Chapter 4: Communication and Network Security Domain 4 Practice Questions

Questions from the following topics are included in this domain:

• Assess secure network design principles.
• Implement secure network design principles.
• Secure network components using network access control devices.
• Implement secure design communication channels.
• Understand data communications and virtualized networks.

Understanding security around network and communications design principles is critical to passing the CISSP exam, and you need to score well because there is a high 13% weighting on this topic.

Practice questions for domain 4 include understanding the OSI layers, the TCP/IP model, IPsec, the details of IPv4, and the basics of IPv6. The successful CISSP will know how to design, secure, and manage wired and wireless networks.

After studying these practice questions, you will be prepared to pass the communication and network security section of the exam, including the important scenarios on networking protocols, wireless networks, and content distribution networks.

Questions

1. James, a network engineer, considers using SCP for copying files from one computer to another. Which connection-oriented protocol will be used?

   A. PAP

   B. TCP

   C. UDP

   D. ICMP

2. Daria, a network engineer, seeks to set up a network that uses CSMA/CA. Which of the following should she select?

   A. Wi-Fi

   B. FDDI

   C. Ethernet

   D. Token Ring

3. Dennis, a systems engineer, is upgrading 10 fax machines. What process should he use to dispose of the old fax machines?

   A. Print the last fax, and then dump in a dumpster.

   B. Use secure destruction methods.

   C. Clear the memory buffer and then discard.

   D. Simply dump in a dumpster.

4. Melanie, a systems administrator, needs a secure, private connection from her home to the office. Which technology makes this possible for her?

   A. IPsec

   B. Encryption

   C. Tunneling

   D. VPN

5. Emil is a network administrator setting up systems so that when users use FQDN, they are converted to IP addresses. Which technology is he configuring? (Choose two.)

   A. HTTPD

   B. NAMED

   C. DHCPD

   D. BIND

6. Danka, a network engineer, desires to add routers that make routing decisions based on hop count only. Which protocol should she select?

   A. EIGRP

   B. RIP

   C. OSPF

   D. IGRP

7. Camila is a network engineer in charge of the placement of detection systems for her organization. What type of device does she install for this functionality?

   A. Firewall

   B. IDS

   C. IPS

   D. HIPS

8. Sugita is a network engineer installing Network Intrusion Prevention Systems (NIPS) in his organization. What are the two methods he should employ to detect incidents and attacks? (Choose two.)

   A. Host

   B. Network

   C. Heuristic

   D. Pattern matching

9. Uchiyama is a network engineer tasked with explaining to management the differences between fraggle and smurf attacks. Which of the following is his BEST explanation?

   A. A fraggle attack is the same as a smurf attack but sends UDP packets instead of ICMP packets.

   B. A fraggle attack is the same as a smurf attack but sends ICMP packets instead of UDP packets.

   C. A fraggle attack is the same as a smurf attack but sends TCP packets instead of UDP packets.

   D. A fraggle attack is the same as a smurf attack but sends half-open packets instead of ICMP packets.

10. Darcey, a network administrator, needs to set up a web server that allows customer access. To do this, the device sits outside of the corporate firewall. In which area should she deploy this system?

    A. Intranet

    B. DMZ

    C. Internet

    D. Honeypot

11. IPv4 allows for about 4.3 billion IP addresses to be used on computers, tablets, smartphones, cameras, thermometers, and so on. Since the world ran out of IP addresses, IPv6 is one solution that extends the address space to more than 300 trillion trillion trillion IP addresses. What other systems increase IP address utilization? (Choose two.)

    A. DAT

    B. FAT

    C. NAT

    D. PAT

12. Kirlyam is a security administrator seeking the best way to defend her organization's network against sniffing. What is the BEST way for her to accomplish this?

    A. Enable DHCP.

    B. Encryption.

    C. Monitor for rogue access points.

    D. Heuristic firewall.

13. Aya is a network engineer looking to implement a security protocol that operates on the OSI application layer. Which of the following does she select?

    A. S/MIME

    B. RIP

    C. SSL

    D. TLS

14. Which of the following is an attack on web applications that injects client-side scripts into a web page?

    A. XSRF

    B. XSS

    C. SQL injection

    D. Input validation

15. Yamir, a network administrator, is asked to install a router to separate two networks within his LAN where there are no web or email services, instead of a firewall. After asking "Why not a firewall?", how does his network manager respond?

    A. Firewalls are less expensive.

    B. Routers are less expensive.

    C. Routers are stateful by default.

    D. Routers are stateless by default.

16. Which VPN protocol operates at layer 2 of the OSI model using 256-bit encryption?

    A. PPTP

    B. L2TP

    C. PPP

    D. IPsec

17. Chelsea is a security engineer completing setups for a single-sign-on system. Which system should she set up for the MOST secure authentication?

    A. EAP

    B. PAP

    C. MD5

    D. AES

18. A full-mesh network of four nodes requires how many connections?

    A. 7

    B. 6

    C. 5

    D. 4

19. Evelin is a network engineer tasked with architecting the network connection from headquarters to a field office 50 miles away. Which solution should she choose for BEST security and performance?

    A. 802.11n

    B. CAT5 cable

    C. Coaxial cable

    D. Fiber optic media

20. Brett is a network manager architecting a wired network through KloutCo. Part of the cabling will run above drop ceilings and through raised floors. Which of the following is his BEST recommendation?

    A. Use standard-grade cables because it is the least expensive.

    B. Use plenum-grade cables because in the case of a fire, standard-grade cables emit deadly gas.

    C. Use standard-grade cables because they are fireproof.

    D. Use plenum-grade cables because of their encryption features.

21. Daya, a network engineer, desires to configure a network using a star-type topology. Which of the following should she select?

    A. Partial mesh

    B. Wi-Fi

    C. Token ring

    D. Bus

22. Which of the following BEST describes the Media Access Control (MAC) address burned into a Network Interface Card (NIC)?

    A. A MAC address is 24 bits, and the whole thing is a manufacturer code.

    B. A MAC address is 24 bits, and the whole thing defines a unique address.

    C. A MAC address is 48 bits, and 24 bits define the manufacturer.

    D. A MAC address is 96 bits, and 48 bits define the manufacturer.

23. Cassia is an ethical hacker who cannot penetrate the network due to an advanced firewall. Which of the following should be her next step?

