Computer Networks And Security Exams Prep Test

1. Which email security solution provides two major usage modes: (1) signed messages that provide integrity, sender authentication, and nonrepudiation; and (2) an enveloped message mode that provides integrity, sender authentication, and confidentiality?

S/MIME

MOSS

PEM

DKIM

S/MIME supports both signed messages and a secure envelope method. While the
functionality of S/MIME can be replicated with other tools, the secure envelope is an
S/MIME-specific concept. MOSS, or MIME Object Security Services, and PEM can
also both provide authentication, confidentiality, integrity, and nonrepudiation, while
DKIM, or Domain Keys Identified Mail, is a domain validation tool.

Explanation

S/MIME supports both signed messages and a secure envelope method. While the
functionality of S/MIME can be replicated with other tools, the secure envelope is an
S/MIME-specific concept. MOSS, or MIME Object Security Services, and PEM can
also both provide authentication, confidentiality, integrity, and nonrepudiation, while
DKIM, or Domain Keys Identified Mail, is a domain validation tool.

2. Ben is designing a Wi-Fi network and has been asked to choose the most secure option for the network. Which wireless security standard should he choose?

WPA2

WPA

WEP

AES

WPA2, the replacement for WPA, does not suffer from the security issues that
WEP, the original wireless security protocol, and WPA, its successor, both suffer from.
AES is used in WPA2 but is not specifically a wireless security standard.

Explanation

WPA2, the replacement for WPA, does not suffer from the security issues that
WEP, the original wireless security protocol, and WPA, its successor, both suffer from.
AES is used in WPA2 but is not specifically a wireless security standard.

3. Chris is setting up a hotel network, and needs to ensure that systems in each room or suite can connect to each other, but systems in other suites or rooms cannot. At the same time, he needs to ensure that all systems in the hotel can reach the Internet. What solution should he recommend as the most effective business solution?

Per-room VPNs

VLANs

Port security

Firewalls

VLANs can be used to logically separate groups of network ports while still
providing access to an uplink. Per-room VPNs would create significant overhead for
support as well as create additional expenses. Port security is used to limit what
systems can connect to ports, but it doesn’t provide network security between
systems. Finally, while firewalls might work, they would add additional expense and
complexity without adding any benefits over a VLAN solution.

Explanation

VLANs can be used to logically separate groups of network ports while still
providing access to an uplink. Per-room VPNs would create significant overhead for
support as well as create additional expenses. Port security is used to limit what
systems can connect to ports, but it doesn’t provide network security between
systems. Finally, while firewalls might work, they would add additional expense and
complexity without adding any benefits over a VLAN solution.

4. What network topology is shown in the image below?

A ring

A bus

A star

A mesh

A ring connects all systems like points on a circle. A ring topology was used with
Token Ring networks, and a token was passed between systems around the ring to
allow each system to communicate. More modern networks may be described as a ring
but are only physically a ring and not logically using a ring topology.

Explanation

A ring connects all systems like points on a circle. A ring topology was used with
Token Ring networks, and a token was passed between systems around the ring to
allow each system to communicate. More modern networks may be described as a ring
but are only physically a ring and not logically using a ring topology.

5. What network topology is shown in the image below?

A ring

A star

A bus

A mesh

A bus can be linear or tree-shaped and connects each system to trunk or backbone
cable. Ethernet networks operate on a bus topology.

Explanation

A bus can be linear or tree-shaped and connects each system to trunk or backbone
cable. Ethernet networks operate on a bus topology.

6. What network topology is shown below?

A ring

A bus

A star

A mesh

Fully connected mesh networks provide each system with a direct physical link to
every other system in the mesh. This is very expensive but can provide performance
advantages for specific types of computational work.

Explanation

Fully connected mesh networks provide each system with a direct physical link to
every other system in the mesh. This is very expensive but can provide performance
advantages for specific types of computational work.

7. Ben is an information security professional at an organization that is replacing its physical servers with virtual machines. As the organization builds its virtual environment, it is decreasing the number of physical servers it uses while purchasing more powerful servers to act as the virtualization platforms.Ben is concerned about exploits that allow VM escape. What option should Ben suggest to help limit the impact of VM escape exploits?

Separate virtual machines onto separate physical hardware based on task or data types.

Use VM escape detection tools on the underlying hypervisor.

Restore machines to their original snapshots on a regular basis.

Use a utility like Tripwire to look for changes in the virtual machines.

While virtual machine escape has only been demonstrated in laboratory
environments, the threat is best dealt with by limiting what access to the underlying
hypervisor can prove to a successful tracker. Segmenting by data types or access levels
can limit the potential impact of a hypervisor compromise. If attackers can access the
underlying system, restricting the breach to only similar data types or systems will
limit the impact. Escape detection tools are not available on the market, restoring
machines to their original snapshots will not prevent the exploit from occuring again,
and Tripwire detects file changes and is unlikely to catch exploits that escape the
virtual machines themselves.

Explanation

While virtual machine escape has only been demonstrated in laboratory
environments, the threat is best dealt with by limiting what access to the underlying
hypervisor can prove to a successful tracker. Segmenting by data types or access levels
can limit the potential impact of a hypervisor compromise. If attackers can access the
underlying system, restricting the breach to only similar data types or systems will
limit the impact. Escape detection tools are not available on the market, restoring
machines to their original snapshots will not prevent the exploit from occuring again,
and Tripwire detects file changes and is unlikely to catch exploits that escape the
virtual machines themselves.

8. Which authentication protocol commonly used for PPP links encrypts both the username and password and uses a challenge/response dialog that cannot be replayed and periodically reauthenticates remote systems throughout its use in a session?

PAP

CHAP

EAP

LEAP

The Challenge-Handshake Authentication Protocol, or CHAP, is used by PPP
servers to authenticate remote clients. It encrypts both the username and password
and performs periodic reauthentication while connected using techniques to prevent
replay attacks. LEAP provides reauthentication but was designed for WEP, while PAP
sends passwords unencrypted. EAP is extensible and was used for PPP connections,
but it doesn’t directly address the listed items.

Explanation

The Challenge-Handshake Authentication Protocol, or CHAP, is used by PPP
servers to authenticate remote clients. It encrypts both the username and password
and performs periodic reauthentication while connected using techniques to prevent
replay attacks. LEAP provides reauthentication but was designed for WEP, while PAP
sends passwords unencrypted. EAP is extensible and was used for PPP connections,
but it doesn’t directly address the listed items.

9. What type of attack is most likely to occur after a successful ARP spoofing attempt?

A DoS attack

A Trojan

A replay attack

A man-in-the-middle attack

ARP spoofing is often done to replace a target’s cache entry for a destination IP,
allowing the attacker to conduct a man-in-the-middle attack. A denial of service attack
would be aimed at disrupting services rather than spoofing an ARP response, a replay
attack will involve existing sessions, and a Trojan is malware that is disguised in a way
that makes it look harmless.

Explanation

ARP spoofing is often done to replace a target’s cache entry for a destination IP,
allowing the attacker to conduct a man-in-the-middle attack. A denial of service attack
would be aimed at disrupting services rather than spoofing an ARP response, a replay
attack will involve existing sessions, and a Trojan is malware that is disguised in a way
that makes it look harmless.

10. An attack that causes a service to fail by exhausting all of a system's resources is what type of attack?

A worm

A denial of service attack

A virus

A smurf attack

A denial of service attack is an attack that causes a service to fail or to be
unavailable. Exhausting a system’s resources to cause a service to fail is a common
form of denial of service attack. A worm is a self-replicating form of malware that
propagates via a network, a virus is a type of malware that can copy itself to spread,
and a Smurf attack is a distributed denial of service attack (DDoS) that spoofs a
victim’s IP address to systems using an IP broadcast, resulting in traffic from all of
those systems to the target.

Explanation

A denial of service attack is an attack that causes a service to fail or to be
unavailable. Exhausting a system’s resources to cause a service to fail is a common
form of denial of service attack. A worm is a self-replicating form of malware that
propagates via a network, a virus is a type of malware that can copy itself to spread,
and a Smurf attack is a distributed denial of service attack (DDoS) that spoofs a
victim’s IP address to systems using an IP broadcast, resulting in traffic from all of
those systems to the target.

11. Lauren uses the ping utility to check whether a remote system is up as part of a penetration testing exercise. If she wants to filter ping out by protocol, what protocol should she filter out from her packet sniffer's logs?

UDP

TCP

IP

ICMP

Ping uses ICMP, the Internet Control Message Protocol, to determine whether a
system responds and how many hops there are between the originating system and
the remote system. Lauren simply needs to filter out ICMP to not see her pings.

Explanation

Ping uses ICMP, the Internet Control Message Protocol, to determine whether a
system responds and how many hops there are between the originating system and
the remote system. Lauren simply needs to filter out ICMP to not see her pings.

12. Ben has deployed a 1000Base-T 1 gigabit network and needs to run a cable to another building. If Ben is running his link directly from a switch to another switch in that building, what is the maximum distance Ben can cover according to the 1000Base-T specification?

2 kilometers

500 meters

185 meters

100 meters

1000Base-T is capable of a 100 meter run according to its specifications. For longer
distances, a fiber-optic cable is typically used in modern networks.

Explanation

1000Base-T is capable of a 100 meter run according to its specifications. For longer
distances, a fiber-optic cable is typically used in modern networks.

13. What is the default subnet mask for a Class B network?

255.0.0.0

255.255.0.0

255.254.0.0

255.255.255.0

A Class B network holds 2^16 systems, and its default network mask is 255.255.0.0.

Explanation

A Class B network holds 2^16 systems, and its default network mask is 255.255.0.0.

14. A phreaking tool used to manipulate line voltages to steal long-distance service is known as what type of box?

A black box

A red box

A blue box

A white box

Black boxes are designed to steal long-distance service by manipulating line
voltages. Red boxes simulate tones of coins being deposited into payphones; blue
boxes were tone generators used to simulate the tones used for telephone networks;
and white boxes included a dual tone, multifrequency generator to control phone
systems.

