CISSP - 4: Communication and Network Security

Which of the following will an organization's network vulnerability testing process best enhance? A. Firewall log review processes B. Asset management procedures C. Server hardening processes D. Code review procedures

A. Firewall log review processes

Which of the following is the primary issue when analyzing detailed log information? A. Logs may be unavailable when required B. Timely review of the data is potentially difficult C. Most systems and applications do not support logging D. Logs do not provide sufficient details of system and individual activities

B. Timely review of the data is potentially difficult

Which of the following is considered the primary security issue associated with encrypted e-mail messages? A. Key distribution B. Storing attachments in centralized repositories C. Scanning for viruses and other malware D. Greater costs associated for backups and restores

C. Scanning for viruses and other malware

At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located? A. Link layer B. Physical layer C. Session layer D. Application layer

D. Application layer

An organization has discovered that users are visiting unauthorized websites using anonymous proxies. Which of the following is the best way to prevent future occurrences? A. Remove the anonymity from the proxy B. Analyze Internet Protocol (IP) traffic for proxy requests C. Disable the proxy server on the firewall D. Block the Internet Protocol (IP) address of known anonymous proxies

D. Block the Internet Protocol (IP) address of known anonymous proxies

Which of the following best describes a Protection Profile (PP)? A. A document that expresses an implementation independent set of security requirements for an Information Technology (IT) product that meets specific consumer needs B. A document that is used to develop an Information Technology (IT) security product from its security requirements definition C. A document that expresses an implementation dependent set of security requirements which contains only the security functional requirements D. A document that represents evaluated products where there is a one-to-one correspondence between a PP and a Security Target (ST)

A. A document that expresses an implementation independent set of security requirements for an Information Technology (IT) product that meets specific consumer needs

An input validation and exception handling vulnerability has been discovered on a critical webbased system. Which of the following is most suited to quickly implement a control? A. Add a new rule to the application layer firewall B. Block access to the service C. Install an Intrusion Detection System (IDS) D. Patch the application source code

A. Add a new rule to the application layer firewall

Which of the following provides the most comprehensive filtering of Peer-to-Peer (P2P) traffic? A. Application proxy B. Port filter C. Network boundary router D. Access layer switch

A. Application proxy

Organization A is adding a large collection of confidential data records that it received when it acquired Organization B to its data store. Many of the users and staff from Organization B are no longer available. Which of the following must Organization A do to properly classify and secure the acquired data? A. Assign data owners from Organization A to the acquired data B. Create placeholder accounts that represent former users from Organization B C. Archive audit records that refer to users from Organization A D. Change the data classification for data acquired from Organization B

A. Assign data owners from Organization A to the acquired data

Which of the following is a peer entity authentication method for Point-to-Point Protocol (PPP)? A. Challenge Handshake Authentication Protocol (CHAP) B. Message Authentication Code (MAC) C. Transport Layer Security (TLS) handshake protocol D. Challenge-response authentication mechanism

A. Challenge Handshake Authentication Protocol (CHAP)

Which one of the following would cause an immediate review and possible change to the security policies of an organization? A. Change in technology B. Change in senior management C. Change to organization processes D. Change to organization goals

A. Change in technology

Which of the following is considered best practice for preventing e-mail spoofing? A. Cryptographic signature B. Uniform Resource Locator (URL) filtering C. Spam filtering D. Reverse Domain Name Service (DNS) lookup

A. Cryptographic signature

"Stateful" differs from "Static" packet filtering firewalls by being aware of which of the following? A. Difference between a new and an established connection B. Originating network location C. Difference between a malicious and a benign packet payload D. Originating application session

A. Difference between a new and an established connection

What is the best location in a network to place Virtual Private Network (VPN) devices when an internal review reveals network design flaws in remote access? A. In a dedicated Demilitarized Zone (DMZ) B. At the Internet Service Provider (ISP) C. In its own separate Virtual Local Area Network (VLAN) D. Outside the external firewall

