs of protocols greatly conflict with each other? a. TCP/IP and ISO/OSI b. ISO/OSI and SNA c. SNA and TCP/IP d. ISO/OSI and GOSIP
Choice (c) is the correct answer. SNA and TCP/IP are incompatible protocols and conflict with each other. SNA is an example of a proprietary system standard (IBM) and has seven layers: transaction layer 7, presentation layer 6, data flow layer 5, transmission layer 4, path control layer 3, data link layer 2, and physical layer 1. TCP/IP is a collection of data transmission protocols for internetwork communications and has four Robbins (Fall 2018) layers: application layer 4, transport layer 3, Internet layer 2, and network interface layer 1. Gateways are needed to communicate between the incompatible SNA and the TCP/IP. Both TCP/IP and ISO/OSI (choice a) are compatible and provide a set of Open System standards for achieving interoperability between applications running in a heterogeneous environment. Although the TCP/IP has four layers and the ISO/OSI has seven layers, they are compatible. The number of layers does not determine compatibility between protocols. The seven ISO/OSI layers include application layer 7, presentation layer 6, session layer 5, transport layer 4, network layer 3, data link layer 2, and physical layer 1. ISO/OSI and SNA (choice b) are not compatible at higher-level layers. However, they are compatible at the lower-level layers, that is, physical and data link layers. One-to-one correspondence between the layers of these protocols does not exist today, which can change in the future. ISO/OSI and GOSIP (choice d) are compatible because GOSIP is based on ISO/OSI and is a guideline for the U.S. Government to purchase OSI-based products and to use them effectively.
231. An effective security control over an Intranet is: a. Call-back b. Static passwords c. Firewalls d. Dynamic passwords .
Choice (c) is the correct answer. Since intranets are connected between customers, suppliers, and the organization, access to information is a vital concern. Firewalls and routers will keep intruders out of the intranets. Choice (a) is incorrect because callback is a security mechanism used mostly on mainframe and midrange computers. Choice (b) is incorrect because, by definition, static passwords are not changed often, and as such, they are ineffective security controls. Choice (d) is incorrect because dynamic passwords change each time a user is logged on to the system and are most effective security controls. Choices (a), (b), and (d) are most widely used in a mainframe computer environment. They are not used for intranets
152. Which of the following questions must be answered first when planning for secure telecommuting? a. What data is confidential? b. What systems and data do employees need to access? c. What type of access is needed? d. What is the sensitivity of systems and data?
Choice (c) is the correct answer. Telecommuting is the use of telecommunications to create an "office" away from the established (physical) office. The telecommuting office can be in an employee's home, a hotel room or conference center, an employee's travel site, or a telecommuting center. In planning for secure telecommuting, management must first determine what type of access is needed. What systems and data do employees need? What is the sensitivity of these systems and data? Do they need system administrator privileges? Do they need to share files with other employees? Is the data confidential?
120. The Internet is a prime example of which of the following? a. A bounded network b. A trusted network c. An unbounded network d. A secure network
Choice (c) is the correct answer. The Internet is a prime example of an unbounded network. Future systems will shift from a customercontrolled environment to an unbounded network infrastructure controlled by multiple service providers. The Internet is not yet a secure, trusted, and bounded network.
109. Which of the following is the biggest impediment for carrying out electronic commerce on the Internet? a. Electronic ordering and payment procedures b. Electronic-mail systems c. Customer confidence and trust d. Website construction and usage
Choice (c) is the correct answer. The Internet is opening new ways for customers, industry, and governments to conduct business and to exchange information electronically. Electronic ordering and payments can be handled efficiently and conveniently over the network. Electronic mail and informational webpages have become institutional resources. Yet the full benefits of electronic commerce and information exchange will not be realized until users have sufficient trust and confidence in the security and privacy of their information
147. Which of the following ISO/OSI layers provide both confidentiality and data integrity services? a. Data link layer b. Physical layer c. Application layer d. Presentation layer
Choice (c) is the correct answer. The application layer is the only layer listed in the question that proves both confidentiality and data integrity services. The application layer provides services directly to users such as file transfer protocols. It consists of query software where a person could request a piece of information and the system displays the answer. Data link layer (choice a) and physical layer (choice b) are incorrect because they provide confidentiality service only, not data integrity. The data link layer provides reliable transfer of data across physical links, error flow control, link level encryption and decryption, and synchronization. It handles the physical transmission of frames over a single data link. The physical layer provides for the transmission of unstructured bit streams over the communications channel. The presentation layer (choice d) is incorrect because it provides authentication and confidentiality services, but not data integrity and confidentiality. The presentation layer defines and transforms the format of data to make it useful to the receiving application.
124. An attacker connecting a covert computer terminal to a data communication line between the authorized terminal and the computer is called a(n): a. Tunneling attack b. Salami attack c. Session hijacking attack d. Asynchronous attack
Choice (c) is the correct answer. The attacker waits until the authorized terminal is on-line but not in use, and then switches control to the covert terminal. The computer thinks it is still connected to the authorized user, and the attacker has access to the same files as the authorized user. Since a session was hijacked in the middle, it is called a session hijacking attack. Tunneling attack (choice a) is incorrect because it uses one data transfer method to carry data for another method. Salami attack (choice b) is incorrect because it is an automated form of abuse using the Trojan horse method or secretly executing an unauthorized program that causes the unnoticed or immaterial debiting of small amounts of financial assets from a large number of sources or accounts. Asynchronous attack (choice d) is incorrect because it takes advantage of the asynchronous functioning of a computer operating system. This may include a programmer (1) penetrating the job queue and modifying the data that is waiting to be processed or printed or (2) disrupting the entire system by changing commands so that data is lost or programs crash.
116. The first step toward securing the resources of a local-area network (LAN) is to verify the identities of system users. Organizations should consider which of the following prior to connecting their LANs to outside networks, particularly the Internet? a. Plan for implementing locking mechanisms b. Plan for protecting the modem pools c. Plan for considering all authentication options d. Plan for providing the user with his account usage information
Choice (c) is the correct answer. The best thing is to consider all authentication options, not just using the traditional method of passwords. Proper password selection (striking a balance between being easy to remember for the user but difficult to guess for everyone else) has always been an issue. Password-only mechanisms, especially those that transmit the password in the clear (in an unencrypted form) are susceptible to being monitored and captured. This can become a serious problem if the LAN has any uncontrolled connections to outside networks such as the Internet. Because of the vulnerabilities that still exist with the use of password-only mechanisms, more robust mechanisms such as token-based authentication and use of biometrics should be considered. Choice (a) is incorrect. Locking mechanisms for LAN devices, workstations, or PCs that require user authentication to unlock can be useful to users who must leave their work areas (for a short period of time) frequently. These locks allow users to remain logged into the LAN and leave their work areas without exposing an entry point into the LAN. Choice (b) is incorrect. Modems that provide users with LAN access may require additional protection. An intruder that can access the modem may gain access by successfully guessing a user password. The availability of modem use to legitimate users may also become an issue if an intruder is allowed continual access to the modem. A modem pool is a group of modems acting as a pool instead of individual modems on each workstation. Modem pools provide greater security in denying access to unauthorized users. Modem pools should not be configured for outgoing connections unless access can be carefully controlled. Choice (d) is incorrect. Security mechanisms that provide a user with his account usage information may alert the user that the account was used in an abnormal manner (e.g., multiple login failures). These mechanisms include notification such as date, time, and location of the last successful login and the number of previous login failures.
164. The construction and expansion of a local-area network can be more restrictive than that of a wide area network. Which of the following is not a restriction? a. The number of workstations that can be connected to a network b. The length of cable to connect a workstation to the network c. The ability of a personal computer to act as a data terminal d. The physical spacing between cable connections
Choice (c) is the correct answer. The restrictions are caused by the variety of cabling restraints that apply to the installation of each type of LAN, such as Ethernet or token ring network. The constraints include the number of stations that can be connected to a network (choice a), the length of cable to connect a station to the network (choice b), and the physical spacing between cable connections (choice d). A personal computer (PC) can act as a data terminal, which is not a restriction in the LAN environment. A PC can be used to enter transaction-oriented data, enter batch data, output batch data, and retrieve data as needed from a database
189. Which of the following network topologies is most expensive when many remote terminals are geographically dispersed over long distances? a. Star b. Tree c. Ring d. Mixed
Choice (c) is the correct answer. The ring/loop topology interconnects nodes in a circular fashion where personal computers are connected successively forming a ring. The ring topology is used to connect computers not terminals. Unlike the star topology, there is no central hub through which all traffic flows. This structure is economical when many remote terminals and computers are located close to one another. If remote terminals were geographically dispersed over long distances, line costs would be expensive. Star topology (choice a) is incorrect. It is less expensive due to the central hub, eliminates lengthy cables, and troubleshooting is easier. Tree topology (choice b) is incorrect. The traffic from a number of low-to-mediumspeed terminals is combined for retransmission to the host computer via a high-speed link. This structure results in Robbins (Fall 2018) reduction in circuit costs because one or a few lines are used rather than many. The costs of mixed topology (choice d) depend on how it is configured.
