Self Test

A Quick Answer Key follows the Self Test questions. For complete questions, answers, and epxlanations to the Self Test questions in this chapter as well as the other chapters in this book, see the Self Test Appendix.

1. 

You are auditing the security of the Web development department of your company. The Web development group recently deployed an online application that allows customers to purchase items over the Internet. The portions of the site that transmit confidential customer information employ SSL. The Web server that contains the online application sits inside a DMZ. Which port will all SSL traffic pass through?

  1. 25

  2. 80

  3. 443

  4. 21

 answer c is correct. ssl functions on port 443. to allow customers to reach the portions of the site that employ ssl, you should make sure that traffic is allowed on port 443. answer is incorrect. port 25 is associated with smtp. if the server was a mail server instead of a web server, this port should be opened to allow network traffic. answer b is incorrect. port 80 is associated with http. this port will be used along side port 443 on the web server because http is the standard protocol used to view unencrypted web pages. customers will be using this protocol and port when accessing standard portions of the web site. answer d is incorrect. ftp is associated with port 21. this is not associated with the web application and therefore traffic should not be allowed to pass on port 21.

2. 

You are the security administrator for a local bank. Mark, the network administrator, is creating a small LAN in a public branch of your bank. Mark is consulting with you and would like to know what the most failure-prone piece of the network architecture will be. Your answer is that it is (a):

  1. Hub

  2. Switch

  3. Server

  4. Cables

 answer d is correct. cables frequently fail and are a common point of failure in most networks. this should be a primary concern when designing a new network. you should take in consideration the amount of uptime that is expected and create the network topology accordingly. for example, if some downtime is tolerable, the star topology would be a good choice because of minimal cabling requirements and simplicity. if uptime for all nodes on the network is a primary concern, you should consider a more complex topology such as the mesh topology, which would allow for cable failures while keeping all nodes on the network connected throughout the failure. answer a is incorrect. a hub is a primary part of most present day networks. while a hub failure would most likely create a significant network outage for at least a short period of time, they typically do not fail as often as network cabling. answer b is incorrect. a switch is a primary part of most present day networks. while a hub failure would most likely create a significant network outage for at least a short period of time, they typically do not fail as often as network cabling. answer c is incorrect. a server can represent a number of things with variable importance on a network (for example, an authentication server, a file server, a mail server, or a web server). depending on the organization's needs, any one of these servers failing could cause network disruptions. servers, however, do not fail as often as network cabling.

3. 

James, the network administrator, would like to provide Internet access to the LAN he is responsible for. He has purchased a T1 line from the local communication provider, which has assigned him one IP address. He would like to purchase a firewall to protect the internal network and also allow them to access the Internet using the single IP address that is provided. Which function should James make sure that the firewall can support to accomplish his current goals?

  1. DMZ

  2. NAT

  3. PPP

  4. IPSec

 answer b is correct. nat allows private ip addresses to make requests to the internet through one publicly available ip address. if james purchases a firewall that can employ nat, he will be able to allow all internal hosts to access the internet using the one public ip address that he has been assigned. answer a is incorrect. a dmz is an area between two firewalls that usually host servers such as publicly available web servers. the firewall that james will purchase does not have to support a dmz to accomplish his goals. answer c is incorrect. ppp is commonly used for dial-up connections. since james has purchased a t-1 to provide internet access, he will not be using ppp to allow internal hosts to access the internet. answer d is incorrect. ipsec is a protocol used to deploy vpn connections. james does not need to deploy a vpn to provide internet access to the lan. therefore, the firewall does not need to support vpn.

4. 

You are purchasing a new firewall for the network you maintain security for. What are some of the options that you should look at before purchasing a firewall? (Choose all that apply.)

  1. Packet filtering

  2. Stateful inspection

  3. SSL

  4. NAT

 answers a , b , and d are correct. a packet-filtering firewall can allow or deny specific types of packets from entering or leaving the internal network. any standard firewall can perform packet filtering to some degree. you should make sure that the firewall that you want to purchase supports the appropriate degree of packet filtering for your desired needs. stateful inspection is a technology used by some firewalls that monitors all connections and attempted connections. this technology is important because it will allow you to monitor certain stealth port scans that do not complete a full connection. these types of port scans are commonly used as a first step by an attacker to view open ports on a network without being monitored. nat allows internal hosts to be hidden behind one public ip address. this helps hide the internal network from potential attackers. you should try to purchase a firewall that supports nat because it will add an additional layer of security as well as lower the number of ip address that you must purchase from your isp. answer c is incorrect. ssl is a protocol used to encrypt web pages for secure web transactions. although you may need to open port 443 to allow ssl traffic, this function will be taken care of if the firewall supports packet filtering.

