Chapter 11: Practice Test 3 437
- C. Wireshark is a network monitoring tool that can capture and replay communications
sent over a data network, including Voice over IP (VoIP) communications. Nmap, Nessus,
and Nikto are all security tools that may identify security flaws in the network, but they
do not directly undermine confidentiality because they do not have the ability to capture
communications. - B. Studies consistently show that users are more likely to write down passwords if
they have more accounts. Central control of a single account is also easier to shut off if
something does go wrong. Simply decreasing the number of accounts required for a subject
doesn’t increase security by itself, and SSO does not guarantee individual system logging,
although it should provide central logging of SSO activity. Since an SSO system was not
specified, there is no way of determining whether a given SSO system provides better or
worse encryption for authentication data. - D. Nonrepudiation is only possible with an asymmetric encryption algorithm. RSA is an
asymmetric algorithm. AES, DES, and Blowfish are all symmetric encryption algorithms
that do not provide nonrepudiation. - D. Modification of audit logs will prevent repudiation because the data cannot be trusted,
and thus actions cannot be provably denied. The modification of the logs is also a direct
example of tampering. It might initially be tempting to answer elevation of privileges and
tampering, as the attacker made changes to files that should be protected, but this is an
unknown without more information. Similarly, the attacker may have accessed the files,
resulting in information disclosure in addition to tampering, but again, this is not specified
in the question. Finally, this did not cause a denial of service, and thus that answer can be
ignored. - C. Routing Information Protocol (RIP), Open Shortest Path First (OSPF), and Border
Gateway Protocol (BGP) are all routing protocols and are associated with routers. - B. The Temporal Key Integrity Protocol (TKIP) was used with WPA on existing hardware
to replace WEP. TKIP has been replaced by CCMP and 802.1x since 2012. PEAP and
EAP are both authentication protocols. Transport Layer Security (TLS) is used to secure
web transactions and other network communications. - B. Each of the attributes linked to Ben’s access provides information for an attribute-
based information control system. Attribute-based information controls like those
described in NIST SP 800-162 can take many details about the user, actions, and objects
into consideration before allowing access to occur. A role-based access control would
simply consider Ben’s role, whereas both administrative and system discretionary access
controls are not commonly used terms to describe access controls. - A. LOIC is an example of a distributed denial of service attack. It uses many systems to
attack targets, combining their bandwidth and making it difficult to shut down the attack
because of the number and variety of attackers. Ionization and zombie horde attacks are
both made-up answers. Teardrop attacks are an older type of attack that sends fragmented
packets as a denial of service attack. - C. Certificates may only be added to a Certificate Revocation List by the certificate
authority that created the digital certificate.