146. Which of the following is a by-product of administering the security policy for firewalls? a. Protocol filtering policy b. Connectivity policy c. Firewall implementation d. Protocol filtering rules
Choice (c) is the correct answer. The role of site security policy is very important with regard to firewall administration. A firewall should be viewed as an implementation of a policy; policy should never be made by the firewall implementation (choice c). In other words, agreement on what protocols to filter (choice a), what application gateways to use, how network connectivity (choice b) will be made, and what the protocol filtering rules (choice d) are all need to be codified beforehand because ad hoc decisions will be difficult to defend and will eventually complicate firewall administration
131. A strategy for protecting the network is through an application level gateway and by allowing only electronic mail to pass between the organization's network and the outside world. Electronic mail is used to do which of the following? a. The firewalls that refuse to forward anything unless it is to the gateway b. The firewalls that refuse to forward anything unless it is from the gateway c. File transfer d. Remote login
Choice (c) is the correct answer. The two firewalls sitting on both sides of the application level gateway are routers that refuse to forward anything unless it is to or from the gateway (choices a and b). It is good to disallow file transfer (choice c) and remote login (choice d). But electronic mail can certainly be used to transfer files by breaking them down into small pieces
198. Asynchronous transfer mode (ATM) is an example of a fast packetswitching network. Which of the following statements about ATM is not true? a. ATM networks can carry data communications b. ATM networks can carry video communications c. ATM networks use long packets with varying sizes d. ATM networks can carry voice communications
Choice (c) is the correct answer. There are two different kinds of fast packet switching networks: ATM and PTM. Asynchronous transfer mode (ATM) networks use short packets called "cells" that are always the same length. Packet transfer mode (PTM) does not use short cells but more additional packets that can be longer if necessary. Most packet switching networks use packets that can be very long and vary in size depending on the data being carried. The ATM network can carry data communications (choice a) where packets are broken into several ATM cells. After travelling through the network, the cells are reassembled into packets. It can also carry video communications (choice b) where the digital video bits are put in cells and sent through the network. At the destination, the bits are removed from the cells. The ATM also carries voice communications (choice d) and the voice is handled in the same way as video.
226. Which of the following networks provide for movement of employees within an organization without the associated cabling costs? a. Traditional local-area networks b. Metropolitan-area networks c. Virtual local-area networks d. Value-added networks
Choice (c) is the correct answer. Virtual LAN is a logical collection of individual LANs. Virtual LANs connect local- and wide-area networks using routers, switches, and backbone equipment and related software so that users at various locations have access to data residing on multiple systems and locations that they would not have otherwise. The virtual network is transparent to users. Virtual LANs reassign users without changing cables when users move from one location to another. Network maintenance costs are lower and equipment moves are done faster. Another benefit of virtual LANs is that all servers in a building can be physically protected in a data center instead of spreading them throughout the building in the user departments. Choice (a) is incorrect because traditional LANs require a change of cabling when users and their equipment move around. Network maintenance costs are higher and moves are slower. Choices (b) and (d) are incorrect because they do not employ cables as traditional LANs do.
183. Which of the following statements is not true regarding wireless LANs? a. Wireless LANs will not replace wirebound LANs b. Wireless LANs will augment the wirebound LANs c. Wireless LANs will substantially eliminate cabling d. Wireless LANs will serve as a direct replacement for the wirebound LANs
Choice (c) is the correct answer. Wireless LANs will augment, not replace, wirebound LANs. In some cases, wireless LANs will serve as a direct replacement for the wirebound LANs when starting from scratch. In most cases, a wireless LAN will complement a wired LAN, not replace it. Due to poor performance and high cost reasons, wireless LANs will not take over the wired LANs. Wireless LANs do not substantially eliminate cabling since bridges rely on cabling for interconnection. Wireless LANs provide unique advantages such as fast and easy installation, a high degree of user mobility and equipment portability.
224. Which of the following protocols is used with electronic-mail systems? a. X.25 b. X.75 c. X.400 d. X.500
Choice (c) is the correct answer. X.400 is an addressing scheme for use with e-mail. Choice (a) is incorrect because X.25 is used in public packet switched communications between a network user and the network itself. Choice (b) is incorrect because X.75 is used in public packet switched communications between network hubs. Choice (d) is incorrect because X.500 is an addressing scheme for directory services
132. Which of the following is not related to electronic-mail systems? a. Privacy enhanced mail (PEM) b. Pretty good privacy (PGP) c. X.500 d. X.400
Choice (c) is the correct answer. X.500 is a directory services protocol. Typical directory objects correspond to systems, services, and people. Examples of information found in the directory include telephone numbers, electronic mail addresses, postal addresses, network node addresses, public key identity certificates, and encrypted passwords. Both PEM and PGP are electronic-mail security programs (choices a and b). They both encrypt messages, sign messages, and are based on public key cryptography. X.400 is a protocol that provides message handling services for the e-mail scheme (choice d).
115. Which of the following is not a primary component or aspect of firewall systems? a. Protocol filtering b. Application gateways c. Extended logging capability d. Packet switching
Choice (d) is the correct answer. A packet switching is not related to a firewall system. It is a message delivery technique in which small units of information (packets) are relayed through stations in a computer network along the best route currently available between the source and the destination. A packet-switching network handles information in small units, breaking long messages into multiple packets before routing. Although each packet may travel along a different path, and the packets composing a message may arrive at different times or out of sequence, the receiving computer reassembles the original message. Packet-switching networks are considered to be fast and efficient. To manage the tasks of routing traffic and assembling or disassembling packets, such networks require some "intelligence" from the computers and software that control delivery. Choice (a) is incorrect because protocol filtering is one of the primary components or aspects of firewall systems. A firewall filters Robbins (Fall 2018) protocols and services that are either not necessary or that cannot be adequately secured from exploitation. Choice (b) is incorrect because application gateways are one of the primary components or aspects of firewall systems. A firewall requires inside or outside users to connect first to the firewall before connecting further, thereby filtering the protocol. Choice (c) is incorrect because extending logging capability is one of the primary components or aspects of firewall systems. A firewall can concentrate extended logging of network traffic on one system.
135. In a distributed computing environment, system security takes on an important role. Two types of network attacks exist: passive and active attacks. Which of the following is an example of passive attack? a. Attempting to log in to someone else's account b. Installing a wire tap on a network cable to generate false messages c. Denying services to legitimate users d. Listening to a system password when the user types it
Choice (d) is the correct answer. A passive attack is an attack where the threat merely watches information move across the system. However, no attempt is made to introduce information in order to exploit a vulnerability. Listening to a system password when the system user types it is an example of a passive attack. Choices (a) through (c) are incorrect since they are examples of active attacks. Active attacks occur when the threat makes an overt change or modification to the system in an attempt to take advantage of a vulnerability.
207. Protocols would not address which of the following? a. Message size, sequence, and format b. Message routing instructions c. Error detection and correction d. Message authentication
Choice (d) is the correct answer. A protocol is a set of rules governing a specific time sequence of events. It defines the method of formatting bits of data and messages for transmission, routing and identification of messages including error detection and correction. However, it does not address a message authentication, which is a security feature.
143. Which of the following is not exposed to the greatest risk in the World Wide Web (Web) environment? a. The web reader b. The web browser c. The web publisher d. The web advertiser
Choice (d) is the correct answer. A web advertiser is a person or organization that promotes its products and services for a fee. The risk is low for a web advertiser due to limited losses. A Web reader (choice a) is anyone who uses a web browser to access Web-based information. A web browser (choice b) is a web client application that typically supports more than one Web protocol. Some of the losses for a web reader and browser include damage to the system, monetary damage, privacy, and reputation. A web publisher (choice c) is a person or organization that uses a Web server to provide information and access to applications for internal or external u
171. Which of the following wiring schemes makes future network changes easier to implement? a. Post-wiring b. Wiring on demand c. Buildings with high ceilings d. Cable conduits
Choice (d) is the correct answer. Because the cost of wiring an existing building goes up with the height of the ceiling and rises even higher after the tenants have moved in, making the right decisions as early as possible can significantly reduce future costs. Dangling cables can be a safety hazard. Therefore, proactive thinking such as pre-wiring and cable conduits (choice d) during building construction should be planned carefully to make future changes easier with less cost. Post-wiring and wiring on demand (choices a and b) are reactive in nature, relatively expensive, and disruptive to work.
201. Which of the following is the best choice of transport mechanism for transporting of multimedia data objects over local and wide area networks? a. Integrated services digital networks (ISDN) b. Narrowband ISDN c. ISDN local area network (LAN) bridging d. Broadband ISDN
Choice (d) is the correct answer. Broadband-ISDN (B-ISDN) service supports a wide range of data, video, and voice (multimedia) applications and will support both switched and non-switched connections requiring both circuit-mode and packet-mode information transfer capabilities. The main advantage of B-ISDN is dynamic bandwidth allocation on demand with a fine degree of granularity. It provides greater bandwidth to transport digital video and audio data. B-ISDN uses a fiber instead of copper wire. B-ISDN supports greater speeds and more functional capability for the user. Choice (a) is incorrect. ISDN is a set of integrated telecommunications services, available over public and private telecommunications networks. The services are defined over a digital point-to-point circuit-switched medium. Basically, ISDN represents a revision or overhauling of the public telephone system. Previously, the telephone system used voice-grade lines; now many of these lines are being digitized. This digitization is resulting in higher speeds and more accuracy and flexibility. Narrowband ISDN is similar to ISDN, but uses a copper wire. This limits the speeds that can be achieved (choice b). ISDN LAN bridges can take the data frames from a designated host connected to a LAN and convert these data frames to bit streams suitable for transmission across the ISDN (choice c). The protocol has to be converted correctly, and control and address information has to be preserved. An ISDN LAN bridge allows multiple connections to a single ISDN line, reducing the need for multiple access devices. ISDN LAN bridges are also called LAN adapters, system adapters, and access servers.
168. Network reliability is enhanced through the use of all of the following except: a. Redundant switching equipment b. Parallel physical circuits c. Standby power supplies d. Front-end processors
Choice (d) is the correct answer. Network reliability is enhanced through the use of redundant switching equipment (choice a), parallel physical circuits (choice b), and standby power supplies (choice c). All these preventive measures decrease the chances of network failure by providing backup. A front-end processor is a programmed logic or stored-program device that interfaces data communication equipment with an input/output bus or memory of a data processing computer. It does not have the backup facilities that the other choices offer.
