Flashcards in CISSP: Telecommunications and Network Security Deck (23)
1. A data network that operates across a relatively large geographic area defines what type of network?
A LAN operates across a relatively small geographic area. MANs and CANs are LAN variations. Review “Wide area network (WAN).”
2. The process of wrapping protocol information from one layer in the data section of another layer describes
A. Data encryption
B. Data encapsulation
C. Data hiding
D. TCP wrappers
B. Data encapsulation
Data encapsulation wraps protocol information from one layer in the data section of another layer. The other choices are incorrect. Review “The OSI Reference Model.”
3. The LLC and MAC are sub-layers of what OSI model layer?
A. Data Link
A. Data Link
The Data Link Layer is the only layer of the OSI model that defines sub-layers (the Logical Link Control and Media Access Control sub-layers). Review “Data Link Layer (Layer 2).”
4. The Ethernet protocol is defined at what layer of the OSI model and in which IEEE standard?
A. Data Link Layer, 802.3
B. Network Layer, 802.3
C. Data Link Layer, 802.5
D. Network Layer, 802.5
A. Data Link Layer, 802.3
LAN protocols are defined at the Data Link Layer. IEEE 802.5 defines the Token-Ring standard. Review “Data Link Layer (Layer 2).”
5. All the following are examples of packet-switched WAN protocols, except
B. Frame Relay
ISDN is circuit-switched. Packet-switched network technologies include X.25, Frame Relay, SMDS, ATM, and VoIP. Review “WAN technologies and protocols.”
6. Which of the following is an example of a Class C IP address?
188.8.131.52 is a Class A address, 127.0.0.1 is an interface loopback address, and 184.108.40.206 is a multicast address (Class D). Review “Internet Protocol (IP).”
7. The TCP/IP Protocol Model consists of the following four layers:
A. Application, Presentation, Session, Transport
B. Application, Session, Network, Physical
C. Application, Session, Transport, Internet
D. Application, Transport, Internet, Link
D. Application, Transport, Internet, Link (or Network)
Review “The TCP/IP Model.”
8. Which of the following firewall architectures employs external and internal routers, as well as a bastion host?
A. Screening router
C. Screened-host gateway
D. Dual-homed gateway
The screened-subnet employs an external screening router, a dual-homed (or multi-homed) host, and a second internal screening router. Review “Firewall architectures.”
9. Which of the following is not a common VPN protocol standard?
TFTP is the Trivial File Transfer Protocol, a basic variation of the FTP protocol that provides limited file transfer capabilities. It has absolutely nothing to do with VPNs. Review “Virtual Private Networks (VPNs).”
10. A type of network attack in which TCP packets are sent from a spoofed source address with the SYN bit set describes
D. SYN flood
D. SYN flood
Smurf attacks exploit vulnerabilities in the ICMP protocol. Fraggle attacks exploit vulnerabilities in the UDP protocol. A Teardrop attack exploits vulnerabilities in the TCP protocol by using the length and fragmentation offset fields. See “Network Attacks and Countermeasures.”
Which of the following devices does NOT operate at Layer 2, the Data Link layer?
c. Wireless access point
A. The hub operates at Layer 1, the Physical layer of the OSI Model.
Which organization developed and publishes the OSI Model?
B. The International Organization for Standardization developed and publishes the OSI Model.
Which of the following protocols operates at Layer 4, and provides best-effort, connectionless delivery of segments?
D. User Datagram Protocol (UDP) operates at Layer 4, the Transport layer of the OSI Model. UDP is a best-effort, connectionless delivery service.
Data and header information being processed at Layer 3, the Network layer of the OSI Model, is called which of the following?
b. Data stream
A. Data and header information being processed at Layer 3, the Network layer of the OSI Model, is called a packet.
Which of the following places the layers of the OSI Model in the correct order when processing inbound data from the network media?
a. Application, Physical, Session, Transport, Network, Data Link, Physical
b. Physical, Transport, Network, Data Link, Presentation, Session, Application
c. Application, Session, Presentation, Transport, Network, Data Link, Physical
d. Physical, Data Link, Network, Transport, Session, Presentation, Application
D. The correct order of the layers of the OSI Model that process inbound data from the network media is: Physical, Data Link, Network, Transport, Session, Presentation, Application.
Which of the following media types provides the best protection against emanations detection?
b. Shielded twisted pair
c. Unshielded twisted pair
d. Fiber optic
D. The order of best emanations security to worst is: fiber optic, coax, shielded twisted pair, unshielded twisted pair, and wireless transmission.
Which of the following media access methods is contention oriented?
a. Token-passing bus
b. Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
c. Token-passing ring
B. Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is a nondeterministic, contention-oriented media access method by which nodes sharing the media contend for transmission time.
Which of the following is the filter used on firewalls to block packets leaving the private network using a public source IP address?
a. Ingress filter
b. Content filter
c. Egress filter
d. Stateful filter
C. The egress filter is used on firewalls to block packets exiting the private network by using a public-source IP address.
Which of the following best describes a bastion host?
a. A system that has been hardened against attack
b. A system that uses a default deny rule
c. A system that performs FQDN-to-IP-address resolution
d. A system that replaces private IP addresses with public IP addresses as the packet exits the private network
A. The bastion host system is hardened against attack by disabling or deleting unnecessary user accounts, services, and applications. It is updated regularly and typically includes antivirus, host-based IDS, and personal firewall protection.
Which protocol prepends a tag in front of the Layer 2 header of a frame to facilitate its transmission through the protocol-compliant cloud?
a. Multi-Protocol Label Switching (MPLS)
b. Network Address Translation (NAT)
c. Open Shortest Path First (OSPF)
d. Dynamic Host Configuration Protocol (DHCP)
A. Multiprotocol Label Switching (MPLS) prepends a tag on each frame as it enters the MPLS cloud to facilitate its transmission through the cloud.
Which of the following allows systems to use multiple and yet-to-be-developed mechanisms to verify the identities of users?
a. Zero-knowledge proof
b. Extensible Authentication Protocol (EAP)
c. Challenge Handshake Authentication Protocol (CHAP)
d. Synchronous Optical Network (SONET)
B. The Extensible Authentication Protocol (EAP) is an application programming interface on the authentication engine of an authentication service that enables systems to use multiple and yet-to-be-developed mechanisms to verify the identities of users.
A wireless access point that uses more than one transmitter, receiver, and antenna is described by which IEEE specification?
D. 802.11n describes standards in both the 2.4-GHz and 5-GHz ranges using multiple-input, multiple-output (MIMO) technologies.