CISSP Domain 4 Communications and Network Security
Tree
In this type of topology, a branch cable failure could result in entire network down.
B. The Challenge-Handshake Authentication Protocol, or CHAP, is used by PPP servers to authenticate remote clients. It encrypts both the username and password and performs periodic reauthentication while connected using techniques to prevent replay attacks. LEAP provides reauthentication but was designed for WEP, while PAP sends passwords unencrypted. EAP is extensible and was used for PPP connections, but it doesn't directly address the listed items
10.Which authentication protocol commonly used for PPP links encrypts both the username and password and uses a challenge/response dialog that cannot be replayed and periodically reauthenticates remote systems throughout its use in a session? A.PAP B.CHAP C.EAP D.LEAP
C. SSID broadcast is typically disabled for secure networks. While this won't stop a determined attacker, it will stop casual attempts to connect. Separating the network from other wired networks, turning on the highest level of encryption supported (like WPA2), and using MAC filtering for small groups of clients that can reasonably be managed by hand are all common best practices for wireless networks.
11.Which of the following options is not a common best practice for securing a wireless network? A.Turn on WPA2. B.Enable MAC filtering if used for a relatively small group of clients. C.Enable SSID broadcast. D.Separate the access point from the wired network using a firewall, thus treating it as external access
12.B. Although availability is a key aspect of security in general, it is the least important aspect of security systems for internet-delivered email.
12.When you're designing a security system for internet-delivered email, which of the following is least important? A.Nonrepudiation B.Availability C.Message integrity D.Access restriction
D. Remote PCs that connect to a protected network need to comply with security settings and standards that match those required for the internal network. The VPN concentrator logically places remote users in the protected zone behind the firewall, but that means that user workstations (and users) must be trusted in the same way that local workstations are.
14.If the VPN grants remote users the same access to network and system resources as local workstations have, what security issue should Chris raise? A.VPN users will not be able to access the web server. B.There is no additional security issue; the VPN concentrator's logical network location matches the logical network location of the workstations. C.VPN bypasses the firewall, creating additional risks. D.VPN users should only connect from managed PCs.
14.B. Mail-bombing is the use of email as an attack mechanism. Flooding a system with messages causes a denial of service
14.What is it called when email itself is used as an attack mechanism? A.Masquerading B.Mail-bombing C.Spoofing D.Smurf attack
C. An intrusion protection system can scan traffic and stop both known and unknown attacks. A web application firewall, or WAF, is also a suitable technology, but placing it at location C would only protect from attacks via the organization's VPN, which should only be used by trusted users. A firewall typically won't have the ability to identify and stop cross-site scripting attacks, and IDS systems only monitor and don't stop attacks.
15.If Chris wants to stop cross-site scripting attacks against the web server, what is the best device for this purpose, and where should he put it? A.A firewall, location A B.An IDS, location A C.An IPS, location B D.A WAF, location C
D. Distance-vector protocols use metrics including the direction and distance in hops to remote networks to make decisions. A link-state routing protocol considers the shortest distance to a remote network. Destination metric and link-distance protocols don't exist
16.Susan is deploying a routing protocol that maintains a list of destination networks with metrics that include the distance in hops to them and the direction traffic should be sent to them. What type of protocol is she using? A.A link-state protocol B.A link-distance protocol C.A destination metric protocol D.A distance-vector protocol
per permanent virtual circuit (PVC) can be described as a logical circuit that always exists and is waiting for the customer to send data.manent virtual circuit (PVC) can be described as a logical circuit that always exists and is waiting for the customer to send data.
16.Which of the following is a type of connection that can be described as a logical circuit that always exists and is waiting for the customer to send data? A.ISDN B.PVC C.VPN D.SVC
B. Disabling SSID broadcast can help prevent unauthorized personnel from attempting to connect to the network. Since the SSID is still active, it can be discovered by using a wireless sniffer. Encryption keys are not related to SSID broadcast, beacon frames are used to broadcast the SSID, and it is possible to have multiple networks with the same SSID.
17.Ben has configured his network to not broadcast a SSID. Why might Ben disable SSID broadcast, and how could his SSID be discovered? A.Disabling SSID broadcast prevents attackers from discovering the encryption key. The SSID can be recovered from decrypted packets. B.Disabling SSID broadcast hides networks from unauthorized personnel. The SSID can be discovered using a wireless sniffer. C.Disabling SSID broadcast prevents issues with beacon frames. The SSID can be recovered by reconstructing the BSSID. D.Disabling SSID broadcast helps avoid SSID conflicts. The SSID can be discovered by attempting to connect to the network.
