Chapter 4: Communication and Network Security (Domain 4) 355
- C. ICMP, RIP, and network address translation all occur at layer 3, the Network layer.
- C. One of the visibility risks of virtualization is that communication between servers and
systems using virtual interfaces can occur “inside” the virtual environment. This means
that visibility into traffic in the virtualization environment has to be purpose-built as part
of its design. Option D is correct but incomplete because inter-hypervisor traffic isn’t the
only traffic the IDS will see. - B. Cut and paste between virtual machines can bypass normal network-based data loss
prevention tools and monitoring tools like an IDS or IPS. Thus, it can act as a covert
channel, allowing the transport of data between security zones. So far, cut and paste has
not been used as a method for malware spread in virtual environments and has not been
associated with denial of service attacks. Cut and paste requires users to be logged in and
does not bypass authentication requirements. - A. While virtual machine escape has only been demonstrated in laboratory environments,
the threat is best dealt with by limiting what access to the underlying hypervisor can
prove to a successful tracker. Segmenting by data types or access levels can limit the
potential impact of a hypervisor compromise. If attackers can access the underlying
system, restricting the breach to only similar data types or systems will limit the impact.
Escape detection tools are not available on the market, restoring machines to their original
snapshots will not prevent the exploit from occurring again, and Tripwire detects file
changes and is unlikely to catch exploits that escape the virtual machines themselves. - C. WPA2’s CCMP encryption scheme is based on AES. As of the writing of this book,
there have not been any practical real-world attacks against WPA2. DES has been
successfully broken, and neither 3DES nor TLS is used for WPA2.
7 7. B. Ethernet networks use Carrier-Sense Multiple Access with Collision Detection (CSMA/
CD) technology. When a collision is detected and a jam signal is sent, hosts wait a random
period of time before attempting retransmission.
- C. A T3 (DS-3) line is capable of 44.736 Mbps. This is often referred to as 45 Mbps. A T1
is 1.544 Mbps, ATM is 155 Mbps, and ISDN is often 64 or 128 Kbps. - B. A two-tier firewall uses a firewall with multiple interfaces or multiple firewalls in series.
This image shows a firewall with two protected interfaces, with one used for a DMZ and
one used for a protected network. This allows traffic to be filtered between each of the
zones (Internet, DMZ, and private network). - B. Endpoint security solutions face challenges due to the sheer volume of data that they
can create. When each workstation is generating data about events, this can be a massive
amount of data. Endpoint security solutions should reduce the number of compromises
when properly implemented, and they can also help by monitoring traffic after it is
decrypted on the local host. Finally, non-TCP protocols are relatively uncommon on
modern networks, making this a relatively rare concern for endpoint security system
implementations.