Читаем CISSP Practice полностью

Session layer is incorrect because it does not provide any security-related services. It establishes, manages, and terminates connections between applications and provides checkpoint recovery services. It helps users interact with the system and other users.

The physical layer is incorrect because it provides confidentiality service only. The physical layer provides for the transmission of unstructured bit streams over the communications channel. It is the innermost software that handles the electrical interface between a terminal and a modem.

338. Which of the following ISO/OSI layers provide nonrepudiation services?

a. Presentation layer

b. Application layer

c. Transport layer

d. Data link layer

338. b. The application layer provides nonrepudiation services, meaning that entities involved in a communication cannot deny having participated. It is a technique that assures genuine communication and that cannot subsequently be refuted.

The presentation layer is incorrect because it provides authentication and confidentiality services but not nonrepudiation. The presentation layer defines and transforms the format of data to make it useful to the receiving application. It provides a common means of representing a data structure in transit from one end system to another.

The transport layer is incorrect because it provides confidentiality, authentication, data integrity, and access control services but not nonrepudiation. It ensures an error-free, in-sequence exchange of data between end points. It is responsible for transmitting a message between one network user and another.

The data link layer is incorrect because it provides confidentiality service but not nonrepudiation. The data link layer provides a reliable transfer of data across physical links, an error flow control, a link-level encryption and decryption, and synchronization. It handles the physical transmission of frames over a single data link.

Scenario-Based Questions, Answers, and Explanations

Use the following information to answer questions 1 through 7.

The RKG Company is reviewing its virtual private network (VPN) strategy. Its current vendor has a proprietary encryption protocol in place based on the Data Encryption Standard (DES). The one main office has a 1.5Mb connection to the Internet. It has 200 remote users on a variety of operating systems platforms. The primary uses for the remote users are order entry, timesheet reporting, and online meetings. The company has 1,000 clients that connect to the intranet for a custom order entry solution. Clients use the HTTPS protocol and a fixed password per account. They are willing to replace the current solution if a cost-effective alternative is available. The RKG priorities are security of remote connections and client connectivity.

1. Which of the following is used to implement end-to-end VPNs?

a. PPP

b. SSH

c. PPTP

d. SKIP

1. c. In the past, protocols such as PPP, SSH, and SKIP were used in a VPN. Later, point-to-point tunneling protocol (PPTP) became popular due to its hiding capabilities and is useful to implement end-to-end secure VPNs.

2. Which of the following supersedes the point-to-point tunneling protocols (PPTP) used in VPNs?

a. L2TP

b. L2F

c. IPsec

d. PPP

2. c. Internet protocol security (IPsec) supersedes PPTP. IPsec is a suite of authentication and encryption protocols that create VPNs so that data can be securely sent between the two end stations or networks. L2TP is Layer 2 tunneling protocol, L2F is Layer 2 forwarding, and PPP is point-to-point protocol. L2TP supersedes L2F.

3. Which of the following is used for high-speed remote access with VPNs?

a. Calling cards with ISDN

b. Cable modems with ADSL

c. Modem pools with ADSL

d. Toll-free lines with ISDN

3. b. Modem pools, calling cards, and toll-free arrangements can be an expensive alternative to cable modems and an asynchronous digital subscriber line (ADSL). An ISDN line is limited to 128 bits and is slow. Cable modems and ADSL technologies take advantage of the Internet and IPsec functioning at the network layer. These technologies provide high-speed remote access.

4. The Internet Protocol security (IPsec) is usually implemented in which of the following?

a. Bridge

b. Gateway

c. Firewall

d. Backbone