B. A proxy is a form of gateway that provide clients with a filtering, caching, or other service that protects their information from remote systems. A router connects networks, while a firewall uses rules to limit traffic permitted through it. A gateway translates between protocols
18.What network tool can be used to protect the identity of clients while providing Internet access by accepting client requests, altering the source addresses of the requests, mapping requests to clients, and sending the modified requests out to their destination? A.A gateway B.A proxy C.A router D.A firewall
18.C. Social engineering can often be used to bypass even the most effective physical and logical controls. Whatever activity the attacker convinces the victim to perform, it is usually directed toward opening a back door that the attacker can use to gain access to the network
18.Which of the following can be used to bypass even the best physical and logical security mechanisms to gain access to a system? A.Dictionary attacks B.Denial of service C.Social engineering D.Port scanning
B. LEAP, the Lightweight Extensible Authentication Protocol. is a Cisco proprietary protocol designed to handle problems with TKIP. Unfortunately, LEAP has significant security issues as well and should not be used. Any modern hardware should support WPA2 and technologies like PEAP or EAP-TLS. Using WEP, the predecessor to WPA and WPA2, would be a major step back in security for any network.
2.During a security assessment of a wireless network, Jim discovers that LEAP is in use on a network using WPA. What recommendation should Jim make? A.Continue to use LEAP. It provides better security than TKIP for WPA networks. B.Use an alternate protocol like PEAP or EAP-TLS and implement WPA2 if supported. C.Continue to use LEAP to avoid authentication issues, but move to WPA2. D.Use an alternate protocol like PEAP or EAP-TLS, and implement Wired Equivalent Privacy to avoid wireless security issues.
D. A stand-alone system has no need for tunneling because no communications between systems are occurring and no intermediary network is present.
2.Tunnel connections can be established over all except for which of the following? A.WAN links B.LAN pathways C.Dial-up connections D.Stand-alone systems
B. Screen scrapers copy the actual screen displayed and display it at a remote location. RDP provides terminal sessions without doing screen scraping, remote node operation is the same as dial-up access, and remote control is a means of controlling a remote system (screen scraping is a specialized subset of remote control).
20.A remote access tool that copies what is displayed on a desktop PC to a remote computer is an example of what type of technology? A.Remote node operation B.Screen scraping C.Remote control D.RDP
A. S/MIME supports both signed messages and a secure envelope method. While the functionality of S/MIME can be replicated with other tools, the secure envelope is an S/MIME-specific concept. MOSS, or MIME Object Security Services, and PEM can also both provide authentication, confidentiality, integrity, and nonrepudiation, while DKIM, or Domain Keys Identified Mail, is a domain validation tool.
21.Which email security solution provides two major 21.Which email security solution provides two major usage modes: (1) signed messages that provide integrity, sender authentication, and nonrepudiation; and (2) an enveloped message mode that provides integrity, sender authentication, and confidentiality? A.S/MIME B.MOSS C.PEM D.DKIM
C. 802.11n can operate at speeds over 200 Mbps, and it can operate on both the 2.4 and 5 GHz frequency range. 802.11g operates at 54 Mbps using the 2.4 GHz frequency range, and 802.11ac is capable of 1 Gbps using the 5 GHz range. 802.11a and b are both outdated and are unlikely to be encountered in modern network installations
25.What speed and frequency range is used by 802.11n? A.54 Mbps, 5 GHz B.200+ Mbps, 5GHz C.200+ Mbps, 2.4 and 5 GHz D.1 Gbps, 5 GHz
B. ARP and RARP operate at the Data Link layer, the second layer of the OSI model. Both protocols deal with physical hardware addresses, which are used above the Physical layer (layer 1) and below the Network layer (layer 3), thus falling at the Data Link layer.
26.The Address Resolution Protocol (ARP) and the Reverse Address Resolution Protocol (RARP) operate at what layer of the OSI model? A.Layer 1 B.Layer 2 C.Layer 3 D.Layer 4
A. A repeater or concentrator will amplify the signal, ensuring that the 100-meter distance limitation of 1000Base-T is not an issue. A gateway would be useful if network protocols were changing, while Cat7 cable is appropriate for a 10Gbps network at much shorter distances. STP cable is limited to 155 Mbps and 100 meters, which would leave Chris with network problems.
28.Chris is building an Ethernet network and knows that he needs to span a distance of over 150 meters with his 1000Base-T network. What network technology should he use to help with this? A.Install a repeater or a concentrator before 100 meters. B.Use Category 7 cable, which has better shielding for higher speeds. C.Install a gateway to handle the distance. D.Use STP cable to handle the longer distance at high speeds.
C. Ben is using ad hoc mode, which directly connects two clients. It can be easy to confuse this with stand-alone mode, which connects clients using a wireless access point, but not to wired resources like a central network. Infrastructure mode connects endpoints to a central network, not directly to each other. Finally, wired extension mode uses a wireless access point to link wireless clients to a wired network.
3.Ben has connected his laptop to his tablet PC using an 802.11g connection. What wireless network mode has he used to connect these devices? A.Infrastructure mode B.Wired extension mode C.Ad hoc mode D.Stand-alone mode
B. Multilayer protocols create three primary concerns for security practitioners: They can conceal covert channels (and thus covert channels are allowed), filters can be bypassed by traffic concealed in layered protocols, and the logical boundaries put in place by network segments can be bypassed under some circumstances. Multilayer protocols allow encryption at various layers and support a range of protocols at higher layers
32.Which of the following drawbacks is a concern when multilayer protocols are allowed? A.A range of protocols may be used at higher layers. B.Covert channels are allowed. C.Filters cannot be bypassed. D.Encryption can't be incorporated at multiple layers.
