Читаем CISSP Practice полностью

d. 3 and 4

104. c. There are four possible architectural designs for IM systems: private hosting, public hosting, client-to-client, and public-switched network. The difference between the four architectures is the location of the session data.

In the private hosting design (i.e., client-to-server), the data is located behind a firewall for internal users, which is safe and secure.

In public hosting design, the data is placed on public servers out on the Internet, which is vulnerable to attacks.

Two types of client-to-client (peer-to-peer) designs include pure and hybrid, which should be prohibited because they bypass the security and auditing policies within the enclave.

Because the data in public-switched network is not stored on a server, store and forward is not a security issue. However, data in transit is vulnerable to man-in-the-middle (MitM) attacks between the source and destination. The Internet has private global switched networks that deliver IM communications where data is not persistently stored on servers. In other words, the public-switched network is secure in terms of data storage on its servers. It is the data stored on public servers and client-to-client that increases the risk of information theft, unauthorized access, and data tampering. To protect the IM data, IM systems should implement client-to-server architecture (i.e., private hosting).

105. For instant messaging (IM) systems, a virtual (remote) meeting moderator should configure which of the following properly to prevent potential exploits?

a. Grant access based on need-to-know principle.

b. Implement role-based access controls.

c. Use application sharing capability.

d. Require a password to attend the meeting.

105. c. Some instant messaging (IM) systems enable two or more online users to communicate immediately over a network using shared applications (virtual meetings), presentations, white boards, and text messaging. Virtual meetings must have user access controls and virtual data classifications, and be restricted to authorized users only. Virtual users will be granted access based on the need-to-know principle established by the information owner and enforced by role-based access controls, and required by a password to participate in the meeting. Application sharing allows the virtual meeting participants to simultaneously run the same application with the same capability as remote control software. To limit this capability of application sharing and to prevent potential exploits, the meeting moderator should configure the application identifying so that users can use the application sharing feature.

106. The extensible authentication protocol (EAP) method with tunneled transport layer security (EAP-TTLS) used in a robust security network (RSN) such as wireless local-area network (WLAN) using the IEEE 802.11i standard does not prevent which of the following?

a. Eavesdropping attack

b. Man-in-the-middle attack

c. Replay attack

d. Dictionary attack

106. b. The root certificate may not be delivered securely to every client to prevent man-in-the-middle (MitM) attacks, thus not providing strong assurance against MitM attacks. Because passwords sent to the Web server are encrypted, EAP-TTLS protects the eavesdropping attack. The TLS tunnel protects the inner applications from replay attacks and dictionary attacks.

107. Which of the following classes of attacks focus on breaking security protection features?

a. Passive

b. Active

c. Close-in

d. Insider

107. b. With an active attack, an intruder modifies the intercepted messages. Breaking security protection features is an example of active attack. With a passive attack, an intruder intercepts messages to view the data. It includes traffic and packet analysis to disclose personal information such as credit card numbers and medical files. A close-in attack is where an unauthorized individual is in physical close proximity to networks and systems, or facilities for the purpose of modifying, gathering, or denying access to information. Insider attacks can be malicious or nonmalicious. Using information in a fraudulent manner is an example of a malicious insider attack.