Читаем CISSP Practice полностью

In a session hijacking attack, the attack is designed to achieve more than simply bringing down a session between BGP peers. The objective is to change routes used by the peer, to facilitate eavesdropping, blackholing, or traffic analysis. Examples of countermeasures against session hijacking attacks include using strong sequence number randomization, IPsec authentication, and TTL hack.

253. Which of the following is not one of the actions taken by a firewall on a packet?

a. Accept

b. Deny

c. Discard

d. Destroy

253. d. The firewall examines a packet’s source and destination addresses and ports, and determines what protocol is in use. From there, it starts at the top of the rule base and works down through the rules until it finds a rule that permits or denies the packet. It takes one of the three actions: (i) The firewall passes the packet through the firewall as requested (accept), (ii) the firewall drops the packets, without passing it through the firewall (deny) or (iii) the firewall not only drops the packet, but it does not return an error message to the source system (discard). Destroy is not one of the actions taken by a firewall.

254. Network address translation (NAT) protocol operates at what layer of the ISO/OSI reference model?

a. Presentation Layer 6

b. Network Layer 3

c. Transport Layer 4

d. Session Layer 5

254. b. The network address translation (NAT) protocol operates at the Layer 3 (network) of the ISO/OSI reference model.

255. All the following are countermeasures against software distribution attacks on software guards except:

a. Conducting third-party testing and evaluations

b. Complying with Common Criteria Guidelines

c. Reviewing audit logs

d. Implementing high-assurance configuration controls

255. c. Distribution attacks can occur anytime during the transfer of a guard’s software or hardware. The software or hardware could be modified during development or before production. The software is also susceptible to malicious modification during production or distribution.

Audit log is a countermeasure against insider attacks on hardware/software guards such as modification of data by insiders. Audit logs need to be generated and diligent reviews must be conducted in a timely manner.

Countermeasures protecting the software guards include implementing strong software development processes, performing continuous risk management, conducting third-party testing and evaluation of software, following trusted product evaluation program and Common Criteria guidelines, high-assurance configuration control, cryptographic signatures over tested software products, use of tamper detection technologies during packaging, use of authorized couriers and approved carriers, and use of blind-buy techniques.

256. Which of the following is not used to accomplish network address translation (NAT)?

a. Static network address translation

b. Hiding network address translation

c. Dynamic network address translation

d. Port address translation

256. c. Network address translation (NAT) is accomplished in three schemes: (i) In a static network address translation, each internal system on the private network has a corresponding external, routable IP address associated with it. (ii) With hiding network address translation, all systems behind a firewall share the same external, routable IP address. (iii) In a port address translation (PAT) schema, the implementation is similar to hiding network address translation, with two primary differences. First, port address translation is not required to use the IP address of the external firewall interface for all network traffic. Second, with port address translation, it is possible to place resources behind a firewall system and still make them selectively accessible to external users.

257. Which of the following ensures that all Web network traffic dealing with a firewall system is secured from an administration viewpoint?

a. DES

b. SSL

c. HTTP

d. SSH

257. b. There should be a policy stating that all firewall management functions take place over secure links. For Web-based interfaces, the security should be implemented through secure sockets layer (SSL) encryption, along with a user ID and password. If neither internal encryption nor SSL are available, tunneling solutions such as the Secure Shell (SSH) are usually appropriate. HTTP and DES are not appropriate here as they do not provide strong security.