CISSP Domain 4

Question 1

What are modes vpn can operate on?

Answer 1

• Transport : Internally, between trusted network, end to end encryption, Provides encryption only to payload
• Tunnel : Externally , between untrusted networks, provides encryption to payload and ip sec header, link encryption

Question 2

What are the different protocols in IPSec ?

Answer 2

AH: Provides I, N, Provides session access control and prevents replay attacks
ESP: C, I of payload, limited authentication

Hmac for hashing

IP comp used by IP sec to compress data

Uses hybrid cryptography

IKE - To manage cryptography keys and comprise of :

OAKLEY: Key generation and exchange like D-H key exchange

SKEME: secure key exchange

ISAKMP: Organize and manage key generated by above two

Security association: Agreed on authentication and encryption used by two entities

ISAKMP is used to negotiate and provide authenticated keying material for SA in secure manner

Each IPSec vpn uses 2 SA’s

1. One for encrypted transmission
2. One for encrypted reception

This is what enables ipsec to support multiple simultaneous vpns

Question 3

Difference between vlan and subnet ?

Answer 3

Vlan is created by switches “ Deny by default and allow by exception” whereas subnet using IP address

Question 4

What are ARP concerns mainly ARP cache poisoning ?

Answer 4

It maps ip to mac address translation

ARP cache poisoning : When IP to mac mapping needs to be done it looks at ARP cache table if it’s not there then it send broadcast.

If the owner is there in local subnet it can respond with ARP reply/response

ARP cache poisoning occurs in second step by attacker

2. ARP graticious or unsolicited replies: Occurs without ARP asking for reply/response
3. Static IP entries: ARP cache poisoning

Question 5

Best defence against ARP concerns?

Answer 5

Port security in switch
HIDPS
ARP watch
Establish ARP static entries

Question 6

What are different modes wifi can be deployed?

Answer 6

Ad-hoc mode:(P2P) Without centralized control authority wireless device can communicate

Wifi direct: Upgraded version of ad hoc

Infrastructure mode: Using WAP

Standalone mode: WAP connecting using wireless instead of wire

Wired extension mode

Enterprise extended mode: Multiple WAP used and will use ESSID so that devices can connect even when WAP changes

Bridge mode: Wireless connection to link two wired network

Question 7

What are different types of wireless security?

Answer 7

IEEE802.11 uses OSA and SKA

WEP- RC4
WPA - TKIP
WPA2 and 3 - AES CCMP uses Simultaneous authentication of equals
802.1X support enterprise authentication using EAP which is a framework

WPS is in WAP

Question 8

What are the ways limited radio frequencies can be managed?

Spread spectrum
FHSS
DHSS
OFDM

Answer 8

Spread spectrum: Communication occurs over multiple frequencies. Example: Message broken into pieces and sent in different frequencies

FHSS: Transmits data in series across range of frequency, but only frequency at time

DHSS: Employs frequency in parallel. Uses chipping code to allow receiver to reconstruct the data

OFDM: Does not cause interference
Employs a digital multi carrier, allows for more tightly compacted transmission

Question 9

Blue sniffing

Answer 9

Packet capture Bluetooth focused

Question 10

Blue smacking

Answer 10

DOS attack through transmission

Question 11

Blue jacking

Answer 11

Sending unsolicited message

Annoyance

Question 12

Blue snarfing

Answer 12

Unauthorised access of data

Data theft

Question 13

Blue bugging

Answer 13

Remote control over hardware and software if your devices by enabling microphone

Question 14

Difference between NFC and RFID

Answer 14

NFC few inches proximity device
RFID few feet

Both are privacy violation technology

Question 15

War driving

Answer 15

To detect wireless network signals, often ones not authorised to access

Question 16

Evil twin

Answer 16

Acess point

Hacker operates false access points that will automatically clone or twin identity of an AP

Question 17

Dis-association frames and deauthentication packet

Answer 17

Both are WAP related
Dis-association frames used to disconnect from one WAP as it connects another WAP in the same ESSID network. If used maliciously client loses their wireless link

Question 18

Replay attack

Answer 18

Retransmission of captured communications with hope of gaining access to targeted system

Question 19

How can a screened subnet be implemented?

Answer 19

To connect untrusted to trusted network

2 firewalls or 1 multihomed firewall - 1 firewall, 1 interface to internet and 1 to screened subnet , 1 intranet

Question 20

Collision domain vs broadcast domsin

Answer 20

Two systems transmit data at same time into single transmission path - layer 2

Single system transmits data to multiple recipient - layer 3 and above

Question 21

Network access control

Answer 21

Controlling access control through strict adherence to Enforcement of security policy

Question 22

How NAC can be implemented?