Explanation

Black boxes are designed to steal long-distance service by manipulating line
voltages. Red boxes simulate tones of coins being deposited into payphones; blue
boxes were tone generators used to simulate the tones used for telephone networks;
and white boxes included a dual tone, multifrequency generator to control phone
systems.

15. What type of network device modulates between an analog carrier signal and digital information for computer communications?

A bridge

A router

A brouter

A modem

A modem (MOdulator/DEModulator) modulates between an analog carrier like a
phone line and digital communications like those used between computers. While
modems aren’t in heavy use in most areas, they are still in place for system control
and remote system contact and in areas where phone lines are available but other
forms of communication are too expensive or not available.

Explanation

A modem (MOdulator/DEModulator) modulates between an analog carrier like a
phone line and digital communications like those used between computers. While
modems aren’t in heavy use in most areas, they are still in place for system control
and remote system contact and in areas where phone lines are available but other
forms of communication are too expensive or not available.

16. During a forensic investigation, Charles is able to determine the Media Access Control address of a system that was connected to a compromised network. Charles knows that MAC addresses are tied back to a manufacturer or vendor and are part of the fingerprint of the system. To which OSI layer does a MAC address belong?

The Application layer

The Session layer

The Physical layer

The Data Link layer

MAC addresses and their organizationally unique identifiers are used at the Data
Link layer to identify systems on a network. The Application and Session layers don’t
care about physical addresses, while the Physical layer involves electrical connectivity
and handling physical interfaces rather than addressing.

Explanation

MAC addresses and their organizationally unique identifiers are used at the Data
Link layer to identify systems on a network. The Application and Session layers don’t
care about physical addresses, while the Physical layer involves electrical connectivity
and handling physical interfaces rather than addressing.

17. What common security issue is often overlooked with cordless phones?

Their signal is rarely encrypted and thus can be easily monitored.

They use unlicensed frequencies.

They can allow attackers access to wireless networks.

They are rarely patched and are vulnerable to malware.

Most cordless phones don’t use encryption, and even modern phones that use
DECT (which does provide encryption) have already been cracked. This means that a
determined attacker can almost always eavesdrop on cordless phones, and makes
them a security risk if they’re used for confidential communication.

Explanation

Most cordless phones don’t use encryption, and even modern phones that use
DECT (which does provide encryption) have already been cracked. This means that a
determined attacker can almost always eavesdrop on cordless phones, and makes
them a security risk if they’re used for confidential communication.

18. What type of firewall design is shown in the image below?

Single tier

Two tier

Three tier

Next generation

A single-tier firewall deployment is very simple and does not offer useful design
options like a DMZ or separate transaction subnets.

Explanation

A single-tier firewall deployment is very simple and does not offer useful design
options like a DMZ or separate transaction subnets.

19. During a review of her organization's network, Angela discovered that it was suffering from broadcast storms and that contractors, guests, and organizational administrative staff were on the same network segment. What design change should Angela recommend?

Require encryption for all users.

Install a firewall at the network border.

Enable spanning tree loop detection.

Segment the network based on functional requirements.

Network segmentation can reduce issues with performance as well as diminish the
chance of broadcast storms by limiting the number of systems in a segment. This
decreases broadcast traffic visible to each system and can reduce congestion.
Segmentation can also help provide security by separating functional groups who
don’t need to be able to access each other’s systems. Installing a firewall at the border
would only help with inbound and outbound traffic, not cross-network traffic.
Spanning tree loop prevention helps prevent loops in Ethernet networks (for example,
when you plug a switch into a switch via two ports on each), but it won’t solve
broadcast storms that aren’t caused by a loop or security issues. Encryption might help
prevent some problems between functional groups, but it won’t stop them from
scanning other systems, and it definitely won’t stop a broadcast storm!

Explanation

Network segmentation can reduce issues with performance as well as diminish the
chance of broadcast storms by limiting the number of systems in a segment. This
decreases broadcast traffic visible to each system and can reduce congestion.
Segmentation can also help provide security by separating functional groups who
don’t need to be able to access each other’s systems. Installing a firewall at the border
would only help with inbound and outbound traffic, not cross-network traffic.
Spanning tree loop prevention helps prevent loops in Ethernet networks (for example,
when you plug a switch into a switch via two ports on each), but it won’t solve
broadcast storms that aren’t caused by a loop or security issues. Encryption might help
prevent some problems between functional groups, but it won’t stop them from
scanning other systems, and it definitely won’t stop a broadcast storm!

20. Angela needs to choose between EAP, PEAP, and LEAP for secure authentication. Which authentication protocol should she choose and why?

EAP, because it provides strong encryption by default

LEAP, because it provides frequent re-authentication and changing of WEP keys

PEAP, because it provides encryption and doesn’t suffer from the same vulnerabilities that LEAP does

None of these options can provide secure authentication, and an alternate solution should be chosen.

Of the three answers, PEAP is the best solution. It encapsulates EAP in a TLS
tunnel, providing strong encryption. LEAP is a Cisco proprietary protocol that was
originally designed to help deal with problems in WEP. LEAP’s protections have been
defeated, making it a poor choice.

Explanation

Of the three answers, PEAP is the best solution. It encapsulates EAP in a TLS
tunnel, providing strong encryption. LEAP is a Cisco proprietary protocol that was
originally designed to help deal with problems in WEP. LEAP’s protections have been
defeated, making it a poor choice.

21. What network tool can be used to protect the identity of clients while providing Internet access by accepting client requests, altering the source addresses of the requests, mapping requests to clients, and sending the modified requests out to their destination?

A gateway

A proxy

A router

A firewall

A proxy is a form of gateway that provide clients with a filtering, caching, or other
service that protects their information from remote systems. A router connects
networks, while a firewall uses rules to limit traffic permitted through it. A gateway
translates between protocols.

Explanation

A proxy is a form of gateway that provide clients with a filtering, caching, or other
service that protects their information from remote systems. A router connects
networks, while a firewall uses rules to limit traffic permitted through it. A gateway
translates between protocols.

22. What does a bluesnarfing attack target?

Data on IBM systems

An outbound phone call via Bluetooth

802.11b networks

Data from a Bluetooth-enabled device

Bluesnarfing targets the data or information on Bluetooth-enabled devices.
Bluejacking occurs when attackers send unsolicited messages via Bluetooth.

Explanation

Bluesnarfing targets the data or information on Bluetooth-enabled devices.
Bluejacking occurs when attackers send unsolicited messages via Bluetooth.

23. What type of firewall design does the image below show?

A single-tier firewall

A two-tier firewall

A three-tier firewall

A fully protected DMZ firewall

A two-tier firewall uses a firewall with multiple interfaces or multiple firewalls in
series. This image shows a firewall with two protected interfaces, with one used for a
DMZ and one used for a protected network. This allows traffic to be filtered between
each of the zones (Internet, DMZ, and private network).

Explanation

A two-tier firewall uses a firewall with multiple interfaces or multiple firewalls in
series. This image shows a firewall with two protected interfaces, with one used for a
DMZ and one used for a protected network. This allows traffic to be filtered between
each of the zones (Internet, DMZ, and private network).

24. What speed and frequency range is used by 802.11n?

54 Mbps, 5 GHz

200+ Mbps, 5GHz

200+ Mbps, 2.4 and 5 GHz

1 Gbps, 5 GHz4

802.11n can operate at speeds over 200 Mbps, and it can operate on both the 2.4
and 5 GHz frequency range. 802.11g operates at 54 Mbps using the 2.4 GHz frequency
range, and 802.11ac is capable of 1 Gbps using the 5 GHz range. 802.11a and b are both
outdated and are unlikely to be encountered in modern network installations.

Explanation

802.11n can operate at speeds over 200 Mbps, and it can operate on both the 2.4
and 5 GHz frequency range. 802.11g operates at 54 Mbps using the 2.4 GHz frequency
range, and 802.11ac is capable of 1 Gbps using the 5 GHz range. 802.11a and b are both
outdated and are unlikely to be encountered in modern network installations.

25. Chris needs to design a firewall architecture that can support separately a DMZ, a database, and a private internal network. What type of design should he use, and how many firewalls does he need?

A four-tier firewall design with two firewalls

A two-tier firewall design with three firewalls

A three-tier firewall design with at least one firewall

A single-tier firewall design with three firewalls

A three-tier design separates three distinct protected zones and can be
accomplished with a single firewall that has multiple interfaces. Single- and two-tier
designs don’t support the number of protected networks needed in this scenario, while
a four-tier design would provide a tier that isn’t needed.

Explanation

A three-tier design separates three distinct protected zones and can be
accomplished with a single firewall that has multiple interfaces. Single- and two-tier
designs don’t support the number of protected networks needed in this scenario, while
a four-tier design would provide a tier that isn’t needed.

26. WPA2's Counter Mode Ciper Block Chaining Message Authentication Mode Protocol (CCMP) is based on which common encryption scheme?

DES

3DES

AES

TLS

WPA2’s CCMP encryption scheme is based on AES. As of the writing of this book,
there have not been any practical real-world attacks against WPA2.
DES has been successfully broken, and neither 3DES nor TLS is used for WPA2.

Explanation

WPA2’s CCMP encryption scheme is based on AES. As of the writing of this book,
there have not been any practical real-world attacks against WPA2.
DES has been successfully broken, and neither 3DES nor TLS is used for WPA2.

27. What is the speed of a T3 line?

128 kbps

1.544 Mbps

44.736 Mbps

155 Mbps

A T3 (DS-3) line is capable of 44.736 Mbps. This is often referred to as 45 Mbps. A
T1 is 1.544 Mbps, ATM is 155 Mbps, and ISDN is often 64 or 128 Mbps.

