click below
click below
Normal Size Small Size show me how
CISSP
Question | Answer |
---|---|
A firewall that communicates directly with a perimeter router and the internal network. | Sreened Host |
A ______________ host is a firewall that is screened by a router | Screened |
A ______________ architecture adds another layer of ecurity to the screened-host architecture. The external firewall screens the data entering the DMZ network. However | instead of the firewall then redirecting the traffic to the internal network |
With a _______________ | two firewalls are used to create a DMZ |
Sometimes a _______________ architecture is referred to as a single-tiered configuration and a __________________ is referred to as a two-tiered configuration. | Screened-host |
Masquerading | or ___________ is a popular attacking trick in which the attacker modifies a packet header to have the source address of a host inside the network he wants to attack. |
______________ routing means the packet decides how to get to its destination | not the routers in between the source and destination computer |
____________ is another name for locked-down (or hardended) | Bastion Host |
____________ refers to a device that has two interfaces: one facing the external network and the other facing the internal network | Dual-Homed |
In a ___________ firewall architecture a single computer with separate NICs are connected to each network. The computer's forwarding and routing must be disabled to the two networks are truly segrageted. | Dual-Homed |
______________ is a method of resolving hostnames to IP addresses so names can be used instead of IP addresses | Domain Name Service (DNS) |
What does DNSSEC stand for? | Domain Name Service Security |
Most directory service databases are built on the _______model and sue the _______ protocal to access the directory database | X.500 |
A backbone that connects LANs to each other and LANs to WANs | Metropolitan Area Network (MAN) |
A standard for telecommunications transmissions over fiber-optic cables. The line is self-healing. All lines are redundant. Most MANs use these. | Synchronous Optical Network (SONET) |
A method of combining multiple channels of data over a single transmission path | Multiplexing |
____________ encapsulates data in fixed cells and can be used to deliver data over the SONET networks. Uses a fixed cell size and is a high-speed network technology. It uses a cell switching method. | Asynchronous Transfer Mode (ATM) |
A signaling protocol widely used for VoIP communication sessions | Session Initiation Protocol (SIP) |
A packet switched WAN protocol that features no error recovery | Frame Relay |
A Cisco-proprietary protocol that was released before 802.1X was finalized. It was significant security flaws and should not be used. It's based purely on passwords. | Lightweight Extensible Authentication Protocol (LEAP) |
Two services provided by ISDN | Basic Rate Interface (BRI) and Primary Rate Interface (PRI) |
BRI has ______ B channels that enable data to be transferred and ______ D channel that provides for call set up. | Two |
This protocol enables data | voice |
The _______ service is common for residual use and the _______ | which has 23 B channels and 1 D channel is used more for corporations. |
What are the three types of ISDN? | BRI |
IPSec can be configured to provide ____________________ | in which an IPSec tunnel is tunneled through another IPSec tunnel. |
____________ is not really a tunneling protocol but an encapsulation protocol. It encapsulates messages and transmits them over a serial line. | Point-to-Point Protocol (PPP) |
PPP has replaced ___________ | Serial Line Internet Protocol (SLIP) |
A Microsoft protocol that allows remote users to set up a PPP connection to a local ISP and then create a secure VPN to their destination. It can only work over the IP networks. | Point-to-Point Tunneling Protocol (PPTP) |
One of the least secure authentication protocols because passwords are sent in plain text | Password Authentication Protocol (PAP) |
IPSec works in which two modes? | Tunnel and Transport |
In the IPSec tunnel mode | the __________ and ____________ are protected but in transport mode on the __________ is protected |
Used the same was as PAP but is more secure. Uses a challenge/response method. Used by remote users | routers |
____________________ takes the total amount of bandwidth (spectrum) and splits it into smaller subchannels. It uses only a portion of the bandwidth available. | Frequency Hopping Spread Spectrum (FHSS) |
The __________ standard is a port-based network acces control that ensures a user cannot make a full network connection until he is properly authenticated. | 802.1X |