A. In a dedicated Demilitarized Zone (DMZ)

A security professional should consider the protection of which of the following elements first when developing a defense-in-depth strategy for a mobile workforce? A. Network perimeters B. Demilitarized Zones (DMZ) C. Databases and back-end servers D. End-user devices

A. Network perimeters

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model? A. Packet filtering B. Port services filtering C. Content filtering D. Application access control

A. Packet filtering

Which of the following is the most secure protocol for remote command access to the firewall? A. Secure Shell (SSH) B. Trivial File Transfer Protocol (TFTP) C. Hypertext Transfer Protocol Secure (HTTPS) D. Simple Network Management Protocol (SNMP) v1

A. Secure Shell (SSH)

Which of the following must be done when promoting a security awareness program to senior management? A. Show the need for security; identify the message and the audience B. Ensure that the security presentation is designed to be all-inclusive C. Notify them that their compliance is mandatory D. Explain how hackers have enhanced information security

A. Show the need for security; identify the message and the audience

What can happen when an Intrusion Detection System (IDS) is installed inside a firewallprotected internal network? A. The IDS can detect failed administrator logon attempts from servers. B. The IDS can increase the number of packets to analyze. C. The firewall can increase the number of packets to analyze. D. The firewall can detect failed administrator login attempts from servers

A. The IDS can detect failed administrator logon attempts from servers.

What is the primary purpose of auditing, as it relates to the security review cycle? A. To ensure the organization's controls and policies are working as intended B. To ensure the organization can still be publicly traded C. To ensure the organization's executive team won't be sued D. To ensure the organization meets contractual requirements

A. To ensure the organization's controls and policies are working as intended

Which of the following is the most effective countermeasure against Man-in-the-Middle (MITM) attacks while using online banking? A. Transport Layer Security (TLS) B. Secure Sockets Layer (SSL) C. Pretty Good Privacy (PGP) D. Secure Shell (SSH)

A. Transport Layer Security (TLS)

In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node? A. Transport layer B. Application layer C. Network layer D. Session layer

A. Transport layer

Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol? A. WEP uses a small range Initialization Vector (IV) B. WEP uses Message Digest 5 (MD5) C. WEP uses Diffie-Hellman D. WEP does not use any Initialization Vector (IV)

A. WEP uses a small range Initialization Vector (IV)

Which of the following provides the most secure method for Network Access Control (NAC)? A. Media Access Control (MAC) filtering B. 802.1X authentication C. Application layer filtering D. Network Address Translation (NAT)

B. 802.1X authentication

Which of the following attacks is dependent upon the compromise of a secondary target in order to reach the primary target? A. Spear phishing B. Address Resolution Protocol (ARP) poisoning C. Watering hole D. Brute force

B. Address Resolution Protocol (ARP) poisoning

Which of the following is critical if an employee is dismissed due to violation of an organization's Acceptable Use Policy (AUP)? A. Privilege suspension B. Appropriate documentation C. Internet access logs D. Proxy records

B. Appropriate documentation

What protocol is often used between gateway hosts on the Internet? A. Exterior Gateway Protocol (EGP) B. Border Gateway Protocol (BGP) C. Open Shortest Path First (OSPF) D. Internet Control Message Protocol (ICMP)

B. Border Gateway Protocol (BGP)

A project requires the use of an authentication mechanism where playback must be protected and plaintext secret must be used. Which of the following should be used? A. Password Authentication Protocol (PAP) B. Challenge Handshake Authentication Protocol (CHAP) C. Extensible Authentication Protocol (EAP) D. Secure Hash Algorithm (SHA)

B. Challenge Handshake Authentication Protocol (CHAP)

When developing the entitlement review process, which of the following roles is responsible for determining who has a need for the information? A. Data Custodian B. Data Owner C. Database Administrator D. Information Technology (IT) Director

B. Data Owner

Which of the following is the best way to reduce the impact of an externally sourced flood attack? A. Block the source address at the firewall B. Have the service provider block the source address C. Have the source service provider block the address D. Block all inbound traffic until the flood ends

