Last Updated on March 10, 2022 by Admin 3

SSCP : System Security Certified Practitioner (SSCP) : Part 23

  1. The IP header contains a protocol field. If this field contains the value of 17, what type of data is contained within the ip datagram?

    • TCP.
    • ICMP.
    • UDP.
    • IGMP.

    Explanation:

    If the protocol field has a value of 17 then it would indicate it was UDP.

    The following answers are incorrect answers:

    TCP. Is incorrect because the value for a TCP protocol would be 6.
    ICMP. Is incorrect because the value for an ICMP protocol would be 1.
    IGMP. Is incorrect because the value for an IGMP protocol would be 2.

    The protocol field of the IP packet dictates what protocol the IP packet is using.
    TCP=6, ICMP=1, UDP=17, IGMP=2

    Reference(s) used for this question:
    SANS http://www.sans.org/resources/tcpip.pdf?ref=3871

  2. The IP header contains a protocol field. If this field contains the value of 6, what type of data is contained within the ip datagram?

    • TCP.
    • ICMP.
    • UDP.
    • IGMP.
    Explanation:

    If the protocol field has a value of 6 then it would indicate it was TCP.
    The protocol field of the IP packet dictates what protocol the IP packet is using.

    TCP=6, ICMP=1, UDP=17, IGMP=2

    The following answers are incorrect:

    ICMP. Is incorrect because the value for an ICMP protocol would be 1.
    UDP. Is incorrect because the value for an UDP protocol would be 17.
    IGMP. Is incorrect because the value for an IGMP protocol would be 2.

    References:
    SANS http://www.sans.org/resources/tcpip.pdf?ref=3871

  3. The IP header contains a protocol field. If this field contains the value of 1, what type of data is contained within the IP datagram?

    • TCP.
    • ICMP.
    • UDP.
    • IGMP.
    Explanation:

    If the protocol field has a value of 1 then it would indicate it was ICMP.

    The following answers are incorrect:

    TCP. Is incorrect because the value for a TCP protocol would be 6.
    UDP. Is incorrect because the value for an UDP protocol would be 17.
    IGMP. Is incorrect because the value for an IGMP protocol would be 2.

  4. Telnet and rlogin use which protocol?

    • UDP.
    • SNMP.
    • TCP.
    • IGP.
    Explanation:

    TCP allows for reliabilty in connections which would be required for terminal emulation.

    The following answers are incorrect:

    UDP. Is incorrect because with User Datagram Protocol (UDP) you don’t have a reliable transmission, datagrams could arrive out of sequence.

    SNMP. Is incorrect because it is a network management protocol, Simple Network Management Protocol (SNMP).

    IGP. Is incorrect because Interior Gateway Protocol (IGP) is used interally on a network.

  5. What is a limitation of TCP Wrappers?

    • It cannot control access to running UDP services.
    • It stops packets before they reach the application layer, thus confusing some proxy servers.
    • The hosts. access control system requires a complicated directory tree.
    • They are too expensive.
    Explanation:

    TCP Wrappers can control when a UDP server starts but has little control afterwards because UDP packets can be sent randomly.

    The following answers are incorrect:

    It stops packets before they reach the application layer, thus confusing some proxy servers. Is incorrect because the TCP Wrapper acts as an ACL restricting packets so would not confuse a proxy server because the packets would not arrive and would not be a limitation.

    The hosts. access control system requires a complicated directory tree. Is incorrect because a simple directory tree is involved.

    They are too expensive. Is incorrect because TCP Wrapper is considered open source with a BSD licensing scheme.

  6. Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity?

    • Steganography
    • ADS – Alternate Data Streams
    • Encryption
    • NTFS ADS
    Explanation:

    It is the art and science of encoding hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message or could claim there is a message.

    It is a form of security through obscurity.

    The word steganography is of Greek origin and means “concealed writing.” It combines the Greek words steganos (στεγανός), meaning “covered or protected,” and graphei (γραφή) meaning “writing.”

    The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography and steganography, disguised as a book on magic. Generally, the hidden messages will appear to be (or be part of) something else: images, articles, shopping lists, or some other cover text. For example, the hidden message may be in invisible ink between the visible lines of a private letter.

