Читаем CISSP Practice полностью

H.323 gateway is a gateway protocol used in the Internet telephone systems, and it speaks the H.323 protocol on the Internet side and the PSTN protocols on the telephone side. The session initiation protocol (SIP) just handles setup, management, and session termination. The media gateway control protocol (MGCP) is used in large deployment for gateway decomposition.

118. Which of the following factors should be considered during the placement of an Internet Protocol security (IPsec) gateway?

1. Device performance

2. Traffic examination

3. Gateway outages

4. Network address translation

a. 2 only

b. 3 only

c. 4 only

d. 1, 2, 3, and 4

118. d. The placement of an IPsec gateway has potential security, functionality, and performance implications. Specific factors to consider include device performance, traffic examination, gateway outages, and network address translation.

119. Which of the following establishes rules of engagement (ROE) prior to the start of penetration testing?

a. White team

b. Red team

c. Tiger team

d. Blue team

119. a. The white team establishes the rules of engagement (ROE) prior to the start of penetration testing. ROE describes tools, techniques, and procedures that both the red team and blue team should follow. The tiger team is same as the red team, which is an old name for the red team. Outsiders (i.e., contractors and consultants) conduct both red team and blue team testing whereas white team members are employees of the testing organization. The white team does not conduct any testing.

120. Which of the following is difficult to achieve during the Internet Protocol security (IPsec) implementation?

a. Control over all entry points into networks

b. Control over all exit points from networks

c. Security of all IPsec endpoints

d. Incorporating IPsec considerations into organizational policies

120. d. Organizations should implement technical, operational, and management controls that support and complement IPsec implementations. Examples include having control over all entry and exit points for the protected networks, ensuring the security of all IPsec endpoints, and incorporating IPsec considerations into organizational policies. Incorporating IPsec considerations into organizational policies is incorrect because it is difficult to achieve due to an organization’s culture, work habits, and politics.

121. Virtual private network (VPN) protocols provide a viable option for protecting networks running with non-IP protocols in which of the following TCP/IP layers?

a. Applications layer

b. Transport layer

c. Network layer

d. Data link layer

121. d. Data link layer VPN protocols function below the network layer in the TCP/IP model. This means that various network protocols, such as IP, IPX, and NetBEUI, can usually be used with a data link layer VPN. Most VPN protocols including IPsec support only IP, so data link layer VPN protocols may provide a viable option for protecting networks running non-IP protocols. As the name implies, IPsec is designed to provide security for IP traffic only.

122. Data link layer VPN protocols, such as Layer 2 Tunneling Protocols (L2TP), provide which of the following services?

1. RADIUS

2. TACACS+

3. Encryption

4. Key management services

a. 1 and 2

b. 3 only

c. 4 only

d. 1, 2, 3, and 4

122. d. Like PPTP, L2TP protects communications between an L2TP-enabled client and an L2TP-enabled server, and it requires L2TP client software to be installed and configured on each user system. L2TP can use RADIUS and TACACS+ protocols for authentication, and often uses IPsec to provide encryption and key management services.

123. A virtual private network (VPN) cannot provide or improve which of the following security services?

a. Availability

b. Confidentiality

c. Integrity

d. Replay protection

123. a. VPNs cannot provide or improve availability, which is the ability for authorized users to access systems as needed. Many VPN implementations tend to decrease availability somewhat because they add more components and services to the existing network infrastructure. A VPN can provide several types of data protection, including confidentiality, integrity, data origin authentication, replay protection, and access control.