CISSP Practice полностью

b. Research the history of the IP address.

c. Seek the assistance of Internet service provider.

d. Look for clues in application content.

204. c. The Internet service provider’s (ISP’s) assistance is needed when traffic passes through several ISPs. ISPs generally require a court order before providing any information to an organization on suspicious network activity.

The other three choices are incorrect because they are examples of other possible ways of attempting to validate the identity of a suspicious host. A WHOIS query mechanism can identify the organization or person that owns a particular IP address. Multiple IP addresses generating suspicious activity could have been registered to the same owner. Analysts can look for previous suspicious activity associated with the same IP address or IP address block. Internet search engines and online incident databases can be useful. Application data packets related to an attack may contain clues to the attacker’s identity. Besides IP addresses, other valuable information could include an e-mail address or an Internet relay chat (IRC) nickname.

205. An information systems security analyst attempts to validate the identity of a suspicious host. Which of the following is not an acceptable approach?

a. Contact the IP address owner directly.

b. Contact management of his organization.

c. Contact legal advisors of his organization.

d. Seek Internet service provider assistance.

205. a. The information systems security analyst should not contact the owner directly. This is due primarily to concerns involving sharing information with external organizations; also, the owner of an Internet Protocol (IP) address could be the person attacking the organization.

The other three choices are incorrect because they are acceptable approaches. The analyst should provide information on the owner to the management and legal advisors for the analyst’s organization. Seeking the Internet service provider (ISP) assistance is generally only an option during the most serious external network-based attacks; particularly those that involve IP address spoofing. Some ISPs may have the ability to trace ongoing attacks back to their source, whether the IP addresses are spoofed.

206. For network data acquisition, which of the following is the major downside to the victim organization of a network attack?

a. ISPs requiring a court order

b. Preserves privacy of the ISPs

c. Slows down the investigative process

d. Reduces the liability of the ISPs

206. c. As privacy becomes a greater concern to organizations, many have become less willing to share information with each other, including network data. For example, most Internet service providers (ISPs) now require a court order before providing any information related to suspicious network activity that might have passed through their network infrastructures. Although this preserves privacy of the ISPs and reduces the burden and liability of the ISPs, it also slows down the investigative process. This is a major downside to the victim organization because it wants a speedy investigative process with a clear and quick resolution to the attack.

207. Some attackers use anonymizers to validate the Internet Protocol (IP) address, which are:

a. DHCP servers

b. Remote access servers

c. Directory servers

d. Intermediary servers

207. d. Some attackers use anonymizers to validate the Internet Protocol (IP) address, which are intermediary servers that perform activity on a user’s behalf to preserve the user’s privacy.

DHCP servers are incorrect because they typically can be configured to log each IP address assignment and the associated MAC address, along with a timestamp. Remote access servers (RAS) are incorrect because they are devices such as VPN gateway and modem servers that facilitate connections between networks. Directory servers are incorrect because they are used for external authentication services.

208. Commonly used protocols for audio and video communications include which of the following?

1. H.323 protocols

2. Session Initiation Protocol (SIP)

3. Internet relay chat (IRC) protocol

4. Wired Equivalent Privacy (WEP) protocol

a. 1 only

b. 2 only

c. 1 and 2

d. 3 and 4