SSCP : System Security Certified Practitioner (SSCP) : Part 16

SSCP : System Security Certified Practitioner (SSCP) : Part 16

1. What is the primary reason why some sites choose not to implement Trivial File Transfer Protocol (TFTP)?

   • It is too complex to manage user access restrictions under TFTP
   • Due to the inherent security risks
   • It does not offer high level encryption like FTP
   • It cannot support the Lightwight Directory Access Protocol (LDAP)

   Explanation:

   Some sites choose not to implement Trivial File Transfer Protocol (TFTP) due to the inherent security risks. TFTP is a UDP-based file transfer program that provides no security. There is no user authentication.

   Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 88.

2. Why is Network File System (NFS) used?

   • It enables two different types of file systems to interoperate.
   • It enables two different types of file systems to share Sun applications.
   • It enables two different types of file systems to use IP/IPX.
   • It enables two different types of file systems to emulate each other.
   Explanation:
   Network File System (NFS) is a TCP/IP client/server application developed by Sun that enables different types of file systems to interoperate regardless of operating system or network architecture.
   Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 88.

3. Asynchronous Communication transfers data by sending:

   • bits of data sequentially
   • bits of data sequentially in irregular timing patterns
   • bits of data in sync with a heartbeat or clock
   • bits of data simultaneously
   Explanation:

   Asynchronous Communication transfers data by sending bits of data in irregular timing patterns.

   In asynchronous transmission each character is transmitted separately, that is one character at a time. The character is preceded by a start bit, which tells the receiving end where the character coding begins, and is followed by a stop bit, which tells the receiver where the character coding ends. There will be intervals of ideal time on the channel shown as gaps. Thus there can be gaps between two adjacent characters in the asynchronous communication scheme. In this scheme, the bits within the character frame (including start, parity and stop bits) are sent at the baud rate.

   The START BIT and STOP BIT including gaps allow the receiving and sending computers to synchronise the data transmission. Asynchronous communication is used when slow speed peripherals communicate with the computer. The main disadvantage of asynchronous communication is slow speed transmission. Asynchronous communication however, does not require the complex and costly hardware equipments as is required for synchronous transmission.

   Asynchronous communication is transmission of data without the use of an external clock signal. Any timing required to recover data from the communication symbols is encoded within the symbols. The most significant aspect of asynchronous communications is variable bit rate, or that the transmitter and receiver clock generators do not have to be exactly synchronized.

   The asynchronous communication technique is a physical layer transmission technique which is most widely used for personal computers providing connectivity to printers, modems, fax machines, etc.

   An asynchronous link communicates data as a series of characters of fixed size and format. Each character is preceded by a start bit and followed by 1-2 stop bits.

   Parity is often added to provide some limited protection against errors occurring on the link.

   The use of independent transmit and receive clocks constrains transmission to relatively short characters (<8 bits) and moderate data rates (< 64 kbps, but typically lower).

   The asynchronous transmitter delimits each character by a start sequence and a stop sequence. The start bit (0), data (usually 8 bits plus parity) and stop bit(s) (1) are transmitted using a shift register clocked at the nominal data rate.

   When asynchronous transmission is used to support packet data links (e.g. IP), then special characters have to be used (“framing”) to indicate the start and end of each frame transmitted.

   One character (none as an escape character) is reserved to mark any occurrence of the special characters within the frame. In this way the receiver is able to identify which characters are part of the frame and which are part of the “framing”.

   Packet communication over asynchronous links is used by some users to get access to a network using a modem.

   Most Wide Area Networks use synchronous links and a more sophisticated link protocol
   Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 100.
   and
   http://en.wikipedia.org/wiki/Asynchronous_communication
   and
   http://www.erg.abdn.ac.uk/users/gorry/course/phy-pages/async.html
   and
   http://www.ligaturesoft.com/data_communications/async-data-transmission.html

4. Which of the following is a LAN transmission method?

   • Broadcast
   • Carrier-sense multiple access with collision detection (CSMA/CD)
   • Token ring
   • Fiber Distributed Data Interface (FDDI)
   Explanation:

   LAN transmission methods refer to the way packets are sent on the network and are either unicast, multicast or broadcast.