5. 

You have several network devices that require a central authentication server. Which of the following authentication servers are possible choices? (Choose all that apply.)

  1. RADIUS

  2. TACACS

  3. TACACS+

  4. RADIUS+

 answers a , b , and c are correct. radius is the oldest and perhaps the most widely supported authentication server available. it supports ppp, pap, and chap. it can be used for a central authentication server that other network devices can reference. tacacs provides remote authentication and event logging. tacacs uses udp as its primary network protocol. tacacs+ provides enhancements to the standard version of tacacs. it provides such enhancements as the ability for users to change passwords and allows dynamic password tokens that provide resynchronization. answer d is incorrect. radius+ is not a possible choice because it does not exist.

6. 

A manager in your company recently returned from a conference where he learned about how other companies were using VPNs. He has broadband access to his house and would like you to install a VPN so that he can work from home. You have decided to use IPSec in tunneling mode. Which of the following is a benefit of using IPSec in tunneling mode?

  1. It is faster

  2. It encrypts the entire packet

  3. It only encrypts the payload

  4. Better authentication

 answer b is correct. the main benefit of ipsec in tunneling mode is that the packet's payload and header is encrypted. tunneling mode only encrypts the packet's payload, which still leaves the packet's header open to attack. answer a is incorrect. tunneling mode encrypts payload (data) and the header of packets over a vpn, while transport mode only encrypts the payload. because of the additional overhead of encrypting the header, transport mode is not faster than tunneling mode. answer c is incorrect. tunneling mode encrypts the payload and the header, while transport mode only encrypts the payload. answer d is incorrect. ipsec is not responsible for authentication. it only takes care of encrypting the data.

7. 

What OSI layer is TCP located on?

  1. Physical

  2. Transport

  3. Application

  4. Session

 answer b is correct. tcp is located at the transport layer. this layer also has other contains protocols such as udp and ipsec. answer a is incorrect. tcp is not located on the physical layer of the osi model. cabling and devices such as hubs are located at this layer. answer c is incorrect. the application layer contains protocols such as ftp, telnet, http, and smtp. tcp is not located at this layer. answer d is incorrect. the session layer contains protocols such as nfs, x11, and rpc. tcp is not located at this layer of the osi model.

8. 

Owen is responsible for safeguarding his company's network against possible attacks that involve network monitoring. He must suggest what types of cabling will protect the network from sniffing attacks. Which of the following is the most secure against sniffing attacks?

  1. Wireless Ethernet

  2. 802.11

  3. Fiber-optic cable

  4. Coax cable

 answer c is correct. fiber-optic cable provides the best protection against sniffing attacks. this type of cabling is very hard to tap into and therefore very hard to sniff data passing across the wire. answer a is incorrect. wireless ethernet is prone to sniffing attacks because the data transmissions can be viewed without requiring physical access to a network device. this is not an appropriate choice. answer b is incorrect. 802.11 corresponds to standard ethernet. this type of network will use twisted-pair, which is easy to tap into to monitor network traffic. answer d is incorrect. coax cable is very easy to tap and could provide an attacker with an easy point of penetration to conduct a sniffing attack.

9. 

John is the security administrator for his company. He is trying to identify which of the following facilitates the most security vulnerabilities to his network?

  1. HTTP

  2. A Web browser

  3. SSL

  4. SMTP

 answer b is correct. a web browser is used to interpret http and display web content. a browser is a common point for security vulnerabilities. an obvious example of this can be seen in the number of security patches that are released for the most popular web browser, internet explorer. answer a is incorrect. http is the protocol used to view web pages. the protocol itself does not present security vulnerabilities. answer c is incorrect. ssl is a protocol that allows encrypted transmission to and from a web application. ssl itself does not present a security vulnerability. answer d is incorrect. smtp is used to send e-mail messages. while e-mail is a common method used to transport viruses, worms, and trojan horses, this is not due to the smtp protocol.

10. 

You have recently installed SSH to replace Telnet on an IDS located on your company's DMZ. You need to allow SSH traffic into the DMZ. What port does SSH use?

  1. 80

  2. 110

  3. 22

  4. 23

 answer c is correct. ssh functions over port 22. you should open port 22 to allow a ssh session to be established to the ids on the dmz. answer a is incorrect. port 80 is associated with http. you do not need to allow this traffic into the dmz unless a web server is in the dmz. regardless of this, port 80 is not responsible for ssh to function correctly. answer b is incorrect. port 110 is associated with pop3, which is used for e-mail retrieval. it is not required for ssh. answer d is incorrect. port 23 is associated with telnet. since you recently replaced telnet with ssh due to its security vulnerabilities such as passwords being transmitted in cleartext, you should be sure to close port 23 as well as disable telnet on the ids.