134. Which of the following statements is not true about Internet firewalls? a. A firewall can enforce security policy b. A firewall can log Internet activity c. A firewall can limit an organization's security exposure d. A firewall can protect against computer viruses
Choice (d) is the correct answer. Firewalls (also known as secure gateways) cannot keep personal computer viruses out of a network. There are simply too many types of viruses and too many ways a virus can hide within data. The most practical way to address the virus problem is through host-based virus protection software and user education concerning the dangers of viruses and precautions to take against them. A firewall enforces the site's security policy, allowing only "approved" services to pass through and those only within the rules set up for them (choice a). Because all traffic passes through the firewall, the firewall provides a good place to collect information about system and network use and misuse. As a single point of access, the firewall can record what occurs between the protected network and the external network (choice b). A firewall can be used to keep one section of the site's network separate from another section, which also keeps problems in one section separate from other sections. This limits an organization's security exposure (choice c)
155. Analyzing data protection requirements for installing a local area network (LAN) does not include: a. Uninterruptible power source b. Backups c. Fault tolerance d. Operating systems
Choice (d) is the correct answer. Identifying information or data protection requirements involves reviewing the need for an uninterruptible power source (choice (a)), backups (choice (b)), and fault tolerance (choice (c)). Selection of an operating system is a part of operational constraints, not data protection requirements.
129. An effective way to run a World Wide Web (WWW) service is not by: a. Disabling automatic directory listings b. Placing the stand-alone WWW computer outside the firewall machine c. Implementing encryption d. Relying on third-party providers
Choice (d) is the correct answer. Important security features of WWW include (1) disabling automatic directory listings for names and addresses, (2) placing the stand-alone, stripped-down WWW computer outside the firewall machine, and (3) providing encryption when sensitive or personal information is transmitted or stored. There is a potential risk posed by dependence on a limited number of third-party providers in terms of performance and availability of service.
179. An intranet can be found in an organization's internal network or over the Internet. Which of the following controls is least suited to establish a secure intranet over the Internet? a. Use encrypted tunnels b. Install encrypted routers c. Install encrypted firewalls d. Implement password controls in the private web server
Choice (d) is the correct answer. Intranets are similar to the organization's own networks, providing internal interaction. One need not be connected to the Internet to create an intranet. A web server, a web browser, and a network transport protocol are needed to create an intranet to provide information to internal users without broadcasting to the world. This includes placing policies, procedures, and standards documents on an internal web server. The intranet could be connected to the Internet, or an Intranet could Robbins (Fall 2018) be created by using a private web server on the Internet. Effective controls include encryption and firewalls. Private tunnels can be created over the Internet through the use of encryption devices, encrypting firewalls, or encrypting routers. Implementing password controls to the private web server for each user is a weak control since password administration would be very difficult, if not an impossible task. Group passwords would not be effective either.
211. An organization is upgrading its telecommunication lines. What is the least important objective in upgrading a network? a. To carry more network capacity b. To improve network services c. To improve system response time d. To maintain an inventory of network assets
Choice (d) is the correct answer. It does not make economic sense to upgrade the network for inventory purposes. Network assets include circuits, ports, nodes, parts, and related equipment. Choice (a) is incorrect because one would upgrade the network with faster telecommunications lines to increase throughput. It is one of the most important objectives in upgrading a network. Choice (b) is incorrect because network upgrading is done to improve network services. It is one of the most important objectives in upgrading a network. Choice (c) is incorrect because network upgrading is done to improve system response time. It is one of the most important objectives in upgrading a network.
176. Remote control programs have a number of disadvantages when they are used for remote LAN access. Which of the following disadvantages is most difficult to manage? a. Telephone time not minimized b. Manual connect and disconnect operations c. Compatibility with host applications d. Network management
Choice (d) is the correct answer. Limited network management for most remote control programs is a major disadvantage. Managing a large number of host workstations is very difficult; each station must be managed individually. The remote control program LAN access method does not implicitly minimize telephone connect time, although it is possible to automate many operations using batch files or other programming mechanisms (choice a). Manual connect and disconnect operations (choice b) are often augmented by timeout options not always found with other remote LAN access methods. Compatibility between the remote control programs and host applications is not guaranteed; often compatibility must be determined by trial and error (choice c).
103. Which of the following e-mail threats can be caused by temporary accounts setup by the Internet service providers? a. Dangerous attachments b. Impersonation c. Eavesdropping d. Mailbombings
Choice (d) is the correct answer. Mailbombing is an e-mail.based attack. The attacked system is flooded with e-mail until it fails. A system will fail in different ways, depending on the type of server and how it is configured. Some Internet service providers give temporary accounts to anyone who signs up for a trial subscription, and those accounts can be used to launch e-mail attacks. Dangerous attachments can include viruses. An attacker can attach files to e-mail messages that contain Trojan executables, virusinfected files, or documents that contain dangerous macros. Robbins (Fall 2018) Impersonation is created as follows: since the sender address on Internet e-mail cannot be trusted, the sender can create a false return address, or the header could have been modified in transit, or the sender could have connected directly to the SMTP port on the target computer to enter the e-mail. Eavesdropping is created as follows: e-mail headers and contents are transmitted in the clear. As a result, the contents of a message can be read or altered in transit. The header can be modified to hide or change the sender or to redirect the message.
160. Connecting to the Internet yields many benefits and some disadvantages. Which of the following issues is least important? a. Who will have access? b. Which types of systems will be connected? c. What types of information will be transmitted? d. How long the access will be permitted?
Choice (d) is the correct answer. Many organizations are looking at the Internet as a means for expanding their research opportunities and communications. Unquestionably, connecting to the Internet yields many benefits and some disadvantages. Some issues an Internet access policy may address include who will have access (choice a), which types of systems may be connected to the network (choice b), what types of information may be transmitted via the network (choice c), requirements for user authentication for Internet-connected systems, and the use of firewalls and secure gateways for information asset protection. The least important thing is how long the access be permitted since it is no longer an issue with fixed rate service providers.
169. Which of the following transmission media is unsuitable for handling intra-building data or voice communications? a. Twisted pair b. Coaxial cable c. Optical fiber d. Microwave transmission
Choice (d) is the correct answer. Microwave transmission is a pointto-point transmission using radio frequency spectrum signals and is commonly used as a substitution for copper or fiber cable. Because of this, it is not suitable for handling intra-building communications and is more appropriate for long distance transmission. Twisted pair (choice a), made of copper wire, is best for low-cost, short-distance local networks linking microcomputers. Coaxial cable (choice b) is the most widely used medium for data transmission in local area networking. Optical fiber (choice c) uses light signals to carry a stream of data at extremely high modulation rates and is sturdy and secure.
200. Which of the following information technologies is better equipped to deliver multimedia applications? a. Integrated services digital network (ISDN) and broadband ISDN b. Narrowband ISDN, central office switches, and copper-based local loops c. Narrowband ISDN, fiber optics, and asynchronous transfer mode (ATM) d. Broadband ISDN, fiber optics, and ATM
Choice (d) is the correct answer. Multimedia applications take advantage of the capability of high-bandwidth integrated services networks to deliver many different kinds of data.video, image, audio, and text and numerical data. They also take advantage of the processing power of advanced workstations and other devices attached to the network, allowing users to edit, process, and select data arriving from a variety of sources over the network. The capacity of a network, measured as the number of bits it can transmit every second, is called "bandwidth." Narrowband networks are low bandwidth networks, and broadband networks are high bandwidth networks. Asynchronous transfer mode (ATM) has been chosen as the foundation for the broadband ISDN where the latter is used to carry voice, video, and data traffic to support a range of applications. ATM networks are also suitable for carrying data, video, and voice communications. Fiber optics is an enabling technology for broadband networks. With increased bandwidth, the links will be able to move data more quickly and support the transport of bandwidth-intensive traffic such as video. Broadband ISDN uses very different technology from narrowband (ordinary) ISDN. Narrowband ISDN is best viewed as a digital upgrade of the telephone network's copper local loop. Broadband ISDN, by contrast, requires fiber optics and ATM, a new approach to network design. ISDN and broadband ISDN have little in common other than their names. ISDN is a telecommunications industry standard for upgrading local loops to digital service. It allows the existing copper local loops to be used for digital service. However, it requires users to buy new equipment for their end of line, which converts their data to the ISDN format. It also requires that the telephone company's equipment, such as the central office switches, be upgraded. The local loop uses low-capacity analog copper wires.
181. Security mechanisms implement security services. Which of the following security services is provided by a notarization security mechanism? a. Confidentiality b. Integrity c. Authentication d. Non-repudiation
Choice (d) is the correct answer. Non-repudiation service prevents the parties to a communication from denying that they sent or received it, or disputing its contents. It may provide either proof of origin or proof of delivery. Confidentiality (choice a) is incorrect because it provides security mechanisms such as encryption, traffic padding, and routing control, not notarization. Confidentiality protects data from unauthorized disclosure. Integrity (choice b) is incorrect because it provides security mechanisms such as encryption, digital signature, and data integrity, not notarization. Integrity protects against the modification, insertion, deletion, or replay of data. Authentication (choice c) is incorrect because it provides security mechanisms such as encryption, digital signature, and authentication, not notarization. Authentication services basically provide a reliable answer to the question: With whom am I communicating?
165. Which of the following local-area network devices functions as a data regenerator? a. Network interface card b. Bridge c. Router d. Repeater
Choice (d) is the correct answer. Repeaters offer the simplest form of connectivity. They merely generate or repeat data packets or electrical signals between cable segments. They receive a message and then retransmit it, regenerating the signal at its original strength. Network interface cards (choice a) are incorrect because they are circuit boards used to transmit and receivefile servers also fail. Bridge (choice b) is incorrect because it is a device that connects similar or dissimilar LANs together to form an extended LAN. It can also connect LANs and WANs. Bridges are protocol independent devices and are designed to store and then forward frames destined for another LAN. Router (choice c) is incorrect because it keeps a record of node Robbins (Fall 2018) addresses and current network status. Routers are known to the end stations, as they are device-dependent.
145. Synchronization of file updates in a LAN environment cannot be accomplished by using which of the following? a. File locks b. Record locks c. Semaphores d. Security labels
Choice (d) is the correct answer. Security labels deal with security and confidentiality of data, not with file updates. Security label is a designation assigned to a system resource such as a file, which cannot be changed except in emergency situations. File updates deal with the integrity of data. The unique concept of a LAN file is its ability to be shared among several users. However, security controls are needed to assure synchronization of file updates by more than one user. File locks, records locks, and semaphores are needed to synchronize file updates. File locks provide a coarse security due to file-level locking. Record locking can be done through logical or physical locks. The PC operating system ensures that the protected records cannot be accessed on the hard disk. Logical locks work by assigning a lock name to a record or a group of records. A semaphore is a flag that can be named, set, tested, changed, and cleared. Semaphores can be applied to files, records, group of records, or any shareable network device, such as a printer or modem. Semaphores are similar to logical locks in concept and can be used for advanced network control functions.
220. Which of the following is a recovery control in a local-area network environment? a. Secure dial-in b. Antivirus software c. Security reviews d. Server backups
Choice (d) is the correct answer. Server backups are an example of recovery controls. Choice (a) is incorrect because secure dial-in is an example of preventive controls. Choice (b) is incorrect because antivirus software is an example of preventive and detective controls. Choice (c) is incorrect because security reviews are an example of detective controls.
242. Which one of the following ISO/OSI layers does not provide confidentiality services? a. Presentation layer b. Transport layer c. Network layer d. Session layer
Choice (d) is the correct answer. Session layer does not provide confidentiality service. It establishes, manages, and terminates connections between applications and provides checkpoint recovery services. It helps users interact with the system and other users. Presentation layer (choice a) is incorrect because it provides authentication and confidentiality services. It defines and transforms the format of data to make it useful to the receiving application. It provides a common means of representing a data structure in transit from one end system to another. Transport layer (choice b) is incorrect because it provides confidentiality, authentication, data integrity, and access control services. It ensures error-free, in-sequence exchange of data between end points. It is responsible for transmitting a message between one network user and another. Robbins (Fall 2018) Network layer (choice c) is incorrect because it provides confidentiality, authentication, data integrity, and access control services. It is responsible for transmitting a message from its source to destination. It provides routing (path control) services to establish connections across communications networks.
216. In a wireless LAN environment, the technique that is used to ensure data integrity is called: a. Dual transmission b. Dual control c. Radio frequency control d. Spread-spectrum
Choice (d) is the correct answer. With spread-spectrum technology, surreptitiously intercepting a signal would be very difficult. The sending unit uses a code to spread the signal across many frequencies in a particular pattern. The receiving unit simply reverses the process. The communications protocol used to communicate between its nodes packetizes the data and ensures data integrity. Dual transmission (choice a) is expensive and unnecessary for wireless. Dual control (choice b) applies to a situation controlled or reviewed by at least two individuals (e.g., a withdrawal from a bank vault). Radio frequency control (choice c) deals with those frequencies of the electromagnetic spectrum normally associated with radio wave propagation
203. Which of the following telecommunication services is ideal to provide on-demand LAN-to-LAN connectivity? a. X.25 b. X.21 c. X.500 d. ISDN
Choice (d) is the correct answer. Since ISDN is a switched digital service, it has the ability to provide bandwidth on an as-needed basis to support digital connections. The ability of ISDN to set up a connection so quickly makes it ideal for on-demand LAN-to-LAN connectivity. Rather than paying for dedicated digital lines that the LAN's sporadic activity leaves unused uch of the time, an ISDN bridge or network interface card can connect the remote computer to the LAN on demand. The ISDN device monitors LAN traffic. When it detects a packet addressed to a remote LAN, the connection is made, the data transferred, and the connection closed without any knowledge or action by the user. Choice (a) is incorrect. X.25 uses the connection-mode network service. It is mainly used in telephone environments where bandwidth is more costly and the primary usage is to transfer large files. X.25 uses a packet-switched medium. Choice (b) is incorrect. X.21 defines the interface between data terminal equipment and public data networks for digital leased and circuit switched synchronous services. Choice (c) is incorrect. X.500 uses a directory services technique in the application layer of the ISO/OSI Reference Model
235. Which of the following is not a function of a web server? a. Handling requests b. Supplying documents c. Securing requests d. Navigating information
Choice (d) is the correct answer. The web browser is the user interface of an intranet. Navigating information is provided by a web browser. At the heart of an intranet is the web server. Since an intranet is based on a system of requests and responses, the server controls and administers that flow of information through the TCP/IP protocol. Web servers handle requests (choice a) and return the information in the form of either webpages or other media types such as pictures, sound, and video. In addition to supplying documents (choice Robbins (Fall 2018) b), the web server is also responsible for ensuring the security of requests from outside the organization or within (choice c).
204. Which of the following is not true about installing a wireless LAN: a. It provides flexibility in moving and placing PCs and networks b. It requires low cost and takes less time to install c. It eliminates obstacles in installing LAN cables d. It requires high cost and takes more time to install
Choice (d) is the correct answer. Wireless LANs have many advantages: flexibility, ease of installation, low cost, less time to install, and most of all they do not require cables, which are the root cause of all problems. Each wireless LAN unit contains a radio transceiver, processor, and memory. Interference is possible even with wireless LANs.
19. Both session hijacking and eavesdropping attacks can be prevented by which of the following? a. SET b. PPP c. MIM d. SSL
Choice (d) is the correct answer. The secure sockets layer (SSL) protocol is the technology used in most webbased applications. When both the web client and the web server are authenticated with SSL, the entire session is encrypted providing protection against session hijacking and eavesdropping attacks. SET is security electronic transaction protocol. PPP is a point-to-point protocol, and MIM is a man-in-the-middle attack. Choices (a), (b), and (c) are distracters here.
57. The ISO/OSI reference model consists of: a. Four layers b. Five layers c. Six layers d. Seven layers
Choice (d) is the correct answer. There are seven layers in the ISO/OSI reference model including Application, Presentation, Session, Transport, Network, Data link, and Physical layers.
9. Which of the following is illegal in the U.S. regarding wireless technologies? a. When a scanner is purchased regardless of its use b. When the electronic serial number altering software is purchased c. When the electronic serial number altering software is sold d. When a scanner is used with intent to defraud
Choice (d) is the correct answer. Under current law, a scanner is only illegal if it is used with intent to defraud. Possession of or sale of electronic serial number (ESN)-altering software is currently legal. These scanners are intended for bench-testing only, but cloners use them for illegal purpose to listen in on cellular phones. These scanning devices typically monitor cellular signaling channels and display broadcasted electronic serial numbers (ESN) and mobile identification numbers (MIN) pairs.
92. Which of the following firewalls is most vulnerable to attacks? a. Packet filtering firewall b. Dual-homed gateway firewall c. Screened host firewall d. Screened subnet firewall
Choice (a) is the correct answer. A packet filtering firewall uses a packet filtering router at the Internet gateway and then configures the packet filtering rules in the router to block or filter protocols and addresses. This firewall does not have logging capabilities and the filtering rules are difficult to test thoroughly, leaving a site open to untested vulnerabilities and unmanageable conditions. The firewalls mentioned in the other three choices do not have the same problems as the packet filtering firewall.
94. Mobile computing is on the rise where remote users access host computers for their computing needs. Remote access software controls the access to host computers. Which of the following technologies is behind the performance improvement to permit users to work off-line on network tasks? a. Agent-based technology b. Windows-based technology c. Hardware-based technology d. Network-based technology
Choice (a) is the correct answer. Agent-based technology will boost the performance of remote access software capability. It gives the users the ability to work off-line on network tasks, such as electronic mail, and complete the task when the network connection is made. Agent-based technology is software driven. It can work with OS or Windows operating system.
75. Countermeasures against brute force attack on cryptographic keys include which of the following? 1. Change keys 2. Increase key length 3. Change protocol 4. Change algorithm a. 1 and 2 b. 2 and 3 c. 3 and 4 d. 1 and 3
Choice (a) is the correct answer. Changing cryptographic keys frequently and increasing the key length can fight against brute force attacks on keys.
43. Ethernet operates at what layer of the ISO/OSI model? a. Physical layer 1 b. Data link layer 2 c. Network layer 3 d. Transport layer 4
Choice (a) is the correct answer. Layer 1 (physical) of the ISO/OSI model represents the actual physical communication hardware and media such as Ethernet.
48. Network concentrators operate at what layer of the ISO/OSI model? a. Physical layer 1 b. Data link layer 2 c. Network layer 3 d. Transport layer 4
Choice (a) is the correct answer. Network concentrators are devices that function at Layer 1 of the ISO/OSI model. There is no real intelligence in network concentrators. They exist only to provide physical attachment points for networked systems. Network infrastructure components include routers, concentrators, and switches.
6. Which of the following is more efficient and secure for use in wireless technologies? a. Spread spectrum b. Radio spectrum c. Radio signals d. Radio carriers
Choice (a) is the correct answer. New digital communications systems such as time division multiple access (TDMA) or code division multiple access (CDMA) use spread spectrum much more efficiently than analog cellular and other traditional radio systems. The spread spectrum technology uses a wide band of frequencies to send radio signals. The other choices are distracters.
62. Privacy Enhanced Mail (PEM) uses which of the following for digital certificates? a. X.509 b. X3.93 c. X9.9 d. X9.17
Choice (a) is the correct answer. PEM is a standard for secure e-mail on the Internet that supports services such as encryption, digital signatures, and digital certificates. It uses the X.509 protocol to accomplish these services. X3.93 is used for data encryption algorithm, X9.9 is used for message authentication, and X9.17 is used for cryptographic key management.
71. Which of the following is defined as service contact ports on a network? a. 0 through 1,023 b. 1,024 through 45,000+ c. 1,024 through 55,000+ d. 1,024 through 65,000+
Choice (a) is the correct answer. Ports 0 through 1,023 are assigned for service contact used by server processes. The contact ports are sometimes called "well-known" ports. These service contact ports are used by system (or root) processes or by programs executed by privileged users. Ports from 1,024 through 65,000+ are called registered ports. All incoming packets that communicate via ports higher than 1,023 are replies to connection initiated by internal requests. For example, Telnet service operates at port # 23 with TCP protocol and X Windows operate at port# 6,000 with TCP protocol.
