CISSP Questions and Answers 06

QUESTION 701:
Which of the following is a class A fire?
A. common combustibles
B. liquid
C. electrical
D. Halon
Answer: A
QUESTION 702:
To be in compliance with the Montreal Protocol, which of the following options can be
taken to refill a Halon flooding system in the event that Halon is fully discharged in the
computer room?
A. Order an immediate refill with Halon 1201 from the manufacture
B. Contact a Halon recycling bank to make arrangements for a refill
C. Order a different chlorofluorocarbon compound from the manufacture
D. Order an immediate refill with Halon 1301 from the manufacture
Answer: B
QUESTION 703:
Under what conditions would the use of a Class C fire extinguisher be preferable to a Class
A extinguisher?
A. When the fire involves paper products
B. When the fire is caused by flammable products
C. When the fire involves electrical equipment
D. When the fire is in an enclosed area
Answer: C
QUESTION 704:
Which of the following is true about a “dry pipe” sprinkler system?
A. It is a substitute for carbon dioxide systems
B. It maximizes chances of accidental discharge of water
C. it minimizes chances of accidental discharge of water
D. It uses less water than “wet pipe” systems
Answer: C
QUESTION 705:
Under what conditions would use of a “Class C” hand-held fire extinguisher be preferable
to use of a “Class A” hand-held fire extinguisher?
A. When the fire is in its incipient stage
B. When the fire involves electrical equipment
C. When the fire is located in an enclosed area
D. When the fire is caused by flammable products
Answer: B
QUESTION 706:
Which fire class can water be most appropriate for?
A. Class A fires
B. Class B fires
C. Class C fires
D. Class D fires
Answer: A
QUESTION 707:
What category of water sprinkler system is currently the most recommended water system
for a computer room?
A. Dry Pipe sprinkler system
B. Wet Pipe sprinkler system
C. Pre-action sprinkler system
D. Deluge sprinkler system
Answer: C
QUESTION 708:
Which of the following is currently the most recommended water system for a computer
room?
A. pre-action
B. wet pipe
C. dry pipe
D. deluge
Answer: A
Reference: pg 496 Hansche: Official (ISC)2 Guide to the CISSP Exam
QUESTION 709:
According to the ISC2, what should be the fire rating for the walls of an information
processing facility?
A. All walls must have a one-hour minimum fire rating
B. All walls must have a one-hour minimum fire rating, except for walls to adjacent rooms
where records such as paper and media are stored, which should have a two-hour minimum fire
rating
C. All walls must have a two-hour minimum fire rating
D. All walls must have a two-hour minimum fire rating, except for walls to adjacent rooms
where records such as paper and media are stored, which should have a three-hour minimum fire
rating.
Answer: C
QUESTION 710:
Which of the following suppresses the fuel supply of the fire?
A. soda acid
B. Co2
C. Halon
D. water
Answer: A
QUESTION 711:
Which of the following is true about a “dry pipe” sprinkler system?
A. It is a substitute for carbon dioxide systems
B. It maximizes chances of accidental discharge of water
C. It minimizes chances of accidental discharge of water
D. It uses less water than “wet pipe” systems
Answer: C
QUESTION 712:
The most prevalent cause of computer center fires is which of the following?
A. AC equipment
B. electrical distribution systems
C. heating systems
D. natural causes
Answer: B
QUESTION 713:
What fire suppression system can be used in computer rooms that will not
damage computers and is safe for humans?
A. Water
B. FM200
C. Halon
D. CO2
Answer: B
Reference: http://www.fireline.com/fl_fm200firesuppression.html
FM-200 Systems
FM-200 Fire Suppression Systems – Halon Alternatives Fire Protection
Systems
FM200 is a fire suppression system agent manufactured by Great Lakes
Chemical.
How FM200 Suppresses Fire
FM200 suppresses fire by discharging as a gas onto the surface of
combusting materials. Large amounts of heat energy are absorbed from the
surface of the burning material, lowering it’s temperature below the
ignition point.
FM200 Fire Suppression Systems and the Environment
FM200 fire suppression systems have low atmospheric lifetimes, global
warming, and ozone depletion potentials. Unlike Halon 1301 fire
suppression systems, FM200 systems are environmentally friendly. They
provide an effective, safe method of special hazards fire suppression
where a non-residue producing clean agent is essential.
QUESTION 714:
The following are fire detector types EXCEPT:
A. smoke activated
B. flame actuated
C. acoustical-seismic detection system
D. heat activated
Answer: C
QUESTION 715:
Which fire class can water be most appropriate for?
A. Class A fires
B. Class B fires
C. Class C fires
D. Class D fires
Answer: A
“Fire Extinguisher Classes
Class Type Suppression Material
A Common combustibles Water, soda acid (dry powder)
B Liquids CO2 , Halon, soda acid
C Electrical CO2, Halon”
Pg. 578 Tittel: CISSP Study Guide
QUESTION 716:
Which one of the following actions should be taken FIRST after a fire has been detected?
A. Turn off power to the computers
B. Call the fire department
C. Notify management
D. Evacuate all personnel
Answer: D
Protection of life is of the utmost importance and should be dealt with first before looking to
save material objects. . – Shon Harris All-in-one CISSP Certification Guide pg 625
QUESTION 717:
Which of the following provides coordinated procedures for minimizing loss of life or
injury and protecting property damage in response to a physical threat?
A. Business continuity plan
B. Incident response plan
C. Disaster recovery plan
D. Occupant emergency plan
Answer: D
“Occupant Emergency Plan (OEP). The OEP is a document providing coordinated procedures
for minimizing loss of life or injury and protecting property damage in response to a physical
threat. It does not necessarily deal with business systems or IT system functionality, but rather
focuses on personnel and property at a specific facility.” Pg 666 Hansche: Official (ISC)2 Guide
to the CISSP Exam
QUESTION 718:
Disaster Recovery Plan emergency produces is a plan of action that commences
immediately to prevent or minimize property damage and to:
A. Prevent interruption of service.
B. Minimize embarrassment.
C. Prevent loss of life.
D. Evacuate the facility.
Answer: C
Protection of life is of the utmost importance and should be dealt with first before looking to
save material objects. – Shon Harris All-in-one CISSP Certification Guide pg 625
QUESTION 719:
What is the PRIMARY concern during a disaster?
A. Recover of the critical functions.
B. Availability of a hot site.
C. Acceptable outage duration.
D. Personnel safety.
Answer: D
Personal safety goes way above and beyond all other things, unless you’re a rescue worker, and
even then safety is still priority #1. Recovering critical functions and down time are not the
MOST important concerns; Data can be recovered, a potential life loss cannote be Making
Personal safety of the utmost important.
QUESTION 720:
Which of the following elements is not included in a Public Key Infrastructure (PKI)?
A. Timestamping
B. Lightweight Directory Access Protocol (LDAP)
C. Certificate revocation
D. Internet Key Exchange (IKE)
Answer: D
QUESTION 721:
In a Public Key Infrastructure (PKI) context, which of the following is a primary concern
with LDAP servers?
A. Availability
B. Accountability
C. Confidentiality
D. Flexibility
Answer: A
QUESTION 722:
What is NOT true with pre shared key authentication within IKE/IPsec protocol:
A. pre shared key authentication is normally based on simple passwords
B. needs a PKI to work
C. Only one preshared key for all VPN connections is needed
D. Costly key management on large user groups
Answer: B
QUESTION 723:
What is the role of IKE within the IPsec protocol:
A. peer authentication and key exchange
B. data encryption
C. data signature
D. enforcing quality of service
Answer: A
“In order to set up and manage Sas on the Internet, a standard format called the Internet Security
Association and Key Management Protocol (ISAKMP) was established. ISAKMP provides for
secure key exchange and data authentication. However, ISAKMP is independent of the
authentication protocols, security protocols, and encryption algorithms. Strictly speaking, a
combination of three protocols is used to define key management for IPSEC. These protocols are
ISAKMP, Secure Key Exchange Mechanism (SKEME) and Oakley. When combined and
applied to IPSEC, these protocols are called the Internet Key Exchange (IKE) protocol.” Pg. 222
Krutz: The CISSP Prep Guide: Gold Edition
QUESTION 724:
In a Public Key Infrastructure, how are public keys published?
A. They are sent via e-mail
B. Through digital certificates
C. They are sent by owners
D. They are not published
Answer: B
QUESTION 725:
Which of the following is defined as a key establishment protocol based on the
Diffie-Hellman algorithm proposed for IPsec but superseded by IKE?
A. Diffie-Hellman Key Exchange Protocol
B. Internet Security Association and Key Management Protocol (ISAKMP)
C. Simple Key-management for Internet Protocols (SKIP)
D. OAKLEY
Answer: D
QUESTION 726:
Which of the following defines the key exchange for Internet Protocol Security (IPSEC)?
A. Internet Security Association Key Management Protocol (ISAKMP)
B. Internet Key Exchange (IKE)
C. Security Key Exchange (SKE)
D. Internet Communication Messaging Protocol (ICMP)
Answer: A
Because Ipsec is a framework, it does not dictate what hashing and encryption algorithms are to
be used or how keys are to be exchanged between devices. Key management can be handled
through manual process or automated a key management protocol. The Internet Security
Association and Key management Protocol (ISAKMP) is an authentication and key exchange
architecture that is independent of the type of keying mechanisms used.
Pg 577 Shon Harris All-In-One CISSP Certification Exam Guide
QUESTION 727:
A network of five nodes is using symmetrical keys to securely transmit data. How many
new keys are required to re-establish secure communications to all nodes in the event there
is a key compromise?
A. 5
B. 10
C. 20
D. 25
Answer: A
In a typical vpn using secret keys there would be one key at central office and the same key
provided for each telecommuter, in this case 4. If the key was compromised, all 5 keys would
have to be changed.
“Secret key cryptography is the type of encryption that is familiar to most people. In this type of
cryptography, the sender and receiver both know a secret key. The sender encrypts the plaintext
message with the secret key, and the receiver decrypts the message with the same secret key.”
-Ronald Krutz The CISSP PREP Guide (gold edition) pg 194
QUESTION 728:
What is the effective key size of DES?
A. 56 bits
B. 64 bits
C. 128 bits
D. 1024 bits
Answer: A
QUESTION 729:
Matches between which of the following are important because they represent references
from one relation to another and establish the connection among these relations?
A. foreign key to primary key
B. foreign key to candidate key
C. candidate key to primary key
D. primary key to secondary key
Answer: A
QUESTION 730:
Which of the following can best be defined as a key distribution protocol that uses hybrid
encryption to convey session keys that are used to encrypt data in IP packets?
A. Internet Security Association and Key Management Protocol (ISKAMP)
B. Simple Key-Management for Internet Protocols (SKIP)
C. Diffie-Hellman Key Distribution Protocol
D. IPsec Key Exchange (IKE)
Answer: B
Reference: pg 117 Krutz
QUESTION 731:
What is the PRIMARY advantage of secret key encryption systems as compared with
public key systems?
A. Faster speed encryption
B. Longer key lengths
C. Easier key management
D. Can be implemented in software
Answer: A
“The major strength of symmetric key cryptography is the great speed at which it can operate.
By the nature of the mathematics involved, symmetric key cryptography also naturally lends
itself to hardware implementations, creating the opportunity for even higher-speed operations.”
Pg. 309 Tittel: CISSP Study Guide
QUESTION 732:
In a cryptographic key distribution system, the master key is used to exchange?
A. Session keys
B. Public keys
C. Secret keys
D. Private keys
Answer: A
“The Key Distribution Center (KDC) is the most import component within a Kerberos
environment. The KDC holds all users’ and services’ cryptographic keys. It provides
authentication services, as well as key distribution functionality. The clients and services trust
the integrity of the KDC, and this trust is the foundation of Kerberos security.” Pg. 148 Shon
Harris CISSP All-In-One Certification Exam Guide
‘The basic principles of Kerberos operation are as follows:
1.) The KDC knows the secret keys of all clients and servers on the network.
2.) The KDC initially exchanges information with the client and server by using these secret
keys.
3.) Kerberos authenticates a client to a requested service on a server through TGS, and by using
temporary symmetric session keys for communications between the client and KDC, the server
and the KDC, and the client and server.
4.) Communication then takes place between the client and the server using those temporary
session keys.”
Pg. 40 Krutz: The CISSP Prep Guide
QUESTION 733:
Which Application Layer security protocol requires two pair of asymmetric keys and two
digital certificates?
A. PEM
B. S/HTTP
C. SET
D. SSL
Answer: C
QUESTION 734:
Which of the following can be defined as an attribute in one relation that has values
matching the primary key in another relation?
A. foreign key
B. candidate key
C. Primary key
D. Secondary key
Answer: A
Reference: pg 243 Hansche: Official (ISC)2 Guide to the CISSP Exam
QUESTION 735:
What key size is used by the Clipper Chip?
A. 40 bits
B. 56 bits
C. 64 bits
D. 80 bits
Answer: D
“Each Clipper Chip has a unique serial number and an 80-bit unique unit or secret key. The unit
key is divided into tow parts and is stored at two separate organizations with the serial number
that uniquely identifies that particular Clipper Chip.” Pg 166 Krutz: The CISSP Prep Guide
QUESTION 736:
What uses a key of the same length as the message?
A. Running key cipher
B. One-time pad
C. Steganography
D. Cipher block chaining
Answer: B
Reference:
“A one-time pad is an extremely powerful type of substitution cipher. One-time pads use a
different alphabet for each letter of the plaintext message.
Normally, one-time pads are written as a very long series of numbers to be plugged into the
function.
The great advantage to one-time pads is that, when used properly, they are an unbreakable
encryption scheme. There is no repeating pattern of alphabetic substitution, redering
cryptanalytic efforts useless. However, several requirements must be met to ensure the integrity
of the algorithm:
The encryption key must be randomly generated. Using a phrase or a passage from a book would
introduce the possibility of cryptanalysts breaking the code.
The one-time pad must be physically secured against disclosure. If the enemy has a copy of the
pad, they can easily decrypt the enciphered messages.
Each one-time pad must be used only once. If pads are reused, cryptanalysts can compare
similarities in multiple messages encrypted with the same pad and possibly determine the key
values used.
The key must be at least as long as the message to be encrypted. This is because each key
element is used to encode only one character of the message.
Pg. 304-305 Tittel: CISSP Study Guide
QUESTION 737:
Which of the following statements related to a private key cryptosystem is FALSE?
A. The encryption key should be secure
B. Data Encryption Standard (DES) is a typical private key cryptosystem
C. The key used for decryption is known to the sender
D. Two different keys are used for the encryption and decryption
Answer: D
“In symmetric key cryptography, a single secret key is used between entities, wheareas in public
key systems, each entity has different keys, or asymmetric keys.” Pg 476 Shon Harris CISSP
Certification All-in-One Exam Guide
QUESTION 738:
Simple Key Management for Internet Protocols (SKIP) is similar to Secure Sockets Layer
(SSL), except that it requires no prior communication in order to establish or exchange
keys on a:
A. Secure Private keyring basis
B. response-by-session basis
C. Remote Server basis
D. session-by-session basis
Answer: D
Reference: pg 117 Krutz: CISSP Prep Guide: Gold Edition
QUESTION 739:
A weak key of an encryption algorithm has which of the following properties?
A. It is too short, and thus easily crackable
B. It facilitates attacks against the algorithm
C. It has much more zeroes than ones
D. It can only be used as a public key
Answer: B
QUESTION 740:
Security measures that protect message traffic independently on each communication path are called:
A. Link oriented
B. Procedure oriented
C. Pass-through oriented
D. End-to-end oriented
Answer: A
Link encryption encrypts all the data along a specific communication path like a satellite link, T3 line, or
telephone
circuit. Not only is the user information encrypted, but the header, trailers, addresses, and routing data hat are
part
of the packets are also encrypted. This provides extra protection against packet sniffers and eavesdroppers. –
Shon
Harris All-in-one CISSP Certification Guide pg 560
QUESTION 741:
Who is responsible for the security and privacy of data during a transmission on a public communications
link?