    A. Conclude the test and inform the client that their security levels will stop all attacks.

    B. Conduct reconnaissance.

    C. Attempt war dialing.

    D. Collect data using OSINT.

24. What is the primary purpose of an attacker launching an ARP poisoning attack?

    A. As a man-in-the-middle exploit

    B. To change the network's ARP table

    C. To modify IP addresses

    D. To decrease the acceptable resource pool

25. Jason, an ethical hacker, is working with Jefferson Bank to perform a penetration test. Which of the following is the MOST important step for him to complete?

    A. Reconnaissance.

    B. Confirm management buy-in by having them sign the working agreement.

    C. Network mapping and scanning for open ports and other vulnerabilities.

    D. Running the exploit.

26. Wireless access points and wireless systems use which technology?

    A. CSMA/CD

    B. Polling controls

    C. Token passing

    D. CSMA/CA

27. Which of these is NOT an attribute of a packet filter firewall?

    A. Makes use of access control lists

    B. Runs at the application layer

    C. Is a first-generation firewall type

    D. Inspects the source and destination addresses

28. TACACS and TACACS+ systems have which of the following two features? (Choose two.)

    A. Allows password changes

    B. Communicates via UDP protocols

    C. Encrypts passwords but not data

    D. Two-factor authentication

29. Which of the following BEST describes UTP cables?

    A. UTP cables have two conductors in concentric circles.

    B. UTP cables have two insulated twisted wires.

    C. UTP cables transfer data using laser signals.

    D. UTP cables have a range of 1 km before data signal loss.

30. Alexei is a marketing representative for GL Food Bars and maintains a mailing list for 5,000 customers. His ISP alerts him that his email server is sending spam to millions of users at 100 messages per minute. What is MOST LIKELY the problem?

    A. The most recent update to the email server was buggy.

    B. Millions of new clients have signed up for GL Food Bars information

    C. Hackers have compromised his email list.

    D. He has an open relay SMTP server.

31. Loren runs the networking department and desires to architect a system for her website customers that will simplify scalability, improve security, and ease implementation on various devices, such as smartphones, smartwatches, and laptops. Which model should she select?

    A. Demilitarized zone

    B. N-tier architecture

    C. Split DNS

    D. Split tunneling

32. Benvele is a hacker launching attacks on smartphones to gain access and download photos and contacts. What type of attack is this?

    A. Bluesnarfing

    B. Bluejacking

    C. Bluebugging

    D. BlueBorne

33. Kyle is a secretary working fast to get work done for his boss. During a short break, he visits social media and clicks a link for cheap Ray-Ban glasses. Unbeknownst to Kyle, a hacker has downloaded his browser's cookies. What is the name of this attack?

    A. XSRF

    B. XSS

    C. Cookie stealing

    D. Cookie monster

34. Fernando is a salesperson visiting one of his corporate field locations. He has the Wi-Fi password but still cannot access the internet because his browser requests another username and password. What is MOST LIKELY to be the trouble?

    A. The RADIUS server is not granting him a ticket.

    B. The SAML system has an incorrect password.

    C. Improper user ID for extensible authentication protocol.

    D. Port authentication is required through 802.1x.

35. Two popular networking models include OSI and TCP/IP. The TCP/IP application layer represents which layer(s) of the OSI model?

    A. Transport, session, presentation, application

    B. Session, presentation, application

    C. Presentation, application

    D. Application

36. Graphical imagery, whether it is JPEG, TIFF, or GIF, is generally processed in which layer of the OSI model?

    A. Application

    B. Presentation

    C. Session

    D. Transport

37. Mikoopst is a hacker seeking vulnerabilities to attack a bank and steal money electronically. Which network device is likely to be the weakest vulnerability?

    A. The bank website

    B. The firewall

    C. Fish tank thermometer

    D. The internal corporate website

38. Which protocol uses sequence and acknowledgment numbers to keep track of communications?

    A. ICMP

    B. UDP

    C. TCP

    D. IP

39. Sandor is a hacker attacking a user's online banking experience. While the user is logged in to their banking account, the user clicks an enticing email for free check-printing from their bank and allows the attacker to transfer money from the user's bank account. Which of the following BEST describes this attack?

    A. TCP hijacking

    B. XSRF

    C. XSS

    D. SQL injection

40. Which of the following is an example of protocols that would operate at the session layer of the OSI model?

    A. RPC and FTP

    B. PAP and PPTP

    C. TCP and UDP

    D. ICMP and RIP

41. Aleksandra is an ethical hacker manipulating TTL values to determine where firewalls are located. What technique is she using?

    A. Ping-of-death

    B. TTL trace

    C. Tracerouting

    D. Firewalking

42. The networking system designed to guarantee good performance of data flow and prioritize applications is known as what?

    A. Prioritization

    B. QoS

    C. Service quality

    D. Guaranflo

43. Jorge is starting a new CBD business and desires to set up his online shopping cart. He wants users to trust his store, so he registers a digital certificate with which role for the PKI?

    A. RA

    B. CA

    C. CRL

    D. Root

44. What is the primary difference between baseband and broadband technologies?

    A. Baseband is for cable TV only.

    B. Baseband transmits over a single channel, and broadband over multiple channels simultaneously.

    C. Broadband is for cable TV only.

    D. Broadband transmits over a single channel, and baseband over multiple channels simultaneously.

45. Anfisa, a network engineer is asked to inspect a network and determine whether it should be upgraded to fiber optic. Building-to-building connections are connected using coaxial cables, and privacy information is showing up on PASTEBIN. What is her recommendation for BEST security?

    A. Save money and make no changes because fiber optic cable is expensive.

    B. Save money and enable encryption for business-to-business communications.

    C. Upgrade the network to fiber because it is less expensive than STP.

    D. Upgrade the network to fiber because EMI transmissions are being intercepted.

46. Philyuk is a sales manager who is ready to get to work. He opens his laptop, connects to the Wi-Fi, but cannot access the internet. He notices that he has an IP address of 169.254.3.4 but still cannot access his online bank. What is MOST LIKELY to be the problem?

    A. The internet is down.

    B. The DHCP server is down.

    C. The bank's web server is down.

    D. His network card is disabled.

47. Azan is part of the network security team and they are setting up a Wi-Fi system that allows any member of the company to connect to the network when at the office. Which feature should he recommend to help secure access to the network?

