Chapter 4: Communication and Network Security (Domain 4) 351
- B. If a business need requires messaging, using a local messaging server is the best option.
This prevents traffic from traveling to a third-party server and can offer additional benefits
such as logging, archiving, and control of security options like the use of encryption. - B. Multilayer protocols create three primary concerns for security practitioners: They can
conceal covert channels (and thus covert channels are allowed), filters can be bypassed
by traffic concealed in layered protocols, and the logical boundaries put in place by
network segments can be bypassed under some circumstances. Multilayer protocols allow
encryption at various layers and support a range of protocols at higher layers. - C. A bus can be linear or tree-shaped and connects each system to trunk or backbone
cable. Ethernet networks operate on a bus topology. - B. When a workstation or other device is connected simultaneously to both a secure
and a nonsecure network like the Internet, it may act as a bridge, bypassing the security
protections located at the edge of a corporate network. It is unlikely that traffic will be
routed improperly leading to the exposure of sensitive data, as traffic headed to internal
systems and networks is unlikely to be routed to the external network. Reflected DDoS
attacks are used to hide identities rather than to connect through to an internal network,
and security administrators of managed systems should be able to determine both the local
and wireless IP addresses his system uses. - A. Wardriving and warwalking are both processes used to locate wireless networks, but
are not typically as detailed and thorough as a site survey, and design map is a made-up
term. - C. The DARPA TCP/IP model was used to create the OSI model, and the designers of the
OSI model made sure to map the OSI model layers to it. The Application layer of the TCP
model maps to the Application, Presentation, and Session layers, while the TCP and OSI
models both have a distinct Transport layer. - B. ARP cache poisoning occurs when false ARP data is inserted into a system’s ARP
cache, allowing the attacker to modify its behavior. RARP flooding, denial of ARP
attacks, and ARP buffer blasting are all made-up terms. - C. The process of using a fake MAC (Media Access Control) address is called spoofing,
and spoofing a MAC address already in use on the network can lead to an address
collision, preventing traffic from reaching one or both systems. Tokens are used in token
ring networks, which are outdated, and EUI refers to an Extended Unique Identifier,
another term for MAC address, but token loss is still not the key issue. Broadcast domains
refers to the set of machines a host can send traffic to via a broadcast message. - D. Direct Inward System Access uses access codes assigned to users to add a control layer
for external access and control of the PBX. If the codes are compromised, attackers can
make calls through the PBX or even control it. Not updating a PBX can lead to a range of
issues, but this question is looking for a DISA issue. Allowing only local calls and using
unpublished numbers are both security controls and might help keep the PBX more secure. - D. Application-specific protocols are handled at layer 7, the Application layer of the OSI
model.