Domain 4: Communication and Network Security Flashcards
What important factor differentiates frame relay from X.25?
a) Frame relay supports multiple PVCs over a single WAN carrier connection.
b) Frame relay os a cell-switching technology
c) Frame relay does not provide a committed information rate (CIR)
D) Frame Relay only requires a DTE on the provider side
A) Frame Relay supports multiple private virtual circuits (PVCs), unlike X.25. It is a packet-switching technology that provides a Committed Information Rate, which is a minimum bandwidth guarantee provided by the service provider to customers. Finally, Frame relay requires a DTE/DCE at each connection point, with the DTE providing access to to the frame relay network, and a provider-supplied DCE, which transmits data over the network.
Gary is deploying a wireless network and wants to deploy the fastest possible wireless technology. Due to technical constraints, he is limited to using a 2.4 GHz option. Which one of the following wireless networking standards should he use?
A) 802.11a
B) 802.11g
C) 802.11n
D) 802.11ac
C) He should choose 802.11n, which supports 200+ mbps in the2.4ghz or the 5 GHz frequency range. 802.11a and 802.11ac are both 5 ghz only, while 802.11g is only capable of 54mbps
Match the numbered TCP ports listed with the associated lettered protocol provided:
A) 23
B) 25
C) 143
D) 515
1) SMTP
2) LPD
3) IMAP
4) Telnet
23- Telnet
25- SMPT
143- IMAP
515- LPD
These common ports are important to know, although some of the protocols are becoming less common. SMPT is the Simple Mail Transfer Protocol, IMAP is the Internet Message Access Protocol, and LPD is the Line Printer Daemon protocol used to send print jobs to printers.
Scott is configuring an IDS to monitor for unencrypted FTP traffic. What ports should Scott use in his configuration?
A) TCP 20 and 21
B) TCP 21 only
C) UDP port 69
D) TCP port 21 and UDP port 21
The file transfer protocol (FTP) operates on TCP ports 20 an 21. UDP port 69 is used to for the trivial file transfer protocol, or TFTP, while UDP port 21 is not used for any common file transfer protocol.
Scott is selecting an authentication protocol for a PPP connection. He would like to slect an option that encrypts both usernames and passwords and protect against replay using a challenge / response dialog. He would also like to re authenticate remote systems periodically.Which protocol should he use?
A) PAP
B) CHAP
C) EAP
D) LEAP
B) The Challenge-Handshake Authentication protocol, or CHAP is used by PPP servers to authenticate remote clients. It encrypts both the username and password and performs periodic reauthentication while connected using techniques to prevent replay attacks. LEAP provides re authentication but was designed to for WEP, while PAP sends passwords unecrypted. EAP is extensible and was used for PPP connections, but it doesn’t directly address the listed items.
Which one of the following protocols is commonly used to provide backend authentication services for VPN?
A) HTTPS
B) RADIUS
C) ESP
D) AH
B) Remote Access Dial in User Service(RADIUS) protocol was designed to support dial-up modem connections but is still commonly used for VPN-based authentication. HTTPS is not an authentication protocol. ESP and AH are IPsec prtocols but do not provide authentication services for other systems.
Which email security solution provides two major usage modes: (1) signed messages that provide integrity, sender authentication, and nonrepudiation; and (2) an enveloped message mdoe that provides integrity, sender authentication, and confidentiality?
A) S/ MIME
B) MOSS
C) PEM
D) DKIM
A) S/ MIME supports both signed messages and a secure envelope method. While the functionality of S/MIME can be replicated with other tools, the secure envelop is an S / MIME specific concept. MOSS or MIME Object Security Services, and PEM can also both provide authentication, confidentiality, integrity, and non repudiation, while DKIM or Domain Key Identified Mail, is a domain validation tool.
