Читаем CISSP Practice полностью

Confidentiality is incorrect because it provides security mechanisms such as encryption, traffic padding, and routing control, not notarization. Confidentiality protects data from unauthorized disclosure. Integrity is incorrect because it provides security mechanisms such as encryption, digital signature, and data integrity, not notarization. Integrity protects against the modification, insertion, deletion, or replay of data. Authentication is incorrect because it provides security mechanisms such as encryption, digital signature, and authentication, not notarization. Authentication services basically provide a reliable answer to the question: With whom am I communicating?

53. Legacy IEEE 802.11 wireless local-area networks (WLANs) operate in which of the following layers of the ISO/OSI reference model?

a. Physical and data layers

b. Data and network link layers

c. Transport and presentation layers

d. Application and session layers

53. a. Legacy IEEE 802.11 wireless LANs (WLANs) operate in the physical layer and the data link layer of the ISO/OSI reference model because they define the physical characteristics and access rules for the network. The physical layer addresses areas such as frequencies used and modulation techniques employed. The data link layer deals with how the network is shared between nodes. It defines rules such as who can talk on the network and how much they can say.

54. Which of the following security practices is supported by most remote control program (RCP) products when accessing a host workstation on a local-area network (LAN)?

a. Matching user ID and name with password

b. Controlling reboot options

c. Limiting access to local drives and directories

d. Controlling file transfer rights

54. a. Some remote control products provide minimal security support, whereas others provide varying degrees of support. Matching a user ID and name with a password and callback modem support are handled by most products. Other security mechanisms, such as the ability to limit access to local drives and directories to limit the use of host hardware (such as printer ports) and to control reboot options and file transfer rights are not widely supported.

55. When a nonremote user connection is established with a remote device using a virtual private network (VPN), the configuration settings generally prevent which of the following?

a. Split knowledge

b. Split domain name service

c. Split tunneling

d. Split gateway

55. c. Split tunneling is a method that routes organization-specific traffic through the secure sockets layer (SSL) VPN tunnel, but other traffic uses the remote user’s default gateway. Remote users normally use split tunneling to communicate with the information system as an extension of that system and to communicate with local resources such as a printer or file server. The remote device, when connected by a nonremote connection, becomes an extension of the information system, enabling a dual communications path (i.e., split tunneling), which, in effect, enables unauthorized external connections into the system. Here the use of VPN for nonremote connection generally prevents the split tunneling, depending on the configuration settings and traffic types.

56. Extrusion detection at the information system boundary does not include which of the following?

a. Looking for internal threats

b. Analyzing outgoing network traffic

c. Looking for external threats

d. Analyzing incoming network traffic

56. c. Detecting internal actions that may pose a security threat to external information systems is called extrusion detection. It is also referred to as data loss prevention. Its scope includes the analysis of incoming and outgoing network traffic looking for indications of an internal threat (not an external threat) to the security of external systems.

57. Which of the following prevents the unauthorized exfiltration of information across managed interfaces such as proxies and routers?

1. Strict adherence to protocol formats

2. Monitoring for indications of beaconing from the information system

3. Monitoring for use of steganography

4. Disassembling and reassembling packet headers

a. 1 only

b. 1 and 2

c. 2 and 4

d. 1, 2, 3, and 4