CISSP认证考试（通信安全与网络安全）模拟试卷1 - 众享搜题网

登录　| 注册　| 充值

首页 > 计算机 > CISSP认证 > CISSP认证考试（通信安全与网络安全）模拟试卷1

Layer 2 of the OSI model has two sublayers. What are those sublayers, and what are two IEEE standards that describe technologies at that layer? LCL and MAC; IEEE 802.2 and 802.3 LCL and MAC; IEEE 802.1 and 802.3 Network and MAC; IEEE 802.1 and 802.3 LLC and MAC; IEEE 802.2 and 802.3

Which of the following is not an effective countermeasure against spam? Open mail relay servers Properly configured mail relay servers Filtering on an e-mail gateway Filtering on the client

Robert is responsible for implementing a common architecture used when customers need to access confidential information through Internet connections. Which of the following best describes this type of architecture? Two-tiered model Screened subnet Three-tiered model Public and private DNS zones

Two commonly used networking protocols are TCP and UPD. Which of the following correctly describes the two? TCP provides best-effort delivery, and UDP sets up a virtual connection with the destination. TCP provides more services and is more reliable in data transmission, whereas UDP takes less resources and overhead to transmit data. TCP provides more services and is more reliable, but UDP provides more security services. TCP is reliable, and UDP deals with flow control and ACKs.

Which of the following indicates to a packet where to go and how to communicate with the right service or protocol on the destination computer? Socket IP address Port Frame

Several different tunneling protocols can be used in dial-up situations. Which of the following would be best to use as a VPN tunneling solution? L2P PPTP IPSec L2TP

Which of the following correctly describes Bluejacking? Bluejacking is a harmful, malicious attack. It is the process of taking over another portable device via a Bluetoothenabled device. It is commonly used to send contact information. The term was coined by the use of a Bluetooth device and the act of hijacking another device.

DNS is a popular target for attackers due to its strategic role on the Internet. What type of attack uses recursive queries to poison the cache of a DNS server? DNS spoofing Manipulation of the hosts file Social engineering Domain litigation

IP telephony networks require the same security measures as those implemented on an IP data network. Which of the following is unique to IP telephony? Limiting IP sessions going through media gateways Identification of rogue devices Implementation of authentication Encryption of packets containing sensitive information

Cross-site scripting (XSS) is an application security vulnerability usually found in Web applications. What type of XSS vulnerability occurs when a victim is tricked into opening a URL programmed with a rogue script to steal sensitive information? Persistent XSS vulnerability Nonpersistent XSS vulnerability Second-order vulnerability DOM-based vulnerability

Angela wants to group together computers by department to make it easier for them to share network resources. Which of the following will allow her to group computers logically? VLAN Open network architecture Intranet VAN

Which of the following incorrectly describes how routing commonly takes place on the Internet? EGP is used in the areas “between“ each AS. Regions of nodes that share characteristics and behaviors are called ASs. CAs are specific nodes that are responsible for routing to nodes outside of their region. Each AS uses IGP to perform routing functionality.

Both de facto and proprietary interior protocols are in use today. Which of the following is a proprietary interior protocol that chooses the best path between the source and destination? IGRP RIP BGP OSPF

Which of the following categories of routing protocols builds a topology database of the network? Dynamic Distance-vector Link-state Static

Which of the following does not describe IP telephony security? VoIP networks should be protected with the same security controls used on a data network. Softphones are more secure than IP phones. As endpoints, IP phones can become the target of attacks. The current Internet architecture over which voice is transmitted is less secure than physical phone lines.

When an organization splits naming zones, the names of its hosts that are only accessible from an intranet are hidden from the Internet. Which of the following best describes why this is done? To prevent attackers from accessing servers To prevent the manipulation of the hosts file To avoid providing attackers with valuable information that can be used to prepare an attack To avoid providing attackers with information needed for cybersquatting

Which of the following best describes why e-mail spoofing is easily executed? SMTP lacks an adequate authentication mechanism. Administrators often forget to configure an SMTP server to prevent inbound SMTP connections for domains it doesn’t serve. Keyword filtering is technically obsolete. Blacklists are undependable.

Which of the following is not a benefit of VoIP? Cost Convergence Flexibility Security

Today, satellites are used to provide wireless connectivity between different locations. What two prerequisites are needed for two different locations to communicate via satellite links? They must be connected via a phone line and have access to a modem. They must be within the satellite’s line of site and footprint. They must have broadband and a satellite in low Earth orbit. They must have a transponder and be within the satellite’s footprint.

Brad is a security manager at Thingamabobs Inc. He is preparing a presentation for his company’s executives on the risks of using instant messaging (IM) and his reasons for wanting to prohibit its use on the company network. Which of the following should not be included in his presentation? Sensitive data and files can be transferred from system to system over IM. Users can receive information—including malware—from an attacker posing as a legitimate sender. IM use can be stopped by simply blocking specific ports on the network firewalls. A security policy is needed specifying IM usage restrictions.

相关试卷

CISSP认证考试模拟试卷4
CISSP认证考试模拟试卷3
CISSP认证考试模拟试卷2
CISSP认证考试模拟试卷1
CISSP认证考试（软件开发安全）模拟试卷1
CISSP认证考试（访问控制）模拟试卷1
CISSP认证考试（信息安全治理与风险管理）模拟试卷1
CISSP认证考试（通信安全与网络安全）模拟试卷1
CISSP认证考试（安全体系结构和设计）模拟试卷1
CISSP认证考试（密码学）模拟试卷1
CISSP认证考试（物理安全与环境安全）模拟试卷1
CISSP认证考试（法律、法规、调查与合规）模拟试卷1
CISSP认证考试（业务连续性和灾难恢复）模拟试卷1
CISSP认证考试（安全运营）模拟试卷1