CISSP Communication and Network Security Practice Exam Set 6

In a stateful inspection firewall, data packets are captured by an inspection engine that is operating at the:


Options are :

  • Data Link Layer.
  • Application Layer.
  • Network or Transport Layer.
  • Inspection Layer.

Answer : Network or Transport Layer.

Knowledge-based Intrusion Detection Systems (IDS) are more common than:


Options are :

  • Host-based IDS
  • Behavior-based IDS
  • Network-based IDS
  • Application-Based IDS

Answer : Behavior-based IDS

One drawback of Application Level Firewall is that it reduces network performance due to the fact that it must analyze every packet and:


Options are :

  • decide what to do with each packet.
  • decide what to do with each port
  • decide what to do with each user.
  • decide what to do with each application.

Answer : decide what to do with each packet.

CISSP Security Engineering Certification Practical Exam Set 8

Which of the following is LESS likely to be used today in creating a Virtual Private Network?


Options are :

  • PPTP
  • .L2F
  • IPSec
  • L2TP

Answer : .L2F

Which of the following should be used as a replacement for Telnet for secure remote login over an insecure network?


Options are :

  • SSH
  • S-Telnet
  • SSL
  • Rlogin

Answer : SSH

Which of the following packets should NOT be dropped at a firewall protecting an organization's internal network?


Options are :

  • Inbound packets with an internal address as the source IP address
  • Inbound packets with Source Routing option set
  • Router information exchange protocols
  • Outbound packets with an external destination IP address

Answer : Outbound packets with an external destination IP address

At which OSI/ISO layer is an encrypted authentication between a client software package and a firewall performed?


Options are :

  • Session layer
  • Transport layer
  • Network layer
  • Data link layer

Answer : Transport layer

A DMZ is located:


Options are :

  • right in front of your first Internet facing firewall
  • right behind your first network passive Internet http firewall
  • right in front of your first Internet facing firewall
  • right behind your first Internet facing firewall

Answer : right behind your first Internet facing firewall

What is the greatest danger from DHCP?


Options are :

  • Having multiple clients on the same LAN having the same IP address.
  • Having the organization's mail server unreachable.
  • Having the wrong router used as the default gateway.
  • An intruder on the network impersonating a DHCP server and thereby misconfiguring the DHCP clients.

Answer : An intruder on the network impersonating a DHCP server and thereby misconfiguring the DHCP clients.

CISSP Security Engineering Certification Practical Exam Set 4

Which of the following should be allowed through a firewall to easy communication and usage by users?


Options are :

  • OSPF
  • DNS
  • RIP
  • IGRP

Answer : DNS

Which of the following statements pertaining to firewalls NOT true?


Options are :

  • Firewalls are used to create security checkpoints at the boundaries of private networks.
  • Firewalls protect a network at all layers of the OSI models
  • Firewalls allow for centralization of security services in machines optimized and dedicated to the task.
  • Firewalls create bottlenecks between the internal and external network

Answer : Firewalls protect a network at all layers of the OSI models

Which cable technology refers to the CAT3 and CAT5 categories?


Options are :

  • Twisted Pair cables
  • Axial cables
  • Fiber Optic cables
  • Coaxial cables

Answer : Twisted Pair cables

Which of the following allows two computers to coordinate in executing software?


Options are :

  • RPC
  • NFS
  • RSH
  • SNMP

Answer : NFS

Which of the following is the MOST secure firewall implementation?


Options are :

  • Dual-homed host firewalls
  • Packet-filtering firewalls
  • Screened-subnet firewalls
  • Screened-host firewalls

Answer : Screened-subnet firewalls

Application Layer Firewalls operate at the:


Options are :

  • OSI protocol Layer seven, the Application Layer.
  • OSI protocol Layer four, the Transport Layer.
  • OSI protocol Layer five, the Session Layer.
  • OSI protocol Layer six, the Presentation Layer.

Answer : OSI protocol Layer seven, the Application Layer.

CISSP Security Engineering Certification Practical Exam Set 9

Which of the following is a drawback of fiber optic cables?


