55. When a nonremote user connection is established with a remote device using a virtual private network (VPN), the configuration settings generally prevent which of the following?

a. Split knowledge

b. Split domain name service

c. Split tunneling

d. Split gateway

55. c. Split tunneling is a method that routes organization-specific traffic through the secure sockets layer (SSL) VPN tunnel, but other traffic uses the remote user’s default gateway. Remote users normally use split tunneling to communicate with the information system as an extension of that system and to communicate with local resources such as a printer or file server. The remote device, when connected by a nonremote connection, becomes an extension of the information system, enabling a dual communications path (i.e., split tunneling), which, in effect, enables unauthorized external connections into the system. Here the use of VPN for nonremote connection generally prevents the split tunneling, depending on the configuration settings and traffic types.

56. Extrusion detection at the information system boundary does not include which of the following?

a. Looking for internal threats

b. Analyzing outgoing network traffic

c. Looking for external threats

d. Analyzing incoming network traffic

56. c. Detecting internal actions that may pose a security threat to external information systems is called extrusion detection. It is also referred to as data loss prevention. Its scope includes the analysis of incoming and outgoing network traffic looking for indications of an internal threat (not an external threat) to the security of external systems.

57. Which of the following prevents the unauthorized exfiltration of information across managed interfaces such as proxies and routers?

1. Strict adherence to protocol formats

2. Monitoring for indications of beaconing from the information system

3. Monitoring for use of steganography

4. Disassembling and reassembling packet headers

a. 1 only

b. 1 and 2

c. 2 and 4

d. 1, 2, 3, and 4

57. d. All the four items are measures to prevent unauthorized exfiltration of information from the information system. Other preventive measures against exfiltration include disconnecting external network interfaces except when explicitly needed and conducting traffic profile analysis to detect deviations from the volume or types of traffic expected within the organization.

58. Which of the following devices can enforce strict adherence to protocol formats to prevent unauthorized exfiltration of information across managed interfaces using boundary protection devices?

1. Deep packet inspection firewalls

2. XML gateways

3. Routers

4. Bridges

a. 1 only

b. 1 and 2

c. 1 and 3

d. 3 and 4

58. b. Examples of devices enforcing strict adherence to protocol formats are deep packet inspection firewalls (also known as stateful protocol analysis capability) and extensible markup language (XML) gateways. These devices verify adherence to the protocol specification at the application layer and serve to identify vulnerabilities that cannot be detected by devices operating at the network layer or transport layer. Routers operate at the network layer and bridges operate at the data link layer. In addition, XML gateways are used to prevent and detect XML-based denial-of-service (DoS) attacks. Managed interfaces using boundary protection devices include proxies, gateways, routers, firewalls, software/hardware guards, and encrypted tunnels.

59. Network management, operations, and user support for a large distributed system together represent a complex undertaking. Which of the following issues most increases the complexity of network management?

a. Multiple topologies

b. Multiple transmission media

c. Multiple protocols

d. Multiple accesses

59. b. A number of issues affect network management in a large distributed system. They result from multiple network topologies (i.e., structures), multiple transmission media (e.g., wiring), multiple protocols (i.e., rules that govern communications across a network), and multiple network owners. Increases in the number of transmission media increase the complexity of large distributed system network management. For example, each medium may require different protocols, equipment, and software, with additional expertise in a network administrator. An increased number of transmission media may complicate the standardization of management procedures across a large distributed system. Using different transmission media may result in different costs, system reliability, or performance. A number of network “owners” may support a large distributed system. The sense of ownership can result from a variety of factors, including different organizations involved, functionality included, and geographic areas covered. Increases in the number of owners increase the complexity of network management due to coordination and communication required.

The other three choices are incorrect. A topology is a pattern of interconnection between nodes (i.e., end points) in a network. A large distributed system may require the use of one or more topologies to support the varying needs of subsystems, organizations, and individual users or to accommodate existing network architectures. Factors to consider include applications supported, robustness required, network architecture supported, protocols required, and local and remote connections needed. Multiple protocols establish the rules that govern data transmission and generally cover the method to represent and code data; the method to transmit and receive data; and the method of nonstandard information exchange. Multiple access is a scheme that allows temporary access to the network by individual users, on a demand basis, for the purpose of transmitting information. Multiple topologies and protocols are a necessary part of the infrastructure and are dictated by multiple transmission media and network owners.

60. What is determining what components to include in the network configuration called?

a. Configuration identification

b. Configuration control

c. Configuration requirements tracing

d. Configuration status accounting

60. a. Configuration management provides a valuable baseline for controlling maintenance and enhancement activity. Configuration management typically has four major functions: identification, control, requirements tracing, and status accounting. Configuration identification determines what components to include in the configuration and develops unique identifiers for tracking individual components and adding new ones.

Configuration control imposes discipline on the change process to ensure that items changed or added to the configuration complete all the necessary testing and approval steps before inclusion.