11. 

Heather is researching solutions to provide an extra layer of security to her network. She has become interested in IDSs An IDS does all of the following except:

  1. Monitor

  2. Detect

  3. Notify

  4. Filter

 answer d is correct. an ids does not filer data on the network. this function falls on different types of firewalls. answer a is incorrect. an ids provides monitoring capabilities. answer b is incorrect. an ids is used to detect potential attacks occurring on the network. answer c is incorrect. after an ids detects an attack, it is capable of notifying the administrator of the problem.

12. 

Jill administers her company's Web server. It has been reported to her that the Web server is unavailable to users. She has verified that the server has lost basic connectivity. What protocol will she need to troubleshoot on the Web server?

  1. OSI model

  2. PAP

  3. TCP/IP

  4. SMTP

 answer c is correct. tcp/ip is actually a set of two protocols that are widely used, including on the internet, for data transmissions. jill should first check tcp/ip on her server to verify that the correct information is entered. answer a is incorrect. the osi model describes a standard format that all protocols must adhere to. while the protocol jill will need to troubleshoot is part of the osi model, she will not be troubleshooting the osi model itself. answer b is incorrect. pap is a protocol used to authenticate a user over a network. since connectivity and not authentication is jill's problem, she will not need to troubleshoot pap. answer d is incorrect. smtp is a protocol used to send mail across the internet. she will not need to troubleshoot this protocol at this time.

13. 

You are investigating a large number of attacks that are coming form one specific address. You have contacted the administrator of the hosts with that IP address who has investigated and discovered that the machine has not been compromised and that no attacks are originating from the machine. Which of the following is falsely inserted to spoof an IP address?

  1. Protocol ID

  2. Header checksum

  3. Source IP address

  4. Destination IP address

 answer c is correct. the source ip address is inserted by an attacker to create the appearance that the ip packet originated from a trusted source. answer a is incorrect. the protocol id field indicates what protocol the packet is using. answer b is incorrect. the header checksum is used for error detection to determine if bits are missing from the ip packet. answer d is incorrect. the destination ip address is the target address of the packet.

14. 

What standard defines Ethernet?

  1. 802.11

  2. 802.3

  3. X.25

  4. T1

 answer b is correct. ieee developed the 802.3 ethernet standard that is now widely deployed in networks. answer a is incorrect. 802.11 defines the newer wireless ethernet standard that uses microwave frequencies to transmit data packets through the air. answer c is incorrect. x.25 is a packet-switching technology that can send data packets over different lines and then have them reformed at the destination. it is not typically used in north america anymore. answer d is incorrect. a t1 supports 24 individual channels, which each support 64 kbps for a total data transmission rate of 1.544 mbps.

15. 

Authentication protocols are an important part of any network's basic security. You would like to choose a protocol for your network that will reauthenticate users. Which of the following protocols allows for re-authentication?

  1. PAP

  2. CHAP

  3. IPSec

  4. PPTP

 answer b is correct. chap supports reauthentication. the authenticating machine will periodically challenge the authenticated machine. the authenticated machine will then respond back with a one-way hash function. the authenticating machine will then check the hash against the expected value to reauthenticate the user. answer a is incorrect. pap is a basic authentication protocol that transmits the username and password in cleartext across the network. pap does not support reauthentication. answer c is incorrect. ipsec is used to encrypt data over a vpn. ipsec can be implemented in either tunneling mode or transport mode. answer d is incorrect. pptp is a tunneling protocol commonly used when implementing a vpn.

Answers

1. 

þ Answer C is correct. SSL functions on port 443. To allow customers to reach the portions of the site that employ SSL, you should make sure that traffic is allowed on port 443.

ý Answer is incorrect. Port 25 is associated with SMTP. If the server was a mail server instead of a Web server, this port should be opened to allow network traffic. Answer B is incorrect. Port 80 is associated with HTTP. This port will be used along side port 443 on the Web server because HTTP is the standard protocol used to view unencrypted Web pages. Customers will be using this protocol and port when accessing standard portions of the Web site. Answer D is incorrect. FTP is associated with port 21. This is not associated with the Web application and therefore traffic should not be allowed to pass on port 21.

2. 

