CISSP Practice полностью

289. In electronic auctions, which of the following auction models has a minimal security mechanism that can lead to security breaches and fraud?

a. Business-to-business (B2B)

b. Government-to-business (G2B)

c. Consumer-to-consumer (C2C)

d. Consumer-to-business (C2B)

289. c. In the consumer-to-consumer (C2C) electronic auction model, consumers buy and sell goods with other consumers through auction sites. The C2C auction model has minimal security mechanism (i.e., no encryption and possibility of fraud in shipping defective products). The B2B, G2B, and C2B auction models are reasonably secure due to the use of private telephone lines (leased lines) and encryption.

290. Which of the following causes an increase in the attack surface of a public cloud computing environment?

a. Paging

b. Hypervisor

c. Checkpointing

d. Migration of virtual machines

290. b. The hypervisor or virtual machine monitor is an additional layer of software between an operating system and hardware platform used to operate multitenant virtual machines. Compared with a traditional nonvirtualized implementation, the addition of a hypervisor causes an increase in the attack surface.

Paging, checkpointing, and migration of virtual machines can leak sensitive data to persistent storage, subverting protection mechanisms in the hosted operating system intended to prevent such occurrences.

291. Mobile computing is where remote users’ access host computers for their computing needs. Remote access software controls the access to host computers. Which of the following technologies is behind the performance improvement to permit users to work offline on network tasks?

a. Agent-based technology

b. Windows-based technology

c. Hardware-based technology

d. Network-based technology

291. a. Agent-based technology can boost the performance of remote access software capability. It gives the users the ability to work offline on network tasks, such as e-mail, and complete the task when the network connection is made. Agent-based technology is software-driven. It can work with the Windows operating system.

292. From a security viewpoint, which of the following should be the goal for a virtual private network (VPN)?

a. Make only one exit point from a company’s network to the Internet.

b. Make only one entry point to a company’s network from the Internet.

c. Make only one destination point from a company’s network to the Internet.

d. Make only one transmission point from the Internet to a company’s network.

292. b. The goal for a virtual private network (VPN) should be to make it the only entry point to an organization’s network from the Internet. This requires blocking all the organization’s systems or making them inaccessible from the Internet unless outside users connect to the organization’s network via its VPN.

293. In border gateway protocol (BGP), which of the following is physically present?

a. Routing/forwarding table

b. Adj-Routing Information Base (RIB)-In table

c. Loc-RIB table

d. Adj-RIB-Out table

293. a. Only the routing/forwarding table is physically present, whereas, the tables mentioned in the other three choices are conceptually based tables, not physically present. However, system developers can decide whether to implement the routing information base (RIB) tables either in the physical form or in the conceptual form.

BGP is used in updating routing tables, which are essential in assuring the correct operation of networks, as it is a dynamic routing scheme. Routing information received from other BGP routers is accumulated in a routing table. These routes are then installed in the router’s forwarding table.

An eavesdropper could easily mount an attack by changing routing tables to redirect traffic through nodes that can be monitored. The attacker could thus monitor the contents or source and destination of the redirected traffic or modify it maliciously.

The adj-RIB-In table routes after learning from the inbound update messages from BGP peers. The loc-RIB table routes after selecting from the adj-RIB-In table. The adj-RIB-Out table routes to its peers that the BGP router will advertise based on its local policy.