    The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable, will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.
    It is sometimes referred to as Hiding in Plain Sight. This image of trees blow contains in it another image of a cat using Steganography.
    ADS Tree with Cat inside

    SSCP System Security Certified Practitioner (SSCP) Part 23 Q06 021
    SSCP System Security Certified Practitioner (SSCP) Part 23 Q06 021

    This image below is hidden in the picture of the trees above:

    SSCP System Security Certified Practitioner (SSCP) Part 23 Q06 022
    SSCP System Security Certified Practitioner (SSCP) Part 23 Q06 022

    Hidden Kitty
    As explained here the image is hidden by removing all but the two least significant bits of each color component and subsequent normalization.

    ABOUT MSF and LSF

    One of the common method to perform steganography is by hiding bits within the Least Significant Bits of a media (LSB) or what is sometimes referred to as Slack Space. By modifying only the least significant bit, it is not possible to tell if there is an hidden message or not looking at the picture or the media. If you would change the Most Significant Bits (MSB) then it would be possible to view or detect the changes just by looking at the picture. A person can perceive only up to 6 bits of depth, bit that are changed past the first sixth bit of the color code would be undetectable to a human eye.

    If we make use of a high quality digital picture, we could hide six bits of data within each of the pixel of the image. You have a color code for each pixel composed of a Red, Green, and Blue value. The color code is 3 sets of 8 bits each for each of the color. You could change the last two bit to hide your data. See below a color code for one pixel in binary format. The bits below are not real they are just example for illustration purpose:

    RED GREEN BLUE
    0101 0101 1100 1011 1110 0011
    MSB LSB MSB LSB MSB LSB

    Let’s say that I would like to hide the letter A uppercase within the pixels of the picture. If we convert the letter “A” uppercase to a decimal value it would be number 65 within the ASCII table , in binary format the value 65 would translet to 01000001

    You can break the 8 bits of character A uppercase in group of two bits as follow: 01 00 00 01

    Using the pixel above we will hide those bits within the last two bits of each of the color as follow:

    RED GREEN BLUE
    0101 0101 1100 1000 1110 0000
    MSB LSB MSB LSB MSB LSB

    As you can see above, the last two bits of RED was already set to the proper value of 01, then we move to the GREEN value and we changed the last two bit from 11 to 00, and finally we changed the last two bits of blue to 00. One pixel allowed us to hide 6 bits of data. We would have to use another pixel to hide the remaining two bits.

    The following answers are incorrect:

    – ADS – Alternate Data Streams: This is almost correct but ADS is different from steganography in that ADS hides data in streams of communications or files while Steganography hides data in a single file.

    – Encryption: This is almost correct but Steganography isn’t exactly encryption as much as using space in a file to store another file.

    – NTFS ADS: This is also almost correct in that you’re hiding data where you have space to do so. NTFS, or New Technology File System common on Windows computers has a feature where you can hide files where they’re not viewable under normal conditions. Tools are required to uncover the ADS-hidden files.

    The following reference(s) was used to create this question:
    The CCCure Security+ Holistic Tutorial at http://www.cccure.tv
    and
    Steganography tool
    and
    http://en.wikipedia.org/wiki/Steganography

  7. Which of the following type of cryptography is used when both parties use the same key to communicate securely with each other?

    • Symmetric Key Cryptography
    • PKI – Public Key Infrastructure
    • Diffie-Hellman
    • DSS – Digital Signature Standard
    Explanation:

    Symmetric-key algorithms are a class of algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext (sender) and decryption of ciphertext (receiver). The keys may be identical, in practice, they represent a shared secret between two or more parties that can be used to maintain a private information link.

    This requirement that both parties have access to the secret key is one of the main drawbacks of symmetric key encryption, in comparison to public-key encryption. This is also known as secret key encryption. In symmetric key cryptography, each end of the conversation must have the same key or they cannot decrypt the message sent to them by the other party.

    Symmetric key crypto is very fast but more difficult to manage due to the need to distribute the key in a secure means to all parts needing to decrypt the data. There is no key management built within Symmetric crypto.

    PKI provides CIA – Confidentiality (Through encryption) Integrity (By guaranteeing that the message hasn’t change in transit) and Authentication (Non-repudiation). Symmetric key crypto provides mostly Confidentiality.

    The following answers are incorrect:

    – PKI – Public Key Infrastructure: This is the opposite of symmetric key crypto. Each side in PKI has their own private key and public key. What one key encrypt the other one can decrypt. You make use of the receiver public key to communicate securely with a remote user. The receiver will use their matching private key to decrypt the data.

