1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 69
Выбрать главу

179. Which of the following uses spanning tree algorithm?

a. Firewalls, sensors, and instant messaging (IM) servers

b. Routers, bridges, and Internet relay chat (IRC) servers

c. Switches, guards, and instant messaging (IM) servers

d. Gateways, proxies, and Internet relay chat (IRC) servers

179. b. Multicast and broadcast routing is performed using spanning tree algorithm, which makes excellent use of bandwidth where each router knows which of its lines belong to the tree. The spanning tree algorithm is used to build plug-and-play bridges and Internet relay chat (IRC) servers. Each IRC server must have exactly one path to any other server. Therefore, routers, bridges, and IRC servers use the spanning tree algorithm and the other three choices do not deal with the spanning tree algorithm.

180. The Internet Control Message Protocol (ICMP) does not do or does not have which of the following?

1. Respond

2. Ports

3. Message types

4. Message codes

a. 1 only

b. 2 only

c. 1 and 2

d. 3 and 4

180. c. The Internet Control Message Protocol (ICMP) does not have ports and most ICMP messages are not intended to elicit a response. ICMP has message types, which indicate the purpose of each ICMP message. Some message types also have message codes, which can be thought of as subtypes.

181. Most hardware/software guard implementations use which of the following approaches?

a. Private network

b. Dual network

c. Public network

d. Backbone network

181. b. Most hardware/software guard implementations use a dual network approach, which physically separates the private and public sides from each other. A backbone network is a central network to which other networks connect.

Hardware and/or software guards enable users to exchange data between private and public networks, which is normally prohibited because of information confidentiality. A combination of hardware and/or software guards is used to allow secure local-area network (LAN) connectivity between enclave boundaries operating at different security classification levels (i.e., one private and the other public).

182. For active attacks on hardware/software guards, which of the following are countermeasures against manipulation of data on the private network?

1. Encryption algorithms

2. Key management processes

3. Cryptographic authentication

4. Data-separation methods

a. 1 and 2

b. 1 and 3

c. 3 and 4

d. 1, 2, 3, and 4

182. c. The appropriate countermeasure against manipulation of data on the private network is to permit only authorized users to access the data, through file transfers, on the private network using cryptographic authentication and data separation techniques. Encryption algorithms and key management processes are countermeasures against active attacks such as decrypting weakly encrypted traffic.

183. Which of the following is not an attack targeted at the Transmission Control Protocol (TCP) and Internet Protocol (IP)?

a. Session hijacking

b. Invalidated input

c. Ping of death

d. SYN flood

183. b. Invalidated input is an attack targeted at the application layer of the TCP/IP suite. Weaknesses in TCP and IP enable attacks, such as session hijacking, ping of death, synchronization (SYN) floods, and address impersonation. TCP operates at the transport layer whereas IP operates at the network layer of the TCP/IP suite.

184. For active attacks on hardware/software guards, which of the following are countermeasures against modification of data in transit?

1. Timestamps

2. Sequence numbers

3. Digital signatures

4. Keyed hash integrity checks

a. 1 and 2

b. 1 and 3

c. 3 and 4

d. 1, 2, 3, and 4

184. c. Countermeasures against modification of data in transit include the use of digital signatures or keyed hash integrity checks to detect unauthorized modification to the data in transit. E-mail, real-time messaging, and file transfers are all susceptible to interception and modification while in transit. Timestamps and sequence numbers are examples of countermeasures against active attacks such as the insertion of data or reinsertion of previous messages.

185. Most attacks are targeted at which of the following Transmission Control Protocol/Internet Protocol (TCP/IP) layers?

a. Application layer

b. Transport layer

c. Network layer

d. Data link layer

185. a. In most cases, the application layer contains the actual activity of interest—most attacks are against vulnerabilities in applications, and nearly all misuse involves misuse of applications. The transport layer, the network layer, and the data link layer have fewer attacks compared to the application layer.

Hypertext transfer protocol (HTTP) is a function of the application layer, along with DNS, SMTP, FTP, and SNMP. This layer sends and receives data for particular applications. The transport layer provides connection-oriented or connectionless services for transporting application layer services between networks. The network layer routes packets across networks. The data link layer handles communications on the physical network components.

186. Which of the following statements about media access control/medium access control (MAC) address are true?

1. Each frame contains two MAC addresses.

2. Each frame contains either IP or ARP.

3. A MAC address does not uniquely identify an IP address.

4. NICs can be made with duplicate MAC addresses.

a. 1 and 2

b. 2 and 3

c. 1 and 4

d. 1, 2, 3, and 4

186. d. Each frame of media access control/medium access control (MAC) contains two MAC addresses, which indicate the MAC address of the NIC that just routed the frame and the MAC address of the next NIC that the frame is being sent to. Besides the MAC addresses, each frame’s payload contains either Internet protocol (IP) or address resolution protocol (ARP). When IP is used, each IP address maps to a particular MAC address. Multiple IP addresses can map to a single MAC address, so a MAC address does not uniquely identify an IP address. There have been cases in which manufacturers have accidentally created network interface cards (NICs) with duplicate MAC addresses, leading to networking problems and spoofing attacks.

187. For network data analysis, a host computer can be identified by which of the following?

a. Analyzing physical components

b. Reviewing logical aspects

c. Mapping an IP address to the MAC address of a NIC

~ 69 ~