Answer 22

Pre admission philosophy: Meet all security requirements before granting access

Post admission philosophy: Allow and deny access based on user activity, pre-defined Authorization matrix

Question 23

What are agent based and agent less NAC ?

Answer 23

Agent installed for monitoring

NAC solution performs port scan and compares with baseline from NAC server

Question 24

Allow listing

Answer 24

Default deny, allow by exception

Question 25

Bastion host

Answer 25

Withstand attack like firewall It's Hardened and exposed to internet

Question 26

Static packet filtering firewall

Answer 26

Message header Destination IP (layer 3) and port address (layer 4) Stateless firewall

Question 27

Application firewall

Answer 27

WAF Works at layer 7

Question 28

Circuit level firewall

Answer 28

**Session layer 5 protocol** Establish connection of circuit Stateless

Question 29

Stateful inspection firewall

Answer 29

Operate at layer 3 and above Stateful **Deep packet inspection** Context analysis

Question 30

ISFW

Answer 30

Microsegmentation

Question 31

Proxy server and 2 types

Answer 31

Protect identity of the client internally Forward proxy : Intermediary for queries of external sources handles query from internal clients Reverse proxy : opp. Handles inbound query from external systems

Question 32

Goal of EDR

Answer 32

**Detect abuses which are more advanced and cannot be detected by traditional AV program** Detect Record Evaluate Respond Caused by problematic software or users

Question 33

MDR

Answer 33

Monitor IT environment quickly detect and resolve threats

Question 34

EPP

Answer 34

Predict prevent detect and respond

Question 35

PPP

Answer 35

Encapsulation of IP traffic over data link layer or dial up Allows multivendor interoperability

Question 36

PAP and CHAP

Answer 36

Password in clear text and challenge response

Question 37

EAP

Answer 37

It's framework rather than protocol mainly used in biometrics, tokens, Smartcards

Question 38

EAP TLS and EAP TTLS

Answer 38

Mutual authentication Creates vpn like tunnel between end points prior to authentication

Question 39

IEEE 803.1X

Answer 39

Authentication technology Makes port based decisions or port based network access control It's based on EAP

Question 40

Port security

Answer 40

Smart patch panel it's like NAC

Question 41

VoIP communication using different phone

Answer 41

VoIP to pstn gateway to be present

Question 42

Phreaking

Answer 42

Targeted towards telephone system and voice services in general

Question 43

PBX and how to add authentication

Answer 43

Telephone switching exchange system deployed in private organisation Direct inward system access

Question 44

Remote access techniques

Answer 44

Service specific: Email control Remote control: Fully control physical system that is distant Remote node operation: remote client establish connectivity to wireless, VPN Screen scraper: **screen scrapped down** 2 meaning remote access, remote control, remote desktop services Virtual desktops or virtual apps 2 - Technology which helps automated tool to interact with HMI

Question 45

Load balancer and types

Answer 45

Used to spread or distribute network traffic load across several network links or network devices across server farm or cluster Active -Active vs Active passive Virtual ips Vs load persistence

Question 46

S/MIME

Answer 46

Email security solution that offers authentication (X.509 digital certificates) and confidentiality (public key encryption)

Question 47

Domain key identified mail

Answer 47

Assert valid mail is sent by an organisation through verification of domain name identity

Question 48

SPF

Answer 48

Data origin using SMTP

Question 49

Domain message authentication reporting and conformance

Answer 49

Dns based email authentication

Question 50

Starttls

Answer 50

Secure SMTP over TLS It's a command

Question 51

Security service provided by VPN and vpn concentrator

Answer 51

Access control, authentication, c, i VPN example of virtualized network Dedicated hardware to support simultaneous vpns

Question 52

Tunneling

Answer 52

Protects contents of inner protocol by encapsulation in another protocol

Question 53

Split Tunnel vs full tunnel

Answer 53

VPN internally and open internet Both vpn enabled

Question 54

Mac flooding and fix

Answer 54

Abuse of switch by flooding of ethernet frames The switch maintains a table called content addressable memory (CAM) Once CAM is full older entries will be dropped and filled with false addresses causing unable to forward Fix: MAC limiting from each jack/port

Question 55

Mac spoofing and fix

Answer 55

**layer 2 can be attacked from within** Changing default mac address to some other values

Question 56

MAC cloning and fix

Answer 56

Impersonate another system Mac filtering is a security mechanism to restrict access Used in WAP and switches

Question 57

PAT

Answer 57

Instead of doing 1:1 map of internal clients to nat we can configure in one port

Question 58

Third party connectivity

Answer 58

MoU -reciprocal handshake agreement ISA- Interconnection security agreement Risk assessment 1. Extranet 2. Private cloud 3. Secure file sharing

Question 59

SDN and how can you fix MITM challenge?