    – Diffie-Hellman: Sorry, this is an asymmetric key technique. It is used for key agreement over an insecure network such as the Internet. It allows two parties who has never met to negotiate a secret key over an insecure network while preventing Man-In-The-Middle (MITM) attacks.

    – DSS – Digital Signature Standard: Sorry, this is an asymmetric key technique.

    The following reference(s) was used to create this question:
    To learn more about this Qs and 100% of the Security+ CBK, subscribe to our Holistic Computer Based Tutorial (CBT) on our Learning Management System at: http://www.cccure.tv
    and
    http://en.wikipedia.org/wiki/Symmetric-key_algorithm

  8. Which type of encryption is considered to be unbreakable if the stream is truly random and is as large as the plaintext and never reused in whole or part?

    • One Time Pad (OTP)
    • One time Cryptopad (OTC)
    • Cryptanalysis
    • Pretty Good Privacy (PGP)
    Explanation:

    OTP or One Time Pad is considered unbreakable if the key is truly random and is as large as the plaintext and never reused in whole or part AND kept secret.

    In cryptography, a one-time pad is a system in which a key generated randomly is used only once to encrypt a message that is then decrypted by the receiver using the matching one-time pad and key. Messages encrypted with keys based on randomness have the advantage that there is theoretically no way to “break the code” by analyzing a succession of messages. Each encryption is unique and bears no relation to the next encryption so that some pattern can be detected.

    With a one-time pad, however, the decrypting party must have access to the same key used to encrypt the message and this raises the problem of how to get the key to the decrypting party safely or how to keep both keys secure. One-time pads have sometimes been used when the both parties started out at the same physical location and then separated, each with knowledge of the keys in the one-time pad. The key used in a one-time pad is called a secret key because if it is revealed, the messages encrypted with it can easily be deciphered.

    One-time pads figured prominently in secret message transmission and espionage before and during World War II and in the Cold War era. On the Internet, the difficulty of securely controlling secret keys led to the invention of public key cryptography.

    The biggest challenge with OTP was to get the pad security to the person or entity you wanted to communicate with. It had to be done in person or using a trusted courrier or custodian. It certainly did not scale up very well and it would not be usable for large quantity of data that needs to be encrypted as we often time have today.

    The following answers are incorrect:

    – One time Cryptopad: Almost but this isn’t correct. Cryptopad isn’t a valid term in cryptography.

    – Cryptanalysis: Sorry, incorrect. Cryptanalysis is the process of analyzing information in an effort to breach the cryptographic security systems.

    – PGP – Pretty Good Privacy: PGP, written by Phil Zimmermann is a data encryption and decryption program that provides cryptographic privacy and authentication for data. Still isn’t the right answer though. Read more here about PGP.

    The following reference(s) was used to create this question:

    To get more info on this Qs or any Qs of Security+, subscribe to the CCCure Holistic Security+ CBT available at: http://www.cccure.tv
    and
    http://users.telenet.be/d.rijmenants/en/otp.htm
    and
    http://en.wikipedia.org/wiki/One-time_pad
    and
    http://searchsecurity.techtarget.com/definition/one-time-pad

  9. Which of the following answers is described as a random value used in cryptographic algorithms to ensure that patterns are not created during the encryption process?

    • IV – Initialization Vector
    • Stream Cipher
    • OTP – One Time Pad
    • Ciphertext
    Explanation:

    The basic power in cryptography is randomness. This uncertainty is why encrypted data is unusable to someone without the key to decrypt.

    Initialization Vectors are a used with encryption keys to add an extra layer of randomness to encrypted data. If no IV is used the attacker can possibly break the keyspace because of patterns resulting in the encryption process. Implementation such as DES in Code Book Mode (CBC) would allow frequency analysis attack to take place.

    In cryptography, an initialization vector (IV) or starting variable (SV)is a fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom. Randomization is crucial for encryption schemes to achieve semantic security, a property whereby repeated usage of the scheme under the same key does not allow an attacker to infer relationships between segments of the encrypted message. For block ciphers, the use of an IV is described by so-called modes of operation. Randomization is also required for other primitives, such as universal hash functions and message authentication codes based thereon.

    It is define by TechTarget as:
    An initialization vector (IV) is an arbitrary number that can be used along with a secret key for data encryption. This number, also called a nonce, is employed only one time in any session.