    A. DHCP snooping

    B. Flood guards

    C. Integrity checking

    D. Encryption

48. Marcgerm is an overseas hacker conducting reconnaissance on the victim's network at EB Inc. What safeguards can the security team put in place to mitigate the attack?

    A. Install an NIDS to block network threats.

    B. Close ports 161 and 162 on the firewall and enable SNMPv3.

    C. Upgrade the network from SNMPv1 to SNMPv2.

    D. Attacks using SNMP are impossible to mitigate.

49. Nicole, a systems administrator, is seeking methods to defend her public DNS server from hackers. Which of these is her BEST solution?

    A. Enable encryption.

    B. Deny access to everyone except staff.

    C. Install an HIDS.

    D. Enable DNSSEC.

50. Matt is a salesperson for Wilco and plans to use the Wi-Fi offered at his local restaurant. He enters the Wi-Fi password but cannot access the internet like others there. The computer works fine at home on the VPN and at work. What is MOST LIKELY to be the problem?

    A. He cannot access the DHCP server in the restaurant.

    B. He has a static IP address set.

    C. The DHCP server is down within the restaurant.

    D. A hacker is altering the restaurant's network.

51. Luis is a systems administrator at East School, and the board is requesting a network that allows students to reach Google but disallows access to X-rated websites. Which system is BEST for him to install?

    A. Switch

    B. Proxy

    C. Repeater

    D. Router

52. Which of the following is a difference between an application-level firewall over a circuit-level firewall?

    A. Circuit-level firewalls are, in general, slower than application-level firewalls.

    B. Application-level firewalls do not require a proxy for each protocol monitored.

    C. An application-level firewall can perform deep packet inspection.

    D. A circuit-level firewall performs deep packet inspection.

53. What are the port numbers for these services, respectively?

    HTTP, FTP, SSH, SMTP, IMAP

    A. 443, 21, 23, 25, 123

    B. 80, 21, 23, 53, 143

    C. 80, 21, 22, 25, 143

    D. 443, 20, 22, 25, 110

54. Molly is a network engineer tasked with reducing interference on VoIP phones within the network. Which of the following is her BEST solution?

    A. Place all SIP- and RTP-related traffic into a separate VLAN.

    B. Place VoIP phones onto their own switch within the subnet.

    C. Reduce the thresholds on the NIDS devices.

    D. Develop corporate policies to limit phone use.

55. Alla, a network engineer, needs to extend a network so that computers 100 meters away from each other are on the same subnet. Which technology should she use to extend the network?

    A. Router

    B. Bridge

    C. Gateway

    D. Firewall

56. RIP is a distance-vector routing protocol. Distance-vector routing protocols make routing decisions based on what?

    A. Physical distance measured in centimeters and kilometers if preferred

    B. A combination of physical distance and number of hops

    C. Number of hops, network load, and packet size

    D. Minimum number of hops to reach the destination

57. Narkyia is an email administrator and her email server is being used to send forged emails. What technology can she install to mitigate this issue?

    A. SSL

    B. SPF

    C. SASL

    D. SMTP

58. Difata is new to hacking and has discovered a new attack. The instructions state that to best breach the victim server, you should launch the attack on IP address 127.0.0.1. What type of individual is Difata?

    A. Script kiddie

    B. Skilled hacker

    C. Ethical hacker

    D. White hat hacker

59. Olulowo is a network engineer asked to install an internal DNS server for staff and a separate DNS server on the internet for the public. He decides to install which type of setup?

    A. Split-network

    B. Split-DNS

    C. Split-VPN

    D. Split-IP

60. Alice is a network engineer being consulted as to why network transmissions have slowly degraded over time. The small company has grown and installed microwave ovens in the break rooms, and the 100 new staff are using cell phones. What is her recommendation?

    A. Create new policies not allowing the use of cell phones at work, and remove the microwave ovens.

    B. After researching the environment, there is really nothing more that can be done.

    C. Upgrade the STP cabling to UTP cabling.

    D. Upgrade the UTP cabling to STP cabling.

61. Technologies such as Fiber Channel over Ethernet, Multiprotocol Label Switching, VoIP, and Internet Small Computer System Interface are examples of which protocol?

    A. Fiber optics

    B. IP convergence

    C. Ethernet

    D. Storage

62. Translating a set of public addresses to private addresses is accomplished with what method?

    A. NAT

    B. TCP

    C. RFC

    D. Teredo

63. Mattrich uses a VPN to work from his Apple computer. While connected, he clicks a link from his personal email account. Days later, corporate offices are down because of a massive ransomware attack. What MOST LIKELY occurred?

    A. Mattrich infected the company because he read his personal email.

    B. Mattrich infected the company because he was using VPN split tunneling.

    C. Mattrich infected the company because he disabled VPN encryption.

    D. Mattrich infected the company because they mostly use Microsoft computers.

64. Josh, a networking intern, is connecting two computers in a LAN. System A has IP address 192.168.4.7/24, and system B has IP address 192.168.5.8/24. He tests the connections using ping but gets the error message host unreachable. They are both properly plugged in to the switch. What is MOST LIKELY the problem?

    A. One of the cables is broken.

    B. The systems are improperly connected.

    C. Josh needs to use a hub instead of a switch.

    D. The systems are on separate subnets.

65. Which ports are considered the MOST well-known ports?

    A. 1-1024

    B. 0-1023

    C. 0-1024

    D. 1-1023

66. In the OSI model, which layer converts voltages to bits?

    A. Bitwise

    B. Physical

    C. V2Bit

    D. Data link

67. Carolina is a network engineer and notices that network traffic has degraded to 50% of normal. After investigating, she discovers the problem. What did she determine?

    A. A new employee was streaming online music.

    B. The firewall was blocking the ports to access the web server.

    C. The manufacturer of the routers reported several zero-days that affected performance.

    D. Degradation only occurs in the evening when the users shut down their computers.

68. Noon, a network engineer, has been tasked with setting up a Wi-Fi network by upgrading the firmware of older-generation WAPs currently using WEP security. She is asked to improve the security without replacing the WAPs. Which level of security should she choose?

    A. Open authentication

    B. WEP

    C. WPA

    D. WPA2

69. This technology logically groups networked computers by function or department and enhances security by segregating data traffic, for example, by separating VoIP traffic. What is this technology called?