B. When a workstation or other device is connected simultaneously to both a secure and a nonsecure network like the Internet, it may act as a bridge, bypassing the security protections located at the edge of a corporate network. It is unlikely that traffic will be routed improperly leading to the exposure of sensitive data, as traffic headed to internal systems and networks is unlikely to be routed to the external network. Reflected DDoS attacks are used to hide identities rather than to connect through to an internal network, and security administrators of managed systems should be able to determine both the local and wireless IP addresses his system uses.
34.Chris uses a cellular hot spot (modem) to provide Internet access when he is traveling. If he leaves the hot spot connected to his PC while his PC is on his organization's corporate network, what security issue might he cause? A.Traffic may not be routed properly, exposing sensitive data. B.His system may act as a bridge from the Internet to the local network. C.His system may be a portal for a reflected DDoS attack. D.Security administrators may not be able to determine his IP address if a security issue occurs.
C. The DARPA TCP/IP model was used to create the OSI model, and the designers of the OSI model made sure to map the OSI model layers to it. The Application layer of the TCP model maps to the Application, Presentation, and Session layers, while the TCP and OSI models both have a distinct Transport layer.
36.The DARPA TCP/IP model's Application layer matches up to what three OSI model layers? A.Application, Presentation, and Transport B.Presentation, Session, and Transport C.Application, Presentation, and Session D.There is not a direct match. The TCP model was created before the OSI model
B. ARP cache poisoning occurs when false ARP data is inserted into a system's ARP cache, allowing the attacker to modify its behavior. RARP flooding, denial of ARP attacks, and ARP buffer blasting are all made-up terms
37.One of Susan's attacks during a penetration test involves inserting false ARP data into a system's ARP cache. When the system attempts to send traffic to the address it believes belongs to a legitimate system, it will instead send that traffic to a system she controls. What is this attack called? A.RARP Flooding B.ARP cache poisoning C.A denial of ARP attack D.ARP buffer blasting
C. The process of using a fake MAC (Media Access Control) address is called spoofing, and spoofing a MAC address already in use on the network can lead to an address collision, preventing traffic from reaching one or both systems. Tokens are used in token ring networks, which are outdated, and EUI refers to an Extended Unique Identifier, another term for MAC address, but token loss is still not the key issue. Broadcast domains refers to the set of machines a host can send traffic to via a broadcast message.
38.Sue modifies her MAC address to one that is allowed on a network that uses MAC filtering to provide security. What is the technique Sue used, and what non-security issue could her actions cause? A.Broadcast domain exploit, address conflict B.Spoofing, token loss C.Spoofing, address conflict D.Sham EUI creation, token loss
C. A collision domain is the set of systems that could cause a collision if they transmitted at the same time. Systems outside of a collision domain cannot cause a collision if they send at the same time. This is important, as the number of systems in a collision domain increases the likelihood of network congestion due to an increase in collisions. A broadcast domain is the set of systems that can receive a broadcast from each other. A subnet is a logical division of a network, while a supernet is made up of two or more networks.
4.Lauren's and Nick's PCs simultaneously send traffic by transmitting at the same time. What network term describes the range of systems on a network that could be affected by this same issue? A.The subnet B.The supernet C.A collision domain D.A broadcast domain
D. Application-specific protocols are handled at layer 7, the Application layer of the OSI model.
40.SMTP, HTTP, and SNMP all occur at what layer of the OSI model? A.Layer 4 B.Layer 5 C.Layer 6 D.Layer 7
D. Ping uses ICMP, the Internet Control Message Protocol, to determine whether a system responds and how many hops there are between the originating system and the remote system. Lauren simply needs to filter out ICMP to not see her pings.
41.Lauren uses the ping utility to check whether a remote system is up as part of a penetration testing exercise. If she wants to filter ping out by protocol, what protocol should she filter out from her packet sniffer's logs? A.UDP B.TCP C.IP D.ICMP
D. 802.1x provides port-based authentication and can be used with technologies like EAP, the Extensible Authentication Protocol. 802.11a is a wireless standard, 802.3 is the standard for Ethernet, and 802.15.1 was the original Bluetooth IEEE standard.
42.Lauren wants to provide port-based authentication on her network to ensure that clients must authenticate before using the network. What technology is an appropriate solution for this requirement? A.802.11a B.802.3 C.802.15.1 D.802.1x
D. 1000Base-T is capable of a 100 meter run according to its specifications. For longer distances, a fiber-optic cable is typically used in modern networks.
43.Ben has deployed a 1000Base-T 1 gigabit network and needs to run a cable to another building. If Ben is running his link directly from a switch to another switch in that building, what is the maximum distance Ben can cover according to the 1000Base-T specification? A.2 kilometers B.500 meters C.185 meters D.100 meters
C. PRI, or Primary Rate Interface, can use between 2 and 23 64 Kbps channels, with a maximum potential bandwidth of 1.544 Mbps. Actual speeds will be lower due to the D channel, which can't be used for actual data transmission, but PRI beats BRI's two B channels paired with a D channel for 144 Kbps of bandwidth.