A. The carrier
B. The sending
C. The receiving party
D. The local service provider
Answer: B
The sender of an email is responsible for encryption if security is desired. A bank that sends data
across web is responsible to utilize a secure protocol.
QUESTION 742:
Which of the following best provides e-mail message authenticity and confidentiality?
A. Signing the message using the sender’s public key and encrypting the message using the
receiver’s private key
B. Signing the message using the sender’s private key and encrypting the message using the
receiver’s public key
C. Signing the message using the receiver’s private key and encrypting the message using the
sender’s public key
D. Signing the message using the receiver’s public key and encrypting the message with the
sender’s private key
Answer: B
QUESTION 743:
Cryptography does not help in:
A. Detecting fraudulent insertion
B. Detecting fraudulent deletion
C. Detecting fraudulent modifications
D. Detecting fraudulent disclosure
Answer: D
QUESTION 744:
Which of the following is NOT a property of a one-way hash function?
A. It converts a message of a fixed length into a message digest of arbitrary length
B. It is computationally infeasible to construct two different messages with the same digest
C. It converts a message of arbitrary length into a message digest of a fixed length
D. Given a digest value, it is computationally infeasible to find the corresponding message
Answer: A
QUESTION 745:
How much more secure is 56 bit encryption opposed to 40 bit encryption?
A. 16 times
B. 256 times
C. 32768 times
D. 65,536 times
Answer: D
2 to the power of 40 = 1099511627776
2 to the power of 56 = 72057594037927936
72057594037927936 / 1099511627776 = 65,536
QUESTION 746:
Which of the following statements is true about data encryption as a method of protecting
data?
A. It should sometimes be used for password files
B. It is usually easily administered
C. It makes few demands on system resources
D. It requires careful key Management
Answer: D
“Cryptography can be used as a security mechanism to provide confidentiality, integrity, and
authentication, but not if the keys are compromised in any way. The keys can be captured,
modified, corrupted, or disclosed to unauthorized individuals. Cryptography is based on a trust
mode. Individuals trust each other to protect their own keys, they trust the administrator who is
maintaining the keys, and they trust a server that holds, maintains and distributes the keys.
Many administrators know that key management causes one of the biggest headaches in
cryptographic implementation. There is more to key maintenance than using them to encrypt
messages. The keys have to be distributed securely to the right entities and updated
continuously. The keys need to be protected as they are being transmitted and while they are
being stored on each workstation and server. The keys need to be generated, destroyed, and
recovered properly, Key management can be handled through manual or automatic processes.
Unfortunately, many companies use cryptographic keys, but rarely if ever change them. This is
because of the hassle of key management and because the network administrator is already
overtaxed with other tasks or does not realize the task actually needs to take place. The
frequency of use of a cryptographic key can have a direct correlation to often the key should be
changed. The more a key is used, the more likely it is to be captured and compromised. If a key
is used infrequently, then this risk drops dramatically. The necessary level of security and the
frequency of use can dictate the frequency of the key updates.
Key management is the most challenging part of cryptography and also the most crucial. It is one
thing to develop a very complicated and complex algorithm and key method, but if the keys are
not securely stored and transmitted, it does not really matter how strong the algorithm is.
Keeping keys secret is a challenging task.” Pg 512-513 Shon Harris CISSP Certification
All-In-One Exam Guide
QUESTION 747:
The primary purpose for using one-way encryption of user passwords within a system is
which of the following?
A. It prevents an unauthorized person from trying multiple passwords in one logon attempt
B. It prevents an unauthorized person from reading or modifying the password list
C. It minimizes the amount of storage required for user passwords
D. It minimizes the amount of processing time used for encrypting password
Answer: B
QUESTION 748:
Which of the following is not a known type of Message Authentication Code (MAC)?
A. Hash function-based MAC
B. Block cipher-based MAC
C. Signature-based MAC
D. Stream cipher-based MAC
Answer: C
QUESTION 749:
Which of the following was developed in order to protect against fraud in electronic fund
transfers (EFT)?
A. Secure Electronic Transaction (SET)
B. Message Authentication Code (MAC)
C. Cyclic Redundency Check (CRC)
D. Secure Hash Standard (SHS)
Answer: B
Reference: pg 218 Krutz: CISSP Prep Guide: Gold Edition
QUESTION 750:
Where parties do not have a shared secret and large quantities of sensitive information
must be passed, the most efficient means of transferring information is to use a hybrid
encryption technique. What does this mean?
A. Use of public key encryption to secure a secret key, and message encryption using the secret
key
B. Use of the recipient’s public key for encryption and decryption based on the recipient’s
private key
C. Use of software encryption assisted by a hardware encryption accelerator
D. Use of elliptic curve encryption
Answer: A
QUESTION 751:
One-way hash provides:
A. Confidentiality
B. Availability
C. Integrity
D. Authentication
Answer: C
“Hash Functions
….how cryptosystems implement digital signatures to provide proof that a message originated
from a particular user of a cryptosystem and to ensure that the message was not modified while
in transit between the two parties.”
Pg. 292 Tittel: CISSP Study Guide Second Edition
“integrity A state characterized by the assurance that modifications are not made by
unauthorized users and authorized users do not make unauthorized modifications.”
Pg. 616 Tittel: CISSP Study Guide Second Edition
QUESTION 752:
What size is an MD5 message digest (hash)?
A. 128 bits
B. 160 bits
C. 256 bits
D. 128 bytes
Answer: A
“MD4
MD4 is a one-way hash function designed by Ron Rivest. It produces 128-bit hash, or message
digest, values. It is used for high-speed computation in software implementations and is
optimized for microprocessors.
MD5
MD5 is the newer version of MD4. It still produces a 128-bit hash, but the algorithm is more
complex, which makes it harder to break. MD5 added a fourth round of operations to be
performed during the hashing functions and makes several of it mathematical operations carry
out more steps or more complexity to provide a higher level of security.
MD2
MD2 is also a 128-bit one-way hash designed by Ron Rivest. It is not necessarily any weaker
than the previously mentioned hash functions, but is much slower.
SHA
SHA was designed by NIST and NSA to be used with DSS. The SHA was designed to be used
with digital signatures and was developed when a more secure hashing algorithm was required
for federal application.
SHA produces a 160-bit hash value, or message digest. This is then inputted into the DSA,
which computes the signature for a message. The message digest is signed instead of the whole
message because it is a much quicker process. The sender computes a 160-bit hash value,
encrypts it with his private key (signs it), appends it to the message, and sends it. The receiver
decrypts the value with the sender’s public key, runs the same hashing function, and compares
the two values. If the values are the same, the receiver can be sure that the message has not been
tampered with in transit.
SHA is similar to MD4. It has some extra mathematical functions and produces a 160-bit hash
instead of 128-bit, which makes it more resistant to brute force attacks, including birthday
attacks.
HAVAL
HAVAL is a variable-length one-way hash function and is the modification of MD5. It processes
message blocks twice the size of those used in MD5; thus it processes blocks of 1,024 bits.
Pg. 508-509 Shon Harris CISSP Certification All-In-One Exam Guide
QUESTION 753:
Which of the following is NOT a property of a one-way hash function?
A. It converts a message of a fixed length into a message digest of arbitrary length.
B. It is computationally infeasible to construct two different messages with the same digest
C. It converts a message of arbitrary length into a message digest of a fixed length
D. Given a digest value, it is computationally infeasible to find the corresponding message
Answer: A
QUESTION 754:
Which of the following would best describe a Concealment cipher?
A. Permutation is used, meaning that letters are scrambled
B. Every X number of words within a text, is a part of the real message
C. Replaces bits, characters, or blocks of characters with different bits, characters, or blocks.
D. Hiding data in another message so that the very existence of the data is concealed.
Answer: B
Reference: pg 468 Shon Harris: All-in-One CISSP Certification
QUESTION 755:
Which of the following ciphers is a subset of the Vignere polyalphabetic cipher?
A. Caesar
B. Jefferson
C. Alberti
D. SIGABA
Answer: A
“The Caesar Cipher,…., is a simple substitution cipher that involves shifting the alphabet three
positions to the right. The Caesar Cipher is a subset of the Vigenere polyalphabetic cipher. In the
Caesar cipher, the message’s characters and repetitions of the key are added together, modulo 26.
In modulo 26, the letters A to Z of the alphabet are given a value of 0 to 25, respectively.”
Pg. 189 Krutz: The CISSP Prep Guide: Gold Edition
QUESTION 756:
Which of the following is not a property of the Rijndael block cipher algorithm?
A. Resistance against all known attacks
B. Design simplicity
C. 512 bits maximum key size
D. Code compactness on a wide variety of platforms
Answer: C
QUESTION 757:
What are two types of ciphers?
A. Transposition and Permutation
B. Transposition and Shift
C. Transposition and Substitution
D. Substitution and Replacement
Answer: C
“Classical Ciphers:
Substitution
Transposition (Permutation)
Vernam (One-Time Pad)
Book or Running Key
Codes
Steganography”
Pg 189-193 Krutz: CISSP Prep Guide: Gold Edition.
QUESTION 758:
Which one of the following, if embedded within the ciphertext, will decrease the likelihood
of a message being replayed?
A. Stop bit
B. Checksum
C. Timestamp
D. Digital signature
Answer: C
CBC is the CBC mode of some block cipher, HMAC is a keyed message digest, MD
is a plain message digest, and timestamp is to protect against replay attacks. From the OpenSSL
project http://www.mail-archive.com/openssl-users@openssl.org/msg23576.html
QUESTION 759:
Which of the following statements pertaining to block ciphers is incorrect?
A. it operates on fixed-size blocks of plaintext
B. it is more suitable for software than hardware implementation
C. Plain text is encrypted with a public key and decrypted with a private key
D. Block ciphers can be operated as a stream
Answer: C
“Strong and efficient block cryptosystems use random key values so an attacker cannot find a
pattern as to which S-boxes are chosen and used.” Pg. 481 Shon Harris CISSP Certification
All-in-One Exam Guide
Not A:
“When a block cipher algorithm is used for encryption and decryption purposes, the message is
divided into blocks of bits. These blocks are then put through substitution, transposition, and
other mathematical functions, on block at a time.” Pg. 480 Shon Harris CISSP Certification
All-in-One Exam Guide
Not B:
“Block ciphers are easier to implement in software because they work with blocks of data that
the software is used to work with.” Pg 483 Shon Harris CISSP Certification All-in-One Exam
Guide
Not D:
“This encryption continues until the plaintext is exhausted.” Pg. 196 Krutz The CISSP Prep
Guide.
Not A or D:
“When a block a block cipher algorithm is used for encryption and decryption purposes, the
message is divided into blocks of bits. These blocks are then put through substitution,
transposition, and other mathematical functions, one block at a time.” Pg 480 Shon Harris:
All-in-One CISSP Certification
QUESTION 760:
The repeated use of the algorithm to encipher a message consisting of many blocks is called
A. Cipher feedback
B. Elliptical curve
C. Cipher block chaining
D. Triple DES
Answer: C
“There are two main types of symmetric algorithms: stream and block ciphers. Like their names
sound, block ciphers work on blocks of plaintext and ciphertext, whereas stream ciphers work on
streams of plaintext and ciphertext, on bit or byte at a time. Pg 521. Shon Harris CISSP
All-In-One Certification Exam Guide
Cipher Block Chaining (CBC) operates with plaintext blocks of 64 bits. ….Note that in this
mode, errors propogate.” Pg 149 Krutz: The CISSP Prep Guide
QUESTION 761:
When block chaining cryptography is used, what type of code is calculated and appended to the data to
ensure authenticity?
A. Message authentication code.
B. Ciphertext authentication code
C. Cyclic redundancy check
D. Electronic digital signature
Answer: A
The original Answer was B. This is incorrect as cipthertext is the result not an authentication
code.
“If meaningful plaintext is not automatically recognizable, a message authentication code
(MAC) can be computed and appended to the message. The computation is a function of the
entire message and a secret key; it is practically important to find another message with the
same authenticator. The receiver checks the authenticity of the message by computing the MAC
using the same secret key and then verifying that the computed value is the same as the one
transmitted with the message. A MAC can be used to provide authenticity for unencrypted
messages as well as for encrypted ones. The National Institute of Standards and Technology
(NIST) has adopted a standard for computing a MAC. (It is found in Computer Data
Authentication, Federal Information Processing Standards Publication (FIPS PUB) 113.)”
http://www.cccure.org/Documents/HISM/637-639.html from the Handbook of Information
Security Management by Micki Krause
QUESTION 762:
Which of the following statements pertaining to block ciphers is incorrect?
A. It operates on fixed-size blocks of plaintext
B. It is more suitable for software than hardware implementations
C. Plain text is encrypted with a public key and decrypted with a private key
D. Block ciphers can be operated as a stream
Answer: C
“Strong and efficient block cryptosystems use random key values so an attacker cannot find a
pattern as to which S-boxes are chosen and used.” Pg. 481 Shon Harris CISSP Certification
All-in-One Exam Guide
Not A:
“When a block cipher algorithm is used for encryption and decryption purposes, the message is
divided into blocks of bits. These blocks are then put through substitution, transposition, and
other mathematical functions, on block at a time.” Pg. 480 Shon Harris CISSP Certification
All-in-One Exam Guide
Not B:
“Block ciphers are easier to implement in software because they work with blocks of data that
the software is used to work with.” Pg 483 Shon Harris CISSP Certification All-in-One Exam
Guide
Not D:
“This encryption continues until the plaintext is exhausted.” Pg. 196 Krutz The CISSP Prep
Guide.
QUESTION 763:
Which of the following is a symmetric encryption algorithm?
A. RSA
B. Elliptic Curve
C. RC5
D. El Gamal
Answer: C
QUESTION 764:
How many bits is the effective length of the key of the Data Encryption Standard
Algorithm?
A. 16
B. 32
C. 56
D. 64
Answer: C
QUESTION 765:
Compared to RSA, which of the following is true of elliptic curse cryptography?
A. It has been mathematically proved to be the more secure
B. It has been mathematically proved to be less secure
C. It is believed to require longer keys for equivalent security
D. It is believed to require shorter keys for equivalent security
Answer: D
CISSP All-In-One – page 491: “In most cases, the longer the key length, the more protection provided, but
ECC can provide the same level of protection with a key size that is smaller than what RSA requires.”
CISSP Prep Guide (not Gold edition) – page 158: “… smaller key sizes in the elliptic curve implementation
can yield higher levels of security. For example, an elliptic curve key of 160 bits is equivalent to 1024-bit
RSA key.”
QUESTION 766:
Which of the following is not a one-way algorithm?
A. MD2
B. RC2
C. SHA-1
D. DSA
Answer: B
Not: A, C or D.
“Hash Functions
SHA
MD2
MD4
MD5”
Pg. 337- 340 Tittel: CISSP Study Guide
DSA, Digital Signature Algorithm, is a approved standard for Digital Signatures that utilizes
SHA-1 hashing function.
Pg. 342-343 Tittel: CISSP Study Guide
QUESTION 767:
A public key algorithm that does both encryption and digital signature is which of the
following?
A. RSA
B. DES
C. IDEA
D. DSS
Answer: A
“RSA, named after its inventors Ron Rivest, Adi Shamir, and Leonard Adleman, is a public key
algorithm that is the most popular when it comes to asymmetric algorithms. RSA is a worldwide
de facto standard and can be used for digital signatures, key exchange, and encryption.”
Pg. 489 Shon Harris: All-In-One CISSP Certification Exam Guide
QUESTION 768:
Which of the following encryption algorithms does not deal with discrete logarithms?
A. El Gamal
B. Diffie-Hellman
C. RSA
D. Elliptic Curve
Answer: C
QUESTION 769:
The RSA algorithm is an example of what type of cryptography?
A. Asymmetric key
B. Symmetric key
C. Secret Key
D. Private Key
Answer: A
QUESTION 770:
How many rounds are used by DES?
A. 16
B. 32
C. 64
D. 48
Answer: A
“When the DES algorithm is applied to data, it divides the message into blocks and operates on
them one at a time. A block is made of 64 bits and is divided in half and each character is
encrypted one at a time. The characters are put through 16 rounds of transposition and
substitution functions. The order and type of transposition and substitution function depend on
the value of the key that is inputted into the algorithm. The result is the 64-bit block of
ciphertext.” Pg. 526 Shon Harris: CISSSP All-In-One Certification Guide
QUESTION 771:
Which of the following is the most secure form of triple-DES encryption?
A. DES-EDE3
B. DES-EDE1
C. DES-EEE4
D. DES-EDE2
Answer: A
QUESTION 772:
Which of the following algorithms does *NOT* provide hashing?
A. SHA-1
B. MD2
C. RC4
D. MD5
Answer: C
“Hashed Algorithms
SHA-1
HMAC-SHA-1
MD5
HMAC-MD5”
Pg 426 Hansche: Official (ISC)2 Guide to the CISSP Exam
QUESTION 773:
Which of the following is unlike the other three?
A. El Gamal
B. Teardrop
C. Buffer Overflow
D. Smurf
Answer: A
QUESTION 774:
Which of the following is not an encryption algorithm?
A. Skipjack
B. SHA-1
C. Twofish
D. DEA
Answer: B
SHA-1 is a hash algorithm opposed to encryption algorithm.
Reference: pg 293 Tittel: CISSP Study Guide
QUESTION 775:
Which one of the following is an asymmetric algorithm?
A. Data Encryption Algorithm.
B. Data Encryption Standard
C. Enigma
D. Knapsack
Answer: D
Merkle-Hellman Knapsack is a Public Key Algorithm Pg 206 Krutz: CISSP Prep Guide: Gold
Edition.
Not A:
“DES describes the Data Encryption Algorithm (DEA) and is the name of the Federal
Information Processing Standard (FIPS) 46-1 that was adopted in 1977…” pg 195 Krutz: CISSP
Prep Guide: Gold Edition.
Not B:
“The best-known symmetric key system is probably the Data Encryption Standard (DES).” pg
195 Krutz: CISSP Prep Guide: Gold Edition.
Not C:
“The German military used a polyalphabetic substitution cipher machine called the Enigma as its
principal encipherment system during World War II.” Pg 185 Krutz: CISSP Prep Guide: Gold
Edition.
QUESTION 776:
Which of the following is *NOT* a symmetric key algorithm?
A. Blowfish
B. Digital Signature Standard (DSS)
C. Triple DES (3DES)
D. RC5
Answer: B
Reference: pg 489 Shon Harris
QUESTION 777:
Which of the following layers is not used by the Rijndael algorithm?
A. Non-linear layer
B. Transposition layer
C. Key addition layer
D. The linear mixing layer
Answer: B
Reference: pg 201 Krutz: CISSP Prep Guide: Gold Edition
QUESTION 778:
What is the basis for the Rivest-Shamir-Adelman (RSA) algorithm scheme?
A. Permutations
B. Work factor
C. Factorability
D. Reversivibility
Answer: C
This algorithm is based on the difficulty of factoring a number, N, which is the product of two
large prime numbers. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 204
QUESTION 779:
Which of the following encryption algorithms does not deal with discrete logarithms?
A. El Gamal
B. Diffie-Hellman
C. RSA
D. Elliptic Curve
Answer: C
Reference: pg 416 Hansche: Official (ISC)2 Guide to the CISSP Exam
QUESTION 780:
The RSA Algorithm uses which mathematical concept as the basis of its encryption?
A. Geometry
B. Irrational numbers
C. PI (3.14159…)
D. Large prime numbers
Answer: D
QUESTION 781:
PGP provides which of the following?(Choose three)
A. Confidentiality
B. Accountability
C. Accessibility
D. Integrity
E. Interest
F. Non-repudiation
G. Authenticity
Answer: A,D,G
PGP provides confidentiality, integrity, and authenticity.
QUESTION 782:
PGP uses which of the following to encrypt data?
A. An asymmetric scheme
B. A symmetric scheme
C. a symmetric key distribution system
D. An asymmetric key distribution
Answer: B
QUESTION 783:
Which of the following mail standards relies on a “Web of Trust”?
A. Secure Multipurpose Internet Mail extensions (S/MIME)
B. Pretty Good Privacy (PGP)
C. MIME Object Security Services (MOSS)
D. Privacy Enhanced Mail (PEM)
Answer: B
“PGP does not use a hierarchy of Cas, or any type of formal trust certificates, but relies on a
“web of trust” in its key management approach. Each user generates and distributes his or her
public key, and users sign each other’s public keys, which creates a community of users who
trust each other. This is different than the CA approach where no one trusts each other, they only
trust the CA.
QUESTION 784:
Which of the following offers confidentiality to an e-mail message?
A. The sender encrypting it with it’s private key
B. The sender encrypting it with it’s public key
C. The sender encrypting it with it’s receiver’s public key
D. The sender encrypting it with the receiver’s private key
Answer: C
QUESTION 785:
Which of the following items should not be retained in an E-mail directory?
A. drafts of documents
B. copies of documents
C. permanent records
D. temporary documents
Answer: C
QUESTION 786:
In a Secure Electronic Transaction (SET), how many certificates are required for a payment gateway to
support multiple acquires?
A. Two certificates for the gateway only.
B. Two certificates for the gateway and two for the acquirers.
C. Two certificates for each acquirer.
D. Two certificates for the gateway and two for each acquirer.
Answer: B
I think it may be D two for each acquirer. Which unless I read it wrong it means each person must have 2
certificates exchanged with the gateway.
“SET uses a des symmetric key system for encryption of the payment information and uses rsa for the
symmetric
key exchange and digital signatures. SET covers the end-to-end transaction from the cardholder to the financial
institution”. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 219-220
In the SET environment, there exists a hierarchy of Certificate Authorities. The SET protocol
specifies a method of entity authentication referred to as trust chaining. This method entails the
exchange of digital certificates and verification of the public keys by validating the digital
signatures of the issuing C
A. This trust chain method continues all the way up to the CA at the
top of the hierarchy, which is referred to as the SET Root C
A. The SET Root CAis owned and
maintained by SET Secure Electronic Transaction LLC. http://setco.org/certificates.html
QUESTION 787:
Which protocol makes use of an electronic wallet on a customer’s PC and sends encrypted
credit card information to merchant’s Web server, which digitally signs it and sends it on
to its processing bank?
A. SSH
B. S/MIME
C. SET
D. SSL
Answer: C
QUESTION 788:
Which of the following best describes the Secure Electronic Transaction (SET) protocol?
A. Originated by VISA and MasterCard as an Internet credit card protocol
B. Originated by VISA and MasterCard as an Internet credit card protocol using digital
signatures
C. Originated by VISA and MasterCard as an Internet credit card protocol using the transport
layer
D. Originated by VISA and MasterCard as an Internet credit card protocol using SSL
Answer: B
QUESTION 789:
Which of the following would best define the “Wap Gap” security issue?
A. The processing capability gap between wireless devices and PC’s
B. The fact that WTLS transmissions have to be decrypted at the carrier’s WAP gateway to be
re-encrypted with SSL for use over wired networks.
C. The fact that Wireless communications are far easier to intercept than wired communications
D. The inability of wireless devices to implement strong encryption
Answer: B
QUESTION 790:
What encryption algorithm is best suited for communication with handheld wireless
devices?
A. ECC
B. RSA
C. SHA
D. RC4
Answer: A
“Eliptic curves are rich mathematical structures that have shown usefulness in many different
types of applications. An Elliptic Curve Cryptosystem (ECC) provides much of the same
functionality that RSA provides: digital signatures, secure key distribution, and encryption. One
differing factor is ECC’s efficiency. Some devices have limited processing capacity, storage,
power supply, and bandwidth like wireless devices and cellular telephones. With these types of
devices, efficiency of resource use is very important. ECC provides encryption functionality
requiring a smaller percentage of resources required by RSA and other algorithms, so it is used
in these types of devices. In most cases, the longer the key length, the protection provided, but
ECC can provide the same level of protection with a key size that is smaller than what RSA
requires. Because longer keys require more resources to perform mathematical tasks, the smaller
keys used in ECC require fewer resources of the device.” Pg. 491 Shon Harris: All-In-One
CISSP Certification Guide.
QUESTION 791:
Which security measure BEST provides non-repudiation in electronic mail?
A. Digital signature
B. Double length Key Encrypting Key (KEK)
C. Message authentication
D. Triple Data Encryption Standard (DES)
Answer: A
A tool used to provide the authentication of the sender of a message. It can verify the origin of
the message along with the identity of the sender. IT is unique for every transaction and created
with a private key. – Shon Harris All-in-one CISSP Certification Guide pg 930
“Secure Multipurpose Internet Mail Extensions (S/MIME) offers authentication and privacy to
e-mail through secured attachments. Authentication is provided through X.509 digital
certificates. Privacy is provided through the use of Public Key Cryptography Standard (PKCS)
Enryption. Two types of messages can be formed using S/MIME: signed messages and
enveloped messages. A signed message provides integrity and sender authentication. An
enveloped message provides ntegrity, sender authentication, and confidentiality.” Pg 123 Tittle:
CISSP Study Guide
QUESTION 792:
Which of the following services is not provided by the digital signature standard (DSS)?
A. Encryption
B. Integrity
C. Digital signature
D. Authentication
Answer: A
QUESTION 793:
Public key cryptography provides integrity verification through the use of public key
signature and?
A. Secure hashes
B. Zero knowledge
C. Private key signature
D. Session key
Answer: C
Pg 213 Krutz Gold Edition
QUESTION 794:
Electronic signatures can prevent messages from being:
A. Erased
B. Disclosed
C. Repudiated
D. Forwarded
Answer: C
QUESTION 795:
Why do vendors publish MD5 hash values when they provide software patches for their
customers to download from the Internet?
A. Recipients can verify the software’s integrity after downloading.
B. Recipients can confirm the authenticity of the site from which they are downloading the
patch.
C. Recipients can request future updates to the software by using the assigned hash value.
D. Recipients need the hash value to successfully activate the new software.
Answer: A
If the two values are different, Maureen knows that the message was altered, either intentionally
or unintentionally, and she discards the message…As stated in an earlier section, the goal of
using a one-way hash function is to provide a fingerprint of the message. MD5 is the newer
version of MD4. IT still produces a 128-bit hash, but the algorithm is a bit more complex to
make it harder to break than MD4. The MD5 added a fourth round of operations to be performed
during the hash functions and makes several of its mathematical operations carry steps or more
complexity to provide a higher level of security . – Shon Harris All-in-one CISSP Certification
Guide pg 182-185
QUESTION 796:
What attribute is included in a X.509-certificate?
A. Distinguished name of subject
B. Telephone number of the department
C. secret key of the issuing CA
D. the key pair of the certificate holder
Answer: A
The key word is ‘In create the certificate..” Certificates that conform to X.509 contain the
following data: Version of X.509 to which the certificate conforms; Serial number (from
the certificate creator);Signature algorithm identifier (specifies the technique used by the
certificate authority to digitally sign the contents of the certificate); Issuer name
(identification of the certificate authority that issues the certificate) Validity period
(specifies the dates and times – a starting date and time and an ending date and time –
during which the certificate is valid); Subject’s name (contains the distinguished name, or
DN, of the entity that owns the public key contained in the certificate); Subject’s
key (the meat of the certificate – the actual public key of the certificate owner used to
setup secure communications) pg 343-344 CISSP Study Guide byTittel
QUESTION 797:
What is used to bind a document to it’s creation at a particular time?
A. Network Time Protocol (NTP)
B. Digital Signature
C. Digital Timestamp
D. Certification Authority (CA)
Answer: C
QUESTION 798:
What attribute is included in a X-509-certificate?
A. Distinguished name of the subject
B. Telephone number of the department
C. Secret key of the issuing CA
D. The key pair of the certificate holder
Answer: A
“Certificates that conform to X.509 contain the following data:
Version of X.509 to which the certificate conforms
Serial number
Signature algorithm identifier
Issuer name
Validity period
Subject’s name (contains the distinguished name, or DN of the entity that owns the public key
contained in the certificate)
Subjects Public Key”
Pg. 297 Tittel: CISSP Study Guide
QUESTION 799:
Which of the following standards concerns digital certificates?
A. X.400
B. X.25
C. X.509
D. X.75
Answer: C
QUESTION 800:
What level of assurance for a digital certificate only requires an e-mail address?
A. Level 0
B. Level 1
C. Level 2
D. Level 3
Answer: B
QUESTION 801:
The “revocation request grace period” is defined as:
A. The period for to the user within he must make a revocation request upon a revocation reason
B. Minimum response time for performing a revocation by the CA
C. Maximum response time for performing a revocation by the CA
D. Time period between the arrival of a revocation reason and the publication of the revocation
information
Answer: C
QUESTION 802:
What enables users to validate each other’s certificate when they are certified under
different certification hierarchies?
A. Cross-certification
B. Multiple certificates
C. Redundant certificate authorities
D. Root certification authorities
Answer: A
QUESTION 803:
Digital signature users register their public keys with a certification authority, which
distributes a certificate containing the user’s public key and digital signature of the
certification authority. In creating the certificate, the user’s public key and the validity
period are combined with what other information before computing the digital signature?
A. Certificate issuer and the Digital Signature Algorithm identifier
B. User’s private key and the identifier of the master key code
C. Name of secure channel and the identifier of the protocol type
D. Key authorization and identifier of key distribution center
Answer: A
The key word is ‘In create the certificate..” Certificates Certificates that conform to X.509
contain the following data: Version of X.509 to which the certificate conforms; Serial number
(from the certificate cerator); Signature algorithm identifier (specifies the technique used by the
certified authority to digitally sign the contents of the certificate); Issuer name (identification
of the certificate authority that issues the certificate) Validity period (specifies the dates and
times – a starting date and time and an ending date and time – during which the certificate is
validated); Subject’s name (contains the distinguished name, or DN, of the entity that owns the
public key contained in teh certificate); Subject’s public key (the meat of the certificate – the
actual public key of the certificate owner used to setup secure communications) pg 343-344
CISSP Study Guide byTittel
QUESTION 804:
What level of assurance for digital certificate verifies a user’s name, address, social security
number, and other information against a credit bureau database?
A. Level 1
B. Level 2
C. Level 3
D. Level 4
Answer: B
QUESTION 805:
Which one of the following security technologies provides safeguards for authentication
before securely sending information to a web server?
A. Secure/Multipurpose Internet Mail Extension (S/MIME)
B. Common Gateway Interface (CGI) scripts
C. Applets
D. Certificates
Answer: D
Digital certificates provide communicating parties with the assurance that they are
communicating with people who truly are who they claim to be.” Titel: CISSP Study Guide. pg
343. In this case, if the web server was a bank, you want to have a certificate confirming that
they really are the bank before you authenticate with your username and password.
QUESTION 806:
The primary role of cross certification is:
A. Creating trust between different PKIs
B. Build an overall PKI hierarchy
C. set up direct trust to a second root CA
D. Prevent the nullification of user certifications by CA certificate revocation
Answer: A
QUESTION 807:
Windows 98 includes the ability to check the digitally signed hardware drivers. Which of
the following are true?
A. Drivers are the only files supplied with W98 that can checked for digital signatures and all
drivers included with W98 have been digitally signed
B. If a file on a windows W98 has been digitally signed it means that the file has passed quality
testing by Microsoft.
C. The level to which signature checking is implemented could only be changed by editing the
registry
D. All of the statements are true
Answer: B
Windows device drivers and operating system files have been digitally signed by Microsoft to
ensure their quality. A Microsoft digital signature is your assurance that a particular file has met
a certain level of testing, and that the file has not been altered or overwritten by another
program’s installation process.
Depending on how your administrator has configured your computer, Windows either ignores
device drivers that are not digitally signed, displays a warning when it detects device drivers that
are not digitally signed (the default behavior), or prevents you from installing device drivers
without digital signatures.
Windows includes the following features to ensure that your device drivers and system files
remain in their original, digitally-signed state:
Window Files Protection
System File Checker
File Signature Verification
Windows XP help.
Not A: operating system files are included.
Not C: the setting can be changed in the GUI.
QUESTION 808:
What is the purpose of certification path validation?
A. Checks the legitimacy of the certificates in the certification path.
B. Checks that all certificates in the certification path refer to same certification practice statement.
C. Checks that no revoked certificates exist outside the certification path.
D. Checks that the names in the certification path are the same.
Answer: A
Not C. Revoked certificates are not checked outside the certification path.
“A Transaction with Digital Certificates
1.) Subscribing entity sends Digital Certificate Application to Certificate Authority.
2.) Certificate Authority issues Signed Digital Certificate to Subscribing Entity.
3.) Certificate Authority sends Certificate Transaction to Repository.
4.) Subscribing Entity Signs and sends to Party Transacting with Subscriber.
5.) Party Transacting with Subscriber queries Repository to verify Subscribers Public Key.
6.) Repository responds to Party Transacting with Subscriber the verification request.”
Pg. 214 Krutz: The CISSP Prep Guide: Gold Edition.
“John needs to obtain a digital certificate for himself so that he can participate in a PKI, so he
makes a request to the R
A. The RA requests certain identification from John, like a copy of his
driver’s licens, his phone number, address, and other identification information. Once the RA
receives the required informoration from John and verifies it, the RA sends his certificate request
to the C
A. The CA creates a certificate with John’s public key and identify information
embedded. (The private/public key pair is either generated by the CA or on John’s machine,
which depends on the systems’ configurations. If it is created at the CA, his private key needs to
be sent to him by secure means. In most cases the user generates this pair and sends in his public
key during the registration process.) Now John is registered and can participate in PKI. John
decides he wants to communicate with Diane, so he requests Diane’s public key from a public
directory. The directory, sometimes called a repository, sends Diane’s public key, and John uses
this to encrypt a session key that will be used to encrypt their messages. John sends the
encrypted session key to Diane. Jon then sends his certificate, containing his public key, to
Diane. When Diane receives John’s certificate, her browser looks to see if it trusts the CA that
digitally signed this certificate. Diane’s browser trusts this CA, and she makes a reques to the CA
to see if this certificate is still valid. The CA responds that the certificate is valid, so Diane
decrypts the session key with her private key. Now they can both communicate using
encryption.” Pg 499 Shon Harris: All-In-One CISSP Certification Guide.
QUESTION 809:
In what type of attack does an attacker try, from several encrypted messages, to figure out
the key using the encryption process?
A. Known-plaintext attack
B. Ciphertext-only attack
C. Chosen-Ciphertext attack
D. Known Ciphertext attack
Answer: B
“Ciphertext-Only Attack
In this type of attack, the attacker has the ciphertext of several messages. Each of the messages
has been encrypted using the same encryption algorithm. The attacker’s goal is to discover the
key that was used in the encryption process. Once the attacker figures out the key, she can
decrypt all other messages encrypted with the same key.
A ciphertext-only attack is the most common because it is very easy to get ciphertext by sniffing
someone’s traffic, but it is the hardest attack to actually be successful at because the attacker has
so little information about the encryption process.” Pg 531 Shon Harris CISSP All-In-One Exam
Guide
QUESTION 810:
When combined with unique session values, message authentication can protect against which of the
following?
A. Reverse engineering, frequency analysis, factoring attacks, and ciphertext-only attack.
B. Masquerading, frequency analysis, sequence manipulation, and ciphertext-only attack.
C. Reverse engineering, content modification, factoring attacks, and submission notification.
D. Masquerading, content modification, sequence manipulation, and submission notification.
Answer: C
Unique session values: “IPSec: ….Each device will have one security association (SA) for each
session that it uses. The SA is critical to the IPSec architecture and is a record of the
configuration the device needs to support an IPSec connection. Pg 575 Shon Harris All-In-One
CISSP Certification Exam Guide.
Message authentication and content modification: “Hashed Message Authentication Code
(HMAC): An HMAC is a hashed alogrithim that uses a key to generate a Message
Authentication Code (MAC). A MAC is a type of check sum that is a function of the information
in the message. The MAC is generated before the message is sent, appended to the message, and
then both are transmitted. At the receiving end, a MAC is generated from the message alone
using the same algorithm as used by the sender and this MAC is compared to the MAC sent with
the message. If they are not identical, the message was modified en route. Hashing algorithms
can be used to generate the MAC and hash algorithms using keys provide stronger protection
than ordinary MAC generation.
Frequency analysis: Message authentication and session values do not protect against Frequency
Analysis so A and B are eliminated.
“Simple substitution and transposition ciphers are vulnerable to attacks that perform frequency
analysis. In every language, there are words and patters that are used more often than others. For
instance, in the English language, the words “the.’ “and,” “that,” and “is” are very frequent patters
of letters used in messages and conversation. The beginning of messages usually starts “Hello”
or “Dear” and ends with “Sincerely” or “Goodbye.” These patterns help attackers figure out the
transformation between plaintext to ciphertext, which enables them to figure out the key that was
used to perform the transformation. It is important for cryptosystems to no reveal these patterns.”
Pg. 507 Shon Harris All-In-One CISSP Certification Exam Guide
Ciphertext-Only Attack: Message authentication and session values do not protect against
Ciphertext so A and B are again eliminated.
“Ciphertext-Only Attack: In this type of an attack, an attacker has the ciphertext of several
messages. Each of the messages has been encrypted using the same encryption algorithm. The
attacker’s goal is to discover the plaintext of the messages by figuring out the key used in the
encryption process. Once the attacker figures out the key, she can now decrypt all other
messages encrypted with the same key.” Pg 577 Shon Harris All-In-One CISSP Certification
Exam Guide.
Birthday attack: “….refer to an attack against the hash function known as the birthday attack.” Pg
162 Krutz: The CISSP Prep Guide. MAC utilizes a hashing function and is therefore susceptible
to birthday attack.
Masguerading Attacks: Session values (IPSec) does protect against session hijacking but not
spoofing so C is eliminated.
“Masguerading Attacks: ….we’ll look at two common masquerading attacks – IP Spoofing and
session hijacking.” Pg 275 Tittel: CISSP Study Guide.
Session hijacking: “If session hijacking is a concern on a network, the administrator can
implement a protocol that requires mutual authentication between users like IPSec. Because the
attacker will not have the necessary credentials to authenticate to a user, she cannot act as an
imposter and hijack sessions.” Pg 834 Shon Harris All-In-One CISSP Certification Exam Guide
Reverse engineering: Message authentication protects against reverse engineering.
Reverse engineering: “The hash function is considered one-way because the original file cannot
be created from the message digest.” Pg. 160 Krutz: The CISSP Prep Guide
Content modification: Message authentication protects against content modification.
Factoring attacks: Message authentication protects against factoring attacks.
QUESTION 811:
The relative security of a commercial cryptographic system can be measured by the?
A. Rating value assigned by the government agencies that use the system.
B. Minimum number of cryptographic iterations required by the system.
C. Size of the key space and the available computational power.
D. Key change methodology used by the cryptographic system.
Answer: C
The strength of the encryption method comes from the algorithm, secrecy of the key, length of
the key, initialization vectors, and how they all work together. – Shon Harris All-in-one CISSP
Certification Guide pg 504
QUESTION 812:
Which one of the following describes Kerchoff’s Assumption for cryptoanalytic attack?
A. Key is secret; algorithm is Known
B. Key is known; algorithm is Known
C. Key is secret; algorithm is secret
D. Key is known; algorithm is secret
Answer: A
Kerhkoff’s laws were intended to formalize the real situation of ciphers in the field. Basically,
the more we use any particular cipher system, the more likely it is that it will “escape” into
enemy hands. So we start out assuming that our opponents know “all the details” of the cipher
system, except the key. http://www.ciphersbyritter.com/NEWS4/LIMCRYPT.HTM
QUESTION 813:
Which of the following actions can make a cryptographic key more resistant to an
exhaustive attack?
A. None of the choices.
B. Increase the length of a key.
C. Increase the age of a key.
D. Increase the history of a key.
Answer: B
Explanation:
Defenses against exhaustive attacks involve increasing the cost of the attack by
increasing the number of possibilities to be exhausted. For example, increasing the
length of a password will increase the cost of an exhaustive attack. Increasing the
effective length of a cryptographic key variable will make it more resistant to an
exhaustive attack.
QUESTION 814:
Which type of attack is based on the probability of two different messages using the same
hash function producing a common message digest?
A. Differential cryptanalysis
B. Differential linear cryptanalysis
C. Birthday attack
D. Statistical attack
Answer: C
Attacks Against One-Way Hash Functions: A good hashing algorithm should not produce the
same hash value for two different messages. If the algorithm does produce the same value for
two distinctly different messages, this is referred to as a collision. If an attacker finds an instance
of a collision, he has more information to use when trying to break the cryptographic methods
used. A complex way of attacking a one-way hash function is called the birthday attack. Now
hold on to your had while we go through this — it is a bit tricky. In standard statistics, a birthday
paradox exists. It goes something like this:
How many people must be in the same room for the chance to be greater than even that another
person has the same birthday as you?
Answer: 253
How many people must be in the same room for the chance to be greater than even that at least
two people share the same birthday?
Answer: 23
This seems a bit backwards, but the difference is that in the first instance, you are looking for
someone with a specific birthday date, which matches yours. In the second instance, you are
looking for any two people who share the same birthday. There is a higher probability of finding
two people who share a birthday than you finding another person sharing your birthday — thus,
the birthday paradox.
….This means that if an attacker has one hash value and wants to find a message that hashes to
the same hash value, this process could take him years. However, if he just wants to find any two
messages with the same hashing value, it could take him only a couple hours. …..The main point
of this paradox and this section is to show how important longer hashing values truly are. A
hashing algorithm that has a larger bit output is stronger and less vulnerable to brute force
attacks like a birthday attack.
Pg 554-555 Shon Harris: All-In-One Certification Exam Guide
QUESTION 815:
Frame-relay uses a public switched network to provide:
A. Local Area Network (LAN) connectivity
B. Metropolitan Area Network (MAN) connectivity
C. Wide Area Network (WAN) connectivity
D. World Area Network (WAN) connectivity
Answer: C
QUESTION 816:
Which of the following technologies has been developed to support TCP/IP networking
over low-speed serial interfaces?
A. ISDN
B. SLIP
C. xDSL
D. T1
Answer: B
QUESTION 817:
Which of the following provide network redundancy in a local network environment?
A. Mirroring
B. Shadowing
C. Dual backbones
D. Duplexing
Answer: C
QUESTION 818:
Which of the following is a Wide Area Network that was originally funded by the
Department of Defense, which uses TCP/IP for data interchange?
A. the Internet
B. the Intranet
C. the Extranet
D. The Ethernet
Answer: A
QUESTION 819:
Internet specifically refers to the global network of:
A. public networks and Internet Service Providers (ISPs) throughout the world
B. private networks and Internet Services Providers (ISPs) through the world
C. limited networks and Internet Service Providers (ISPs) throughout the world
D. point networks and Internet Service Providers (ISPs) throughout the world
Answer: A
QUESTION 820:
To improve the integrity of asynchronous communications in the realm of personal computers,
the Microcom Networking Protocol (MNP) uses a highly effective communications error-control
technique known as
A. Cyclic redundancy check.
B. Vertical redundancy check.
C. Checksum.
D. Echoplex.
Answer: D
QUESTION 821:
Organizations should consider which of the following first before connecting their LANs to
the Internet?
A. plan for implementing W/S locking mechanisms
B. plan for protecting the modem pool
C. plan for providing the user with his account usage information
D. plan for considering all authentication options
Answer: D
QUESTION 822:
Which xDSL flavour delivers both downstream and upstream speeds of 1.544 MBps over
two copper twisted pairs?
A. HDSL
B. SDSL
C. ADSL
D. VDSL
Answer: A
QUESTION 823:
Which of the following statements pertaining to Asynchronous Transfer Mode (ATM) is
false?
A. It can be used for voice
B. It can be used for data
C. It carries various sizes of packets
D. It can be used for video
Answer: C
“Asynchronous transfer mode (ATM) is a cell-switching technology, as opposed to a
packet-switching technology like Frame Relay. ATM uses virtual circuits much like Frame
Relay, but because it uses fixed-size frames or cells, it can guarantee throughput. This makes
ATM an excellent WAN technology for voice and video conferencing.” Pg 87 Tittel: CISSP
Study Guide
QUESTION 824:
Satellite communications are easily intercepted because__
A. transmissions are continuous 24 hours per day.
B. a satellite footprint is narrowly focused.
C. a satellite footprint is very large.
D. a satellite footprint does not change.
Answer: C
I think it may have to do with the footprint of the satellite.
Footprint – The area of Earth with sufficient antenna gain to receive a signal from a satellite. –
http://www.aero.org/publications/crosslink/winter2002/backpage.html
Not A: Granted Satellites transmit but they may not do it 24×7 as it could be only when traffic is
sent.
QUESTION 825:
Which one of the following protocols CANNOT be used for full duplex Wide Area Network (WAN)
communications?
A. Synchronous Data Link Control (SDLC)
B. Serial Line Internet Protocol (SLIP)
C. Point-to-Point Protocol (PPP)
D. High-Level Data Link Control (HDLC)
Answer: A
“SDLC was developed to enable mainframes to communicate with remote locations.” Pg 456
Shon Harris CISSP Certification Exam Guide. This is a WAN protocol.
Not B
“Serial Line Internet Protocol (SLIP) is an older technology developed to support TCP/IP
communications over asynchronous serial connections, such as serial cables or modem dial-up.”
Pg 96. Tittel: CISSP Study Guide. SLIP is serial protocol opposed to WAN protocol. This could
be correct answer but SDLC is more correct.
Not C.
“PPP is a full-duplex protocol that provides bi-directional links over synchronous, asynchronous,
ISDN, frame relay and SONET connections.” Pg. 472 Shon Harris CISSP All-In-One
Certification Exam Guide. PPP is full-duplex.
Not D.
“HDLC is an extension of SDLC, which is mainly used in SNA environments. HDLC provides
high throughput because it supports full-duplex transmissions and is used in point-to-point and
multipoint connections.” Pg 456 Shon Harris CISSP All-In-One Certification Exam Guide. PPP
is full-duplex.
QUESTION 826:
Fast ethernet operates at which of the following?
A. 10 MBps
B. 100 MBps
C. 1000 MBps
D. All of the above
Answer: B
“Fast Ethernet 100bps – IEE 802.3u” pg 810 Shon Harris CISSP All-In-One Exam Guide
QUESTION 827:
Which of the following statements about the “Intranet” is NOT true?
A. It is an add-on to a local area network.
B. It is unrestricted and publicly available.
C. It is usually restricted to a community of users
D. t can work with MANS or WANS
Answer: B
Explanation:
“An intranet is a ‘private’ network that uses Internet technologies, such as TCP/IP. The company
has Web servers and client machines using Web browsers, and it uses the TCP/IP protocol suite.
The Web pages are written in Hypertext Markup Language (HTML) or Extensible Markup
Language (XML) and are accessed via HTTP.” Pg 395 Shon Harris: All-In-One CISSP
Certification Guide.
QUESTION 828:
Frame relay and X.25 networks are part of which of the following?
A. Circuit-switched services
B. Cell-switched services
C. Packet-switched services
D. Dedicated digital services
Answer: C
Packet-Switched Technologies:
X.25
Link Access Procedure-Balanced (LAPB)
Frame Relay
Switched Multimegabit Data Service (SMDS)
Asynchronous Transfer Mode (ATM)
Voice over IP (VoIP)
QUESTION 829:
A Wide Area Network (WAN) may be privately operated for a specific user community,
may support multiple communication protocols, or may provide network connectivity and
services via:
A. interconnected network segments (extranets, intranets, and Virtual Private Networks)
B. interconnected network segments (extranets, internets, and Virtual Private Networks)
C. interconnected netBIOS segments (extranets, intranets, and Virtual Private Networks)
D. interconnected NetBIOS segments (extranets, interest, and Virtual Private Networks)
Answer: A
QUESTION 830:
What is the proper term to refer to a single unit of Ethernet data?
A. Ethernet segment
B. Ethernet datagram
C. Ethernet frame
D. Ethernet packet
Answer: C
When the Ethernet software receives a datagram from the Internet layer, it performs the
following steps: 1.) Breaks IP layer data into smaller chunks if necessary which will be in the
data field of ethernet frames. Pg. 40 Sams Teach Yourself TCP/IP in 24 hrs.
QUESTION 831:
Which of the following is a LAN transmission protocol?
A. Ethernet
B. Ring Topology
C. Unicast
D. Polling
Answer: C
Reference: “LAN Transmission Methods. LAN data is transmitted from the sender to one or
more receiving stations using either a unicast, multicast, or broadcast transmission.” pg 528
Hansche: Official (ISC)2 Guide to the CISSP Exam
QUESTION 832:
Which of the following access methods is used by Ethernet?
A. CSMA/CD
B. CSU/DSU
C. TCP/IP
D. FIFO
Answer: A
“Under the Ethernet CSMA/CD media-access process, any computer on a CSMA/CD LAN can
access the network at any time.” Pg. 103 Krutz: The CISSP Prep Guide.
QUESTION 833:
Which one of the following data transmission technologies is NOT packet-switch based?
A. X.25
B. ATM (Asynchronous Transfer Mode)
C. CSMA/CD (Carrier Sense Multiple Access/Collision Detection)
D. Frame Relay
Answer: C
“Examples of packet-switching networks are X.25, Link Access Procedure-Balanced (LAPB),
Frame Relay, Switched Multimegabit Data Systems (SMDS), Asynchronous Transfer Mode
(ATM), and Voice over IP (VoIP).” Pg 146 Krutz: CISSP Prep Guide: Gold Edition.
QUESTION 834:
Unshielded (UTP) does not require the fixed spacing between connections that is:
A. necessary with telephone-type connections
B. necessary with coaxial-type connections
C. necessary with twisted pair-type connections
D. necessary with fiber optic-type connections
Answer: B
QUESTION 835:
What type of cable is used with 100Base-TX Fast Ethernet?
A. Fiber-optic cable
B. Four pairs of Category 3, 4, or 5 unshielded twisted-pair (UTP) wires.
C. Two pairs of Category 5 unshielded twisted-pair (UTP) or Category 1 shielded twisted-pair
(STP) wires
D. RG-58 Cable
Answer: C
QUESTION 836:
Which cable technology refers to the CAT 3 and Cat5 Categories?
A. Coaxial cables
B. Fiber Optic cables
C. Axial cables
D. Twisted Pair cables
Answer: D
QUESTION 837:
On which Open System Interconnection (OSI) Reference Model layer are repeaters used as communications
transfer devices?
A. Data-link
B. Physical
C. Network
D. Transport
Answer: B
This original answer is wrong (network) repeater is physical layer. Repeaters just regenerates the
signal
“Hubs are multi port repeaters, and as such they obey the same rules as repeaters (See previous
section OSI Operating Layer). They operate at the OSI Model Physical Layer.”
http://www.thelinuxreview.com/howto/intro_to_networking/c5434.htm
QUESTION 838:
In the OSI/ISO model, at what layer are some of the SLIP, CSLIP, PPP, control functions
are provided?
A. Link
B. Transport
C. Presentation
D. Application
Answer: A
QUESTION 839:
In the OSI/ISO model, at what level are TCP and UDP provided?
A. Transport
B. Network
C. Presentation
D. Application
Answer: A
Transport Layer. …. TCP and UDP operate on this layer.’ Pg 82. Krutz: The CISSP Prep Guide.
QUESTION 840:
DNS, FTP, TFTP, SNMP are provided at what level of the OSI/ISO model?
A. Application
B. Network
C. Presentation
D. Transport
Answer: A
QUESTION 841:
Which of the following OSI layers does not provide confidentiality?
A. Presentation
B. Network
C. Transport
D. Session
Answer: C
Reference: “[Network Layer] The routing protocols are located at this layer and include the
following: …..Internet Protocol Security (IPSec)”. “The following protocols operate within the
Session layer: Secure Sockets Layer (SSL)”. “The Presentation layer is also responsible for
encryption and compression.” Pg 61-62 Tittel: CISSP Study Guide
QUESTION 842:
Which of the following OSI layers provides routing and related services?
A. Network
B. Presentation
C. Session
C. Physical
Answer: A
QUESTION 843:
The International Standards Organization/Open Systems Interconnection (ISO/OSI)
Layers does NOT have which of the following characteristics?
A. Standard model for network communications
B. Used to gain information from network devices such as count of packets received and routing
tables
C. Allows dissimilar networks to communicate
D. Defines 7 protocol layers (a.k.a. protocol stacks)
Answer: B
Not A.
“The Open System Interconnect (OSI) is a worldwide federation that works to provide
international standards. ”
Not C.
“A protocol is a standard set of rules that determine how systems will communicate across
networks. Two different systems can communicate and understand each other because they use
the same protocols in spite of their differences.”
Pg. 343-344 Shon Harris: CISSP All-In-One Certification Exam Guide
QUESTION 844:
Which of the following layers supervises the control rate of packet transfers in an Open Systems
Interconnections (OSI) implementation?
A. Physical
B. Session
C. Transport
D. Network
Answer: C
The transport layer defines how to address the physical locations and /or devices on the network, how to make
connections between nodes, and how to handle the networking of messages. It is responsible for maintaining the
end-to-end integrity and control of the session. Services located in the transport layer both segment and
reassemble
the data from upper-layer applications and unite it onto the same data stream, which provides end-to-end data
transport services and establishes a logical connection between the sending host and destination host on a
network.
The transport layer is also responsible for providing mechanisms for multiplexing upper-layer applications,
session
establishment, and the teardown of virtual circuits. -Ronald Krutz The CISSP PREP Guide (gold edition)
pg 275-276
“Transport Layer The agreement on these issues before transferring data helps provide more
reliable data transfer, error detection and correction, and flow control and it optimizes network
services needed to perform these tasks.” Pg. 318 – 319 Shon Harris: All-In-One CISSP
Certification Guide.
QUESTION 845:
Which Open Systems Interconnect (OSI) layers provide Transport Control Protocol/Internet Protocol (TCP/IP)
end-to-end security?
A. Application and presentation
B. Presentation and session
C. Network and application
D. Application and transport
Answer: B
“The Session layer (layer 5) is responsible for establishing, maintaining, and terminating
communication sessions between two computers. The primary technology within layer 5 is a
gateway. The following protocols operate within the Session layer:
Secure Sockets Layer (SSL)
Network File System (NFS)
Structured Query Language (SQL)
Remote Procedure Call (RPC)
The presentation layer (layer 6) is responsible for transforming data received from the
application layer into a format that any system following the OSI model can understand. It
imposes common or standardized structure and formatting rules onto the data. The Presentation
layer is also responsible for encryption and compression.” Pg. 79-80 Tittel: CISSP Study Guide.
QUESTION 846:
Which one of the following is a TRUE statement about the bottom three layers of the Open
Systems Interconnection (OSI) Reference Model?
A. They generally pertain to the characteristics of the communicating end systems.
B. They cover synchronization and error control of network data transmissions.
C. They support and manage file transfer and distribute process resources.
D. They support components necessary to transmit network messages.
Answer: D
By exclusion:
Not A.
“The Session layer (layer 5) is responsible for establish, maintaining, and terminating
communication sessions between two computers.” Pg 79 Tittel: CISSP Study Guide.
Not B.
“The Transport layer (layer 4) ….This layer includes mechanisms for segmentation, sequencing,
error checking, controlling the flow of data, error correction and network service optimization.”
Pg 79 Tittel: CISSP Study Guide.
Not C.
“The Application itself it is not located within this layer [Application]; rather the protocols and
services required to transmit files, exchange messages, connect to remote terminals, and so on
are here.” Pg. 80 Tittel: CISSP Study Guide.
QUESTION 847:
ICMP and IGMP belong to which layer of the OSI model?
A. Datagram
B. Network
C. Transport
D. Link
Answer: B
The Network layer (layer 3) is responsible for adding routing information to the data. The
Network layer accepts the segment from the Transport layer and adds information to it to create
a packet. The packet includes the source and destination IP addresses. T
The routing protocols are located at this layer and include the following:
Internet Control Message Protocol (ICMP)
Routing Information Protocol (RIP)
Open Shortest Path First (OSPF)
Border Gateway Protocol (BGP)
Internet Group Management Protocol (IGMP)
Internet Protocol (IP)
Internet Packet Exchange (IPX)
Pg. 78 Tittel: CISSP Study Guide
QUESTION 848:
The International Standards Organization / Open Systems Interconnection (ISO/OSI)
Layers 6 is which of the following?
A. Application Layer
B. Presentation Layer
C. Data Link Layer
D. Network Layer
Answer: B
“Presentation Layer (Layer 6).” Pg 81 Krutz The CISSP Prep Guide.
QUESTION 849:
Which OSI/ISO layer is IP implemented at?
A. Session layer
B. Transport layer
C. Network layer
D. Data link layer
Answer: C
QUESTION 850:
Which of the following security-focused protocols operates at a layer different from the
others?
A. Secure HTTP
B. Secure shell (SSH-2)
C. Secure socket layer (SSL)
D. Simple Key Management for Internet Protocols (SKIP)
Answer: A
QUESTION 851:
In the OSI/ISO model, at what layer are some of the SLIP, CSLIP, PPP control functions
are provided?
A. Link
B. Transport
C. Presentation
D. Application
Answer: A
QUESTION 852:
ICMP and IGMP belong to which layer of the OSI Model? (Fill in the blank)
Answer: Network
QUESTION 853:
The International Standards Organization / Open Systems Interconnection (ISO/OSI)
Layers 6 is which of the following? (Fill in the blank)
Answer: Presentation
QUESTION 854:
The International Standards Organization / Open Systems Interconnection (ISO/OSI)
Layers are in which of the following order (1 to 7). (Fill in the blank)
Answer:
Explanation:
Physical Layer, Data Link Layer, Network Layer, Transport Layer, Session Layer,
Presentation Layer, Application Layer
QUESTION 855:
Which of the following OSI layers provides non-repudiation services? (Fill in the blank)
Answer: Application
QUESTION 856:
The OSI model contains seven layers. TCP/IP is generally accepted as having how many
layers?
A. four
B. five
C. six
D. eight
Answer: A
The TCP/IP Protocol Model is similar to the OSI model, but it defines only the following four
layers instead of seven: Application Layer, Host-to-Host Transport Layer, Internet Layer,
Network Access or Link Layer.
Pg. 84 Krutz: The CISSP Prep Guide.
QUESTION 857:
Which of the following layers provides end-to-end service?
A. Network Layer
B. Link Layer
C. Transport Layer
D. Presentation Layer
Answer: C
Session services located in the Transport Layer both segment and reassemble the data from
upper-layer applications and unite it onto the same data stream, which provides end-to-end data
transport services and establishes a logical connection between the sending host and destination
host on a network.
Pg. 82 Krutz: The CISSP Prep Guide.
QUESTION 858:
Both TCP and UDP use port numbers of what length?
A. 32 bits
B. 16 bits
C. 8 bits
D. 4 bits
Answer: B
QUESTION 859:
Which one of the following is an effective communications error-control technique usually implemented in
software?
A. Redundancy check
B. Packet filtering
C. Packet checksum
D. Bit stuffing
Answer: C
QUESTION 860:
What is the proper term to refer to a single unit of IP data? (Fill in the blank)
Answer: Datagram
“When the Ethernet software receives a datagram from the Internet layer, it performs the
following steps: 1.) Breaks IP layer data into smaller chunks if necessary which will be in the
data field of ethernet frames.” Pg. 40 Sams Teach Yourself TCP/IP in 24 hrs.
QUESTION 861:
What is the proper term to refer to a single unit of TCP data at the transport layer?
A. TCP segment
B. TCP datagram
C. TCP frame
D. TCP packet
Answer: A
The data package created at the transport layer, which encapsulates the Application layer
message is called a segment if it comes from TCP/IP.” Pg. 27 Pg. 55 Casad: Sams Teach
Yourself TCP/IP in 24 hrs.
QUESTION 862:
Each data packet is assigned the IP address of the sender and the IP address of the:
A. recipient
B. host
C. node
D. network
Answer: A
QUESTION 863:
Both TCP and UDP use port numbers of what length?
A. 32 bits
B. 16 bits
C. 8 bits
D. 4 bits
Answer: B
2 to 16th power = 65,536
“TCP and UDP each have 65,536 ports”. Pg 75 Tittel: CISSP Study Guide
QUESTION 864:
Which of the following type of packets can *easily* be denied with a stateful packet filter?
A. ICMP
B. TCP
C. UDP
D. IP
Answer: B
QUESTION 865:
Which ports are the “Register ports”, registered by the IANA?
A. Ports 128 to 255
B. Ports 1024 to 49151
C. Ports 1023 to 65535
D. Ports 1024 to 32767
Answer: B
“The User (Registered) Ports are those from 1024 through 49151.”
http://www.iana.org/numbers.htm#P
QUESTION 866:
What protocol was UDP based and mainly intended to provide validation of dial up user login
passwords?
A. PPTP
B. L2TP
C. IPSec
D. TACACS
Answer: D
Explanation:
The original TACACS protocol was developed by BBN for MILNET. It was UDP based and
mainly intended to provide validation of dial up user login passwords. The TACACS
protocol was formally specified, but the spec is not generally available.
QUESTION 867:
On which port is POP3 usually run?
A. 110
B. 109
C. 139
D. 119
Answer: A
QUESTION 868:
The primary function of this protocol is to send messages between network devices
regarding the health of the network:
A. Internet Control Message Protocol (ICMP)
B. Reverse Address Resolution Protocol (RARP)
C. Address Resolution Protocol (AR)
D. Internet Protocol (IP)
Answer: A
QUESTION 869:
Telnet and rlogin use which protocol?
A. UDP
B. SNMP
C. TCP
D. IGP
Answer: C
QUESTION 870:
The IP header contains a protocol field. If this file contains the value of 2, what type of data
is contained within the IP datagram?
A. TCP
B. ICMP
C. UDP
D. IGMP
Answer: D
QUESTION 871:
The IP header contains a protocol field. If this field contains the value of 17, what type of
data is contained within the ip datagram?
A. TCP
B. ICMP
C. UDP
D. IGMP
Answer: C
ICMP = 1
TCP = 6
UDP = 17
Pg. 55 Casad: Sams Teach Yourself TCP/IP in 24 hrs.
QUESTION 872:
Why do some sites choose not to implement Trivial File Transfer Protocol (TFTP)?
A. list restrictions
B. inherent security risks
C. user authentication requirement
D. directory restriction
Answer: B
QUESTION 873:
The IP header contains a protocol field. If this field contains the value of 6, what type of
data is contained within the ip datagram?
A. TCP
B. ICMP
C. UDP
D. IGMP
Answer: A
ICMP = 1
TCP = 6
UDP = 17
Pg. 55 Casad: Sams Teach Yourself TCP/IP in 24 hrs.
QUESTION 874:
Which of the following is not a basic security service defined by the OSI?
A. Routing control
B. Authentication
C. Data Confidentiality
D. Logging and monitoring
Answer: A
QUESTION 875:
Which of the following is not an OSI architecture-defined broad category of security
standards?
A. Security techniques standards
B. Layer security protocol standards
C. Application-specific security
D. Firewall security standards
Answer: D
QUESTION 876:
Which one of the following is the Open Systems Interconnection (OSI) protocol for
message handling?
A. X.25
B. X.400
C. X.500
D. X.509
Answer: B
An ISO and ITU standard for addressing and transporting e-mail messages. It conforms to layer
7 of the OSI model and supports several types of transport mechanisms, including Ethernet,
X.25, TCP/IP, and dial-up lines. – http://www.webopedia.com/TERM/X/X_400.html
QUESTION 877:
The IP header contains a protocol field. If this field contains the value of 1, what type of
data is contained within the IP datagram?
A. TCP
B. ICMP
C. UDP
D. IGMP
Answer: B
ICMP = 1
TCP = 6
UDP = 17
Pg. 55 Casad: Sams Teach Yourself TCP/IP in 24 hrs.
QUESTION 878:
Which of the following is true?
A. TCP is connection-oriented. UDP is not
B. UDP provides for Error Correction. TCP does not.
C. UDP is useful for longer messages
D. UDP guarantees delivers of data. TCP does not guarantee delivery of data.
Answer: A
QUESTION 879:
What works as an E-mail message transfer agent?
A. SMTP
B. SNMP
C. S-RPC
D. S/MIME
Answer: A
QUESTION 880:
A common way to create fault tolerance with leased lines is to group several T-1’s together
with an inverse multiplexer placed:
A. at one end of the connection
B. at both ends of the connection
C. somewhere between both end points
D. in the middle of the connection
Answer: B
QUESTION 881:
Several methods provide telecommunications continuity, which of the following is a method
of routing traffic through split cable or duplicate cable facilities?
A. diverse routing
B. alternative routing
C. last mile circuit protection
D. long haul network diversity
Answer: A
QUESTION 882:
Which of the following is the primary security feature of a proxy server?
A. Client hiding
B. URL blocking
C. Route blocking
D. Content filtering
Answer: A
QUESTION 883:
Which of the following Common Data Network Services is used to send and receive email
internally or externally through an email gateway device?
A. File services
B. Mail services
C. Print Services
D. Client/Server services
Answer: B
QUESTION 884:
Which one of the following is a technical solution for the quality of service, speed, and security problems
facing the Internet?
A. Random Early Detection (RED) queuing
B. Multi-protocol label-switching (MPLS)
C. Public Key Cryptography Standard (PKCS)
D. Resource Reservation Protocol (RSVP)
Answer: B
The original answer to this question was RED however I think this is incorrect because of this reason. Both Red
and
MPLS deal with qos/cos issues, there by increasing speed. Mpls more so the RED. However I have not been
able to
find any documents that state RED is a security implementation while MPLS is heavy used in the ISP VPN
market.
See this link for MPLS security http://www.nwfusion.com/research/2001/0521feat2.html
Below are the link that are formation of the ration for this answer of B (MPLS)
Congestion avoidance algorithm in which a small percentage of packets are dropped when
congestion is detected and before the queue in question overflows completely
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/r12.htm
Multiprotocol Label Switching. Switching method that forwards IP traffic using a label. This
label instructs the routers and the switches in the network where to forward the packets based on
preestablished IP routing information
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/m12.htm
Resource Reservation Protocol. Protocol that supports the reservation of resources across an IP
network. Applications running on IP end systems can use RSVP to indicate to other nodes the
nature (bandwidth, jitter, maximum burst, and so on) of the packet streams they want to receive.
RSVP depends on IPv6. Also known as Resource Reservation Setup Protocol.
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/r12.htm
Random Early Detection (RED) is the recommended approach for queue congestion
management in routers (Braden et al., 1998). Although in its basic form RED can be
implemented in a relatively short C program, as the speed of ports and the number of queues per
port increase, the implementation moves more and more into hardware. Different vendors choose
different ways to implement and support RED in their silicon implementations. The degree of
programmability, the number of queues, the granularity among queues, and the calculation
methods of the RED parameters all vary from implementation to implementation. Some of these
differences are irrelevant to the behavior of the algorithm-and hence to the resulting network
behavior. Some of the differences, however, may result in a very different behavior of the RED
algorithm-and hence of the network efficiency.
http://www.cisco.com/en/US/products/hw/routers/ps167/products_white_paper09186a0080091fe4.shtml
Based on label swapping, a single forwarding mechanism provides opportunities for new control
paradigms and applications. MPLS Label Forwarding is performed with a label lookup for an
incoming label, which is then swapped with the outgoing label and finally sent to the next hop.
Labels are imposed on the packets only once at the edge of the MPLS network and removed at
the other end. These labels are assigned to packets based on groupings or forwarding
equivalence classes (FECs). Packets belonging to the same FEC get similar treatment. The label
is added between the Layer 2 and the Layer 3 header (in a packet environment) or in the virtual
path identifier/virtual channel identifier (VPI/VCI) field (in ATM networks). The core network
merely reads labels, applies appropriate services, and forwards packets based on the labels. This
MPLS lookup and forwarding scheme offers the ability to explicitly control routing based on
destination and source addresses, allowing easier introduction of new IP services.
http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/xlsw_ds.htm
QUESTION 885:
How do you distinguish between a bridge and a router?

A. The router connects two networks at the data-link layer, while bridge connects two networks
at the network layer
B. The bridge connects two networks at the data-link layer, while router connects two networks
at the network layer
C. It is not possible to distinguish them. They have the same funcationality.
Answer: B
QUESTION 886:
Why should you avoid having two routers connect your trusted internal LAN to your
demilitarized zone?
A. Network congestion might cause the routers to pass data from your private network through
the demilitarized zone
B. This provides attackers with multiple paths to access your trusted network
C. There is a substantial increase in cost with only a nominal increase in security
D. You may overlook an attack on one of your routers because your data still teaches the
outside world from your other router
Answer: C
QUESTION 887:
In the days before CIDR (Classless Internet Domain Routing), networks were commonly
organized by classes. Which of the following would have been true of a Class B network?
A. The first bit of the ip address would be set to zero
B. The first bit of the ip address would be set to one and the second bit set to zero
C. The first two bits of an ip address would be set to one, and the third bit set to zero
D. The first three bits of the ip address would be set to one
Answer: B
QUESTION 888:
Which of the following is an ip address that is private (i.e. reserved for internal networks,
and not a valid address to use on the internet)?
A. 172.5.42.5
B. 172.76.42.5
C. 172.90.42.5
D. 172.16.42.5
Answer: D
The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the
IP address space for private Internets – 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255,
and 192.168.0.0 to 192.168.255.255- that are known as “global non-routable addresses.”” Pg. 94
Krutz: The CISSP Prep Guide.
QUESTION 889:
Which of the following is an ip address that is private (i.e. reserved for internal networks,
and not a valid address to use on the internet)?
A. 10.0.42.5
B. 11.0.42.5
C. 12.0.42.5
D. 13.0.42.5
Answer: A
The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the
IP address space for private Internets – 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255,
and 192.168.0.0 to 192.168.255.255- that are known as “global non-routable addresses.”” Pg. 94
Krutz: The CISSP Prep Guide.
QUESTION 890:
Which of the following is an ip address that is private (i.e. reserved for internal networks,
and not a valid address to use on the internet)?
A. 172.12.42.5
B. 172.140.42.5
C. 172.31.42.5
D. 172.15.45.5
Answer: C
The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the
IP address space for private Internets – 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255,
and 192.168.0.0 to 192.168.255.255- that are known as “global non-routable addresses.”” Pg. 94
Krutz: The CISSP Prep Guide.
QUESTION 891:
In the days before CIDR (Classless Internet Domain Routing), networks were commonly
organized by classes. Which of the following would have been true of a Class C network?
A. The first bit of the ip address would be set to zero
B. The first bit of the ip address would be set to one and the second bit set to zero
C. The first two bits of the ip address would be set to one, and the third bit set to zero
D. The first three bits of the ip address would be set to one
Answer: C
Pg. 80 Sams Teach Yourself TCP/IP in 24 hrs.
QUESTION 892:
Which of the following is an ip address that is private (i.e. reserved for internal networks,
and not a valid address to use on the Internet)?
A. 192.168.42.5
B. 192.166.42.5
C. 192.175.42.5
D. 172.1.42.5
Answer: A
QUESTION 893:
How long are IPv4 addresses:
A. 32 bits long
B. 64 bits long
C. 128 bits long
D. 16 bits long
Answer: A
“Ipv4 user 32 bits for addresses, and Ipv6 user 128 bits; thus v6 provide more possible
addresses to work with.” Pg 331 Shon Harris: All-in-One CISSP Certification
QUESTION 894:
ARP and RARP map between which of the following?
A. DNS addresses and IP addresses
B. 32-bit hardware addresses and 48-bit IPv6 addresses
C. 32-bit hardware addresses and 48-bit IPv4 addresses
D. 32-bit addresses in IPv4 and 48-bit hardware addresses
Answer: D
An Ethernet address is a 48-bit address that is hard-wired into the NIC of the network node. ARP
matches up the 32-bit IP address with this hardware address, which is technically referred to as
the Media Access Control (MAC) address or the physical address. Pg. 87 Krutz: The CISSP Prep
Guide.
QUESTION 895:
Which protocol matches an Ethernet address to an Internet Protocol (IP) address?
A. Address Resolution Protocol (ARP)
B. Reverse Address Resolution Protocol (RARP)
C. Internet Control Message Protocol (ICMP)
D. User Datagram Protocol (UDP)
Answer: B
“As with ARP, Reverse Address Resolution Protocol (RARP) frames go to all systems on the
subnet, but only the RARP server responds. Once the RARP server receives this request, it looks
in its table to see which IP address matches the broadcast hardware address. The server then
sends a message back to the requesting computer that contains its IP address. The system now
has an IP address and can function on the network.” Pg 357 Shon Harris: All-in-One CISSP
Certification
QUESTION 896:
In a typical firewall configuration, what is the central host in organization’s network
security?
A. Stateful
B. Screen
C. Gateway
D. Bastion
Answer: D
Bastion Host: A system that has been hardened to resist attack at some critical point of entry, and
which is installed on a network in such a way that it is expected to come under attack. Bastion
hosts are often components of firewalls, or may be ‘outside” Web servers or public access
systems. Generally, a bastion host is running some form of general purpose operating system
(e.g., LNIX, VMS, WNT, etC.) rather than a ROM-based or firmware operating system.
http://www.securesynergy.com/library/articles/it_glossary/glossary_b.php
QUESTION 897:
Which one of the following describes a bastion host?
A. A physically shielded computer located in a data center or vault.
B. A computer which maintains important data about the network.
C. A computer which plays a critical role in a firewall configuration.
D. A computer used to monitor the vulnerability of a network.
Answer: C
A bastion host or screened host is just a firewall system logically positioned between a private
network and an untrusted network. – Ed Tittle CISSP Study Guide (sybex) pg 93
QUESTION 898:
Which of the following statements pertaining to firewalls is incorrect?
A. Firewalls should not run NIS (Network Information Systems)
B. Firewalls should mount files systems via NFS
C. All system logs on the firewall should log to a separate host
D. Compilers should be deleted from the firewall
Answer: B
QUESTION 899:
Which is the MAIN advantage of having an application gateway?
A. To perform change control procedures for applications.
B. To provide a means for applications to move into production.
C. To log and control incoming and outgoing traffic.
D. To audit and approve changes to applications.
Answer: C
“An application-level gateway firewall is also called a proxy firewall. A proxy is a mechanism
that copies packets from one network into another; the copy process also changes the sources and
destination address to protect the identity of the internal or private network. An application-level
gateway firewall filters traffic based on the Internet service (i.e., application) used to transmit or
receive the data.” – Shon Harris All-in-one CISSP Certification Guide pg 92
QUESTION 900:
Which process on a firewall makes permit/deny forwarding decisions based solely on
address and service port information?
A. Circuit Proxy
B. Stateful Packet Inspection Proxy
C. Application Proxy
D. Transparency Proxy
Answer: A
Circuit-level proxy creates a circuit between the client computer and the server. It does not
understand or care about the higher-level issues that an application-level proxy deals with. It
knows the source and destinations addresses and makes access decisions based on this
information…IT looks at the data within the packet header versus the data within the payload of
the packet. It does not know if the contents within the packet are actually safe or not. – Shon
Harris All-in-one CISSP Certification Guide pg 419-420
QUESTION 901:
A proxy based firewall has which one of the following advantages over a firewall employing
stateful packet inspection?
A. It has a greater throughput.
B. It detects intrusion faster.
C. It has greater network isolation.
D. It automatically configures the rule set.
Answer: C
QUESTION 902:
Firewalls filter incoming traffic according to
A. The packet composition.
B. A security policy.
C. Stateful packet rules.
D. A security process.
Answer: B
QUESTION 903:
Application Level Firewalls create:
A. a real circuit between the workstation client and the server
B. a virtual circuit between the workstation client and the server
C. a imaginary circuit between the workstation guest and the server
D. a temporary circuit between the workstation host and the server
Answer: B
QUESTION 904:

Which of the following is the biggest concern with firewall security?
A. Internal hackers
B. Complex configuration rules leading to misconfiguration
C. Buffer overflows
D. Distributed denial of service (DDOS) attacks
Answer: B
QUESTION 905:
Which of the following is true of network security?
A. A firewall is not a necessity in today’s connected world
B. A firewall is a necessity in today’s connected world
C. A whitewall is a necessity in today’s connected world
D. A black firewall is a necessity in today’s connected world
Answer: B
QUESTION 906:
Which of the following statements pertaining to firewalls is incorrect?
A. Firewall create bottlenecks between the internal and external network
B. Firewalls allow for centralization of security services in machines optimized and dedicated to
the task
C. Strong firewalls can protect a network at all layers of the OSI models
D. Firewalls are used to create security checkpoints at the boundaries of private networks
Answer: C
QUESTION 907:
Which of the following is the least important security service provided by a firewall?
A. Packet filtering
B. Encrypted tunnels
C. Network Address Translation
D. Proxy services
Answer: B
QUESTION 908:
Which of the following firewall rules is less likely to be found on a firewall installed
between an organization’s internal network and internet?
A. Permit all traffic to and from local host
B. Permit all inbound ssh traffic
C. Permit all inbound tcp connections
D. Permit all syslog traffic to log-server.abc.org
Answer: C
QUESTION 909:
Which of the following packets should NOT be dropped at a firewall protecting an
organization’s internal network?
A. Inbound packets with Source Routing option set
B. Router information exchange protocols
C. Inbound packets with an internal source IP address
D. Outbound packets with an external destination IP address
Answer: D
QUESTION 910:
By examining the “state” and “context” of the incoming data packets, it helps to track the
protocols that are considered “connectionless”, such as UDP-based applications and
Remote Procedure Calls (RPC). This type of firewall system is used in:
A. first generation firewall systems
B. second generation firewall systems
C. third generation firewall systems
D. fourth generation firewall systems
Answer: C
“Stateful Inspection Characteristics
The firewall maintains a state table that tracks each and every communication channel.
Frames are analyzed at all communication layers.
It provides a high degree of security and does not introduce the performance hit that proxy
firewalls introduce.
It is scaleable and transparent to users
It provides data tracking for tracking connectionless protocols such as UDP and ICMP
The stat and context of the data within the packets are stored and updated continuously.
It is considered a third-generation firewall.” Pg. 375 Shon Harris: All-in-One CISSP
Certification
Not A:
“Packet filtering is the first generation firewall-that is, it was the first type that was created and
used, and other types were developed fall into different generations.” Pg 373 Shon Harris:
All-in-One CISSP Certification
QUESTION 911:
Which of the following statements pertaining to packet filtering is incorrect?
A. It is based on ACLs
B. It is not application dependant
C. It operates at the network layer
D. It keeps track of the state of a connection
Answer: D
QUESTION 912:
A screening router can perform packet filtering based upon what data?
A. Translated source destination addresses.
B. Inverse address resolution.
C. Source and destination port number.
D. Source and destination addresses and application data.
Answer: C
The original answer was A (translated source destination address). I did not come across this term in my
reading.
Screening router
A screening router is one of the simplest firewall strategies to implement. This is a popular
design because most companies already have the hardware in place to implement it. A screening
router is an excellent first line of defense in the creation of your firewall strategy. It’s just a
router that has filters associated with it to screen outbound and inbound traffic based on IP
address and UDP and TCP ports.
http://www.zdnet.co.uk/news/specials/2000/10/enterprise/techrepublic/2002/10/article002c.html
QUESTION 913:
Why are hardware security features preferred over software security features?