    A. VLAN

    B. VPN

    C. DNS

    D. DMZ

70. The TCP and UDP protocols are common in that they transfer data. What is the key difference between the two protocols?

    A. TCP is unreliable and transmits data faster than UDP.

    B. UDP is connectionless and has greater potential for data loss.

    C. UDP utilizes a three-way handshake.

    D. TCP is great for digital video and audio applications.

71. VPNs have which of these characteristics? (Choose two.)

    A. VPN connections occur through software applications only.

    B. VPN connections can occur through hardware or software utilities.

    C. VPN connections must utilize IPsec.

    D. VPN implementations can be accomplished through certificate or key exchange.

72. Peter is a security analyst reviewing network logs and notices that from 10 PM-4 AM, the server reports attempted connections on ports 0, 1, 2, 3…, and 1023 from an unknown system on the internet. What type of attack is occurring?

    A. NMAP

    B. Port scanning

    C. HPING

    D. DDOS

73. Serena is a hacker, exfiltrating corporate files to her partner, Janine. What is the BEST way for Serena to launch the upload without getting caught?

    A. Janine builds an SSH server so that Serena can launch a covert channel and tunnel HTTP over SSH.

    B. Janine builds an SSH server so that Serena can launch a covert channel using SSH.

    C. Janine builds an FTP server so that Serena can launch a covert channel using FTP.

    D. Janine builds a Telnet server so that Serena can launch a covert channel using Telnet.

74. Simone-Jeannelle is a chemical engineer transferring work-from-home data to her office. As she transfers files from her house, she notices the transfer is taking much longer than expected. The network administrator states the network is functioning normally. What is the MOST LIKELY issue?

    A. She needs to upgrade her home-based SDSL modem to ADSL.

    B. Her home-based ADSL modem downloads faster than it uploads.

    C. The office firewall is doing deep packet inspection.

    D. The office server is under a DOS attack.

75. Which of these are characteristics of a bridged network? (Choose two.)

    A. Layer 3 network device

    B. Connects two disparate networks

    C. Layer 2 network device

    D. Extends the current network

76. Bryce is a network engineer reviewing an RFP that states they require systems that work with CSMA/CD technologies. Which solution should he suggest?

    A. Wireless access points throughout the environment

    B. Ethernet connections because of the cabling

    C. Fiber optics because of its performance

    D. DVD/CD technology because it will work with CDs

77. Lai is a security engineer working with the networking department. During an audit, she notices the use of several old hubs in secure, networked environments. What is MOST LIKELY to be her recommendation?

    A. Replace the hubs with switches.

    B. Update the firmware on the hubs.

    C. Upgrade the hubs to the latest hub technology.

    D. Divide hubs with eight connections to make two hubs with four connections each.

78. Barry is a network engineer seeking to directly network two nearby buildings. Which option should he choose since the empty land between the two buildings is owned by his competitor?

    A. Connect the buildings via fiber channels.

    B. Install a Yagi antenna.

    C. Connect the buildings using CAT5 ethernet.

    D. Install building-to-building Bluetooth.

79. Avril is a systems administrator setting up email for her users. They are able to send email but not receive it. What is the MOST LIKELY problem?

    A. No email client is installed.

    B. No email server is installed.

    C. Port 25 needs to be opened on the firewall.

    D. Port 110 needs to be opened in the firewall.

80. Which protocols operate at the application, presentation, network, and data link layers, respectively?

    A. Pretty Good Privacy, routing information protocol, address resolution protocol, IPsec

    B. Routing information protocol, Pretty Good Privacy, IPsec, address resolution protocol

    C. Address resolution protocol, IPsec, Pretty Good Privacy, routing information protocol

    D. IPsec, Pretty Good Privacy, routing information protocol, address resolution protocol

81. Huisha is a security engineer deploying several honeypots. Her manager suggests that once a hacker is identified, the system should automatically attack the hacker's system and wipe the hacker's hard drive. Why does she tell the manager this is not recommended?

    A. It is technically impossible to launch a counter-attack.

    B. Hackback is against the law.

    C. There are not enough staff to conduct the remote hard-drive wipes.

    D. Hackback is too difficult to automate.

82. Of the following options, which provides the least protection to data in motion?

    A. WEP

    B. WPA

    C. L2TP

    D. PPTP

83. Which of these is a type of prevention system that performs IOC pattern matching, such as comparing instruction sequences of known malware or correlating known file hashes?

    A. Heuristic-based

    B. Network-based

    C. Signature-based

    D. IDS

84. What is another term for a pharming attack where victims get diverted to an attacker's fake website?

    A. DNS poisoning

    B. Flooding

    C. IP forwarding

    D. Phishing

85. Which setting does traceroute manipulate in the TCP/IP model?

    A. UDP

    B. TTL

    C. Data link

    D. Frame header

86. Hackers look for soft, vulnerable targets to attack, as they make it easier to upload exploits. Security engineers harden these systems by disabling which features? (Choose two.)

    A. FTP

    B. SSH

    C. HTTPS

    D. Telnet

87. Justin is a senior security officer asked for his opinion on installing wireless access points in a secure area. What does he recommend as security levels for the implementation?

    A. WPA

    B. WPA2

    C. WEP

    D. Open system

88. Of the following, which two are NOT VPN protocols? (Choose two)

    A. RADIUS

    B. Kerberos

    C. L2TP

    D. PPTP

89. Aziza is a network administrator setting up a private network with non-routable IP addresses. Which network block should she use?

    A. 169.254.0.0/16

    B. 192.168.0.0/8

    C. 127.0.0.0/8

    D. 192.16.0.0/8

90. Louis, a security engineer, is testing methods to defeat the firewall. Which method would he find MOST effective?

    A. Fragmentation

    B. Firewalking

    C. Changing static IP address

    D. Encryption

91. Alan is a network engineer tasked with writing firewall rules that allow SYN-ACK-SYN communications. Which protocol should he set to permit?

