CISSP CBK Review Seminar -- Domain 4 Flashcards
- Which of the following is the MAIN advantage of having an application gateway?
(A) To perform change control procedures for applications
(B) To provide a means for applications to move into production
(C) To log and control incoming and outgoing application traffic
(D) To audit and approve changes to applications
(C) To log and control incoming and outgoing application traffic
- What is the purpose of the Encapsulating Security Payload (ESP) in the Internet Protocol (IP) Security Architecture for Internet Protocol Security (IPSec)?
(A) To provide non-repudiation and confidentiality for IP transmissions
(B) To provide integrity and confidentiality for IP transmissions
(C) To provide integrity and authentication for IP transmissions
(D) To provide key management and key distribution for IP transmissions
(B) To provide integrity and confidentiality for IP transmissions
- To support legacy applications that rely on risky protocols (e.g., plain text passwords), which one of the following can be implemented to mitigate the risks on a corporate network?
(A) Implement strong, centrally-generated passwords to control use of the vulnerable applications
(B) Implement a Virtual Private Network (VPN) with controls on workstations joining the VPN
(C) Use physical access controls to ensure that only authorized, trained users have access to workstations
(D) Ensure audit logging is enabled on all hosts and applications with frequent log reviews
(B) Implement a Virtual Private Network (VPN) with controls on workstations joining the VPN
- What type of networking model can be deployed for small, inexpensive, and less secure networking?
(A) Wide Area Network (WAN)
(B) Metropolitan Area Network (MAN)
(C) Campus Area Network (CAN)
(D) Peer-to-Peer Network (P2P)
(D) Peer-to-Peer Network (P2P)
- Initial and ongoing authentication can be used as mitigation against which of the following network attacks?
(A) Spoofing
(B) Tampering
(C) Side channel
(D) Traffic analysis
(A) Spoofing
- Which one of the following is an example of electronic piggybacking?
(A) Attaching to a communications line and injecting data
(B) Abruptly terminating a dial-up or direct-connect session
(C) Following an authorized user into the computer room
(D) Recording and playing back computer transactions
(A) Attaching to a communications line and injecting data
- Wired Equivalent Privacy (WEP) uses which of the following ciphers?
(A) Rivest-Shamir-Adleman (RSA)
(B) Triple Data Encryption Standard (3DES)
(C) Advanced Encryption Standard (AES)
(D) Rivest Cipher 4 (RC4)
(D) Rivest Cipher 4 (RC4)
- The purpose of the Internet Protocol Security (IPSec) Authentication Header (AH) is to provide
(A) Proof of delivery.
(B) Encryption of a payload.
(C) Validation of the sender.
(D) Validation of the recipient.
(C) Validation of the sender.
- What technology interleaves data frames from multiple conversations into a single data stream for transmission?
(A) Time-Division Multiplexing (TDM)
(B) Real-time Transport Protocol (RTP)
(C) Synchronous Data Link Control (SDLC)
(D) Wired Equivalent Privacy 2 (WEP2)
(A) Time-Division Multiplexing (TDM)
- Why does fiber optic communication technology have a significant security advantage over other transmission technology?
(A) Higher data rates can be transmitted.
(B) Interception of data traffic is more difficult.
(C) Traffic analysis is prevented by multiplexing.
(D) Single and double-bit errors are correctable.
(B) Interception of data traffic is more difficult.
- Which of the following is NOT a protection feature associated with Secure Sockets Layer (SSL)?
(A) Certificate-based authentication of web client
(B) Certificate-based authentication of web server
(C) Data confidentiality between client and web server
(D) Data confidentiality between two web servers
(D) Data confidentiality between two web servers
- What is considered an industry standard for Internet Protocol Security (IPSec)
remote access Virtual Private Networks (VPN) key exchange?
(A) Internet Key Exchange (IKE) Extended Authentication
(B) Internet Security Association and Key Management Protocol (ISAKMP)
(C) Transport Layer Security (TLS)
(D) Interior Gateway Routing Protocol (IGRP)
(A) Internet Key Exchange (IKE) Extended Authentication
- Referring to the following diagram, which of the following statements is most correct:
(A) Place the enterprise mail server in the DMZ area because a mail relay would not provide adequate mail service.
(B) Place a router between the Internet and the first firewall to provide appropriate warning that the firewall is under attack.
(C) VPN connections from a VPN concentrator should terminate at the firewall closest to the network to minimize traffic in the DMZ area.
(D) A protocol based network Intrusion Detection System (IDS) could be placed in the DMZ area.
(D) A protocol based network Intrusion Detection System (IDS) could be placed in the DMZ area.
- The network topology that provides the MOST security and the least risk is:
(A) Symmetric networks because the increased amount of redundancy reduces the possibility of an integrity error occurring without being caught.
(B) Symmetric Key Cryptography because of its speed.
(C) Bus because all users are on the same LAN segment.
(D) Ring if it is dedicated with no external connections
(D) Ring if it is dedicated with no external connections
- IPSEC (IP Security), S-HTTP (Secure HTTP) and SSL (Secure Socket Layer) are examples of ?
(A) Secure Multi-purpose Internet Mail Extensions (S/MIME).
(B) Secure Internet protocols.
(C) Internet transaction protocols.
(D) Application protocol interfaces.
(B) Secure Internet protocols.
