CISSP- Telecommunications & Networking

15 Questions | Total Attempts: 556

SettingsSettingsSettings
CISSP- Telecommunications & Networking

.


Questions and Answers
  • 1. 
    In the OSI reference model, on which layer can Ethernet (IEEE 802.3) be described?
    • A. 

      Layer 1—Physical layer

    • B. 

      Layer 2—Data-link layer

    • C. 

      Layer 3—Network Layer

    • D. 

      Layer 4—Transport Layer

  • 2. 
    Which of the following tactics might be considered a part of a proactive network defense?
    • A. 

      Redundant firewalls

    • B. 

      Business continuity planning

    • C. 

      Disallowing P2P traffic

    • D. 

      Perimeter surveillance and intelligence gathering

  • 3. 
    In which of the following situations is the network itself not a target of attack?
    • A. 

      A denial-of-service attack on servers on a network

    • B. 

      Hacking into a router

    • C. 

      A virus outbreak saturating network capacity

    • D. 

      A man-in-the-middle attack

  • 4. 
    Which of the following are eff ective protective or countermeasures against a distributed denial-of-service attack? a = Redundant network layout; b = Secret fully qualifi ed domain names (FQDNs); c = Reserved bandwidth; d = Traffic filtering; e = Network address translation (NAT).
    • A. 

      B and e

    • B. 

      B, d, and e

    • C. 

      A and c

    • D. 

      A, c, and d

  • 5. 
    What is the optimal placement for network-based intrusion detection systems (NIDSs)?
    • A. 

      On the network perimeter, to alert the network administrator of all suspicious traffic

    • B. 

      On network segments with business-critical systems; e.g., demilitarized zones (DMZs) and on certain intranet segments

    • C. 

      At the network operations center (NOC)

    • D. 

      At an external service provider

  • 6. 
    Which of the following end-point devices might be considered part of a converged IP network?
    • A. 

      File server

    • B. 

      IP phone

    • C. 

      Security camera

    • D. 

      All of the above

  • 7. 
    Which of the following is an advantage of fiber-optic over copper cables from a security perspective?
    • A. 

      Fiber optics provides higher bandwidth.

    • B. 

      Fiber optics are more difficult to wiretap.

    • C. 

      Fiber optics are immune to wiretap.

    • D. 

      None. The two are equivalent; network security is independent from the physical layer.

  • 8. 
    • A. 

      A boundary router

    • B. 

      A firewall

    • C. 

      A proxy server

    • D. 

      None of the above

  • 9. 
    Which of the following is a principal security risk of wireless LANs?
    • A. 

      Lack of physical access control

    • B. 

      Demonstrably insecure standards

    • C. 

      Implementation weaknesses

    • D. 

      War driving

  • 10. 
    Which of the following confi gurations of a WLAN’s SSID off ers adequate security protection?
    • A. 

      Using an obscure SSID to confuse and distract an attacker

    • B. 

      Not using any SSID at all to prevent an attacker from connecting to the network

    • C. 

      Not broadcasting an SSID to make it harder to detect the WLAN

    • D. 

      None of the above

  • 11. 
    Which of the following are true statements about IPSec? a IPSec provides mechanisms for authentication and encryption. b = IPSec provides mechanisms for nonrepudiation. c = IPSec will only be deployed with IPv6. d = IPSec authenticates hosts against each other. e = IPSec only authenticates clients against a server. f = IPSec is implemented in SSH and TLS.
    • A. 

      A and d

    • B. 

      A, b, and e

    • C. 

      A, b, c, d, and f

    • D. 

      A, b, c, e, and f

  • 12. 
    A security event management (SEM) service performs the following function:
    • A. 

      Gathers firewall logs for archiving

    • B. 

      Aggregates logs from security devices and application servers looking for suspicious activity

    • C. 

      Reviews access controls logs on servers and physical entry points to match user system authorization with physical access permissions

    • D. 

      Coordination software for security conferences and seminars.

  • 13. 
    Which of the following is the principal weakness of DNS (Domain Name System)?
    • A. 

      Lack of authentication of servers, and thereby authenticity of records

    • B. 

      Its latency, which enables insertion of records between the time when a record has expired and when it is refreshed

    • C. 

      Th e fact that it is a simple, distributed, hierarchical database instead of a singular, relational one, thereby giving rise to the possibility of inconsistencies going undetected for a certain amount of time

    • D. 

      Th e fact that addresses in e-mail can be spoofed without checking their validity in DNS, caused by the fact that DNS addresses are not digitally signed

  • 14. 
    Which of the following statements about open e-mail relays is incorrect?
    • A. 

      An open e-mail relay is a server that forward e-mail from domains other than the ones it serves.

    • B. 

      Open e-mail relays are a principal tool for distribution of spam.

    • C. 

      Using a blacklist of open e-mail relays provides a secure way for an e-mail administrator to identify open mail relays and fi lter spam.

    • D. 

      An open e-mail relay is widely considered a sign of bad system administration.

  • 15. 
    A botnet can be characterized as
    • A. 

      A network used solely for internal communications

    • B. 

      An automatic security alerting tool for corporate networks

    • C. 

      A group of dispersed, compromised machines controlled remotely for illicit reasons.

    • D. 

      A type of virus