CISSP Exam Preparation (Question 6 ~ 50)

(6) Which of the following media types is the most easily tapped?

A. Twisted pair

B. Baseband coaxial

C. Broadband coaxial

D. Fiber

Explanation:

Twisted-pair cabling is very common and inexpensive but can be easily
tapped. It is commonly used in small office buildings due to its distance
limitations.

(7) Which of the following is most resistant to the environment?

A. Infrared

B. Free space optics

C. Satellite

D. Fiber optics

Explanation:

Fiber optics would be most protected from environmental threats.
Infrared signals can be impacted by heavy rain, free space optics can be affected by
fog, and satellite transmissions are affected by weather disruptions, such as cloud
cover, rain, and snow.

(8) Dispersion is a condition that affects which cabling type?

A. Twisted pair

B. Broadband coaxial

C. Directional antennae

D. Fiber optics

Explanation:
Dispersion is the spreading out of light pulses, which overlap the
preceding or upcoming pulses. This is most prevalent in fiber optic cabling.

(9) Electromagnetic interference (EMI) would have no impact on which of the following?

A. Fiber optics

B. Category 5 twisted pair

C. Broadband

D. Category 3 twisted pair

Explanation:

Fiber optics have a sturdy glass or plastic casing that makes them
immune to EMI. EMI can result in transmission faults, especially if the cabling is
under heavy loads. Although the other choices all have different degrees of EMI
vulnerability, fiber optics would be the most resistant to this type of threat.

(10) A circuit-switched connection is a physical, _______ connection.

A. Permanent

B. Virtual

C. Temporary

D. Shared

Explanation:

Circuit switching establishes physical, permanent connections from the
time a call begins to the time it ends. The connection is not shared; it is a
private end-to-end connection that is built when a call goes up and torn down when
the call ends.

(11) What type of media access method do Ethernet LANs use?

A. Polling

B. Token passing

C. Token sharing

D. CSMA-CD

Explanation:
Ethernet LANs use Carrier Sense Multiple Access with Collision
Detection (CSMA-CD). In this methodology, each device signals its intent to transmit
so that other devices will not block the transmission accidentally.

(12) The wireless standard 802.11 has matured over the past few years, but only two provisions have been widely adopted. Which two are commonly accepted?

A. b, g

B. a, b

C. a, g

D. c, d

Explanation:

802.11b enforces a 11 Mbps data rate, 2.4 GHz frequency bands, and
Direct Sequence Spread Spectrum (DSSS). 802.11g was ratified in 2003 to offer
backward compatibility with 802.11b in the same network. It enforces 54 Mbps data
rate, 2.4 GHz frequency band, and OFDM.

(13) X.25 works at the ________ and ________ layers.

A. Physical and Transport

B. Network and Data Link

C. Transport and Data Link

D. Network and Physical

Explanation:

X.25 is a packet-switching technology that is used by
telecommunications services for data-only traffic. It is a subscriber-based service
that operates within the Network and Data Link layers.

(14) Frame relay is a simplified version of __________.

A. DSL

B. X.25

C. ISDN

D. SDLC

Explanation:

Frame relay is very similar to X.25, but it has removed the error
checking that was done on the network. Frame relay handles this task at the end
node, which helps to improve speed dramatically.

(15) Isochronous processes rely on ________.

A. Time constraints

B. Content variables

C. Error checking

D. Malformed packets

Explanation:

Isochronous processes must deliver data within set time constraints.
Applications are typically video related where audio and video must match perfectly.
VoIP is another example.

(16) Which of the following tunneling protocols is not well suited for dial-up?

A. IPSec

B. PPTP

C. PPP

D. L2TP

Explanation:

IPSec is a tunneling protocol used in LAN-to-LAN VPN solutions where it
can handle multiple connections at the same time. PPTP, PPP, and L2TP are popular
protocols used primarily in dial-up environments.

(17) A virtual private network is a tunneling protocol plus __________.

A. Encryption

B. Digital signature

C. DSL connection

D. Bus topology

Explanation:

A tunneling protocol alone does not make a VPN. This is a common
misunderstanding. A VPN must include both a tunneling protocol and encryption.

(18) Which of the following security association techniques uses multiple layers of protocols through IP tunneling?

A. Iterated

B. Transport adjacency

C. Encapsulation

D. Replay

Explanation:

In an iterated association each tunnel can originate or terminate at a
different IPSec site along the way. This method supports multiple layers of nesting.

(19) An effective method to shield networks from unauthenticated DHCP clients is through the use of _______________ on network switches.

A. DHCP snooping

B. ARP protection

C. DHCP shielding

D. ARP caching

Explanation:

DHCP snooping ensures that DHCP servers can assign IP addresses to only
selected systems, identified by their MAC addresses. Also, advance network switches
now have capability to direct clients toward legitimate DHCP servers to get IP
addresses and restrict rouge systems from becoming DHCP servers on the network.

(20) MPLS offers the following benefits, except:

A. Performance characteristics can be set.

B. VPNs can be created in combination with end user applications.

C. Layer 2 services can be overlaid.

D. Multiple layers can be eliminated.

Explanation:

Multiprotocol label switching (MPLS) gives service providers the
ability to create VPNs without the need of end user applications.

(21) IPSec uses ______ for key management.

A. IKE

B. MPLS

C. PPP

D. NAT

Explanation:

Internet key exchange (IKE) is used within IPSec to negotiate and
authenticate keys.

(22) IP version ___ includes 128-bit addressing and includes quality of service capabilities.

A. 4

B. 5

C. 6

D. 3

Explanation:

IP version 6 is only in limited use currently but is expected to be the
next big thing. It improves addressing size, quality of service, address
authentication, and message confidentiality and integrity.

(23) An attack that sends out an overload of UDP packets from a spoofed source so that an overload of ICMP unreachable replies flood the victim is called a ______.

A. Fraggle

B. Worm

C. Logic bomb

D. Remedy

Explanation:

A fraggle attack is similar to a smurf attack. The attacker broadcasts
UDP packets that are spoofed with the victim’s address as the source. The victim is
then unpleasantly surprised to receive a flood of ICMP "unreachable"
responses.

(24) Which attack inserts an irrational value into an oversized packet making it difficult for the destination router to re-assemble it?

A. Remedy

B. Ping of Death

C. Garble

D. Teardrop

Explanation:
Oversized packets must be disassembled by a router and then
re-assembled at their destination. Teardrop attacks insert a confusing value in the
packet that makes it virtually impossible for the final routing device to
re-assemble it.

(25) ICMP is a low-level Internet operation message protocol that is used between gateways and hosts. It uses several message codes. What would a code 3 mean?

A. Communication administratively prohibited

B. IP header was bad

C. TTL expired

D. Host unknown, network unreachable

Explanation:
A listing of ICMP messages includes:
0 Echo reply (ping reply)
3 Delivery failure (host unknown, network unreachable)
4 Source quench
8 Echo request (ping request)
11 Time to live (TTL) expired (used by traceroute)
12 IP header was bad
13 Communication administratively prohibited

(26) IGMP is based upon the _________ model in how it shares information with multicast routers.

A. Publish and subscribe

B. Unicast only

C. Send and receive

D. Bell-La Padula

Explanation:

Internet Group Management Protocol (IGMP) is a method of allowing
multicast transmissions to take place in LAN environments. It is a combination of
one-to-many and many-to-many delivery methods. IGMP takes on the characteristics of
the "publish and subscribe" model only in terms of how it handles IP
subscriptions with multicast routers.

(27) Name servers and resolvers are the two primary components of ______.

A. DNS

B. ICMP

C. IGMP

D. PG

Explanation:

Domain Name Server (DNS) is a global network of name servers that
translate hostnames into numerical IP addresses. The two main components of DNS are
the name server and the resolver. The name server holds data and responds to users
with requested information. The resolver will initiate requests with other name
servers when the original cannot provide the answer.

(28) Which of the following is the most common attack on DNS servers?

A. Poisoning

B. Flood

C. Ping

D. Masquerading

Explanation:

When an attacker corrupts a DNS server by changing the host-to-IP
relationship information, the table is said to be poisoned. It is a common attack on
DNS.

(29) ARP tables are built ___________.

A. Manually

B. Dynamically

C. Dynamically or manually

D. Unconventionally

Explanation:

Address Resolution Protocol (ARP) tables are built either dynamically
or manually. Keep in mind that static ARP entries can be built, however, this can be
difficult to manage. With dynamic entries, if an address is not found, the node
will automatically broadcast a message to all nodes asking for the correct address.
This dynamic process keeps ARP tables updated and accurate.

(30) Which is not true of hierarchical routing?

A. The region of a node that shares characteristics and behaviors is called an AS.

B. Each AS uses IGP to perform routing functionality.

C. EGP is used in the areas "between" each AS.

D. CAs are specific nodes that are responsible for routing to nodes outside of their region.

Explanation:
Gateways are designated nodes that are responsible for routing to nodes
outside of their region. Autonomous systems (AS) are regions of nodes that share
common attributes. Interior Gateway Protocol (IGP) handles routing tasks within each
AS, while Exterior Gateway Protocol (EGP) functions "between" each AS.

(31) Which protocol was built to scale well in large networks, support hierarchies, and support the simultaneous use of multiple paths?

A. RIP v1

B. OSPF

C. RIP v2

D. EGP

Explanation:

Because RIP could not scale well in large networks, Open Shortest Path
First Protocol (OSPF) was created. It supports hierarchies and the simultaneous use
of multiple paths.

(32) Remote access represents the best opportunity for a hacker to steal confidential information. Of the following vulnerabilities, which is not inherent with remote access?

A. Software on laptops can be easily exploited.

B. Internet connections are not secure.

C. Sessions are not authenticated.

D. Diagnostic ports on networking devices can be targeted.

Explanation:

Laptop software is not a specific target of remote access attacks.
Software on laptops may or may not contain vulnerabilities, but the real open doors
for hackers depend upon the network used to connect and the devices set up to allow
remote access.

(33) Instant messaging technology is extremely popular in the corporate world, but it brings with it a host of security problems. What is not true of IM?

A. Integrated directories are target lists.

B. Attackers use scripts against IM.

C. Most IM have encryption functionality but few users enable it.

D. Firewalls can be easily bypassed.

Explanation:

Instant messaging applications rarely have encryption capabilities
built in. Scripts can be used against the program. Most can be easily provisioned to
bypass firewall controls. Buddy lists serve as instant target lists for attackers.

(34) Jake is an IT administrator who is concerned about the vulnerabilities that exist with instant messaging around his office. He knows that it is very popular throughout the company, especially with upper management, so he must tread lightly when tightening security. Which of the following actions should Jake avoid?

A. Install firewalls on desktops

B. Verify central firewall is blocking unapproved messaging

C. Propose a IM security policy

D. Restrict all confidential data from being sent over IM

Explanation:
Although restricting confidential data from being sent over IM is a
good idea from a security standpoint, it might not be the best decision from a
career standpoint. Because upper management utilizes IM and it is likely that they
deal with confidential information regularly, this action might be too aggressive.

(35) Which of the following is not a denial-of-service attack?

A. Teardrop

B. Dictionary

C. Smurf

D. TCP Syn

Explanation:

Dictionary attacks are password-related attacks that can be categorized
as brute-force attacks as well. The other types are all geared to bring down a
service or attack a network’s availability.

(36) Central authenticating systems should perform three primary services. Which service is not one of them?

A. Accountability

B. Authentication

C. Authorization

D. Confidentiality

Explanation:
The basic services performed by a central authenticating system are:
authentication (who the user is), authorization (what the user can do), and
accountability (what the user has done).

(37) Which of the following is an industry standard for providing repositories for security-related data, such as cryptographic keys, passwords, or user IDs?

A. LDAP

B. CHAP

C. PKI

D. SNMP

Explanation:

Lightweight Directory Access Protocol (LDAP) is an industry standard
for securing and storing directory information. It is compatible with virtually any
platform/vendor and is perfect for storing security-related items.

(38) All of the following are true of NIS+ except:

A. Does not support MD5 password encryption

B. Uses SecureRPC

C. Hierarchical in nature

D. Supports object access restrictions

Explanation:

Network Information Systems (NIS) is a distributed database system that
lets computers share sets of files. NIS+ offers additional functionality expanding
upon regular NIS. It does support MD5 password encryption.

(39) DCE is an authentication system that mirrors Kerberos in many ways. Who developed it?

A. Open Group

B. Ron Rivest

C. NSA

D. Microsoft

Explanation:

Open Group developed the distributed computing environment (DCE)
standard that is very similar to Kerberos. It is a framework that never caught on in
the industry even though it specified its own authorization techniques, which were
lacking in Kerberos.

(40) The network perimeter concept restricts access from segment to segment via ________.

A. Choke points

B. Encryption

C. Vendor segregation

D. Trust models

Explanation:

The network perimeter concept recognizes the need to separate sensitive
networks from non-sensitive networks and accomplishes this by using choke points to
block segment-to-segment access.

(41) Which is untrue of a packet filtering firewall?

A. High security

B. Application independence

C. Performance strength

D. Excellent scalability

Explanation:

Packet filtering firewalls offer low levels of security, one reason is
their inability to screen by protocol. However, they are application-independent,
highly scalable, and perform at a high level.

(42) Which is not a primary goal of QoS?

A. Content-based filtering is achieved.

B. Jitter and latency are managed.

C. Dedicated bandwidth is maintained.

D. Different traffic types can co-exist (voice, video, data).

Explanation:

Quality of service is a business commitment to customers to provide and
guarantee levels of service by utilizing existing technologies. The main goals of
QoS are maintaining dedicated bandwidth, controlling jitter and latency, and making
sure different traffic types can co-exist.

(43) Which OSI layer handles flow control?

A. Transport

B. Data Link

C. Physical

D. Network

Explanation:

Flow control is the process of managing data transmission between
devices so that the receiving device does not get overwhelmed with traffic. The
Transport layer handles this process.

(44) Many applications are able to transmit over one physical medium at the same time by the use of ________.

A. Multiplexing

B. Routing

C. Forwarding

D. Asynchronous protocols

Explanation:

Multiplexing technologies allow many transmissions to fit on a single
medium. A multiplexer is the device that enables this type of activity.

(45) A node that sends and receives at the same time can perform what type of transmission?

A. Full-duplex

B. Half-duplex

C. Unicast

D. Multi-duplex

Explanation:

Full-duplex transmissions allow end users to send and receive data at
the same time without interruptions or collisions.

(46) In TCP, what does a sequence number do?

A. Guarantees message delivery

B. Disassembles and re-assembles packets

C. Functions as a fault code indicator

D. Is used in multiplexing

Explanation:

Sequence numbers are populated within packets as a way of ensuring that
the message is delivered to the appropriate destination and is from the appropriate
sender.

(47) An ARP cache would provide what type of information?

A. IP and MAC addressing

B. User activity data

C. Firewall specs

D. IT administrator disclaimers

Explanation:

An ARP cache will show the mapping information of an IP address to a
MAC address.

(48) Session Initiation Protocol consists of two major components: the _____________ and __________________.

A. User Agent Client, User Agent Server

B. User Agent Client, User Agent Service

C. User Client, User Service

D. User Urgent Client, User Urgent Server

Explanation:

SIP consists of two major components: the User Agent Client (UAC) and
User Agent Server (UAS). The UAC is the application that creates the SIP requests
for initiating a communication session. UACs are generally messaging tools and
soft-phone applications that are used to place VoIP calls. The UAS is the SIP
server, which is responsible for handling all routing and signaling involved in VoIP
calls.

(49) An autonomous network is controlled by how many entities?

A. One

B. Two

C. Three

D. More than 10

Explanation:

Autonomous networks are built hierarchically where one governing entity
manages traffic flow.

(50) The ______________ is an IETF-defined signaling protocol, widely used for controlling multimedia communication sessions such as voice and video calls over Internet Protocol (IP).

A. Session Initiation Protocol

B. Real-time Transport Protocol

C. SS7

D. VoIP

Explanation:

The Session Initiation Protocol (SIP) is an IETF-defined signaling
protocol, widely used for controlling multimedia communication sessions such as
voice and video calls over Internet Protocol (IP). The protocol can be used for
creating, modifying and terminating two-party (unicast) or multiparty (multicast)
sessions consisting of one or several media streams.

- Muhammad Idham Azhari