Practice Test(DOMAIN4)

CISSP総合学習サイト

Domain 4 Exam.

A minimum of 70% is required to pass.

 

Results

Wonderful!

There may be content you haven’t seen yet.

#1. When attackers set up war dialing, what do they try to do?

War Dialing is the indiscriminate and repeated act of cracking dial-ups in search of dial-up lines, such as those for non-public internal networks. It automatically scans a list of telephone numbers, usually dialing all numbers in the local area code, and searches modems, computers, bulletin board systems, and fax machines.

#2. Brad wants to ban the use of instant messaging (IM) on corporate networks. Which of the following should NOT be included in his presentation?

〇:The use of IM can be stopped by simply blocking certain ports on the network firewall.

Instant messaging (IM) allows people to communicate with each other via real-time and personal chat room types. These technologies will have the ability to transfer files. Users install an IM client and are assigned a unique identifier; they provide this unique identifier to anyone they wish to communicate with via IM. ineffective.

Another way to answer the question is to say that the question itself confirms our understanding of security, and then we can lay down the assumption that “should not be included in the presentation” means that we should not say anything that will later be held liable. There will be far more events that indicate that there is a possibility than events that say there is no possibility at all.

 

×:Sensitive data and files can be transferred from system to system via IM.

This is incorrect because in addition to text messages, instant messaging allows files to be transferred from system to system. These files could contain sensitive information, putting the company at business or legal risk. And sharing files via IM will use that much network bandwidth and impact network performance.

 

×:Users can be subjected to attacks posing as legitimate senders from malware containing information.

Incorrect because it is true. Due to lack of strong authentication, accounts can be falsified because there is to accept information from malicious users of the legitimate sender, not the receiver. There will also be numerous buffer overflows and malformed packet attacks that have been successful with different IM clients.

 

×:A security policy is needed specifying IM usage limits.

This is incorrect because his presentation should include the need for a security policy specifying IM usage restrictions. This is only one of several best practices to protect the environment from IM-related security breaches. Other best practices include upgrading IM software to a more secure version that configures the firewall to block IM traffic, implementing a corporate IM server so that only internal employees communicate within the organization’s network, and implementing an integrated Includes implementing an antivirus/firewall product.

#3. What is the range of well-known port?

A well-known port is a port number from 0 to 1023 that is reserved for standard services. There are three port number combinations. Well-known port numbers (0-1023) are port numbers officially registered with IANA. Registered port numbers (1024-49151) are port numbers that are officially registered with IANA. A dynamic/private port number (49152-65535) is a port number that is not officially registered with IANA.

#4. You want to make it clear to developers that application processing and session processing are separate. Which network model should they follow?

〇:OSI reference model

The OSI reference model is a seven-layer classification of network communication. The concepts of application communication and session are separated, which would be clearly communicated based on the OSI reference model. Therefore, the correct answer is “OSI reference model.

 

×:TCP/IP model

The TCP/IP model is a layer design that is closer to the concept of a system than the OSI reference model; in the TCP/IP model, the application layer, presentation layer, and session layer of the OSI reference model are represented by a single application layer.

 

×:Data link model

There is no such model.

 

×:Biba model

Biba model is one of the security models that indicates that data cannot be changed without permission.

#5. Which word indicates the destination address and the computer service or protocol communication method at the destination?

〇:Socket

UDP (User Datagram Protocol) and TCP (Transmission Control Protocol) are transport protocols used by applications to retrieve data over a network. Both use ports to communicate with the upper OSI layer and keep track of the various conversations that occur simultaneously. Ports are also the mechanism used to identify how other computers access services. When a TCP or UDP message is formed, the source and destination ports are included in the header information along with the source and destination IP addresses. This IP address and port number is called a socket; the IP address serves as the gateway to the computer and the port serves as the gateway to the actual protocol or service.

 

×:IP address

This is incorrect because the IP address does not tell the packet how to communicate with the service or protocol. The purpose of an IP address is to identify and address the location of a host or network interface. Each node in a network has a unique IP address. This information, along with the source and destination ports, make up a socket. The IP address tells the packet where to go, and the port indicates how to communicate with the appropriate service or protocol.

 

×:Port

The port is incorrect because it tells the packet only how to communicate with the appropriate service or protocol. It does not tell the packet where it should go. The IP address provides this information. Ports are communication endpoints used by IP protocols such as TCP and UDP. Ports are identified by a number.

 

×:Frame

Frame is incorrect because the term is used to refer to a datagram after the header and trailer have been given to the data link layer.

#6. The IT Security team has been asked to propose a mitigation strategy using the OSI reference model. Which of these would address the Layer 7 issue?

Application firewalls target Layer 7 of the OSI. The main advantage of an application firewall is its ability to understand specific applications and protocols. Packets are not decrypted until Layer 6, so Layer 7 can see the entire packet. Other firewalls can only inspect the packet, not the payload. It can detect if an unwanted application or service is trying to bypass the firewall by using a protocol on an allowed port, or if the protocol is being used in a malicious manner.

#7. DNS is a popular target for attackers on the Internet; which ones use recursive queries to pollute the caches of DNS servers?

〇:DNS Hijacking

The DNS plays a great role in the transmission of traffic on the Internet; it directs traffic to the appropriate IP address corresponding to a given domain name DNS queries can be classified as either recursive or iterative. In a recursive query, the DNS server forwards the query to another server, which returns the appropriate response to the inquirer. In an iterative query, the DNS server responds with the address of another DNS server that may be able to answer the question and then proceeds to further ask for a new DNS server. Attackers use recursive queries to pollute the caches of DNS servers.

The attacker sends a recursive query to the victim’s DNS server asking for the IP address of the domain; the DNS server forwards the query to another DNS server. Before the other DNS server responds, the attacker inserts his IP address. The victim server receives the IP address and stores it in its cache for a specific period of time. The next time the system queries the server for resolution, the server directs the user to the attacker’s IP address.

 

×:Manipulating the hosts file

Manipulating the hosts file is wrong because it does not use recursive queries to pollute the DNS server cache. The client queries the hosts file before issuing a request to the first DNS server. Some viruses add the antivirus vendor’s invalid IP address to the hosts file to prevent the virus definition file from being downloaded and to prevent detection.

 

×:Social engineering

Social engineering is wrong because it does not require querying DNS servers. Social engineering refers to manipulation by an individual for the purpose of gaining unauthorized access or information.

 

×:Domain Litigation

Domain litigation is wrong because it does not involve poisoning the DNS server cache. Domain names are at trademark risk, including temporary unavailability or permanent loss of established domain names.

#8. Which of the following is a straightforward inference as to why email spoofing was so easily carried out?

〇:SMTP lacks proper authentication mechanisms.

Email spoofing is easy to perform if the SMTP lacks proper authentication mechanisms. An attacker can spoof the sender address of an e-mail by sending a Telnet command to port 25 of the mail server. The spammer uses e-mail spoofing to prevent himself from being identified.

 

×:The administrator forgot to configure a setting that prevents inbound SMTP connections for non-functioning domains.

If it is spoofed, the email sender is also spoofed. This can happen even if you prevent inbound SMTP connections for a domain.

 

×:Technically abolished by keyword filtering.

Filtering is not very effective against spoofing. Therefore, even if it is technically obsolete, it is unlikely to be the cause.

 

×:The blacklist function is not technically reliable.

If an email is spoofed, the sender of the email is also spoofed. This can happen even if the filtering function is not reliable.

#9. You are implementing Quality of Service (QoS) in your network; which is one of the main benefits of QoS?

#10. One approach to fighting spam mail is to use the Sender Policy Framework, an email validation system. What type of system implements this functionality and receives and responds to requests?

