Читаем CISSP Practice полностью

143. b. A bit-flipping attack occurs when an attacker knows which cyclic redundancy check-32-bits (CRC-32 bits) can change when message bits are altered, resulting in loss of integrity. A proposed countermeasure is encrypting the CRC-32 to produce an integrity check value (ICV), but it did not work because of use of stream ciphers (WEP’s RC4), meaning that the same bits flip whether encryption is used. Therefore, WEP ICV offers no additional protection against bit flipping. Eavesdropping attacks using sniffers result in loss of confidentiality. Packet flooding attacks and radio frequency signal jams result in loss of availability. Loss of accountability is not applicable here because it deals with an individual’s actions.

144. Which of the following factors contribute to network congestion problems?

1. Low-speed CPU and low memory for computers

2. Low-bandwidth lines for communications

3. More memory for routers

4. Long queues of packets

a. 1 only

b. 2 only

c. 4 only

d. 1, 2, 3, and 4

144. d. Network congestion problems occur when too many packets are present in the subnet (i.e., too much traffic), thus degrading the network performance in terms of some lost packets or all packets undelivered. When a queue is built up for packets and the CPU memory for computers is insufficient to hold all of them, some packets will be lost. When there is an imbalance between the routers with more memory and computers with less memory, duplicate packets are sent due to the timeout feature. Also, routers with slow CPU processors and low bandwidth lines can cause congestion problems.

145. Which of the following techniques to improve network quality-of-service (QoS) provides an easy and expensive solution?

a. Buffering

b. Over-provisioning

c. Traffic shaping

d. Packet scheduling

145. b. Over-provisioning is providing higher levels of router capacity, buffer space, and bandwidth for the network packets to flow from source to destination. Because of this, an over-provisioning technique is an easy but an expensive solution.

The other three choices do not incur costs the way over-provisioning does. Network flows can be buffered on the receiving side before being delivered. Buffering the flow does not affect the reliability, delay, or bandwidth, but it does smooth out the jitter often found in audio and video on demand applications. Traffic shaping, also called traffic policing, is achieved through the use of a leaky bucket algorithm or token bucket algorithm to smooth traffic between routers and to regulate the host output. Packet scheduling algorithms such as fair queuing and weighted fair queuing are available to schedule the flow of packets through the router so that one flow does not dominate the other.

146. Which of the following might be unsuccessful at identifying infected hosts running personal firewalls?

a. Network login scripts

b. Packet sniffers

c. Host scans

d. File scans

146. c. Personal firewalls can block the host scans, therefore making it unsuccessful in identifying the infected hosts. The other three choices are incorrect because they all can help to identify the possible infection on those hosts.

147. Which of the following is a mitigation technique to handle Internet relay chat (IRC) vulnerability for lack of confidentiality due to messages sent in plaintext throughout the IRC network?

a. Install operating system-level VPNs or application-level SSL/TLS.

b. Implement timers.

c. Put the system in a lockdown mode.

d. Block filtering requests based on filename extensions.

147. a. The Internet relay chat (IRC) communication is inherently insecure because it is a plaintext open protocol that uses transmission control protocol (TCP) that is susceptible to sniffing and interception. The original IRC protocol does not provide for any confidentiality, meaning that standard chat, nickname passwords, channel passwords, and private messaging are sent in plaintext throughout the IRC network. Confidentiality may be achieved by applying operating system level VPNs or SSL/TLS within the IRC network. The IRC clients and servers use encryption to protect information from unauthorized users. Furthermore, IPsec VPNs with PKI certificates or tunneled through Secure Shell should be used to provide further security for identification and authentication.