CISSP Practice полностью

237. b. A firewall is an example of logical access control whereas fences provide a physical security and perimeter access control. When these two controls are combined, they provide a total boundary control. By limiting access to host systems and services, firewalls provide a necessary line of perimeter defense against attacks, thus providing logical security boundary control. Similarly, perimeter fences provide a physical security boundary control for a facility or building.

A patch is a modification to software that fixes an error in an operational application system on a computer. Generally, the software vendor supplies the patch. A probe is a device programmed to gather information about a system or its users. Tags and labels are used in access controls. Encryption and smart cards are used in user identification and authentication mechanisms.

238. Which of the following cannot prevent login spoofing?

a. Providing a secure channel between the user and the system

b. Installing hardware-reset button for passwords

c. Implementing cryptographic authentication techniques

d. Installing input overflow checks

238. d. Input overflow checks ensure that input is not lost during data entry or processing and are good against input overflow attacks. These attacks can be avoided by proper program design. Providing a secure channel between the user and the system can defend login spoofing. A hardware-reset button on a personal computer can be effective in removing password-based spoofing attacks. Cryptographic authentication techniques can increase security but only for complex systems.

239. Which of the following can prevent both session hijacking and eavesdropping attacks?

a. SET

b. PPP

c. FTP

d. SSL

239. d. The secure sockets layer (SSL) protocol is the technology used in most Web-based applications. When both the Web client and the Web server are authenticated with SSL, the entire session is encrypted providing protection against session hijacking and eavesdropping attacks.

The other three choices are incorrect because SET is a secure electronic transaction protocol, PPP is a point-to-point protocol, and FTP is a file transfer protocol, and as such they cannot prevent session hijacking and eavesdropping attacks.

240. Which of the following provides a security service in authenticating a remote network access?

a. Remote access server

b. Windows NT server

c. An exchange server

d. A DNS server

240. a. The remote access server (RAS) provides the following services: When a remote user dials in through a modem connection, the server hangs up and calls the remote user back at the known phone number. The other three servers mentioned do not have this kind of dial-in and callback dual control mechanism.

241. Which one of the following firewalls is simple, inexpensive, and quick to implement?

a. Static packet filter firewall

b. Dynamic packet filter firewall

c. Application gateway firewall

d. Stateful inspection gateway firewall

241. a. A static packet filtering firewall is the simplest and least expensive way to stop messages with inappropriate network addresses. It does not take much time to implement when compared to other types of firewalls.

242. Which of the following can prevent e-mail spoofing?

a. Pretty good privacy

b. Point-to-point protocol

c. Microcom networking protocol

d. Password authentication protocol

242. a. Pretty good privacy (PGP) is a cryptographic software application for the protection of computer files and e-mail. PGP provides a good authentication mechanism, confidentiality protection, and nonrepudiation protection.

Point-to-point protocol (PPP) connects two TCP/IP devices over a standard serial line, such as a common telephone link. Microcom networking protocol (MNP) defines various levels of error correction and compression for modems. Password authentication protocol (PAP) is a handshaking protocol.

243. Security problems associated with network device passwords, network devices (e.g., routers and switches), and managing access points (APs) configuration in a legacy wireless local-area network (WLAN) environment require which of the following security controls to solve all these security problems?

a. Switch Telnet to SSH

b. Switch HTTP to HTTPS

c. Switch SNMP to SNMPv3

d. Switch FTP to SFTP