Tuesday, April 15, 2014

CISSP Exam Preparation (Question 146 ~ 175)

(146) The OSI Data Link layer is broken down into two sub-layers. Which of the following is the correct IEEE standards for these sub-layers?
A. 802.1 and 802.2
B. 802.3 and 802.4
C. 802.3 and 802.5
D. 802.2 and 802.3

Explanation:
The Data Link layer is divided into two functional sublayers,
Logical Link Control (LLC) and Media Access Control (MAC). LLC, defined in the IEEE
802.2 specification, will communicate with the protocol immediately above it, the
Network layer, in either connection or connectionless mode. The MAC will have the
appropriately loaded protocols to interface with the protocol requirements of the
Physical layer. The IEEE MAC specification for Ethernet is 802.3, Token Ring is
802.5, wireless is 802.11, etc. So when you see IEEE standards as in 802.11, 802.16,
802.3, and so on, this is referring to the protocol what is working at the MAC
sub-layer of the Data Link layer of a protocol stack.
(147) In the TCP/IP model, where does the PPP protocol reside?
A. Host-to-host
B. Internet
C. Network access
D. Application

Explanation:
The Network Access layer in the TCP/IP architecture model would be
equivalent to a combination of the Data Link and the Physical layers in the OSI
model, which is where PPP works.
(148) What is the purpose of the Logical Link Control layer in the OSI model?
A. Provides a standard interface for the Network layer protocol
B. Provides the framing functionality of the Data Link layer
C. Provides addressing of the packet during encapsulation
D. Provides the functionality of converting bits into electrical signals

Explanation:
The Data Link layer has two sublayers, the Logical Link Control (LLC)
and Media Access Control (MAC) layers. The LLC provides a standard interface for
what ever network protocol is being used. This provides an abstraction layer so that
the network protocol does not need to be programmed to communicate with all of the
possible MAC level protocols (Ethernet, Token Ring, WLAN, FDDI, and so on.)
(149) What is the port range for well-known ports?
A. 0-1024
B. 1-65,565
C. 1-1023
D. 0-1023

Explanation:
Port numbers up to 1023 (0-1023) are called well-known ports, and
almost every computer in the world has the exact same protocol mapped to the exact
same port number. That is why they are called well-knowneveryone follows this same
standardized approach.
(150) What is the proper range for a Class D IP network?
A. 0.0.0.0 to 127.255.255.255
B. 128.0.0.0 to 191.255.255.255
C. 192.0.0.0 to 223.255.255.255
D. 224.0.0.0 to 239.255.255.255
E. 240.0.0.0 to 255.255.255.255

Explanation:
Class A: 0.0.0.0 to 127.255.255.255
Class B: 128.0.0.0 to 191.255.255.255
Class C: 192.0.0.0 to 223.255.255.255
Class D: 224.0.0.0 to 239.255.255.255
Class E: 240.0.0.0 to 255.255.255.255
(151) What is the purpose of Classless Inter-Domain Routing (CIDR)?
A. To allow for the traditional classes to be used more efficiently
B. To extend the IP address space to 128 bits in size
C. To provide more security for network traffic
D. To allow for more efficient routing

Explanation:
Classless Inter-Domain Routing (CIDR) was created because it was clear
that available IP addresses were running out as more individuals and corporations
participated on the Internet. A class B address range is usually too large for most
companies, and a class C address range is too small. So CIDR provides the
flexibility to increase or decrease the class sizes as necessary.
(152) What is the purpose of a packet time-to-live?
A. Protect against source routing
B. Ensure that a packet does not continue to be routed forever
C. Ensure that a packet contains the correct transport header information
D. Protect against Loki attacks

Explanation:
To ensure that packets do not continually transverse a network
forever, IP provides a time-to-live (TTL) value that is decremented every time the
packet passes through a router.
(153) Which of the following is not a characteristic of Lightweight Extensible Authentication Protocol?
A. Proprietary wireless LAN authentication method developed by Cisco Systems
B. Provides dynamic keys and mutual authentication
C. Allows for clients to re-authenticate frequently
D. Replaces WEP

Explanation:
The Lightweight Extensible Authentication Protocol (LEAP) is a
proprietary wireless LAN authentication method developed by Cisco Systems. Important
features of LEAP are the use of dynamic WEP keys and mutual authentication (between
a wireless client and a RADIUS server). LEAP allows for clients to reauthenticate
frequently; upon each successful authentication, the clients acquire a new WEP key.
LEAP may be configured to use TKIP instead of dynamic WEP.
(154) Which of the following is not true of IPng?
A. Uses a 128-bit addressing space
B. IPSec is incorporated into the protocol.
C. Requires NAT
D. Contains autoconfiguration functionality

Explanation:
IP version 6, also called IP Next Generation (IPng), has an address
space of 128 bits, has autoconfiguration (which makes administration easier), has
IPSec integrated, but does not require NAT. NAT was developed since IPv4 addresses
were running out. The IP address size could make NAT obsolete for the purpose of
saving public addresses.
(155) Why is it easier for a repeater to "clean up" a digital signal than an analog signal?
A. An analog signal can have an infinite number of states.
B. An analog signal discretely represents binary values.
C. The encoding process is legacy.
D. Digital signals are more fragile than analog signals.

Explanation:
It is more difficult to extract analog signals from background noise
because the amplitudes and frequency waves slowly lose form. This is because an
analog signal could have an infinite number of values or states, where a digital
signal exists in discrete states. A digital signal is a square wave, which does not
have all of the possible values of the different amplitudes and frequencies of an
analog signal.
(156) What is a beaconing functionality in a token-passing technology?
A. Ensures that a fault domain never occurs
B. Ensures that only one frame is on the network at a time
C. Allows the computers to communicate with each other through the token
D. Excludes a misbehaving computer from the ring

Explanation:
If a computer detects a problem with the network, it sends a beacon
frame. This frame generates a failure domain, which is between the computer that
issued the beacon and its neighbor downstream. The computers and devices within this
failure domain will attempt to reconfigure certain settings to try and work around
the detected fault.
(157) How are FDDI and FDDI-2 different?
A. FDDI-2 provides higher bandwidth.
B. FDDI-2 allows for fixed bandwidth to be assigned.
C. FDDI-2 works over fiber.
D. FDDI-2 is an actual standard, where FDDI is a de facto standard.

Explanation:
FDDI-2 provides fixed bandwidth that can be allocated for specific
applications. This makes it work more like a broadband connection, which allows for
voice, video, and data to travel over the same lines.
(158) What is the importance of using plenum-rated cabling in buildings?
A. They are noncombustible
B. They help ensure human safety
C. They increase speed and bandwidth
D. They are made out of polyvinyl chloride

Explanation:
Network cabling that is placed in these types of areas, called plenum
space, must meet a specific fire rating to ensure that it will not produce and
release harmful chemicals in case of a fire. A buildings ventilation usually takes
place through this plenum space and if toxic chemicals were to get into that area,
they could be easily spread throughout the building in minutes. Nonplenum cables
usually have a polyvinyl chloride (PVC) jacket covering, whereas plenum-rated cables
have jacket covers made of fluoropolymers.
(159) Claude has been told that he needs to integrate IGMP into the corporation routers. What type of functionality is the company wanting to allow?
A. Exterior routing
B. Interior routing
C. Instant messaging
D. Multicasting

Explanation:
Internet Group Management Protocol (IGMP) is a protocol that is used
to report multicast group memberships to routers. When a user chooses to accept
multicast traffic, this means that she becomes a member of a particular multicast
group. IGMP is the mechanism that allows her computer to inform the local routers
that she is part of this group and to send traffic with a specific multicast address
to her system.
(160) Which of the following is a characteristic of a token-passing technology?
A. Chatty
B. Deterministic
C. Collision-oriented
D. Bursty

Explanation:
Some applications and network protocol algorithms work better if they
can communicate at determined intervals, instead of whenever the data arrives. In
token-passing technologies, traffic arrives in this type of deterministic nature
because not all systems can communicate at one time, but only when a system has
control of the token. Chatty, collision-oriented and bursty all describe Ethernet
environments.
(161) Kevin has seen an increase in ICMP traffic going toward the companys Web server. It has not been a lot of ICMP traffic, so he is not  sure if he should be concerned or not. What kind of attack that could be going on?
A. Fraggle
B. DoS
C. Birthday
D. Loki

Explanation:
Loki is actually a client/server program that is used by hackers to
set up back doors on systems. A computer is attacked and the server portion of the
Loki software is installed. This server portion "listens" on a port, which
is the back door that an attacker can use to access the system. To gain access and
open a remote shell to this computer, an attacker sends commands inside ICMP
packets. This is usually successful because most routers are configured to allow
ICMP traffic to come and go out of the network. This is because ICMP has been seen
as a basically benign protocol, since it was developed to not hold any data or a
payload. The other attacks do not use the ICMP protocol.
(162) Which of the following is not a characteristic of a multilayered switch?
A. QoS
B. High speed routing
C. Can use MPLS
D. Works only at the Data Link layer

Explanation:
Today’s Layer 3, Layer 4, and other layer switches have more
enhanced functionality than Layer 2 switches. These higher level switches offer
routing functionality, packet inspection, traffic prioritization, and quality of
service (QoS) functionality. These switches are referred to as multilayered switches
because they combine Data Link layer, Network layer, and other layer
functionalities.
(163) What is the purpose of a tag information base pertaining to switching?
A. SNMP agents keep device status information in this database.
B. MPLS-enabled devices use it to keep track of the different networks.
C. This is necessary for VLAN configuration to take place.
D. It allows switches to build network topologies to protect against DoS attacks.

Explanation:
When a packet reaches the switch, the switch will compare the
destination address with its tag information base, which is a list of all of the
subnets and their corresponding tag numbers. The switch appends the tag to the
packet and sends it to the next switch. All of the switches in between this first
switch and the destination host will just review this tag information to indicate
which route it needs to take instead of analyzing the full header.
(164) Sam has decided to move from a static routing protocol to a dynamic routing protocol within his LAN. Which of the following is the main advantage of using a dynamic protocol?
A. Route tables can now be built manually so that Sam can have more control over where traffic is routed throughout his network.
B. Route tables will not be modified just because a route goes down or is congested.
C. Route tables will be dynamically built and modified.
D. Routes will now be encrypted without the need of manual configuration by Sam.

Explanation:
A dynamic routing protocol means that it can discover routes and build
a routing table. Routers use these tables to make decisions on the best route for
the packets they receive. A dynamic protocol can change the entries in the route
table based on changes that take place to the different routes.
(165) John was explaining to Dusty that there has been extensive route flapping, which has caused extreme delay in their WAN and LAN connections. What is John referring to?
A. Availability of routes has continually changed
B. Routers were under attack from hackers sending UDP packets with incorrect route table updates
C. Wormhole attacks were being carried out
D. Several routers were going off-line for an unknown reason

Explanation:
Route flapping is a term that refers to the constant changes in the
availability of routes. If a router does not receive an update that a link has gone
down, the router will continue to forward packets to that route, which referred to
as a black hole.
(166) Which of the following best describes the difference between a link-state and a distance-vector routing protocol?
A. A link-state protocol uses more metrics than a distance-vector protocol when making a route decision.
B. A link-state protocol makes routing decisions based on the number of hops between the source and destination and a distance-vector protocol makes the decision based on distance.
C. A distance-vector protocol looks at the congestion of a link and a link-state protocol does not.
D. A distance-vector protocol builds a more accurate routing table than a link-state protocol
Explanation:
Distance-vector routing protocols make their routing decisions on the
distance (or number of hops) and a vector (a direction). The protocol takes these
variables and uses them with an algorithm to determine the best route for a packet.
Link-state routing protocols build a more accurate routing table because they build
a topology database of the network. These protocols look at more variables than just
number of hops between two destinations. They use packet size, link speed, delay,
loading, and reliability as the variables in their algorithms to determine the best
routes for packets to take.
(167) Which of the following has a proper mapping between the protocol and the description?
A. OSPF is a distance-vector protocol.
B. RIP is a link-state protocol.
C. IGRP is an exterior routing protocol.
D. BGP is an exterior routing protocol.

Explanation:
The Border Gateway Protocol (BGP) enables routers on different ASs to
share routing information to ensure effective and efficient routing between the
different networks. It is commonly used by Internet service providers to route data
from one location to the next on the Internet.
(168) Which of the following best describes how BGP is considered to be a combination of link-state and distance-vector routing protocols?
A. It builds a network topology like a distance-vector protocol and updates periodically as a link-state protocol.
B. It sends updates like a link-state protocol and builds a static table like a distance-vector protocol.
C. It builds a network topology like a link-state protocol and updates periodically like a distance-vector protocol.
D. It makes route decisions based on hops like a link-state protocol and updates periodically like a distance-vector protocol.
Explanation:
BGP uses a combination of link-state and distance-vector routing
algorithms. It creates a network topology by using its link-state functionality and
transmits updates on a periodic basis instead of continuously, which is how
distance-vector protocols work.
(169) What is a routing policy and what is it used for?
A. It states the type of traffic that is allowed access to network resources.
B. Administrators can apply filters and assign weights to route metrics.
C. It is derived from the organizational policy and states who can maintain routing devices.
D. It stipulates the type of controls that must be put into place to protect different types of traffic.

Explanation:
Network administrators can apply filters and weights to the different
variables that are used by link-state routing protocols when determining the best
routes. These configurations are collectively called the routing policy.
(170) Which of the following controls would stop attacks that are carried out by manipulating router route tables?
A. Authentication
B. ACLs
C. Filters
D. MICs

Explanation:
Hackers send ICMP messages to routers that contain status information.
This status information may indicate that a route is down or congested. Routers
accept these messages without requiring the sender to authenticate. If the router
required authentication, these types of attacks would not be successful.
(171) Paul is a network administrator of the ACME wired and wireless LANs. One of his engineers says that they have experienced wormhole attacks over the last month. What does this mean?
A. Attackers are sending ICMP packets to modify their routers.
B. Two attackers have been working together at different places of the network.
C. Someone has been sending unsolicited messages to Bluetooth-enabled devices.
D. Instant messaging has been used to allow the wormhole worm into the environment.

Explanation:
An attacker can capture a packet at one location and tunnel it to
another location on the network. In this type of attack, there are two attackers at
each end of this tunnel (which is referred to as a wormhole). Attacker A could
capture an authentication token that is being sent to an authorized user, and then
send this token to the other attacker, who then uses it to gain unauthorized access
to a resource.
(172) What is the countermeasure for wormhole attacks?
A. Authentication
B. Longer initialization vectors
C. TKIP
D. Leashes

Explanation:
The countermeasure for this type of attack requires the use of
leashes, which are just data that is put into a header of the individual packets.
The leash restricts the packets maximum allowed transmission distance. The leash
can be geographical, which ensures that a packet stays within a certain distance of
the sender, or temporal, which limits the lifetime of the packet.
(173) Toby has been asked by his boss to set up a three-tiered configuration within the companys network. Which of the following best describes this type of architecture?
A. Screened host
B. Screened subnet
C. Two screened subnets
D. Multi-homed architecture

Explanation:
Sometimes a screened-host architecture is referred to as a
single-tiered configuration. A screened subnet is referred to as a two-tiered
configuration. If there are three firewalls that create two separate DMZs, this can
be called a three-tiered configuration.
(174) Sam and a forensics team investigated and caught a hacker that had been attacking systems within their network. Sam uncovered a complete topology of their network, along with IP addresses, services running, and accounts for each and every device on the network. What did the hacker most likely carry out to obtain this information?
A. Zone transfer
B. Port scans
C. Loki attacks
D. Smurf attacks

Explanation:
The primary and secondary DNS servers synchronize their information
through a zone transfer. Changes take place to the primary DNS and then those
changes need to be replicated to the secondary DNS server. It is important to
configure the DNS server to only allow zone transfers to take place between the
specific servers. For years now attackers have been carrying out zone transfers to
gather very useful network information from victims DNS servers. Unauthorized zone
transfers can take place if the DNS server are not properly configured to restrict
this type of activity.
(175) Julie has been told that her company has been the victim of a DNS poisoning attack. What were the symptoms that were mostly identified to indicate this type of attack?
A. Routers were misrouting packets.
B. Traffic was bypassing firewalls.
C. Users were able to bypass the company's proxy server.
D. Web redirection was occurring.


Explanation:
A DNS poisoning attack means that an attacker provides a DNS server
with an incorrect hostname to IP mapping information. This attack is usually carried
out to point users to an incorrect Web site.
- Muhammad Idham Azhari

No comments: