1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 81
Выбрать главу

276. Which of the following protocols use many network ports?

a. SNMP and SMTP

b. TCP and UDP

c. ICMP and IGMP

d. ARP and RARP

276. b. TCP and UDP protocols are part of the TCP/IP suite operating at the transport layer of the ISO/OSI model. Network ports are used by TCP and UDP, each having 65,535 ports. Attackers can reconfigure these ports and listen in for valuable information about network systems and services prior to attack. SNMP and SMTP are application layer protocols, which use few ports. ICMP and IGMP are network layer protocols, which do not use any ports. ARP and RARP are data link layer protocols, which do not use any ports.

Network ports 0 through 1,023 are assigned for service contact used by server processes. The contact ports are sometimes called “well-known” ports. These service contact ports are used by system (or root) processes or by programs executed by privileged users. Ports from 1,024 through 65,535 are called registered ports. All incoming packets that communicate via ports higher than 1,023 are replies to connections initiated by internal requests. For example, Telnet service operates at port #23 with TCP and X Windows operate at port #6,000 with TCP.

277. Which of the following is not compatible with the Internet Protocol (IP) version 6?

a. IP version 4

b. TCP

c. UDP

d. BGP

277. a. The Internet Protocol version 6 (IPv6) is not backward compatible with IPv4 but is compatible with TCP, UDP, ICMP, IGMP, OSPF, BGP, and DNS. The IPsec services are provided at the IP layer (network layer), offering protection for IP and/or upper-layer protocols such as TCP, UDP, ICMP, IGMP, OSPF, BGP, and DNS.

278. Which of the following network connectivity devices use rules that could have a substantial negative impact on the device’s performance?

a. Sensors and switches

b. Routers and firewalls

c. Guards and gateways

d. Connectors and concentrators

278. b. Rules or rulesets are used in routers and firewalls. Adding new rules to a router or firewall could have a substantial negative impact on the device’s performance, causing network slowdowns or even a denial-of-service (DoS). The information security management should carefully consider where filtering should be implemented (e.g., border router, boundary router, and firewall). A boundary router is located at the organization’s boundary to an external network.

The other three choices do not use rules or rulesets. A sensor is an intrusion detection and prevention system (IDPS) component that monitors and analyzes network activity. A switch is a mechanical, electromechanical, or electronic device for making, breaking, or changing the connections in or among circuits. A hardware/software guard is designed to provide a secure information path for sharing data between multiple system networks operating at different security levels. A gateway transfers information and converts it to a form compatible with the receiving network’s protocols. A connector is an electromechanical device on the ends of cables that permit them to be connected with, and disconnected from, other cables. A concentrator gathers together several lines in one central location.

279. Countermeasures against sniffers do not include which of the following?

a. Using recent version of secure shell protocol.

b. Applying end-to-end encryption.

c. Using packet filters.

d. Implementing robust authentication techniques.

279. c. Packet filters are good against flooding attacks. Using either recent version of secure shell (e.g., SSHv2) or IPsec protocol, using end-to-end encryption, and implementing robust authentication techniques are effective against sniffing attacks.

280. Secure remote procedure call (RPC) provides which one of the following security services?

a. Authentication

b. Confidentiality

c. Integrity

d. Availability

280. a. Secure remote procedure call (RPC) provides authentication services only. Confidentiality, integrity, and availability services must be provided by other means.

281. Which of the following does not provide confidentiality protection for Web services?

a. Extensible markup language (XML) encryption

b. Web services security (WS-Security)

c. Advanced encryption standard (AES)

d. Hypertext transfer protocol secure (HTTPS)

281. c. The advanced encryption standard (AES) does not provide confidentiality protection for Web services. However, the AES is used for securing sensitive but unclassified information.

The other three choices provide confidentiality protection for Web services because most Web service data is stored in the form of extensible markup language (XML). Using XML encryption before storing data should provide confidentiality protection while maintaining compatibility. Web services security (WS-Security) and HTTPS are generally used to protect confidentiality of simple object access protocol (SOAP) messages in transit, leaving data at rest vulnerable to attacks.

282. Firewalls cannot provide a “line of perimeter defense” against attacks from which of the following?

a. Traffic entering a network

b. Traffic to and from the Internet

c. Traffic to host systems

d. Traffic leaving a network

282. b. Firewalls police network traffic that enters and leaves a network. Firewalls can stop many penetrating attacks by disallowing many protocols that an attacker could use to penetrate a network. By limiting access to host systems and services, firewalls provide a necessary line of perimeter defense against attack. The new paradigm of transaction-based Internet services makes these “perimeter” defenses less effective as their boundaries between friendly and unfriendly environments blur.

283. Sources of legal rights and obligations for privacy over electronic mail do not include which of the following?

a. Law of the country

b. Employer practices

c. Employee practices

d. Employer policies

283. c. E-mail networks function as decentralized systems. Independent, unconnected systems at multiple locations are decentralized. An electronic message flows through the system, going from one machine to another. Eventually the message reaches the correct machine and is placed in the targeted person’s e-mail box. Because e-mail crosses many state and national boundaries and even continents, it is advised to review the principal sources of legal rights and obligations. These sources include the law of the country and employer policies and practices. Employee practices have no effect on the legal rights and obligations.

284. In the ISO/OSI reference model, which of the following relates to end system-level security?

a. Transport layer or network layer

~ 81 ~