Practice Test(DOMAIN4)

CISSP総合学習サイト

Domain 4 Exam.

A minimum of 70% is required to pass.

 

Results

Wonderful!

There may be content you haven’t seen yet.

#1. Which network line should be used to ensure that traffic always uses the same path?

Circuit switching is a dedicated communication channel through a network. The circuit guarantees full bandwidth. The circuit functions as if the nodes were physically connected by cables.

#2. Which of the following is an attack that accesses an internal IP address as the source from the outside and aims for internal access by means of a response request?

〇:LAND attack

A LAND attack is an attack that penetrates firewalls that block bad requests; it is similar to the Fraggle attack, but it sends a request to the firewall with the sender as the target of the attack. This is a blind spot because the firewall, which is supposed to protect the inside of the system, is used for the attack.

 

×:Teardrop

Teardrop is an attack that halts the system by forging the offset of IP packets before they are split.

 

×:Christmas Tree Attack

A Christmas tree attack is an attack in which a packet is sent with a number of flags (URG, ACK, PSH, RST, SYN, FIN) and the response is observed.

 

×:CHARGEN attack

CHARGEN (port 19) is a protocol that returns an appropriate string.

#3. Which of the following is a straightforward inference as to why email spoofing was so easily carried out?

〇:SMTP lacks proper authentication mechanisms.

Email spoofing is easy to perform if the SMTP lacks proper authentication mechanisms. An attacker can spoof the sender address of an e-mail by sending a Telnet command to port 25 of the mail server. The spammer uses e-mail spoofing to prevent himself from being identified.

 

×:The administrator forgot to configure a setting that prevents inbound SMTP connections for non-functioning domains.

If it is spoofed, the email sender is also spoofed. This can happen even if you prevent inbound SMTP connections for a domain.

 

×:Technically abolished by keyword filtering.

Filtering is not very effective against spoofing. Therefore, even if it is technically obsolete, it is unlikely to be the cause.

 

×:The blacklist function is not technically reliable.

If an email is spoofed, the sender of the email is also spoofed. This can happen even if the filtering function is not reliable.

#4. Communication speed has become a problem and we want to renew our Wi-Fi. I want to get the fastest possible connection speed. Which Wi-Fi standard should we use?

IEEE 802.11 is one of the wireless LAN standards established by IEEE.

Type Max Speed Frequency
802.11
2Mbps
2.4GHz
802.11a
54Mbps
5GHz
802.11b
11Mbps
2.4GHz
802.11g
54Mbps
2.4GHz
802.11n
600Mbps
2.4GHz or 5GHz
802.11ac
1.3Gbps
5GHz

#5. You are implementing Quality of Service (QoS) in your network; which is one of the main benefits of QoS?

#6. What is the IPSec SA value?

Each IPSec VPN device will have at least one security association (SA) for each secure connection it uses; the SA, which is critical to the IPSec architecture, is the device’s need to support IPSec connections over VPN connections This is a record of the configuration that needs to be in place.

#7. Which is the most correct use of a captive portal?

A captive portal is a mechanism that restricts communication with the outside world until user authentication, user registration, and user consent are performed when a terminal connects to the network.

#8. DNS is a popular target for attackers on the Internet; which ones use recursive queries to pollute the caches of DNS servers?

〇:DNS Hijacking

The DNS plays a great role in the transmission of traffic on the Internet; it directs traffic to the appropriate IP address corresponding to a given domain name DNS queries can be classified as either recursive or iterative. In a recursive query, the DNS server forwards the query to another server, which returns the appropriate response to the inquirer. In an iterative query, the DNS server responds with the address of another DNS server that may be able to answer the question and then proceeds to further ask for a new DNS server. Attackers use recursive queries to pollute the caches of DNS servers.

The attacker sends a recursive query to the victim’s DNS server asking for the IP address of the domain; the DNS server forwards the query to another DNS server. Before the other DNS server responds, the attacker inserts his IP address. The victim server receives the IP address and stores it in its cache for a specific period of time. The next time the system queries the server for resolution, the server directs the user to the attacker’s IP address.

 

×:Manipulating the hosts file

Manipulating the hosts file is wrong because it does not use recursive queries to pollute the DNS server cache. The client queries the hosts file before issuing a request to the first DNS server. Some viruses add the antivirus vendor’s invalid IP address to the hosts file to prevent the virus definition file from being downloaded and to prevent detection.

 

×:Social engineering

Social engineering is wrong because it does not require querying DNS servers. Social engineering refers to manipulation by an individual for the purpose of gaining unauthorized access or information.

 

×:Domain Litigation

Domain litigation is wrong because it does not involve poisoning the DNS server cache. Domain names are at trademark risk, including temporary unavailability or permanent loss of established domain names.

#9. You want to make it clear to developers that application processing and session processing are separate. Which network model should they follow?

〇:OSI reference model

The OSI reference model is a seven-layer classification of network communication. The concepts of application communication and session are separated, which would be clearly communicated based on the OSI reference model. Therefore, the correct answer is “OSI reference model.

 

×:TCP/IP model

The TCP/IP model is a layer design that is closer to the concept of a system than the OSI reference model; in the TCP/IP model, the application layer, presentation layer, and session layer of the OSI reference model are represented by a single application layer.

 

×:Data link model

There is no such model.

 

×:Biba model

Biba model is one of the security models that indicates that data cannot be changed without permission.

#10. IP telephony networks require the same security measures as those implemented on IP data networks. Which of the following is a feature unique to IP telephony?

〇:IP Session Restriction via Media Gateway

The VoIP Media Gateway translates Internet Protocol (VoIP) voice over time division multiplexing (TDM) voice to and from. As a security measure, the number of calls through the Media Gateway should be limited. The Media Gateway is vulnerable to denial-of-service attacks, hijacking, and other types of attacks.

 

×:Identification of Rogue Devices  

Incorrect, as rogue devices on both IP telephony and data networks need to be identified.

 

×:Implementation of Authentication

Incorrect because authentication is recommended for both data and voice networks.

 

×:Encryption of packets containing sensitive information

Incorrect because sensitive data can be transmitted over either voice or data networks and must be encrypted in both cases. Eavesdropping is a very real threat for VoIP networks.

#11. Which of the following is NOT a benefit of VoIP?

〇:Security

Voice over Internet Protocol (VoIP) refers to a transmission technology that delivers voice communications over an IP network; IP telephony uses technology that is similar to TCP/IP and therefore similar in its vulnerabilities. Voice systems are vulnerable to application manipulation and unauthorized administrative access. It is also vulnerable to denial of service attacks against gateway and network resources. Eavesdropping is also a concern since data traffic is transmitted in clear text unless encrypted.

The term security is a difficult answer to choose from because it has a very broad meaning. However, information security scriptures such as CISSP are persistent in saying that VoIP has vulnerabilities. Although this answer is a bit over the top in practical terms, it was made to educate the public, because depending on the creator’s intentions, this issue may arise.

 

×:Cost

Wrong, because cost is an advantage of VoIP; with VoIP’s, a company becomes a dedicated alternative to a separate network dedicated to data transmission and voice transmission. For telephony features such as conference calling, call forwarding, and automatic redialing are freed up in VoIP, which is open source, while companies that use traditional communications charge for VoIP.

 

×:Convergence

Wrong because convergence is the advantage of VoIP. Convergence means the integration of traditional IP networks with traditional analog telephone networks.

 

×:Flexibility

Wrong, because flexibility is an advantage of VoIP. The technology is very simple, easy and supports multiple calls over a single Internet broadband connection.

#12. Which of the following is not a network topology?

Matrix is not a network topology. Ring, mesh, and star are network topologies.

#13. Which of the following is NOT an effective countermeasure against spam mail?

〇:Make the mail relay server available to everyone.

This is a question of choosing the “ineffective” one. An open mail relay server is not an effective countermeasure against spam. In fact, spammers often use spammers to distribute spam, because the attackers can hide their identities. An open mail relay server is an SMTP server configured to allow inbound SMTP connections from anyone on the Internet, and many relays are properly configured to prevent attackers from distributing spam and pornography. Thus, the correct answer is “have an email relay server available to everyone.” will be.

 

×:Build a properly configured mail relay server.

A properly configured mail relay server can also suppress spam mail.

 

×:Perform filtering at the e-mail gateway.

Filtering emails that are considered spam mail at the gateway will help to prevent spam mail.

 

×:Filtering at the client.

Filtering spam mail at the client, i.e., in a mailing application such as Outlook, is considered to be a countermeasure against spam mail.

#14. Which DNS extension provides authentication of the origin of DNS data to DNS clients (resolvers) that can reduce DNS poisoning, spoofing, and other attacks?

〇:DNSSEC

DNSSEC is a set of extensions to the DNS that provide DNS clients (resolvers) with authentication of the origin of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attack types. It is an Internet Engineering Task Force (IETF) specification for securing services.

 

×:Resource Record

DNS servers contain records that map hostnames to IP addresses, called resource records. The answer is incorrect. When a user’s computer needs to resolve a hostname to an IP address, it looks in its network configuration to find its DNS server. The computer then sends a request containing the hostname to the DNS server for resolution; the DNS server looks at its resource records, finds a record with this particular hostname, retrieves the address, and responds to the computer with the corresponding IP address.

 

×:Zone Transfer

Primary and secondary DNS servers synchronize their information via zone transfers. The answer is incorrect. After changes are made to the primary DNS server, these changes must be replicated to the secondary DNS server. It is important to configure the DNS servers so that zone transfers can take place between specific servers.

 

×:Resource Transfer

Equivalent to transferring DNS resource records, but the answer is incorrect.

#15. Previously, access was controlled by source IP address, but the behavior of a series of communications indicates that it must be detected. Which firewall is designed to respond to this attack?

〇:Stateful Inspection

Stateful Inspection detects abnormal communication in which the request and response are linked and only the response is returned from a different server. Therefore, the correct answer is “Stateful Inspection.

 

×:Application Gateway

Commonly referred to as WAF, this is used when filtering is performed based on strings in telegrams, such as SQL injection.

 

×:Packet Filtering

Used for filtering by IP address or port.

 

×:Session Gateway

There is no such firewall category.

#16. We are implementing a new network infrastructure for our organization. The new infrastructure uses carrier sense multiple access with collision detection (CSMA / CD). What are you trying to implement?

Carrier Sense Multiple Access Collision Detection (CSMA / CD) is used for systems that can transmit and receive simultaneously, such as Ethernet. If two clients listen at the same time and make sure the line is clear, both may transmit at the same time, causing a collision. Collision Detection (CD) is added to solve this scenario. The client checks to see if the line is idle and transmits if it is idle. If in use, they wait for a random time (milliseconds). During transmission, they monitor the network and if more input is received than transmitted, another client is also transmitting and sends a jam signal instructing other nodes to stop transmitting, wait a random time and then start transmitting again.

#17. Which unique internal protocol selects the best path between source and destination in network routing?

〇:IGRP

The Internal Gateway Routing Protocol (IGRP) is a distance vector routing protocol developed by and proprietary to Cisco Systems, Inc. Whereas the Routing Information Protocol (RIP) uses one criterion to find the optimal path between source and destination, IGRP uses five criteria to make an “optimal route” determination. The network administrator can set weights on these different metrics so that the protocol works optimally in its particular environment.

 

×:RIP  

Routing Information Protocol (RIP) is incorrect because it is not proprietary; RIP allows routers to exchange routing table data and calculate the shortest distance between source and destination. It is considered a legacy protocol due to poor performance and lack of features. It should be used in smaller networks.

 

×:BGP

Border Gateway Protocol (BGP) is incorrect because it is an Exterior Gateway Protocol (EGP); BGP allows routers in different ASes to share routing information to ensure effective and efficient routing between different networks. BGP is used by Internet Service Providers.

 

×:OSPF  

OSPF is incorrect because it is not proprietary; it uses a link-state algorithm to transmit information in the OSPF routing table. Smaller and more frequent routing table updates.

#18. Which of the following is an incorrect description of IP telephony security?

〇:Softphones are safer than IP phones. 

IP softphones should be used with caution. A softphone is a software application that allows users to make calls via computer over the Internet. Replacing dedicated hardware, a softphone works like a traditional telephone. Skype is an example of a softphone application. Compared to hardware-based IP phones, softphones are more receptive to IP networks. However, softphones are no worse than other interactive Internet applications because they do not separate voice traffic from data, as IP phones do, and also because data-centric malware can more easily enter the network through softphones. network.

 

×:VoIP networks should be protected with the same security controls used on data networks.

The statement is incorrect because it correctly describes the security of an IP telephony network. an IP telephony network uses the same technology as a traditional IP network, which allows it to support voice applications. Therefore, IP telephony networks are susceptible to the same vulnerabilities as traditional IP networks and should be protected accordingly. This means that IP telephony networks should be designed to have adequate security.

 

×:As an endpoint, IP telephony can be a target of attack.

Incorrect because true: An IP phone on an IP telephony network is equivalent to a workstation on a data network in terms of vulnerability to attack. Thus, IP phones should be protected with many of the same security controls implemented on traditional workstations. For example, the default administrator password must be changed. Unnecessary remote access functions need to be disabled. Logging should be enabled and the firmware upgrade process should be secured.

 

×:The current Internet architecture in which voice is transmitted is more secure than physical phone lines.

True and therefore incorrect. In most cases, the current Internet architecture in which voice is transmitted is more secure than physical telephone lines. Physical phone lines provide a point-to-point connection, which is difficult to leverage over the software-based tunnels that make up the bulk of the Internet. This is an important factor to consider when protecting IP telephony networks because the network is now transmitting 2 valuable asset data and voice. It is not unusual for personal information, financial information, and other sensitive data to be spoken over the phone; intercepting this information over an IP telephony network is as easy as intercepting regular data. Currently voice traffic should also be encrypted.

#19. Layer 2 of the OSI model has two sublayers. What are the two IEEE standards that represent these sublayers and technologies?

The data link layer or Layer 2 of the OSI model adds a header and trailer to the packet to prepare the packet in binary format in local area network or wide area network technology for proper line transmission. Layer 2 is divided into two functional sublayers. The upper sublayer is logical link control (LLC), which is defined in the IEEE 802.2 specification. It communicates with the network layer above the data link layer. Below the LLC is the Media Access Control (MAC) sublayer, which specifies interfaces with the protocol requirements of the physical layer.

#20. When attackers set up war dialing, what do they try to do?

War Dialing is the indiscriminate and repeated act of cracking dial-ups in search of dial-up lines, such as those for non-public internal networks. It automatically scans a list of telephone numbers, usually dialing all numbers in the local area code, and searches modems, computers, bulletin board systems, and fax machines.

Previous
終了