Sender Policy Framework (SPF) is an email verification system that detects email spoofing and prevents spam and malicious email. Attackers typically spoof e-mail addresses to make recipients believe that the messages come from a known and trusted source. SPF allows network administrators to specify which hosts can send mail from a particular domain by implementing SPF records in the Domain Name System (DNS). The e-mail server is configured to check with the DNS server to ensure that e-mail sent from a particular domain was sent from an IP address authorized by the administrator of the sending domain.

〇：Security

Voice over Internet Protocol (VoIP) refers to a transmission technology that delivers voice communications over an IP network; IP telephony uses technology that is similar to TCP/IP and therefore similar in its vulnerabilities. Voice systems are vulnerable to application manipulation and unauthorized administrative access. It is also vulnerable to denial of service attacks against gateway and network resources. Eavesdropping is also a concern since data traffic is transmitted in clear text unless encrypted.

The term security is a difficult answer to choose from because it has a very broad meaning. However, information security scriptures such as CISSP are persistent in saying that VoIP has vulnerabilities. Although this answer is a bit over the top in practical terms, it was made to educate the public, because depending on the creator’s intentions, this issue may arise.

×：Cost

Wrong, because cost is an advantage of VoIP; with VoIP’s, a company becomes a dedicated alternative to a separate network dedicated to data transmission and voice transmission. For telephony features such as conference calling, call forwarding, and automatic redialing are freed up in VoIP, which is open source, while companies that use traditional communications charge for VoIP.

×：Convergence

Wrong because convergence is the advantage of VoIP. Convergence means the integration of traditional IP networks with traditional analog telephone networks.

×：Flexibility

Wrong, because flexibility is an advantage of VoIP. The technology is very simple, easy and supports multiple calls over a single Internet broadband connection.

〇：IP Session Restriction via Media Gateway

The VoIP Media Gateway translates Internet Protocol (VoIP) voice over time division multiplexing (TDM) voice to and from. As a security measure, the number of calls through the Media Gateway should be limited. The Media Gateway is vulnerable to denial-of-service attacks, hijacking, and other types of attacks.

×：Identification of Rogue Devices  

Incorrect, as rogue devices on both IP telephony and data networks need to be identified.

×：Implementation of Authentication

Incorrect because authentication is recommended for both data and voice networks.

×：Encryption of packets containing sensitive information

Incorrect because sensitive data can be transmitted over either voice or data networks and must be encrypted in both cases. Eavesdropping is a very real threat for VoIP networks.

Onion routing is characterized by multiple layers of encryption because encryption is applied each time it passes through a router. However, there is no security feature at the final router because all encryption is decrypted at the final point of the router and becomes plaintext.

〇：How routers are centrally managed and control packets based on the controller’s instructions 

Software-defined networks (SDN) are intended to facilitate centralized management of routing decisions and to separate the router’s logical functions of passing data between the routing decision and the interface and making its mechanical functions.SDN architecture is a scalable, a programmable, and is intended to be a standard method of providing router control logic. Therefore, the correct answer is “a way for routers to be centrally managed and control packets based on the controller’s instructions.

×：Mapping between MAC and IP addresses.

ARP table.

×：Updating the routing table in a dynamic way.

Explanation of dynamic routing.

×：A method in which routers communicate with each other to update the routing table when an event occurs.

This is an explanation of routing control in case of communication failure.

Ethernet is a way of communication used for local area networks; LANs and such communicate over Ethernet. In other words, most communication is now done over Ethernet.

IEEE 802.11 is one of the wireless LAN standards established by IEEE.

〇：OSI reference model

The OSI reference model is a seven-layer classification of network communication. The concepts of application communication and session are separated, which would be clearly communicated based on the OSI reference model. Therefore, the correct answer is “OSI reference model.

×：TCP/IP model

The TCP/IP model is a layer design that is closer to the concept of a system than the OSI reference model; in the TCP/IP model, the application layer, presentation layer, and session layer of the OSI reference model are represented by a single application layer.

×：Data link model

There is no such model.

×：Biba model

Biba model is one of the security models that indicates that data cannot be changed without permission.

〇：Content Delivery Network (CDN)

Content delivery networks (CDNs) are designed to optimize the delivery of content to clients based on their global topology. In such a design, multiple web servers hosted at many points of existence on the Internet are globally synchronized and contain the same content, and the client is usually directed to the nearest source via DNS record manipulation based on geolocation algorithms for can be directed to.

×：Distributed Name Service (DNS)

Wrong, as there is no protocol called Distributed Name Service; DNS refers to the Domain Name Service protocol.

×：Distributed Web Service (DWS)

Distributed Web Services is also wrong because it is an incorrect answer. The concept of a distributed Web services discovery architecture is not a formal protocol, although it has been discussed by the IEEE and others.

×：Content Domain Distribution (CDD)

The term Content Domain Distribution (CDD) does not appear in CISSP’s CBK terminology.

A well-known port is a port number from 0 to 1023 that is reserved for standard services. There are three port number combinations. Well-known port numbers (0-1023) are port numbers officially registered with IANA. Registered port numbers (1024-49151) are port numbers that are officially registered with IANA. A dynamic/private port number (49152-65535) is a port number that is not officially registered with IANA.

〇：Teardrop

Teardrop is an attack to bring a system to a halt by forging the offset of IP packets when they are returned before splitting.

×：Fraggle attack

Fraggle attack is an attack that uses the CHARGEN function to generate an appropriate string.

×：CHARGEN attack

There is no attack with such a name.

×：War Driving

Wardriving is the act of driving around a city looking for vulnerable wireless LAN access points.

VoIP uses UDP. It is real-time oriented, and it is probably better to lose one or two packets than to retransmit a few seconds later in a connectionless fashion.

〇：LAND attack

A LAND attack is an attack that penetrates firewalls that block bad requests; it is similar to the Fraggle attack, but it sends a request to the firewall with the sender as the target of the attack. This is a blind spot because the firewall, which is supposed to protect the inside of the system, is used for the attack.

×：Teardrop

Teardrop is an attack that halts the system by forging the offset of IP packets before they are split.

×：Christmas Tree Attack

A Christmas tree attack is an attack in which a packet is sent with a number of flags (URG, ACK, PSH, RST, SYN, FIN) and the response is observed.

×：CHARGEN attack

CHARGEN (port 19) is a protocol that returns an appropriate string.

Matrix is not a network topology. Ring, mesh, and star are network topologies.

Diameter is an authentication protocol that implements the AAA (Authentication, Authorization, Accounting) service, the successor to RADIUS. This can cause performance degradation and data loss. This can lead to performance degradation and data loss.

Carrier Sense Multiple Access Collision Detection (CSMA / CD) is used for systems that can transmit and receive simultaneously, such as Ethernet. If two clients listen at the same time and make sure the line is clear, both may transmit at the same time, causing a collision. Collision Detection (CD) is added to solve this scenario. The client checks to see if the line is idle and transmits if it is idle. If in use, they wait for a random time (milliseconds). During transmission, they monitor the network and if more input is received than transmitted, another client is also transmitting and sends a jam signal instructing other nodes to stop transmitting, wait a random time and then start transmitting again.

〇：For early detection or enclosure in the event of an attack.

Attackers will conduct an investigation before launching a substantial attack. In such cases, a vulnerable network can provide preventative information such as where the attacker is accessing the network from. This is because only an attacker would have the incentive to break into the network. Vulnerable network domains, such as honeypots, make this kind of intrusion easier and clarify the attacker’s behavior. Thus, the correct answer is “to detect or enclose them early in the event of an attack.” will be

×：Debugging environment for when a system outage occurs in the current environment.

The answer is not to intentionally create a vulnerable environment. It is only the result of creating an environment that is vulnerable.

×：Aiming to prevent regressions due to old vulnerabilities.

Even if it is an old vulnerability, it should be addressed and there is no point in allowing it to remain.

×：A special environment for running a product with a low version that is no longer supported.

It is not an answer to intentionally create a vulnerable environment. It is merely the result of creating an environment that is vulnerable.

A captive portal is a mechanism that restricts communication with the outside world until user authentication, user registration, and user consent are performed when a terminal connects to the network.

〇：Make the mail relay server available to everyone.

This is a question of choosing the “ineffective” one. An open mail relay server is not an effective countermeasure against spam. In fact, spammers often use spammers to distribute spam, because the attackers can hide their identities. An open mail relay server is an SMTP server configured to allow inbound SMTP connections from anyone on the Internet, and many relays are properly configured to prevent attackers from distributing spam and pornography. Thus, the correct answer is “have an email relay server available to everyone.” will be.

×：Build a properly configured mail relay server.

A properly configured mail relay server can also suppress spam mail.

×：Perform filtering at the e-mail gateway.

Filtering emails that are considered spam mail at the gateway will help to prevent spam mail.

×：Filtering at the client.

Filtering spam mail at the client, i.e., in a mailing application such as Outlook, is considered to be a countermeasure against spam mail.

UDP (User Datagram Protocol) floods are often used in distributed denial of service (DDOS) attacks because they are connectionless and yet allow for easy generation of UDP messages from various scripting and compilation languages. UDP is a datagram protocol.