   CSMA/CD is a common LAN media access method.
   Token ring is a LAN Topology.
   LAN transmission protocols are the rules for communicating between computers on a LAN.
   Common LAN transmission protocols are: polling and token-passing.
   A LAN topology defines the manner in which the network devices are organized to facilitate communications.
   Common LAN topologies are: bus, ring, star or meshed.

   LAN transmission methods refer to the way packets are sent on the network and are either unicast, multicast or broadcast.
   LAN media access methods control the use of a network (physical and data link layers). They can be Ethernet, ARCnet, Token ring and FDDI.

   Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 103).

   HERE IS A NICE OVERVIEW FROM CISCO:
   LAN Transmission Methods

   LAN data transmissions fall into three classifications: unicast, multicast, and broadcast.
   In each type of transmission, a single packet is sent to one or more nodes.

   In a unicast transmission, a single packet is sent from the source to a destination on a network. First, the source node addresses the packet by using the address of the destination node. The package is then sent onto the network, and finally, the network passes the packet to its destination.

   A multicast transmission consists of a single data packet that is copied and sent to a specific subset of nodes on the network. First, the source node addresses the packet by using a multicast address. The packet is then sent into the network, which makes copies of the packet and sends a copy to each node that is part of the multicast address.

   A broadcast transmission consists of a single data packet that is copied and sent to all nodes on the network. In these types of transmissions, the source node addresses the packet by using the broadcast address. The packet is then sent on to the network, which makes copies of the packet and sends a copy to every node on the network.
   LAN Topologies
   LAN topologies define the manner in which network devices are organized. Four common LAN topologies exist: bus, ring, star, and tree. These topologies are logical architectures, but the actual devices need not be physically organized in these configurations. Logical bus and ring topologies, for example, are commonly organized physically as a star. A bus topology is a linear LAN architecture in which transmissions from network stations propagate the length of the medium and are received by all other stations. Of the three
   most widely used LAN implementations, Ethernet/IEEE 802.3 networks—including 100BaseT—implement a bus topology

   Sources:
   KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 104).
   http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/introlan.htm

5. Which of the following LAN topologies offers the highest availability?

   • Bus topology
   • Tree topology
   • Full mesh topology
   • Partial mesh topology
   Explanation:
   In a full mesh topology, all network nodes are individually connected with each other, providing the highest availability. A partial mesh topology can sometimes be used to offer some redundancy.
   Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 106).

6. How would an IP spoofing attack be best classified?

   • Session hijacking attack
   • Passive attack
   • Fragmentation attack
   • Sniffing attack
   Explanation:
   IP spoofing is used to convince a system that it is communicating with a known entity that gives an intruder access. IP spoofing attacks is a common session hijacking attack.
   Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 77).

7. What is defined as the rules for communicating between computers on a Local Area Network (LAN)?

   • LAN Media Access methods
   • LAN topologies
   • LAN transmission methods
   • Contention Access Control
   Explanation:

   Media contention occurs when two or more network devices have data to send at the same time. Because multiple devices cannot talk on the network simultaneously, some type of method must be used to allow one device access to the network media at a time.

   This is done in two main ways: carrier sense multiple access collision detect (CSMA/CD) and token passing.

   In networks using CSMA/CD technology such as Ethernet, network devices contend for the network media. When a device has data to send, it first listens to see if any other device is currently using the network. If not, it starts sending its data. After finishing its transmission, it listens again to see if a collision occurred. A collision occurs when two devices send data simultaneously. When a collision happens, each device waits a random length of time before resending its data. In most cases, a collision will not occur again between the two devices. Because of this type of network contention, the busier a network becomes, the more collisions occur. This is why performance of Ethernet degrades rapidly as the number of devices on a single network increases.

   In token-passing networks such as Token Ring and FDDI, a special network frame called a token is passed around the network from device to device. When a device has data to send, it must wait until it has the token and then sends its data. When the data transmission is complete, the token is released so that other devices may use the network media. The main advantage of token-passing networks is that they are deterministic. In other words, it is easy to calculate the maximum time that will pass before a device has the opportunity to send data. This explains the popularity of token-passing networks in some real-time environments such as factories, where machinery must be capable of communicating at a determinable interval.