44.Jim's remote site has only ISDN as an option for connectivity. What type of ISDN should he look for to get the maximum speed possible? A.BRI B.BPRI C.PRI D.D channel
C. Layer 6, the Presentation layer, transforms data from the Application layer into formats that other systems can understand by formatting and standardizing the data. That means that standards like JPEG, ASCII, and MIDI are used at the Presentation layer for data. TCP, UDP, and TLS are used at the Transport layer; NFS, SQL, and RPC operate at the Session layer; and HTTP, FTP, and SMTP are Application layer protocols
47.Which of the following options includes standards or protocols that exist in layer 6 of the OSI model? A.NFS, SQL, and RPC B.TCP, UDP, and TLS C.JPEG, ASCII, and MIDI D.HTTP, FTP, SMTP
C. PPTp, L2F, L2TP, and IPsec are the most common VPN protocols. TLS is also used for an increasingly large percentage of VPN connections and may appear at some point in the CISSP exam. PPP is a dial-up protocol, LTP is not a protocol, and SPAP is the Shiva Password Authentication Protocol sometimes used with PPTP.
49.There are four common VPN protocols. Which group of four below contains all of the common VPN protocols? A.PPTP, LTP, L2TP, IPsec B.PPP, L2TP, IPsec, VNC C.PPTP, L2F, L2TP, IPsec D.PPTP, L2TP, IPsec, SPAP
D. The RST flag is used to reset or disconnect a session. It can be resumed by restarting the connection via a new three-way handshake.
5.Sarah is manually reviewing a packet capture of TCP traffic and finds that a system is setting the RST flag in the TCP packets it sends repeatedly during a short period of time. What does this flag mean in the TCP packet header? A.RST flags mean "Rest." The server needs traffic to briefly pause. B.RST flags mean "Relay-set." The packets will be forwarded to the address set in the packet. C.RST flags mean "Resume Standard." Communications will resume in their normal format. D.RST means "Reset." The TCP session will be disconnected.
C. The Physical Layer includes electrical specifications, protocols, and standards that allow control of throughput, handling line noise, and a variety of other electrical interface and signaling requirements. The OSI layer doesn't have a Device layer. The Transport layer connects the Network and Session layers, and the Data Link layer packages packets from the network layer for transmission and receipt by devices operating on the Physical layer.
51. Which OSI layer includes electrical specifications, protocols, and interface standards? A.The Transport layer B.The Device layer C.The Physical layer D.The Data Link layer
A. User awareness is one of the most important tools when dealing with attachments. Attachments are often used as a vector for malware, and aware users can help prevent successful attacks by not opening the attachments. Anti-malware tools, including antivirus software, can help detect known threats before users even see the attachments. Encryption, including tools like S/MIME, won't help prevent attachment-based security problems, and removing ZIP file attachments will only stop malware that is sent via those ZIP files.
53.If your organization needs to allow attachments in email to support critical business processes, what are the two best options for helping to avoid security problems caused by attachments? A.Train your users and use anti-malware tools. B.Encrypt your email and use anti-malware tools. C.Train your users and require S/MIME for all email. D.Use S/MIME by default and remove all ZIP (.zip) file attachments.
A. The Transport layer provides logical connections between devices, including end-to-end transport services to ensure that data is delivered. Transport layer protocols include TCP, UDP, SSL, and TLS.
54.Segmentation, sequencing, and error checking all occur at what layer of the OSI model that is associated with SSL, TLS, and UDP? A.The Transport layer B.The Network layer C.The Session layer D.The Presentation layer
B. Machine Access Control (MAC) addresses are the hardware address the machine uses for layer 2 communications. The MAC addresses include an organizationally unique identifier (OUI), which identifies the manufacturer. MAC addresses can be changed, so this is not a guarantee of accuracy, but under normal circumstances you can tell what manufacturer made the device by using the MAC address.
55.The Windows ipconfig command displays the following information: BC-5F-F4-7B-4B-7D What term describes this, and what information can be gathered from it? A.The IP address, the network location of the system B.The MAC address, the network interface card's manufacturer C.The MAC address, the media type in use D.The IPv6 client ID, the network interface card's manufacturer
C. Double NATing isn't possible with the same IP range; the same IP addresses cannot appear inside and outside of a NAT router. RFC 1918 addresses are reserved, but only so they are not used and routable on the Internet, and changing to PAT would not fix the issue.
57.Ben is troubleshooting a network and discovers that the NAT router he is connected to has the 192.168.x.x subnet as its internal network and that its external IP is 192.168.1.40. What problem is he encountering? A.192.168.x.x is a non-routable network and will not be carried to the Internet. B.192.168.1.40 is not a valid address because it is reserved by RFC 1918. C.Double NATing is not possible using the same IP range. D.The upstream system is unable to de-encapsulate his packets and he needs to use PAT instead.
B. A Class B network holds 2^16 systems, and its default network mask is 255.255.0.0.
58.What is the default subnet mask for a Class B network? A.255.0.0.0 B.255.255.0.0 C.255.254.0.0 D.255.255.255.0
C. Traditional private branch exchange (PBX) systems are vulnerable to eavesdropping because voice communications are carried directly over copper wires. Since standard telephones don't provide encryption (and you're unlikely to add encrypted phones unless you're the NSA), physically securing access to the lines and central connection points is the best strategy available.