þ Answer D is correct. Cables frequently fail and are a common point of failure in most networks. This should be a primary concern when designing a new network. You should take in consideration the amount of uptime that is expected and create the network topology accordingly. For example, if some downtime is tolerable, the star topology would be a good choice because of minimal cabling requirements and simplicity. If uptime for all nodes on the network is a primary concern, you should consider a more complex topology such as the mesh topology, which would allow for cable failures while keeping all nodes on the network connected throughout the failure.

ý Answer A is incorrect. A hub is a primary part of most present day networks. While a hub failure would most likely create a significant network outage for at least a short period of time, they typically do not fail as often as network cabling. Answer B is incorrect. A switch is a primary part of most present day networks. While a hub failure would most likely create a significant network outage for at least a short period of time, they typically do not fail as often as network cabling. Answer C is incorrect. A server can represent a number of things with variable importance on a network (for example, an authentication server, a file server, a mail server, or a Web server). Depending on the organization's needs, any one of these servers failing could cause network disruptions. Servers, however, do not fail as often as network cabling.

3. 

þ Answer B is correct. NAT allows private IP addresses to make requests to the Internet through one publicly available IP address. If James purchases a firewall that can employ NAT, he will be able to allow all internal hosts to access the Internet using the one public IP address that he has been assigned.

ý Answer A is incorrect. A DMZ is an area between two firewalls that usually host servers such as publicly available Web servers. The firewall that James will purchase does not have to support a DMZ to accomplish his goals. Answer C is incorrect. PPP is commonly used for dial-up connections. Since James has purchased a T-1 to provide Internet access, he will not be using PPP to allow internal hosts to access the Internet. Answer D is incorrect. IPSec is a protocol used to deploy VPN connections. James does not need to deploy a VPN to provide Internet access to the LAN. Therefore, the firewall does not need to support VPN.

4. 

þ Answers A, B, and D are correct. A packet-filtering firewall can allow or deny specific types of packets from entering or leaving the internal network. Any standard firewall can perform packet filtering to some degree. You should make sure that the firewall that you want to purchase supports the appropriate degree of packet filtering for your desired needs. Stateful inspection is a technology used by some firewalls that monitors all connections and attempted connections. This technology is important because it will allow you to monitor certain stealth port scans that do not complete a full connection. These types of port scans are commonly used as a first step by an attacker to view open ports on a network without being monitored. NAT allows internal hosts to be hidden behind one public IP address. This helps hide the internal network from potential attackers. You should try to purchase a firewall that supports NAT because it will add an additional layer of security as well as lower the number of IP address that you must purchase from your ISP.

ý Answer C is incorrect. SSL is a protocol used to encrypt Web pages for secure Web transactions. Although you may need to open port 443 to allow SSL traffic, this function will be taken care of if the firewall supports packet filtering.

5. 

þ Answers A, B, and C are correct. RADIUS is the oldest and perhaps the most widely supported authentication server available. It supports PPP, PAP, and CHAP. It can be used for a central authentication server that other network devices can reference. TACACS provides remote authentication and event logging. TACACS uses UDP as its primary network protocol. TACACS+ provides enhancements to the standard version of TACACS. It provides such enhancements as the ability for users to change passwords and allows dynamic password tokens that provide resynchronization.

ý Answer D is incorrect. RADIUS+ is not a possible choice because it does not exist.

6. 

þ Answer B is correct. The main benefit of IPSec in tunneling mode is that the packet's payload and header is encrypted. Tunneling mode only encrypts the packet's payload, which still leaves the packet's header open to attack.

ý Answer A is incorrect. Tunneling mode encrypts payload (data) and the header of packets over a VPN, while transport mode only encrypts the payload. Because of the additional overhead of encrypting the header, transport mode is not faster than tunneling mode. Answer C is incorrect. Tunneling mode encrypts the payload and the header, while transport mode only encrypts the payload. Answer D is incorrect. IPSec is not responsible for authentication. It only takes care of encrypting the data.

7. 

þ Answer B is correct. TCP is located at the transport layer. This layer also has other contains protocols such as UDP and IPSec.

ý Answer A is incorrect. TCP is not located on the physical layer of the OSI model. Cabling and devices such as hubs are located at this layer. Answer C is incorrect. The application layer contains protocols such as FTP, Telnet, HTTP, and SMTP. TCP is not located at this layer. Answer D is incorrect. The session layer contains protocols such as NFS, X11, and RPC. TCP is not located at this layer of the OSI model.

8. 

þ Answer C is correct. Fiber-optic cable provides the best protection against sniffing attacks. This type of cabling is very hard to tap into and therefore very hard to sniff data passing across the wire.