A. They lock in a particular implementation.
B. They have a lower meantime to failure.
C. Firmware has fever software bugs.
D. They permit higher performance.
Answer: D
This is a sort of iffy question. Hardware allows faster performance then software and does not
need to utilize an underlying OS to make the security software operate. (An example is PIX
firewall vs checkpoint). The meantime to failure answer to me is ok but the hardware that the
software security also has a MTFF. A few people looked over this question and had no problem
with the answer of B (meantime to failure question) but as I looked into it I have picked D.
MTTF is typical the time to failure. “MTFF is the expected typical functional lifetime of the
device given a specific operating environment” (- Ed Tittle CISSP Study Guide (sybex) pg 657). This
leads me to think that this question says hardware has a SHORTER lifespan then software. Thus I am going to
have
to go with D (higher performance). This can be because of ASICs. As always uses your best judgment,
knowledge
and experience on this question. Below are some points of view.
Few things to consider when deploying software based firewall:
Patching OS or firewall software could bring down firewall or open additional holes
OS Expertise vs. firewall expertise (you may need two administrators).
Support contract (One for hardware, one for OS, one for firewall), who do you call?
Administration (One for OS and one for firewall). If your not an expert in both then forget it.
High-availability (Stateful failover) (usually requires additional software and costs a lot of
money). As a result it adds to support costs.
Is software firewalls a bad idea it depends. Every situation is different. -Bob
http://www.securityfocus.com/archive/105/322401/2003-05-22/2003-05-28/2
A software firewall application is designed to be installed onto an existing operating system
running on generic server or desktop hardware. The application may or may not ‘harden’ the
underlying operating system by replacing core components. Typical host operating systems
include Windows NT, 2000 server or Solaris.
Software firewall applications all suffer from the following key disadvantages:
They run on a generic operating system that may or may not be hardened by the Firewall
installation itself.
A generic operating system is non-specialized and more complex than is necessary to operate the
firewall. This leads to reliability problems and hacking opportunities were
peripheral/unnecessary services are kept running.
Generic operating systems have their own CPU and memory overheads making software based
firewalls slower than their dedicated hardware counterparts.
If the software firewalls uses PC hardware as the host platform, then there may be additional
reliability problems with the hardware itself. Sub-optimal performance of generic hardware also
affects software applications bundled with their own operating systems.
There is no physical or topological separation of the firewalling activity.
A dedicated hardware firewall is a software firewall application and operating system running on
dedicated hardware. This means the hardware used is optimized for the task, perhaps including
digital signal processors (DSPs) and several network interfaces. There may also be special
hardware used to accelerate the encryption/decryption of VPN data. It may be rack mounted for
easy installation into a comms’ cabinet.
We recommend dedicated hardware firewalls as they offer several key advantages over software
applications:
Dedicated hardware is typically more reliable.
Hardware firewalls are simpler, hence more secure.
Hardware firewalls are more efficient and offer superior performance, especially in support of
VPNs.
The firewalling activity is physically and topologically distinct.
http://www.zensecurity.co.uk/default.asp?URL=hardware%20software%20firewall
QUESTION 914:
Firewalls can be used to
A. Enforce security policy.
B. Protect data confidentiality.
C. Protect against protocol redirects.
D. Enforce Secure Network Interface addressing.
Answer: A
A firewall is a device that supports and enforces the company’s network security policy. – Shon
Harris All-in-one CISSP Certification Guide pg 412
QUESTION 915:
Which one of the following operations of a secure communication session cannot be protected?
A. Session initialization
B. Session support
C. Session termination
D. Session control
Answer: C
I did not find the answer to this question in any of the texts sources I read for the cissp. However, Network
Intrusion
Detection (3rd edition) gives some hints. I am basing this off of the 3 way hand shake and looking for the
termination of the session and who does it. Was it a RESET or FIN in the packet. So based off this concept I am
concluding that Session Termination is really not controllable. Use your best judgment on this question based
off of
experience and knowledge.
QUESTION 916:
The general philosophy for DMZ’s are that:
A. any system on the DMZ can be compromised because it’s accessible from the Internet
B. any system on the DMZ cannot be compromised because it’s not accessible from the Internet
C. some systems on the DMZ can be compromised because they are accessible from the Internet
D. any system on the DMZ cannot be compromised because it’s by definition 100% safe and not
accessible from the Internet
Answer: A
QUESTION 917:
What is NOT an authentication method within IKE and IPsec:
A. CHAP
B. Pre-shared Key
C. certificate based authentication
D. Public Key authentication
Answer: A
QUESTION 918:
In IPSec, if the communication mode is gateway-gateway or host-gateway:
A. Only tunnel mode can be used
B. Only transport mode can be used
C. Encapsulating Security Payload (ESP) authentication must be used
D. Both tunnel and transport mode can be used
Answer: D
“IPSec can work in one of two modes: transport mode, where the payload of the message is
protected, and tunnel mode, where the payload and the routing and header information is
protected.” Pg 527 Shon Harris: All-in-One CISSP Certification
Not: C
“IPSec is not a strict protocol that dictates the type of algorithm, keys, and authentication method
to be used, but it is an open, modular framework that provides a lot of flexibility for companies
when they choose to use this type of technology. IPSec uses two basic security protocols:
Authentication Header (AH) and the Encapsulating Security Payload (ESP). AH is the
authenticating protocol, and ESP is an authenticating and encrypting protocol that uses
cryptographic mechanisms to provide source authentication, confidentiality, and message
integrity.” Pg 527 Shon Harris: All-in-One CISSP Certification
QUESTION 919:
Internet Protocol Security (IPSec) provides security service within the Internet Protocol (IP) by doing all of
the following EXCEPT
A. Enabling a system to select required security protocols.
B. Providing traffic analysis protection.
C. Determining the algorithm(s) to use for the IPsec services.
D. Putting in place any cryptographic keys required to provide the requested services.
Answer: A
Pg 527 Shon Harris CISSP All-In-One Certification Exam Guide
QUESTION 920:
Which of the following Internet Protocol (IP) security headers are defined by the Security
Architecture for IP (IPSEC)?
A. The IPv4 and IPv5 Authentication Headers
B. The Authentication Header Encapsulating Security Payload
C. The Authentication Header and Digital Signature Tag
D. The Authentication Header and Message Authentication Code
Answer: B
“IPSec uses two basic security protocols: Authentication Header (AH) and the Encapsulating
Security Payload (ESP).” pg 575 Shon Harris CISSP All-In-One Certification Exam Guide
QUESTION 921:
Actualtests.com – The Power of Knowing
CISSP
Which of the following statements is not true of IPSec Transport mode?
A. It is required for gateways providing access to internal systems
B. Set-up when end-point is host or communications terminates at end-points
C. If used in gateway-to-host communication, gateway must act as host
D.)Detective/Administrative Pairing
Answer: A
QUESTION 922:
What is called the standard format that was established to set up and manage Security
Associations (SA) on the Internet in IPSec?
A. Internet Key Exchange
B. Secure Key Exchange Mechanism
C. Oakley
D. Internet Security Association and Key Management Protocol
Answer: D
Reference: pg 221 Krutz
QUESTION 923:
What is the purpose of the Encapsulation Security Payload (ESP) in the Internet Protocol
(IP) Security Architecture for Internet Protocol Security?
A. To provide non-repudiation and confidentiality for IP transmission.
B. To provide integrity and confidentiality for IP transmissions.
C. To provide integrity and authentication for IP transmissions.
D. To provide key management and key distribution for IP transmissions.
Answer: B
“Encapsulating Security Payload (ESP). AH is the authenticating protocol and ESP is an
authenticating and encrypting protocol that uses cryptographic mechanisms to provide source
authentication, confidentiality, and message integrity.” Pg 575 Shon Harris CISSP All-In-One
Certification Exam Guide
QUESTION 924:
Which one of the following is a circuit level application gateway and works independent of any supported
TCP/IP application protocol?
A. SOCK-et-S (SOCKS)
B. Common Information Model (CIM)
C. Secure Multipurpose Internet Mail Extension (S/MIME)
D. Generic Security Service Application Programming Interface (GSS-API)
Answer: A
“Socks Proxy Server Characteristics
Circuit-level proxy server
Requires clients to be SOCKS-fied with SOCKS client software
Mainly used for outbound Internet access and virtual private network (VPN) functionality
Can be resource-intensive
Provides authentication and encryption features to other VPN protocols, but not considered a
traditional VPN protocol”
Pg. 422 Shon Harris CISSP All-In-One Certification Exam Guide
Reference:
The SOCKS is an example of a circuit-level proxy gateway that provides a secure channel
between two computers. pg. 379 Shon Harris CISSP
QUESTION 925:
How does the SOCKS protocol secure Internet Protocol (IP) connections?
A. By negotiating encryption keys during the connection setup.
B. By attaching Authentication Headers (AH) to each packet.
C. By distributing encryption keys to SOCKS enabled applications.
D. By acting as a connection proxy.
Answer: D
“SOCKS is an example of a circuit-level proxy gateway that provides a secure channel between
two computers. When a SOCKS-enabled client sends a request to a computer on the Internet, this
request actually goes to the network’s SOCKS proxy server…” pg 379 Shon Harris: All-in-One
CISSP Certification
QUESTION 926:
In the TCP/IP protocol stack, at what level is the SSL (Secure Sockets Layer) protocol
provided?
A. Application
B. Network
C. Presentation
D. Session
Answer: B
QUESTION 927:
SSL (Secure Sockets Layer) has two possible ‘session key’ lengths, what are they?
A. 40 bit & 54 bit
B. 40 bit & 128 bit
C. 64 bit & 128 bit
D. 128 bit & 256 bit
Answer: B
QUESTION 928:
Which of the following is NOT true of SSL?
A. By convention is uses ‘s-http://’ instead of ‘http://’.
B. It stands for Secure Sockets Layer
C. It was developed by Netscape
D. IT is used for transmitting private documents over the internet
Answer: A
QUESTION 929:
Which SSL version offers client-side authentication
A. SSL v1
B. SSL v2
C. SSL v3
D. SSL v4
Answer: B
“Client Authentication using Digital IDs
Enable access by certificates1. Choose Encryption|Security Preferences in the Server Manager.
2. Specify which versions of SSL your server can communication with. The latest and most
secure version is SSL version 3, but many older clients use only SSL version 2. You will
probably want to enable your server to use both versions.
3. Refuse access to any client that does not have a client certificate from a trusted CA by
choosing the Yes box under Require client certificates (regardless of access control):
4. Click the OK button and confirm your changes.”
http://www.verisign.com/repository/clientauth/ent_ig.htm#clientauth
QUESTION 930:
In which way does a Secure Socket Layer (SSL) server prevent a “man-in-the-middle” attack?
A. It uses signed certificates to authenticate the server’s public key.
B. A 128 bit value is used during the handshake protocol that is unique to the connection.
C. It uses only 40 bits of secret key within a 128 bit key length.
D. Every message sent by the SSL includes a sequence number within the message contents.
Answer: A
Secure Sockets Layer (SSL). An encryption technology that is used to provide secure
transactions such as the exchange of credit card numbers. SSL is a socket layer security protocol
and is a two-layered protocol that contains the SSL Record Protocol and the SSL Handshake
Protocol. Similiar to SSH, SSL uses symmetric encryption for private connections and
asymmetric or public key cryptography (certificates) for peer authentication. It also uses a
Message Authentication Code for message integrity checking.
Krutz: The CISSP Prep Guide pg. 89. It prevents a man in the middle attack by confirming that
you are authenticating with the server desired prior entering your user name and password. If the
server was not authenticated, a man-in-the-middle could retrieve the username and password
then use it to login.
The SSL protocol has been known to be vulnerable to some man-in-the-middle attacks. The
attacker injects herself right at the beginning of the authentication phase so that she obtains both
parties’ keys. This enables her to decrypt and view messages that were not intended for her.
Using digital signatures during the session-key exchange can circumvent the man-in-the-middle
attack. If using kerberos, when Lance and Tanya obtain each other’s public keys from the KDC,
the public keys are signed by the KDC. Because Tanya and Lanace have the public key of the
KDC, they both can decrypt and verify the signature on each other’s public key and be sure that
it came from the KDC itself. Because David does not have the private key of the KDC, he cannot
substitute his pubic key during this type of transmission. Shon Harris All-In-One CISSP
Certification pg. 579.
One of the most important pieces a PKI is its public key certificate. A certificate is the
mechanism used to associate a public key with a collection of components sufficient to uniquely
authenticate the claimed owner. Shon Harris All-In-One CISSP Certification pg. 540.
QUESTION 931:
Secure Shell (SSH) and Secure Sockets Layer (SSL) are very heavily used for protecting
A. Internet transactions
B. Ethernet transactions
C. Telnet transactions
D. Electronic Payment transactions
Answer: A
QUESTION 932:
Which one of the following CANNOT be prevented by the Secure Shell (SSH) program?
A. Internet Protocol (IP) spoofing.
B. Data manipulation during transmissions.
C. Network based birthday attack.
D. Compromise of the source/destination host.
Answer: D
This is a question that I disagreed with. The premises that SSH does use RSA and 3DES, thus
susceptible to cryptographic attack (namely birthday attach) has merit but I think the answer is
more simple, in that you SSH cant protect against a compromised source/destination. You can
safely rule out spoofing and manipulation (that is the job of ssh to protect the transmission).
Original answer was C birthday attack. Use your best judgment based on knowledge and
experience.
The use of ssh helps to correct these vulnerabilities. Specifically, ssh protects against these
attacks: IP spoofing (where the spoofer is on either a remote or local host), IP source routing,
DNS spoofing, interception of cleartext passwords/data and attacks based on listening to X
authentication data and spoofed connections to an X11 server.
http://www-arc.com/sara/cve/SSH_vulnerabilities.html
Birthday attack – Usually applied to the probability of two different messages using the same
hash fucntion that produces a common message digest; or given a message and its
corresponding message digest, finding another message that when passed through the same hash function
generates the same specific message digest. The term “birthday” comes from the fact that in a
room with 23 people, the probability of two people having the same birthday is great than 50
percent. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 212
QUESTION 933:
Another name for a VPN is a:
A. tunnel
B. one-time password
C. pipeline
D. bypass
Answer: A
QUESTION 934:
Which one of the following attacks is MOST effective against an Internet Protocol Security
(IPSEC) based virtual private network (VPN)?
A. Brute force
B. Man-in-the-middle
C. Traffic analysis
D. Replay
Answer: B
Active attacks find identities by being a man-in-the-middle or by replacing the responder in the
negotiation. The attacker proceeds through the key negotiation with the attackee until the
attackee has revealed its identity. In a well-designed system, the negotiation will fail after the
attackee has revealed its identity because the attacker cannot spoof the identity of the
originally-intended system.
The attackee might then suspect that there was an attack because the other side failed before it
gave its identity. Therefore, an active attack cannot be persistent because it would prevent all
legitimate
access to the desired IPsec system.
http://msgs.securepoint.com/cgi-bin/get/ipsec-0201/18.html
Not C: Traffic analysis is a good attack but not the most effective as it is passive in nature, while
Man in the middle is active.
QUESTION 935:
Which of the following is NOT an essential component of a VPN?
A. VPN Server
B. NAT Server
C. authentication
D. encryption
Answer: B
QUESTION 936:
Virtual Private Network software typically encrypts all of the following EXCEPT
A. File transfer protocol
B. Data link messaging
C. HTTP protocol
D. Session information
Answer: B
QUESTION 937:
Which of the following is less likely to be used in creating a Virtual Private Network?
A. L2TP
B. PPTP
C. IPSec
D. L2F
Answer: D
“The following are the three most common VPN communications protocol standards:
Point-to-Point Tunneling Protocol(PPTP). PPTP works at the Data Link Layer of the OSI model.
Designed for individual client to server connections, it enables only a single point-to-point
connection per session. This standard is very common with asynchronous connections that use
Win9x or NT clients. PPTP uses native Point-to-Point Protocol (PPP) authentication and
encryption services.
Layer 2 Tunneling Protocol (L2TP). L2TP is a combination of PPTP and the earlier Layer 2
Forwarding (L2F) Protocol that works at the Data Link Layer like PPTP. It has become an
accepted tunneling standard for VPN’s. In fact, dial-up VPNs use this standard quite frequently.
Like PPTP, this standard was designed for single point-to-point client to server connections. Not
that multiple protocols can be encapsulated within the L2TP tunnel, but do not use encryption
like PPTP. Also, L2TP supports TACACS+ and RADIUS, but PPTP does not.
IPSEC. IPSec operates at the Network Layer and it enables multiple and simultaneous tunnels,
unlike the single connection of the previous standards. IPSec has the functionality to encrypt and
authenticate IP data. It is built into the new Ipv6 standard, and is used as an add-on to the current
Ipv4. While PPTP and L2TP are aimed more at dial-up VPNs, IPSec focuses more on
network-to-network connectivity.” Pg. 123-125 Krutz: The CISSP Prep Guide: Gold Edition.
QUESTION 938:
Which one of the following instigates a SYN flood attack?
A. Generating excessive broadcast packets.
B. Creating a high number of half-open connections.
C. Inserting repetitive Internet Relay Chat (IRC) messages.
D. A large number of Internet Control Message Protocol (ICMP) traces.
Answer: B
A SYN attack occurs when an attacker exploits the use of the buffer space during a Transmission Control
Protocol
(TCP) session initialization handshake. The attacker floods the target system’s small “in-process” queue with
connection requests, but it does not respond when a target system replies to those requests. This causes the
target
system to time out while waiting for the proper response, which makes the system crash or become unusable. –
Ronald Krutz The CISSP PREP Guide (gold edition) pg 103
“In a SYN flood attack, hackers use special software that sends a large number of fake packets
with the SYN flag set to the targeted system. The victim then reserves space in memory for the
connection and attempts to send the standard SYN/ACK reply but never hears back from the
originator. This process repeats hundreds or even thousands of times, and the targeted computer
eventually becomes overwhelmed and runs out of available resources for the half-opened
connections. At that time, it either crashes or simply ignores all inbound connection requests
because it can’t possibly handle any more half-open connections.” Pg 266 Tittel: CISSP Study
Guide.
QUESTION 939:
Which one of the following is defined as the process of distributing incorrect Internet Protocol (IP)
addresses/names with the intent of diverting traffic?
A. Network aliasing
B. Domain Name Server (DNS) poisoning
C. Reverse Address Resolution Protocol (ARP)
D. Port scanning
Answer: B
This reference is close to the one listed DNS poisoning is the correct answer however, Harris does not say the
name
when describing the attack but later on the page she state the following.
This is how DNS DOS attack can occur. If the actual DNS records are unattainable to the attacker for him to
alter in
this fashion, which they should be, the attacker can insert this data into the cache of there server instead of
replacing
the actual records, which is referred to as cache poisoning. – Shon Harris All-in-one CISSP Certification
Guide pg 795
QUESTION 940:
A Packet containing a long string of NOP’s followed by a command is usually indicative of
what?
A. A syn scan
B. A half-port scan
C. A buffer overflow
D. A packet destined for the network’s broadcast address
Answer: C
Reference “This paper is for those who want a practical approach to writing buffer overflow
exploits. As the title says, this text will teach you how to write these exploits
in Perl.
…..
There are reasons why we construct the buffer this way. First we have a lot of
NOPs, then the shellcode (which in this example will execute /bin/sh), and at last
the ESP + offset values.” http://hackersplayground.org/papers/perl-buffer.txt
QUESTION 941:
You are running a packet sniffer on a network and see a packet with a long string of long
string of “90 90 90 90….” in the middle of it traveling to an x86-based machine. This could
be indicative of what?
A. Over-subscription of the traffic on a backbone
B. A source quench packet
C. a FIN scan
D. A buffer overflow
Answer: D
Reference: “TCP Port 5000 Buffer Overflow Attack
The attack on Port 5000 was part of this scan pattern
Mar 14, 2004 15:58:17.837 – (TCP) 68.144.13.102 : 2282 >>> 192.168.1.36 : 2745
Mar 14, 2004 15:58:17.857 – (TCP) 68.144.13.102 : 2283 >>> 68.144.193.246 : 135
Mar 14, 2004 15:58:17.887 – (TCP) 68.144.13.102 : 2284 >>> 192.168.1.38 : 1025
Mar 14, 2004 15:58:17.907 – (TCP) 68.144.13.102 : 2285 >>> 68.144.193.246 : 445
Mar 14, 2004 15:58:17.938 – (TCP) 68.144.13.102 : 2286 >>> 192.168.1.36 : 3127
Mar 14, 2004 15:58:17.958 – (TCP) 68.144.13.102 : 2287 >>> 68.144.193.246 : 6129
Mar 14, 2004 15:58:17.988 – (TCP) 68.144.13.102 : 2288 >>> 68.144.193.246 : 139
Mar 14, 2004 15:58:18.008 – (TCP) 68.144.13.102 : 2289 >>> 192.168.1.36 : 5000
Mar 14, 2004 15:58:29.164 – (TCP) 68.144.13.102 : 1442 >>> 68.144.193.246 : 1981
Mar 14, 2004 15:58:33.470 – (TCP) 68.144.13.102 : 1442 >>> 68.144.193.246 : 1981
Mar 14, 2004 15:58:39.288 – (TCP) 68.144.13.102 : 1442 >>> 68.144.193.246 : 1981
The attack appears to be a buffer overfull attack on the Plug and Play service on TCP Port 5000, which likely
contains instructions to
download and execute the rest of the worm.
TCP Connection Request
—- 14/03/2004 15:40:57.910
68.144.193.124 : 4560 TCP Connected ID = 1
—- 14/03/2004 15:40:57.910
Status Code: 0 OK
68.144.193.124 : 4560 TCP Data In Length 697 bytes
MD5 = 19323C2EA6F5FCEE2382690100455C17
—- 14/03/2004 15:40:57.920
0000 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0010 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0020 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0030 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0040 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0050 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0060 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0070 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0080 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0090 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
00A0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
00B0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
00C0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
00D0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
00E0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
00F0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0100 90 90 90 90 90 90 90 90 90 90 90 90 4D 3F E3 77 …………M?.w
0110 90 90 90 90 FF 63 64 90 90 90 90 90 90 90 90 90 …..cd………
0120 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 …………….
0130 90 90 90 90 90 90 90 90 EB 10 5A 4A 33 C9 66 B9 ……….ZJ3.f.
0140 66 01 80 34 0A 99 E2 FA EB 05 E8 EB FF FF FF 70 f..4………..p
0150 99 98 99 99 C3 21 95 69 64 E6 12 99 12 E9 85 34 …..!.id……4
0160 12 D9 91 12 41 12 EA A5 9A 6A 12 EF E1 9A 6A 12 ….A….j….j.
0170 E7 B9 9A 62 12 D7 8D AA 74 CF CE C8 12 A6 9A 62 …b….t……b
0180 12 6B F3 97 C0 6A 3F ED 91 C0 C6 1A 5E 9D DC 7B .k…j?…..^..{
0190 70 C0 C6 C7 12 54 12 DF BD 9A 5A 48 78 9A 58 AA p….T….ZHx.X.
01A0 50 FF 12 91 12 DF 85 9A 5A 58 78 9B 9A 58 12 99 P…….ZXx..X..
01B0 9A 5A 12 63 12 6E 1A 5F 97 12 49 F3 9A C0 71 E5 .Z.c.n._..I…q.
01C0 99 99 99 1A 5F 94 CB CF 66 CE 65 C3 12 41 F3 9D …._…f.e..A..
01D0 C0 71 F0 99 99 99 C9 C9 C9 C9 F3 98 F3 9B 66 CE .q…………f.
01E0 69 12 41 5E 9E 9B 99 9E 24 AA 59 10 DE 9D F3 89 i.A^….$.Y…..
01F0 CE CA 66 CE 6D F3 98 CA 66 CE 61 C9 C9 CA 66 CE ..f.m…f.a…f.
0200 65 1A 75 DD 12 6D AA 42 F3 89 C0 10 85 17 7B 62 e.u..m.B……{b
0210 10 DF A1 10 DF A5 10 DF D9 5E DF B5 98 98 99 99 ………^……
0220 14 DE 89 C9 CF CA CA CA F3 98 CA CA 5E DE A5 FA …………^…
0230 F4 FD 99 14 DE A5 C9 CA 66 CE 7D C9 66 CE 71 AA ……..f.}.f.q.
0240 59 35 1C 59 EC 60 C8 CB CF CA 66 4B C3 C0 32 7B Y5.Y.`….fK..2{
0250 77 AA 59 5A 71 62 67 66 66 DE FC ED C9 EB F6 FA w.YZqbgff…….
0260 D8 FD FD EB FC EA EA 99 DA EB FC F8 ED FC C9 EB …………….
0270 F6 FA FC EA EA D8 99 DC E1 F0 ED C9 EB F6 FA FC …………….
0280 EA EA 99 D5 F6 F8 FD D5 F0 FB EB F8 EB E0 D8 99 …………….
0290 EE EA AB C6 AA AB 99 CE CA D8 CA F6 FA F2 FC ED …………….
02A0 D8 99 FB F0 F7 FD 99 F5 F0 EA ED FC F7 99 F8 FA …………….
02B0 FA FC E9 ED 99 0D 0A 0D 0A ……… ” http://www.linklogger.com/TCP5000_Overflow.htm
QUESTION 942:
Which of the following is true related to network sniffing?
A. Sniffers allow an attacker to monitor data passing across a network.
B. Sniffers alter the source address of a computer to disguise and exploit weak authentication
methods.
C. Sniffers take over network connections
D. Sniffers send IP fragments to a system that overlap with each other.
Answer: A
Explanation: Sniffing is the action of capture / monitor the traffic going over the network.
Because, in a normal networking environment, account and password information is passed
along Ethernet in clear-text, it is not hard for an intruder to put a machine into promiscuous
mode and by sniffing, compromise all the machines on the net by capturing password in an
illegal fashion.
QUESTION 943:
Which one of the following threats does NOT rely on packet size or large volumes of data?
A. SYN flood
B. Spam
C. Ping of death
D. Macro virus
Answer: D
SPAM – The term describing unwanted email, newsgroup, or discussion forum messages. Spam
can be innocuous as an advertisement from a well-meaning vendor or as malignant as floods or
unrequested messages with viruses or Trojan horses attached
SYN Flood Attack – A type of DoS. A Syn flood attack is waged by not sending the final ACK
packet, which breaks the standard three-way handshake used by TCP/IP to initiate
communication sessions.
Ping of death attack – A type of DoS. A ping of death attack employs an oversized ping packet.
Using special tools, an attacker can send numerous oversized ping packets to a victim. In many
cases, when the victimized system attempts to process the packets, an error occurs causing the
system to freeze, crash, or reboot.
Macro Viruses – A virus that utilizes crude technologies to infect documents created in the
Microsoft Word environment.
– Ed Tittle CISSP Study Guide (sybex) pg 550 740, 743, 723, 713
QUESTION 944:
A TCP SYN Attack:
A. requires a synchronized effort by multiple attackers
B. takes advantage of the way a TCP session is established
C. may result in elevation of privileges.
D. is not something system users would notice
Answer: B
“[SYN Flood] Attackers can take advantage of this design flaw by continually sending the victim
SYN messages with spoofed packets. The victim will commit the necessary resources to setup
this communication socket, and it will send its SYN/ACK message waiting for the ACK message
in return. However, the victim will never receive the ACK message, because the packet is
spoofed, and victim system sent the SYN/ACK message to a computer that does not exist. So the
victim system receives a SYN message, add it dutifully commits the necessary resources to setup
a connection with another computer. This connection is queued waiting for the ACK message,
and the attacker sends another SYN message. The victim system does what is supposed to can
commits more resources, sends the SYN/ACK message, and queues this connection. This may
only need to happen a dozen times before the victim system no longer has the necessary
resources to open up another connection. This makes the victim computer unreachable from
legitimate computers, denying other systems service from the victim computer.” Pg. 735 Shon
Harris CISSP All-In-One Exam Guide
QUESTION 945:
What attack is typically used for identifying the topology of the target network?
A. Spoofing
B. Brute force
C. Teardrop
D. Scanning
Answer: D
Explanation:
Flaw exploitation attacks exploit a flaw in the target system’s software in order to
cause a processing failure or to cause it to exhaust system resources. An example of
such a processing failure is the ‘ping of death’ attack. This attack involved sending
an unexpectedly large ping packet to certain Windows systems. The target system could
not handle this abnormal packet, and a system crash resulted. With respect to resource
exhaustion attacks, the resources targeted include CPU time, memory, disk space, space
in a special buffer, or network bandwidth. In many cases, simply patching the software
can circumvent this type of DOS attack.
QUESTION 946:
Which one of the following is the reason for why hyperlink spoofing attacks are usually
successful?
A. Most users requesting DNS name service do not follow hyperlinks.
B. The attack performs user authentication with audit logs.
C. The attack relies on modifications to server software.
D. Most users do not make a request to connect to a DNS names, they follow hyperlinks.
Answer: D
Explanation:
The problem is that most users do not request to connect to DNS names or even URLs, they
follow hyperlinks… But, whereas DNS names are subject to “DNS spoofing” (whereby a DNS
server lies about the internet address of a server) so too are URLs subject to what I call
“hyperlink spoofing” or “Trojan HTML”, whereby a page lies about an URLs DNS name. Both
forms of spoofing have the same effect of steering you to the wrong internet site, however
hyperlink spoofing is technically much easier than DNS spoofing.
http://www.brd.ie/papers/sslpaper/sslpaper.html
QUESTION 947:
Which of the following identifies the first phase of a Distributed Denial of Service attack?
A. Establishing communications between the handler and agent.
B. Disrupting the normal traffic to the host.
C. Disabling the router so it cannot filter traffic.
D. Compromising as many machines as possible.
Answer: D
Another form of attack is called the distributed denial of service (DDOS). A distributed denial of
service occurs when the attacker compromises several systems and uses them as launching
platforms against on or more victims. – Ed Tittle CISSP Study Guide (sybex) pg 51
QUESTION 948:
This type of vulnerability enables the intruder to re-route data traffic from a network
device to a personal machine? This diversion enables the intruder to capture data traffic to
and from the devices for analysis or modification, or to steal the password file from the
server and gain access to user accounts.
A. Network Address Translation
B. Network Address Hijacking
C. Network Address Supernetting
D. Network Address Sniffing
Answer: B
“Network Address Hijacking. It might be possible for an intruder to reroute data traffic from a
server or network device to a personal machine, either by device address modification or
network address “hijacking.” This diversion enables the intruder to capture traffic to and from
the devices for data analysis or modification or to steal the password file from the server and
gain access to user accounts. By rerouting the data output, the intruder can obtain supervisory
terminal functions and bypass the system logs.”
Pg. 324 Krutz: The CISSP Prep Guide: Gold Edition
QUESTION 949:
Which one of the following is an example of hyperlink spoofing?
A. Compromising a web server Domain Name Service reference.
B. Connecting the user to a different web server.
C. Executing Hypertext Transport Protocol Secure GET commands.
D. Starting the user’s browser on a secured page.
Answer: B
The problem is that most users do not request to connect to DNS names or even URLs, they
follow hyperlinks… But, whereas DNS names are subject to “DNS spoofing” (whereby a DNS
server lies about the internet address of a server) so too are URLs subject to what I call
“hyperlink spoofing” or “Trojan HTML”, whereby a page lies about an URLs DNS name. Both
forms of spoofing have the same effect of steering you to the wrong internet site, however
hyperlink spoofing is technically much easier than DNS spoofing.
http://www.brd.ie/papers/sslpaper/sslpaper.html
QUESTION 950:
Why are packet filtering routers NOT effective against mail bomb attacks?
A. The bomb code is obscured by the message encoding algorithm.
B. Mail bombs are polymorphic and present no consistent signature to filter on.
C. Filters do not examine the data portion of a packet.
D. The bomb code is hidden in the header and appears as a normal routing information.
Answer: C

Leave a Reply

Your email address will not be published. Required fields are marked *