CISSP (Chapter 6 - Telecommunications and Network Security Flashcards
(41 cards)
What does it mean if someone says they were a victim of a Bluejacking attack? A. An unsolicited message was sent. B. A cell phone was cloned. C. An IM channel introduced a worm. D. Traffic was analyzed.
A. Bluejacking occurs when someone sends an unsolicited message to a device that is Bluetooth-enabled. Bluejackers look for a receiving device (phone, PDA, tablet PC, laptop) and then send a message to it. Often, the Bluejacker is trying to send someone else their business card, which will be added to the victim’s contact list in their address book.
How does TKIP provide more protection for WLAN environments?
A. It uses the AES algorithm.
B. It decreases the IV size and uses the AES algorithm.
C. It adds more keying material.
D. It uses MAC and IP filtering.
C. The TKIP protocol actually works with WEP by feeding it keying material, which is data to be used for generating random keystreams. TKIP increases the IV size, ensures it is random for each packet, and adds the sender’s MAC address to the keying material.
Which of the following is not a characteristic of the IEEE 802.11a standard?
A. It works in the 5GHz range.
B. It uses the OFDM spread spectrum technology.
C. It provides 52 Mbps in bandwidth.
D. It covers a smaller distance than 802.11b
C. The IEEE standard 802.11a uses the OFDM spread spectrum technology, works in the 5GHz frequency band, and provides bandwidth of up to 54 Mbps. The operating range is smaller because it works at a higher frequency.
Why are switched infrastructures safer environments than routed networks?
A. It is more difficult to sniff traffic since the computers have virtual private connections.
B. They are just as unsafe as nonswitched environments.
C. The data link encryption does not permit wiretapping.
D. Switches are more intelligent than bridges and implement security mechanisms.
A. Switched environments use switches to allow different network segments and/or systems to communicate. When this communication takes place, a virtual connection is set up between the communicating devices. Since it is a dedicated connection, broadcast and collision data are not available to other systems, as in an environment that uses purely bridges and router
Which of the following protocols is considered connection-oriented? A. IP B. ICMP C. UDP D. TCP
D. TCP is the only connection-oriented protocol listed. A connection-oriented protocol provides reliable connectivity and data transmission, while a connectionless protocol provides unreliable connections and does not promise or ensure data transmission.
Which of the following can take place if an attacker can insert tagging values into network- and switch-based protocols with the goal of manipulating traffic at the data link layer? A. Open relay manipulation B. VLAN hopping attack C. Hypervisor denial-of-service attack D. Smurf attack
B. VLAN hopping attacks allow attackers to gain access to traffic in various VLAN segments. An attacker can have a system act as though it is a switch. The system understands the tagging values being used in the network and the trunking protocols, and can insert itself between other VLAN devices and gain access to the traffic going back and forth. Attackers can also insert tagging values to manipulate the control of traffic at this data link layer.
Which of the following proxies cannot make access decisions based upon protocol commands? A. Application B. Packet filtering C. Circuit D. Stateful
C. Application and circuit are the only types of proxy-based firewall solutions listed here. The others do not use proxies. Circuit-based proxy firewalls make decisions based on header information, not the protocol’s command structure. Application-based proxies are the only ones that understand this level of granularity about the individual protocols.
Which of the following is a bridge-mode technology that can monitor individual traffic links between virtual machines or can be integrated within a hypervisor component?
A. Orthogonal frequency division
B. Unified threat management modem
C. Virtual firewall
D. Internet Security Association and Key Management Protocol
C. Virtual firewalls can be bridge-mode products, which monitor individual traffic links between virtual machines, or they can be integrated within the hypervisor. The hypervisor is the software component that carries out virtual machine management and oversees guest system software execution. If the firewall is embedded within the hypervisor, then it can “see” and monitor all the activities taking place within the one system.
Which of the following shows the layer sequence as layers 2, 5, 7, 4, and 3?
A. Data link, session, application, transport, and network
B. Data link, transport, application, session, and network
C. Network, session, application, network, and transport
D. Network, transport, application, session, and presentation
A. The OSI model is made up of seven layers: application (layer 7), presentation (layer 6), session (layer 5), transport (layer 4), network (layer 3), data link (layer 2), and physical (layer 1).
