Monday, April 14, 2014

CISSP Exam Preparation (Question 101 ~ 145)

(101) A telephone switch located on a company’s property with a direct connection to the phone company’s central office is called a:
A. Hub
C. Router

A private branch exchange (PBX) is a device used within companies to
provide multiple services to users throughout a building or facility. There are
several security concerns pertaining to PBX; default configurations and passwords
should be changed, maintenance modems should only be enabled when used, phone bills
should be continually reviewed, and unused codes should be disabled.
(102) A one-to-many transmission is called:
A. Multicast
B. Broadcast
C. Unicast
D. Simplex

A multicast goes from one source to several destinations. The
destinations that receive the data have chosen to participate and accept data from
this source. A unicast is a one-to-one transmission, and a broadcast is a one-to-all
(103) Which OSI layer do routers work at?
A. Data Link
B. Session
C. Transport
D. Network

A router is a Layer 3 device that looks at data held within the
network header to make decisions on how to get the packet to its destination.
Bridges work at the Data Link layer and repeaters work at the Physical layer.
Software gateways work at the Application layer.
(104) Backbones that connect businesses to WANs, the Internet, and other businesses, usually via SONET networks, are called:

Metropolitan area networks (MAN) typically use SONET or FDDI rings to
connect businesses to the wide area network (WAN), other MANs, the Internet, and the
telecommunication networks. They are referred to as backbones because of the high
speed at which data can travel over them compared to LAN type transmissions.
(105) Which of the following devices typically works at the Application layer and acts as a protocol translator for different environments?
A. Switch
B. Gateway
C. Bridge
D. Hub

Software gateways are more complex devices than the other mentioned
devices because they look within the frame to gain more than just address and
routing information. Translation may need to be performed when entities on two
unlike environments need to communicate, as in a Novell and Microsoft network using
proprietary protocols. (Although gateways can work at different OSI layers, the
CISSP exam usually puts them at the Application layer.)
(106) Which is a Physical layer standard for transmitting data over fiber optics lines?
C. Frame relay
D. X.25

Synchronous Optical Network (SONET) is a standard for fiber optic
cabling and uses self-healing network rings. SONET describes the interfaces that can
be used over fiber lines and the signaling that must be employed. SONET works at the
Physical layer of the OSI model.
(107) Which of the following can provide up to 45 Mbps of bandwidth?
B. T3
C. T1

A T3 can provide 45 Mbps of bandwidth and is the same as 28 T1 lines.
T1 lines provide up to 1.544 Mbps, and a fractional T1 is a fraction of that
bandwidth. BRI is an ISDN service that provides up to 144 Kbps.
(108) A high-speed technology that is always on and can provide data rates up to 52 Mbps is called:
C. Dial-up

Digital subscriber line (DSL) uses copper wires from the central
office to the end user and is always connected, meaning the user does not need to
re-establish a connection. This is true of the technology, but the service provider
providing this service might only allow a connection for a certain time period.
Always-on technologies are targeted by attackers because the system is always
connected and available.
(109) Which is not true of dedicated lines?
A. More secure than using public networks
B. Connect two locations
C. Inflexible and expensive
D. Use packet-switching technology

One of the biggest advantages of dedicated lines is that the
connection is private, meaning that it is not a shared medium. This characteristic
provides more security. Dedicated lines are usually much more expensive than
public-switched technologies as in frame relay, X.25, and SMDS.
(110) Paying for a guaranteed amount of frame relay bandwidth is called:
C. QoS

Committed information rate (CIR) is a premium service offered by
service providers in frame relay networks that guarantees a company a specified
amount of bandwidth. Frame relay is bursty in nature, meaning that a company may
have access to a larger amount of bandwidth until the network gets busy. If a
company needs to ensure it will have a certain amount of bandwidth always available,
it will have to pay this extra rate.
(111) Which of the following is a real threat in wireless communication?
A.Encryption is not available in wireless technologies.
B. Users cannot be authenticated as they move from one AP to another.
C. No data integrity can be performed as users move from one AP to another.
D. Eavesdropping can uncover traffic analysis and AP and station location can be uncovered.

