Читаем CISSP Practice полностью

283. c. E-mail networks function as decentralized systems. Independent, unconnected systems at multiple locations are decentralized. An electronic message flows through the system, going from one machine to another. Eventually the message reaches the correct machine and is placed in the targeted person’s e-mail box. Because e-mail crosses many state and national boundaries and even continents, it is advised to review the principal sources of legal rights and obligations. These sources include the law of the country and employer policies and practices. Employee practices have no effect on the legal rights and obligations.

284. In the ISO/OSI reference model, which of the following relates to end system-level security?

a. Transport layer or network layer

b. Application layer or presentation layer

c. Session layer or transport layer

d. Data link layer or physical layer

284. a. The ISO/OSI standards give a choice where either a transport layer or network layer can be used to provide end system-level security. An assumption is made that the end systems are trusted and that all underlying communication networks are not trusted.

285. A primary firewall has been compromised. What is the correct sequence of action steps to be followed by a firewall administrator?

1. Deploy the secondary firewall.

2. Bring down the primary firewall.

3. Restore the primary firewall.

4. Reconfigure the primary firewall.

a. 1, 2, 3, and 4

b. 2, 3, 4, and 1

c. 2, 1, 4, and 3

d. 4, 1, 2, and 3

285. c. Internal computer systems should not be connected to the Internet without a firewall. There should be at least two firewalls in place: primary and secondary. First, the attacked (primary) firewall should be brought down to contain the damage (i.e., damage control), and the backup (secondary) firewall should be deployed immediately. After the primary firewall is reconfigured, it must be brought back or restored to an operational state.

You should not deploy the secondary firewall first until the primary firewall is completely brought down to contain the risk due to its compromised state and to reduce the further damage. The elapsed time between these two actions can be very small.

286. Which of the following functions of Internet Control Message Protocol (ICMP) of TCP/IP model is used to trick routers and hosts?

a. Detecting unreachable destinations

b. Redirecting messages

c. Checking remote hosts

d. Controlling traffic flow

286. b. Internet Control Message Protocol (ICMP) redirect messages can be used to trick routers and hosts acting as routers into using “false” routes; these false routes aid in directing traffic to an attacker’s system instead of a legitimate, trusted system.

287. Which of the following functions of the Internet Control Message Protocol (ICMP) of TCP/IP model cause a buffer overflow on the target machine?

a. Detecting unreachable destinations

b. Redirecting messages

c. Checking remote hosts

d. Controlling traffic flow

287. c. The ping command is used to send an Internet Control Message Protocol (ICMP) echo message for checking the status of a remote host. When large amounts of these messages are received from an intruder, they can cause a buffer overflow on the target host machine, resulting in a system reboot or total system crash. This is because the recipient host cannot handle the unexpected data and size in the packet, thereby possibly triggering a buffer overflow condition. The other three choices do not cause a buffer overflow on the target machine.

288. The basic causes of a majority of security-related problems in Web servers are due to which of the following?

a. Hardware design and protocols

b. Software design and configurations

c. Hardware specifications and testing

d. Software acquisition and implementation

288. b. A Web server is like a window to the world, and therefore it must be protected to provide a controlled network access to both authorized and unauthorized individuals. Web servers contain large and complex programs that can contain security weaknesses. These weaknesses are due to poor software design and configuration of the Web server. Hardware design and protocols provide better security than software design.