59.Jim's organization uses a traditional PBX for voice communication. What is the most common security issue that its internal communications are likely to face, and what should he recommend to prevent it? A.Eavesdropping, encryption B.Man-in-the-middle attacks, end-to-end encryption C.Eavesdropping, physical security D.Wardialing, deploy an IPS
C. He should choose 802.11n, which supports 200+ Mbps in the 2.4 GHz or the 5 GHz frequency range. 802.11a and 802.11ac are both 5 GHz only, while 802.11g is only capable of 54 Mbps.
6.Gary is deploying a wireless network and wants to deploy the fastest possible wireless technology. Of the 802.11 standards listed below, which is the fastest 2.4 GHz option he has? A.802.11a B.802.11g C.802.11n D.802.11ac
A. Most cordless phones don't use encryption, and even modern phones that use DECT (which does provide encryption) have already been cracked. This means that a determined attacker can almost always eavesdrop on cordless phones, and makes them a security risk if they're used for confidential communication.
60.What common security issue is often overlooked with cordless phones? A.Their signal is rarely encrypted and thus can be easily monitored. B.They use unlicensed frequencies. C.They can allow attackers access to wireless networks. D.They are rarely patched and are vulnerable to malware.
A. VLAN hopping between the voice and computer VLANs can be accomplished when devices share the same switch infrastructure. Using physically separate switches can prevent this attack. Encryption won't help with VLAN hopping because it relies on header data that the switch needs to read (and this is unencrypted), while Caller ID spoofing is an inherent problem with VoIP systems. A denial of service is always a possibility, but it isn't specifically a VoIP issue and a firewall may not stop the problem if it's on a port that must be allowed through
61.Lauren's organization has deployed VoIP phones on the same switches that the desktop PCs are on. What security issue could this create, and what solution would help? A.VLAN hopping, use physically separate switches. B.VLAN hopping, use encryption. C.Caller ID spoofing, MAC filtering D.Denial of service attacks, use a firewall between networks.
A. A static packet filtering firewall is only aware of the information contained in the message header of packets: the source, destination, and port it is sent from and headed to. This means that they're not particularly smart, unlike Application layer firewalls that proxy traffic based on the service they support or stateful inspection firewalls (also known as dynamic packet inspection firewalls) that understand the relationship between systems and their communications.
62.Which type of firewall can be described as "a device that filters traffic based on its source, destination and the port it is sent from or is going to"? A.A static packet filtering firewall B.An Application layer gateway firewall C.A dynamic packet filtering firewall D.A stateful inspection firewall
A. Black boxes are designed to steal long-distance service by manipulating line voltages. Red boxes simulate tones of coins being deposited into payphones; blue boxes were tone generators used to simulate the tones used for telephone networks; and white boxes included a dual tone, multifrequency generator to control phone systems.
63.A phreaking tool used to manipulate line voltages to steal long-distance service is known as what type of box? A.A black box B.A red box C.A blue box D.A white box
C. Software-defined networking provides a network architecture than can be defined and configured as code or software. This will allow Lauren's team to quickly change the network based on organizational requirements. The 5-4-3 rule is an old design rule for networks that relied on repeaters or hubs. A converged network carries multiple types of traffic like voice, video, and data. A hypervisor-based network may be software defined, but it could also use traditional network devices running as virtual machines
66.Lauren's networking team has been asked to identify a technology that will allow them to dynamically change the organization's network by treating the network like code. What type of architecture should she recommend? A.A network that follows the 5-4-3 rule B.A converged network C.A software-defined network D.A hypervisor-based network
B. Sensitive information contained in faxes should not be left in a public area. Disabling automatic printing will help prevent unintended viewing of the faxes. Purging local memory after the faxes are printed will ensure that unauthorized individuals can't make additional copies of faxes. Encryption would help keep the fax secure during transmission but won't help with the public location and accessibility of the fax machine itself, and of course, enabling automatic printing will only make casual access easier.
67.Jim's organization uses fax machines to receive sensitive data. Since the fax machine is located in a public area, what actions should Jim take to deal with issues related to faxes his organization receives? A.Encrypt the faxes and purge local memory. B.Disable automatic printing and purge local memory. C.Encrypt faxes and disable automatic printing. D.Use link encryption and enable automatic printing
B. ISDN, cable modems, DSL, and T1 and T3 lines are all examples of broadband technology that can support multiple simultaneous signals. They are analog, not digital, and are not broadcast technologies
68. Cable modems, ISDN, and DSL are all examples of what type of technology? A.Baseband B.Broadband C.Digital D.Broadcast
D. Network segmentation can reduce issues with performance as well as diminish the chance of broadcast storms by limiting the number of systems in a segment. This decreases broadcast traffic visible to each system and can reduce congestion. Segmentation can also help provide security by separating functional groups who don't need to be able to access each other's systems. Installing a firewall at the border would only help with inbound and outbound traffic, not cross-network traffic. Spanning tree loop prevention helps prevent loops in Ethernet networks (for example, when you plug a switch into a switch via two ports on each), but it won't solve broadcast storms that aren't caused by a loop or security issues. Encryption might help prevent some problems between functional groups, but it won't stop them from scanning other systems, and it definitely won't stop a broadcast storm!