Wireless traffic can be easily eavesdropped upon. Traffic analysis is
watching the behavior of traffic in the hope of uncovering information not intended
for the eavesdropper. Access point (AP) and station location can be uncovered by
sniffing traffic. Integrity and authentication should not be affected if a user
moves from one AP to another and encryption is available in wireless technologies,
referred to as Wired Equivalent Privacy (WEP).
(112) What cannot be accomplished by a man-in-the-middle attack?
A. Digital signature
B. Masquerading
C. Session hijacking
D. Spoofing

A man-in-the-middle attack is when an attacker inserts herself into an
ongoing communication between two systems. The user spoofs her identity to fool the
other entities, which is an example of masquerading. The attacker can then hijack
the session, meaning take over the session. This can be done by kicking one of the
users off by performing a denial of service. Digital signatures can prevent
man-in-the-middle attacks because authentication takes place.
(113) How does PPTP provide protection?
A. Through encryption
B. Through encapsulation
C. Through encryption and encapsulation
D. Through CHAP and AEP

Point-to-Point Tunneling Protocol (PPTP) is a Microsoft virtual
private network (VPN) protocol. It provides encapsulation, which means it
re-packages the original frame and encrypts it. This allows for secure communication
to take place via an untrusted network, such as the Internet. L2TP is a protocol
that provides just encapsulation, not encapsulation and encryption.
(114) How does a SOCKS-based firewall provide protection?
A. By providing one proxy per protocol
B. By acting as a proxy
C. By denying any access attempts from internal entities
D. By inspecting protocol commands

Products that are based on the SOCKS firewall technology are
circuit-level firewalls. This means that they only look at packet header information
(address, port numbers) to make access decisions. They do not look into the packet’s
payload to review protocol commands or provide a proxy per service. Those are
characteristics of an application-level proxy product.
(115) Which of the following is the best definition of a socket?
A. A Session layer link
B. A MAC address and a port number
C. An IP address and a port number
D. An IP address and a MAC address

A socket is the combination of a node address and a port number. When
a connection is made between two systems, the packets need to contain the address
and port address of the sending and receiving system. This is so that the packet can
be properly routed to the receiving system and the receiving system knows who to
reply to.
(116) Which firewall makes access decisions based only on addresses and port numbers?
A. Circuit-based proxy
B. Application-based proxy
C. Stateful
D. Dual-homed

A circuit-level proxy firewall looks at header information to make
decisions on whether a packet is deemed acceptable for access. This is a different
approach than application-level firewalls, which look at the information within the
payload of the packet. A stateful firewall maintains a state table to keep track of
each communication dialog taking place between systems and makes access decisions
based on the information within this table.

(117) Which of the following is required for LAN and WAN centralized access control technologies?
A. Single point of failure
C. System with database of authentication information
D. Connection to ISP

A centralized access technology must have a database of user
information and authentication information so when users request access their
credentials can be properly checked. RADIUS and TACACS+ are example of centralized
access control technologies.
(118) Which of the following is a reason companies implement routers and packet filters?
A. To provide content filtering
B. To provide protection that is transparent to users
C. To provide circuit-level proxy protection
D. To provide application-level proxy protection

Routers can provide packet filtering through the use of access control
lists (ACLs). These ACLs are compared to incoming and outgoing traffic and only the
packets that are outlined as acceptable are allowed through. Packet filters cannot
provide content filtering because they do not look that deep into the packet, and
they do not provide application or circuit-level proxy protection. They are
transparent to users because when users request to access a resource on the other
side of the router, they do not have to log into that device or do anything special.
The protection takes place without them knowing about it.
(119) Which of the following best describes an ARP attack?
A. Proper IP to MAC address translation is not allowed, which causes masquerading.
B. Two IP address and two MAC addresses are used.
C. A RARP service is poisoned via DNS resource records.
D. An ARP table is completely deleted.

ARP (Address Resolution Protocol) finds MAC (Media Access Control)
addresses for IP addresses. It broadcasts a request and only the system with the IP
address within the broadcast domain responds. ARP takes the MAC address from this
response and places it in its ARP table. An attacker can manipulate this ARP table
so that traffic with the correct IP address goes to an incorrect MAC address. The
traffic goes to the attacker’s MAC address instead of the intended receiver.
(120) The use of secure cryptographic protocols such as ________________ ensures that all SIP packets are conveyed within an encrypted and secure tunnel.
A. Real-time Transport Protocol
B. Session Initiation Protocol
C. Transport Layer Security

The use of secure cryptographic protocols such as Transport Layer
Security (TLS) ensures that all SIP packets are conveyed within an encrypted and
secure tunnel. The use of TLS can provide a secure channel for VoIP client/server
communication and prevents the possibility of eavesdropping and packet manipulation.
(121) Why are network sniffers dangerous to an environment?
A. They can be used to launch active attacks.
B. Their presence can cause many false positives.
C. Their presence and activities are not auditable.
D. They can access sensitive data within applications.