Sender Policy Framework (SPF) is an email verification system that detects email spoofing and prevents spam and malicious email. Attackers typically spoof e-mail addresses to make recipients believe that the messages come from a known and trusted source. SPF allows network administrators to specify which hosts can send mail from a particular domain by implementing SPF records in the Domain Name System (DNS). The e-mail server is configured to check with the DNS server to ensure that e-mail sent from a particular domain was sent from an IP address authorized by the administrator of the sending domain.

#11. Which of the following is the most appropriate relationship between SSL and TLS?

〇:TLS is an open community version of SSL.

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols used to protect communications by encrypting segments of a network connection. SSL is a proprietary protocol and TLS was developed by a standards body, making it an open community protocol.

 

×:TLS is an open community version of SSL. SSL is a proprietary protocol and TLS was developed by a standards body, making it an open community protocol. x: The SSL protocol can be modified by developers to extend its capabilities.

This is incorrect because SSL is a proprietary protocol developed by Netscape. This means that the technical community cannot easily interoperate and extend SSL to extend to its functionality.

 

×:SSL is an open community protocol while TLS is a proprietary protocol.

The meaning and matching are reversed.

 

×:SSL is an extended version and backward compatible with TLS.

Wrong, since TLS is actually more extensible than SSL and is not backward compatible with SSL.

#12. An IT security team at a small healthcare organization wants to focus on maintaining IDS, firewalls, enterprise-wide anti-malware solutions, data leak prevention technology, and centralized log management. Which of the following types of solutions implement standardized and streamlined security features?

〇:Unified Threat Management

Unified Threat Management (UTM) appliance products have been developed to provide firewall, malware, spam, IDS / IPS, content filtering, data leak prevention, VPN capabilities, and continuous monitoring and reporting in computer networks.

Since this question asks for a definition of Unified Threat Management that is unfamiliar or not even mentioned in the course material, it is inefficient to buy and study a new book just to get this score. To avoid ending up with “I don’t know = I can’t solve it,” be sure to develop the habit of choosing a “better answer.

If you think in terms of the classification Concepts/Standards > Solutions/Implementation Methods, ISCM (NIST SP800-137) and centralized access control systems are the former, while Unified Threat Management and cloud-based security solutions are the latter. Therefore, it is still better to bet on unified threat management and cloud-based security solutions.

 

×:ISCM (NIST SP800-137)

Because continuous monitoring in the security industry is most commonly Information Security Continuous Monitoring ISCM (NIST SP800-137), which enables companies to gain situational awareness, continuous awareness of information security, vulnerabilities, and threats to support business risk management decisions , is incorrect.

 

×:Centralized Access Control System

Wrong because a centralized access control system does not attempt to combine all of the security products and capabilities mentioned in the issue. A centralized access control system is used so that its access control can be enforced in a standardized manner across different systems in a network environment.

 

×:Cloud-based security solutions

Cloud-based security solutions include security managed services that allow an outsourced company to manage and maintain a company’s security devices and solutions, but this is not considered a cloud-based solution. The cloud-based solution provides the infrastructure environment, platform, or application to the customer so that the customer does not have to spend time and money maintaining these items themselves.

#13. What are the problems with RADIUS that have been eliminated by Diameter?

Diameter is an authentication protocol that implements the AAA (Authentication, Authorization, Accounting) service, the successor to RADIUS. This can cause performance degradation and data loss. This can lead to performance degradation and data loss.

#14. We would like to use Ethernet for a bus type network configuration. The service requirements are a communication speed of 5 M and a distance of 200 m. Which standard should we use?

Ethernet is a way of communication used for local area networks; LANs and such communicate over Ethernet. In other words, most communication is now done over Ethernet.

Name Type Speed Max Distance
10Base2 ‘Thinnet’
Bus
10Mbit
185meters
10Base5 ‘Thicknet’
Bus
10Mbit
500meters
10BaseT
Star
10Mbit
100meters
100Mbit
Star
100BaseT
100meters
1000BaseT
Star
1000Mbit
100meters

#15. Which of the following is an attack that accesses an internal IP address as the source from the outside and aims for internal access by means of a response request?

〇:LAND attack

A LAND attack is an attack that penetrates firewalls that block bad requests; it is similar to the Fraggle attack, but it sends a request to the firewall with the sender as the target of the attack. This is a blind spot because the firewall, which is supposed to protect the inside of the system, is used for the attack.

 

×:Teardrop

Teardrop is an attack that halts the system by forging the offset of IP packets before they are split.

 

×:Christmas Tree Attack

A Christmas tree attack is an attack in which a packet is sent with a number of flags (URG, ACK, PSH, RST, SYN, FIN) and the response is observed.

 

×:CHARGEN attack

CHARGEN (port 19) is a protocol that returns an appropriate string.

#16. What is the intention of preparing artificially vulnerable network domains?

〇:For early detection or enclosure in the event of an attack.

Attackers will conduct an investigation before launching a substantial attack. In such cases, a vulnerable network can provide preventative information such as where the attacker is accessing the network from. This is because only an attacker would have the incentive to break into the network. Vulnerable network domains, such as honeypots, make this kind of intrusion easier and clarify the attacker’s behavior. Thus, the correct answer is “to detect or enclose them early in the event of an attack.” will be

 

×:Debugging environment for when a system outage occurs in the current environment.

The answer is not to intentionally create a vulnerable environment. It is only the result of creating an environment that is vulnerable.

 

×:Aiming to prevent regressions due to old vulnerabilities.

Even if it is an old vulnerability, it should be addressed and there is no point in allowing it to remain.

 

×:A special environment for running a product with a low version that is no longer supported.

It is not an answer to intentionally create a vulnerable environment. It is merely the result of creating an environment that is vulnerable.

#17. Which network line should be used to ensure that traffic always uses the same path?

Circuit switching is a dedicated communication channel through a network. The circuit guarantees full bandwidth. The circuit functions as if the nodes were physically connected by cables.

#18. Which of the following attacks aims to bring down equipment by means of packets whose offsets have been tampered with?

〇:Teardrop

Teardrop is an attack to bring a system to a halt by forging the offset of IP packets when they are returned before splitting.

 

×:Fraggle attack

Fraggle attack is an attack that uses the CHARGEN function to generate an appropriate string.

 

×:CHARGEN attack

There is no attack with such a name.

 

×:War Driving

Wardriving is the act of driving around a city looking for vulnerable wireless LAN access points.

#19. Layer 2 of the OSI model has two sublayers. What are the two IEEE standards that represent these sublayers and technologies?

The data link layer or Layer 2 of the OSI model adds a header and trailer to the packet to prepare the packet in binary format in local area network or wide area network technology for proper line transmission. Layer 2 is divided into two functional sublayers. The upper sublayer is logical link control (LLC), which is defined in the IEEE 802.2 specification. It communicates with the network layer above the data link layer. Below the LLC is the Media Access Control (MAC) sublayer, which specifies interfaces with the protocol requirements of the physical layer.

#20. Software-defined network (SDN) technology specifies which of the following?

〇:How routers are centrally managed and control packets based on the controller’s instructions 

Software-defined networks (SDN) are intended to facilitate centralized management of routing decisions and to separate the router’s logical functions of passing data between the routing decision and the interface and making its mechanical functions.SDN architecture is a scalable, a programmable, and is intended to be a standard method of providing router control logic. Therefore, the correct answer is “a way for routers to be centrally managed and control packets based on the controller’s instructions.

 

×:Mapping between MAC and IP addresses.

ARP table.

 

×:Updating the routing table in a dynamic way.

Explanation of dynamic routing.

 

×:A method in which routers communicate with each other to update the routing table when an event occurs.

This is an explanation of routing control in case of communication failure.

Previous
終了