B. Have the service provider block the source address

Which of the following best describes the objectives of the Business Impact Analysis (BIA)? A. Identifying the events and environmental factors that can adversely affect an organization B. Identifying what is important and critical based on disruptions that can affect the organization C. Establishing the need for a Business Continuity Plan (BCP) based on threats that can affect an organization D. Preparing a program to create an organizational awareness for executing the Business Continuity Plan (BCP)

B. Identifying what is important and critical based on disruptions that can affect the organization

Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic Host Configuration Protocol (DHCP). Which of the following represents a valid measure to help protect the network against unauthorized access? A. Implement path management B. Implement port based security through 802.1x C. Implement DHCP to assign IP address to server systems D. Implement change management

B. Implement port based security through 802.1x

Which is the recommended configuration mode for sensors for an Intrusion Prevention System (IPS) if the prevention capabilities will be used? A. Active B. Inline C. Passive D. Span

B. Inline

Which of the following is a standard Access Control List (ACL) element that enables a router to filter Internet traffic? A. Media Access Control (MAC) address B. Internet Protocol (IP) address C. Security roles D. Device needs

B. Internet Protocol (IP) address

Which of the following provides the greatest level of data security for a Virtual Private Network (VPN) connection? A. Internet Protocol Payload Compression (IPComp) B. Internet Protocol Security (IPSec) C. Extensible Authentication Protocol (EAP) D. Remote Authentication Dial-In User Service (RADIUS)

B. Internet Protocol Security (IPSec)

From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system? A. Disable all recursive queries on the name servers B. Limit zone transfers to authorized devices C. Configure secondary servers to use the primary server as a zone forwarder D. Block all Transmission Control Protocol (TCP) connections

B. Limit zone transfers to authorized devices

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats? A. Layer 2 Tunneling Protocol (L2TP) B. Link Control Protocol (LCP) C. Challenge Handshake Authentication Protocol (CHAP) D. Packet Transfer Protocol (PTP)

B. Link Control Protocol (LCP)

Configuring a Wireless Access Point (WAP) with the same Service Set Identifier (SSID) as another WAP in order to have users unknowingly connect is referred to as which of the following? A. Jamming B. Man-in-the-Middle (MITM) C. War driving D. Internet Protocol (IP) spoofing

B. Man-in-the-Middle (MITM)

Which of the following techniques is effective to detect taps in fiber optic cables? A. Taking baseline signal level of the cable B. Measuring signal through external oscillator solution devices C. Outlining electromagnetic field strength D. Performing network vulnerability scanning

B. Measuring signal through external oscillator solution devices

Which of the following protocols will allow the encrypted transfer of content on the Internet? A. Server Message Block (SMB) B. Secure copy C. Hypertext Transfer Protocol (HTTP) D. Remote copy

B. Secure copy

Point-to-Point Protocol (PPP) was designed to specifically address what issue? A. A common design flaw in telephone modems B. Speed and reliability issues between dial-up users and Internet Service Providers (ISP) C. Compatibility issues with personal computers and web browsers D. The security of dial-up connections to remote networks

B. Speed and reliability issues between dial-up users and Internet Service Providers (ISP)

During examination of Internet history records, the following string occurs within a Unique Resource Locator (URL): http://www.companysite.com/products/products.asp?productid=123 or 1=1 What type of attack does this indicate? A. Directory traversal B. Structured Query Language (SQL) injection C. Cross-Site Scripting (XSS) D. Shellcode injection

B. Structured Query Language (SQL) injection

Which of the following is included in the Global System for Mobile Communications (GSM) security framework? A. Public-Key Infrastructure (PKI) B. Symmetric key cryptography C. Digital signatures D. Biometric authentication

B. Symmetric key cryptography

A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead of RS422. The project manager wants to simplify administration and maintenance by utilizing the office network infrastructure and staff to implement this upgrade. Which of the following is the greatest impact on security for the network? A. The network administrators have no knowledge of ICS B. The ICS is now accessible from the office network C. The ICS does not support the office password policy D. RS422 is more reliable than Ethernet

