1、计算机 CISSP 认证-4 及答案解析(总分:100.00,做题时间:90 分钟)1.IP telephony networks require the same security measures as those implemented on an IP data network. Which of the following is unique to IP telephony?(分数:2.50)A.Limiting IP sessions going through media gatewaysB.Identification of rogue devicesC.Implementat
2、ion of authenticationD.Encryption of packets containing sensitive information2.Cross-site scripting (XSS) is an application security vulnerability usually found in Web applications. What type of XSS vulnerability occurs when a victim is tricked into opening a URL programmed with a rogue script to st
3、eal sensitive information?(分数:2.50)A.Persistent XSS vulnerabilityB.Nonpersistent XSS vulnerabilityC.Second-order vulnerabilityD.DOM-based vulnerability3.Angela wants to group together computers by department to make it easier for them to share network resources. Which of the following will allow her
4、 to group computers logically?(分数:2.50)A.VLANB.Open network architectureC.IntranetD.VAN4.Which of the following incorrectly describes how routing commonly takes place on the Internet?(分数:2.50)A.EGP is used in the areas “between“ each AS.B.Regions of nodes that share characteristics and behaviors are
5、 called ASs.C.CAs are specific nodes that are responsible for routing to nodes outside of their region.D.Each AS uses IGP to perform routing functionality.5.Both de facto and proprietary interior protocols are in use today. Which of the following is a proprietary interior protocol that chooses the b
6、est path between the source and destination?(分数:2.50)A.IGRPB.RIPC.BGPD.OSPF6.Which of the following categories of routing protocols builds a topology database of the network?(分数:2.50)A.DynamicB.Distance-vectorC.Link-stateD.Static7.Which of the following does not describe IP telephony security?(分数:2.
7、50)A.VoIP networks should be protected with the same security controls used on a data network.B.Softphones are more secure than IP phones.C.As endpoints, IP phones can become the target of attacks.D.The current Internet architecture over which voice is transmitted is less secure than physical phone
8、lines.8.When an organization splits naming zones, the names of its hosts that are only accessible from an intranet are hidden from the Internet. Which of the following best describes why this is done?(分数:2.50)A.To prevent attackers from accessing serversB.To prevent the manipulation of the hosts fil
9、eC.To avoid providing attackers with valuable information that can be used to prepare an attackD.To avoid providing attackers with information needed for cybersquatting9.Which of the following best describes why e-mail spoofing is easily executed?(分数:2.50)A.SMTP lacks an adequate authentication mech
10、anism.B.Administrators often forget to configure an SMTP server to prevent inbound SMTP connections for domains it doesn“t serve.C.Keyword filtering is technically obsolete.D.Blacklists are undependable.10.Which of the following is not a benefit of VoIP?(分数:2.50)A.CostB.ConvergenceC.FlexibilityD.Sec
11、urity11.Today, satellites are used to provide wireless connectivity between different locations. What two prerequisites are needed for two different locations to communicate via satellite links?(分数:2.50)A.They must be connected via a phone line and have access to a modem.B.They must be within the sa
12、tellite“s line of site and footprint.C.They must have broadband and a satellite in low Earth orbit.D.They must have a transponder and be within the satellite“s footprint.12.Brad is a security manager at Thingamabobs Inc. He is preparing a presentation for his company“s executives on the risks of usi
13、ng instant messaging (IM) and his reasons for wanting to prohibit its use on the company network. Which of the following should not be included in his presentation?(分数:2.50)A.Sensitive data and files can be transferred from system to system over IM.B.Users can receive informationincluding malwarefro
14、m an attacker posing as a legitimate sender.C.IM use can be stopped by simply blocking specific ports on the network firewalls.D.A security policy is needed specifying IM usage restrictions.13.There are several different types of authentication technologies. Which type is being shown in the graphic
15、that follows? (分数:2.50)A.802.1xB.Extensible Authentication ProtocolC.Frequency hopping spread spectrumD.Orthogonal frequency-division multiplexing14.What type of security encryption component is missing from the table that follows? (分数:2.50)A.Service Set IDB.Temporal Key Integrity ProtocolC.Ad hoc W