70.During a review of her organization's network, Angela discovered that it was suffering from broadcast storms and that contractors, guests, and organizational administrative staff were on the same network segment. What design change should Angela recommend? A.Require encryption for all users. B.Install a firewall at the network border. C.Enable spanning tree loop detection. D.Segment the network based on functional requirements.
A. The File Transfer Protocol (FTP) operates on TCP ports 20 and 21. UDP port 69 is used for the Trivial File Transfer Protocol, or TFTP, while UDP port 21 is not used for any common file transfer protocol.
8.Chris is configuring an IDS to monitor for unencrypted FTP traffic. What ports should Chris use in his configuration? A.TCP 20 and 21 B.TCP 21 only C.UDP port 69 D.TCP port 21 and UDP port 21
B. Frame Relay is a layer 2 connection mechanism that uses packet-switching technology to establish virtual circuits between the communication endpoints. The Frame Relay network is a shared medium across which virtual circuits are created to provide point-to-point communications. All virtual circuits are independent of and invisible to each other.
Is a layer 2 connection mechanism that uses packet-switching technology to establish virtual circuits between the communication endpoints. A.ISDN B.Frame Relay C.SMDS D.ATM
D Bastion Host: A system that has been hardened to resist attack at some critical point of entry, and which is installed on a network in such a way that it is expected to come under attack. Bastion hosts are often components of firewalls, or may be 'outside" Web servers or public access systems.
Serve as a gateway between a trusted and untrusted network that gives limited, authorized access to untrusted hosts. A. Layer 6 B. Traceroute C. Bridges D. Bastion hosts
Bus
Since topology has a central bus, its failure will leave the entire network inoperable
A. Frame Relay supports multiple private virtual circuits (PVCs), unlike X.25. It is a packet-switching technology that provides a Committed Information Rate (CIR), which is a minimum bandwidth guarantee provided by the service provider to customers. Finally, Frame Relay requires a DTE/DCE at each connection point, with the DTE providing access to the Frame Relay network, and a provider-supplied DCE, which transmits the data over the network.
What important factor listed below differentiates Frame Relay from X.25? A.Frame Relay supports multiple PVCs over a single WAN carrier connection. B.Frame Relay is a cell-switching technology instead of a packet-switching technology like X.25. C.Frame Relay does not provide a Committed Information Rate (CIR). D.Frame Relay only requires a DTE on the provider side.
B. Static mode NAT is needed to allow an outside entity to initiate communications with an internal system behind a NAT proxy
What is needed to allow an external client to initiate a communication session with an internal system if the network uses a NAT proxy? A.IPsec tunnel B.Static mode NAT C.Static private IP address D.Reverse DNS
802.1AE
What standard provides encryption, integrity and origin authentication? A. 802.1AR B. 802.1AE C. 802.1AC D. 801.1x
B. The 169.254.x.x subnet is in the APIPA range, which is not part of RFC 1918. The addresses in RFC 1918 are 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, and 192.168.0.0-192.168.255.255
Which of the following IP addresses is not a private IP address as defined by RFC 1918? A.10.0.0.18 B.169.254.1.119 C.172.31.8.204 D.192.168.6.43
A, B, D. L2F, L2TP, and PPTP all lack native data encryption. Only IPsec includes native data encryption.
Which of the following VPN protocols do not offer native data encryption? (Choose all that apply.) A.L2F B.L2TP C.IPsec D.PPTP
10.D. NAT does not protect against or prevent brute-force attacks.
Which of the following is not a benefit of NAT? A.Hiding the internal IP addressing scheme B.Sharing a few public internet addresses with a large number of internal clients C.Using the private IP addresses from RFC 1918 on an internal network D.Filtering network traffic to prevent brute-force attacks
19.C. A brute-force attack is not considered a DoS.
Which of the following is not a denial-of-service attack? A.Exploiting a flaw in a program to consume 100 percent of the CPU B.Sending malformed packets to a system, causing it to freeze C.Performing a brute-force attack against a known user account when account lockout is not present D.Sending thousands of emails to a single address
B. It is often difficult to stop spam because the source of the messages is usually spoofed.
Why is spam so difficult to stop? A.Filters are ineffective at blocking inbound messages. B.The source address is usually spoofed. C.It is an attack requiring little expertise. D.Spam can cause denial-of-service attacks.
C. IPsec, or IP Security, is a standards-based mechanism for providing encryption for point-to-point TCP/IP traffic.
is a standards-based mechanism for providing encryption for point-to-point TCP/IP traffic.
11.B. When transparency is a characteristic of a service, security control, or access mechanism it is unseen by users.