ý Answer A is incorrect. Wireless Ethernet is prone to sniffing attacks because the data transmissions can be viewed without requiring physical access to a network device. This is not an appropriate choice. Answer B is incorrect. 802.11 corresponds to standard Ethernet. This type of network will use twisted-pair, which is easy to tap into to monitor network traffic. Answer D is incorrect. Coax cable is very easy to tap and could provide an attacker with an easy point of penetration to conduct a sniffing attack.

9. 

þ Answer B is correct. A Web browser is used to interpret HTTP and display Web content. A browser is a common point for security vulnerabilities. An obvious example of this can be seen in the number of security patches that are released for the most popular Web browser, Internet Explorer.

ý Answer A is incorrect. HTTP is the protocol used to view Web pages. The protocol itself does not present security vulnerabilities. Answer C is incorrect. SSL is a protocol that allows encrypted transmission to and from a Web application. SSL itself does not present a security vulnerability. Answer D is incorrect. SMTP is used to send e-mail messages. While e-mail is a common method used to transport viruses, worms, and Trojan horses, this is not due to the SMTP protocol.

10. 

þ Answer C is correct. SSH functions over port 22. You should open port 22 to allow a SSH session to be established to the IDS on the DMZ.

ý Answer A is incorrect. Port 80 is associated with HTTP. You do not need to allow this traffic into the DMZ unless a Web server is in the DMZ. Regardless of this, port 80 is not responsible for SSH to function correctly. Answer B is incorrect. Port 110 is associated with POP3, which is used for e-mail retrieval. It is not required for SSH. Answer D is incorrect. Port 23 is associated with Telnet. Since you recently replaced Telnet with SSH due to its security vulnerabilities such as passwords being transmitted in cleartext, you should be sure to close port 23 as well as disable Telnet on the IDS.

11. 

þ Answer D is correct. An IDS does not filer data on the network. This function falls on different types of firewalls.

ý Answer A is incorrect. An IDS provides monitoring capabilities. Answer B is incorrect. An IDS is used to detect potential attacks occurring on the network. Answer C is incorrect. After an IDS detects an attack, it is capable of notifying the administrator of the problem.

12. 

þ Answer C is correct. TCP/IP is actually a set of two protocols that are widely used, including on the Internet, for data transmissions. Jill should first check TCP/IP on her server to verify that the correct information is entered.

ý Answer A is incorrect. The OSI model describes a standard format that all protocols must adhere to. While the protocol Jill will need to troubleshoot is part of the OSI model, she will not be troubleshooting the OSI model itself. Answer B is incorrect. PAP is a protocol used to authenticate a user over a network. Since connectivity and not authentication is Jill's problem, she will not need to troubleshoot PAP. Answer D is incorrect. SMTP is a protocol used to send mail across the Internet. She will not need to troubleshoot this protocol at this time.

13. 

þ Answer C is correct. The source IP address is inserted by an attacker to create the appearance that the IP packet originated from a trusted source.

ý Answer A is incorrect. The Protocol ID field indicates what protocol the packet is using. Answer B is incorrect. The header checksum is used for error detection to determine if bits are missing from the IP packet. Answer D is incorrect. The destination IP address is the target address of the packet.

14. 

þ Answer B is correct. IEEE developed the 802.3 Ethernet standard that is now widely deployed in networks.

ý Answer A is incorrect. 802.11 defines the newer wireless Ethernet standard that uses microwave frequencies to transmit data packets through the air. Answer C is incorrect. X.25 is a packet-switching technology that can send data packets over different lines and then have them reformed at the destination. It is not typically used in North America anymore. Answer D is incorrect. A T1 supports 24 individual channels, which each support 64 Kbps for a total data transmission rate of 1.544 Mbps.

15. 

þ Answer B is correct. CHAP supports reauthentication. The authenticating machine will periodically challenge the authenticated machine. The authenticated machine will then respond back with a one-way hash function. The authenticating machine will then check the hash against the expected value to reauthenticate the user.

ý Answer A is incorrect. PAP is a basic authentication protocol that transmits the username and password in cleartext across the network. PAP does not support reauthentication. Answer C is incorrect. IPSec is used to encrypt data over a VPN. IPSec can be implemented in either tunneling mode or transport mode. Answer D is incorrect. PPTP is a tunneling protocol commonly used when implementing a VPN.



SSCP Systems Security Certified Practitioner Study Guide
SSCP Study Guide and DVD Training System
ISBN: 1931836809
EAN: 2147483647
Year: 2003
Pages: 135

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net