Network sniffers are tools that read network traffic as it passes over
a network interface card (NIC). When attackers use these it is considered a passive
attack because the attacker is not actually doing anything or modifying packets.
Sniffers are not detectable or auditable, thus an administrator would not
necessarily know that one is installed and working within her network.
(122) What is the electronic phenomenon that allows data to escape in a bundle of network cables?
B. Crosstalk
C. Attenuation
D. Cover channels

When wires are twisted around each other or are in close proximity,
crosstalk can occur. Crosstalk means that signals from one wire spill over and
disrupt signals on another wire. UTP has different categories and ratings. Many of
the ratings pertain to how tightly the wires are twisted around each other. The
tighter the twisting, the less vulnerable the wires are to crosstalk.
(123) Which layer of the OSI reference model deals with providing reliable and transparent data transfer between end points of a session?
A. Network
B. Data Link
C. Transport
D. Session

Protocols operating at the Transport layer are responsible for
reliability. Session layer protocols are responsible for the session establishment,
maintenance and breakdown, but are not responsible for data transfer itself.
(124) Routers work at which of the following layers?
A. Network
B. Transport
C. Session
D. Data Link

Transport layer protocol information does not address information that
is valuable to the function of routing. Routers mainly work at Layer 3 (the Network
layer), but Layers 1 and 2 are stripped away in the process.
(125) Which of the following is a good definition of asynchronous communication?
A. Low data transfer rate using only one channel for transmission
B. High data transfer using many channels
C. High-speed transmission controlled by electronic timing signals
D. Sequential data transfer, using bits framed with start and stop bits

Asynchronous communication devices, like modems, must first agree
upon a communication rate. The communication is not synchronized in that the
devices involved can send data at will, sending a sequence of bits framed with start
and stop bits that are reassembled into data at the receiving end. Synchronous
communication devices, on the other hand, determine a synchronization scheme and
communicate data in a stream.
(126) Which of the following protocols is considered to be connectionless?

ICMP is a protocol within the TCP/IP protocol suite that provides IP
node information at the Network layer. While its job, particularly in the case of
its role in the PING utility, is often to determine a devices connection state, it
is considered a "connectionless" protocol in that it deals only with messaging and
status checking.
(127) Which of the following protocols does not map to the Transport layer of the OSI reference model?
A. Transmission Control Protocol
B. Sequenced Packet Exchange
C. User Datagram Protocol
D. Internet Packet Exchange

Internet Packet Exchange (IPX) is a protocol that exists at the
Network layer in the OSI reference model. A good way to remember this is to
mentally associate IPX with IP; IPX/SPX is the suite of protocols used originally in
Novell Netware networks.
(128) Which of the following is a LAN transmission technology that is susceptible to collisions, and provides a mechanism for retransmission?
A. Ethernet
B. Token Ring
D. AppleTalk

Ethernet transmissions use CSMA/CD (Carrier Sensing, Multiple
Access, Collision Detection) and retransmit data after a collision using a random
process to avoid further collisions.
(129) Which of the following could be considered an advantage of token passing over Carrier Sensing Multiple Access (CSMA) media access technologies?
A. Inexpensive to implement
B. Collision detection
C. Collision avoidance
D. Collision supported by the protocol

In a token-passing network collisions on the network media are
mainly nonexistent, as only the station that has the token is allowed to transmit
(130) What is the recommended cable that will allow for a 100 Mbps data rate?
A. 10Base2
B. 100Base2
C. Category 3
D. Category 5

Coaxial 10Base2 allows for 10 Mbps only, 100Base2 exists but is more
expensive to install that Category 5, and Category 3 UTP only allows for 10 Mbps
data rate. 100 Mbps data rates can be achieved over Category 5 UTP by implementing
a Fast Ethernet network.
(131) Which of the following does not cause signal attenuation?
A. Asynchronous signals
B. Cable malfunctions
C. Cable breaks
D. Length of the cable

Cable malfunctions, cable breaks, and the length of the cable have
direct correlation on the possibility of weakening a signal, which is attenuation.
(132) Which of the following use baseband transmission?
B. Ethernet
C. Cable modem