24. E-mail spoofing can be prevented by using which of the following? a. Pretty good privacy b. Point-to-point protocol c. Microcom networking protocol d. Password authentication protocol
Choice (a) is the correct answer. Pretty good privacy (PGP) is a cryptographic software application for the protection of computer files and electronic mail. PGP provides a very good authentication mechanism and reasonable confidentiality protection. Point-to-point protocol (PPP) connects two TCP/IP devices over a standard serial line, such as a common telephone link. Microcom networking protocol (MNP) defines various levels of error correction and compression for modems. Password authentication protocol (PAP) is a handshaking protocol.
11. Which of the following is not an effective control against telephone cloning? a. Digital encoding b. Electronic signatures c. Call-screening system d. Digital technologies
Choice (a) is the correct answer. Telephone cloning is the practice of re-programming a phone with stolen electronic serial numbers (ESN) and mobile identification numbers (MIN) pair from another phone. Digital encoding schemes are known and can be broken, given enough time and computing power, even though the equipment to pick out numbers is more costly. Other techniques are effective against telephone cloning.
85. In the ISO/OSI model, which of the following relates to end system-level security? a. Transport layer or Network layer b. Application layer or Presentation layer c. Session layer or Transport layer d. Data Link layer or Physical layer
Choice (a) is the correct answer. The ISO/OSI standards give a choice where either a transport layer or network layer can be used to provide end system-level security. An assumption is made that the end systems are trusted and that all underlying communication networks are not trusted.
96. Operational control over the Internet is carried out in all of the following places except: a. Prototype network b. Backbone network c. Local-area network d. Regional network
Choice (a) is the correct answer. The Internet began as an experimental, prototype network called Arpanet, established in 1969 by the Department of Defense's Defense Advanced Research Projects Agency. Later, the prototype was converted to a backbone network, local-area network, and/or regional network depending on the organization's objectives. Each of the Internet's more than 500 networks maintains operational control over its own network, be it a backbone network (e.g., NSFnet), a regional network, or a local-area network. Distributed responsibility allows for use of different technologies as well as different types of administration. Each network is autonomous and has its own operations center that monitors and maintains its portion of the Internet. In addition, some of the larger networks maintain information centers that provide information on network use and resources.
21. Which of the following provides a security service in authenticating a remote network access? a. Remote access server b. Windows NT server c. An exchange server d. A DNS server
Choice (a) is the correct answer. The remote access server (RAS) provides the following services: when a remote user dials in through a modem connection, the server hangs up and calls the remote user back at the known phone number. The other servers mentioned do not have this kind of dial-in and call-back dual control mechanism.
59. Which of the following LAN topologies uses a central hub? a. Star b. Bus c. Token ring d. Token bus
Choice (a) is the correct answer. The star topology uses a central hub connecting workstations and servers. The bus topology uses a single cable running from one end of the network to the other. The ring topology interconnects nodes in a circular fashion.
31. Which of the following is suitable for a low-risk computing environment? a. Static packet filter firewall b. Hybrid gateway firewall c. Stateful inspection gateway firewall d. Dynamic packet firewall
Choice (a) is the correct answer. The static packet filter firewall offers minimum security provisions suitable for a low-risk computing environment. The hybrid gateway firewall is good for medium to high risk computing environment. Both stateful and dynamic packet firewalls are appropriate for high-risk computing environments.
90. A Virtual Private Network (VPN) creates a secure, private network over the Internet through all of the following except: a. Authentication b. Encryption c. Packet tunneling d. Firewalls
Choice (a) is the correct answer. VPNs allow an organization to create a secure, private network over a public network such as the Internet. They can be created using software, hardware, or a combination to create a secure link between peers over a public network. The secure link is built through encryption, firewalls, and packet tunneling. Authentication is done outside the network
8. Voice encryption uses which of the following algorithms? a. RSA b. 3DES c. IDEA d. DES
Choice (a) is the correct answer. Voice encryption schemes are based on RSA algorithm to provide privacy protection over mobile or cellular phones. The main constraints with encryption are the slow speed of processing and the lag that occurs if signals take too long to pass through the system
14. Analog cellular phone systems are prone to which of the following attacks? a. Tumbling attacks b. Cloning attacks c. Pinging attacks d. Pirating attacks
Choice (a) is the correct answer. With traditional analog cellular systems, "tumbling" attacks are quite simple. Tumbling is the practice of programming a phone with electronic serial numbers (ESN)/mobile identification numbers (MIN) pairs until a valid combination is found
17. Which of the following are examples of security boundary controls? a. Patches and probes b. Fences and firewalls c. Tags and labels d. Encryption and smart cards
Choice (b) is the correct answer. A firewall is an example of logical access control while fences provide a physical security and perimeter access control. When these two controls are combined they provide a total boundary control. By limiting access to host systems and services, firewalls provide a necessary line of perimeter defense against attacks thus providing logical security boundary control. Similarly, perimeter fences provide a physical security boundary control for a facility or building. A probe is a device programmed to gather information about a system or its users. A patch is a modification to software that fixes an error in an operational application system on a computer. The patch is generally supplied by the software vendor. Tags and labels are used in access controls. Encryption and smart cards are used in user identification and authentication mechanisms.
81. A limitation of Point-to-Point Tunneling Protocol (PPTP) is which of the following? a. End-to-end secure virtual networks b. Authentication at end nodes c. Hiding information in IP packets d. In-band management
Choice (b) is the correct answer. A limitation of PPTP, when compared to SSL, is that it does not provide authentication of the end points. PPTP is useful in implementing end-to-end secure virtual networks (choice a), hiding information in IP packets (choice c), and providing in-band management (choice d).
69. Which of the following inter-networking devices sends traffic addressed to a remote location from a local area network over the wide area network to the remote destination? a. Bridge b. Router c. Brouter d. Backbone
Choice (b) is the correct answer. A router sends traffic addressed to a remote location from the local network over the wide area connection to the remote destination. The router is connected to either an analog line or a digital line. Routers are connected to analog lines via modems or to digital lines via a channel service unit or data service units. Choice (a) is incorrect because a bridge is a device that connects similar or dissimilar LANs to form an extended LAN. Choice (c) is incorrect because brouters are routers that can also bridge; they route one or more protocols and bridge all other network traffic. Choice (d) is incorrect because a backbone is the high-traffic density connectivity portion of any communications network.
91. The basic causes of a majority of security-related problems in web servers are due to which of the following? a. Hardware design and protocols b. Software design and configurations c. Hardware specifications and testing d. Software acquisition and implementation
Choice (b) is the correct answer. A web server is like a window to the world, and therefore it must be protected to provide a controlled network access to both authorized and unauthorized individuals. Web servers contain large and complex programs that can contain security weaknesses. These weaknesses are due to poor software design and configuration of the web server.
20. Many of the vulnerabilities in firewalls are due to which of the following reasons? a. Incomplete firewall rules or network traffic rules b. Misconfigured firewalls or a lack of administrative monitoring c. Incorrect source IP addresses or destination IP addresses d. Misconfigured target ports or target addresses
Choice (b) is the correct answer. A well-configured firewall is very difficult to bypass. And there is no substitute for monitoring by diligent and vigilant system/security administrators.
99. Which of the following protocol operates at the lower level of the TCP/IP layers? a. SSL b. SKIP c. S-HTTP d. S-RPC
Choice (b) is the correct answer. Both S-HTTP and S-RPC sit at the application layer (top), and SSL sits at the transport layer, which is also at the top. SKIP is part of the network layer (bottom). The SSL protocol operates at the TCP/IP transport layer, one level below such application-specific protocols as NTTP (news), HTTP (Web), and SMTP (e-mail). This is in contrast to the Web-specific S-HTTP protocol.
79. Firewalls cannot provide a "line of perimeter defense" against attacks from which of the following? a. Traffic entering a network b. Traffic to and from the Internet c. Traffic to host systems d. Traffic leaving a network
Choice (b) is the correct answer. Firewalls police network traffic that enters and leaves a network. Firewalls can stop many penetrating attacks by disallowing many protocols that an attacker could use to penetrate a network. By limiting access to host systems and services, firewalls provide a necessary line of perimeter defense against attack. The new paradigm of transaction-based Internet services makes these "perimeter" defenses less effective as their boundaries between friendly and unfriendly environments blur
2. Who should not be given access to firewalls? a. Primary firewall administrator b. Functional users c. Backup firewall administrator d. Network service manager
Choice (b) is the correct answer. Firewalls should not be used as general purpose servers. The only access accounts on the firewalls should be those of the primary and backup firewall administrators and the network service manager, where the latter manages both administrators. Functional users should not be given access to firewalls since they do not contain business-related application systems
49. Firewalls are the perfect complement to which of the following? a. Bridges b. Routers c. Brouters d. Gateways
Choice (b) is the correct answer. Given that all routers support some type of access control functionality, routers are the perfect complement to firewalls. In fact, the generally accepted design philosophy is that boundary routers should protect firewall devices before the firewall devices ever have to protect themselves. This principle ensures that the boundary router is able to compensate for any operating system or platform specific vulnerabilities that Robbins (Fall 2018) might be present on the firewall platform. Brouters combine the functionality of bridges and routers.
87. Which of the following functions of Internet Control Message Protocol (ICMP) is used to trick routers and hosts? a. Detecting unreachable destinations b. Redirecting messages c. Checking remote hosts d. Controlling traffic flow
Choice (b) is the correct answer. ICMP redirect messages can be used to trick routers and hosts acting as routers into using "false" routes; these false routes aid in directing traffic to an attacker's system instead of a legitimate, trusted system.