During a security assessment, Scott discovers that the organization he is working with uses a multilayer protocol to handle SCADA systems and recently connected the SCADA network to the rest of the organization’s production network. What concern should he raise about seria data transfers carried via TCP / IP
A) SCADA devices that are now connected to the network can now be attacked over the network
B) Seria data over TCP/IP cannot be encrypted
C) Serial data cannot be carried in TCP packets
D) TCP/IP throughput can allow for easy denail of service attacks against serial devices
A) Multilayer protocols like DNP3 allow SCADA and other systems to use TCP/IP-based networks to communicate. Many SCADA devices were never designed to be exposed to a network, and adding them to a potentially insecure network can create significant risks. TLS or other encryption can be used on TCP packets, meaning that even serial data can be via TCP packets because TCP packets don’t care about their content; it is simply another payload. Finally, TCP / IP does not have a specific throughput as designed, so issues with throughput are device-level issues.
What type of key does WEP use to encrypt wireless communications?
A) An asymmetric key
B) Unique key sets for each host
C) A predefined shared static key
D) Unique asymmetric keys for each host
C) WEP has a very weak security model that relies on a single, predefined, shared static key. This means that modern attacks can break WEP encryption in less than a minute.
What speed and frequency range is used by 802.11n?
A) 54 mbps, 5GHz
B) 200+ Mb[s, 5 GHz
C) 200+ Mbps. 2.4 and 5 GHz
D) 1GBps, 5GHz
C) 802.11n can operate at speeds over 200mbps, and it can operate on both the 2.4 and 5GHz frequency range. 802.11g operates at 54 Mbps using the 2.4 GHz frequency range, and 802.11ac is capable of 1 Gbps using the 5 GHz range. 802.11a and b are both utdated and are unlikely to be encountered in modern network installations.
Which of the following is a converged protocol that allows storage mounts over TCP, and which is frequently used as a lower cost alternative to Fibre channel?
A) MPLS
B) SDN
C) VOIP
D) ISCSI
D) iSCSI is a converged protocol that allows location-independent file services over traditional network technologies. It costs less than traditional network technologies. IT costs less than traditional Fibre Channel. VoIP is Voice over IP, SDN is software-defined networking, and MPLS is a multiprotocol Label Switching, a technology that uses path labels instead of network addresses.
Sue modifies her MAC address to one that is allowed on a network that uses MAC filtering to provide security. What is the technique Sue used, and what nonsecurity issue could her action cause?
A) brodcast domain exploit, address conflict
B) Spoofing, token loss
C) Spoofing, address conflict
D) Sham EUI creation, token loss
C) The proces of using a fake MAC (Media Access Control) address is called spoofing, and spoofing is a MAC address already in use on the network can lead to an address collision, preventing traffic from reaching one or both systems.
Jim’s audit of a large organization’s traditional PBX showed that Diret Inward System Access (DISA) was being abused by 3rd parties. What issue is most likely to lead to this problem?
A) The PBX was not fully patched.
B) The dial-in modem lines use unpublished numbers
C) DISA is set up to only allow local calls.
D) One or more users’ access codes have been compromised
D) Direct Inward System Access uses access codes assigned to users to add a control layer for external access and control of the PBX. If the codes are compromised, attackers can make calls through the PBX or even control it. Not updating a PBX can lead to a range of issues, but this question is looking for a DISA issue. Allowing only local calls and using unpublished numbers are both security controls and might help keep the PBX more secure.
Lauren uses the ping utility to check whether a remote system is up as part of a penetration testing exercise. If she does not want to see her own ping packets, what protocol should she filter out from her packet sniffer’s log
A) UDP
B) TCP
C) IP
D) ICMP
D) Ping uses ICMP, the Internet Control Message Protocol, to determine whether a system responds and how many hops there are between the originating system and the remote system. Lauren simply needs to filter out ICMP to not see her pings.
Scott is building the network for a remote site that only has ISDN as an option for connectivity. What type of ISDN should he look for to get maximum speed possible
A) BRI
B) BPRI
C) PRI
D) D channel
C) PRI, or primary rate interface, can use between 2 and 23 64 kbps channels, with a maximum potential bandwidth of 1.544 mbps. Actual speeds will be lower due to the D channel, which can’t be used for actual data transmission, but PRI beats BRI’s two B channels paired witha D channel for 144 Kbps of bandwidth
SPIT attacks target what technology?
