1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 63
Выбрать главу

1. Truncation

2. Little or no truncation

3. Higher overhead

4. Lower overhead

a. 1 only

b. 4 only

c. 1 and 4

d. 2 and 3

133. d. TCP is used when DNS queries result in little or no truncation, but it is subjected to higher overhead of resources. On the other hand, DNS requests using UDP result in truncation and utilizes a lower overhead of resources.

134. A peer-to-peer (P2P) networking is similar to which of the following?

a. Content delivery network

b. Value-added network

c. Ad-hoc network

d. Wide-area network

134. c. Ad-hoc networks are similar to peer-to-peer (P2P) networking in that they both use decentralized networking, in which the information is maintained at the end user location rather than in a centralized database. The networks mentioned in the other three choices use centralized networking with centralized databases.

135. Which of the following is not a function of host-based scanners?

a. Identify outdated software versions

b. Identify outdated patches

c. Identify outdated system upgrades

d. Identify open ports

135. d. Network-based scanners identify open ports. The other three choices are incorrect because they are functions of host-based scanners. Another tool is a port scanner, which is a program that attempts to determine remotely which ports on systems are open (i.e., whether systems enable connections through those ports). Port scanners help attackers to identify potential targets.

136. Which of the following system security testing and information gathering tools can produce false positives?

a. Information scanning tool

b. Vulnerability scanning tool

c. Network scanning tool

d. Penetration testing tool

136. b. False positives occur when a tool reports a security weakness when no weakness is present. A vulnerability scanner is a program that looks for vulnerabilities on either the local system or on remote systems. Vulnerability scanners help attackers to find hosts that they can exploit successfully. The automated vulnerability scanning tools is used to scan a group of hosts or a network for known vulnerable services such as use of file transfer protocol (FTP) and sendmail relaying. Some of the vulnerabilities flagged by the automated scanning tool may actually not be vulnerable for a particular site based on its configuration. Thus, this scanning tool can produce false positives, which are warning and alerts that incorrectly indicate that malicious activity is occurring.

The automated information scanning tool does not produce false positives because it is used to collect system information efficiently to build individual profiles of the target IT system. The network scanning tool, which does not produce false positives, lists all active hosts and services operating in the address space scanned by the port-scanning tool. The penetration testing tool is a specific tool for information systems testing and does not produce false positives.

137. From a network data analysis perspective, what do many Web-based applications use?

a. Two-tiered client/server model

b. Three-tiered client/server model

c. Four-tiered client/server model

d. Five-tiered client/server model

137. c. A client/server application is designed to split among multiple systems. Examples of typical client/server applications are medical records systems, e-commerce applications, and inventory systems. Many Web-based applications use four-tier client/server models: Web browser, Web server, application server, and database server. Each tier interacts only with the adjacent tiers, so in three- and four-tier models, the client does not directly interact with the database server.

A two-tiered client/server model is incorrect because the application stores its code, configuration settings, and supporting files on each user’s workstation, and its data on one or more central servers accessed by all users. Programs are stored on a workstation, and data is stored on a central server. Logs are most likely stored on the workstations only. This model includes client workstations and a central server.

A three-tiered client/server model is incorrect because the application separates the user interface from the rest of the application, and also separates the data from the other components. The classic three-tier model places the user interface code on the client workstation, the rest of the application code on an application server, and the data on a database server. This model includes client workstations, application server, and database server. A five-tiered client/server model is incorrect because it is complex to configure, operate, and manage.

138. Which of the following enhances an instant messaging (IM) authentication process?

a. Active directory service

b. Lightweight directory access protocol

c. Two-factor authentication

d. Role-based access permissions

138. c. Instant messaging (IM) systems authenticate users for communication by linking user accounts to directory services (i.e., Active Directory and Lightweight Directory Access Protocol, LDAP) to associate with valid accounts and provide role-based access permissions. IM authentication could be enhanced using two-factor authentication because it is more secure. Two-factor authentication identifies users using two distinctive factors such as something they have (e.g., token or smart card), something they know (e.g., password or PIN), or something they are (e.g., a biometric sample). Requiring two forms of electronic identification reduces the risk of fraud.

139. Which of the following extensible authentication protocol (EAP) methods does not fully satisfy the security requirements for a robust security network (RSN) such as wireless local-area network (WLAN) using the IEEE 802.11i standard?

a. EAP transport layer security (EAP-TLS)

b. EAP tunneled TLS (EAP-TTLS)

c. EAP flexible authentication via secure tunneling (EAP-FAST)

d. Protected EAP (PEAP)

139. c. The extensible authentication protocol (EAP) provides the authentication framework for IEEE 802.11 RSNs that use IEEE 802.11X port-based access control. The EAP provides mutual authentication between an access point (AP), a station (STA), and an authentication server (AS). EAP-FAST is especially suitable for unsophisticated devices (e.g., household appliances, vending machines, and other small devices not connected to WLANs) that might not have the computing power to perform TLS handshakes, and as such its security is limited for robust WLANs. The other three EAP methods are secure. It is important that organizations should select the EAP methods based on a risk assessment of the target environment.

140. Which of the following is a part of transport layer security policies and is not a part of data link layer security policies to prevent network congestion problems?

a. Retransmission policy

b. Timeout determination policy

c. Out-of-order caching policy

d. Flow control policy

~ 63 ~