Domain 4 Exam.
A minimum of 70% is required to pass.
#1. Which DNS extension provides authentication of the origin of DNS data to DNS clients (resolvers) that can reduce DNS poisoning, spoofing, and other attacks?
DNSSEC is a set of extensions to the DNS that provide DNS clients (resolvers) with authentication of the origin of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attack types. It is an Internet Engineering Task Force (IETF) specification for securing services.
DNS servers contain records that map hostnames to IP addresses, called resource records. The answer is incorrect. When a user’s computer needs to resolve a hostname to an IP address, it looks in its network configuration to find its DNS server. The computer then sends a request containing the hostname to the DNS server for resolution; the DNS server looks at its resource records, finds a record with this particular hostname, retrieves the address, and responds to the computer with the corresponding IP address.
Primary and secondary DNS servers synchronize their information via zone transfers. The answer is incorrect. After changes are made to the primary DNS server, these changes must be replicated to the secondary DNS server. It is important to configure the DNS servers so that zone transfers can take place between specific servers.
Equivalent to transferring DNS resource records, but the answer is incorrect.
#2. Which word indicates the destination address and the computer service or protocol communication method at the destination?
UDP (User Datagram Protocol) and TCP (Transmission Control Protocol) are transport protocols used by applications to retrieve data over a network. Both use ports to communicate with the upper OSI layer and keep track of the various conversations that occur simultaneously. Ports are also the mechanism used to identify how other computers access services. When a TCP or UDP message is formed, the source and destination ports are included in the header information along with the source and destination IP addresses. This IP address and port number is called a socket; the IP address serves as the gateway to the computer and the port serves as the gateway to the actual protocol or service.
This is incorrect because the IP address does not tell the packet how to communicate with the service or protocol. The purpose of an IP address is to identify and address the location of a host or network interface. Each node in a network has a unique IP address. This information, along with the source and destination ports, make up a socket. The IP address tells the packet where to go, and the port indicates how to communicate with the appropriate service or protocol.
The port is incorrect because it tells the packet only how to communicate with the appropriate service or protocol. It does not tell the packet where it should go. The IP address provides this information. Ports are communication endpoints used by IP protocols such as TCP and UDP. Ports are identified by a number.
Frame is incorrect because the term is used to refer to a datagram after the header and trailer have been given to the data link layer.
#3. Which technology optimizes content delivery by determining geographic location based on the client’s IP address for routing that constitutes the proximal topology of Web content?
〇：Content Delivery Network (CDN)
Content delivery networks (CDNs) are designed to optimize the delivery of content to clients based on their global topology. In such a design, multiple web servers hosted at many points of existence on the Internet are globally synchronized and contain the same content, and the client is usually directed to the nearest source via DNS record manipulation based on geolocation algorithms for can be directed to.
×：Distributed Name Service (DNS)
Wrong, as there is no protocol called Distributed Name Service; DNS refers to the Domain Name Service protocol.
×：Distributed Web Service (DWS)
Distributed Web Services is also wrong because it is an incorrect answer. The concept of a distributed Web services discovery architecture is not a formal protocol, although it has been discussed by the IEEE and others.
×：Content Domain Distribution (CDD)
The term Content Domain Distribution (CDD) does not appear in CISSP’s CBK terminology.
#4. Which of the following attacks aims to bring down equipment by means of packets whose offsets have been tampered with?
Teardrop is an attack to bring a system to a halt by forging the offset of IP packets when they are returned before splitting.
Fraggle attack is an attack that uses the CHARGEN function to generate an appropriate string.
There is no attack with such a name.
Wardriving is the act of driving around a city looking for vulnerable wireless LAN access points.
#5. Communication speed has become a problem and we want to renew our Wi-Fi. I want to get the fastest possible connection speed. Which Wi-Fi standard should we use?
#6. When attackers set up war dialing, what do they try to do?
War Dialing is the indiscriminate and repeated act of cracking dial-ups in search of dial-up lines, such as those for non-public internal networks. It automatically scans a list of telephone numbers, usually dialing all numbers in the local area code, and searches modems, computers, bulletin board systems, and fax machines.
#7. Which of the following is a vulnerability in onion routing?
#8. The IT Security team has been asked to propose a mitigation strategy using the OSI reference model. Which of these would address the Layer 7 issue?
Application firewalls target Layer 7 of the OSI. The main advantage of an application firewall is its ability to understand specific applications and protocols. Packets are not decrypted until Layer 6, so Layer 7 can see the entire packet. Other firewalls can only inspect the packet, not the payload. It can detect if an unwanted application or service is trying to bypass the firewall by using a protocol on an allowed port, or if the protocol is being used in a malicious manner.
#9. Which of the following is NOT a benefit of VoIP?
Voice over Internet Protocol (VoIP) refers to a transmission technology that delivers voice communications over an IP network; IP telephony uses technology that is similar to TCP/IP and therefore similar in its vulnerabilities. Voice systems are vulnerable to application manipulation and unauthorized administrative access. It is also vulnerable to denial of service attacks against gateway and network resources. Eavesdropping is also a concern since data traffic is transmitted in clear text unless encrypted.
The term security is a difficult answer to choose from because it has a very broad meaning. However, information security scriptures such as CISSP are persistent in saying that VoIP has vulnerabilities. Although this answer is a bit over the top in practical terms, it was made to educate the public, because depending on the creator’s intentions, this issue may arise.
Wrong, because cost is an advantage of VoIP; with VoIP’s, a company becomes a dedicated alternative to a separate network dedicated to data transmission and voice transmission. For telephony features such as conference calling, call forwarding, and automatic redialing are freed up in VoIP, which is open source, while companies that use traditional communications charge for VoIP.
Wrong because convergence is the advantage of VoIP. Convergence means the integration of traditional IP networks with traditional analog telephone networks.
Wrong, because flexibility is an advantage of VoIP. The technology is very simple, easy and supports multiple calls over a single Internet broadband connection.
#10. Which is the most correct use of a captive portal?
#11. Which of the following is a straightforward inference as to why email spoofing was so easily carried out?
〇：SMTP lacks proper authentication mechanisms.
Email spoofing is easy to perform if the SMTP lacks proper authentication mechanisms. An attacker can spoof the sender address of an e-mail by sending a Telnet command to port 25 of the mail server. The spammer uses e-mail spoofing to prevent himself from being identified.
×：The administrator forgot to configure a setting that prevents inbound SMTP connections for non-functioning domains.
If it is spoofed, the email sender is also spoofed. This can happen even if you prevent inbound SMTP connections for a domain.
×：Technically abolished by keyword filtering.
Filtering is not very effective against spoofing. Therefore, even if it is technically obsolete, it is unlikely to be the cause.
×：The blacklist function is not technically reliable.
If an email is spoofed, the sender of the email is also spoofed. This can happen even if the filtering function is not reliable.
#12. Which of the following are threats to layers 5-7 of the OSI reference model?
#13. Which protocols does Voice over IP (VoIP) primarily use?
#14. Layer 2 of the OSI model has two sublayers. What are the two IEEE standards that represent these sublayers and technologies?
The data link layer or Layer 2 of the OSI model adds a header and trailer to the packet to prepare the packet in binary format in local area network or wide area network technology for proper line transmission. Layer 2 is divided into two functional sublayers. The upper sublayer is logical link control (LLC), which is defined in the IEEE 802.2 specification. It communicates with the network layer above the data link layer. Below the LLC is the Media Access Control (MAC) sublayer, which specifies interfaces with the protocol requirements of the physical layer.
#15. Which of the following is an incorrect description of IP telephony security?
〇：Softphones are safer than IP phones.
IP softphones should be used with caution. A softphone is a software application that allows users to make calls via computer over the Internet. Replacing dedicated hardware, a softphone works like a traditional telephone. Skype is an example of a softphone application. Compared to hardware-based IP phones, softphones are more receptive to IP networks. However, softphones are no worse than other interactive Internet applications because they do not separate voice traffic from data, as IP phones do, and also because data-centric malware can more easily enter the network through softphones. network.
×：VoIP networks should be protected with the same security controls used on data networks.
The statement is incorrect because it correctly describes the security of an IP telephony network. an IP telephony network uses the same technology as a traditional IP network, which allows it to support voice applications. Therefore, IP telephony networks are susceptible to the same vulnerabilities as traditional IP networks and should be protected accordingly. This means that IP telephony networks should be designed to have adequate security.
×：As an endpoint, IP telephony can be a target of attack.
Incorrect because true: An IP phone on an IP telephony network is equivalent to a workstation on a data network in terms of vulnerability to attack. Thus, IP phones should be protected with many of the same security controls implemented on traditional workstations. For example, the default administrator password must be changed. Unnecessary remote access functions need to be disabled. Logging should be enabled and the firmware upgrade process should be secured.
×：The current Internet architecture in which voice is transmitted is more secure than physical phone lines.
True and therefore incorrect. In most cases, the current Internet architecture in which voice is transmitted is more secure than physical telephone lines. Physical phone lines provide a point-to-point connection, which is difficult to leverage over the software-based tunnels that make up the bulk of the Internet. This is an important factor to consider when protecting IP telephony networks because the network is now transmitting 2 valuable asset data and voice. It is not unusual for personal information, financial information, and other sensitive data to be spoken over the phone; intercepting this information over an IP telephony network is as easy as intercepting regular data. Currently voice traffic should also be encrypted.
#16. Brad wants to ban the use of instant messaging (IM) on corporate networks. Which of the following should NOT be included in his presentation?
〇：The use of IM can be stopped by simply blocking certain ports on the network firewall.
Instant messaging (IM) allows people to communicate with each other via real-time and personal chat room types. These technologies will have the ability to transfer files. Users install an IM client and are assigned a unique identifier; they provide this unique identifier to anyone they wish to communicate with via IM. ineffective.
Another way to answer the question is to say that the question itself confirms our understanding of security, and then we can lay down the assumption that “should not be included in the presentation” means that we should not say anything that will later be held liable. There will be far more events that indicate that there is a possibility than events that say there is no possibility at all.
×：Sensitive data and files can be transferred from system to system via IM.
This is incorrect because in addition to text messages, instant messaging allows files to be transferred from system to system. These files could contain sensitive information, putting the company at business or legal risk. And sharing files via IM will use that much network bandwidth and impact network performance.
×：Users can be subjected to attacks posing as legitimate senders from malware containing information.
Incorrect because it is true. Due to lack of strong authentication, accounts can be falsified because there is to accept information from malicious users of the legitimate sender, not the receiver. There will also be numerous buffer overflows and malformed packet attacks that have been successful with different IM clients.
×：A security policy is needed specifying IM usage limits.
This is incorrect because his presentation should include the need for a security policy specifying IM usage restrictions. This is only one of several best practices to protect the environment from IM-related security breaches. Other best practices include upgrading IM software to a more secure version that configures the firewall to block IM traffic, implementing a corporate IM server so that only internal employees communicate within the organization’s network, and implementing an integrated Includes implementing an antivirus/firewall product.
#17. What is the IPSec SA value?
#18. Software-defined network (SDN) technology specifies which of the following?
〇：How routers are centrally managed and control packets based on the controller’s instructions
Software-defined networks (SDN) are intended to facilitate centralized management of routing decisions and to separate the router’s logical functions of passing data between the routing decision and the interface and making its mechanical functions.SDN architecture is a scalable, a programmable, and is intended to be a standard method of providing router control logic. Therefore, the correct answer is “a way for routers to be centrally managed and control packets based on the controller’s instructions.
×：Mapping between MAC and IP addresses.
×：Updating the routing table in a dynamic way.
Explanation of dynamic routing.
×：A method in which routers communicate with each other to update the routing table when an event occurs.
This is an explanation of routing control in case of communication failure.
#19. Which unique internal protocol selects the best path between source and destination in network routing?
The Internal Gateway Routing Protocol (IGRP) is a distance vector routing protocol developed by and proprietary to Cisco Systems, Inc. Whereas the Routing Information Protocol (RIP) uses one criterion to find the optimal path between source and destination, IGRP uses five criteria to make an “optimal route” determination. The network administrator can set weights on these different metrics so that the protocol works optimally in its particular environment.
Routing Information Protocol (RIP) is incorrect because it is not proprietary; RIP allows routers to exchange routing table data and calculate the shortest distance between source and destination. It is considered a legacy protocol due to poor performance and lack of features. It should be used in smaller networks.
Border Gateway Protocol (BGP) is incorrect because it is an Exterior Gateway Protocol (EGP); BGP allows routers in different ASes to share routing information to ensure effective and efficient routing between different networks. BGP is used by Internet Service Providers.
OSPF is incorrect because it is not proprietary; it uses a link-state algorithm to transmit information in the OSPF routing table. Smaller and more frequent routing table updates.
#20. Previously, access was controlled by source IP address, but the behavior of a series of communications indicates that it must be detected. Which firewall is designed to respond to this attack?
Stateful Inspection detects abnormal communication in which the request and response are linked and only the response is returned from a different server. Therefore, the correct answer is “Stateful Inspection.
Commonly referred to as WAF, this is used when filtering is performed based on strings in telegrams, such as SQL injection.
Used for filtering by IP address or port.
There is no such firewall category.