B. The ICS is now accessible from the office network

Which of the following is a Key Performance Indicator (KPI) for a security training and awareness program? A. The number of security audits performed B. The number of attendees at security training events C. The number of security training materials created D. The number of security controls implemented

B. The number of attendees at security training events

Why are packet filtering routers used in low-risk environments? A. They are high-resolution source discrimination and identification tools B. They are fast and flexible, and protect against Internet Protocol (IP) spoofing C. They are fast, flexible, and transparent D. They enforce strong user authentication and audit log generation

B. They are fast and flexible, and protect against Internet Protocol (IP) spoofing

Why would a security architect specify that a default route pointing to a sinkhole be injected into internal networks? A. To have firewalls route all network traffic B. To detect the traffic destined to non-existent network destinations C. To exercise authority over the network department D. To re-inject the route into external networks

B. To detect the traffic destined to non-existent network destinations

A Denial of Service (DoS) attack on a syslog server exploits weakness in which of the following protocols? A. Point-to-Point Protocol (PPP) and Internet Control Message Protocol (ICMP) B. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) C. Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP) D. Transport Layer Security (TLS) and Secure Sockets Layer (SSL)

B. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)

An audit of an application reveals that the current configuration does not match the configuration of the originally implemented application. Which of the following is the first action to be taken? A. Recommend an update to the change control process B. Verify the approval of the configuration change C. Roll back the application to the original configuration D. Document the changes to the configuration

B. Verify the approval of the configuration change

An Intrusion Detection System (IDS) is based on the general hypothesis that a security violation is associated with a pattern of system usage, which can be: A. differentiated from a normal usage pattern B. used to detect known violations C. used to detect a masquerader D. differentiated to detect all security violations

B. used to detect known violations

Which testing method requires very limited or no information about the network infrastructure? A. White box B. Static C. Black box D. Stress

C. Black box

In a dispersed network that lacks central control, which of the following is the primary course of action to mitigate exposure? A. Implement security policies and standards, data backups, and audit controls B. Implement management policies, audit control, and data backups C. Implement security policies and standards, access controls, and access limitations D. Implement remote access policies, shared workstations, and log management

C. Implement security policies and standards, access controls, and access limitations

Which of the following most applies to Session Initiation Protocol (SIP) security? A. It reuses security mechanisms derived from existing protocols B. It supports end-to-end security natively C. It leverages Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS) D. It requires a Public Key Infrastructure (PKI)

C. It leverages Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS)

Which of the following is an advantage of Secure Shell (SSH)? A. It operates at the network layer B. It encrypts transmitted User ID and passwords C. It uses challenge-response to authenticate each party D. It uses the International Data Encryption Algorithm (IDEA) for data privacy

C. It uses challenge-response to authenticate each party

How is Remote Authentication Dial-In User Service (RADIUS) authentication accomplished? A. It uses clear text and firewall rules B. It relies on Virtual Private Networks (VPN) C. It uses clear text and shared secret keys D. It relies on asymmetric encryption keys

C. It uses clear text and shared secret keys

What technique used for spoofing the origin of an email can successfully conceal the sender's Internet Protocol (IP) address? A. Virtual Private Network (VPN) B. Change In-Reply-To data C. Onion routing D. Web crawling

C. Onion routing

Transport Layer Security (TLS) provides which of the following capabilities for a remote access server? A. Transport layer handshake compression B. Application layer negotiation C. Peer identity authentication D. Digital certificate revocation

C. Peer identity authentication

An organization lacks a data retention policy. Of the following, who is the best person to consult for such requirement? A. Application Manager B. Database Administrator C. Privacy Officer D. Finance Manager

C. Privacy Officer

The Rivest-Shamir-Adleman (RSA) algorithm is best suited for which of the following operations? A. Bulk data encryption and decryption B. One-way secure hashing for user and message authentication C. Secure key exchange for symmetric cryptography D. Creating digital checksums for message integrity

C. Secure key exchange for symmetric cryptography

Access to which of the following is required to validate web session management? A. Log timestamp B. Live session traffic C. Session state variables D. Test scripts

C. Session state variables

In a High Availability (HA) environment, what is the primary goal of working with a virtual router address as the gateway to a network? A. The second of two routers can periodically check in to make sure that the first router is operational. B. The second of two routers can better absorb a Denial of Service (DoS) attack knowing the first router is present. C. The first of two routers fails and is reinstalled, while the second handles the traffic flawlessly. D. The first of two routers can better handle specific traffic, while the second handles the rest of the traffic seamlessly.

