Читаем CISSP Practice полностью

15. d. Firewalls (also known as secure gateways) cannot keep personal computer viruses out of a network. There are simply too many types of viruses and too many ways a virus can hide within data. The most practical way to address the virus problem is through host-based virus-protection software and user education concerning the dangers of viruses and precautions to take against them. A firewall enforces the site’s security policy, enabling only “approved” services to pass through and those only within the rules set up for them. Because all traffic passes through the firewall, the firewall provides a good place to collect information about system and network use and misuse. As a single point of access, the firewall can record what occurs between the protected network and the external network. A firewall can be used to keep one section of the site’s network separate from another section, which also keeps problems in one section isolated from other sections. This limits an organization’s security exposure.

16. In a distributed computing environment, system security takes on an important role. Two types of network attacks exist: passive and active. Which of the following is an example of a passive attack?

a. Attempting to log in to someone else’s account

b. Installing a wiretap on a network cable to generate false messages

c. Denying services to legitimate users

d. Sniffing a system password when the user types it

16. d. A passive attack is an attack where the threat merely watches information move across the system. However, no attempt is made to introduce information to exploit vulnerability. Sniffing a system password when the system user types it is an example of a passive attack.

The other three choices are incorrect because they are examples of active attacks. Active attacks occur when the threat makes an overt change or modification to the system in an attempt to take advantage of vulnerability.

17. Use of preshared keys (PSKs) in a wireless local-area network (WLAN) configuration leads to which of the following?

1. Dictionary attack

2. Rainbow attack

3. Online attack

4. Offline attack

a. 1 and 2

b. 1 and 3

c. 2 and 3

d. 2 and 4

17. a. Dictionary attack is a form of guessing attack in which the attacker attempts to guess a password using a list of possible passwords that is not exhaustive. Rainbow attacks occur in two ways: utilizing rainbow tables, which are used in password cracking, and using preshared keys (PSKs) in a WLAN configuration.

The use of PSK should be avoided. In PSK environments, a secret passphrase is shared between stations and access points. The PSK is generated by combining the WLAN’s name and service set identifier (SSID) with a passphrase and then hashing this multiple times. Keys derived from a passphrase shorter than approximately 20 characters provide relatively low levels of security and are subject to dictionary and rainbow attacks. Changing the WLAN name or SSID will not improve the strength of the 256-bit PSK.

An online attack is an attack against an authentication protocol where the attacker either assumes the role of a claimant with a genuine verifier or actively alters the authentication channel. An offline attack is an attack where the attacker obtains some data through eavesdropping that he can analyze in a system of his own choosing. The goal of these attacks may be to gain authenticated access or learn authentication secrets.

18. Which of the following extensible authentication protocols is not secure?

a. EAP-TLS

b. EAP-TTLS

c. MD5-Challenge

d. PEAP

18. c. The MD5-Challenge is a legacy-based extensible authentication protocol (EAP) method along with a one-time password and generic token card, which are not secure. Although one-time passwords are generally considered secure by themselves, they are not that secure when they are used in conjunction with a generic token because the token could have been duplicated, fake, lost, or stolen.

The MD-5 Challenge is based on the challenge-handshake authentication protocol (CHAP), which is not a secure protocol. The other three choices are a part of the transport layer security-based (TLS-based) EAP methods, which are very secure.

19. Web content filtering software is related to which of the following?

a. Web bug

b. Blacklisting

c. RED

d. BLACK