Chapter 10: Practice Test 2 419
- C. Software-defined networking (SDN) is a converged protocol that allows virtualization
concepts and practices to be applied to networks. MPLS handles a wide range of protocols
like ATM, DSL, and others, but isn’t intended to provide the centralization capabilities
that SDN does. Content Distribution Network (CDN) is not a converged protocol, and
FCoE is Fibre Channel over Ethernet, a converged protocol for storage. - C. The best way to ensure that data on DVDs is fully gone is to destroy them, and
pulverizing DVDs is an appropriate means of destruction. DVD-ROMs are write-only
media, meaning that secure erase and zero wipes won’t work. Degaussing only works on
magnetic media and cannot guarantee that there will be zero data remanence. - D. The five stages of the SW-CMM are, in order, Initial, Repeatable, Defined, Managed,
and Optimizing. In the Optimizing stage, a process of continuous improvement occurs. - A. All packets leaving Angie’s network should have a source address from her public IP
address block. Packets with a destination address from Angie’s network should not be
leaving the network. Packets with source addresses from other networks are likely spoofed
and should be blocked by egress filters. Packets with private IP addresses as sources or
destinations should never be routed onto the Internet. - D. Security best practices dictate the use of shadowed password files that move the
password hashes from the widely accessible /etc/passwd file to the more restricted
/etc/shadow file. - A. While developers may feel like they have a business need to be able to move code into
production, the principle of separation of duties dictates that they should not have the
ability to both write code and place it on a production server. The deployment of code is
often performed by change management staff. - A. Applying a digital signature to a message allows the sender to achieve the goal of
nonrepudiation. This allows the recipient of a message to prove to a third party that
the message came from the purported sender. Symmetric encryption does not support
nonrepudiation. Firewalls and IDS are network security tools that are not used to provide
nonrepudiation. - A. System A should send an ACK to end the three-way handshake. The TCP three-way
handshake is SYN, SYN/ACK, ACK. - B. TACACS+ is the most modern version of TACACS, the Terminal Access Controller
Access-Control System. It is a Cisco proprietary protocol with added features beyond
what RADIUS provides, meaning it is commonly used on Cisco networks. XTACACS is
an earlier version, Kerberos is a network authentication protocol rather than a remote user
authentication protocol, and RADIUS+ is a made-up term. - C. Call managers and VoIP phones can be thought of as servers or appliances and
embedded or network devices. That means that the most likely threats that they will face
are denial of service (DoS) attacks and attacks against the host operating system. Malware
and Trojans are less likely to be effective against a server or embedded system that doesn’t
browse the Internet or exchange data files; buffer overflows are usually aimed at specific
applications or services.