Explanation

A T3 (DS-3) line is capable of 44.736 Mbps. This is often referred to as 45 Mbps. A
T1 is 1.544 Mbps, ATM is 155 Mbps, and ISDN is often 64 or 128 Mbps.

28. What type of firewall is known as a second-generation firewall?

Static packet filtering firewalls

Application-level gateway firewalls

Stateful inspection firewalls

Unified Threat Management

Application-level gateway firewalls are known as second-generation firewalls. Static
packet filtering firewalls are known as first-generation firewalls, and stateful packet
inspection firewalls are known as third-generation firewalls. UTM, or Unified Threat
Management is a concept used in next generation firewalls.

Explanation

Application-level gateway firewalls are known as second-generation firewalls. Static
packet filtering firewalls are known as first-generation firewalls, and stateful packet
inspection firewalls are known as third-generation firewalls. UTM, or Unified Threat
Management is a concept used in next generation firewalls.

29. During a security assessment, Jim discovers that the organization he is working with uses a multilayer protocol to handle SCADA systems and recently connected the SCADA network to the rest of the organization's production network. What concern should he raise about serial data transfers carried via TCP/IP?

SCADA devices that are now connected to the network can now be attacked over the network.

Serial data over TCP/IP cannot be encrypted.

Serial data cannot be carried in TCP packets.

TCP/IP’s throughput can allow for easy denial of service attacks against serial devices.

Multilayer protocols like DNP3 allow SCADA and other systems to use TCP/IPbased networks to communicate. Many SCADA devices were never designed to be
exposed to a network, and adding them to a potentially insecure network can create
significant risks. TLS or other encryption can be used on TCP packets, meaning that
even serial data can be protected. Serial data can be carried via TCP packets because
TCP packets don’t care about their content; it is simply another payload. Finally,
TCP/IP does not have a specific throughput as designed, so issues with throughput are
device-level issues.

Explanation

Multilayer protocols like DNP3 allow SCADA and other systems to use TCP/IPbased networks to communicate. Many SCADA devices were never designed to be
exposed to a network, and adding them to a potentially insecure network can create
significant risks. TLS or other encryption can be used on TCP packets, meaning that
even serial data can be protected. Serial data can be carried via TCP packets because
TCP packets don’t care about their content; it is simply another payload. Finally,
TCP/IP does not have a specific throughput as designed, so issues with throughput are
device-level issues.

30. Lauren's organization has used a popular instant messaging service for a number of years. Recently, concerns have been raised about the use of instant messaging.What protocol is the instant messaging traffic most likely to use based on the diagram?

AOL

HTTP

SMTP

HTTPS

TCP 80 is typically HTTP.

Explanation

TCP 80 is typically HTTP.

31. Lauren's organization has used a popular instant messaging service for a number of years. Recently, concerns have been raised about the use of instant messaging.What security concern does sending internal communications from A to B cause?

The firewall does not protect system B.

System C can see the broadcast traffic from system A to B.

It is traveling via an unencrypted protocol.

IM does not provide nonrepudation.

HTTP traffic is typically sent via TCP 80. Unencrypted HTTP traffic can be easily
captured at any point between A and B, meaning that the instant messaging solution
chosen does not provide confidentiality for the organization’s corporate
communications.

Explanation

HTTP traffic is typically sent via TCP 80. Unencrypted HTTP traffic can be easily
captured at any point between A and B, meaning that the instant messaging solution
chosen does not provide confidentiality for the organization’s corporate
communications.

32. One of the findings that Jim made when performing a security audit was the use of non-IP protocols in a private network. What issue should Jim point out that may result from the use of these non-IP protocols?

They are outdated and cannot be used on modern PCs.

They may not be able to be filtered by firewall devices.

They may allow Christmas tree attacks.

IPX extends on the IP protocol and may not be supported by all TCP stacks.

While non-IP protocols like IPX/SPX, NetBEUI, and AppleTalk are rare in modern
networks, they can present a challenge because many firewalls are not capable of
filtering them. This can create risks when they are necessary for an application or
system’s function because they may have to be passed without any inspection.
Christmas tree attacks set all of the possible flags on a TCP packet (and are thus
related to an IP protocol), IPX is not an IP-based protocol, and while these protocols
are outdated, there are ways to make even modern PCs understand them

Explanation

While non-IP protocols like IPX/SPX, NetBEUI, and AppleTalk are rare in modern
networks, they can present a challenge because many firewalls are not capable of
filtering them. This can create risks when they are necessary for an application or
system’s function because they may have to be passed without any inspection.
Christmas tree attacks set all of the possible flags on a TCP packet (and are thus
related to an IP protocol), IPX is not an IP-based protocol, and while these protocols
are outdated, there are ways to make even modern PCs understand them

33. One of Susan's attacks during a penetration test involves inserting false ARP data into a system's ARP cache. When the system attempts to send traffic to the address it believes belongs to a legitimate system, it will instead send that traffic to a system she controls. What is this attack called?

RARP Flooding

ARP cache poisoning

A denial of ARP attack

ARP buffer blasting

ARP cache poisoning occurs when false ARP data is inserted into a system’s ARP
cache, allowing the attacker to modify its behavior. RARP flooding, denial of ARP
attacks, and ARP buffer blasting are all made-up terms.

Explanation

ARP cache poisoning occurs when false ARP data is inserted into a system’s ARP
cache, allowing the attacker to modify its behavior. RARP flooding, denial of ARP
attacks, and ARP buffer blasting are all made-up terms.

34. Sue modifies her MAC address to one that is allowed on a network that uses MAC filtering to provide security. What is the technique Sue used, and what non-security issue could her actions cause?

Broadcast domain exploit, address conflict

Spoofing, token loss

Spoofing, address conflict

Sham EUI creation, token loss

The process of using a fake MAC (Media Access Control) address is called spoofing,
and spoofing a MAC address already in use on the network can lead to an address
collision, preventing traffic from reaching one or both systems. Tokens are used in
token ring networks, which are outdated, and EUI refers to an Extended Unique
Identifier, another term for MAC address, but token loss is still not the key issue.
Broadcast domains refers to the set of machines a host can send traffic to via a
broadcast message.

Explanation

The process of using a fake MAC (Media Access Control) address is called spoofing,
and spoofing a MAC address already in use on the network can lead to an address
collision, preventing traffic from reaching one or both systems. Tokens are used in
token ring networks, which are outdated, and EUI refers to an Extended Unique
Identifier, another term for MAC address, but token loss is still not the key issue.
Broadcast domains refers to the set of machines a host can send traffic to via a
broadcast message.

35. Jim's audit of a large organization's traditional PBX showed that Direct Inward System Access (DISA) was being abused by third parties. What issue is most likely to lead to this problem?

The PBX was not fully patched.

The dial-in modem lines use unpublished numbers.

DISA is set up to only allow local calls.

One or more users’ access codes have been compromised.

Direct Inward System Access uses access codes assigned to users to add a control
layer for external access and control of the PBX. If the codes are compromised,
attackers can make calls through the PBX or even control it. Not updating a PBX can
lead to a range of issues, but this question is looking for a DISA issue. Allowing only
local calls and using unpublished numbers are both security controls and might help
keep the PBX more secure.

Explanation

Direct Inward System Access uses access codes assigned to users to add a control
layer for external access and control of the PBX. If the codes are compromised,
attackers can make calls through the PBX or even control it. Not updating a PBX can
lead to a range of issues, but this question is looking for a DISA issue. Allowing only
local calls and using unpublished numbers are both security controls and might help
keep the PBX more secure.

36. Jim's remote site has only ISDN as an option for connectivity. What type of ISDN should he look for to get the maximum speed possible?

BRI

BPRI

PRI

D channel

PRI, or Primary Rate Interface, can use between 2 and 23 64 Kbps channels, with a
maximum potential bandwidth of 1.544 Mbps. Actual speeds will be lower due to the D
channel, which can’t be used for actual data transmission, but PRI beats BRI’s two B
channels paired with a D channel for 144 Kbps of bandwidth.

Explanation

PRI, or Primary Rate Interface, can use between 2 and 23 64 Kbps channels, with a
maximum potential bandwidth of 1.544 Mbps. Actual speeds will be lower due to the D
channel, which can’t be used for actual data transmission, but PRI beats BRI’s two B
channels paired with a D channel for 144 Kbps of bandwidth.

37. SPIT attacks target what technology?

Virtualization platforms

Web services

VoIP systems

Secure Process Internal Transfers

SPIT stands for Spam over Internet Telephony and targets VoIP systems.

Explanation

SPIT stands for Spam over Internet Telephony and targets VoIP systems.

38. Ben is an information security professional at an organization that is replacing its physical servers with virtual machines. As the organization builds its virtual environment, it is decreasing the number of physical servers it uses while purchasing more powerful servers to act as the virtualization platforms.The VM administrators recommend enabling cut and paste between virtual machines. What security concern should Ben raise about this practice?

It can cause a denial of service condition.

It can serve as a covert channel.

It can allow viruses to spread.

It can bypass authentication controls.

Cut and paste between virtual machines can bypass normal network-based data loss
prevention tools and monitoring tools like an IDS or IPS. Thus, it can act as a covert
channel, allowing the transport of data between security zones. So far, cut and paste
has not been used as a method for malware spread in virtual environments and has
not been associated with denial of service attacks. Cut and paste requires users to be
logged in and does not bypass authentication requirements.

Explanation

Cut and paste between virtual machines can bypass normal network-based data loss
prevention tools and monitoring tools like an IDS or IPS. Thus, it can act as a covert
channel, allowing the transport of data between security zones. So far, cut and paste
has not been used as a method for malware spread in virtual environments and has
not been associated with denial of service attacks. Cut and paste requires users to be
logged in and does not bypass authentication requirements.

39. Chris is building an Ethernet network and knows that he needs to span a distance of over 150 meters with his 1000Base-T network. What network technology should he use to help with this?