    The use of an IV prevents repetition in data encryption, making it more difficult for a hacker using a dictionary attack to find patterns and break a cipher. For example, a sequence might appear twice or more within the body of a message. If there are repeated sequences in encrypted data, an attacker could assume that the corresponding sequences in the message were also identical. The IV prevents the appearance of corresponding duplicate character sequences in the ciphertext.

    The following answers are incorrect:

    – Stream Cipher: This isn’t correct. A stream cipher is a symmetric key cipher where plaintext digits are combined with pseudorandom key stream to product cipher text.

    – OTP – One Time Pad: This isn’t correct but OTP is made up of random values used as key material. (Encryption key) It is considered by most to be unbreakable but must be changed with a new key after it is used which makes it impractical for common use.

    – Ciphertext: Sorry, incorrect answer. Ciphertext is basically text that has been encrypted with key material (Encryption key)

    The following reference(s) was used to create this question:

    For more details on this TOPIC and other Qs of the Security+ CBK, subscribe to our Holistic Computer Based Tutorial (CBT) at http://www.cccure.tv
    and
    whatis.techtarget.com/definition/initialization-vector-IV
    and
    en.wikipedia.org/wiki/Initialization_vector

  10. Which of the following type of traffic can easily be filtered with a stateful packet filter by enforcing the context or state of the request?

    • ICMP
    • TCP
    • UDP
    • IP
    Explanation:

    The question is explict in asking *easily*. With TCP connection establishment there is a distinct state or sequence that can be expected. Consult the references for further details.

    ICMP, IP and UDP don’t have any concept of a session; i.e. each packet or datagram is handled individually, with no reference to the contents of the previous one. With no sessions, these protocols usually cannot be filtered on the state of the session.

    Some newer firewalls, however, simulate the concept of state for these protocols, and filter out unexpected packets based upon normal usage. Although these are commonly treated like normal stateful filters, they are more complex to program, and hence more prone to errors.

    A stateful packet filter or stateful inspection inspects each packet and only allows known connection states through. So, if a SYN/ACK packet was recieved and there was not a prior SYN packet sent it would filter that packet and not let it in. The correct sequence of steps are known and if the sequence or state is incorrect then it is dropped.

    The incorrect answers are:
    ICMP. ICMP is basically stateless so you could not easily filter them based on the state or sequence.

    UDP. UDP has no real state so you could only partially filter them based on the state or sequence. The question was explicit in asking easily. While it is possible, UDP is not the best answer.

    IP. IP would refer to the Internet Protocol and as such is stateless so you would not be able to filter it out easily.

    The following reference(s) were used for this question:
    http://www.nwo.net/ipf/ipf-howto.pdf

  11. Which of the following access methods is used by Ethernet?

    • CSMA/CD.
    • CSU/DSU.
    • TCP/IP.
    • FIFO.
    Explanation:

    Ethernet uses Carrier Sense Multiple Access with Collision Detection (CSMA/CD) to minimize the effect of broadcast collisions.

    The following answers are incorrect:

    CSU/DSU Is incorrect because Channel Service Unit/Digital Service Unit(CSU/DSU) is a digital interface normally used to connect a router to a digital circuit.

    TCP/IP Is incorrect because Transmission Control Protocol/Internet Protocol(TCP/IP) is a network protocol not an access method.

    FIFO Is incorrect as it is a distractor. First In, First Out (FIFO) is typically a processing methodology in which first come, first served.

    Ethernet is a frame based network technology.

    References:
    OIG CBK Telecommunications and Network Security (pages 437 – 438)
    Wikipedia http://en.wikipedia.org/wiki/FIFO

  12. Complete the blanks. When using PKI, I digitally sign a message using my ______ key. The recipient verifies my signature using my ______ key.

    • Private / Public
    • Public / Private
    • Symmetric / Asymmetric
    • Private / Symmetric
    Explanation:

    When we encrypt messages using our private keys which are only available to us. The person who wants to read and decrypt the message need only have our public keys to do so.
    The whole point to PKI is to assure message integrity, authentication of the source, and to provide secrecy with the digital encryption.

    See below a nice walktrough of Digital Signature creation and verification from the Comodo web site:

    Digital Signatures apply the same functionality to an e-mail message or data file that a handwritten signature does for a paper-based document. The Digital Signature vouches for the origin and integrity of a message, document or other data file.
    How do we create a Digital Signature?