11.A significant benefit of a security control is when it goes unnoticed by users. What is this called? A.Invisibility B.Transparency C.Diversion D.Hiding in plain sight
Changing default passwords
17.In addition to maintaining an updated system and controlling physical access, which of the following is the most effective countermeasure against PBX fraud and abuse? A.Encrypting communications B.Changing default passwords C.Using transmission logs D.Taping and archiving all conversations
B. DNS poisoning occurs when an attacker changes the domain name to IP address mappings of a system to redirect traffic to alternate systems. DNS spoofing occurs when an attacker sends false replies to a requesting system, beating valid replies from the actual DNS server. ARP spoofing provides a false hardware address in response to queries about an IP, and Cain & Abel is a powerful Windows hacking tool, but a Cain attack is not a specific type of attack.
19.During troubleshooting, Chris uses the nslookup command to check the IP address of a host he is attempting to connect to. The IP he sees in the response is not the IP that should resolve when the lookup is done. What type of attack has likely been conducted? A.DNS spoofing B.DNS poisoning C.ARP spoofing D.A Cain attack
PAP
20.What authentication protocol offers no encryption or protection for logon credentials? A.PAP B.CHAP C.SSL D.RADIUS
A. Multilayer protocols like DNP3 allow SCADA and other systems to use TCP/IP-based networks to communicate. Many SCADA devices were never designed to be exposed to a network, and adding them to a potentially insecure network can create significant risks. TLS or other encryption can be used on TCP packets, meaning that even serial data can be protected. Serial data can be carried via TCP packets because TCP packets don't care about their content; it is simply another payload. Finally, TCP/IP does not have a specific throughput as designed, so issues with throughput are device-level issues.
22.During a security assessment, Jim discovers that the organization he is working with uses a multilayer protocol to handle SCADA systems and recently connected the SCADA network to the rest of the organization's production network. What concern should he raise about serial data transfers carried via TCP/IP? A.SCADA devices that are now connected to the network can now be attacked over the network. B.Serial data over TCP/IP cannot be encrypted. C.Serial data cannot be carried in TCP packets. D.TCP/IP's throughput can allow for easy denial of service attacks against serial devices.
C. WEP has a very weak security model that relies on a single, predefined, shared static key. This means that modern attacks can break WEP encryption in less than a minute
23.What type of key does WEP use to encrypt wireless communications? A.An asymmetric key B.Unique key sets for each host C.A predefined shared static key D.Unique asymmetric keys for each host
B. A denial of service attack is an attack that causes a service to fail or to be unavailable. Exhausting a system's resources to cause a service to fail is a common form of denial of service attack. A worm is a self-replicating form of malware that propagates via a network, a virus is a type of malware that can copy itself to spread, and a Smurf attack is a distributed denial of service attack (DDoS) that spoofs a victim's IP address to systems using an IP broadcast, resulting in traffic from all of those systems to the target.
24.An attack that causes a service to fail by exhausting all of a system's resources is what type of attack? A.A worm B.A denial of service attack C.A virus D.A smurf attack
D. iSCSI is a converged protocol that allows location-independent file services over traditional network technologies. It costs less than traditional Fibre Channel. VoIP is Voice over IP, SDN is Software-defined networking, and MPLS is Multiprotocol Label Switching, a technology that uses path labels instead of network addresses.
27.Which of the following is a converged protocol that allows storage mounts over TCP, and which is frequently used as a lower-cost alternative to Fibre Channel? A.MPLS B.SDN C.VoIP D.iSCSI
A. Wardriving and warwalking are both processes used to locate wireless networks, but are not typically as detailed and thorough as a site survey, and design map is a made-up term.
35.In her role as an information security professional, Susan has been asked to identify areas where her organization's wireless network may be accessible even though it isn't intended to be. What should Susan do to determine where her organization's wireless network is accessible? A.A site survey B.Warwalking C.Wardriving D.A design map
D. Direct Inward System Access uses access codes assigned to users to add a control layer for external access and control of the PBX. If the codes are compromised, attackers can make calls through the PBX or even control it. Not updating a PBX can lead to a range of issues, but this question is looking for a DISA issue. Allowing only local calls and using unpublished numbers are both security controls and might help keep the PBX more secure
39.Jim's audit of a large organization's traditional PBX showed that Direct Inward System Access (DISA) was being abused by third parties. What issue is most likely to lead to this problem? A.The PBX was not fully patched. B.The dial-in modem lines use unpublished numbers. C.DISA is set up to only allow local calls. D.One or more users' access codes have been compromised
C. SPIT stands for Spam over Internet Telephony and targets VoIP systems
45.SPIT attacks target what technology? A.Virtualization platforms B.Web services C.VoIP systems D.Secure Process Internal Transfers
D. Bluesnarfing targets the data or information on Bluetooth-enabled devices. Bluejacking occurs when attackers send unsolicited messages via Bluetooth
46.What does a bluesnarfing attack target? A.Data on IBM systems B.An outbound phone call via Bluetooth C.802.11b networks D.Data from a Bluetooth-enabled device
C. FDDI, or Fiber Distributed Data Interface, is a token-passing network that uses a pair of rings with traffic flowing in opposite directions. It can bypass broken segments by dropping the broken point and using the second, unbroken ring to continue to function. Token Ring also uses tokens, but it does not use a dual loop. SONET is a protocol for sending multiple optical streams over fiber, and a ring topology is a design, not a technology
50.What network technology is best described as a token-passing network that uses a pair of rings with traffic flowing in opposite directions? A.A ring topology B.Token Ring C.FDDI D.SONET
D. PEAP provides encryption for EAP methods and can provide authentication. It does not implement CCMP, which was included in the WPA2 standard. LEAP is dangerously insecure and should not be used due to attack tools that have been available since the early 2000s.