Install a repeater or a concentrator before 100 meters.

Use Category 7 cable, which has better shielding for higher speeds.

Install a gateway to handle the distance.

Use STP cable to handle the longer distance at high speeds.

A repeater or concentrator will amplify the signal, ensuring that the 100-meter
distance limitation of 1000Base-T is not an issue. A gateway would be useful if
network protocols were changing, while Cat7 cable is appropriate for a 10Gbps
network at much shorter distances. STP cable is limited to 155 Mbps and 100 meters,
which would leave Chris with network problems.

Explanation

A repeater or concentrator will amplify the signal, ensuring that the 100-meter
distance limitation of 1000Base-T is not an issue. A gateway would be useful if
network protocols were changing, while Cat7 cable is appropriate for a 10Gbps
network at much shorter distances. STP cable is limited to 155 Mbps and 100 meters,
which would leave Chris with network problems.

40. The DARPA TCP/IP model's Application layer matches up to what three OSI model layers?

Application, Presentation, and Transport

Presentation, Session, and Transport

Application, Presentation, and Session

There is not a direct match. The TCP model was created before the OSI model.

The DARPA TCP/IP model was used to create the OSI model, and the designers of
the OSI model made sure to map the OSI model layers to it. The Application layer of
the TCP model maps to the Application, Presentation, and Session layers, while the
TCP and OSI models both have a distinct Transport layer.

Explanation

The DARPA TCP/IP model was used to create the OSI model, and the designers of
the OSI model made sure to map the OSI model layers to it. The Application layer of
the TCP model maps to the Application, Presentation, and Session layers, while the
TCP and OSI models both have a distinct Transport layer.

41. Segmentation, sequencing, and error checking all occur at what layer of the OSI model that is associated with SSL, TLS, and UDP?

The Transport layer

The Network layer

The Session layer

The Presentation layer

The Transport layer provides logical connections between devices, including end-toend transport services to ensure that data is delivered. Transport layer protocols
include TCP, UDP, SSL, and TLS.

Explanation

The Transport layer provides logical connections between devices, including end-toend transport services to ensure that data is delivered. Transport layer protocols
include TCP, UDP, SSL, and TLS.

42. Chris has been asked to choose between implementing PEAP and LEAP for wireless authentication. What should he choose, and why?

LEAP, because it fixes problems with TKIP, resulting in stronger security

PEAP, because it implements CCMP for security

LEAP, because it implements EAP-TLS for end-to-end session encryption

PEAP, because it can provide a TLS tunnel that encapsulates EAP methods, protecting the entire session

PEAP provides encryption for EAP methods and can provide authentication. It does
not implement CCMP, which was included in the WPA2 standard. LEAP is
dangerously insecure and should not be used due to attack tools that have been
available since the early 2000s.

Explanation

PEAP provides encryption for EAP methods and can provide authentication. It does
not implement CCMP, which was included in the WPA2 standard. LEAP is
dangerously insecure and should not be used due to attack tools that have been
available since the early 2000s.

43. Cable modems, ISDN, and DSL are all examples of what type of technology?

Baseband

Broadband

Digital

Broadcast

ISDN, cable modems, DSL, and T1 and T3 lines are all examples of broadband
technology that can support multiple simultaneous signals. They are analog, not
digital, and are not broadcast technologies

Explanation

ISDN, cable modems, DSL, and T1 and T3 lines are all examples of broadband
technology that can support multiple simultaneous signals. They are analog, not
digital, and are not broadcast technologies

44. ICMP, RIP, and network address translation all occur at what layer of the OSI model?

Layer 1

Layer 2

Layer 3

Layer 4

ICMP, RIP, and network address translation all occur at layer 3, the Network layer.

Explanation

ICMP, RIP, and network address translation all occur at layer 3, the Network layer.

45. Which list presents the layers of the OSI model in the correct order?

Presentation, Application, Session, Transport, Network, Data Link, Physical

Application, Presentation, Session, Network, Transport, Data Link, Physical

Presentation, Application, Session, Transport, Data Link, Network, Physical

Application, Presentation, Session, Transport, Network, Data Link, Physical

The OSI layers in order are Application, Presentation, Session, Transport, Network,
Data Link, and Physical

Explanation

The OSI layers in order are Application, Presentation, Session, Transport, Network,
Data Link, and Physical

46. Lauren has been asked to replace her organization's PPTP implementation with an L2TP implementation for security reasons. What is the primary security reason that L2TP would replace PPTP?

L2TP can use IPsec.

L2TP creates a point-to-point tunnel, avoiding multipoint issues.

PPTP doesn’t support EAP.

PPTP doesn’t properly encapsulate PPP packets.

L2TP can use IPsec to provide encryption of traffic, ensuring confidentiality of the
traffic carried via an L2TP VPN. PPTP sends the initial packets of a session in
plaintext, potentially including usernames and hashed passwords. PPTP does support
EAP and was designed to encapsulate PPP packets. All VPNs are point to point, and
multipoint issues are not a VPN problem.

Explanation

L2TP can use IPsec to provide encryption of traffic, ensuring confidentiality of the
traffic carried via an L2TP VPN. PPTP sends the initial packets of a session in
plaintext, potentially including usernames and hashed passwords. PPTP does support
EAP and was designed to encapsulate PPP packets. All VPNs are point to point, and
multipoint issues are not a VPN problem.

47. What topology correctly describes Ethernet?

A ring

A star

A mesh

A bus

Ethernet uses a bus topology. While devices may be physically connected to a
switch in a physical topology that looks like a star, systems using Ethernet can all
transmit on the bus simultaneously, possibly leading to collisions.

Explanation

Ethernet uses a bus topology. While devices may be physically connected to a
switch in a physical topology that looks like a star, systems using Ethernet can all
transmit on the bus simultaneously, possibly leading to collisions.

48. Gary is deploying a wireless network and wants to deploy the fastest possible wireless technology. Of the 802.11 standards listed below, which is the fastest 2.4 GHz option he has?

802.11a

802.11g

802.11n

802.11ac

He should choose 802.11n, which supports 200+ Mbps in the 2.4 GHz or the 5 GHz
frequency range. 802.11a and 802.11ac are both 5 GHz only, while 802.11g is only
capable of 54 Mbps.

Explanation

He should choose 802.11n, which supports 200+ Mbps in the 2.4 GHz or the 5 GHz
frequency range. 802.11a and 802.11ac are both 5 GHz only, while 802.11g is only
capable of 54 Mbps.

49. If Chris wants to stop cross-site scripting attacks against the web server, what is the best device for this purpose, and where should he put it?

A firewall, location A

An IDS, location A

An IPS, location B

A WAF, location C

An intrusion protection system can scan traffic and stop both known and unknown
attacks. A web application firewall, or WAF, is also a suitable technology, but placing it
at location C would only protect from attacks via the organization’s VPN, which should
only be used by trusted users. A firewall typically won’t have the ability to identify and
stop cross-site scripting attacks, and IDS systems only monitor and don’t stop attacks.

Explanation

An intrusion protection system can scan traffic and stop both known and unknown
attacks. A web application firewall, or WAF, is also a suitable technology, but placing it
at location C would only protect from attacks via the organization’s VPN, which should
only be used by trusted users. A firewall typically won’t have the ability to identify and
stop cross-site scripting attacks, and IDS systems only monitor and don’t stop attacks.

50. Susan is writing a best practices statement for her organizational users who need to use Bluetooth. She knows that there are many potential security issues with Bluetooth and wants to provide the best advice she can. Which of the following sets of guidance should Susan include?

Since Bluetooth doesn’t provide strong encryption, it should only be used for
activities that are not confidential. Bluetooth PINs are four-digit codes that often
default to 0000. Turning it off and ensuring that your devices are not in discovery
mode can help prevent Bluetooth attacks.

Explanation

Since Bluetooth doesn’t provide strong encryption, it should only be used for
activities that are not confidential. Bluetooth PINs are four-digit codes that often
default to 0000. Turning it off and ensuring that your devices are not in discovery
mode can help prevent Bluetooth attacks.

51. What common applications are associated with each of the following TCP ports: 23, 25, 143, and 515?

Telnet, SFTP, NetBIOS, and LPD

SSH, SMTP, POP3, and ICMP

Telnet, SMTP, IMAP, and LPD

Telnet, SMTP, POP3, and X Windows

These common ports are important to know, although some of the protocols are
becoming less common. TCP 23 is used for Telnet; TCP 25 is used for SMTP (the
Simple Mail Transfer Protocol); 143 is used for IMAP, the Internet Message Access
Protocol; and 515 is associated with LPD, the Line Printer Daemon protocol used to
send print jobs to printers.
POP3 operates on TCP 110, SSH operates on TCP 22 (and SFTP operates over SSH),
and X Windows operates on a range of ports between 6000 and 6063.

Explanation

These common ports are important to know, although some of the protocols are
becoming less common. TCP 23 is used for Telnet; TCP 25 is used for SMTP (the
Simple Mail Transfer Protocol); 143 is used for IMAP, the Internet Message Access
Protocol; and 515 is associated with LPD, the Line Printer Daemon protocol used to
send print jobs to printers.
POP3 operates on TCP 110, SSH operates on TCP 22 (and SFTP operates over SSH),
and X Windows operates on a range of ports between 6000 and 6063.

52. Chris uses a cellular hot spot (modem) to provide Internet access when he is traveling. If he leaves the hot spot connected to his PC while his PC is on his organization's corporate network, what security issue might he cause?

Traffic may not be routed properly, exposing sensitive data.

His system may act as a bridge from the Internet to the local network.

His system may be a portal for a reflected DDoS attack.

Security administrators may not be able to determine his IP address if a security issue occurs.

