Chapter 4: Communication and Network Security (Domain 4) 347
- C. The most reasonable choice presented is to move the devices to a secure and isolated
network segment. This will allow the devices to continue to serve their intended function
while preventing them from being compromised. All of the other scenarios either create
major new costs or deprive her organization of the functionality that the devices were
purchased to provide. - D. Alex can use digital rights management technology to limit use of the PDFs to
paying customers. While DRM is rarely a perfect solution, in this case, it may fit his
organization’s needs. EDM is electronic dance music, which his customers may appreciate
but which won’t solve the problem. Encryption and digital signatures can help to keep the
files secure and to prove who they came from but won’t solve the rights management issue
Alex is tackling. - The security models match with the descriptions as follows:
- Clark-Wilson: C. This model uses security labels to grant access to objects via
transformation procedures and a restricted interface model. - Graham-Denning: D. This model focuses on the secure creation and deletion of
subjects and objects using eight primary protection rules or actions. - Bell-LaPadula: A. This model blocks lower-classified objects from accessing higher-
classified objects, thus ensuring confidentiality. - Sutherland: E. This integrity model focuses on preventing interference in support of
i nteg rit y. - Biba: B. The * property of this model can be summarized as “no write-up.”
Chapter 4: Communication and Network Security (Domain 4)
- A. Frame Relay supports multiple private virtual circuits (PVCs), unlike X.25. It is a
packet-switching technology that provides a Committed Information Rate (CIR), which is
a minimum bandwidth guarantee provided by the service provider to customers. Finally,
Frame Relay requires a DTE/DCE at each connection point, with the DTE providing
access to the Frame Relay network, and a provider-supplied DCE, which transmits the
data over the network. - B. LEAP, the Lightweight Extensible Authentication Protocol, is a Cisco proprietary
protocol designed to handle problems with TKIP. Unfortunately, LEAP has significant
security issues as well and should not be used. Any modern hardware should support
WPA2 and technologies like PEAP or EAP-TLS. Using WEP, the predecessor to WPA and
WPA2, would be a major step back in security for any network.