    A. UDP

    B. TCP

    C. ICMP

    D. IP

92. What are the BEST examples of IPv6 addresses here? (Choose two.)

    A. ::1

    B. a:b:c:d:d:c:b:a

    C. :::1

    D. a:b:c:d:e:f:g:h

93. A system that encrypts a symmetric key so that two users can use this key for secret messages is known as what?

    A. DSS

    B. Diffie-Hellman

    C. AES

    D. MD5

94. At which layer does IPsec operate within the OSI model?

    A. Application

    B. Physical

    C. Data Link

    D. Network

95. Devar is a systems administrator who manages 1,000 users and their email usage. What is his number one security issue with email?

    A. Poor passwords

    B. Phishing attacks

    C. Use of Thunderbird and other open source email clients

    D. Disk space utilization

96. The network interface layer of the TCP/IP model is equivalent to which layer of the OSI model?

    A. Application

    B. Data link

    C. Session

    D. Network

97. Which device operates at the data link layer of the OSI model?

    A. Firewall

    B. Hub

    C. Switch

    D. Router

98. Which of these protocols operate at the transport layer of the OSI model? (Choose two.)

    A. TCP

    B. ICMP

    C. UDP

    D. RARP

99. The ARP command (address resolution protocol) notifies the user of which MAC address a computer uses by providing the IP address of that system. ARP collects data from which layers of the OSI model?

    A. Network and data link

    B. Physical and data link

    C. Network and transport

    D. Presentation and application

100. Irina, a systems engineer, is in the process of installing fax machines on a corporate network. Where is the BEST place for her to install these for the best security?

     A. Break room

     B. SOC

     C. Computer room

     D. Utility closet

Quick Answer Key

Answers with explanations

1. Answer: B Password Authentication Protocol (PAP) is an authentication system used for verifying users. SCP does not use PAP because it does not encrypt like Extensible Authentication Protocol (EAP) will. The Transmission Control Protocol (TCP) verifies that each packet has reached its destination. The User Datagram Protocol (UDP) does not verify that a packet has reached its destination. The Internet Control Message Protocol (ICMP) is a protocol that sends error messages based on whether a packet can reach a router or node.
2. Answer: A FDDI and Token Ring networks use tokens to pass messages from one node (computer) to another. Ethernet uses Carrier Sense Multiple Access with Collision Detection (CSMA/CD), where systems listen for the absence of data transmission before sending packets. Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) includes systems that transmit a ready-to-send signal to determine whether it is okay to send data.
3. Answer: B Secure destruction means removing and destroying the hard drive because it contains records of fax messages sent and received. The other options can leak users' private records.
4. Answer: D Virtual Private Networks (VPNs) use tunneling protocols, including IPsec and encryption, to allow private, secure networks from home to office or office to office.
5. Answer: B and D On Linux systems, the Domain Name Service (DNS) feature is either called NAMED or BIND, which resolves frequently used domain names (FQDNs) to IP addresses. HTTPD is used to run a web server on the computer. DHCPD allows the computer to run as a DHCP server and supply IP addresses to new clients that join the network.
6. Answer: B Routing Information Protocol (RIP) is a distance routing protocol that uses hop count metrics to transfer packets from a client to a server. Open Shortest Path First (OSPF) uses link states such as congestion or lag to determine the best path for packets. Enhanced Interior Gateway Routing Protocol (EIGRP) is an upgrade of Interior Gateway Routing Protocol (IGRP), which relearns the best paths for packets, always using the better-performing paths for packets to travel by.
7. Answer: B An Intrusion Detection System (IDS) will report and log, but not block, an incident. Firewalls, Intrusion Prevention Systems (IPSes), and Host-Based Intrusion Prevention Systems (HIPSes) all report and block the exploit.
8. Answer: C and D Heuristic prevention systems look for anomalies outside of a baseline to detect attacks. Pattern-matching systems look for signatures of known attacks, leaving them vulnerable to zero-day attacks since there is no known solution. Host-Based Intrusion Detection Systems (HIDSes) and Network-Based Intrusion Prevention Systems (NIPS) are programmed to employ pattern matching and heuristics to detect attacks.
9. Answer: A A fraggle attack sends UDP packets to the local broadcast address and spoofs the source address, which is the target server the attacker wants to disrupt with a Denial of Service (DOS) attack. Smurf and fraggle attacks can be mitigated by disabling echo requests. Half-open packets are TCP packets that do not respond to ACK requests, thereby not completing the handshake.
10. Answer: B The Demilitarized Zone (DMZ) allows organizations to provide customer access to servers and still provide some level of security. The intranet is a protected area for employees only. A honeypot is a system designed to distract hackers so that researchers can gain intelligence on new attacks.
11. Answer: C and D Digital Audio Tape (DAT) is used to record audio, video, and data. File Allocation Table (FAT) is a Windows-based filesystem. Network address translation and port address translation allow organizations to use a common set of internal addresses behind some unique internet address.
12. Answer: B Sniffing allows an attacker to monitor a network and collect information such as login names, passwords, emails, files, and more. The best mitigation is encryption. The other options do nothing to protect data on the network.
13. Answer: A RIP is an application layer protocol but contains no security features. The Secure Sockets Layer and Transport Layer Security provide encryption at the presentation layer.
14. Answer: B Input validation is one of the mitigations of Cross-Site Scripting (XSS) and SQL injection. XSRF is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. SQL injection is an attack where an attacker injects SQL commands via a web application to extract unauthorized information from a backend database. Reference: https://owasp.org/www-community/attacks/csrf

    https://owasp.org/www-community/attacks/SQL_Injection.

