Domain 4 Exam.
A minimum of 70% is required to pass.
#1. Which is the most correct use of a captive portal?
#2. Encryption can occur at different layers of the operating system and network stack. Where does PPTP encryption occur?
#3. What is the IPSec SA value?
#4. Robert is responsible for implementing a common architecture for accessing sensitive information over an Internet connection. Which of the following best describes this type of architecture?
The 3-tier architecture clearly distinguishes the three layers: the client has the user interface responsible for input and displaying results, and the server has the functional process logic responsible for data processing and data storage for accessing the database. The user interface role is generally handled by the front-end web server with which the user interacts. It can handle both static and cached dynamic content. The functional process logic is where requests are reformatted and processed. It is typically a dynamic content processing and generation level application server. Data storage is where sensitive data is held. It is the back-end database and holds both the data and the database management system software used to manage and provide access to the data.
Two-tier, or client/server, is incorrect because it describes an architecture in which a server serves one or more clients that request those services.
A screen-subnet architecture is for one firewall to protect one server (basically a one-tier architecture). The external, public-side firewall monitors requests from untrusted networks like the Internet. If one layer, the only firewall, is compromised, an attacker can access sensitive data residing on the server with relative ease.
×：Public and Private DNS Zones
Separating DNS servers into public and private servers provides protection, but this is not the actual architecture.
#5. You want to make it clear to developers that application processing and session processing are separate. Which network model should they follow?
〇：OSI reference model
The OSI reference model is a seven-layer classification of network communication. The concepts of application communication and session are separated, which would be clearly communicated based on the OSI reference model. Therefore, the correct answer is “OSI reference model.
The TCP/IP model is a layer design that is closer to the concept of a system than the OSI reference model; in the TCP/IP model, the application layer, presentation layer, and session layer of the OSI reference model are represented by a single application layer.
×：Data link model
There is no such model.
Biba model is one of the security models that indicates that data cannot be changed without permission.
#6. Previously, access was controlled by source IP address, but the behavior of a series of communications indicates that it must be detected. Which firewall is designed to respond to this attack?
Stateful Inspection detects abnormal communication in which the request and response are linked and only the response is returned from a different server. Therefore, the correct answer is “Stateful Inspection.
Commonly referred to as WAF, this is used when filtering is performed based on strings in telegrams, such as SQL injection.
Used for filtering by IP address or port.
There is no such firewall category.
#7. Which of the following are threats to layers 5-7 of the OSI reference model?
#8. Layer 2 of the OSI model has two sublayers. What are the two IEEE standards that represent these sublayers and technologies?
The data link layer or Layer 2 of the OSI model adds a header and trailer to the packet to prepare the packet in binary format in local area network or wide area network technology for proper line transmission. Layer 2 is divided into two functional sublayers. The upper sublayer is logical link control (LLC), which is defined in the IEEE 802.2 specification. It communicates with the network layer above the data link layer. Below the LLC is the Media Access Control (MAC) sublayer, which specifies interfaces with the protocol requirements of the physical layer.
#9. Which of the following is NOT a benefit of VoIP?
Voice over Internet Protocol (VoIP) refers to a transmission technology that delivers voice communications over an IP network; IP telephony uses technology that is similar to TCP/IP and therefore similar in its vulnerabilities. Voice systems are vulnerable to application manipulation and unauthorized administrative access. It is also vulnerable to denial of service attacks against gateway and network resources. Eavesdropping is also a concern since data traffic is transmitted in clear text unless encrypted.
The term security is a difficult answer to choose from because it has a very broad meaning. However, information security scriptures such as CISSP are persistent in saying that VoIP has vulnerabilities. Although this answer is a bit over the top in practical terms, it was made to educate the public, because depending on the creator’s intentions, this issue may arise.
Wrong, because cost is an advantage of VoIP; with VoIP’s, a company becomes a dedicated alternative to a separate network dedicated to data transmission and voice transmission. For telephony features such as conference calling, call forwarding, and automatic redialing are freed up in VoIP, which is open source, while companies that use traditional communications charge for VoIP.
Wrong because convergence is the advantage of VoIP. Convergence means the integration of traditional IP networks with traditional analog telephone networks.
Wrong, because flexibility is an advantage of VoIP. The technology is very simple, easy and supports multiple calls over a single Internet broadband connection.
#10. Which network line should be used to ensure that traffic always uses the same path?
#11. We would like to use Ethernet for a bus type network configuration. The service requirements are a communication speed of 5 M and a distance of 200 m. Which standard should we use?
Ethernet is a way of communication used for local area networks; LANs and such communicate over Ethernet. In other words, most communication is now done over Ethernet.
#12. Which of the following attacks aims to bring down equipment by means of packets whose offsets have been tampered with?
Teardrop is an attack to bring a system to a halt by forging the offset of IP packets when they are returned before splitting.
Fraggle attack is an attack that uses the CHARGEN function to generate an appropriate string.
There is no attack with such a name.
Wardriving is the act of driving around a city looking for vulnerable wireless LAN access points.
#13. An IT security team at a small healthcare organization wants to focus on maintaining IDS, firewalls, enterprise-wide anti-malware solutions, data leak prevention technology, and centralized log management. Which of the following types of solutions implement standardized and streamlined security features?
〇：Unified Threat Management
Unified Threat Management (UTM) appliance products have been developed to provide firewall, malware, spam, IDS / IPS, content filtering, data leak prevention, VPN capabilities, and continuous monitoring and reporting in computer networks.
Since this question asks for a definition of Unified Threat Management that is unfamiliar or not even mentioned in the course material, it is inefficient to buy and study a new book just to get this score. To avoid ending up with “I don’t know = I can’t solve it,” be sure to develop the habit of choosing a “better answer.
If you think in terms of the classification Concepts/Standards > Solutions/Implementation Methods, ISCM (NIST SP800-137) and centralized access control systems are the former, while Unified Threat Management and cloud-based security solutions are the latter. Therefore, it is still better to bet on unified threat management and cloud-based security solutions.
×：ISCM (NIST SP800-137)
Because continuous monitoring in the security industry is most commonly Information Security Continuous Monitoring ISCM (NIST SP800-137), which enables companies to gain situational awareness, continuous awareness of information security, vulnerabilities, and threats to support business risk management decisions , is incorrect.
×：Centralized Access Control System
Wrong because a centralized access control system does not attempt to combine all of the security products and capabilities mentioned in the issue. A centralized access control system is used so that its access control can be enforced in a standardized manner across different systems in a network environment.
×：Cloud-based security solutions
Cloud-based security solutions include security managed services that allow an outsourced company to manage and maintain a company’s security devices and solutions, but this is not considered a cloud-based solution. The cloud-based solution provides the infrastructure environment, platform, or application to the customer so that the customer does not have to spend time and money maintaining these items themselves.
#14. You are implementing Quality of Service (QoS) in your network; which is one of the main benefits of QoS?
#15. When attackers set up war dialing, what do they try to do?
War Dialing is the indiscriminate and repeated act of cracking dial-ups in search of dial-up lines, such as those for non-public internal networks. It automatically scans a list of telephone numbers, usually dialing all numbers in the local area code, and searches modems, computers, bulletin board systems, and fax machines.
#16. Which of the following is a vulnerability in onion routing?
#17. Which protocols does Voice over IP (VoIP) primarily use?
#18. Software-defined network (SDN) technology specifies which of the following?
〇：How routers are centrally managed and control packets based on the controller’s instructions
Software-defined networks (SDN) are intended to facilitate centralized management of routing decisions and to separate the router’s logical functions of passing data between the routing decision and the interface and making its mechanical functions.SDN architecture is a scalable, a programmable, and is intended to be a standard method of providing router control logic. Therefore, the correct answer is “a way for routers to be centrally managed and control packets based on the controller’s instructions.
×：Mapping between MAC and IP addresses.
×：Updating the routing table in a dynamic way.
Explanation of dynamic routing.
×：A method in which routers communicate with each other to update the routing table when an event occurs.
This is an explanation of routing control in case of communication failure.
#19. Brad wants to ban the use of instant messaging (IM) on corporate networks. Which of the following should NOT be included in his presentation?
〇：The use of IM can be stopped by simply blocking certain ports on the network firewall.
Instant messaging (IM) allows people to communicate with each other via real-time and personal chat room types. These technologies will have the ability to transfer files. Users install an IM client and are assigned a unique identifier; they provide this unique identifier to anyone they wish to communicate with via IM. ineffective.
Another way to answer the question is to say that the question itself confirms our understanding of security, and then we can lay down the assumption that “should not be included in the presentation” means that we should not say anything that will later be held liable. There will be far more events that indicate that there is a possibility than events that say there is no possibility at all.
×：Sensitive data and files can be transferred from system to system via IM.
This is incorrect because in addition to text messages, instant messaging allows files to be transferred from system to system. These files could contain sensitive information, putting the company at business or legal risk. And sharing files via IM will use that much network bandwidth and impact network performance.
×：Users can be subjected to attacks posing as legitimate senders from malware containing information.
Incorrect because it is true. Due to lack of strong authentication, accounts can be falsified because there is to accept information from malicious users of the legitimate sender, not the receiver. There will also be numerous buffer overflows and malformed packet attacks that have been successful with different IM clients.
×：A security policy is needed specifying IM usage limits.
This is incorrect because his presentation should include the need for a security policy specifying IM usage restrictions. This is only one of several best practices to protect the environment from IM-related security breaches. Other best practices include upgrading IM software to a more secure version that configures the firewall to block IM traffic, implementing a corporate IM server so that only internal employees communicate within the organization’s network, and implementing an integrated Includes implementing an antivirus/firewall product.
#20. Angela wants a computer environment that can be used together in departmental groups while easily sharing network resources. Which computers should logically be used as group computers?
Virtual LANs (VLANs) allow logical isolation and grouping of computers based on resource requirements, security, or business needs, despite the standard physical location of the system. Computers in the same department configured on the same VLAN network can all receive the same broadcast messages, allowing all users to access the same types of resources regardless of their physical location.
×：Open Network Architecture
Open network architecture is wrong because it describes the technology that can configure a network; the OSI model provides a framework for developing products that operate within an open network architecture.
Incorrect because an intranet is a private network used by a company when it wants to use Internet and Web-based technologies in its internal network.
Incorrect because a Value Added Network (VAN) is an electronic data interchange (EDI) infrastructure developed and maintained by a service bureau.