C. The first of two routers fails and is reinstalled, while the second handles the traffic flawlessly.

Individual access to a network is best determined based on: A. risk matrix B. value of the data . business need D. data classification

C. business need

The main use of Layer 2 Tunneling Protocol (L2TP) is to tunnel data A. through a firewall at the Session layer B. through a firewall at the Transport layer C. in the Point-to-Point Protocol (PPP) D. in the Payload Compression Protocol (PCP)

C. in the Point-to-Point Protocol (PPP)

A system with Internet Protocol (IP) address 10.102.10.2 has a physical address of 00:00:08:00:12:13:14:2f. The following static entry is added to its Address Resolution Protocol (ARP) table: 10.102.10.6: 00:00:08:00:12:13:14:2f. What form of attack could this represent? A. A Denial of Service (DoS) attack against the gateway router because the router can no longer accept packets from 10.102.10.2 B. A transport layer attack that prevents the resolution of 10.102.10.6 address C. A Denial of Service (DoS) attack against 10.102.10.2 because it cannot respond correctly to ARP requests D. A masquerading attack that sends packets intended for 10.102.10.6 to 10.102.10.2

D. A masquerading attack that sends packets intended for 10.102.10.6 to 10.102.10.2

What type of attack sends Internet Control Message Protocol (ICMP) echo requests to the target machine with a larger payload than the target can handle? A. Man-in-the-Middle (MITM) B. Denial of Service (DoS) C. Domain Name Server (DNS) poisoning D. Buffer overflow

D. Buffer overflow

Which of the following is the reason that transposition ciphers are easily recognizable? A. Key B. Block C. Stream D. Character

D. Character

Which of the following needs to be included in order for High Availability (HA) to continue operations during planned system outages? A. Redundant hardware, disk spanning, and patching B. Load balancing, power reserves, and disk spanning C. Backups, clustering, and power reserves D. Clustering, load balancing, and fault-tolerant options

D. Clustering, load balancing, and fault-tolerant options

A company receives an email threat informing of an Imminent Distributed Denial of Service (DDoS) attack targeting its web application, unless ransom is paid. Which of the following techniques best addresses that threat? A. Deploying load balancers to distribute inbound traffic across multiple data centers B. Set Up Web Application Firewalls (WAFs) to filter out malicious traffic C. Implementing reverse web-proxies to validate each new inbound connection D. Coordinate with and utilize capabilities within Internet Service Provider (ISP)

D. Coordinate with and utilize capabilities within Internet Service Provider (ISP)

An organization allows ping traffic into and out of their network. An attacker has installed a program on the network that uses the payload portion of the ping packet to move data into and out of the network. What type of attack has the organization experienced? A. Data leakage B. Unfiltered channel C. Data emanation D. Covert channel

D. Covert channel

A security practitioner is tasked with securing the organization's Wireless Access Points (WAP). Which of these is the most effective way of restricting this environment to authorized users? A. Enable Wi-Fi Protected Access 2 (WPA2) encryption on the wireless access point B. Disable the broadcast of the Service Set Identifier (SSID) name C. Change the name of the Service Set Identifier (SSID) to a random value not associated with the organization D. Create Access Control Lists (ACL) based on Media Access Control (MAC) addresses

D. Create Access Control Lists (ACL) based on Media Access Control (MAC) addresses

Which of the following is best achieved through the use of eXtensible Access Markup Language (XACML)? A. Minimize malicious attacks from third parties B. Manage resource privileges C. Share digital identities in hybrid cloud D. Defined a standard protocol