    The creation of a Digital Signature is a complex mathematical process. However as the complexities of the process are computed by the computer, applying a Digital Signature is no more difficult that creating a handwritten one!

    The following text illustrates in general terms the processes behind the generation of a Digital Signature:

    1. Alice clicks ‘sign’ in her email application or selects which file is to be signed.
    2. Alice’s computer calculates the ‘hash’ (the message is applied to a publicly known mathematical hashing function that coverts the message into a long number referred to as the hash).
    3. The hash is encrypted with Alice’s Private Key (in this case it is known as the Signing Key) to create the Digital Signature.
    4. The original message and its Digital Signature are transmitted to Bob.
    5. Bob receives the signed message. It is identified as being signed, so his email application knows which actions need to be performed to verify it.
    6. Bob’s computer decrypts the Digital Signature using Alice’s Public Key.
    7. Bob’s computer also calculates the hash of the original message (remember – the mathematical function used by Alice to do this is publicly known).
    8. Bob’s computer compares the hashes it has computed from the received message with the now decrypted hash received with Alice’s message.

    digital signature creation and verification

    SSCP System Security Certified Practitioner (SSCP) Part 23 Q12 023
    SSCP System Security Certified Practitioner (SSCP) Part 23 Q12 023

    If the message has remained integral during its transit (i.e. it has not been tampered with), when compared the two hashes will be identical.

    However, if the two hashes differ when compared then the integrity of the original message has been compromised. If the original message is tampered with it will result in Bob’s computer calculating a different hash value. If a different hash value is created, then the original message will have been altered. As a result the verification of the Digital Signature will fail and Bob will be informed.
    Origin, Integrity, Non-Repudiation, and Preventing Men-In-The-Middle (MITM) attacks

    Eve, who wants to impersonate Alice, cannot generate the same signature as Alice because she does not have Alice’s Private Key (needed to sign the message digest). If instead, Eve decides to alter the content of the message while in transit, the tampered message will create a different message digest to the original message, and Bob’s computer will be able to detect that. Additionally, Alice cannot deny sending the message as it has been signed using her Private Key, thus ensuring non-repudiation.

    creating and validating a digital signature

    SSCP System Security Certified Practitioner (SSCP) Part 23 Q12 024
    SSCP System Security Certified Practitioner (SSCP) Part 23 Q12 024

    Due to the recent Global adoption of Digital Signature law, Alice may now sign a transaction, message or piece of digital data, and so long as it is verified successfully it is a legally permissible means of proof that Alice has made the transaction or written the message.

    The following answers are incorrect:

    – Public / Private: This is the opposite of the right answer.

    – Symmetric / Asymmetric: Not quite. Sorry. This form of crypto is asymmetric so you were almost on target.

    – Private / Symmetric: Well, you got half of it right but Symmetric is wrong.

    The following reference(s) was used to create this question:

    The CCCure Holistic Security+ CBT, you can subscribe at: http://www.cccure.tv
    and

    http://www.comodo.com/resources/small-business/digital-certificates3.php

  13. Which of the following BEST describes a function relying on a shared secret key that is used along with a hashing algorithm to verify the integrity of the communication content as well as the sender?

    • Message Authentication Code – MAC
    • PAM – Pluggable Authentication Module
    • NAM – Negative Acknowledgement Message
    • Digital Signature Certificate
    Explanation:

    The purpose of a message authentication code – MAC is to verify both the source and message integrity without the need for additional processes.

    A MAC algorithm, sometimes called a keyed (cryptographic) hash function (however, cryptographic hash function is only one of the possible ways to generate MACs), accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC (sometimes known as a tag). The MAC value protects both a message’s data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content.

    MACs differ from digital signatures as MAC values are both generated and verified using the same secret key. This implies that the sender and receiver of a message must agree on the same key before initiating communications, as is the case with symmetric encryption. For the same reason, MACs do not provide the property of non-repudiation offered by signatures specifically in the case of a network-wide shared secret key: any user who can verify a MAC is also capable of generating MACs for other messages.

    In contrast, a digital signature is generated using the private key of a key pair, which is asymmetric encryption. Since this private key is only accessible to its holder, a digital signature proves that a document was signed by none other than that holder. Thus, digital signatures do offer non-repudiation.

