(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests. Mike Chapple. Читать онлайн. Newlib. NEWLIB.NET

Автор: Mike Chapple
Издательство: John Wiley & Sons Limited
Серия:
Жанр произведения: Зарубежная компьютерная литература
Год издания: 0
isbn: 9781119787648
Скачать книгу
is investigating a security incident that took place at a highly secure government facility. He believes that encryption keys were stolen during the attack and finds evidence that the attackers used dry ice to freeze an encryption component. What type of attack was likely attempted?Side channel attackBrute-force attackTiming attackFault injection attack

      100 Match the following numbered security models with the appropriate lettered security descriptions:Security modelsClark-WilsonGraham-DenningBell-LaPadulaBibaDescriptionsThis model blocks lower-classified objects from accessing higher-classified objects, thus ensuring confidentiality.The * property of this model can be summarized as “no write-up.”This model uses security labels to grant access to objects via transformation procedures and a restricted interface model.This model focuses on the secure creation and deletion of subjects and objects using eight primary protection rules or actions.

      101 Match each of these following numbered architecture security concepts with the appropriate lettered description:Architectural security conceptsTime of checkCovert channelTime of useMaintenance hooksParameter checkingRace conditionDescriptionsA method used to pass information over a path not normally used for communicationThe exploitation of the reliance of a system's behavior on the sequence of events that occur externallyThe time at which the subject checks whether an object is availableThe time at which a subject can access an objectAn access method known only to the developer of the systemA method that can help prevent buffer overflow attacks

       SUBDOMAINS:

       4.1 Assess and implement secure design principles in network architectures

       4.2 Secure network components

       4.3 Implement secure communication channels according to design

      1 Gary wants to distribute a large file and prefers a peer-to-peer CDN. Which of the following is the most common example of this type of technology?CloudFlareBitTorrentAmazon CloudFrontAkamai Edge

      2 During a security assessment of a wireless network, Jim discovers that LEAP is in use on a network using WPA. What recommendation should Jim make?Continue to use LEAP. It provides better security than TKIP for WPA networks.Use an alternate protocol like PEAP or EAP-TLS and implement WPA2 if supported.Continue to use LEAP to avoid authentication issues, but move to WPA2.Use an alternate protocol like PEAP or EAP-TLS, and implement Wired Equivalent Privacy to avoid wireless security issues.

      3 Ben has connected his laptop to his tablet PC using an 802.11ac connection. What wireless network mode has he used to connect these devices?Infrastructure modeWired extension modeAd hoc modeStandalone mode

      4 Selah's and Nick's PCs simultaneously send traffic by transmitting at the same time. What network term describes the range of systems on a network that could be affected by this same issue?The subnetThe supernetA collision domainA broadcast domain

      5 Sarah is manually reviewing a packet capture of TCP traffic and finds that a system is setting the RST flag in the TCP packets it sends repeatedly during a short period of time. What does this flag mean in the TCP packet header?RST flags mean “Rest.” The server needs traffic to briefly pause.RST flags mean “Relay-set.” The packets will be forwarded to the address set in the packet.RST flags mean “Resume Standard.” Communications will resume in their normal format.RST means “Reset.” The TCP session will be disconnected.

      6 Gary is deploying a wireless network and wants to deploy the fastest possible wireless technology. Which one of the following wireless networking standards should he use?802.11a802.11g802.11n802.11ac

      7 Michele wants to replace FTP traffic with a secure replacement. What secure protocol should she select instead?TFTPHFTPSSecFTPSFTP

      8 Jake has been told that there is a layer 3 problem with his network. Which of the following is associated with layer 3 in the OSI model?IP addressesTCP and UDP protocolsMAC addressesSending and receiving bits via hardware

      9 Frank is responsible for ensuring that his organization has reliable, supported network hardware. Which of the following is not a common concern for network administrators as they work to ensure their network continues to be operational?If the devices have vendor supportIf the devices are under warrantyIf major devices support redundant power suppliesIf all devices support redundant power supplies

      10 Brian is selecting an authentication protocol for a PPP connection. He would like to select an option that encrypts both usernames and passwords and protects against replay using a challenge/response dialog. He would also like to reauthenticate remote systems periodically. Which protocol should he use?PAPCHAPEAPLEAP

      11 Which one of the following protocols is commonly used to provide back-end authentication services for a VPN?HTTPSRADIUS ESPAH

      12 Isaac wants to ensure that his VoIP session initialization is secure. What protocol should he ensure is enabled and required?SVOIPPBSXSIPSSRTPFor questions 13–15, please refer to the following scenario and diagram:Chris is designing layered network security for his organization.

      13 What type of firewall design is shown in the diagram?A single-tier firewallA two-tier firewallA three-tier firewallA four-tier firewall

      14 If the VPN grants remote users the same access to network and system resources as local workstations have, what security issue should Chris raise?VPN users will not be able to access the web server.There is no additional security issue; the VPN concentrator's logical network location matches the logical network location of the workstations. Web server traffic is not subjected to stateful inspection.VPN users should only connect from managed PCs.

      15 If Chris wants to stop cross-site scripting attacks against the web server, what is the best device for this purpose, and where should he put it?A firewall, location AAn IDS, location AAn IPS, location BA WAF, location C

      16 Susan is deploying a routing protocol that maintains a list of destination networks with metrics that include the distance in hops to them and the direction traffic should be sent to them. What type of protocol is she using?A link-state protocolA link-distance protocolA destination metric protocolA distance-vector protocol

      17 Ben has configured his network to not broadcast an SSID. Why might Ben disable SSID broadcast, and how could his SSID be discovered?Disabling SSID broadcast prevents attackers from discovering the encryption key. The SSID can be recovered from decrypted packets.Disabling SSID broadcast hides networks from unauthorized personnel. The SSID can be discovered using a wireless sniffer.Disabling SSID broadcast prevents issues with beacon frames. The SSID can be recovered by reconstructing the BSSID.Disabling SSID broadcast helps avoid SSID conflicts. The SSID can be discovered by attempting to connect to the network.

      18 What network tool can be used to protect the identity of clients while providing Internet access by accepting client requests, altering the source addresses of the requests, mapping requests to clients, and sending the modified requests out to their destination?A switchA proxyA routerA firewall

      19 Susan wants to secure her communications traffic via multiple internet service providers as it is sent to her company's second location. What technology should she use to protect the traffic for an always on, always connected link between the sites?FCoESDWAN A point-to-point IPsec VPNZigbee

      20 Melissa wants to combine multiple physical networks in her organization in a way that is transparent to users but allows the resources to be allocated as needed for networked services. What type of network should she deploy?iSCSIA virtual networkSDWANA CDN

      21 Which email security solution provides two major usage modes: (1) signed messages that provide integrity, sender authentication, and nonrepudiation; and (2) an enveloped message mode that provides integrity, sender authentication, and confidentiality?S/MIMEMOSSPEMDKIM

      22 During a security assessment, Jim discovers that the organization he is working with uses a multilayer protocol to handle SCADA systems and recently connected the SCADA network to the rest of the organization's production network. What concern