Answer 59

Centrally controlled Separate control plane from the data plane Opens up security challenges like mitm and DoS **can be secured with TLS**

Question 60

SD-Wan

Answer 60

Connectivity from branch offices centrally managed Many networks can be connected- mpls, lte Security: IP sec, vpn tunnels, ngfw, micro segmentation

Question 61

Zigbee

Answer 61

Personal area network for monitoring iot devices During pre configuration a single key might be sent unprotected

Question 62

5 G

Answer 62

Faster speeds , lower latency Does not rely on sim card Stand alone version of 5 G is more secure Old vulnerability related to 4G as it has to work

Question 63

CDN

Answer 63

Geographically distributor network

Question 64

Mesh topology

Answer 64

Redundancy

Question 65

Ring

Answer 65

Centralised Token ring Collision avoidance system

Question 66

Bus

Answer 66

Ethernet Collision detection system

Question 67

Analog Vs digital

Answer 67

Wave shape Bits electrical signal

Question 68

Synchronous Vs Asynchronous

Answer 68

Timing or clocking mechanism embedded in data stream Stop and start, best suited for smaller amount of data example: PSTN

Question 69

Baseband vs broadband

Answer 69

Single transmission- digital signal (ethernet ) vs Multiple simultaneous signals - analog signal( TV)

Question 70

Virtual circuits

Answer 70

Logical pathway or circuit created over a packet switched network between two specific end points

Question 71

Permanent virtual circuits

Answer 71

Dedicated lease line - like walkie talkie SVC to be created each time when needed - like frequency searching radio

Question 72

Broadcast multicast and unicast

Answer 72

Communication to all possible recipients Multiple specific recipients Single communication to single recipient

Question 73

PEAP

Answer 73

EAP+TLS

Question 74

LEAP

Answer 74

Cisco properiatary for wireless and ppp

Question 75

Honeypot

Answer 75

Only Enticement not entrapment Distract from real assets and isolate until you crack them down

Question 76

Teardrop attack

Answer 76

Ddos - Fragmented packet

Question 77

Fraggle attack

Answer 77

Spoofed udp traffic

Question 78

Smurf attack

Answer 78

Spoofed ICMP traffic

Question 79

Land attack

Answer 79

Layer 4 DoS header will same

Question 80

Ping of death

Answer 80

Oversized ping packet

Question 81

Twisted pair and types

Answer 81

Twisted pair cable refers to the fact that it is a pair of wires twisted together in a specific way that creates a **magnetic field, which allows the signal traveling across the wire to remain within the magnetic field**. Additionally, twisted pair cable can be shielded (STP) or unshielded (UTP), with shielded twisted pair offering additional protection from cross talk and interference.

Question 82

Coaxial cable and multiplexing

Answer 82

This is the cable often used by cable companies to bring television, telephone, and high-speed internet access to homes. Coaxial cable consists of a single strand of copper wire sheathed in a protective coating, and a technology called multiplexing allows the wire to provide all the services mentioned. Multiplexing allows the information carried along the wire to be split into different frequencies, waves, and time slices at the same time, and it does so at incredible speeds.

Question 83

Data link core concepts

Answer 83

CORE CONCEPTS Data at the Data Link layer exists as frames. Physical addressing via MAC addresses uniquely identifies devices on a network. Two types of networks: circuit-switched and packet-switched Common location to implement link encryption Layer 2 devices: bridges and switches Layer 2 protocols: L2TP, PPTP, ARP

Question 84

Authentication protocols

Answer 84

PPP ~ PAP Chap EAP PEAP ~ EAP+TLS encapsulated

Question 85

What is convergence

Answer 85

Convergence refers to the ability of native IP networks to carry non-IP traffic via what are known as converged

Question 86

4 security services to secure wireless

Answer 86

To secure wireless communication, four (4) security services are required: access control, authentication, encryption, and integrity protection

Question 87

Fibre channel

Answer 87

Network data storage solutions i.e. SAN or NAS which allows high speed file transfers

Question 88

ISCSI

Answer 88

Network storage based on IP

Question 89

Difference between switch and gun

Answer 89

Switch is mainly L2 and needs port to transmit Signal whereas hub is all ports at layer 1

Question 90

WAN technologies

Answer 90

Circuit switching- Leased lines, PPP, SLIP, ISDN, DSL Packet switching - virtual circuits X.25 frame relay, ATM, SDLC, HDLC