CISSP网络通信安全

Download Report

Transcript CISSP网络通信安全

1 The two most common implementations of Intrusion
Detection are which of the following?
A Netware-based and Host-based.
B Network-based and Guest-based.
C Network-based and Client-based.
D Network-based and Host-based.
D
每时每刻
可信安全
2 Which of the following is the least important security
service provided by a firewall?
A Packet filtering
B Encrypted tunnels
C Network address translation
D Proxy services
B
每时每刻
可信安全
3 What are the two layers of OSI/ISO model within
which SSL is designed to operate?
A Application/Presentation layer
B Application/Session Layer
C Application/Transport
D Application/Network
C
每时每刻
可信安全
4 Which type of attack involves the alteration of a
packet at the IP level to convince a system that it is
communicating with a known entity in order to gain
access to a system?
A TCP sequence number attack
B IP spoofing attack
C Piggybacking attack
D Teardrop attack
B
每时每刻
可信安全
5 Which of the following can best eliminate dial-up
access through a Remote Access Server as a
hacking vector?
A Using a TACACS+ server.
B Installing the Remote Access Server outside the
firewall and forcing legitimate users to authenticate
to the firewall.
C Setting modem ring count to at least 5.
D Only attaching modems to non-networked hosts
B
每时每刻
可信安全
6 Which of the following should be used as a
replacement for Telnet for secure remote login over
an insecure network?
A S-Telnet
B SSL
C Rlogin
D SSH
D
每时每刻
可信安全
7 Which of the following is the primary security feature of a
proxy server?
A Client hiding
B URL blocking
C Route blocking
D Content filtering
A
每时每刻
可信安全
8 Which conceptual approach to intrusion detection is
characterized with a high rate of false positives?
A Knowledge-based intrusion detection
B Statistical analysis-based intrusion detection
C Host-based intrusion detection
D Network-based intrusion detection
B
每时每刻
可信安全
9 Which of the following protects Kerberos against replay
attacks?
A Tokens
B Passwords
C Cryptography
D Time stamps
D
每时每刻
可信安全
10 What is called an attack where the attacker spoofs the source
IP address in an ICMP ECHO broadcast packet so it seems to
have originated at the victim's system, in order to flood it with
REPLY packets?
A SYN Flood attack
B Smurf attack
C Ping of Death attack
D Denial of Service (DOS) attack
B
每时每刻
可信安全
11 What is the main difference between a Smurf and a Fraggle
attack?
A A Smurf attack is ICMP-based and a Fraggle attack is UDPbased.
B A Smurf attack is UDP-based and a Fraggle attack is TCPbased.
C Smurf attack packets cannot be spoofed.
D A Smurf attack is UDP-based and a Fraggle attack is ICMPbased.
A
每时每刻
可信安全
12 Which of the following is true about link encryption?
A Each entity has a common key with the destination node.
B Encrypted messages are only decrypted by the final node.
C This mode does not provide protection if the nodes along the
transmission path can be compromised.
D Only secure nodes are used in this type of transmission
C
每时每刻
可信安全
13 Secure Sockets Layer (SSL) provides security services at
which layer of the OSI model?
A Network Layer
B Transport Layer
C Session Layer
D Application Layer
B
每时每刻
可信安全
14 A TCP SYN attack:
A requires a synchronized effort by multiple attackers.
B takes advantage of the way a TCP session is established.
C may result in elevation of privileges.
D is not something system users would notice
B
每时每刻
可信安全
15
A
B
C
D
Which of the following protocols is designed to send
individual messages securely?
Kerberos
Secure Electronic Transaction (SET).
Secure Sockets Layer (SSL).
Secure HTTP (S-HTTP).
D
每时每刻
可信安全
16 Which of the following provide network redundancy in a local
network environment?
A Mirroring
B Shadowing
C Dual backbones
D Duplexing
C
每时每刻
可信安全
17 Which one of the following is not a benefit resulting from the
use of firewalls?
A reduces the risks from malicious hackers
B prevents the spread of viruses
C reduces the threat level on internal system
D allow centralize management and control of services
B
每时每刻
可信安全
18 In a SSL session between a client and a server, who is
responsible for generating the master secret that will be used
as a seed to generate the symmetric keys that will be used
during the session?
A Both client and server
B The client's browser
C The web server
D The merchant's Certificate Server
B
每时每刻
可信安全
19 Which of the following is not a component of IPSec?
A Authentication Header
B Encapsulating Security Payload
C Key Distribution Center
D Internet Key Exchange
C
每时每刻
可信安全
20 Lower Layers (Physical, Link, Network, Transport) are unable
to protect against what kind of attacks?
A Piggy Back Attacks
B Brute Force
C Denial of Service Attacks
D Content Based Attacks
D
每时每刻
可信安全
21 What mechanism is used to obtain an IP address from a MAC
address?
A Reverse address resolution protocol (RARP)
B Address resolution protocol (ARP)
C Data link layer
D Network address translation (NAT)
A
每时每刻
可信安全
22 Encapsulating Security Payload (ESP) authentication
capabilities are limited due to:
A Non-inclusion of IP header information in authentication
process
B Because it is designed only for confidentiality
C Because ESP provide payload padding and this change
authentication parameters
D Rule-based Access control
A
每时每刻
可信安全
23 Which of the following backup method must be made
regardless of whether Differential or Incremental methods are
used?
A Full Backup Method.
B Incremental backup method.
C Supplemental backup method.
D Tape backup method.
A
每时每刻
可信安全
24 Which of the following statements pertaining to incident
response is correct?
A As Computer Emergency Response Team (CERT) is
copyrighted, Computer Incident Response Team (CIRT) is
more often used.
B As Computer Incident Response Team (CIRT) is copyrighted,
Computer Emergency Response Team (CERT) is more often
used.
C Computer Incident Response Team (CIRT) and Computer
Emergency Response Team (CERT) are used
interchangeably.
D Computer Incident Management Team (CIMT) is sometimes
used, but Computer Emergency Response Team (CERT)
should be preferred.
A
每时每刻
可信安全
25 What is NOT true with pre shared key authentication within IKE
/ IPsec protocol?
A pre shared key authentication is normally based on simple
passwords
B needs a PKI to work
C Only one preshared key for all VPN connections is needed
D Costly key management on large user groups
B
每时每刻
可信安全