15. Answer: D Since the users are operating within LANs that have no web or email services, there is no requirement for stateful services, so a stateless system is most desired in this case.
16. Answer: B Layer 2 Tunneling Protocol (L2TP) does not encrypt by default, so combined with IPsec, it provides better security compared to PPTP because of the higher-grade encryption but runs slower. PPP and IPsec are not VPN protocols.
17. Answer: A PAP sends login and password information in clear text, making it insecure. MD5 is a hashing algorithm, and AES an encryption algorithm. EAP not only encrypts authentication but also can manage certificates, tokens, and other authentication devices.
18. Answer: B The formula used to determine the number of connections in a full-mesh network is N(N-1)/2. In this case, N=4. Substituting the value into the formula 4(4-1)/2 equals 4x3/2, which becomes 12/2, and the result of that is 6. So, six total connections for a four-node full-mesh network.
19. Answer: D The key point in this question has to do with range, where fiber optic media can travel around 200 kilometers before significant signal loss. Coaxial cable can travel about 500 meters before significant signal loss. The range for CAT5 is about 100 meters, and 802.11n Wi-Fi gets about 30 meters before significant signal loss.
20. Answer: B Plenum-grade cables are coated with fire retardant so that they emit less smoke when they ignite. Plenum is used for Heating, Ventilation, and Air Conditioning (HVAC) systems and for circulating oxygen throughout entire buildings. The high oxygen content increases fire risk, so the cabling choice is critical for human safety.
21. Answer: B A partial-mesh topology connects all systems together. For example, if there are four nodes, there will be six connections, whereas if the star type was used, the four nodes would connect to a single switch. For a Token Ring topology, the four systems would be connected in a ring, and a token would move counterclockwise and receive and transmit data for that node. A bus network would simply daisy chain the four nodes, and resistors would be installed at each end to signal the end of the bus.
22. Answer: C The MAC address burned into a NIC is 48 bits, where the first 24 bits define the manufacturer and the last 24 bits are the card's unique identifier. Ideally, there will be no duplicate MAC addresses in the entire world.
23. Answer: C Open Source Intelligence (OSINT) is a reconnaissance technique to learn more about the victim using Google, Netcraft, and other public sources. After scanning for network vulnerabilities, hackers test for modems using war dialing because these are not often forgotten when securing the environment. Answer A is wrong because there is no such thing as perfect security.
24. Answer: A The key part of this question is the primary purpose. Changing the ARP table is how the attack is exploited, but the purpose of the attack is to listen to packets passing through the network, so A is the better answer here. Options C and D are false answers.
25. Answer: B An important key in understanding the CISSP exam is that it is more of a management exam than a technical exam. More often, the candidate should choose the management answer over technical answers because they define how and what technologies to use.
26. Answer: D Wireless technologies use Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) instead of CSMA/Collision Detection (CSMA/CD). Token Ring networks use token passing to send and receive messages. Polling networks are used within SCADA technologies.
27. Answer: B Packet filtering firewalls work at the network and transport layers. Also, these firewalls are stateless, which means internal requests must be approved by an administrator. The network administrator will create a rule in the firewall to allow the user to communicate with the specific remote site.
28. Answer: A and D TACACS (pronounced "takaks") and TACACS+ (pronounced "tak plus") communicate via TCP for better reliability and encrypt all packets. RADIUS communicates via UDP and encrypts passwords only as a AAA (authentication, authorization, and accounting) server.
29. Answer: B Unshielded Twisted Pair (UTP) has a range of about 100 meters before signal loss, whereas fiber optics can run about 1 kilometer before data loss. Conductors in concentric circles form a coaxial cable.
30. Answer: D Most likely, Alexei is running an unsecured SMTP server. Recent updates to the server are not under the control of Alexei and are tested by the cloud provider. Hackers are sending spam to millions of accounts, not his 5,000 users, so the email list is of no concern to the hackers.
31. Answer: B An N-tier architecture decouples services into multiple tiers, the most common being the three-tier model. The presentation layer resides at the top and displays differently depending on the device. Below that sits the logic area, where coding is done, for example, HTML. The bottom layer is data where images, videos, customer information, and so on are stored. Split DNS provides a DNS server for the intranet and internet. Split tunneling allows an employee to use a VPN for work resources and not use the VPN for non-work activities. A DMZ is where the public-facing website resides.
32. Answer: A Bluejacking allows an attacker to send spam to the victim's phone. Bluebugging allows hackers to eavesdrop on phone calls. When the hacker infects the victim's device with malware and then takes control, this is considered a BlueBorne attack.
33. Answer: B CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. XSS attacks occur when an attacker uses a web application to send a malicious script to a different end user that can access any cookies, session tokens, or other sensitive information and can even rewrite the content of an HTML page. Cookie stealing and cookie monster are false answers. Learn more here: https://owasp.org/www-community/attacks/csrf

