Examen:

CISSP - (ISC)2 Certified Information Systems Security Professional - Chapter 11

Dorothy is using a network sniffer to evaluate network connections. She focuses on the initialization of a TCP session.

1.-What is the first phase of the TCP three-way hand shake sequence?
A. SYN flagged packet
B. ACK flagged packet
C. FIN flagged packet
D. SYN/ACK flagged packet

UDP is a connectionless protocol that operates at the Transport layer of the OSI model and uses ports to manage simultaneous connections.

2.-Which of the following terms is also related to UDP?
A. Bits
B. Logical addressing
C. Data reformatting
D. Simplex

(Choose all that apply.)
3.-Which of the following is a means for IPv6 and IPv4 to be able to coexist on the same net work?
A. Dual stack
B. Tunneling
C. IPsec
D. NAT-PT
E. IP sideloading

Security configuration guidelines issued by your CISO require that all HTTP communications be secure when communicating with internal web services.

(Choose all that apply.)
4.-Which of the following is true in regards to using TLS?
A. Allows for use of TCP port 443
B. Prevents tampering, spoofing, and eavesdropping
C. Requires two-way authentication
D. Is backward compatible with SSL sessions
E. Can be used as a VPN solution

Your network supports TCP/IP. TCP/IP is a multilayer protocol. It is primarily based on IPv4, but the organization is planning on deploying IPv6 within the next year.

5.-What is both a benefit and a potentially harmful implication of multilayer protocols?
A. Throughput
B. Encapsulation
C. Hash integrity checking
D. Logical addressing

A new VoIP system is being deployed at a government contractor organization. They require high availability of five nines of uptime for the voice communication system. They are also concerned about introducing new vulnerabilities into their existing data network structure. The IT infrastructure is based on fiber optics and supports over 1 Gbps to each device; the network often reaches near full saturation on a regular basis.

6.-What option will provide the best outcome of performance, availability, and security for the VoIP service?
A. Create a new VLAN on the existing IT network for the VoIP service.
B. Replace the current switches with routers and increase the interface speed to 1,000 Mbps.
C. Implement a new, separate network for the VoIP system.
D. Deploy flood guard protections on the IT network.

Microsegmentation is dividing up an internal network in numerous subzones, potentially as small as a single device, such as a high-value server or even a client or endpoint device.

(Choose all that apply.)
7.-Which of the following is true in regard to microsegmentation?
A. It is the assignment of the cores of a CPU to perform different tasks.
B. It can be implemented using ISFWs.
C. Transactions between zones are filtered.
D. It supports edge and fog computing management.
E. It can be implemented with virtual systems and virtual networks.

A new startup company is designing a sensor that needs to connect wirelessly to a PC or IoT hub in order to transmit its gathered data to a local application or cloud service for data analysis. The company wants to ensure that all transferred data from the device cannot be disclosed to unauthorized entities. The device is also intended to be located within 1 meter of the PC or IoT hub it communicates with.

8.-Which of the following concepts is the best choice for this device?
A. Zigbee
B. Bluetooth
C. FCoE
D. 5G

James has been hired to be a traveling repair technician. He will be visiting customers all over the country in order to provide support services. He has been issued a portable workstation with 4G and 5G data service.

(Choose all that apply.)
9.-What are some concerns when using this capability?
A. Eavesdropping
B. Rogue towers
C. Data speed limitations
D. Reliability of establishing a connection
E. Compatibility with cloud services
F. Unable to perform duplex communications

A new startup company needs to optimize delivery of high-definition media content to its customers. They are planning the deployment of resource service hosts in numerous data centers across the world in order to provide low latency, high performance, and high availability of the hosted content.

10.-What technology is likely being implemented?
A. VPN
B. CDN
C. SDN
D. CCMP

11.-Which of the following is a true statement about ARP poisoning or MAC spoofing?
A. MAC spoofing is used to overload the memory of a switch.
B. ARP poisoning is used to falsify the physical address of a system to impersonate that of another authorized device.
C. MAC spoofing relies on ICMP communications to traverse routers.
D. ARP poisoning can use unsolicited or gratuitous replies.

An organization stores group project data files on a central SAN. Many projects have numerous files in common but are organized into separate project containers. A member of the incident response team is attempting to recover files from the SAN after a malware infection. However, many files are unable to be recovered.

12.-What is the most likely cause of this issue?
A. Using Fibre Channel
B. Performing real-time backups
C. Using file encryption
D. Deduplication

Jim was tricked into clicking on a malicious link contained in a spam email message. This caused malware to be installed on his system. The malware initiated a MAC flooding attack. Soon, Jim’s system and everyone else’s in the same local network began to receive all transmissions from all other members of the network as well as communications from other parts of the next-to-local members.

13.-The malware took advantage of what condition in the network?
A. Social engineering
B. Network segmentation
C. ARP queries
D. Weak switch configuration

14.-A ______________ is an intelligent hub because it knows the hardware addresses of the systems connected on each outbound port. Instead of repeating traffic on every outbound port, it repeats traffic only out of the port on which the destination is known to exist.
A. Repeater
B. Switch
C. Bridge
D. Router

15.-What type of security zone can be positioned so that it operates as a buffer between the secured private network and the internet and can host publicly accessible services?
A. Honeypot
B. Screened subnet
C. Extranet
D. Intranet

An organization wants to use a wireless network internally, but they do not want any possibility of external access or detection.

16.-What security tool should be used?
A. Air gap
B. Faraday cage
C. Biometric authentication
D. Screen filters

Neo is the security manager for the southern division of the company. He thinks that deploying a NAC will assist in improving network security. However, he needs to convince the CISO of this at a presentation next week.

(Choose all that apply.)
17.-Which of the following are goals of NAC that Neo should highlight?
A. Reduce social engineering threats
B. Detect rogue devices
C. Map internal private addresses to external public addresses
D. Distribute IP address configurations
E. Reduce zero-day attacks
F. Confirm compliance with updates and security settings

The CISO wants to improve the organization’s ability to manage and prevent malware infections. Some of her goals are to (1) detect, record, evaluate, and respond to suspicious activities and events, which may be caused by problematic software or by valid and invalid users, (2) collect event information and report it to a central ML analysis engine, and (3) detect abuses that are potentially more advanced than what can be detected by traditional antivirus or HIDSs. The solution needs to be able to reduce response and remediation time, reduce false positives, and manage multiple threats simultaneously.

18.-What solution is the CISO wanting to implement?
A. EDR
B. NGFW
C. WAF
D. XSRF

19.-A(n) _________________ firewall is able to make access control decisions based on the content of communications as well as the parameters of the associated protocol and software.
A. Application-level
B. Stateful inspection
C. Circuit-level
D. Static packet filtering

(Choose all that apply.)
20.-Which of the following is true regarding appliance firewalls?
A. They are able to log traffic information.
B. They are able to block new phishing scams.
C. They are able to issue alarms based on suspected attacks.
D. They are unable to prevent internal attacks.