Options are :

  • The limited distance at high speeds.
  • The expertise needed to install it.
  • It is affected by electromagnetic interference (EMI)
  • It can easily be tapped.

Answer : The expertise needed to install it.

A circuit level proxy is ____________ when compared to an application level proxy.


Options are :

  • slower
  • more difficult to maintain.
  • more secure.
  • lower in processing overhead.

Answer : lower in processing overhead.

Which of the following was designed as a more fault-tolerant topology than Ethernet, and very resilient when properly implemented?


Options are :

  • Token Link
  • Token Ring.
  • Token system.
  • Duplicate ring.

Answer : Token Ring.

What is an IP routing table?


Options are :

  • A list of IP addresses and corresponding MAC addresses.
  • A list of station and network addresses with corresponding gateway IP address
  • A list of current network interfaces on which IP routing is enabled
  • A list of host names and corresponding IP addresses

Answer : A list of station and network addresses with corresponding gateway IP address

An application layer firewall is also called a:


Options are :

  • A Session Layer Gateway.
  • A Transport Layer Gateway.
  • A Presentation Layer Gateway.
  • Proxy

Answer : Proxy

Which of the following should NOT normally be allowed through a firewall?


Options are :

  • SMTP
  • SNMP
  • SSH
  • HTTP

Answer : SNMP

CISSP-ISSEP Information Systems Security Engineering Exam Set 3

The DMZ does not normally contain:


Options are :

  • web server
  • encryption server
  • external DNS server
  • mail relay

Answer : encryption server

Which of the following are additional terms used to describe knowledge-based IDS and behavior-based IDS?


Options are :

  • Anomaly-based IDS and statistical-based IDS, respectively.
  • Signature-based IDS and statistical anomaly-based IDS, respectively.
  • Anomaly-based IDS and statistical-based IDS, respectively.
  • Signature-based IDS and dynamic anomaly-based IDS, respectively.

Answer : Signature-based IDS and statistical anomaly-based IDS, respectively.

Which of the following attack is MOSTLY performed by an attacker to steal the identity information of a user such as credit card number, passwords, etc?


Options are :

  • Smurf attack
  • Pharming
  • Traffic analysis
  • Interrupt attack

Answer : Pharming

Which of the following NAT firewall translation modes allows a large group of internal clients to share a single or small group of ROUTABLE IP addresses for the purpose of hiding their identities when communicating with external hosts?


Options are :

  • Load balancing translation
  • Static translation
  • Network redundancy translation
  • Dynamic translation

Answer : Dynamic translation

When an outgoing request is made on a port number greater than 1023, this type of firewall creates an ACL to allow the incoming reply on that port to pass:


Options are :

  • Application level proxy
  • Dynamic packet filtering
  • Circuit level proxy
  • packet filtering

Answer : Dynamic packet filtering

A Packet Filtering Firewall system is considered a:


Options are :

  • third generation firewall.
  • fourth generation firewall.
  • first generation firewall.
  • second generation firewall.

Answer : first generation firewall.

CISSP-ISSEP Information Systems Security Engineering Exam Set 7

The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers does NOT have which of the following characteristics?


Options are :

  • Used to gain information from network devices such as count of packets received and routing tables
  • Standard model for network communications
  • Defines 7 protocol layers (a.k.a. protocol stack)
  • Enables dissimilar networks to communicate

Answer : Used to gain information from network devices such as count of packets received and routing tables

One of the following assertions is NOT a characteristic of Internet Protocol Security (IPSec)


Options are :

  • Data is delivered in the exact order in which it is sent
  • Data cannot be read by unauthorized parties
  • The number of packets being exchanged can be counted.
  • The identity of all IPsec endpoints are confirmed by other endpoints

Answer : Data is delivered in the exact order in which it is sent

Which ISO/OSI layer establishes the communications link between individual devices over a physical link or channel?


Options are :

  • Transport layer
  • Physical layer
  • Data link layer
  • Network layer

Answer : Data link layer

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now