Chapter 4 ■ Communication and Network Security (Domain 4) 89
- In her role as an information security professional, Susan has been asked to identify areas
where her organization’s wireless network may be accessible even though it isn’t intended
to be. What should Susan do to determine where her organization’s wireless network is
accessible?
A. A site survey
B. Warwalking
C. Wardriving
D. A design map - The DARPA TCP/IP model’s Application layer matches up to what three OSI model layers?
A. Application, Presentation, and Transport.
B. Presentation, Session, and Transport.
C. Application, Presentation, and Session.
D. There is not a direct match. The TCP model was created before the OSI model.- One of Susan’s attacks during a penetration test involves inserting false ARP data into a
system’s ARP cache. When the system attempts to send traffic to the address it believes
belongs to a legitimate system, it will instead send that traffic to a system she controls.
What is this attack called?
A. RARP flooding
B. ARP cache poisoning
C. A denial of ARP attack
D. ARP buffer blasting - Sue modifies her MAC address to one that is allowed on a network that uses MAC filter-
ing to provide security. What is the technique Sue used, and what nonsecurity issue could
her actions cause?
A. Broadcast domain exploit, address conflict
B. Spoofing, token loss
C. Spoofing, address conflict
D. Sham EUI creation, token loss - Jim’s audit of a large organization’s traditional PBX showed that Direct Inward System
Access (DISA) was being abused by third parties. What issue is most likely to lead to this
problem?
A. The PBX was not fully patched.
B. The dial-in modem lines use unpublished numbers.
C. DISA is set up to only allow local calls.
D. One or more users’ access codes have been compromised.