A tunneling attack is incorrect because it uses one data transfer method to carry data for another method. A salami attack is incorrect because it is an automated form of abuse using the Trojan horse method or secretly executing an unauthorized program that causes the unnoticed or immaterial debiting of small amounts of financial assets from a large number of sources or accounts. An asynchronous attack is incorrect because it takes advantage of the asynchronous functioning of a computer operating system. This may include a programmer (i) penetrating the job queue and modifying the data waiting to be processed or printed or (ii) disrupting the entire system by changing commands so that data is lost or programs crash.

334. Which of the following ISO/OSI layers provide both confidentiality and data integrity services?

a. Data link layer

b. Physical layer

c. Application layer

d. Presentation layer

334. c. The application layer is the only layer listed in the question that proves both confidentiality and data integrity services. The application layer provides services directly to users such as file transfer protocols. It consists of query software where a person could request a piece of information and the system display the answer.

The data link layer and physical layer are incorrect because they provide confidentiality service only, not data integrity. The data link layer provides a reliable transfer of data across physical links, error flow control, link-level encryption and decryption, and synchronization. It handles the physical transmission of frames over a single data link. The physical layer provides for the transmission of unstructured bit streams over the communications channel.

The presentation layer is incorrect because it provides authentication and confidentiality services but not data integrity and confidentiality. The presentation layer defines and transforms the format of data to make it useful to the receiving application.

335. Wireless local-area networks (WLANs) are connected to wired local-area networks (LANs) through the use of which of the following?

a. Repeaters

b. Bridges

c. Brouters

d. Routers

335. b. Wireless LANs are often connected to wired LANs through a bridge, or they depend on a central hub to pass messages between nodes. These devices make good targets to alter traffic passing between wireless nodes.

A repeater is incorrect because it simply extends the range of one LAN. It rebuilds all the signals it hears on one LAN segment and passes them on to the other. A router connects LANs of different hardware types. They examine network addresses for forwarding packets on to another LAN. A brouter is incorrect because it is a combination of bridge and router that operates without protocol restrictions, routes data using a protocol it supports, and bridges data it cannot route.

336. What is an effective security control over an intranet?

a. Callback

b. Static passwords

c. Firewalls

d. Dynamic passwords

336. c. Because intranets connect between customers, suppliers, and the organization, access to information is a vital concern. Firewalls and routers keep intruders out of the intranets.

A callback is incorrect because it is a security mechanism used mostly on mainframe and mid-range computers. The static passwords are incorrect because they are not changed often, and as such, they are ineffective security controls. The dynamic passwords are not correct because they change each time a user is logged on to the system and are most effective security controls. All the other three choices are incorrect because they are most widely used in a mainframe computer environment. They are not used for intranets.

337. Which of the following ISO/OSI layers provide confidentiality, authentication, and data integrity services?

a. Network layer

b. Presentation layer

c. Session layer

d. Physical layer

337. a. The network layer is responsible for transmitting a message from the source to the destination. It provides routing (path control) services to establish connections across communications networks. Therefore, it requires confidentiality, authentication, and data integrity services to achieve this goal.

The presentation layer is incorrect because it provides authentication and confidentiality services but not data integrity. The presentation layer defines and transforms the format of data to make it useful to the receiving application.

Session layer is incorrect because it does not provide any security-related services. It establishes, manages, and terminates connections between applications and provides checkpoint recovery services. It helps users interact with the system and other users.

The physical layer is incorrect because it provides confidentiality service only. The physical layer provides for the transmission of unstructured bit streams over the communications channel. It is the innermost software that handles the electrical interface between a terminal and a modem.

338. Which of the following ISO/OSI layers provide nonrepudiation services?

a. Presentation layer

b. Application layer

c. Transport layer

d. Data link layer

338. b. The application layer provides nonrepudiation services, meaning that entities involved in a communication cannot deny having participated. It is a technique that assures genuine communication and that cannot subsequently be refuted.

The presentation layer is incorrect because it provides authentication and confidentiality services but not nonrepudiation. The presentation layer defines and transforms the format of data to make it useful to the receiving application. It provides a common means of representing a data structure in transit from one end system to another.

The transport layer is incorrect because it provides confidentiality, authentication, data integrity, and access control services but not nonrepudiation. It ensures an error-free, in-sequence exchange of data between end points. It is responsible for transmitting a message between one network user and another.

The data link layer is incorrect because it provides confidentiality service but not nonrepudiation. The data link layer provides a reliable transfer of data across physical links, an error flow control, a link-level encryption and decryption, and synchronization. It handles the physical transmission of frames over a single data link.

Scenario-Based Questions, Answers, and Explanations

Use the following information to answer questions 1 through 7.

The RKG Company is reviewing its virtual private network (VPN) strategy. Its current vendor has a proprietary encryption protocol in place based on the Data Encryption Standard (DES). The one main office has a 1.5Mb connection to the Internet. It has 200 remote users on a variety of operating systems platforms. The primary uses for the remote users are order entry, timesheet reporting, and online meetings. The company has 1,000 clients that connect to the intranet for a custom order entry solution. Clients use the HTTPS protocol and a fixed password per account. They are willing to replace the current solution if a cost-effective alternative is available. The RKG priorities are security of remote connections and client connectivity.