When a workstation or other device is connected simultaneously to both a secure
and a nonsecure network like the Internet, it may act as a bridge, bypassing the
security protections located at the edge of a corporate network. It is unlikely that
traffic will be routed improperly leading to the exposure of sensitive data, as traffic
headed to internal systems and networks is unlikely to be routed to the external
network. Reflected DDoS attacks are used to hide identities rather than to connect
through to an internal network, and security administrators of managed systems
should be able to determine both the local and wireless IP addresses his system uses.

Explanation

When a workstation or other device is connected simultaneously to both a secure
and a nonsecure network like the Internet, it may act as a bridge, bypassing the
security protections located at the edge of a corporate network. It is unlikely that
traffic will be routed improperly leading to the exposure of sensitive data, as traffic
headed to internal systems and networks is unlikely to be routed to the external
network. Reflected DDoS attacks are used to hide identities rather than to connect
through to an internal network, and security administrators of managed systems
should be able to determine both the local and wireless IP addresses his system uses.

53. One or more users' access codes have been compromised.

Layer 4

Layer 5

Layer 6

Layer 7

Application-specific protocols are handled at layer 7, the Application layer of the
OSI model.

Explanation

Application-specific protocols are handled at layer 7, the Application layer of the
OSI model.

54. What important factor listed below differentiates Frame Relay from X.25?

Frame Relay supports multiple PVCs over a single WAN carrier connection.

Frame Relay is a cell-switching technology instead of a packet-switching technology like X.25.

Frame Relay does not provide a Committed Information Rate (CIR).

Frame Relay only requires a DTE on the provider side.

Frame Relay supports multiple private virtual circuits (PVCs), unlike X.25. It is a
packet-switching technology that provides a Committed Information Rate (CIR),
which is a minimum bandwidth guarantee provided by the service provider to
customers. Finally, Frame Relay requires a DTE/DCE at each connection point, with
the DTE providing access to the Frame Relay network, and a provider-supplied DCE,
which transmits the data over the network

Explanation

Frame Relay supports multiple private virtual circuits (PVCs), unlike X.25. It is a
packet-switching technology that provides a Committed Information Rate (CIR),
which is a minimum bandwidth guarantee provided by the service provider to
customers. Finally, Frame Relay requires a DTE/DCE at each connection point, with
the DTE providing access to the Frame Relay network, and a provider-supplied DCE,
which transmits the data over the network

55. Ben has connected his laptop to his tablet PC using an 802.11g connection. What wireless network mode has he used to connect these devices?

Infrastructure mode

Wired extension mode

Ad hoc mode

Stand-alone mode

Ben is using ad hoc mode, which directly connects two clients. It can be easy to
confuse this with stand-alone mode, which connects clients using a wireless access
point, but not to wired resources like a central network. Infrastructure mode connects
endpoints to a central network, not directly to each other. Finally, wired extension
mode uses a wireless access point to link wireless clients to a wired network.

Explanation

Ben is using ad hoc mode, which directly connects two clients. It can be easy to
confuse this with stand-alone mode, which connects clients using a wireless access
point, but not to wired resources like a central network. Infrastructure mode connects
endpoints to a central network, not directly to each other. Finally, wired extension
mode uses a wireless access point to link wireless clients to a wired network.

56. Sarah is manually reviewing a packet capture of TCP traffic and finds that a system is setting the RST flag in the TCP packets it sends repeatedly during a short period of time. What does this flag mean in the TCP packet header?

RST flags mean “Rest.” The server needs traffic to briefly pause.

RST flags mean “Relay-set.” The packets will be forwarded to the address set in the packet.

RST flags mean “Resume Standard.” Communications will resume in their normal format

RST means “Reset.” The TCP session will be disconnected.

The RST flag is used to reset or disconnect a session. It can be resumed by
restarting the connection via a new three-way handshake.

Explanation

The RST flag is used to reset or disconnect a session. It can be resumed by
restarting the connection via a new three-way handshake.

57. Ben has configured his network to not broadcast a SSID. Why might Ben disable SSID broadcast, and how could his SSID be discovered?

Disabling SSID broadcast prevents attackers from discovering the encryption key. The SSID can be recovered from decrypted packets.

Disabling SSID broadcast hides networks from unauthorized personnel. The SSID can be discovered using a wireless sniffer.

Disabling SSID broadcast prevents issues with beacon frames. The SSID can be recovered by reconstructing the BSSID.

Disabling SSID broadcast helps avoid SSID conflicts. The SSID can be discovered by attempting to connect to the network.

Disabling SSID broadcast can help prevent unauthorized personnel from attempting
to connect to the network. Since the SSID is still active, it can be discovered by using a
wireless sniffer. Encryption keys are not related to SSID broadcast, beacon frames are
used to broadcast the SSID, and it is possible to have multiple networks with the same
SSID.

Explanation

Disabling SSID broadcast can help prevent unauthorized personnel from attempting
to connect to the network. Since the SSID is still active, it can be discovered by using a
wireless sniffer. Encryption keys are not related to SSID broadcast, beacon frames are
used to broadcast the SSID, and it is possible to have multiple networks with the same
SSID.

58. What type of key does WEP use to encrypt wireless communications?

An asymmetric key

Unique key sets for each host

A predefined shared static key

Unique asymmetric keys for each host

WEP has a very weak security model that relies on a single, predefined, shared
static key. This means that modern attacks can break WEP encryption in less than a
minute.

Explanation

WEP has a very weak security model that relies on a single, predefined, shared
static key. This means that modern attacks can break WEP encryption in less than a
minute.

59. The Windows ipconfig command displays the following information: BC-5F-F4-7B-4B-7D.What term describes this, and what information can be gathered from it?

The IP address, the network location of the system

The MAC address, the network interface card’s manufacturer

The MAC address, the media type in use

The IPv6 client ID, the network interface card’s manufacturer

Machine Access Control (MAC) addresses are the hardware address the machine
uses for layer 2 communications. The MAC addresses include an organizationally
unique identifier (OUI), which identifies the manufacturer. MAC addresses can be
changed, so this is not a guarantee of accuracy, but under normal circumstances you
can tell what manufacturer made the device by using the MAC address.

Explanation

Machine Access Control (MAC) addresses are the hardware address the machine
uses for layer 2 communications. The MAC addresses include an organizationally
unique identifier (OUI), which identifies the manufacturer. MAC addresses can be
changed, so this is not a guarantee of accuracy, but under normal circumstances you
can tell what manufacturer made the device by using the MAC address.

60. Jim's organization uses a traditional PBX for voice communication. What is the most common security issue that its internal communications are likely to face, and what should he recommend to prevent it?

Eavesdropping, encryption

Man-in-the-middle attacks, end-to-end encryption

Eavesdropping, physical security

Wardialing, deploy an IPS

Traditional private branch exchange (PBX) systems are vulnerable to eavesdropping
because voice communications are carried directly over copper wires. Since standard
telephones don’t provide encryption (and you’re unlikely to add encrypted phones
unless you’re the NSA), physically securing access to the lines and central connection
points is the best strategy available.

Explanation

Traditional private branch exchange (PBX) systems are vulnerable to eavesdropping
because voice communications are carried directly over copper wires. Since standard
telephones don’t provide encryption (and you’re unlikely to add encrypted phones
unless you’re the NSA), physically securing access to the lines and central connection
points is the best strategy available.

61. What type of address is 127.0.0.1?

A public IP address

An RFC 1918 address

An APIPA address

A loopback address

The IP address 127.0.0.1 is a loopback address and will resolve to the local machine.
Public addresses are non-RFC 1918, non-reserved addresses. RFC 1918 addresses are
reserved and include ranges like 10.x.x.x. An APIPA address is a self-assigned address
used when a DHCP server cannot be found.

Explanation

The IP address 127.0.0.1 is a loopback address and will resolve to the local machine.
Public addresses are non-RFC 1918, non-reserved addresses. RFC 1918 addresses are
reserved and include ranges like 10.x.x.x. An APIPA address is a self-assigned address
used when a DHCP server cannot be found.

62. A denial of service (DoS) attack that sends fragmented TCP packets is known as what kind of attack?

Christmas tree

Teardrop

Stack killer

Frag grenade

A teardrop attack uses fragmented packets to target a flaw in how the TCP stack on
a system handles fragment reassembly. If the attack is successful, the TCP stack fails,
resulting in a denial of service. Christmas tree attacks set all of the possible TCP flags
on a packet, thus “lighting it up like a Christmas tree.” Stack killer and frag grenade
attacks are made-up answers.

Explanation

A teardrop attack uses fragmented packets to target a flaw in how the TCP stack on
a system handles fragment reassembly. If the attack is successful, the TCP stack fails,
resulting in a denial of service. Christmas tree attacks set all of the possible TCP flags
on a packet, thus “lighting it up like a Christmas tree.” Stack killer and frag grenade
attacks are made-up answers.

63. There are four common VPN protocols. Which group of four below contains all of the common VPN protocols?

PPTP, LTP, L2TP, IPsec

PPP, L2TP, IPsec, VNC

PPTP, L2F, L2TP, IPsec

PPTP, L2TP, IPsec, SPAP

PPTp, L2F, L2TP, and IPsec are the most common VPN protocols. TLS is also used
for an increasingly large percentage of VPN connections and may appear at some point
in the CISSP exam. PPP is a dial-up protocol, LTP is not a protocol, and SPAP is the
Shiva Password Authentication Protocol sometimes used with PPTP.

Explanation

PPTp, L2F, L2TP, and IPsec are the most common VPN protocols. TLS is also used
for an increasingly large percentage of VPN connections and may appear at some point
in the CISSP exam. PPP is a dial-up protocol, LTP is not a protocol, and SPAP is the
Shiva Password Authentication Protocol sometimes used with PPTP.

64. Jim is building a research computing system that benefits from being part of a full mesh topology between systems. In a five-node full mesh topology design, how many connections will an individual node have?

2

3

4

5

A full mesh topology directly connects each machine to every other machine on the
network. For five systems, this means four connections per system.

Explanation

A full mesh topology directly connects each machine to every other machine on the
network. For five systems, this means four connections per system.