    https://owasp.org/www-community/attacks/xss/

34. Answer: D Kerberos authenticates with tickets, not RADIUS. SAML is used to authenticate a user to another service provider, for example, a bank partnered with check printers, which is not happening here. EAP is a communication protocol, not an authentication protocol.
35. Answer: B The OSI transport layer matches the TCP/IP host-to-host layer, and the OSI network layer matches the TCP/IP internet layer, and the OSI data link and physical layers match the TCP/IP network access layer.
36. Answer: B The application layer is where programs reside. The presentation layer processes data on how it should appear or sound to the user. The session layer manages communications between applications. The transport layer manages communications between nodes (such as computers, laptops, and smartphones).
37. Answer: C Internet of Things (IoT) devices are attacked more frequently because security is often overlooked for these devices. This also includes thermometers, IP cameras, refrigerators, televisions, multi-function printers, and others (the question states they are all network devices).
38. Answer: C TCP provides a guaranteed connection from host to host. To do this, it tracks data receipts through acknowledgment numbers. UDP is connectionless and makes the greatest effort to ensure that data reaches its destination. If a packet is lost, it does not know. The IP header tracks data fragments, and ICMP is used to verify nodes exist and are running.
39. Answer: B The attacker uses the session information to strengthen the spoofing details of the victim and performs session hijacking using the victim's already-approved credentials with the bank. The user thinks they were simply disconnected. XSS allows the attacker to run a script on the user's computer. SQL injection is an attack on a web server to send SQL commands and download credit card numbers and so on. Learn more here: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery
40. Answer: B Although RPC operates at the session layer, FTP operates at the application layer. TCP and UDP operate at the transport layer, and ICMP operates at the network layer. RIP operates at the application layer.
41. Answer: D Firewalking uses traceroute and TTL values to find firewalls, determine which services the firewall allows, and map networks. Ping-of-death is a DOS attack that spoofs the source address, and all requests head to the victim machine.
42. Answer: B Quality of Service (QoS) prioritizes applications such as VoIP systems to guarantee a level of quality. The other options are false answers.
43. Answer: A The Registration Authority (RA) verifies and validates the user. The Certificate Authority (CA) signs the certificate and returns it to the user (Jorge, in this case). The Certificate Revocation List (CRL) is a list of expired and revoked certificates. The root CA maintains all of the certificates it has signed; this system is very secure; for example, it is air-gapped.
44. Answer: B Baseband is usually used for Ethernet networks over coaxial, fiber optic, or twisted pair. Broadband can transmit data, audio, and video at the same time as radio waves, coaxial, or fiber optic.
45. Answer: D Encryption can be broken, so the best option is fiber optic cable because it emits no Electro-Magnetic Interference (EMI). Shielded twisted pair is much lower in cost than fiber optic.
46. Answer: B. IP addresses in the form of 169.254.xxx.xxx have autoconfiguration enabled, which provides a system with an IP address until the DHCP server recovers. Use is very limited, and the user will not be able to access the internet with this IP address.
47. Answer: A DHCP snooping assigns IP addresses only to systems assigned by network administrators. Flood guards would help with DOS attacks. Integrity checking and encryption would not secure the network connections.
48. Answer: B An NIDS will only report threats, not block them. An NIPS would be more appropriate. Only SNMPv3 encrypts community strings, which carry passwords to routers and switches.
49. Answer: D Since this is a public Domain Name Service (DNS) server, restricting traffic to staff would make it useless to the public, and the encryption of zone information would make it useless as well. An HIDS would not protect the server, nor would Domain Name System Security Extensions (DNSSEC), which ensures that zone transfers are authenticated and robust.
50. Answer: B Since other customers are not complaining, the DHCP server is functioning fine, and a hacker would kick everyone off the network, not only Matt.
51. Answer: B Basic routers are not designed to block internal website requests, but advanced multi-layer routers can. Proxies are designed to protect the LAN and can be configured to block websites users are attempting to access.
52. Answer: C Application-level firewalls not only consider ports, IP addresses, sources, and destinations but can perform deep packet inspection. This further inspection hurts performance as compared to other firewalls, and encryption can mitigate the useful purpose of an application-level firewall.
53. Answer: C HTTPS = 443, FTP-DATA=20, FTP-AUTHENTICATION=21, Telnet=23, DNS=53, POP3=110, NTP=123
54. Answer: A SIP is used to initiate phone calls on VoIP systems, and Real-Time Transport Protocol (RTP) carries the conversation. Placing VoIP phones within their own VLAN assures that only VoIP traffic is allowed in this subnet.
55. Answer: B Routers and gateways can extend a network, but computers will reside on different subnets. A firewall is an NIPS designed to block threats from attackers.
56. Answer: D Link-state routing protocols are more accurate than distance-vector protocols such as RIP, because they look at the number of hops, network load, packet size, and more to determine the best routes for packets. OSPF is a link-state routing protocol.
57. Answer: B Sender Policy Framework (SPF) verifies that emails are coming from where they say they are coming from. Simple Authentication and Security Layer (SASL) is used to authenticate users so they can read their emails. Secure Sockets Layer (SSL) protects communications through encryption; TLS replaced SSL because of its vulnerabilities. SMTP manages sending email to people.
58. Answer: A Script kiddies are new to hacking and therefore very unskilled. In this case, the hacker has launched the attack on himself because 127.0.0.1 is the localhost address of his computer (and every computer). A white-hat hacker and ethical hacker are the same, and they are paid to audit the security of a business.
59. Answer: B Split-DNS provides a secured internal DNS server for internal requests, and the internet-based DNS server provides basic DNS servers for the public, and some access to corporate sites, such as other websites and mail servers.
60. Answer: D Unshielded Twisted Pair (UTP) cables can be vulnerable to crosstalk. Shielded Twisted Pair (STP) greatly reduces issues related to crosstalk and other interference.
61. Answer: B IP convergence entails utilizing internet protocols to provide other services not initially intended, such as phone services with VoIP or data transfers to storage devices with iSCSI.
62. Answer: A Network Address Translation (NAT) maps external addresses, such as 1.2.3.4, to internal addresses, such as 10.0.0.4. Transmission Control Protocol (TCP) provides connection-oriented communications. Request for Comment (RFC) is a set of standards provided by the Internet Engineering Task Force. Teredo provides IPv6 functionality within IPv4 networks.
63. Answer: B VPN split tunneling allows a user to connect with a secured corporate network for work-related activities and an unsecured public tunnel for personal work. In cases like this, it is possible for malware to transfer from the public to the private network. For best security, disable split tunneling.
64. Answer: D System A is on the 192.168.4.0 subnet, and system B is on the 192.168.5.0 subnet. One way to fix this is to switch system B's address to 192.168.4.8. Replacing cables and checking connections would result in the same issue. Hubs are inherently insecure because all traffic can be monitored.
65. Answer: B Well-known ports include FTP (port 21), SSH (port 22), HTTP (port 80), and others. Ports 1024-49151 are called the registered ports, which vendors specify for their proprietary applications. The dynamic ports start at 49152-65535 and are available as needed for applications.
66. Answer: B Bitwise and V2Bit are false answers because they are not layers in the OSI model. The data link layer converts bits into frames.
67. Answer: C The impact of digital music would introduce negligible performance issues, and if a firewall is blocking ports to a web server, degradation would be 100% for just that service only, not the entire network. Shutting down computers reduces network load, so the most likely cause is malware on the network routers.
