CISSP Communication and Network Security Practice Exam Set 3

Which protocol is used to send email?


Options are :

  • Simple Mail Transfer Protocol (SMTP).
  • Network File System (NFS).
  • Post Office Protocol (POP).
  • File Transfer Protocol (FTP).

Answer : Simple Mail Transfer Protocol (SMTP).

CISSP Security Engineering Certification Practice Exam Set 5

In order to ensure the privacy and integrity of the data, connections between firewalls over public networks should use:


Options are :

  • Screened subnets
  • An encrypted Virtual Private Network
  • Encryption
  • Digital certificates

Answer : An encrypted Virtual Private Network

Which of the following protocols is designed to send individual messages securely?


Options are :

  • Kerberos
  • Secure Electronic Transaction (SET).
  • Secure HTTP (S-HTTP)
  • Secure Sockets Layer (SSL).

Answer : Secure HTTP (S-HTTP)

The Logical Link Control sub-layer is a part of which of the following?


Options are :

  • The Transport layer of the TCP/IP stack model.
  • The Reference monitor.
  • Change management control.
  • The ISO/OSI Data Link layer.

Answer : The ISO/OSI Data Link layer.

Which protocol's primary function is to facilitate file and directory transfer between two machines?


Options are :

  • Trivial File Transfer Protocol (TFTP)
  • File Transfer Protocol (FTP).
  • Telnet.
  • Simple Mail Transfer Protocol (SMTP)

Answer : File Transfer Protocol (FTP).

Which of the following protocols does not operate at the data link layer (layer 2)?


Options are :

  • L2F
  • RARP
  • PPP
  • CMP

Answer : CMP

Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP) operate at which layer of the OSI model?


Options are :

  • Transport Layer.
  • Session Layer.
  • Application Layer.
  • Network Layer

Answer : Application Layer.

CISSP - Security Operations Mock Questions

Why does fiber optic communication technology have significant security advantage over other transmission technology?


Options are :

  • Single and double-bit errors are correctable.
  • Traffic analysis is prevented by multiplexing.
  • Interception of data traffic is more difficult.
  • Higher data rates can be transmitted.

Answer : Interception of data traffic is more difficult.

Which of the following is NOT a component of IPSec?


Options are :

  • Key Distribution Center
  • Authentication Header
  • Encapsulating Security Payload
  • Internet Key Exchange

Answer : Key Distribution Center

What is the primary reason why some sites choose not to implement Trivial File Transfer Protocol (TFTP)?


Options are :

  • It does not offer high level encryption like FTP
  • It cannot support the Lightweight Directory Access Protocol (LDAP)
  • It is too complex to manage user access restrictions under TFTP
  • Due to the inherent security risks

Answer : Due to the inherent security risks

Which layer of the TCP/IP protocol stack corresponds to the ISO/OSI Network layer (layer 3)?


Options are :

  • Network access layer
  • Internet layer
  • Host-to-host layer
  • Session layer

Answer : Internet layer

Why is infrared generally considered to be more secure to eavesdropping than multidirectional radio transmissions?


Options are :

  • Because infrared eavesdropping requires more sophisticated equipment.
  • .Because infrared requires direct line-of-sight paths
  • Because infrared operates only over short distances
  • Because infrared operates at extra-low frequencies (ELF).

Answer : .Because infrared requires direct line-of-sight paths

Which Network Address Translation (NAT) is the MOST convenient and secure solution?


Options are :

  • Static Address Translation
  • Port Address Translation
  • Dedicated Address Translation
  • Hiding Network Address Translation

Answer : Port Address Translation

CISSP - Mock Questions with all domains

Which of the following statements is NOT true of IPSec Transport mode?


Options are :

  • If used in gateway-to-host communication, gateway must act as host
  • It is required for gateways providing access to internal systems
  • Set-up when end-point is host or communications terminates at end-points
  • When ESP is used for the security protocol, the hash is only applied to the upper layer protocols contained in the packet

Answer : It is required for gateways providing access to internal systems

Which of the following best describes the Secure Electronic Transaction (SET) protocol?


Options are :

  • Originated by VISA and MasterCard as an Internet credit card protocol using the transport layer.
  • Originated by VISA and American Express as an Internet credit card protocol using SSL.
  • Originated by VISA and MasterCard as an Internet credit card protocol using digital signatures.
  • Originated by VISA and MasterCard as an Internet credit card protocol using Message Authentication Code.