    The following answers are incorrect:

    PAM – Pluggable Authentication Module: This isn’t the right answer. There is no known message authentication function called a PAM. However, a pluggable authentication module (PAM) is a mechanism to integrate multiple low-level authentication schemes and commonly used within the Linux Operating System.

    NAM – Negative Acknowledgement Message: This isn’t the right answer. There is no known message authentication function called a NAM. The proper term for a negative acknowledgement is NAK, it is a signal used in digital communications to ensure that data is received with a minimum of errors.

    Digital Signature Certificate: This isn’t right. As it is explained and contrasted in the explanations provided above.

    The following reference(s) was used to create this question:

    The CCCure Computer Based Tutorial for Security+, you can subscribe at http://www.cccure.tv
    and
    http://en.wikipedia.org/wiki/Message_authentication_code

  14. The IP header contains a protocol field. If this field contains the value of 2, what type of data is contained within the IP datagram?

    • TCP.
    • ICMP.
    • UDP.
    • IGMP.
    Explanation:

    If the protocol field has a value of 2 then it would indicate it was IGMP.

    The following answers are incorrect:

    TCP. Is incorrect because the value for a TCP protocol would be 6.
    UDP. Is incorrect because the value for an UDP protocol would be 17.
    ICMP. Is incorrect because the value for an ICMP protocol would be 1.

  15. Which of the following protocols suite does the Internet use?

    • IP/UDP/TCP
    • IP/UDP/ICMP/TCP
    • TCP/IP
    • IMAP/SMTP/POP3
    Explanation:

    Transmission Control Protocol/Internet Protocol (TCP/IP) is the common name for the suite of protocols that was developed by the Department of Defense (DoD) in the 1970’s to support the construction of the internet. The Internet is based on TCP/IP.

    The Internet protocol suite is the networking model and a set of communications protocols used for the Internet and similar networks. It is commonly known as TCP/IP, because its most important protocols, the Transmission Control Protocol (TCP) and the Internet Protocol (IP), were the first networking protocols defined in this standard. It is occasionally known as the DoD model, because the development of the networking model was funded by DARPA, an agency of the United States Department of Defense.

    TCP/IP provides end-to-end connectivity specifying how data should be formatted, addressed, transmitted, routed and received at the destination. This functionality has been organized into four abstraction layers within the DoD Model which are used to sort all related protocols according to the scope of networking involved.

    From lowest to highest, the layers are:

    The link layer, containing communication technologies for a single network segment (link),

    The internet layer, connecting independent networks, thus establishing internetworking,
    The transport layer handling process-to-process communication,
    The application layer, which interfaces to the user and provides support services.
    The TCP/IP model and related protocols are maintained by the Internet Engineering Task Force (IETF).

    The following answers are incorrect:

    IP/UDP/TCP. This is incorrect, all three are popular protocol and they are not considered a suite of protocols.

    IP/UDP/ICMP/TCP. This is incorrect, all 4 are some of the MOST commonly used protocol but they are not called a suite of protocol.

    IMAP/SMTP/POP3 . This is incorrect because they are all email protocol and consist of only a few of the protocol that would be included in the TCP/IP suite of protocol.

    Reference(s) used for this question:
    Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 5267-5268). Auerbach Publications. Kindle Edition.
    http://en.wikipedia.org/wiki/Internet_protocol_suite

  16. Organizations should consider which of the following first before allowing external access to their LANs via the Internet?

    • plan for implementing workstation locking mechanisms.
    • plan for protecting the modem pool.
    • plan for providing the user with his account usage information.
    • plan for considering proper authentication options.
    Explanation:

    Before a LAN is connected to the Internet, you need to determine what the access controls mechanisms are to be used, this would include how you are going to authenticate individuals that may access your network externally through access control.

    The following answers are incorrect:

    plan for implementing workstation locking mechanisms. This is incorrect because locking the workstations have no impact on the LAN or Internet access.

    plan for protecting the modem pool. This is incorrect because protecting the modem pool has no impact on the LAN or Internet access, it just protects the modem.

    plan for providing the user with his account usage information. This is incorrect because the question asks what should be done first. While important your primary concern should be focused on security.

  17. Which of the following media is MOST resistant to tapping?

    • microwave.
    • twisted pair.
    • coaxial cable.
    • fiber optic.
    Explanation:

    Fiber Optic is the most resistant to tapping because Fiber Optic uses a light to transmit the signal. While there are some technologies that will allow to monitor the line passively, it is very difficult to tap into without detection sot this technology would be the MOST resistent to tapping.

    The following answers are in correct:

    microwave. Is incorrect because microwave transmissions can be intercepted if in the path of the broadcast without detection.

    twisted pair. Is incorrect because it is easy to tap into a twisted pair line.
    coaxial cable. Is incorrect because it is easy to tap into a coaxial cable line.

  18. Which of the following is a tool often used to reduce the risk to a local area network (LAN) that has external connections by filtering Ingress and Egress traffic?

    • a firewall.
    • dial-up.
    • passwords.
    • fiber optics.
    Explanation:

    The use of a firewall is a requirement to protect a local area network (LAN) that has external connections without that you have no real protection from fraudsters.

    The following answers are incorrect:

    dial-up. This is incorrect because this offers little protection once the connection has been established.

    passwords. This is incorrect because there are tools to crack passwords and once a user has been authenticated and connects to the external connections, passwords do not offer protection against incoming TCP packets.

    fiber optics. This is incorrect because this offers no protection from the external connection.

  19. Which of the following DoD Model layer provides non-repudiation services?

    • network layer.
    • application layer.
    • transport layer.
    • data link layer.
    Explanation:

    The Application Layer determines the identity of the communication partners and this is where Non-Repudiation service would be provided as well. See the layers below:

    SSCP System Security Certified Practitioner (SSCP) Part 23 Q19 025
    SSCP System Security Certified Practitioner (SSCP) Part 23 Q19 025

    DOD Model DoD Model

    The following answers are incorrect:

    network layer. Is incorrect because the Network Layer mostly has routing protocols, ICMP, IP, and IPSEC. It it not a layer in the DoD Model. It is called the Internet Layer within the DoD model.

    transport layer. Is incorrect because the Transport layer provides transparent transfer of data between end users. This is called Host-to-Host on the DoD model but sometimes some books will call it Transport as well on the DoD model.

    data link layer. Is incorrect because the Data Link Layer defines the protocols that computers must follow to access the network for transmitting and receiving messages. It is part of the OSI Model. This does not exist on the DoD model, it is called the Link Layer on the DoD model.

  20. What is the 802.11 standard related to?

    • Public Key Infrastructure (PKI)
    • Wireless network communications
    • Packet-switching technology
    • The OSI/ISO model
    Explanation:

    The 802.11 standard outlines how wireless clients and APs communicate, lays out the specifications of their interfaces, dictates how signal transmission should take place, and describes how authentication, association, and security should be implemeted.

    The following answers are incorrect:

    Public Key Infrastructure (PKI) Public Key Infrastructure is a supporting infrastructure to manage public keys. It is not part of the IEEE 802 Working Group standard.

    Packet-switching technology A packet-switching technology is not included in the IEEE 802 Working Group standard. It is a technology where-in messages are broken up into packets, which then travel along different routes to the destination.

    The OSI/ISO model The Open System Interconnect model is a sevel-layer model defined as an international standard describing network communications.

    The following reference(s) were/was used to create this question:

    Source: Shon Harris – “All-in-One CISSP Exam Guide” Fourth Edition; Chapter 7 – Telecommunications and Network Security: pg. 624.

    802.11 refers to a family of specifications developed by the IEEE for Wireless LAN technology. 802.11 specifies an over-the-air interface between a wireless client and a base station or between two wireless clients. The IEEE accepted the specification in 1997. There are several specifications in the 802.11 family:

    802.11 # applies to wireless LANs and provides 1 or 2 Mbps transmission in the 2.4 GHz band using either frequency hopping spread spectrum (FHSS) or direct sequence spread spectrum (DSSS).
    802.11a # an extension to 802.11 that applies to wireless LANs and provides up to 54 Mbps in the 5GHz band. 802.11a uses an orthogonal frequency division multiplexing encoding scheme rather than FHSS or DSSS.
    802.11b (also referred to as 802.11 High Rate or Wi-Fi) # an extension to 802.11 that applies to wireless LANS and provides 11 Mbps transmission (with a fallback to 5.5, 2 and 1 Mbps) in the 2.4 GHz band. 802.11b uses only DSSS. 802.11b was a 1999 ratification to the original 802.11 standard, allowing wireless functionality comparable to Ethernet.
    802.11g # applies to wireless LANs and provides 20+ Mbps in the 2.4 GHz band.

    Source: 802.11 Planet’s web site.