Ethernet is a baseband transmission method that requires a direct
current be applied to the wire, high voltages representing a 1 bit and low voltage
loads representing a 0 bit. This differs from broadband, the method that the other
possible choices use. Broadband method allows multiple channels on the same medium,
which in turn allows for multiple simultaneous data
(133) Which transmission type sends a packet to multiple specific computers?
A. Multicast
B. Broadcast
C. Unicast
D. Simulcast

Multicast allows for multiple users to receive a packet, while
broadcast means that all users on a given network will receive a packet. Unicast is
used if only one computer is the intended recipient, and simulcast refers to
simultaneously broadcasting a program on TV and on radio.
(134) What is the purpose of the ARP protocol in the TCP/IP protocol suite?
A. Resolves names to IP addresses
B. Resolves IP addresses to names
C. Resolves MAC addresses to names
D. Resolves IP addresses to MAC addresses

ARP makes the connection between the addressing protocol (IP) and the
physical address of the IP node, called the MAC address. ARP includes components
for resolving, caching, and announcing the MAC address of a given IP node.
(135) Which of the following devices does not pass broadcast information?
A. Repeater
B. Router
C. Switch
D. Bridge

Routers are devices with a bridging function, and thus will pass
broadcast information from non-routable protocols. Routers can block all broadcast
traffic from passing.
(136) On a firewall, what is a function of a state table?
A. To provide virus detection
B. To filter viruses
C. To track packets
D. To detect spyware

A state table is used in stateful packet filtering to track packets.
(137) Which one of the following is not a primary component or aspect of firewall systems?
A. Protocol filtering
B. Packet switching
C. Rule enforcement engine
D. Extended logging capability

Packet switching is a component of a routing device. All of the other
choices represent standard firewall features.
(138) Which of the following is not true about an application proxy firewall?
A. Better performance than non-proxy firewalls
B. Works on all seven layers
C. Inspects data within the packet
D. Exists only for a limited set of protocols

Firewalls that act in a proxy fashion must pass the packet up to the
proxy software on the firewall, thus degrading performance. This ability to work on
all layers of the packet, and even to be able to filter based on the data within a
packet is a key advantage of application proxy firewall.
(139) Which of the following is not true about ISDN?
A. Requires both B and D channels
B. Supports voice, video, and data transmission
C. Sends control information over the B channel
D. Uses the same wires as analog media

The B channels are for sending data, and the D channel is used to send
control information.
(140) Which of the following provides a framework to enable many types of authentication techniques to be used during PPP connections?

Extensible Authentication Protocol (EAP) is not a specific
authentication mechanism as are PAP and CHAP. Instead, it provides a framework to
enable many types of authentication techniques to be used during PPP connections. It
extends the authentication possibilities from the norm (PAP and CHAP) to other
methods such as one-time passwords, token cards, biometrics, Kerberos, and future
(141) Which of the following is a disadvantage of PPTP?
A. Only works over IP
B. Comes bundled with the operating system
C. Easy to configure a new link
D. It is free

This might be a negligible disadvantage in today, but it should be
recognized that the more recently developed tunneling protocol, L2TP, allows for
tunneling over IPX and SNA as well as TCP/IP.
(142) The application layer in the TCP/IP model equates to what layer in the OSI model?
A. Application
B. Session, Transport, Application
C. Application, Session, Presentation
D. Application, Session, Transport

The application layer in the TCP/IP architecture model would be
equivalent to a combination of the Application, Presentation, and Session layers in
the OSI model.
(143) Not every data transmission incorporates the Session layer. Which of the following best describes the functionality of the Session layer?
A. End-to-end data transmission
B. Application client/server communication mechanism in a distributed environment
C. Application to computer physical communication
D. Provides application with the proper syntax for transmission
The communication between two pieces of the same software product that
reside on different computers need to be controlled, which is why Session layer
protocols even exist. Session layer protocols take on the functionality of
middleware, which allow software on two different computers to communicate.
(144) In the TCP/IP model, where does the SPX protocol reside?
A. Host-to-host
B. Internet
C. Network access
D. Application

The host-to-host transport layer in the TCP/IP architecture model
would be equivalent to the Transport layer in the OSI model. This is where the SPX
protocol resides.
(145) In the TCP/IP model, where does the BGP protocol reside?
A. Host-to-host
B. Internet
C. Network access
D. Application

The Internet layer in the TCP/IP architecture model would be
equivalent to the Network layer in the OSI model, which is where all routing
protocols work.
Muhammad Idham Azhari

No comments: