Thursday, April 10, 2014

CISSP Exam Preparation (Question 51 ~ 100)

(51) Which of the following is not considered a passive attack?
A. Spoofing
B. Network sniffing
C. Wiretapping
D. Traffic analysis

A passive attack means that an attacker is not actually doing
something, but is monitoring a connection. Passive attacks can be carried out
through sniffing, traffic analysis, or wiretapping. An active attack means the
attacker is carrying out some type of activity. Active attacks can be DoS, brute
force, or dictionary attacks.
(52) What does the term "phreaking" pertain to?
A. Spamming mail servers in the hopes of bringing them down
B. Footprinting and port scanning networks
C. Fraudulent use of telephone services
D. Compromising tunneling protocols

A phreaker is a type of hacker that specializes in telephone fraud.
This can be carried out by reconfiguring a telecommunication device, social
engineering, or attacking a companys PBX system.
(53) What does a packet sniffer do?
A. It performs port scans and footprinting.
B. It identifies cabling faults.
C. It detects hanging modems not protected by the firewall.
D. It captures traffic for data analysis.

A sniffer is a tool that captures frames from a network for viewing
purposes. Most sniffers put the systems NIC into promiscuous mode so that all
traffic can be monitored.
(54) What can be used to compromise and defeat callback security?
A. Passive wiretapping
B. Call forwarding
C. Packet spoofing
D. Brute force attack

A remote access server can be configured to drop a remote users
connection and call him back at a predefined number. If call forwarding is enabled,
this security measure can be compromised.
(55) Which is not considered a firewall architecture used to protect networks?
A. Screened host
B. Screened subnet
C. NAT gateway
D. Dual-homed host

The other answers describe basic firewall architectures, meaning where
they can be placed within an environment. Network address translation (NAT) maps
public to private addresses and does not provide traffic monitoring capabilities.
Some firewalls provide NAT services, but the goals of the services are different.
(56) Packet-switching infrastructures are safer environments because ___________.
A. It is harder to sniff traffic since the computers have virtual private connections.
B. They are just as unsafe as non-switched environments.
C. The data link encryption does not permit wiretapping.
D. Switches are more intelligent than bridges and implement security mechanisms.

Switched environments use switches to allow different network segments
and/or systems to communicate. When this communication takes place, a virtual
connection is set up between the communicating devices. Since it is a dedicated
connection, broadcast and collision data are not available to other systems, as in
an environment that uses only bridges and routers.
(57) What functionality hangs up on a remote caller and looks at a table of predefined phone numbers?
A. Caller ID
C. Callback

The goal of a callback system is to provide another layer of
authentication. For an attacker to successfully compromise this setup and obtain
unauthorized access she would need to be at the predefined phone number or
reconfigure the telephone companys equipment to forward the call on to her.
(58) Which of the following protocols is considered connection oriented?

TCP is the only connection-oriented protocol listed. A
connection-oriented protocol provides reliable connectivity and data transmission,
while connectionless provides unreliable connections and does not promise or ensure
data transmission.
(59) Which of the following best describes Ethernet transmissions over a LAN?
A. Traffic is sent to a gateway that sends it to the destination system.
B. Traffic is bursty in nature and broadcasts data to all hosts on the subnet.
C. Traffic streams and does not broadcast data.
D. Traffic is contained within collision domains but not broadcast domains.

Ethernet is a very chatty protocol because it allows all systems to
hear each others broadcasts. The technology has many collisions because all systems
have to share the same medium.
(60) Which of the following proxies cannot make access decisions on protocol commands?
A. Application
B. Packet filtering
C. Circuit
D. Stateful

Application and circuit are the only type of proxy-based firewall
solutions listed here; the others do not use proxies. Circuit-level proxy firewalls
make decisions based on header information and not the protocols command structure.
Application-level proxies are the only ones that understand this level of
granularity about the individual protocols.
(61) A security concern that is prevalent in distributed environments and systems is __________.
A. Knowing the proper proxy and default gateway
B. Knowing whom to trust
C. Knowing what authentication method is most appropriate
D. Knowing how to resolve hostnames

Distributed environments bring about a lot more complexity and
drastically increase the difficulty of access control. Since you now have many
different applications, devices, services, and users it is much more difficult to
know which entities to trust and to what degree.
(62) Which protocol is commonly used to authenticate users on dial-up connections?
B. IPSec
D. L2F

The other protocols listed are used for tunneling and/or VPN
connectivity, not user authentication. CHAP uses the challenge-response method of
authenticating a user.
(63) Which of the following shows the sequence of layers as Layers 2, 5, 7, 4, and 3?
A. Data Link, Session, Application, Transport, and Network
B. Data Link, Transport, Application, Session, and Network
C. Network, Session, Application, Network, and Transport
D. Network, Transport, Application, Session, and Presentation

The OSI model is made up of seven layers. Application (Layer 7),
Presentation (Layer 6), Session (Layer 5), Transport (Layer 4), Network (Layer 3),
Data Link (Layer 2), and Physical (Layer 1).
(64) What is another name for a VPN?
A. Transport session
B. Tunnel
C. End-to-end connection
D. Bandwidth

A VPN sets up a private and secure tunnel by encapsulating and
encrypting data. This allows data to be safely transmitted over untrusted networks.
(65) When security is a high priority, why is fiber cabling used?
A. It has high data transfer rates and is less vulnerable to EMI.
B. It multiplexes data, which can confuse attackers.
C. It has a high degree of data detection and correction.
D. Data interception is next to impossible.

It is very difficult to tap into a fiber line, and fiber does not
radiate signals as the other cable types do.
(66) Why are mainframes considered more secure than LAN environments?
A. They have fewer entry points.
B. They have stronger authentication mechanisms.
C. They have more auditing and encryption implemented.
D. They are actually weaker than LANs.

This is a relative and general statement. Mainframes are more closed
systems and work in more closed environments when compared to the distributed
environments we work in today. Mainframes usually have a smaller number of entry
points, which are generally very controlled.
(67) What does it mean when computers communicate logically and physically with each other?
A. They speak physically through headers and trailers and logically through virtual connections.
B. They speak physically through PVCs and logically through SVCs.
C. They speak physically when connected to a backbone network and logically when they speak to each other within the same LAN.
D. They speak physically through electrons and network cables and logically through layers in the OSI model.

Systems, of course, communicate physically using network cables or
airwaves. But they also communicate logically. An FTP protocol on one system speaks
to the FTP protocol on another system and is not aware that many other protocols,
devices, and cables are involved. Protocols, services, and applications communicate
logically, and this communication is transmitted over physical means.
(68) How does data encapsulation work with the protocol stack?
A. Each layer in the OSI model multiplexes other packets to the data as it is passed down the protocol stack.
B. Each layer in the OSI model adds its own information to the data as it is passed down the protocol stack.
C. The packet is encapsulated and grows as it hops from router to router.
D. The packet is encapsulated and grows when it is passed up the protocol stack.

Data encapsulation means that a piece of data is put inside another
type of data. This usually means that individual protocols apply their own
instruction set in the form of headers and trailers. As a data package goes down the
OSI, or protocol stack, of a system, each protocol that is involved adds its own
instructions. This process is reversed at the destination.
(69) Systems that are built on the OSI framework are considered open systems. What does this mean?
A. They do not have authentication mechanisms configured by default.
B. They have interoperability issues.
C. They are built with international protocols and standards so they can easily communicate with other systems.
D. They are built with international protocols and standards so they can choose what types of systems they will communicate with.

An open system is a system that has been developed based on
standardized protocols and interfaces. Following these standards allows the systems
to interoperate more effectively with other systems that follow the same standards.
(70) VoIP’s integration with the TCP/IP protocol suite has brought about immense security challenges because it allows malicious users to bring their TCP/IP experience into this relatively new platform, where they can probe for flaws in both the architecture and the VoIP systems. Which of the following is one of the most serious concerns when implementing VoIP?
A. Lack of authentication
B. Lack of authorization
C. Lack of identification
D. H.235 compromise

SIP-based signaling suffers from the lack of encrypted call channels
and authentication of control signals. Attackers can tap into the SIP server and
client communication to sniff out login IDs, passwords/PINs, and phone numbers.
(71) Which of the following protocols works in the following layers: Application, Data Link, Network, and Transport?

Different protocols have different functionalities. The OSI model is
an attempt to conceptually describe where these different functionalities take place
in a networking stack. The model is basically trying to draw boxes around reality
for people to better understand the stack. Each layer has specific functionality and
several different protocols that can live at that layer and carry out that specific
(72) What is the purpose of the Presentation layer?
A. Addressing and routing
B. Data syntax and formatting
C. End-to-end connection
D. Framing

The Presentation layer does not have any protocols that work there,
but has services that carry out data formatting, compression/decompression, and
encryption/decryption processes. Putting data into a standardized format allows for
a large subset of applications to be able to understand and interpret it.
(73) What is the purpose of the Data Link layer?
A. End-to-end connection
B. Dialog control
C. Framing
D. Data syntax

The Data Link layer, in most cases, is the only layer that
understands the environment that the system is working it, whether it be Ethernet,
Token Ring, wireless, or connecting to a WAN link. This layer adds the necessary
headers and trailers to the data, which frames it. Other systems on the same network
using the same technology only understand the specific header and trailer format
used in its technology.
(74) What takes place at the Session layer?
A. Dialog control
B. Routing
C. Packet sequencing
D. Addressing

The Session layer is responsible for controlling how applications
communicate, not how computers communicate. Not all applications use protocols that
work at the Session layer, so this layer is not always used in networking functions.
A Session layer protocol will set up the connection to the other application
logically and control the dialog going back and forth. Session layer protocols allow
applications to keep state of the dialog.
(75) What layer does a bridge work at?
A. Session
B. Network
C. Transport
D. Data Link

A bridge will only read header information in the Data Link layer
and no higher because it makes forwarding and filtering decisions based on what is
held within this header, which is the MAC address.
(76) Which best describes the IP protocol?
A. Connectionless protocol that deals with dialog establishment, maintenance, and destruction
B. Connectionless protocol that deals with addressing and routing of packets
C. Connection-oriented protocol that deals with addressing and routing of packets
D. Connection-oriented protocol that deals with sequencing, error detection, and flow control

The IP protocol is connectionless and works at the Network layer. It
adds source and destination addresses to a packet as it goes through its data
encapsulation process. IP can also make routing decisions based on the destination
(77) Which protocol is described as a "best effort" protocol?

UDP is commonly referred to as a "best effort" protocol, but this
label describes any connectionless protocol, not just UDP.
(78) Which of the following best describes TCP versus UDP protocols?
A. TCP provides more services and is more reliable, but UDP provides more security services.
B. TCP provides a best-effort delivery, and UDP sets up a virtual connection with the destination.
C. TCP is reliable, and UDP deals with flow control and ACKs.
D. TCP provides more services and is more reliable in data transmission, whereas UDP takes less resources and overhead to transmit data.

TCP is a connection-oriented protocol, meaning it provides a more
reliable connection, controls data flow, performs error detection and correction,
and sets up a virtual connection. UDP (or any connectionless protocol) does not
provide any of these services.
(79) Which of the following firewall types keeps track of each ongoing dialog between internal and external systems?
A. Packet filtering
B. Circuit-level proxy
C. Stateful
D. Application-level proxy

Stateful firewalls use state tables to keep track of each step of
communication between systems. This provides a higher level of protection than
packet filtering, because it makes access decisions based on the steps that have
already been completed in the dialog.
(80) ThinNet is another name for what type of Ethernet implementation?
B. Gigabyte Ethernet
C. Fiber
D. 10Base2

10Base2 is called ThinNet because it uses thin, flexible coaxial cable
that is easy to work with. Its network segment length is 185 meters and can provide
up to 10 Mbps bandwidth.
(81) Which of the following tunneling protocols would be used if tunneled communication needed to take place over IPX, ATM, or frame relay?
C. IPSec

L2TP can tunnel through networks that incorporate many types of
protocols, such as X.25, ATM, and frame relay. PPTP and IPSec can only work over
IP-based networks. L2TP does not provide any encryption and must be combined with
IPSec if this type of protection is needed. L2TP was developed by combining the best
of the L2F and PPTP protocols.
(82) The network topology in which all computers are connected together in a non-uniform formation is called what?
A. Mesh
B. Ring
C. Star
D. Bus

A mesh topology is one that does not provide the network structure of
the other three mentioned topologies (bus, star, ring). In a partial mesh topology
all computers are connected in some way (the Internet is a good example). In a full
mesh, each computer is connected to each and every other computer. A full mesh
topology provides full redundancy, but requires a lot of cabling.
(83) If an external router filters traffic before it enters the network and another screening device monitors traffic before it enters the internal network, what type of architecture is this?
A. Screened host
B. Screened subnet
C. Dual-homed firewall
D. Dual subnets

A screened subnet filters external traffic and passes it on to the
firewall (the second screening device) and then on to the internal network. A
screened subnet creates a DMZ by using two routers or firewalls. A screened host is
a screening router that is in front of a firewall, but does not create a DMZ.
(84) Which of the following is not true of application-level proxy firewalls?
A. Provide a higher level of protection than circuit-level firewalls
B. Hide network information from external entities
C. One proxy per service is needed
D. Improve network performance

Because application-level proxy firewalls work at such an intricate
level, they typically reduce the overall network performance. Application-level
proxy firewalls look at the data payload to make access decisions and can detect
malicious code and commands, while the other firewall types cannot.
(85) A network segment located between the protected and unprotected network is called a __________?
A. Honeypot
B. Safe zone

Demilitarized zones (DMZ) provide a buffer and help protect the
internal network from the untrusted, external network. A DMZ can be created by
setting up two routers or firewalls. Only the necessary systems should be placed in
the DMZ, since they will be the first ones accessed by people from the Internet or
untrusted network.
(86) In which of the following areas does application-level proxy firewalls have an advantage over packet filtering firewalls?
A. Application independence
B. Scalability
C. Security
D. Performance

Proxy firewalls provide better security as they act as middlemen
separating the trusted and untrusted networks. They actually break the connection
and do not allow external users to have direct access to internal resources.
(87) Which of the following protocols replaced SLIP?
A. IPSec
C. L2F

Point-to-Point Protocol (PPP) replaced SLIP because it offers more
capabilities such as error correction, better support of authentication,
encapsulation of protocols other than IP, and compression of header information.
Both protocols are encapsulation protocols used to carry data over serial lines.
(88) What device works at the Physical layer to amplify electrical signals between network segments?
A. Switch
B. Router
C. Repeater
D. Gateway

Repeaters are simple devices that help extend the network by
amplifying a signal so it can pass on to the next segment. Otherwise the signal
weakens (attenuation) and may not be decipherable by the receiving system.
(89) Which of the following VoIP commands correspond to their potentially devastating effects?
A. The bye command causes VoIP devices to close down while in a conversation.
B. The checksync command can be used to reboot VoIP terminals.
C. The reset command causes the server to reset and reestablish the connection.
D. The establish command causes an unauthenticated client to associate to a server.

Attackers can impersonate a server and issue commands such as bye,
checksync, and reset to VoIP clients. The bye command causes VoIP devices to close
down while in a conversation, the checksync command can be used to reboot VoIP
terminals, and the reset command causes the server to reset and reestablish the
connection, which takes considerable time. The establish command causes an
unauthenticated client to associate to a server.
(90) In which of the following topologies are all computers connected to a central device?
A. Star
B. Bus
C. Mesh
D. Tree

Star topologies use a centralized device to connect all devices; the
centralized device is a single point of failure.
(91) Which of the following technologies uses fiber optic rings to connect different networks and is a MAN technology?
B. Token Ring
D. Frame relay

Fiber Distributed Data Interface (FDDI) is a high-speed token-passing
technology that offers transmission speeds of 100 Mbps. It is used as a metropolitan
area network (MAN) technology, meaning it connects different networks together.
(FDDI can be used as a LAN technology, but the CISSP exam refers to it mainly as a
MAN technology.)
(92) What is the central hub called in a Token Ring network?
A. Star

Each computer in a Token Ring network is connected to a Multistation
Access Unit (MAU), which acts as a central hub. The token will go around to each
computer connected to this centralized device in a collapsed ring. The topology, in
this example, is a physical star while the technology works in a logical ring.
(93) What is the maximum cable length of 10Base2?
A. 500 meters
B. 185 meters
C. 85 meters
D. 100 meters
10Base2, or ThinNet, should only have a network segment length of 185
meters. After that the signal can degrade.
(94) Ethernet uses what type of access method?
B. Polling
D. Token passing

Ethernet uses Carrier Sense Multiple Access with Collision Detection
(CSMA/CD), which monitors transmission activity on the wire. A computer that wants
to transmit data will listen to see if the line is clear before putting data onto
the wire. This is done to help avoid collisions.
(95) Which of the following is not true of a circuit-switched network?
A. Acts as a dedicate virtual connection
B. Is connection-oriented
C. Usually carries voice traffic
D. Has variable delays

Because connections must be established and terminated with each
session, there are predictable and fixed delays with circuit-switched networks.
Packet-switching connections will have variable delays because the packets can take
different paths and be queued at different intermediate devices.
(96) In which technology do different users share the same network medium?
B. Cable modem
C. Dial-up

A major security concern of cable modems is the fact that neighbors
use the same coaxial network and can monitor each others traffic.
(97) How many bearer channels does a BRI ISDN service have?
A. 23
B. 24
C. 2
D. 1

Basic rate interfaces (BRI) ISDN service provides two bearer, or B
channels, and one D or control channel. Data is transferred over B channels and the
call setup, maintenance, and teardown take place over the D channel. PRI ISDN
service provides 23 B channels and one D channel.
(98) A WAN technology that uses 53-byte cells and has low delay levels is called:
B. Frame relay
C. X.25

Asynchronous Transfer Mode (ATM) is a cell-switching technology that
provides extremely fast and efficient connection paths. It uses fixed length cells
rather than packets.
(99) The loss of signal strength as it travels is called:
A. Crosstalk
B. Attenuation
C. Noise
D. Preamble

Attenuation occurs when electrical signals lose strength as they
travel across wires. This is because the electrons encounter resistance as they
(100) In twisted-pair cabling, the tighter the wire is twisted, the more resistant the cable is to:
A. Attenuation and breaking
B. Causing fire hazards
C. Interference and attenuation
D. Corrosion

Tightly twisted cabling ensures strong signal strengths and fewer
noise interferences. The different categories of UTP have a direct correlation on
the amount of twists implemented for the wiring.

- Muhammad Idham Azhari -

No comments: