Читаем CISSP Practice полностью

180. c. The Internet Control Message Protocol (ICMP) does not have ports and most ICMP messages are not intended to elicit a response. ICMP has message types, which indicate the purpose of each ICMP message. Some message types also have message codes, which can be thought of as subtypes.

181. Most hardware/software guard implementations use which of the following approaches?

a. Private network

b. Dual network

c. Public network

d. Backbone network

181. b. Most hardware/software guard implementations use a dual network approach, which physically separates the private and public sides from each other. A backbone network is a central network to which other networks connect.

Hardware and/or software guards enable users to exchange data between private and public networks, which is normally prohibited because of information confidentiality. A combination of hardware and/or software guards is used to allow secure local-area network (LAN) connectivity between enclave boundaries operating at different security classification levels (i.e., one private and the other public).

182. For active attacks on hardware/software guards, which of the following are countermeasures against manipulation of data on the private network?

1. Encryption algorithms

2. Key management processes

3. Cryptographic authentication

4. Data-separation methods

a. 1 and 2

b. 1 and 3

c. 3 and 4

d. 1, 2, 3, and 4

182. c. The appropriate countermeasure against manipulation of data on the private network is to permit only authorized users to access the data, through file transfers, on the private network using cryptographic authentication and data separation techniques. Encryption algorithms and key management processes are countermeasures against active attacks such as decrypting weakly encrypted traffic.

183. Which of the following is not an attack targeted at the Transmission Control Protocol (TCP) and Internet Protocol (IP)?

a. Session hijacking

b. Invalidated input

c. Ping of death

d. SYN flood

183. b. Invalidated input is an attack targeted at the application layer of the TCP/IP suite. Weaknesses in TCP and IP enable attacks, such as session hijacking, ping of death, synchronization (SYN) floods, and address impersonation. TCP operates at the transport layer whereas IP operates at the network layer of the TCP/IP suite.

184. For active attacks on hardware/software guards, which of the following are countermeasures against modification of data in transit?

1. Timestamps

2. Sequence numbers

3. Digital signatures

4. Keyed hash integrity checks

a. 1 and 2

b. 1 and 3

c. 3 and 4

d. 1, 2, 3, and 4

184. c. Countermeasures against modification of data in transit include the use of digital signatures or keyed hash integrity checks to detect unauthorized modification to the data in transit. E-mail, real-time messaging, and file transfers are all susceptible to interception and modification while in transit. Timestamps and sequence numbers are examples of countermeasures against active attacks such as the insertion of data or reinsertion of previous messages.

185. Most attacks are targeted at which of the following Transmission Control Protocol/Internet Protocol (TCP/IP) layers?

a. Application layer

b. Transport layer

c. Network layer

d. Data link layer

185. a. In most cases, the application layer contains the actual activity of interest—most attacks are against vulnerabilities in applications, and nearly all misuse involves misuse of applications. The transport layer, the network layer, and the data link layer have fewer attacks compared to the application layer.

Hypertext transfer protocol (HTTP) is a function of the application layer, along with DNS, SMTP, FTP, and SNMP. This layer sends and receives data for particular applications. The transport layer provides connection-oriented or connectionless services for transporting application layer services between networks. The network layer routes packets across networks. The data link layer handles communications on the physical network components.

186. Which of the following statements about media access control/medium access control (MAC) address are true?

1. Each frame contains two MAC addresses.

2. Each frame contains either IP or ARP.