Communications and Network Security
Domain 4 –
- In the OSI reference model, on which layer can Ethernet (IEEE 802.3) be described?
- Layer 1—Physical Layer
- Layer 2—Data-link layer
- Layer 3—Network Layer
- Layer 4—Transport Layer
Answer: B
Layer 2, the data-link layer, describes data transfer between machines, for instance, by an Ethernet.
- A customer wants to keep cost to a minimum and has only ordered a single static IP address from the ISP. Which of the following must be configured on the router to allow for all the computers to share the same public IP address?
- VLANs
- PoE
- PAT
- VPN
Answer: C
Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses.
- Users are reporting that some Internet websites are not accessible anymore. Which of the following will allow the network administrator to quickly isolate the remote router that is causing the network communication issue so that the problem can be reported to the appropriate responsible party?
- Ping
- Protocol analyzer
- Tracert
- Dig
Answer: C
The Tracert utility will attempt to trace the route to the target address over a maximum of 30 hops. As a result, it will tell the user which routes are valid, and where the packets are being dropped, allowing them to quickly diagnose connectivity problems.
- Ann installs a new Wireless Access Point (WAP) and users are able to connect to it. However, once connected, users cannot access the Internet. Which of the following is the MOST likely cause of the problem?
- The signal strength has been degraded and latency is increasing hop count.
- An incorrect subnet mask has been entered in the WAP configuration.
- The signal strength has been degraded and packets are being lost.
- Users have specified the wrong encryption type and packets are being rejected.
Answer: B
The subnet mask is broken into two parts, the Network ID and the Host ID. The Network ID represents the network that the device is connected to. If, for example, the subnet mask in question was supposed to be 255.255.240.0, but instead was entered as 255.240.0.0, then the device would only be able to see other computers in the 255.240.0.0 subnet, and the default gateway of the subnet. When the wrong subnet mask is entered for a network configuration, the device will not be able to communicate with any other devices outside of the subnet until the right subnet mask is entered, allowing them to be able to interact with the devices on the network that the subnet mask represents.
- What is the optimal placement for network-based intrusion detection systems (NIDS)?
- On the network perimeter, to alert the network administrator of all suspicious traffic
- On network segments with business-critical systems (e.g., demilitarized zones (DMZs) and on certain intranet segments)
- At the network operations center (NOC)
- At an external service provider
Answer: A
Intrusion detection systems (IDS) monitor activity and send alerts when they detect suspicious traffic. There are two broad classifications of IDS: host-based IDS, which monitor activity on servers and workstations, and network-based IDS, which monitor network activity. Placing an IDS on the network perimeter monitors all traffic into an organization.
- Which of the following end-point devices would MOST likely be considered part of a converged IP network?
- file server, IP phone, security camera
- IP phone, thermostat, cypher lock
- security camera, cypher lock, IP phone
- thermostat, file server, cypher lock
Answer: A
See Figure 4.32 on Converged IP Networks
- Network upgrades have been completed and the WINS server was shutdown. It was decided that NetBIOS network traffic will no longer be permitted. Which of the following will accomplish this objective?
- Content filtering
- Port filtering
- MAC filtering
- IP filtering
Answer: B
TCP/IP port filtering is the practice of selectively enabling or disabling Transmission Control Protocol (TCP) ports and User Datagram Protocol (UDP) ports on computers or network devices. When used in conjunction with other security practices, such as deploying firewall software at your Internet access point, applying port filters to intranet and Internet servers insulates those servers from many TCP/IP-based security attacks, including internal attacks by malicious users.
- Which of the following devices should be part of a network’s perimeter defense?
- A boundary router, A firewall, A proxy Server
- A firewall, A proxy server, A host based intrusion detection system (HIDS)
- A proxy server, A host based intrusion detection system (HIDS), A firewall
- A host based intrusion detection system (HIDS), A firewall, A boundary router
Answer: B
The security perimeter is the first line of protection between trusted and untrusted networks. In general, it includes a firewall and router that helps filter traffic. Security perimeters may also include proxies and devices, such as an intrusion detection system (IDS), to warn of suspicious traffic. The defensive perimeter extends out from these first protective devices, to include proactive defense such as boundary routers which can provide early warning of upstream attacks and threat activities. HIDS are associated with hosts behind the perimeter.
Answer: A
Wireless networks allow users to be mobile while remaining connected to a LAN. Unfortunately, this allows unauthorized users greater access to the LAN as well. In fact, many wireless LANs can be accessed off of the organization’s property by anyone with a wireless card in a laptop, which effectively extends the LAN where there are no physical controls.
- Which of the following is a path vector routing protocol?
- RIP
- EIGRP
- OSPF/IS-IS
- BGP
Answer: D
A path vector protocol is a computer network routing protocol which maintains the path information that gets updated dynamically. Updates which have looped through the network and returned to the same node are easily detected and discarded. It is different from the distance vector routing and link state routing. Each entry in the routing table contains the destination network, the next router and the path to reach the destination. BGP is an example of a path vector protocol. In BGP the routing table maintains the autonomous systems that are traversed in order to reach the destination system.
- RIPv1 (legacy): IGP, distance vector, classful protocol
- IGRP (legacy): IGP, distance vector, classful protocol developed by Cisco
- RIPv2: IGP, distance vector, classless protocol
- EIGRP: IGP, distance vector, classless protocol developed by Cisco
- OSPF: IGP, link-state, classless protocol
- IS-IS: IGP, link-state, classless protocol
- BGP: EGP, path-vector, classless protocol
Answer: A
IP Security (IPSec) is a suite of protocols for communicating securely with IP by providing mechanisms for authenticating and encryption. Standard IPSec authenticates only hosts with each other.
- A Security Event Management (SEM) service performs the following function:
- Gathers firewall logs for archiving
- Aggregates logs from security devices and application servers looking for suspicious activity
- Reviews access controls logs on servers and physical entry points to match user system authorization with physical access permissions
- Coordination software for security conferences and seminars.
Answer: B
SEM/SEIM systems have to understand a wide variety of different applications and network element (routers/switches) logs and formats; consolidate these logs into a single database and then correlate events looking for clues to unauthorized behaviors that would be otherwise inconclusive if observed in a single log file.
- Which of the following is the principal weakness of DNS (Domain Name System)?
- Lack of authentication of servers, and thereby authenticity of records
- Its latency, which enables insertion of records between the time when a record has expired and when it is refreshed
- The fact that it is a simple, distributed, hierarchical database instead of a singular, relational one, thereby giving rise to the possibility of inconsistencies going undetected for a certain amount of time
- The fact that addresses in e-mail can be spoofed without checking their validity in DNS, caused by the fact that DNS addresses are not digitally signed
Answer: A
Authentication has been proposed but attempts to introduce stronger authentication into DNS have not found wider acceptance. Authentication services have been delegated upward to higher protocol layers. Applications in need of guaranteeing authenticity cannot rely on DNS to provide such but will have to implement a solution themselves
- Which of the following statements about open e-mail relays is incorrect?
- An open e-mail relay is a server that forwards e-mail from domains other than the ones it serves.
- Open e-mail relays are a principal tool for distribution of spam.
- Using a blacklist of open e-mail relays provides a secure way for an e-mail administrator to identify open mail relays and filter spam.
- An open e-mail relay is widely considered a sign of bad system administration.
Answer: C
Although using blacklists as one indicator in spam filtering has its merits, it is risky to use them as an exclusive indicator. Generally, they are run by private organizations and individuals according to their own rules, they are able to change their policies on a whim, they can vanish overnight for any reason, and they can rarely be held accountable for the way they operate their lists.
- A botnet can be characterized as
- A network used solely for internal communications
- An automatic security alerting tool for corporate networks
- A group of dispersed, compromised machines controlled remotely for illicit reasons.
- A type of virus
Answer: C
“Bots” and “botnets” are most insidious implementations of unauthorized, remote control of compromised systems. Such machines are essentially zombies controlled by ethereal entities from the dark places on the Internet.
- During a disaster recovery test, several billing representatives need to be temporarily setup to take payments from customers. It has been determined that this will need to occur over a wireless network, with security being enforced where possible. Which of the following configurations should be used in this scenario?
- WPA2, SSID enabled, and 802.11n.
- WEP, SSID enabled, and 802.11b.
- WEP, SSID disabled, and 802.11g.
- WPA2, SSID disabled, and 802.11a.
Answer: D
WPA2 is a security technology commonly used on Wi-Fi wireless networks. WPA2 (Wi-Fi Protected Access 2) replaced the original WPA technology on all certified Wi-Fi hardware since 2006 and is based on the IEEE 802.11i technology standard for data encryption. WPA was used to replace WEP, which is not considered a secure protocol for wireless systems due to numerous issues with its implementation. Disabling the SSID will further enhance the security of the solution, as it requires the user that wants to connect to the WAP to have the exact SSID, as opposed to selecting it from a list.
Answer: A
High-Data-Rate Digital Subscriber Line. One of four DSL technologies. HDSL delivers 1.544 Mbps of bandwidth each way over two copper twisted pairs. Because HDSL provides T1 speed, telephone companies have been using HDSL to provision local access to T1 services whenever possible. The operating range of HDSL is limited to 12,000 feet (3658.5 meters), so signal repeaters are installed to extend the service. HDSL requires two twisted pairs, so it is deployed primarily for PBX network connections, digital loop carrier systems, interexchange POPs, Internet servers, and private data networks.
- A new installation requires a network in a heavy manufacturing area with substantial amounts of electromagnetic radiation and power fluctuations. Which media is best suited for this environment if little traffic degradation is tolerated?
- Coax cable
- Wireless
- Shielded twisted pair
- Fiber
Answer: D
Since fiber relies on light, electromagnetic and source power-based distortions do not affect it. Coax, wireless and shielded twisted pair rely and electromagnetic principles to operate and are therefore susceptible to electromagnetic interference.
- Multi-layer protocols such as Modbus used in industrial control systems
- often have their own encryption and security like IPv6
- are used in modern routers as a routing interface control
- Are often insecure by their very nature as they were not designed to natively operate over today’s IP networks
- Have largely been retired and replaced with newer protocols such as IPv6 and NetBIOS
Answer: C
Industrial control systems and their multi-layer protocols are largely insecure due to the original designs used to implement them. Given the life expectancy of the control systems, many are in use with inherently insecure designs, protocols and configurations.
Answer: C
Packet-Switched Technologies include:
- X.25
- Link Access Procedure-Balanced (LAPB)
- Frame Relay
- Switched Multimegabit Data Service (SMDS)
- Asynchronous Transfer Mode (ATM)
- Voice over IP (VoIP)