65. What type of firewall design is shown in the diagram?

A single-tier firewall

A two-tier firewall

A three-tier firewall

A four-tier firewall

The firewall in the diagram has two protected zones behind it, making it a two-tier
firewall design.

Explanation

The firewall in the diagram has two protected zones behind it, making it a two-tier
firewall design.

66. Modern dial-up connections use what dial-up protocol?

SLIP

SLAP

PPTP

PPP

The Point-to-Point Protocol (PPP) is used for dial-up connections for modems,
IDSN, Frame Relay, and other technologies. It replaced SLIP in almost all cases. PPTP
is the Point-to-Point Tunneling Protocol used for VPNs, and SLAP is not protocol at
all!

Explanation

The Point-to-Point Protocol (PPP) is used for dial-up connections for modems,
IDSN, Frame Relay, and other technologies. It replaced SLIP in almost all cases. PPTP
is the Point-to-Point Tunneling Protocol used for VPNs, and SLAP is not protocol at
all!

67. During a security assessment of a wireless network, Jim discovers that LEAP is in use on a network using WPA. What recommendation should Jim make?

Continue to use LEAP. It provides better security than TKIP for WPA networks.

Use an alternate protocol like PEAP or EAP-TLS and implement WPA2 if supported.

Continue to use LEAP to avoid authentication issues, but move to WPA2.

Use an alternate protocol like PEAP or EAP-TLS, and implement Wired Equivalent Privacy to avoid wireless security issues.

LEAP, the Lightweight Extensible Authentication Protocol. is a Cisco proprietary
protocol designed to handle problems with TKIP. Unfortunately, LEAP has significant
security issues as well and should not be used. Any modern hardware should support
WPA2 and technologies like PEAP or EAP-TLS. Using WEP, the predecessor to WPA
and WPA2, would be a major step back in security for any network.

Explanation

LEAP, the Lightweight Extensible Authentication Protocol. is a Cisco proprietary
protocol designed to handle problems with TKIP. Unfortunately, LEAP has significant
security issues as well and should not be used. Any modern hardware should support
WPA2 and technologies like PEAP or EAP-TLS. Using WEP, the predecessor to WPA
and WPA2, would be a major step back in security for any network.

68. The Address Resolution Protocol (ARP) and the Reverse Address Resolution Protocol (RARP) operate at what layer of the OSI model?

Layer 1

Layer 2

Layer 3

Layer 4

ARP and RARP operate at the Data Link layer, the second layer of the OSI model.
Both protocols deal with physical hardware addresses, which are used above the
Physical layer (layer 1) and below the Network layer (layer 3), thus falling at the Data
Link layer.

Explanation

ARP and RARP operate at the Data Link layer, the second layer of the OSI model.
Both protocols deal with physical hardware addresses, which are used above the
Physical layer (layer 1) and below the Network layer (layer 3), thus falling at the Data
Link layer.

69. Lauren wants to provide port-based authentication on her network to ensure that clients must authenticate before using the network. What technology is an appropriate solution for this requirement?

802.11a

802.3

802.15.1

802.1x

802.1x provides port-based authentication and can be used with technologies like
EAP, the Extensible Authentication Protocol. 802.11a is a wireless standard, 802.3 is
the standard for Ethernet, and 802.15.1 was the original Bluetooth IEEE standard.

Explanation

802.1x provides port-based authentication and can be used with technologies like
EAP, the Extensible Authentication Protocol. 802.11a is a wireless standard, 802.3 is
the standard for Ethernet, and 802.15.1 was the original Bluetooth IEEE standard.

70. Ben is troubleshooting a network and discovers that the NAT router he is connected to has the 192.168.x.x subnet as its internal network and that its external IP is 192.168.1.40. What problem is he encountering?

192.168.x.x is a non-routable network and will not be carried to the Internet.

192.168.1.40 is not a valid address because it is reserved by RFC 1918.

Double NATing is not possible using the same IP range.

The upstream system is unable to de-encapsulate his packets and he needs to use PAT instead.

Double NATing isn’t possible with the same IP range; the same IP addresses cannot
appear inside and outside of a NAT router. RFC 1918 addresses are reserved, but only
so they are not used and routable on the Internet, and changing to PAT would not fix
the issue.

Explanation

Double NATing isn’t possible with the same IP range; the same IP addresses cannot
appear inside and outside of a NAT router. RFC 1918 addresses are reserved, but only
so they are not used and routable on the Internet, and changing to PAT would not fix
the issue.

71. Lauren's networking team has been asked to identify a technology that will allow them to dynamically change the organization's network by treating the network like code. What type of architecture should she recommend?

A network that follows the 5-4-3 rule

A converged network

A software-defined network

A hypervisor-based network

Software-defined networking provides a network architecture than can be defined
and configured as code or software. This will allow Lauren’s team to quickly change
the network based on organizational requirements. The 5-4-3 rule is an old design rule
for networks that relied on repeaters or hubs. A converged network carries multiple
types of traffic like voice, video, and data. A hypervisor-based network may be software
defined, but it could also use traditional network devices running as virtual machines.

Explanation

Software-defined networking provides a network architecture than can be defined
and configured as code or software. This will allow Lauren’s team to quickly change
the network based on organizational requirements. The 5-4-3 rule is an old design rule
for networks that relied on repeaters or hubs. A converged network carries multiple
types of traffic like voice, video, and data. A hypervisor-based network may be software
defined, but it could also use traditional network devices running as virtual machines.

72. When a host on an Ethernet network detects a collision and transmits a jam signal, what happens next?

All hosts stop transmitting and each host waits a random period of time before attempting to transmit again.

All hosts stop transmitting and each host waits a period of time based on how recently it successfully transmitted.

Hosts wait for the token to be passed and then resume transmitting data as they pass the token.

Ethernet networks use Carrier-Sense Multiple Access with Collision Detection
(CSMA/CD) technology. When a collision is detected and a jam signal is sent, hosts
wait a random period of time before attempting retransmission.

Explanation

Ethernet networks use Carrier-Sense Multiple Access with Collision Detection
(CSMA/CD) technology. When a collision is detected and a jam signal is sent, hosts
wait a random period of time before attempting retransmission.

73. IPX, AppleTalk, and NetBEUI are all examples of what?

Routing protocols

UDP protocols

Non-IP protocols

TCP protocols

IPX, AppleTalk, and NetBEUI are all examples of non-IP protocols. TCP and UDP
are both IP protocols, while routing protocols are used to send information about how
traffic should be routed through networks.

Explanation

IPX, AppleTalk, and NetBEUI are all examples of non-IP protocols. TCP and UDP
are both IP protocols, while routing protocols are used to send information about how
traffic should be routed through networks.

74. What two key issues with the implementation of RC4 make Wired Equivalent Privacy (WEP) even weaker than it might otherwise be?

Its use of a static common key and client-set encryption algorithms

Its use of a static common key and a limited number of initialization vectors

Its use of weak asymmetric keys and a limited number of initialization vectors

Its use of a weak asymmetric key and client-set encryption algorithms

WEP’s implementation of RC4 is weakened by its use of a static common key and a
limited number of initialization vectors. It does not use asymmetric encryption, and
clients do not select encryption algorithms.

Explanation

WEP’s implementation of RC4 is weakened by its use of a static common key and a
limited number of initialization vectors. It does not use asymmetric encryption, and
clients do not select encryption algorithms.

75. Chris is configuring an IDS to monitor for unencrypted FTP traffic. What ports should Chris use in his configuration?

TCP 20 and 21

TCP 21 only

UDP port 69

TCP port 21 and UDP port 21

The File Transfer Protocol (FTP) operates on TCP ports 20 and 21. UDP port 69 is
used for the Trivial File Transfer Protocol, or TFTP, while UDP port 21 is not used for
any common file transfer protocol.

Explanation

The File Transfer Protocol (FTP) operates on TCP ports 20 and 21. UDP port 69 is
used for the Trivial File Transfer Protocol, or TFTP, while UDP port 21 is not used for
any common file transfer protocol.

76. Which of the following options is not a common best practice for securing a wireless network?

Turn on WPA2.

Enable MAC filtering if used for a relatively small group of clients.

Enable SSID broadcast.

Separate the access point from the wired network using a firewall, thus treating it as external access.

SSID broadcast is typically disabled for secure networks. While this won’t stop a
determined attacker, it will stop casual attempts to connect. Separating the network
from other wired networks, turning on the highest level of encryption supported (like
WPA2), and using MAC filtering for small groups of clients that can reasonably be
managed by hand are all common best practices for wireless networks.

Explanation

SSID broadcast is typically disabled for secure networks. While this won’t stop a
determined attacker, it will stop casual attempts to connect. Separating the network
from other wired networks, turning on the highest level of encryption supported (like
WPA2), and using MAC filtering for small groups of clients that can reasonably be
managed by hand are all common best practices for wireless networks.

77. Which of the following is a converged protocol that allows storage mounts over TCP, and which is frequently used as a lower-cost alternative to Fibre Channel?

MPLS

SDN

VoIP

ISCSI

iSCSI is a converged protocol that allows location-independent file services over
traditional network technologies. It costs less than traditional Fibre Channel. VoIP is
Voice over IP, SDN is Software-defined networking, and MPLS is Multiprotocol Label
Switching, a technology that uses path labels instead of network addresses.

Explanation

iSCSI is a converged protocol that allows location-independent file services over
traditional network technologies. It costs less than traditional Fibre Channel. VoIP is
Voice over IP, SDN is Software-defined networking, and MPLS is Multiprotocol Label
Switching, a technology that uses path labels instead of network addresses.

78. What speed is Category 3 UTP cable rated for?

5 Mbps

10 Mbps

100 Mbps

1000 Mbps

Category 3 UTP cable is primarily used for phone cables and was also used for early
Ethernet networks where it provided 10 Mbps of throughput. Cat 5 cable provides 100
Mbps (and 1000 Mbps if it is Cat 5e). Cat 6 cable can also provide 1000 Mbps.