D. Defined a standard protocol

How does Encapsulating Security Payload (ESP) in transport mode affect in the Internet Protocol (IP)? A. Authenticates the IP payload and selected portions of the IP header B. Encrypts and optionally authenticates the complete IP packet C. Encrypts and optionally authenticates the IP header, but not the IP payload D. Encrypts and optionally authenticates the IP payload, but not the IP header

D. Encrypts and optionally authenticates the IP payload, but not the IP header

What does a Synchronous (SYN) flood attack do? A. Forces Transmission Control Protocol /Internet Protocol (TCP/IP) connections into a reset state B. Establishes many new Transmission Control Protocol / Internet Protocol (TCP/IP) connections C. Empties the queue of pending Transmission Control Protocol /Internet Protocol (TCP/IP) requests D. Exceeds the limits for new Transmission Control Protocol /Internet Protocol (TCP/IP) connections

D. Exceeds the limits for new Transmission Control Protocol /Internet Protocol (TCP/IP) connections

A post-implementation review has identified that the Voice Over Internet Protocol (VoIP) system was designed to have gratuitous Address Resolution Protocol (ARP) disabled. Why did the network architect likely design the VoIP system with gratuitous ARP disabled? A. Gratuitous ARP requires the use of Virtual Local Area Network (VLAN) 1. B. Gratuitous ARP requires the use of insecure layer 3 protocols. C. Gratuitous ARP requires the likelihood of a successful brute-force attack on the phone. D. Gratuitous ARP requires the risk of a Man-in-the-Middle (MITM) attack.

D. Gratuitous ARP requires the risk of a Man-in-the-Middle (MITM) attack.

Which of the following best describes botnets? A. Computer systems on the Internet that are set up to trap people who attempt to penetrate other computer systems B. Set of related programs that protects the resources of a private network from other networks C. Small network inserted in a neutral zone between an organization's private network and the outside public network D. Groups of computers that are used to launch destructive attacks

D. Groups of computers that are used to launch destructive attacks

An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the most effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information? A. Implement packet filtering on the network firewalls B. Install Host Based Intrusion Detection Systems (HIDS) C. Require strong authentication for administrators D. Implement logical network segmentation at the switches

D. Implement logical network segmentation at the switches

Which of the following would an attacker best be able to accomplish through the use of Remote Access Tools (RAT)? A. Reduce the probability of identification B. Detect further compromise of the target C. Destabilize the operation of the host D. Maintain and expand control

D. Maintain and expand control

Which of the following is the best network defense against unknown types of attacks or stealth attacks in progress? A. Intrusion Prevention Systems (IPS) B. Intrusion Detection Systems (IDS) C. Stateful firewalls D. Network Behavior Analysis (NBA) tools

D. Network Behavior Analysis (NBA) tools

Which Redundant Array of Independent Disks (RAID) Level does the following diagram represent? A. RAID 0 B. RAID 1 C. RAID 5 D. RAID 10

D. RAID 10

A security professional should ensure that clients support which secondary algorithm for digital signatures when a Secure Multipurpose Internet Mail Extension (S/MIME) is used? A. Triple Data Encryption Standard (3DES) B. Advanced Encryption Standard (AES) C. Digital Signature Algorithm (DSA) D. Rivest-Shamir-Adleman (RSA)

D. Rivest-Shamir-Adleman (RSA)

Digital certificates used in Transport Layer Security (TLS) support which of the following? A. Information input validation B. Non-repudiation controls and data encryption C. Multi-Factor Authentication (MFA) D. Server identity and data confidentially

D. Server identity and data confidentially

What is the purpose of an Internet Protocol (IP) spoofing attack? A. To send excessive amounts of data to a process, making it unpredictable B. To intercept network traffic without authorization C. To disguise the destination address from a target's IP filtering devices D. To convince a system that it is communicating with a known entity

D. To convince a system that it is communicating with a known entity