   For CSMA/CD networks, switches segment the network into multiple collision domains. This reduces the number of devices per network segment that must contend for the media. By creating smaller collision domains, the performance of a network can be increased significantly without requiring addressing changes.

   The following are incorrect answers:
   LAN topologies: Think of a topology as a network’s virtual shape or structure. This shape does not necessarily correspond to the actual physical layout of the devices on the network. For example, the computers on a home LAN may be arranged in a circle in a family room, but it would be highly unlikely to find a ring topology there. Common topologies are: bus, ring, star or meshed. See THIS LINK for more information.

   LAN transmission methods: refer to the way packets are sent on the network and are either unicast, multicast or broadcast. See THIS LINK for more information.

   Contention Access Control: This is a bogus detractor.
   Contention is a real term but Contention Access Control is just made up. Contention methods is very closely related to Media Access Control methods. In communication networks, contention is a media access method that is used to share a broadcast medium. In contention, any computer in the network can transmit data at any time (first come-first served). This system breaks down when two computers attempt to transmit at the same time. This is a case of collision. To avoid collision, carrier sensing mechanism is used. Here each computer listens to the network before attempting to transmit. If the network is busy, it waits until network quiets down. In carrier detection, computers continue to listen to the network as they transmit. If computer detects another signal that interferes with the signal it is sending, it stops transmitting. Both computers then wait for random amount of time and attempt to transmit. Contention methods are most popular media access control method on LANs.

   Reference(s) used for this question:
   http://docwiki.cisco.com/wiki/Introduction_to_LAN_Protocols#LAN_Media-Access_Methods
   http://en.wikipedia.org/wiki/Contention_%28telecommunications%29

8. Which of the following standards is concerned with message handling?

   • X.400
   • X.500
   • X.509
   • X.800
   Explanation:
   X.400 is used in e-mail as a message handling protocol. X.500 is used in directory services. X.509 is used in digital certificates and X.800 is used a network security standard.
   Reference: http://www.alvestrand.no/x400/.

9. Which of the following IEEE standards defines the token ring media access method?

   • 802.3
   • 802.11
   • 802.5
   • 802.2
   Explanation:
   The IEEE 802.5 standard defines the token ring media access method. 802.3 refers to Ethernet’s CSMA/CD, 802.11 refers to wireless communications and 802.2 refers to the logical link control.
   Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 109).

10. What is also known as 10Base5?

    • Thinnet
    • Thicknet
    • ARCnet
    • UTP
    Explanation:
    Thicknet is a coaxial cable with segments of up to 500 meters, also known as 10Base5. Thinnet is a coaxial cable with segments of up to 185 meters. Unshielded twisted pair (UTP) has three variations: 10 Mbps (10BaseT), 100 Mbps (100BaseT) or 1 Gbps (1000BaseT). ARCnet is a LAN media access method.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 108).

11. Which of the following is an example of a connectionless communication protocol?

    • UDP
    • X.25
    • Packet switching
    • TCP
    Explanation:

    UDP is an example of connectionless communication protocol, wherein no connection needs to be established before data can be exchanged.

    In telecommunications, connectionless describes communication between two network end points in which a message can be sent from one end point to another without prior arrangement. The device at one end of the communication transmits data addressed to the other, without first ensuring that the recipient is available and ready to receive the data. Some protocols allow for error correction by requested retransmission. Internet Protocol (IP) and User Datagram Protocol (UDP) are connectionless protocols.