Answer : Originated by VISA and MasterCard as an Internet credit card protocol using digital signatures.

Which of the following protocols operates at the session layer (layer 5)?


Options are :

  • LPD
  • SPX
  • IGMP
  • RPC

Answer : RPC

Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving force of IPSec. Authentication Headers (AH) provides the following service except:


Options are :

  • Replay resistance and non-repudiations
  • Authentication
  • Confidentiality
  • Integrity

Answer : Confidentiality

Which of the following is NOT a characteristic or shortcoming of packet filtering gateways?


Options are :

  • They are appropriate for medium-risk environment.
  • They do not support strong user authentication.
  • They don't protect against IP or DNS address spoofing.
  • The source and destination addresses, protocols, and ports contained in the IP packet header are the only information that is available to the router in making a decision whether or not to permit traffic access to an internal network.

Answer : They are appropriate for medium-risk environment.

f an organization were to deploy only one Intrusion Detection System (IDS) sensor to protect its information system from the Internet:


Options are :

  • It should be host-based and installed on the most critical system in the DMZ, between the external router and the firewall.
  • It should be host-based and installed between the external router and the Internet.
  • It should be network-based and installed between the firewall to the DMZ and the intranet
  • It should be network-based and installed in the DMZ, between the external router and the firewall.

Answer : It should be network-based and installed in the DMZ, between the external router and the firewall.

CISSP - Security Operations Mock Questions

What attack involves the perpetrator sending spoofed packet(s) which contains the same destination and source IP address as the remote host, the same port for the source and destination, having the SYN flag, and targeting any open ports that are open on the remote host?


Options are :

  • Teardrop attack
  • Smurf attack
  • Land attack
  • Boink attack

Answer : Land attack

In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session?


Options are :

  • Both client and server
  • The merchant's Certificate Server
  • The client's browser
  • The web server

Answer : The client's browser

Which of the following statements pertaining to IPSec NOT true?


Options are :

  • IPSec protects against man-in-the-middle attacks
  • IPSec can help in protecting networks from some of the IP network attacks.
  • IPSec protects against spoofing
  • IPSec provides confidentiality and integrity to information transferred over IP networks through transport layer encryption and authentication

Answer : IPSec provides confidentiality and integrity to information transferred over IP networks through transport layer encryption and authentication

Which of the following is NOT true about IPSec Tunnel mode?


Options are :

  • Fundamentally an IP tunnel with encryption and authentication
  • .Have two sets of IP headers
  • Established for gateway service
  • Fundamentally an IP tunnel with encryption and authentication

Answer : Fundamentally an IP tunnel with encryption and authentication

Which of the following is a method of multiplexing data where a communication channel is divided into an arbitrary number of variable bit-rate digital channels or data streams. This method allocates bandwidth dynamically to physical channels having information to transmit?


Options are :

  • Statistical multiplexing
  • Frequency division multiplexing
  • Time-division multiplexing
  • Asynchronous time-division multiplexing

Answer : Statistical multiplexing

All hosts on an IP network have a logical ID called a(n):


Options are :

  • TCP address
  • MAC address.
  • Datagram address
  • IP address

Answer : IP address

CISSP - Security Operations Mock Questions

Which of the following protocol is PRIMARILY used to provide confidentiality in a web based application thus protecting data sent across a client machine and a server?


Options are :

  • S/MIME
  • SSL
  • FTP
  • SSH

Answer : SSL

Which of the following statements pertaining to packet filtering NOT true?


Options are :

  • It is not application dependent.
  • It operates at the network layer.
  • It is based on ACLs
  • It keeps track of the state of a connection.

Answer : It keeps track of the state of a connection.

Which of the following services relies on UDP?


Options are :

  • DNS
  • SMTP
  • FTP
  • Telnet

Answer : DNS

An Ethernet address is composed of how many bits?


Options are :

  • 48-bit address
  • 128-bit address
  • 32-bit address
  • 64-bit address

Answer : 48-bit address

SMTP can best be described as:


Options are :

  • a standard defining the format of e-mail messages.
  • a host-to-host email protocol
  • a web-based e-mail reading protocol.
  • an email retrieval protocol

Answer : a host-to-host email protocol

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now