100. Which of the following technologies help in resolving document distribution problems and in increasing employee productivity in an organization? a. The Internet and middleware b. Intranet and groupware c. Extranet and shareware d. Intranet and freeware
Choice (b) is the correct answer. Intranets help to distribute documents within an organization, between headquarters and remote locations. This may include contracts, forms, newsletters, policies, procedures, standards, guidelines, performance reviews, capital expenditure requests, operating budgets, and the like. All these documents will be stored on a common server, which should be flexible, powerful, and secure. Groupware is a concept that integrates several functions such as e-mail, database creation and searching, calendar scheduling, contract management, customer service applications, and the like. Employees will be sharing this information to do their job better and in a more productive way. The Internet is the worldwide "network of networks" that uses the TCP/IP protocol suite for communications. Extranet is the Internet technology used to connect the intranet of an organization with intranets from other organizations such as suppliers and customers. Middleware is software that sits between two or more types of software and translates information between them. Shareware is software that is distributed free of charge, often through electronic bulletin boards, Robbins (Fall 2018) may be freely copied, and/or for which a nominal fee is requested if the program is found useful. Freeware is software that is made available to the public for free, but it has copyright protection.
45. Media Access Control addresses are identified in what layer of the ISO/OSI model? a. Physical layer 1 b. Data link layer 2 c. Network layer 3 d. Transport layer 4
Choice (b) is the correct answer. Layer 2 (data link) of the ISO/OSI model is also the first layer that contains addressing that can identity a single specific machine. The addresses are assigned to network interfaces and are referred to as Media Access Control addresses. An Ethernet address belonging to an Ethernet is an example of a Layer 2 Media Access Control address.
44. Local area networks (LANs) operate at what layer of the ISO/OSI model? a. Physical layer 1 b. Data link layer 2 c. Network layer 3 d. Transport layer 4
Choice (b) is the correct answer. Layer 2 (data link) of the ISO/OSI model represents the layer at which network traffic delivery on LANs occurs
39. Wide area networks (WAN) operate at what layer of the ISO/OSI model? a. Data link layer 2 b. Network layer 3 c. Transport layer 4 d. Session layer 5
Choice (b) is the correct answer. Layer 3 (network) is the layer that accomplishes the delivery of network traffic on wide area networks (WAN).
30. Which of the following is used for high-speed remote access with virtual private networks (VPNs)? a. Calling cards with ISDN b. Cable modems with ADSL c. Modem pools with ADSL d. Toll-free lines with ISDN
Choice (b) is the correct answer. Modem pools, calling cards, and toll-free arrangements can be an expensive alternative to cable modems and asynchronous digital subscriber line (ADSL). An ISDN line is limited to 128 bits and is slow. Cable modems and ADSL technologies take advantage of the Internet and IPSEC functioning at the network layer. These technologies provide high-speed remote access
51. Which of the following needs to be protected for a fail-safe performance? a. Virus scanners b. Firewalls c. Blocking filters d. Network ports
Choice (b) is the correct answer. Network firewalls are devices or systems that control the flow of network traffic between networks employing differing security postures. A fail-safe is the automatic termination and protection of programs when a hardware or software failure is detected. Since firewalls provide a critical access control security service, multiple firewalls should be employed for fail-safe performance. Depending on a person's viewpoint, firewalls provide either the first line of defense or the last line of defense in accessing a network. Virus scanners scan for common viruses and macro viruses. Blocking filters can block Active-X and Java applets. Network ports provide access points to a network. These are not that important when compared to the firewall to have a fail-safe performance.
47. Network switches operate at what layer of the ISO/OSI model? a. Physical layer 1 b. Data link layer 2 c. Network layer 3 d. Transport layer 4
Choice (b) is the correct answer. Network switches are Layer 2 (data link) devices, which means that they actually employ basic intelligence in providing attachment points for networked systems. Network infrastructure components include routers, concentrators, and switches
4. Which of the following merit protection in the use of wireless technologies? 1. Privacy of location 2. Privacy of equipment 3. Privacy of transmission contents 4. Privacy of third-parties a. 1 and 2 b. 1 and 3 c. 3 and 4 d. 2 and 3
Choice (b) is the correct answer. There are two main types of information that merit protection in the wireless context: the contents of a call or transmission and the location of the sender or recipient. Items 2. and 4. Are distracters.
78. Which of the following can provide a seamless fail-over option for firewalls? a. Heartbeat solution b. Network switches c. Back-end system d. Custom network interface Choice
Choice (b) is the correct answer. Network switches that provide load balancing and fail-over capabilities are the newest and most advanced solution currently available. In a fail-over configuration, these switches monitor the responsiveness of the production firewall, and shift all traffic over to a backup firewall in the event that there is a failure on the production system. The primary advantage to this type of solution is that the switch masquerades both firewalls behind the same media access control (ISO/OSI Layer 2) address. This functionality allows seamless fail-over, that is, established sessions through the firewall are not impacted by a production system failure. The heartbeat-based solutions typically involve a back-end or custom network interface that exists to notify the backup system in the event of a primary system failure. These systems rely on established, reliable technology to handle fail-over. The primary drawback with this approach is that established sessions traversing the production firewalls are almost always lost in the transition from production to backup resources. The decision on which fail-over method to implement is often reduced to cost - the network switch based fail-over solution is generally more expensive than a heartbeat based system.
10. Which of the following is illegal in the U.S. regarding wireless technologies? 1. Phone cloning 2. Fraudulent billing 3. Fraudulent roaming 4. Call selling a. 1 and 2 b. 1 and 4 c. 2 and 3 d. 3 and 4
Choice (b) is the correct answer. Phone cloning and call selling are two major illegal activities in the U.S. In phone cloning, cloners pick up electronic serial numbers (ESN) and mobile identification numbers (MIN) pairs on busy streets or highways with scanning equipment that is legally available, although their use for this purpose is illegal. Call selling is an illegal activity conducted with cloned cellular telephones.
53. Secure RPC uses which of the following algorithms? a. DES b. Diffie-Hellman c. 3DES d. IDEA
Choice (b) is the correct answer. Secure RPC uses the Diffie-Hellman key generation method. Under this method, each user has a private/ public key pair.
70. Which of the following protocols use many network ports? a. SNMP and SMTP b. TCP and UDP c. ICMP and IGMP d. ARP and RARP
Choice (b) is the correct answer. TCP and UDP protocols are part of TCP/IP protocol suite operating at the transport layer of the ISO/OSI model. Network ports are used by TCP and UDP protocols, each having 65,000+ ports. Attackers can reconfigure these ports and listen in for valuable information about network systems and services prior to attack. SNMP and SMTP are application layer protocols, which use few ports. ICMP and IGMP are network layer protocols, which do not use any ports. ARP and RARP are data link layer protocols, which do not use any ports.
38. Network address translation (NAT) protocol operates at what layer of the ISO/OSI model? a. Presentation layer 6 b. Network layer 3 c. Transport layer 4 d. Session layer 5
Choice (b) is the correct answer. The NAT protocol operates at the layer 3 (network) of the ISO/OSI model.
58. The TCP/IP protocol suite consists of: a. Three layers b. Four layers c. Five layers d. Six layers
Choice (b) is the correct answer. The TCP/IP protocol suite consists of four layers including Application, Transport, Network, and Data link (Internet) layers.
56. Which of the following provides a dynamic mapping of an IP address to a physical hardware address? a. PPP b. ARP c. SLIP d. SKIP
Choice (b) is the correct answer. The address resolution protocol (ARP) provides a dynamic mapping of a 32-bit IP address to a 48-bit physical hardware address. Other protocols do not fit the description.
23. Who is responsible for securing an e-mail message? a. The receiving ISP b. The message sender c. The sending ISP d. The message receiver
Choice (b) is the correct answer. The person or the organization sending an e-mail message has the utmost responsibility for the message's security. This is because the sender is initiating the message.
93. Most Internet-based threats are: a. Technical in nature b. Opportunistic in nature c. Invisible in nature d. Procedural in nature
Choice (b) is the correct answer. The presence of a threat does not mean that it will necessarily cause actual harm. To become a risk, a threat must take advantage of a vulnerability in system security controls and the system must be visible to the outside world. Visibility is a measure both of the attractiveness of a system to malicious intruders and of the amount of information available in the public domain about that system. All organizations with Internet access are to some extent "visible" to the outside world, if by nothing more than through domain name services (DNS). However, some organizations are more visible than others, and the level of visibility may change regularly or due to extraordinary events. Since many Internet-based threats are opportunistic in nature, an organization's level of visibility directly drives the probability that a malicious "actor" will attempt to cause harm by realizing a threat. In the Internet environment, curious college students, teenage vandals, criminals, agents of espionage, or curious cyber-surfers have been known to carry out threats. As the use of public networks for electronic commerce and critical business functions increases, attacks by criminals and espionage agents (both economic and foreign) will also increase.
1. Which of the following firewalls is most secure? a. Packet filtering firewall b. Screened subnet firewall c. Screened host firewall d. Dual-homed gateway firewall
Choice (b) is the correct answer. The screened subnet firewall adds an extra layer of security by creating a network where the bastion host resides. Often called a perimeter network, the screened subnet firewall separates the internal network from the external. This leads to stronger security.
77. Which of the following is the de facto standard for providing secure communications on the Internet? a. SSH b. SSL c. HTTP d. SET
Choice (b) is the correct answer. The secure sockets layer (SSL) allows for strong authentication superior to traditional methods and provides data encryption over the duration of the session. It has become the de facto standard for providing secure communications on the Internet. De facto standard means the standard is based on practice and popularity.
98. Which of the following statements about intranets is not true? a. Access to an intranet allows communication b. Access to an intranet facilitates collaboration c. Access to an intranet requires a specific location d. Access to an intranet improves workflow
Choice (c) is the correct answer. Intranets can be used to link employees together, thus enabling easy communication, collaboration, and workflow. It does not matter where they are located.
41. Which of the following ensures that all Web network traffic dealing with a firewall system is secured? a. DES b. SSL c. HTTP d. SSH
Choice (b) is the correct answer. There should be a policy stating that all firewall management functions take place over secure links. For web-based interfaces, the security should be implemented through secure sockets layer (SSL) encryption, along with a user ID and password. If neither internal encryption nor SSL are available, tunneling solutions such as the Secure Shell (SSH) are usually appropriate. HTTP and DES are not appropriate here.
73. Countermeasures against TCP session hijacking do not include which of the following? a. Remove default accounts b. Use voice encryption c. Install software patches d. Use encryption tools
Choice (b) is the correct answer. Voice encryption is effective against cloning of cellular phones. Removing unnecessary default accounts, installing software patches and upgrades, and using encryption and firewalls are effective controls against TCP session hijacking.
5. Which of the following is inherently less secure in the use of wireless technologies? a. Digital formats b. Analog formats c. Error-detecting protocols d. Error-correcting protocols
Choice (b) is the correct answer. Wireless data network providers claim that their digital systems are inherently more secure than analog cellular telephony because of their digital formats and errorchecking and correction protocols
13. Telephone tumbling attack can be prevented by which of the following? a. Call screening system b. Call pattern recognition software c. Pre-call validation system d. Post-call validation system
Choice (c) is the correct answer. A telephone tumbling attack is where a fraud perpetrator randomly or sequentially changes the electronic serial numbers (ESN) and/or mobile identification numbers (MIN) after Robbins (Fall 2018) each call. Because the cellular switch takes some time to verify each number, some proportion of calls may get through the system before the system denies access. Wireless telephone providers can install precall validation systems to detect this type of fraud.
15. A technique used to perpetrate wireless fraud is which of the following? a. Scaling b. Roaming c. Cloning d. Browsing
Choice (c) is the correct answer. Cloning is the practice of reprogramming a phone with an electronic serial numbers (ESN)/mobile identification numbers (MIN) pair from another phone. Cloners pick up the ESN/MIN pairs on busy streets or highways with scanning equipment. Cloners record these number pairs and send them to other cities, where carriers may be unable or unlikely to verify that the number is in use elsewhere. In the remote city, participants in the fraud scam use a standard PC to re-program the ESN/MIN pair in a cellular telephone. Scaling is the ability to change in size or configuration to suit changing conditions. Roaming is the practice of using a cellular phone in cellular networks outside the user's home system. Browsing is searching for information to attack.
33. Which of the following is an example of connectionless data communications? a. X.25 b. TCP c. Ethernet d. WAN
Choice (c) is the correct answer. Connectionless data communications does not require that a connection be established before data can be sent or exchanged. X.25, TCP, and WAN are examples of connectionoriented data communications that requires that a connection first be established
35. Who reprograms a cellular phone with an ESN/MIN pair from another phone? a. Hackers b. Crackers c. Cloners d. Phreaks
Choice (c) is the correct answer. Electronic serial number (ESN) is a number encoded in each cellular phone that uniquely identifies each cellular telephone manufactured. Mobile identification number (MIN) is a number encoded in each cellular telephone that represents the telephone number. Cloners steal an ESN/MIN pair with the use of a scanner from a victim's phone and sell to others in a remote city. Robbins (Fall 2018) Hackers are people who break into computers for various purposes. Crackers are people who use computer expertise for illicit purposes. Phreaks are people who take services from a telephone company without paying for them.
68. The most frequent source of local area network hardware failures is: a. Repeater b. Server disk drives c. Network cabling d. Server software
Choice (c) is the correct answer. Hardware failures are grouped as follows: network cabling (60 to 80 percent), repeater (10 to 20 percent), and server disk drive (10 to 20 percent). Cables should be tested before their first use, rather than after a problem surfaces. Testing an installed cable is a tedious job, particularly when there are many network connections (drops) and the organization is large. Failures result when electrical conductors either break open, short together, or are exposed to electromagnetic forces. Failures are also caused when cables are poorly routed. Cabling, unlike other computer equipment, is not protected from heat, electrical charges, physical abuse, or damage. Choices (a), (b), and (d) are incorrect. A repeater repeats data packets or electrical signals between cable segments. It receives a message and then retransmit its, regenerating the signal at its original strength. Server disk drives and software are comparatively safe and trouble-free devices compared with cabling.
26. Which of the following is used to implement end-to-end virtual private networks (VPNs)? a. PPP b. SSH c. PPTP d. SKIP
Choice (c) is the correct answer. In the past protocols such as PPP, SSH, and SKIP were used in a VPN. Later, point-to-point tunneling protocol (PPTP) became popular due to its hiding capabilities and is very useful to implement end-to-end secure VPNs.
42. Packet filter firewalls operate at what layer of the ISO/OSI model? a. Presentation layer 6 b. Session layer 5 c. Network layer 3 d. Transport layer 4
Choice (c) is the correct answer. In their most basic form, packet filter firewalls operate at layer 3 (network) of the ISO/OSI model. They are essentially routing devices that include access control functionality for system addresses and communication sessions.
27. Which of the following supersedes the point-to-point tunneling protocols (PPTP) used in VPNs? a. L2TP b. L2F c. IPSEC d. PPP
Choice (c) is the correct answer. Internet protocol security (IPSEC) supersedes PPTP. IPSEC is a suite of authentication and encryption protocols that create VPNs so that data can be securely sent between the two end stations or networks. L2TP is layer 2 tunneling protocol, L2F is layer 2 forwarding, and PPP is point-to-point protocol. L2TP supersedes L2F
97. Which of the following technologies enable the integration of personal computers, local-area networks, wide-area networks, mainframe legacy systems, and external computer systems? a. Virtual networks b. Real networks c. Intranets d. The Internet
Choice (c) is the correct answer. Intranets will integrate desktops, LANs, legacy application systems on a mainframe computer, wide-area networks, and the public Internet. The other choices do not have this type of flexibility and scope of tasks. This allows organizations to create more effective business information systems. Intranets can be called an organization's internal Internet.
95. Management of the Internet is: a. Centralized b. Semi-centralized c. Decentralized d. Semi-decentralized
Choice (c) is the correct answer. Management of the Internet is decentralized, residing primarily at the host site and individual network levels. Early in the Internet's development, responsibility Robbins (Fall 2018) for managing and securing host computers was given to the end users -the host sites, such as college campuses and governmental agencies that owned and operated them. It was believed that the host sites were in the best position to manage and determine a level of security appropriate for their systems.
36. Which one of the following facilitates implementing security controls in firewalls? a. A database b. A traffic base c. A rulebase d. A control base
Choice (c) is the correct answer. Most firewall platforms utilize rulebases as their mechanism for implementing security controls. The contents of these rulebases determine the actual functionality of a firewall. The rulebases contain specific information such as the source and destination address of a piece of network traffic, the protocol used, and the type of ports.
40. Which of the following is not used to accomplish network address translation? a. Static network address translation b. Hiding network address translation c. Dynamic network address translation d. Port address translation
Choice (c) is the correct answer. Network address translation is accomplished in three schemes: (1) In static network address translation, each internal system on the private network has a corresponding external, routable IP address associated with it. (2) With hiding network address translation, all systems behind a firewall share the same external, routable IP address. (3) In a port address translation schema, the implementation is similar to hiding network address translation, with two primary differences. First, port address translation is not required to use the IP address of the external firewall interface for all network traffic. Second, with port address translation, it is possible to place resources behind a firewall system and still make them selectively accessible to external users. Choice (c) is a distracter here.
60. Which of the following is not susceptible to electronic interferences? a. Twisted pair wire b. Coaxial cable c. Fiber-optical cable d. Copper-based cable wire
Choice (c) is the correct answer. Optical fiber is relatively secure, expensive, and is not susceptible to electronic interferences. All the other choices are subject to such interferences with varying degrees
74. Countermeasures against sniffers do not include which of the following? a. Use secure shell protocol b. Apply end-to-end encryption c. Use packet filters d. Implement robust authentication techniques
Choice (c) is the correct answer. Packet filters are good against flooding attacks. Using either secure shell or IPSEC protocol, using end-to-end encryption, and implementing robust authentication techniques are effective against sniffing attacks.
61. All of the following services and application traffic should always be blocked inbound by a firewall except: a. RPC b. NFS c. FTP d. SNMP
Choice (c) is the correct answer. RPC, NFS, and SNMP should always be blocked. FTP should be restricted to specific systems using strong authentication
46. Routers operate at what layer of the ISO/OSI model? a. Physical layer 1 b. Data link layer 2 c. Network layer 3 d. Transport layer 4
Choice (c) is the correct answer. Routers are Layer 3 (network) devices, and are precursors to packet filtering firewalls. Network infrastructure components include routers, concentrators, and switches.
82. Sources of legal rights and obligations for privacy over electronic-mail do not include: a. The law of the country b. Employer practices c. Employee practices d. Employer policies
Choice (c) is the correct answer. Since e-mail cross many state and national boundaries and even continents, it is advised to review the principal sources of legal rights and obligations. These sources include the law of the country and employer policies and practices. Employee practices have no effect on the legal rights and obligations
72. Countermeasures against IP address spoofing attacks do not include which of the following? a. Use firewalls b. Disable active-content c. Use smart tokens d. Use time-stamps
Choice (c) is the correct answer. Smart tokens are part of robust authentication techniques to authenticate a user accessing a computer system. IP address spoofing is using various techniques to subvert IPbased access control by masquerading as another system by using their IP address. Countermeasures include (1) using firewalls, (2) disabling active-content code (e.g., Active-X and JavaScript) from the Web browser, and (3) using time-stamps. ACLs can also be used to block inbound traffic with source addresses matching the internal addresses of the target network.
50. Which of the following is the best backup strategy for firewalls? a. Incremental backup b. Centralized backup c. Day Zero backup d. Differential backup
Choice (c) is the correct answer. The conduct and maintenance of backups are key points to any firewall administration policy. It is critical that all firewalls are subject to a Day Zero backup (full backup), i.e., all firewalls should be backed up immediately prior to production release. As a general principle, all firewall backups should be full backups and there is no need for incremental, centralized, or differential backups.
65. Which of the following ISO/OSI layers provide confidentiality, authentication, and integrity services? a. Data link layer 2 b. Transport layer 4 c. Network layer 3 d. Physical layer 1
Choice (c) is the correct answer. The network layer is the only layer that provides confidentiality, authentication, and integrity services. Data link layer and physical layers provide confidentiality and transport layer provides access control services
89. Which of the following functions of the Internet Control Message Protocol (ICMP) of TCP/IP cause a buffer overflow on the target machine? a. Detecting unreachable destinations b. Redirecting messages c. Checking remote hosts d. Controlling traffic flow
Choice (c) is the correct answer. The ping command is used to send an ICMP echo message for checking the status of a remote host. When large amounts of these messages are received from an intruder, they can cause a buffer overflow on the target host machine, resulting in a system reboot or total system crash.
16. The screened subnet firewall acts as which of the following? a. A fast packet network b. A digital network c. A perimeter network d. A broadband network
Choice (c) is the correct answer. The screened subnet firewall acts as a perimeter network. If there is an attack on the firewall, the attacker is restricted to the perimeter (external) network and therefore is not attacking the internal network.
86. A firewall has been compromised. What is the correct sequence of action steps to be followed by a firewall administrator? 1. Deploy the secondary firewall 2. Bring down the primary firewall 3. Restore the primary firewall 4. Reconfigure the primary firewall a. 1, 2, 3, 4 b. 2, 3, 4, 1 c. 2, 1, 4, 3 d. 4, 1, 2, 3
Choice (c) is the correct answer. There should be at least two firewalls in place: primary and secondary. First, the affected (primary) firewall should be brought down, and the backup (secondary) firewall should be deployed. Internal computer systems should not be Robbins (Fall 2018) connected to the Internet without a firewall. After the primary firewall is reconfigured, it must be brought back or restored to an operational state.
12. Which of the following is the true purpose of "ping" in wireless technologies? a. The pinging tells the filters on the network b. The pinging tells the frequencies of the network c. The pinging tells the location of a phone user d. The pinging tells the troubles on the network
Choice (c) is the correct answer. To monitor the state of the network and be able to respond quickly when calls are made, the main cellular controlling switch periodically "pings" all cellular telephones. This pinging lets the switch know which users are in the area and where in the network the telephone is located. This information can be used to give a rough idea of location of the phone user to help catch the fraud perpetrator. Vehicle location service is an application of the ping technology. The other choices are distracters.
76. Which of the following supports the secure sockets layer (SSL) to perform client-to-server authentication process? a. Application-layer security protocol b. Session-layer security protocol c. Transport-layer security protocol d. Presentation-layer security protocol
Choice (c) is the correct answer. Transport-layer security (TLS) protocol supports the SSL to perform clientto-server authentication process. The TLS protocol allows client/server application to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. The TLS protocol provides communication privacy and data integrity over the Internet
32. The Internet Protocol Security (IPSEC) is usually implemented in which of the following? a. Bridge b. Gateway c. Firewall d. Backbone
Choice (c) is the correct answer. Usually, IPSEC is implemented on a firewall for VPNs. IPSEC encrypts and encapsulates IP packets, so outsiders cannot observe the true source and destinations. VPNs allow a trusted network to communicate with another network over untrusted networks such as the Internet. A policy is needed for use of firewalls with VPNs. Any connection between firewalls over public networks should use encrypted VPNs to ensure the privacy and integrity of the data passing over the public network. Bridges, gateways, and backbones do not have the access control mechanism as the firewall.
34. Wireless security is provided by which of the following protocols? a. WSP b. WTP c. WTLS d. WDP
Choice (c) is the correct answer. WTLS is a communications protocol that allows cellular phones to send and receive encrypted information over the Internet. Wireless session protocol (WSP), wireless transaction protocol (WTP), wireless transport layer security (WTLS), and wireless datagram protocol (WDP) are part of wireless access protocol (WAP). WAP is an Internet protocol that defines the way in which cell phones and similar devices can access the Internet.
3. Attacks against wireless technologies include which of the following? a. Spamming and loss of availability b. Spoofing and loss of integrity c. Eavesdropping and loss of confidentiality d. Cracking and loss of authenticity
Choice (c) is the correct answer. Wireless technologies invite privacy and fraud violations more easily than wireline technologies due to their broadcast nature. The privacy implications of widespread use of mobile wireless technologies are potentially serious for both individuals and businesses. There will be a continuing need to guard against eavesdropping and breaches of confidentiality, as hackers and scanners develop ways to listen in and track wireless communications devices
52. An Ethernet network uses which of the following logical topologies? a. Ring b. Star c. Mesh d. Bus
Choice (d) is the correct answer. An Ethernet network uses the bus topology. Ring topology is used in Token Ring networks. Star topology is used in switched networks. Mesh is a hybrid of networks
28. A stronger barrier control around insecure application software is which of the following? a. Firewalls b. Intrusion detection systems c. Virus checkers d. Operating system's security features
Choice (d) is the correct answer. Application software often contains numerous vulnerabilities. Many security systems (e.g., firewalls, intrusion detection systems, and virus checkers) attempt to protect these insecure applications by monitoring and filtering the application's interactions with users. Ultimately, however these barrier techniques are inadequate because users must be allowed to interface directly with the vulnerable applications software. The best defense is to install ever-stronger barriers around the applications software. The operating system is the best place for such a barrier
80. Challenge Handshake Authentication Protocol (CHAP) requires which of the following for remote users? a. Initial authentication b. Pre-authentication c. Post-authentication d. Re-authentication
Choice (d) is the correct answer. CHAP supports re-authentication to make sure the users are still who they were at the beginning of the session. The other authentication methods would not achieve this goal.
29. Which of the following is an example of a boundary access control? a. Gateway b. Bridge c. Modem d. Firewall
Choice (d) is the correct answer. Firewalls monitor network traffic that enters and leaves a network. A firewall controls broad access to all networks and resources that lie "inside" it. By limiting access to host systems and services, firewalls provide a necessary line of perimeter defense against attack; that is, they form a boundary control. Choice (a) is incorrect because a gateway is an interface between two networks. Choice (b) is incorrect because a bridge is a device used to link two or more homogeneous local area networks. Choice (c) is incorrect because a modem is a device that converts analog signals to digital signals and vice versa. The devices mentioned in choices (a), (b), and (c) do not have the ability to perform as a boundary access control.
66. Which of the following is not an example of centralized authentication servers? a. RADIUS b. TACACS c. CIRCLE d. DIAMETER
Choice (d) is the correct answer. Identifying information or data protection requirements involves reviewing the need for an uninterruptible power source (choice a), backups (choice b), and fault tolerance (choice c). Selection of an operating system is a part of operational constraints, not data protection requirements.
67. Analyzing data protection requirements for installing a LAN does not include: a. Uninterruptible power source b. Backups c. Fault tolerance d. Operating systems
Choice (d) is the correct answer. Identifying information or data protection requirements involves reviewing the need for an uninterruptible power source (choice a), backups (choice b), and fault tolerance (choice c). Selection of an operating system is a part of operational constraints, not data protection requirements.
18. Which of the following cannot defend login spoofing? a. Providing a secure channel between the user and the system b. Installing a hardware reset button c. Implementing cryptographic authentication techniques d. Installing input overflow checks
Choice (d) is the correct answer. Input overflow checks ensure that input is not lost during data entry or processing and are good against input overflow attacks. These attacks can be avoided by proper program design. Login spoofing can be defended by providing a secure channel between the user and the system. A hardware reset button on a personal computer can be very effective in removing some kinds of spoofing attacks. Cryptographic authentication techniques can increase security but only for complex systems.
83. A major problem with Serial Line Internet Protocol (SLIP) is which of the following? a. The protocol does not contain address information b. The protocol is used on point-to-point connections c. The protocol is used to attach non-IP devices to an IP network d. The protocol does not provide error detection or correction mechanism
Choice (d) is the correct answer. SLIP is a protocol for sending IP packets over a serial line connection. Because SLIP is used over slow lines (56kb), this makes error detection or correction at that layer more expensive. Errors can be detected at a higher layer. Robbins (Fall 2018) The addresses are implicitly defined, which is not a major problem (choice a). Point-to-point connections make it less vulnerable to eavesdropping, which is a strength (choice b). SLIP is a mechanism for attaching non-IP devices to an IP network, which is an advantage (choice c).
64. Which of the following protocols is used to settle buying and selling transactions over the Internet? a. SHA b. SSL c. SLIP d. SET
Choice (d) is the correct answer. Secure Electronic Transaction (SET) protocol supports secure transactions over the Internet in terms of buying and selling of goods and services.
25. Which of the following supports strong authentication for the Web server? a. DES b. RSA c. 3DES d. SSL
Choice (d) is the correct answer. The Secure Sockets Layer (SSL) is a session-oriented protocol that uses a combination of public- and symmetric-key cryptography to perform authentication and encryption. Publickey authentication is performed using digital certificates and allows for the exchange of a shared secret, which is then used as an encryption key with a symmetric algorithm (e.g., DES). It has become the de facto standard for secure communications on the Internet.
84. Which of the following is the most important step to be followed by a firewall administrator when upgrading the firewall system? a. Analyze and upgrade b. Evaluate and upgrade c. Monitor and upgrade d. Upgrade and test
Choice (d) is the correct answer. The firewall administrator must analyze and evaluate each new release of the firewall software to determine whether an upgrade is required. Prior to upgrade, the firewall administrator must verify with the vendor that an upgrade is required. The most important step occurs after an upgrade; the firewall must be tested to ensure proper functioning prior to making it fully operational
37. Which of the following is not one of the actions taken by a firewall on a packet? a. Accept b. Deny c. Discard d. Destroy
Choice (d) is the correct answer. The firewall examines a packet's source and destination addresses and ports, and determines what protocol is in use. From there, it starts at the top of the rulebase and work down through the rules until it finds a rule that permits or denies the packet. It takes one of the three actions: (1) the firewall passes the packet through the firewall as requested (accept), (2) the firewall drops the packets, without passing it through the firewall (deny), or (3) the firewall not only drops the packet, but it does not return an error message to the source system (discard). Destroy is not one of the actions taken by a firewall.
54. In secure RPC, which of the following provides the public and private keys to servers and clients? a. The users b. The clients c. The servers d. The authentication servers
Choice (d) is the correct answer. The principals involved in the secure RPC authentication systems are users, clients, servers, and the authentication server. The authentication server provides the public and private keys to servers and clients.