Explanation

Category 3 UTP cable is primarily used for phone cables and was also used for early
Ethernet networks where it provided 10 Mbps of throughput. Cat 5 cable provides 100
Mbps (and 1000 Mbps if it is Cat 5e). Cat 6 cable can also provide 1000 Mbps.

79. What issue occurs when data transmitted over one set of wires is picked up by another set of wires?

Magnetic interference

Crosstalk

Transmission absorption

Amplitude modulation

Crosstalk occurs when data transmitted on one set of wires is picked up on another
set of wires. Interference like this is electromagnetic rather than simply magnetic,
transmission absorption is a made-up term, and amplitude modulation is how AM
radio works.

Explanation

Crosstalk occurs when data transmitted on one set of wires is picked up on another
set of wires. Interference like this is electromagnetic rather than simply magnetic,
transmission absorption is a made-up term, and amplitude modulation is how AM
radio works.

80. Lauren's organization has used a popular instant messaging service for a number of years. Recently, concerns have been raised about the use of instant messaging.How could Lauren's company best address a desire for secure instant messaging for users of internal systems A and C?

Use a 3rd party instant messaging service.

Implement and use a locally hosted IM service.

Use HTTPS.

Discontinue use of IM and instead use email, which is more secure.

If a business need requires instant messaging, using a local instant messaging
server is the best option. This prevents traffic from traveling to a third-party server
and can offer additional benefits such as logging, archiving, and control of security
options like the use of encryption.

Explanation

If a business need requires instant messaging, using a local instant messaging
server is the best option. This prevents traffic from traveling to a third-party server
and can offer additional benefits such as logging, archiving, and control of security
options like the use of encryption.

81. Jim's organization uses fax machines to receive sensitive data. Since the fax machine is located in a public area, what actions should Jim take to deal with issues related to faxes his organization receives?

Encrypt the faxes and purge local memory.

Disable automatic printing and purge local memory.

Encrypt faxes and disable automatic printing.

Use link encryption and enable automatic printing.

Sensitive information contained in faxes should not be left in a public area.
Disabling automatic printing will help prevent unintended viewing of the faxes.
Purging local memory after the faxes are printed will ensure that unauthorized
individuals can’t make additional copies of faxes. Encryption would help keep the fax
secure during transmission but won’t help with the public location and accessibility of
the fax machine itself, and of course, enabling automatic printing will only make
casual access easier

Explanation

Sensitive information contained in faxes should not be left in a public area.
Disabling automatic printing will help prevent unintended viewing of the faxes.
Purging local memory after the faxes are printed will ensure that unauthorized
individuals can’t make additional copies of faxes. Encryption would help keep the fax
secure during transmission but won’t help with the public location and accessibility of
the fax machine itself, and of course, enabling automatic printing will only make
casual access easier

82. Ben is an information security professional at an organization that is replacing its physical servers with virtual machines. As the organization builds its virtual environment, it is decreasing the number of physical servers it uses while purchasing more powerful servers to act as the virtualization platforms.The IDS Ben is responsible for is used to monitor communications in the data center using a mirrored port on the data center switch. What traffic will Ben see once the majority of servers in the data center have been virtualized?

The same traffic he currently sees

All inter-VM traffic

Only traffic sent outside of the VM environment

All inter-hypervisor traffic

One of the visibility risks of virtualization is that communication between servers
and systems using virtual interfaces can occur “inside” of the virtual environment.
This means that visibility into traffic in the virtualization environment has to be
purpose built as part of its design. Option D is correct but incomplete because interhypervisor traffic isn’t the only traffic the IDS will see.

Explanation

One of the visibility risks of virtualization is that communication between servers
and systems using virtual interfaces can occur “inside” of the virtual environment.
This means that visibility into traffic in the virtualization environment has to be
purpose built as part of its design. Option D is correct but incomplete because interhypervisor traffic isn’t the only traffic the IDS will see.

83. During troubleshooting, Chris uses the nslookup command to check the IP address of a host he is attempting to connect to. The IP he sees in the response is not the IP that should resolve when the lookup is done. What type of attack has likely been conducted?

DNS spoofing

DNS poisoning

ARP spoofing

A Cain attack

DNS poisoning occurs when an attacker changes the domain name to IP address
mappings of a system to redirect traffic to alternate systems. DNS spoofing occurs
when an attacker sends false replies to a requesting system, beating valid replies from
the actual DNS server. ARP spoofing provides a false hardware address in response to
queries about an IP, and Cain & Abel is a powerful Windows hacking tool, but a Cain
attack is not a specific type of attack.

Explanation

DNS poisoning occurs when an attacker changes the domain name to IP address
mappings of a system to redirect traffic to alternate systems. DNS spoofing occurs
when an attacker sends false replies to a requesting system, beating valid replies from
the actual DNS server. ARP spoofing provides a false hardware address in response to
queries about an IP, and Cain & Abel is a powerful Windows hacking tool, but a Cain
attack is not a specific type of attack.

84. A remote access tool that copies what is displayed on a desktop PC to a remote computer is an example of what type of technology?

Remote node operation

Screen scraping

Remote control

RDP

Screen scrapers copy the actual screen displayed and display it at a remote location.
RDP provides terminal sessions without doing screen scraping, remote node operation
is the same as dial-up access, and remote control is a means of controlling a remote
system (screen scraping is a specialized subset of remote control).

Explanation

Screen scrapers copy the actual screen displayed and display it at a remote location.
RDP provides terminal sessions without doing screen scraping, remote node operation
is the same as dial-up access, and remote control is a means of controlling a remote
system (screen scraping is a specialized subset of remote control).

85. Which OSI layer includes electrical specifications, protocols, and interface standards?

The Transport layer

The Device layer

The Physical layer

The Data Link layer

The Physical Layer includes electrical specifications, protocols, and standards that
allow control of throughput, handling line noise, and a variety of other electrical
interface and signaling requirements. The OSI layer doesn’t have a Device layer. The
Transport layer connects the Network and Session layers, and the Data Link layer
packages packets from the network layer for transmission and receipt by devices
operating on the Physical layer.

Explanation

The Physical Layer includes electrical specifications, protocols, and standards that
allow control of throughput, handling line noise, and a variety of other electrical
interface and signaling requirements. The OSI layer doesn’t have a Device layer. The
Transport layer connects the Network and Session layers, and the Data Link layer
packages packets from the network layer for transmission and receipt by devices
operating on the Physical layer.

86. Lauren's organization has deployed VoIP phones on the same switches that the desktop PCs are on. What security issue could this create, and what solution would help?

VLAN hopping, use physically separate switches.

VLAN hopping, use encryption.

Caller ID spoofing, MAC filtering

Denial of service attacks, use a firewall between networks.

VLAN hopping between the voice and computer VLANs can be accomplished when
devices share the same switch infrastructure. Using physically separate switches can
prevent this attack. Encryption won’t help with VLAN hopping because it relies on
header data that the switch needs to read (and this is unencrypted), while Caller ID
spoofing is an inherent problem with VoIP systems. A denial of service is always a
possibility, but it isn’t specifically a VoIP issue and a firewall may not stop the
problem if it’s on a port that must be allowed through.

Explanation

VLAN hopping between the voice and computer VLANs can be accomplished when
devices share the same switch infrastructure. Using physically separate switches can
prevent this attack. Encryption won’t help with VLAN hopping because it relies on
header data that the switch needs to read (and this is unencrypted), while Caller ID
spoofing is an inherent problem with VoIP systems. A denial of service is always a
possibility, but it isn’t specifically a VoIP issue and a firewall may not stop the
problem if it’s on a port that must be allowed through.

87. Which of the following drawbacks is a concern when multilayer protocols are allowed?

A range of protocols may be used at higher layers.

Covert channels are allowed.

Filters cannot be bypassed.

Encryption can’t be incorporated at multiple layers.

Multilayer protocols create three primary concerns for security practitioners: They
can conceal covert channels (and thus covert channels are allowed), filters can be
bypassed by traffic concealed in layered protocols, and the logical boundaries put in
place by network segments can be bypassed under some circumstances. Multilayer
protocols allow encryption at various layers and support a range of protocols at higher
layers.

Explanation

Multilayer protocols create three primary concerns for security practitioners: They
can conceal covert channels (and thus covert channels are allowed), filters can be
bypassed by traffic concealed in layered protocols, and the logical boundaries put in
place by network segments can be bypassed under some circumstances. Multilayer
protocols allow encryption at various layers and support a range of protocols at higher
layers.

88. In her role as an information security professional, Susan has been asked to identify areas where her organization's wireless network may be accessible even though it isn't intended to be. What should Susan do to determine where her organization's wireless network is accessible?

A site survey

Warwalking

Wardriving

A design map

Wardriving and warwalking are both processes used to locate wireless networks,
but are not typically as detailed and thorough as a site survey, and design map is a
made-up term.

Explanation

Wardriving and warwalking are both processes used to locate wireless networks,
but are not typically as detailed and thorough as a site survey, and design map is a
made-up term.

89. What network technology is best described as a token-passing network that uses a pair of rings with traffic flowing in opposite directions?

A ring topology

Token Ring

FDDI

SONET

FDDI, or Fiber Distributed Data Interface, is a token-passing network that uses a
pair of rings with traffic flowing in opposite directions. It can bypass broken segments
by dropping the broken point and using the second, unbroken ring to continue to
function. Token Ring also uses tokens, but it does not use a dual loop. SONET is a
protocol for sending multiple optical streams over fiber, and a ring topology is a
design, not a technology.

Explanation

FDDI, or Fiber Distributed Data Interface, is a token-passing network that uses a
pair of rings with traffic flowing in opposite directions. It can bypass broken segments
by dropping the broken point and using the second, unbroken ring to continue to
function. Token Ring also uses tokens, but it does not use a dual loop. SONET is a
protocol for sending multiple optical streams over fiber, and a ring topology is a
design, not a technology.

90. Ben knows that his organization wants to be able to validate the identity of other organizations based on their domain name when receiving and sending email. What tool should Ben recommend?

PEM

S/MIME

DKIM

MOSS

Domain Keys Identified Mail, or DKIM, is designed to allow assertions of domain
identity to validate email. S/MIME, PEM, and MOSS are all solutions that can provide
authentication, integrity, nonrepudiation, and confidentiality, depending on how they
are used.

Explanation

Domain Keys Identified Mail, or DKIM, is designed to allow assertions of domain
identity to validate email. S/MIME, PEM, and MOSS are all solutions that can provide
authentication, integrity, nonrepudiation, and confidentiality, depending on how they
are used.

91. If the VPN grants remote users the same access to network and system resources as local workstations have, what security issue should Chris raise?

VPN users will not be able to access the web server

There is no additional security issue; the VPN concentrator’s logical network location matches the logical network location of the workstations.

VPN bypasses the firewall, creating additional risks.

VPN users should only connect from managed PCs.

Remote PCs that connect to a protected network need to comply with security
settings and standards that match those required for the internal network. The VPN
concentrator logically places remote users in the protected zone behind the firewall,
but that means that user workstations (and users) must be trusted in the same way
that local workstations are.

Explanation

Remote PCs that connect to a protected network need to comply with security
settings and standards that match those required for the internal network. The VPN
concentrator logically places remote users in the protected zone behind the firewall,
but that means that user workstations (and users) must be trusted in the same way
that local workstations are.

92. Susan is deploying a routing protocol that maintains a list of destination networks with metrics that include the distance in hops to them and the direction traffic should be sent to them. What type of protocol is she using?

A link-state protocol

A link-distance protocol

A destination metric protocol

A distance-vector protocol

Distance-vector protocols use metrics including the direction and distance in hops
to remote networks to make decisions. A link-state routing protocol considers the
shortest distance to a remote network. Destination metric and link-distance protocols
don’t exist.

Explanation

Distance-vector protocols use metrics including the direction and distance in hops
to remote networks to make decisions. A link-state routing protocol considers the
shortest distance to a remote network. Destination metric and link-distance protocols
don’t exist.

93. Which of the following options includes standards or protocols that exist in layer 6 of the OSI model?

NFS, SQL, and RPCOption 1

TCP, UDP, and TLS

JPEG, ASCII, and MIDI

HTTP, FTP, SMTP

Layer 6, the Presentation layer, transforms data from the Application layer into
formats that other systems can understand by formatting and standardizing the data.
That means that standards like JPEG, ASCII, and MIDI are used at the Presentation
layer for data. TCP, UDP, and TLS are used at the Transport layer; NFS, SQL, and RPC
operate at the Session layer; and HTTP, FTP, and SMTP are Application layer
protocols.

Explanation

Layer 6, the Presentation layer, transforms data from the Application layer into
formats that other systems can understand by formatting and standardizing the data.
That means that standards like JPEG, ASCII, and MIDI are used at the Presentation
layer for data. TCP, UDP, and TLS are used at the Transport layer; NFS, SQL, and RPC
operate at the Session layer; and HTTP, FTP, and SMTP are Application layer
protocols.

94. If your organization needs to allow attachments in email to support critical business processes, what are the two best options for helping to avoid security problems caused by attachments?

Train your users and use anti-malware tools.

Encrypt your email and use anti-malware tools

Train your users and require S/MIME for all email.

Use S/MIME by default and remove all ZIP (.zip) file attachments.

User awareness is one of the most important tools when dealing with attachments.
Attachments are often used as a vector for malware, and aware users can help prevent
successful attacks by not opening the attachments. Anti-malware tools, including
antivirus software, can help detect known threats before users even see the
attachments. Encryption, including tools like S/MIME, won’t help prevent
attachment-based security problems, and removing ZIP file attachments will only stop
malware that is sent via those ZIP files.

Explanation

User awareness is one of the most important tools when dealing with attachments.
Attachments are often used as a vector for malware, and aware users can help prevent
successful attacks by not opening the attachments. Anti-malware tools, including
antivirus software, can help detect known threats before users even see the
attachments. Encryption, including tools like S/MIME, won’t help prevent
attachment-based security problems, and removing ZIP file attachments will only stop
malware that is sent via those ZIP files.

95. Which type of firewall can be described as "a device that filters traffic based on its source, destination and the port it is sent from or is going to"?

A static packet filtering firewall

An Application layer gateway firewall

A dynamic packet filtering firewall

A stateful inspection firewall

A static packet filtering firewall is only aware of the information contained in the
message header of packets: the source, destination, and port it is sent from and
headed to. This means that they’re not particularly smart, unlike Application layer
firewalls that proxy traffic based on the service they support or stateful inspection
firewalls (also known as dynamic packet inspection firewalls) that understand the
relationship between systems and their communications.

Explanation

A static packet filtering firewall is only aware of the information contained in the
message header of packets: the source, destination, and port it is sent from and
headed to. This means that they’re not particularly smart, unlike Application layer
firewalls that proxy traffic based on the service they support or stateful inspection
firewalls (also known as dynamic packet inspection firewalls) that understand the
relationship between systems and their communications.

96. Data streams occur at what three layers of the OSI model?

Application, Presentation, and Session

Presentation, Session, and Transport

Physical, Data Link, and Network

Data Link, Network, and Transport

Data streams are associated with the Application, Presentation, and Session layers.
Once they reach the Transport layer, they become segments (TCP) or datagrams
(UDP). From there, they are converted to packets at the Network layer, frames at the
Data Link layer, and bits at the Physical layer

Explanation

Data streams are associated with the Application, Presentation, and Session layers.
Once they reach the Transport layer, they become segments (TCP) or datagrams
(UDP). From there, they are converted to packets at the Network layer, frames at the
Data Link layer, and bits at the Physical layer

97. Lauren's and Nick's PCs simultaneously send traffic by transmitting at the same time. What network term describes the range of systems on a network that could be affected by this same issue?

The subnet

The supernet

A broadcast domain

A collision domain is the set of systems that could cause a collision if they
transmitted at the same time. Systems outside of a collision domain cannot cause a
collision if they send at the same time. This is important, as the number of systems in
a collision domain increases the likelihood of network congestion due to an increase
in collisions. A broadcast domain is the set of systems that can receive a broadcast
from each other. A subnet is a logical division of a network, while a supernet is made
up of two or more networks.

Explanation

A collision domain is the set of systems that could cause a collision if they
transmitted at the same time. Systems outside of a collision domain cannot cause a
collision if they send at the same time. This is important, as the number of systems in
a collision domain increases the likelihood of network congestion due to an increase
in collisions. A broadcast domain is the set of systems that can receive a broadcast
from each other. A subnet is a logical division of a network, while a supernet is made
up of two or more networks.

98. What challenge is most common for endpoint security system deployments?

Compromises

The volume of data

Monitoring encrypted traffic on the network

Handling non-TCP protocolsOption 4

Endpoint security solutions face challenges due to the sheer volume of data that
they can create. When each workstation is generating data about events, this can be a
massive amount of data. Endpoint security solutions should reduce the number of
compromises when properly implemented, and they can also help by monitoring
traffic after it is decrypted on the local host. Finally, non-TCP protocols are relatively
uncommon on modern networks, making this a relatively rare concern for endpoint
security system implementations.

Explanation

Endpoint security solutions face challenges due to the sheer volume of data that
they can create. When each workstation is generating data about events, this can be a
massive amount of data. Endpoint security solutions should reduce the number of
compromises when properly implemented, and they can also help by monitoring
traffic after it is decrypted on the local host. Finally, non-TCP protocols are relatively
uncommon on modern networks, making this a relatively rare concern for endpoint
security system implementations.

99. Steve has been tasked with implementing a network storage protocol over an IP network. What storage-centric converged protocol is he likely to use in his implementation?

MPLS

FCoE

SDN

VoIP

Fiber Channel over Ethernet allows Fiber Channel communications over Ethernet
networks, allowing existing high-speed networks to be used to carry storage traffic.
This avoids the cost of a custom cable plant for a Fiber Channel implementation.
MPLS, or Multiprotocol label Switching, is used for high performance networking;
VoIP is Voice over IP; and SDN is Software-Defined Networking.

Explanation

Fiber Channel over Ethernet allows Fiber Channel communications over Ethernet
networks, allowing existing high-speed networks to be used to carry storage traffic.
This avoids the cost of a custom cable plant for a Fiber Channel implementation.
MPLS, or Multiprotocol label Switching, is used for high performance networking;
VoIP is Voice over IP; and SDN is Software-Defined Networking.

100. FHSS, DSSS, and OFDM all use what wireless communication method that occurs over multiple frequencies simultaneously?

Wi-Fi

Spread Spectrum

Multiplexing

Orthogonal modulation

Frequency Hopping Spread Spectrum (FHSS), Direct Sequence Spread Spectrum
(DSSS), and Orthogonal Frequency-Division Multiplexing (OFDM) all use spread
spectrum techniques to transmit on more than one frequency at the same time.
Neither FHSS nor DHSS uses orthogonal modulation, while multiplexing describes
combining multiple signals over a shared medium of any sort. Wi-Fi may receive
interference from FHSS systems but doesn’t use it.

Explanation

Frequency Hopping Spread Spectrum (FHSS), Direct Sequence Spread Spectrum
(DSSS), and Orthogonal Frequency-Division Multiplexing (OFDM) all use spread
spectrum techniques to transmit on more than one frequency at the same time.
Neither FHSS nor DHSS uses orthogonal modulation, while multiplexing describes
combining multiple signals over a shared medium of any sort. Wi-Fi may receive
interference from FHSS systems but doesn’t use it.