A) Virtualization platforms
B) Web services
C) VoIP systems
D) Secure Process Internal Transfers
C) SPIT stands for SPAM over Internet Telephony and targets VOIP systems.
There are 4 common VPN protocols.Which group listed contains all of the common VPN protocols?
A) PPTP, LTP, L2TP, IPSEC
B) PPP, L2TP, IPSEC, VNC
C) PPTP, L2F, L2TP, IPSec
D) PPTP, L2TP, IPSEC, SPAP
C) PPTP, L2F, L2TP, and IPsec are the most common VPN protocols. TLS is also used for an increasingly large percentage of VPN connections and may appear at some point in the CISSP exam. PPP is a dial-up protocol, LTP is not a protocol, and SPAP is the Shiva Password Authentication protocol sometimes used with PPTP.
What network technology is best described as a token-passing network that uses a pair of of rings with traffic flowing in opposite directions?
A) A ring topology
B) Token Ring
C) FDDI
D) Sonnet
C) FDDI, or fiber distributed data interface, is a token-passing network that uses a pair of rings with traffic flowing in opposite directions. It can bypass broken segments by dropping the broken point and using the second, unbroken ring to continue to function Token ring also uses tokens, but it does not use a dual loop. SONET is a protocol for sending multiple optical streams over fiber, and a ring topology is a design, not a technology
The windows ipconfig command displayes the following information:
BC-5F-F4-7B-4B-7D
What term describes this, and what information can be usually gathered from it?
A) The I{ address, the network location of the system
B) The MAC address, the network interface card’s manufacturer
C) The MAC address, the media type in use
D) The IPv6 client ID, the network interface card’s manufacturer
B) MAC addresses are the hardware address the machine uses for layer 2 communications. The MAC addresses include an organizationally unique identifier (OUI), which identifies the manufacturer. MAC addresses can be changed, so this is not a guarantee of accuracy, but under normal circumstances you can tell what manufacturer made the device by using the MAC address.
Scott has been asked to choose between implementing PEAP and LEAP for wireless authentication. What should he choose and why?
A) LEAP, because it fixes problems with TKKIP resulting in stronger security
B) PEAP, because it implements CCMP for security
C) LEAP, because it implements EAP-TLS for end-to-end session encryption
D) PEAP, because it can provide a TLS tunnel that encapsulates EAP methods, protecting the entire session
D) PEAP provides encryption for EAP methods and can provide authentication. It does not implement CCMP, which was included in the WPA2 stand. LEAP is dangerously insecure and should not be used due to attack tools that have been available since the early 2000s.
Scott is troubleshooting a network and discovers that the NAT router he is connected to has the 192.168.xx subnet as its internal network and that its external IP is 192.168.1.40. What problem is he encountering?
C) Double NATing isn’t possible with the same IP range; the same IP addresses cannot appear inside and outside a NAT router. RFC 1918 addresses are reserved, but only so they are not used and routable on the internet, and changing to PAT would not fix the issue.
What type of server is running at IP address 10.1.0.26 (destination port 25, 465)? A) Email B) Web C) FTP D) Database
A) SMTP uses ports 25 and 465. The presence of an inbound rule allowing SMTP traffic indicates that this is an email server.
Scott needs to design a firewall architecture that can support a DMZ, a database, and a private internal network in a secure manner that separates each function. What design should he use, and how many firewalls does he need?
A) A four-tier firewall design with two firewalls
B) A two-tier firewall design with three firewalls
C) A three-tier firewall design with at least one firewall
D) A single-tier firewall design with the firewalls
C) A three-tier design separates three distinct protected zones and can be accomplished with a single firewall that has multiple interfaces. Single and two-tier designs don’t support the number of protected networks needed in this scenario, which a four-tier design would provide a tier that isn’t needed.
Cable odems, ISDN, and DSL are all examples of what type of technology?
A) Baseband
B) Broadband
C) Digital
D) Broadcast
B) ISDN, cable modems, and DSL, and T1 T3 lines are all examples of broadband technology that can support multiple simultaneous signals. They are analog, not digital, and are not broadcast technologies.