Which of the following technologies integrates previously independent security solutions with the goal of providing simplicity, centralized control, and streamlined processes? A. Network convergence B. Security as a service C. Unified Threat Management D. Integrated convergence management
C. It has become very challenging to manage the long laundry list of security solutions almost every network needs to have in place. The list includes, but is not limited to, firewalls, antimalware, antispam, IDS\IPS, content filtering, data leak prevention, VPN capabilities, and continuous monitoring and reporting. Unified Threat Management (UTM) appliance products have been developed that provide all (or many) of these functionalities into a single network appliance. The goals of UTM are simplicity, streamlined installation and maintenance, centralized control, and the ability to understand a network’s security from a holistic point of view
Metro Ethernet is a MAN protocol that can work in network infrastructures made up of access, aggregation, metro, and core layers. Which of the following best describes these network infrastructure layers?
A. The access layer connects the customer’s equipment to a service provider’s aggregation network. Aggregation occurs on a core network. The metro layer is the metropolitan area network. The core connects different metro networks.
B. The access layer connects the customer’s equipment to a service provider’s core network. Aggregation occurs on a distribution network at the core. The metro layer is the metropolitan area network.
C. The access layer connects the customer’s equipment to a service provider’s aggregation network. Aggregation occurs on a distribution network. The metro layer is the metropolitan area network. The core connects different access layers.
D. The access layer connects the customer’s equipment to a service provider’s aggregation network. Aggregation occurs on a distribution network. The metro layer is the metropolitan area network. The core connects different metro networks.
D. The access layer connects the customer’s equipment to a service provider’s aggregation network. Aggregation occurs on a distribution network. The metro layer is the metropolitan area network. The core connects different metro networks.
Which of the following provides an incorrect definition of the specific component or protocol that makes up IPSec?
A. Authentication header protocol provides data integrity, data origin authentication, and protection from replay attacks.
B. Encapsulating security payloads protocol provides confidentiality, data origin authentication, and data integrity.
C. Internet Security Association and Key Management Protocol provides a framework for security association creation and key exchange.
D. Internet Key Exchange provides authenticated keying material for use with encryption algorithms.
D. Authentication header protocol provides data integrity, data origin authentication, and protection from replay attacks. Encapsulating security payloads protocol provides confidentiality, data origin authentication, and data integrity. Internet Security Association and Key Management Protocol provides a framework for security association creation and key exchange. Internet Key Exchange provides authenticated keying material for use with
the Internet Security Association and Key Management Protocol.
Systems that are built on the OSI framework are considered open systems. What does this mean?
A. They do not have authentication mechanisms configured by default.
B. They have interoperability issues.
C. They are built with internationally accepted protocols and standards so they can easily communicate with other systems.
D. They are built with international protocols and standards so they can choose what types of systems they will communicate with.
C. An open system is a system that has been developed based on standardized protocols and interfaces. Following these standards allows the systems to interoperate more effectively with other systems that follow the same standards.
Which of the following protocols work in the following layers: application, data link, network, and transport? A. FTP, ARP, TCP, and UDP B. FTP, ICMP, IP, and UDP C. TFTP, ARP, IP, and UDP D. TFTP, RARP, IP, and ICMP
C. Different protocols have different functionalities. The OSI model is an attempt to describe conceptually where these different functionalities take place in a networking stack. The model attempts to draw boxes around reality to help people better understand the stack. Each layer has a specific functionality and has several different protocols that can live at that layer and carry out that specific functionality. These listed protocols work at these associated layers: TFTP (application), ARP (data link), IP (network), and UDP (transport).
Which of the following allows for the ability to pool resources, automate resource provisioning, and increase and decrease processing capacity quickly to meet the needs of dynamic computing workloads? A. Software as a Service B. Network convergence C. IEEE 802.1x D. RAID
B. Network convergence means the combining of server, storage, and network capabilities into a single framework. This helps to decrease the costs and complexity of running data centers and has accelerated the evolution of cloud computing. Converged infrastructures provide the ability to pool resources, automate resource provisioning, and increase and decrease processing capacity quickly to meet the needs of dynamic computing workloads
What takes place at the data link layer? A. End-to-end connection B. Dialog control C. Framing D. Data syntax
C. The data link layer, in most cases, is the only layer that understands the environment in which the system is working, whether it be Ethernet, Token Ring, wireless, or a connection to a WAN link. This layer adds the necessary headers and trailers to the frame. Other systems on the same type of network using the same technology understand only the specific header and trailer format used in their data link technology.
What takes place at the session layer? A. Dialog control B. Routing C. Packet sequencing D. Addressing
A. The session layer is responsible for controlling how applications communicate, not how computers communicate. Not all applications use protocols that work at the session layer, so this layer is not always used in networking functions. A session layer protocol will set up the connection to the other application logically and control the dialog going back and forth. Session layer protocols allow applications to keep track of the dialog.
Which best describes the IP protocol?
A. A connectionless protocol that deals with dialog establishment, maintenance, and destruction
B. A connectionless protocol that deals with the addressing and routing of packets
C. A connection-oriented protocol that deals with the addressing and routing of packets
D. A connection-oriented protocol that deals with sequencing, error detection, and flow control
B. The IP protocol is connectionless and works at the network layer. It adds source and destination addresses to a packet as it goes through its data encapsulation process. IP can also make routing decisions based on the destination address.
- Which of the following is not a characteristic of the Protected Extensible Authentication Protocol?
A. Authentication protocol used in wireless networks and point-to-point connections
B. Designed to provide authentication for 802.11 WLANs
C. Designed to support 802.1X port access control and transport layer security
D. Designed to support password-protected connections
D. PEAP (Protected Extensible Authentication Protocol) is a version of EAP and is an authentication protocol used in wireless networks and point-to-point connections. PEAP is designed to provide authentication for 802.11 WLANs, which support 802.1X port access control and TLS. It is a protocol that encapsulates EAP within a potentially encrypted and authenticated TLS tunnel.
The \_\_\_\_\_\_\_\_\_\_\_\_\_\_ is an IETF-defined signaling protocol, widely used for controlling multimedia communication sessions such as voice and video calls over IP. A. Session Initiation Protocol B. Real-time Transport Protocol C. SS7 D. VoIP
A. The Session Initiation Protocol (SIP) is an IETF-defined signaling protocol, widely used for controlling multimedia communication sessions such as voice and video calls over IP. The protocol can be used for creating, modifying, and terminating two-party (unicast) or multiparty (multicast) sessions consisting of one or several media streams.
Which of the following is not one of the stages of the DHCP lease process?
i. Discover
ii. Offer
iii. Request
iv. Acknowledgment
A. All of them
B. None of them
C. i, ii
D. ii, iii
B. The four-step DHCP lease process is:
• DHCPDISCOVER message This message is used to request an IP address lease from a DHCP server.
• DHCPOFFER message This message is a response to a DHCPDISCOVER message, and is sent by one or numerous DHCP servers.
• DHCPREQUEST message The client sends the initial DHCP server that responded to its request a DHCP Request message.
• DHCPACK message The DHCP Acknowledge message is sent by the DHCP server to the DHCP client and is the process whereby the DHCP server assigns the IP address lease to the DHCP client.
An effective method to shield networks from unauthenticated DHCP clients is through the use of \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_ on network switches. A. DHCP snooping B. DHCP protection C. DHCP shielding D. DHCP caching
A. DHCP snooping ensures that DHCP servers can assign IP addresses to only selected systems, identified by their MAC addresses. Also, advance network switches now have the capability to direct clients toward legitimate DHCP servers to get IP addresses and to restrict rogue systems from becoming DHCP servers on the network.
Don is a security manager of a large medical institution. One of his groups develops proprietary software that provides distributed computing through a client/server model. He has found out that some of the systems that maintain the proprietary software have been experiencing half-open denial-of-service attacks. Some of the software is antiquated and still uses basic remote procedure calls, which has allowed for masquerading attacks to take place.
What type of client ports should Don make sure the institution’s software is using when client-to-server communication needs to take place? A. Well known B. Registered C. Dynamic D. Free
C. Well-known ports are mapped to commonly used services (HTTP, FTP, etc.). Registered ports are 1,024–49,151, and vendors register specific ports to map to their proprietary software. Dynamic ports (private ports) are available for use by any application.
Don is a security manager of a large medical institution. One of his groups develops proprietary software that provides distributed computing through a client/server model. He has found out that some of the systems that maintain the proprietary software have been experiencing half-open denial-of-service attacks. Some of the software is antiquated and still uses basic remote procedure calls, which has allowed for masquerading attacks to take place.
Which of the following is a cost-effective countermeasure that Don’s team should implement? A. Stateful firewall B. Network address translation C. SYN proxy D. IPv6
C. A half-open attack is a type of DoS that is also referred to as a SYN flood. To thwart this type of attack, you can use SYN proxies, which limit the number of open and abandoned network connections. The SYN proxy is a piece of software that resides between the sender and receiver, and only sends TCP traffic to the receiving system if the TCP handshake process completes successfully.
