1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 58
Выбрать главу

Routing control is incorrect because it provides confidentiality service. With routing control, routes can be chosen so as to use only secure links in the communication line.

94. Which of the following is not an example of information system entry and exit points to protect from malicious code?

a. Firewalls

b. Electronic mail servers

c. Workstations

d. Web servers

94. c. An organization employs malicious code protection mechanisms at critical information system entry and exit points such as firewalls, e-mail servers, Web servers, proxy servers, and remote access servers. Workstations are internal to an organization and do not provide direct entry and exit points.

95. Which of the following statements about data gateways is not correct?

a. Data gateways cannot standardize communication protocols.

b. Data gateways are devices to adapt heterogeneous clients to servers.

c. Data gateways absorb diversity in implementation details.

d. Data gateways provide access control and authentication mechanisms.

95. a. Gateways translate between incompatible protocols, such as between IBM’s SNA and TCP/IP. Data gateways, then, are devices to adapt heterogeneous clients and servers. They may simply absorb diversity in implementation details and provide access control and authentication mechanisms. It is incorrect to say that data gateways cannot standardize communication protocols.

96. Which of the following is not used in creating dynamic Web documents?

a. Common gateway interface (CGI)

b. Extensible markup language (XML)

c. JavaServer page (JSP)

d. ActiveServer page (ASP)

96. b. Extensible markup language (XML) is used in creating a static Web document. Dynamic Web documents (pages) are written in CGI, JSP, and ASP.

97. Which of the following is not a server-side script used in dynamic hypertext markup language (HTML)?

a. Common gateway interface (CGI)

b. ActiveServer page (ASP)

c. JavaApplets

d. Perl

97. c. A JavaApplet is a client-side script. Dynamic hypertext markup language (dynamic HTML) is a collection of dynamic HTML technologies for generating Web page contents on-the-fly. It uses the server-side scripts (e.g., CGI, ASP, JSP, PHP, and Perl) and the client-side scripts (e.g., JavaScript, JavaApplets, and Active -X controls).

98. Which of the following can provide a false sense of security?

1. Encryption protocols

2. Digital signatures

3. Firewalls

4. Certified authorities

a. 1 and 2

b. 2 and 3

c. 1 and 3

d. 2 and 4

98. c. Both encryption protocols and firewalls can provide a false sense of security. Encryption is used to provide confidentiality of data from the point of leaving the end user’s software client to the point of being decrypted on the server system. After the data is stored “in the clear” on the server, data confidentiality is no longer ensured. Data confidentiality aside, encryption cannot prevent malicious attackers from breaking into the server systems and destroying data and transaction records. Firewalls have been used to protect internal computer systems from outside attacks and unauthorized inside users. The effectiveness of a firewall is usually in providing a deterrent for would be attacks. However, the bigger issue with firewalls is misconfiguration.

Digital signatures and certified authorities provide a good sense of security because they work together to form a trusted relationship. A digital signature stamped by the certifying authority can certify that the client and the server can be trusted.

99. The normal client/server implementation uses which of the following?

a. One-tier architecture

b. Two-tier architecture

c. Three-tier architecture

d. Four-tier architecture

99. b. The normal client/server implementation is a two-tiered architecture for simple networks (i.e., one client and one server). Multitiered architectures use one client and several servers.

100. All the following are examples of media access control (MAC) sublayer protocols except:

a. Carrier sense multiple access (CSMA)

b. Ethernet

c. Advanced data communications control procedure (ADCCP)

d. Logical link control (LLC)

100. c. Advanced data communications control procedure (ADCCP) is an example of a sliding window protocol. The other three choices are examples of media access control protocols. ADCCP is a modified synchronous data link control (SDLC), which became high-level data link control (HDLC), and later became link access procedure B (LAPB) to make it more compatible with HDLC.

Carrier sense multiple access (CSMA) protocols listen to the channel for a transmitting carrier and act accordingly. If the channel is busy, the station waits until it becomes idle. When the station detects an idle channel, it transmits a frame. If collision occurs, the station waits a random amount of time and starts all over again. The goal is to avoid a collision or detect a collision (CSMA/CA and CSMA/CD). The CSMA/CD is used on LANs in the MAC sublayer and is the basis of Ethernet. Logical link control (LLC) protocol hides the differences between the various kinds of IEEE 802 networks by providing a single format and interface to the network layer. LLC forms the upper half of the data link layer with the MAC sublayer below it.

101. All the following are examples of sliding window protocols except:

a. Wavelength division multiple access (WDMA)

b. Synchronous data link control (SDLC)

c. High-level data link control (HDLC)

d. Link access procedure B (LAPB)

101. a. Sliding window protocols, which are used to integrate error control and flow, are classified in terms of the size of the sender’s window and the size of the receiver’s window. Sliding window protocols (e.g., SDLC, HDLC, and LAPB) are bit-oriented protocols and use flag bytes to delimit frames and bit stuffing to prevent flag bytes from occurring in the data. Wavelength division multiple access (WDMA) is an example of medium/media access control (MAC) sublayer protocol that contains two channels for each station. A narrow channel is provided as a control channel to signal the station, and a wide channel is provided so that the station can output data frames.

102. Data link layer VPN protocols such as the Cisco Layer 2 Forwarding (L2F) do not provide which of the following services?

a. RADIUS

b. TACACS+

c. Encryption

d. Protects the traffic between the ISP and the organization

~ 58 ~