1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 82
Выбрать главу

b. Application layer or presentation layer

c. Session layer or transport layer

d. Data link layer or physical layer

284. a. The ISO/OSI standards give a choice where either a transport layer or network layer can be used to provide end system-level security. An assumption is made that the end systems are trusted and that all underlying communication networks are not trusted.

285. A primary firewall has been compromised. What is the correct sequence of action steps to be followed by a firewall administrator?

1. Deploy the secondary firewall.

2. Bring down the primary firewall.

3. Restore the primary firewall.

4. Reconfigure the primary firewall.

a. 1, 2, 3, and 4

b. 2, 3, 4, and 1

c. 2, 1, 4, and 3

d. 4, 1, 2, and 3

285. c. Internal computer systems should not be connected to the Internet without a firewall. There should be at least two firewalls in place: primary and secondary. First, the attacked (primary) firewall should be brought down to contain the damage (i.e., damage control), and the backup (secondary) firewall should be deployed immediately. After the primary firewall is reconfigured, it must be brought back or restored to an operational state.

You should not deploy the secondary firewall first until the primary firewall is completely brought down to contain the risk due to its compromised state and to reduce the further damage. The elapsed time between these two actions can be very small.

286. Which of the following functions of Internet Control Message Protocol (ICMP) of TCP/IP model is used to trick routers and hosts?

a. Detecting unreachable destinations

b. Redirecting messages

c. Checking remote hosts

d. Controlling traffic flow

286. b. Internet Control Message Protocol (ICMP) redirect messages can be used to trick routers and hosts acting as routers into using “false” routes; these false routes aid in directing traffic to an attacker’s system instead of a legitimate, trusted system.

287. Which of the following functions of the Internet Control Message Protocol (ICMP) of TCP/IP model cause a buffer overflow on the target machine?

a. Detecting unreachable destinations

b. Redirecting messages

c. Checking remote hosts

d. Controlling traffic flow

287. c. The ping command is used to send an Internet Control Message Protocol (ICMP) echo message for checking the status of a remote host. When large amounts of these messages are received from an intruder, they can cause a buffer overflow on the target host machine, resulting in a system reboot or total system crash. This is because the recipient host cannot handle the unexpected data and size in the packet, thereby possibly triggering a buffer overflow condition. The other three choices do not cause a buffer overflow on the target machine.

288. The basic causes of a majority of security-related problems in Web servers are due to which of the following?

a. Hardware design and protocols

b. Software design and configurations

c. Hardware specifications and testing

d. Software acquisition and implementation

288. b. A Web server is like a window to the world, and therefore it must be protected to provide a controlled network access to both authorized and unauthorized individuals. Web servers contain large and complex programs that can contain security weaknesses. These weaknesses are due to poor software design and configuration of the Web server. Hardware design and protocols provide better security than software design.

289. In electronic auctions, which of the following auction models has a minimal security mechanism that can lead to security breaches and fraud?

a. Business-to-business (B2B)

b. Government-to-business (G2B)

c. Consumer-to-consumer (C2C)

d. Consumer-to-business (C2B)

289. c. In the consumer-to-consumer (C2C) electronic auction model, consumers buy and sell goods with other consumers through auction sites. The C2C auction model has minimal security mechanism (i.e., no encryption and possibility of fraud in shipping defective products). The B2B, G2B, and C2B auction models are reasonably secure due to the use of private telephone lines (leased lines) and encryption.

290. Which of the following causes an increase in the attack surface of a public cloud computing environment?

a. Paging

b. Hypervisor

c. Checkpointing

d. Migration of virtual machines

290. b. The hypervisor or virtual machine monitor is an additional layer of software between an operating system and hardware platform used to operate multitenant virtual machines. Compared with a traditional nonvirtualized implementation, the addition of a hypervisor causes an increase in the attack surface.

Paging, checkpointing, and migration of virtual machines can leak sensitive data to persistent storage, subverting protection mechanisms in the hosted operating system intended to prevent such occurrences.

291. Mobile computing is where remote users’ access host computers for their computing needs. Remote access software controls the access to host computers. Which of the following technologies is behind the performance improvement to permit users to work offline on network tasks?

a. Agent-based technology

b. Windows-based technology

c. Hardware-based technology

d. Network-based technology

291. a. Agent-based technology can boost the performance of remote access software capability. It gives the users the ability to work offline on network tasks, such as e-mail, and complete the task when the network connection is made. Agent-based technology is software-driven. It can work with the Windows operating system.

292. From a security viewpoint, which of the following should be the goal for a virtual private network (VPN)?

a. Make only one exit point from a company’s network to the Internet.

b. Make only one entry point to a company’s network from the Internet.

c. Make only one destination point from a company’s network to the Internet.

d. Make only one transmission point from the Internet to a company’s network.

292. b. The goal for a virtual private network (VPN) should be to make it the only entry point to an organization’s network from the Internet. This requires blocking all the organization’s systems or making them inaccessible from the Internet unless outside users connect to the organization’s network via its VPN.

293. In border gateway protocol (BGP), which of the following is physically present?

a. Routing/forwarding table

b. Adj-Routing Information Base (RIB)-In table

c. Loc-RIB table

d. Adj-RIB-Out table

293. a. Only the routing/forwarding table is physically present, whereas, the tables mentioned in the other three choices are conceptually based tables, not physically present. However, system developers can decide whether to implement the routing information base (RIB) tables either in the physical form or in the conceptual form.

~ 82 ~