    Connectionless protocols are also described as stateless because the endpoints have no protocol-defined way to remember where they are in a “conversation” of message exchanges.
    List of connectionless protocols

    Hypertext Transfer Protocol
    IP
    UDP
    ICMP
    IPX
    TIPC
    NetBEUI

    References:
    KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 86).
    and
    https://secure.wikimedia.org/wikipedia/en/wiki/Connectionless_protocol

12. What is defined as the manner in which the network devices are organized to facilitate communications?

    • LAN transmission methods
    • LAN topologies
    • LAN transmission protocols
    • LAN media access methods
    Explanation:

    A network topology defines the manner in which the network devices are organized to facilitate communications. Common LAN technologies are:

    bus
    ring
    star
    meshed

    LAN transmission methods refer to the way packets are sent on the network and are:

    unicast
    multicast
    broadcast

    LAN transmission protocols are the rules for communicating between computers on a LAN. Common LAN transmission protocols are:

    CSMA/CD
    polling
    token-passing

    LAN media access methods control the use of a network (physical and data link layers). They can be:

    Ethernet
    ARCnet
    Token ring
    FDDI

    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 105).

13. Which of the following is a device that is used to regenerate or replicate the received signals?

    • Bridge
    • Router
    • Repeater
    • Brouter
    Explanation:
    Repeaters offer the simplest form of connectivity. They regenerate received electrical signals at their original strength between cable segments. Bridges are devices used to connect similar or dissimilar LANs together to form an extended LAN. Routers provide packet routing between network segments. Brouter are devices that combine router and bridge functionality.
    Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 7: Telecommunications and Network Security (page 397).

14. Which of the following mechanisms was created to overcome the problem of collisions that occur on wired networks when traffic is simultaneously transmitted from different nodes?

    • Carrier sense multiple access with collision avoidance (CSMA/CA)
    • Carrier sense multiple access with collision detection (CSMA/CD)
    • Polling
    • Token-passing

15. Which of the following does NOT use token-passing?

    • ARCnet
    • FDDI
    • Token-ring
    • IEEE 802.3
    Explanation:

    IEEE 802.3 specifies the standard for Ethernet and uses CSMA/CD, not token-passing.

    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 104).

16. Which of the following can prevent hijacking of a web session?

    • RSA
    • SET
    • SSL
    • PPP
    Explanation:
    The Secure Socket Layer (SSL) protocol is used between a web server and client and provides entire session encryption, thus preventing from session hijacking. RSA is asymmetric encryption algorithm that can be used in setting up a SSL session. SET is the Secure Electronic Transaction protocol that was introduced by Visa and Mastercard to allow for more credit card transaction possibilities. PPP is a point-to-point protocol.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 89).

17. Which type of attack involves impersonating a user or a system?

    • Smurfing attack
    • Spoofing attack
    • Spamming attack
    • Sniffing attack
    Explanation:
    A spoofing attack is when an attempt is made to gain access to a computer system by posing as an authorized user or system. Spamming refers to sending out or posting junk advertising and unsolicited mail. A smurf attack is a type of denial-of-service attack using PING and a spoofed address. Sniffing refers to observing packets passing on a network.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 77).

18. Which of the following networking devices allows the connection of two or more homogeneous LANs in a simple way where they forward the traffic based on the MAC address ?

    • Gateways
    • Routers
    • Bridges
    • Firewalls
    Explanation:

    Bridges are simple, protocol-dependent networking devices that are used to connect two or more homogeneous LANs to form an extended LAN.

    A bridge does not change the contents of the frame being transmitted but acts as a relay.

    A gateway is designed to reduce the problems of interfacing any combination of local networks that employ different level protocols or local and long-haul networks.

    A router connects two networks or network segments and may use IP to route messages.

    Firewalls are methods of protecting a network against security threats from other systems or networks by centralizing and controlling access to the protected network segment.

    Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 7: Telecommunications and Network Security (page 397).

19. Which of the following statements pertaining to Asynchronous Transfer Mode (ATM) is false?

    • It can be used for voice
    • it can be used for data
    • It carries various sizes of packets
    • It can be used for video
    Explanation:
    ATM is an example of a fast packet-switching network that can be used for either data, voice or video, but packets are of fixed size.
    Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 7: Telecommunications and Network Security (page 455).

20. Which of the following technologies has been developed to support TCP/IP networking over low-speed serial interfaces?

    • ISDN
    • SLIP
    • xDSL
    • T1
    Explanation:
    Serial Line IP (SLIP) was developed in 1984 to support TCP/IP networking over low-speed serial interfaces.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 114).