56.Chris has been asked to choose between implementing PEAP and LEAP for wireless authentication. What should he choose, and why? A.LEAP, because it fixes problems with TKIP, resulting in stronger security B.PEAP, because it implements CCMP for security C.LEAP, because it implements EAP-TLS for end-to-end session encryption D.PEAP, because it can provide a TLS tunnel that encapsulates EAP methods, protecting the entire session
A. Data streams are associated with the Application, Presentation, and Session layers. Once they reach the Transport layer, they become segments (TCP) or datagrams (UDP). From there, they are converted to packets at the Network layer, frames at the Data Link layer, and bits at the Physical layer
64.Data streams occur at what three layers of the OSI model? A.Application, Presentation, and Session B.Presentation, Session, and Transport C.Physical, Data Link, and Network D.Data Link, Network, and Transport
C. A three-tier design separates three distinct protected zones and can be accomplished with a single firewall that has multiple interfaces. Single- and two-tier designs don't support the number of protected networks needed in this scenario, while a four-tier design would provide a tier that isn't needed.
65.Chris needs to design a firewall architecture that can support separately a DMZ, a database, and a private internal network. What type of design should he use, and how many firewalls does he need? A.A four-tier firewall design with two firewalls B.A two-tier firewall design with three firewalls C.A three-tier firewall design with at least one firewall D.A single-tier firewall design with three firewalls
C. These common ports are important to know, although some of the protocols are becoming less common. TCP 23 is used for Telnet; TCP 25 is used for SMTP (the Simple Mail Transfer Protocol); 143 is used for IMAP, the Internet Message Access Protocol; and 515 is associated with LPD, the Line Printer Daemon protocol used to send print jobs to printers. POP3 operates on TCP 110, SSH operates on TCP 22 (and SFTP operates over SSH), and X Windows operates on a range of ports between 6000 and 6063
7.What common applications are associated with each of the following TCP ports: 23, 25, 143, and 515? A.Telnet, SFTP, NetBIOS, and LPD B.SSH, SMTP, POP3, and ICMP C.Telnet, SMTP, IMAP, and LPD D.Telnet, SMTP, POP3, and X Windows
C. ICMP, RIP, and network address translation all occur at layer 3, the Network layer.
71.ICMP, RIP, and network address translation all occur at what layer of the OSI model? A.Layer 1 B.Layer 2 C.Layer 3 D.Layer 4
B. Frequency Hopping Spread Spectrum (FHSS), Direct Sequence Spread Spectrum (DSSS), and Orthogonal Frequency-Division Multiplexing (OFDM) all use spread spectrum techniques to transmit on more than one frequency at the same time. Neither FHSS nor DHSS uses orthogonal modulation, while multiplexing describes combining multiple signals over a shared medium of any sort. Wi-Fi may receive interference from FHSS systems but doesn't use it.
9.FHSS, DSSS, and OFDM all use what wireless communication method that occurs over multiple frequencies simultaneously? A.Wi-Fi B.Spread Spectrum C.Multiplexing D.Orthogonal modulation
9.B. Voice over IP (VoIP) allows for phone conversations to occur over an existing TCP/IP network and internet connection.
9.What technology allows for phone conversations to occur over an existing TCP/IP network and internet connection? A.IPsec B.VoIP C.SSH D.TLS
169.254.0.1 - 169.254.255.254
APIPA (Automatic Private IP addressing)
D. IPsec operates at the Network layer (layer 3).
At which OSI model layer does the IPsec protocol function? A.Data Link B.Transport C.Session D.Network
49152-65535
Dynamic Port numbers are
B. Concentrator
It multiples connected devices into one signal for transmission over network A. Repeater B. Concentrator C. Multiplexer D. Switch
10.0.0.0 - 10.255.255.255
Private Class A IP Address
172.16.0.0 - 172.31.255.255
Private Class B IP Address
192.168.0.0 - 192.168.255.255
Private Class C IP Address
1024-49151
Registered port numbers are
Star
The central network device to which all devices connect poses a single point of failure risk for the network with this type of topology
0-1023
The well known port numbers are:
C. Repeater
They are used to overcome signal degradation and is used to amplify signal strength. A. Multiplexer B. Hub C. Repeater D. Concentrator
Ring
This closed loop topology, one node failure results in entire ring failure
PPTP (Point-to-Point Tunneling Protocol), L2F, L2TP and IPSEC
VPN Protocols
5.D. An intermediary network connection is required for a VPN link to be established
Which of the following cannot be linked over a VPN? A.Two distant internet-connected LANs B.Two systems on the same LAN C.A system connected to the internet and a LAN connected to the internet D.Two systems without an intermediary network connection
127.0.0.1
loopback address
