X9.63 is used for key establishment schemes that employ asymmetric techniques. X9.44 is the transport of symmetric algorithm keys using reversible public key cryptography. X9.17 is used for cryptographic key management, especially for financial institution key management.
326. Countermeasures against Internet Protocol (IP) address spoofing attacks do not include which of the following?
a. Using firewalls
b. Disabling active-content
c. Using smart tokens
d. Using timestamps
326. c. Smart tokens are part of robust authentication techniques to authenticate a user accessing a computer system. IP address spoofing is using various techniques to subvert IP-based access control by masquerading as another system by using their IP address. Countermeasures include (i) using firewalls, (ii) disabling active-content code (e.g., Active-X and JavaScript) from the Web browser, and (iii) using timestamps. Access control lists (ACLs) can also be used to block inbound traffic with source addresses matching the internal addresses of the target network.
327. Which of the following can provide a seamless failover option for firewalls?
a. Heartbeat solution
b. Network switches
c. Back-end system
d. Custom network interface
327. b. Network switches that provide load-balancing and failover capabilities are the newest and most advanced solution currently available. In a failover configuration, these switches monitor the responsiveness of the production firewall and shift all traffic over to a backup firewall if a failure on the production system occurs. The primary advantage to this type of solution is that the switch masquerades both firewalls behind the same media access control (ISO/OSI Layer 2) address. This functionality enables seamless failover; that is, established sessions through the firewall are not impacted by a production system failure.
The heartbeat-based solutions typically involve a backend or custom network interface that exists to notify the backup system in the event of a primary system failure. These systems rely on established, reliable technology to handle failover. The primary drawback with this approach is that established sessions traversing the production firewalls are almost always lost in the transition from production to backup resources. The decision on which failover method to implement is often reduced to cost and the network switch-based failover solution is generally more expensive than a heartbeat-based system.
328. A limitation of point-to-point tunneling Protocol (PPTP) is which of the following?
a. End-to-end secure virtual networks
b. Lack of authentication at end nodes
c. Hiding information in IP packets
d. In-band management
328. b. A limitation of the point-to-point tunneling protocol (PPTP), when compared to secure sockets layer (SSL), is that it does not provide authentication of the endpoints. PPTP is useful in implementing end-to-end secure virtual networks, hiding information in IP packets, and providing in-band management.
329. Which of the following is the most important step to be followed by a firewall administrator when upgrading the firewall system?
a. Analyze and upgrade
b. Evaluate and upgrade
c. Monitor and upgrade
d. Upgrade and test
329. d. The firewall administrator must analyze and evaluate each new release of the firewall software to determine whether an upgrade is required. Prior to upgrade, the firewall administrator must verify with the vendor that an upgrade is required. The most important step occurs after an upgrade; the firewall must be tested to ensure proper functioning prior to making it fully operational.
330. A virtual private network (VPN) creates a secure, private network over the Internet through all the following except:
a. Authentication
b. Encryption
c. Packet tunneling
d. Firewalls
330. a. VPNs enable an organization to create a secure, private network over a public network such as the Internet. They can be created using software, hardware, or a combination to create a secure link between peers over a public network. The secure link is built through encryption, firewalls, and packet tunneling. Authentication is done outside the network.
331. What is an attack that attempts to exploit a weakness in a system at a level below the developers’ design level (such as through operating system code versus application code) called?
a. Technical attack
b. Tunneling attack
c. NAK attack
d. Active attack
331. b. A tunneling attack attempts to exploit a weakness in a system that exists at a level of abstraction lower than that used by the developer to design the system. For example, an attacker might discover a way to modify the microcode of a processor that is used when encrypting data, rather than attempting to break the system’s encryption algorithm. Preventing a tunneling attack can be costly.
A technical attack is perpetrated by circumventing or nullifying hardware and software protection mechanisms, rather than by subverting system personnel or other users.
A NAK attack capitalizes on a potential weakness in an operating system that does not handle asynchronous interrupts properly and thus leaves the system in an unprotected state during such interrupts. An active attack alters data by bypassing security controls on a computer system.
332. In a distributed computing environment, system security takes on an important role. Two types of network attacks exist: passive and active attacks. Which of the following is the best definition of active attack?
1. Nonpreventable
2. Preventable
3. Detectable
4. Correctable
a. 1 only
b. 3 only
c. 1 and 3
d. 2, 3, and 4
332. c. Data communication channels are often insecure, subjecting messages transmitted over the channels to passive and active threats or attacks. An active attack is where the threat makes an overt change or modification to the system in an attempt to take advantage of vulnerability. Active attacks are nonpreventable and detectable.
A passive attack occurs when the threat merely watches information move across the system and when information is siphoned off the network. Passive attacks are preventable but difficult to detect because no modification is done to the information, and audit trails do not exist. All attacks are correctable with varying degrees of effort and cost.
333. What is an attacker connecting a covert computer terminal to a data communication line between the authorized terminal and the computer called?
a. Tunneling attack
b. Salami attack
c. Session hijacking attack
d. Asynchronous attack
333. c. The attacker waits until the authorized terminal is online but not in use and then switches control to the covert terminal. The computer thinks it is still connected to the authorized user, and the attacker has access to the same files as the authorized user. Because a session was hijacked in the middle, it is called a session hijacking attack.