68. Answer: C Open authentication provides no security at all because no password is required to access the network. WEP is relatively easy to crack. WPA2 would be the very best to use, but older-generation devices do not have that capability. WPA is much more difficult to crack than WEP.
69. Answer: A Virtual LANs (VLANs) allow administrators to group systems together based on function or need. VPNs allow direct connections from a single machine to home or office. DNS performs IP address lookups when a user provides a domain name. The DMZ is where companies position customer-accessible websites just outside of their LAN on the internet.
70. Answer: B UDP is connectionless, so is better for digital video and audio applications because it does not require packet-receipt verification, like TCP, because TCP utilizes a three-way handshake.
71. Answer: B and D VPN connections can encrypt data in other manners, not with IPsec only; but IPsec is supported worldwide.
72. Answer: B NMAP and HPING are utilities that can perform port scans, searching for vulnerabilities on the server. A Distributed Denial of Service (DDOS) attack would harm server performance and come from several multiple IP addresses.
73. Answer: A Telnet is used for remote logins, not remote file transfers, so Serena would get caught and not transfer any files. Serena is likely to get caught using FTP because it does not encrypt. SSH is used for remote logins. To transfer files, she would need to use Secure Copy (SCP). Using HTTP services appears normal, so it would not alert system administrators.
74. Answer: B Asymmetric Digital Subscriber Line (ADSL) modems generally download eight times faster than they upload. Since she's transferring data to the office, it's uploading from home, at a much slower rate. Symmetric Digital Subscriber Line (SDSL) would be an upgrade for her from ADSL, giving her much faster upload speeds from home. C and D are not correct because the network administrator states the network is running fine.
75. Answer: C and D Routers operate at layer 3 and connect two disparate networks.
76. Answer: B CSMA/CD works in Ethernet bus networks only, which are half-duplex, so a message can only be sent when the network is clear. Full-duplex allows traffic to be sent without delay, such as in fiber networks. Wireless networks use Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA).
77. Answer: A Hubs, in general, are insecure because users can observe all traffic passing through the hubs, even data not intended for them. Switches allow traffic to connect directly to targets, making it more difficult for attackers to eavesdrop.
78. Answer: B Bluetooth is short-range, extending to about 10 meters, and fiber and Ethernet would require permission from the landowner between the two buildings. Yagi is best for site-to-site connections with ranges of up to several miles, as long as there is no interference.
79. Answer: D Since users are able to send emails, an email client and server are installed and running. Since users are able to send emails, SMTP is working fine on port 25.
80. Answer: B Yep, RIP is a layer 7 protocol. Encryption and decryption are generally done at layer 6 but can also occur at other layers, including layer 3, depending on the protocol. MAC addresses are utilized at layer 2. Reference: https://www.geeksforgeeks.org/routing-information-protocol-rip/.
81. Answer: B Many technologies exist to perform hackback, but it is against the law.
82. Answer: C The Layer 2 Tunneling Protocol (L2TP) provides no encryption. Wired Equivalent Privacy (WEP) is the weakest wireless standard. Wi-Fi Protected Access (WPA) provides even stronger security to wireless networks using TKIP to strengthen initialization vectors, which provides more variance to encryption keys. Point-to-Point Tunneling Protocol (PPTP) is a tunneling protocol to secure VPNs.
83. Answer: C Indicators of Compromise (IOCs) that match patterns are used in signature-based detection and prevention systems. Since the question specifically mentioned a prevention system, an IDS would be an incorrect answer. These systems can either be host- or network-based, and heuristic IOCs are measured against some baseline. When the IOC is outside of that baseline, it is flagged as malware.
84. Answer: A Phishing attacks use spoofed emails to gain the victim's trust, and usually contain links that forward users to fake websites when they click them. IP forwarding is used to re-route packets to an alternate network, for example, from the WAN to the LAN. Flooding is used as an availability attack on a website, sending noise so that others cannot access the site.
85. Answer: B The Time-to-Live (TTL) field decrements a counter for each router hop it takes for a packet to reach its destination. If the counter reaches zero before reaching the destination, the packet drops.
86. Answer: A and D Among other issues, Telnet and FTP both transmit data in clear text, allowing man-in-the-middle attackers to view entire conversations, including login names and passwords. SSH and HTTPS encrypt entire conversations, making it very difficult for hackers to run their exploits.
87. Answer: B An open system provides no security at all, allowing users to access a wireless access point without a password. WEP offers authentication, but it is very easy for even a script kiddie to attack. WPA is very strong, but WPA2 is the strongest and best solution for a secure area when using wireless access points.
88. Answer: A and B RADIUS and Kerberos are single-sign-on systems allowing users to access a network of systems with a single login and password. L2TP is the recommended VPN protocol over PPTP because it uses IPsec for encryption.
89. Answer: B The 127.0.0.0/8 network range is the localhost. Every computer has a localhost address, and it points to itself. 169.254.0.0/16 is the APIPA address suite, where a temporary IP address is provided for LAN usage, but not the internet. A DHCP server will provide an address for internet use once the server is up and running. 192.16.0.0/8 is an example of a public IP address.
90. Answer: D Encryption will also encrypt malware signatures that a firewall will not recognize. Firewalking is a method used to detect firewalls. Data fragments are mitigated by most firewalls to recognize malware signatures. After an IP address change, data still flows through the system.
91. Answer: B UDP, IP, and ICMP do not use SYN or ACK to confirm a connection.
92. Answer: A and B IPv6 address consist of 8 hextets using hexadecimal math where values go from 0 through F. A full IPv6 address looks like 1234:0000:4321:abcd:deef:feed:4321:9090, but the system allows shortcuts. 0000:0000:0000:0000:0000:0000:0000:0001 or ::1 is the localhost address that every node has (equivalent to IPv4's 127.0.0.1). A:B:C:D:D:C:B:A is the shortcut for 000A:000B:000C:000D:000D:000C:000B:000A.
93. Answer: B The Digital Signature Standard (DSS) is an asymmetric encryption standard for signing and verification only. AES is a symmetric encryption standard for securing Wi-Fi connections. MD5 is a hashing algorithm for integrity checking.
94. Answer: D IPsec operates in two modes, transport and tunnel. Transport mode encrypts the data only, whereas tunnel mode encrypts the data and the message headers, providing additional location secrecy.
95. Answer: B Running out of disk space reduces availability, but in most cases this is easily fixed by increasing disk space or removing files. Change management systems will not allow the use of corporate-mandated email clients. Poor passwords are mitigated through policy and password validation tools. Phishing attacks can lead to network-wide ransomware, putting the organization at risk of going out of business.
96. Answer: B Layer 1 (physical), and layer 2 (data link) of the OSI model are equivalent to the network layer of the TCP/IP model. The TCP/IP model is four layers: layer one is the network interface, layer two is internetworking, layer three is transport, and layer 4 is the application.
97. Answer: C The seven layers of the OSI model are physical, where hubs operate; data link, where switches operate; network, where routers and some firewalls operate; transport; session, where stateful firewalls operate; presentation; and application, where application firewalls operate.
98. Answer: A and C ICMP operates at the network layer of the OSI model, and Reverse Address Resolution Protocol (RARP) resolves MAC addresses into IP addresses and operates between the data link and network layers.
99. Answer: A ARP collects the MAC address information from the data link layer and the Internet Protocol (IP) address information from the network layer.
100. Answer: B The Security Operations Center (SOC) monitors user ingress and egress as well as user activities on fax machines and other computers in the SOC. The SOC has integrity and transmission security controls in place as well.