Examen:

CISSP - (ISC)2 Certified Information Systems Security Professional - Chapter 12

Among the many aspects of a security solution, the most important is whether it addresses a specific need (i.e., a threat) for your assets. But there are many other aspects of security you should consider as well. A significant benefit of a security control is when it goes unnoticed by users.

1.-What is this called?
A. Invisibility
B. Transparency
C. Diversion
D. Hiding in plain sight

Extensible Authentication Protocol (EAP) is one of the three authentication options provided by Point-to-Point Protocol (PPP). EAP allows customized authentication security solutions.

(Choose all that apply.)
2.-Which of the following are examples of actual EAP methods?
A. LEAP
B. EAP-VPN
C. PEAP
D. EAP-SIM
E. EAP-FAST
F. EAP-MBL
G. EAP-MD5
H. VEAP
I. EAP-POTP
J. EAP-TLS
K. EAP-TTLS

3.-In addition to maintaining an updated system and controlling physical access, which of the following is the most effective countermeasure against PBX fraud and abuse?
A. Encrypting communications
B. Changing default passwords
C. Using transmission logs
D. Taping and archiving all conversations

A phreaker has been apprehended who had been exploiting the technology deployed in your office building. Several handcrafted tools and electronics were taken in as evidence that the phreaker had in their possession when they were arrested.

4.-What was this adversary likely focusing on with their attempts to compromise the organization?
A. Accounting
B. NAT
C. PBX
D. Wi-Fi

Multimedia collaboration is the use of various multimedia-supporting communication solutions to enhance distance collaboration (people working on a project together remotely). Often, collaboration allows workers to work simultaneously as well as across different time frames.

(Choose all that apply.)
5.-Which of the following are important security mechanisms to impose on multimedia collaboration tools?
A. Encryption of communications
B. Multifactor authentication
C. Customization of avatars and filters
D. Logging of events and activities

Michael is configuring a new web server to offer instruction manuals and specification sheets to customers. The web server has been positioned in the screened subnet and assigned an IP address of 172.31.201.17, and the public side of the company’s split-DNS has associated the documents.myexamplecompany.com domain name with the assigned IP. After verifying that the website is accessible from his management station (which accesses the screened subnet via a jumpbox) as well as from several worker desktop systems, he declares the project completed and heads home. A few hours later, Michael thinks of a few additional modifications to perform to improve site navigation. However, when he attempts to connect to the new website using the FQDN, he receives a connection error stating that the site cannot be reached.

6.-What is the reason for this issue?
A. The jumpbox was not rebooted.
B. Split-DNS does not support internet domain name resolution.
C. The browser is not compatible with the site’s coding.
D. A private IP address from RFC 1918 is assigned to the web server.

Mark is configuring the remote access server to receive inbound connections from remote workers. He is following a configuration checklist to ensure that the telecommuting links are compliant with company security policy.

7.-What authentication protocol offers no encryption or protection for logon credentials?
A. PAP
B. CHAP
C. EAP
D. RADIUS

Some standalone automated data-gathering tools use search engines in their operation. They are able to accomplish this by automatically interacting with the human-interface web portal interface.

8.-What enables this capability?
A. Remote control
B. Virtual desktops
C. Remote node operation
D. Screen scraping

While evaluating network traffic, you discover several addresses that you are not familiar with. Several of the addresses are in the range of addresses assigned to internal network segments.

(Choose all that apply.)
9.-Which of the following IP addresses are private IPv4 addresses as defined by RFC 1918?
A. 10.0.0.18
B. 169.254.1:.119
C. 172.31.8.204
D. 192.168.6.43

The CISO has requested a report on the potential communication partners throughout the company. There is a plan to implement VPNs between all network segments in order to improve security against eavesdropping and data manipulation.

10.-Which of the following cannot be linked over a VPN?
A. Two distant internet-connected LANs
B. Two systems on the same LAN
C. A system connected to the internet and a LAN connected to the internet
D. Two systems without an intermediary network connection

11.-What networking device can be used to create digital virtual network segments that can be altered as needed by adjusting the settings internal to the device?
A. Router
B. Switch
C. Proxy
D. Firewall

The CISO is concerned that the use of subnets as the only form of network segments is limiting growth and flexibility of the network. They are considering the implementation of switches to support VLANs but aren’t sure VLANs are the best option.

12.-Which of the following is not a benefit of VLANs?
A. Traffic isolation
B. Data/traffic encryption
C. Traffic management
D. Reduced vulnerability to sniffers

The CISO has tasked you to design and implement an IT port security strategy. While researching the options, you realize there are several potential concepts that are labeled as port security. You prepare a report to present options to the CISO.

(Choose all that apply.)
13.-Which of the following are port security concepts you should include on this report?
A. Shipping container storage
B. NAC
C. Transport layer
D. RJ-45 jacks

14.-______________ is the oversight and management of the efficiency and performance of network communications. Items to measure include throughput rate, bit rate, packet loss, latency, jitter, transmission delay, and availability.
A. VPN
B. QoS
C. SDN
D. Sniffing

You are configuring a VPN to provide secure communications between systems. You want to minimize the information left in plaintext by the encryption mechanism of the chosen solution.

15.-Which IPsec mode provides for encryption of complete packets, including header information?
A. Transport
B. Encapsulating Security Payload
C. Authentication Header
D. Tunnel

Internet Protocol Security (IPsec) is a standard of IP security extensions used as an add-on for IPv4 and integrated into IPv6.

16.-What IPsec component provides assurances of message integrity and nonrepudiation?
A. Authentication Header
B. Encapsulating Security Payload
C. IP Payload Compression protocol
D. Internet Key Exchange

17.-When you’re designing a security system for internet-delivered email, which of the following is least important?
A. Nonrepudiation
B. Data remanent destruction
C. Message integrity
D. Access restriction

You have been tasked with crafting the organization’s email retention policy.

18.-Which of the following is typically not an element that must be discussed with end users in regard to email retention policies?
A. Privacy
B. Auditor review
C. Length of retainer
D. Backup method

Modern networks are built on multilayer protocols, such as TCP/IP. This provides for flexibility and resiliency in complex network structures.

19.-All of the following are implications of multilayer protocols except which one?
A. VLAN hopping
B. Multiple encapsulation
C. Filter evasion using tunneling
D. Static IP addressing

20.-Which of the following is a type of connection that can be described as a logical circuit that always exists and is waiting for the customer to send data?
A. SDN
B. PVC
C. VPN
D. SVC