16、LAND.Open system authentication15.What type of technology is represented in the graphic that follows? (分数:2.50)A.Asynchronous Transfer ModeB.Synchronous Optical NetworksC.Frequency-division multiplexingD.Multiplexing16.What type of telecommunication technology is illustrated in the graphic that foll
17、ows? (分数:2.50)A.Digital Subscriber LineB.Integrated Services Digital NetworkC.BRI ISDND.Cable modem17.Which type of WAN tunneling protocol is missing from the table that follows? (分数:2.50)A.IPSecB.FDDIC.L2TPD.CSMA/CD18.IPv6 has many new and different characteristics and functionality compared to IPv
18、4. Which of the following is an incorrect functionality or characteristic of IPv6? . IPv6 allows for nonscoped addresses, which enables an administrator to restrict specific addresses for specific servers or file and print sharing, for example. . IPv6 has IPSec integrated into the protocol stack, wh
19、ich provides application-based secure transmission and authentication. . IPv6 has more flexibility and routing capabilities compared to IPv4 and allows for Quality of Service (QoS) priority values to be assigned to time sensitive transmissions. . The protocol offers auto configuration, which makes a
20、dministration much easier compared to IPv4, and it does not require network address translation (NAT) to extend its address space.(分数:2.50)A., B., C., D., 19.Hanna is a new security manager for a computer consulting company. She has found out that the company has lost intellectual property in the pa
21、st because malicious employees installed rogue devices on the network, which were used to capture sensitive traffic. Hanna needs to implement a solution that ensures only authorized devices are allowed access to the company network. Which of the following IEEE standards was developed for this type o
22、f protection?(分数:2.50)A.IEEE 802.1ARB.IEEE 802.1AEC.IEEE 802.1AFD.IEEE 802.1XR20.There are common cloud computing service models. _ usually requires companies to deploy their own operating systems, applications, and software onto the provided infrastructure, _ is the software environment that runs o
23、n top of the infrastructure. In the _ model the provider commonly gives the customers network-based access to a single copy of an application.(分数:2.50)A.Platform as a Service, Infrastructure as a Service, Software as a ServiceB.Platform as a Service, Platform as Software, Application as a ServiceC.I
24、nfrastructure as a Service, Application as a Service, Software as a ServiceD.Infrastructure as a Service, Platform as Software, Software as a Service21._ is a set of extensions to DNS that provides to DNS clients (resolvers) origin authentication of DNS data to reduce the threat of DNS poisoning, sp
25、oofing, and similar attack types.(分数:2.50)A.Resource recordsB.Zone transferC.DNSSECD.Resource transfer22.Which of the following best describes the difference between a virtual firewall that works in bridge mode versus one that is embedded into a hypervisor?(分数:2.50)A.Bridge-mode virtual firewall all
26、ows the firewall to monitor individual traffic links, and hypervisor integration allows the firewall to monitor all activities taking place within a host system.B.Bridge-mode virtual firewall allows the firewall to monitor individual network links, and hypervisor integration allows the firewall to m
27、onitor all activities taking place within a guest system.C.Bridge-mode virtual firewall allows the firewall to monitor individual traffic links, and hypervisor integration allows the firewall to monitor all activities taking place within a guest system.D.Bridge-mode virtual firewall allows the firew
28、all to monitor individual guest systems, and hypervisor integration allows the firewall to monitor all activities taking place within a network system.23.There are several components involved with steganography. Which of the following refers to a file that has hidden information in it?(分数:2.50)A.Ste
29、go-mediumB.Concealment cipherC.CarrierD.Payload24.Which of the following correctly describes the relationship between SSL and TLS?(分数:2.50)A.TLS is the open-community version of SSL.B.SSL can be modified by developers to expand the protocol“s capabilities.C.TLS is a proprietary protocol, while SSL i
30、s an open-community protocol.D.SSL is more extensible and backward compatible with TLS.25.Which of the following incorrectly describes steganography?(分数:2.50)A.It is a type of security through obscurity.B.Modifying the most significant bit is the most common method used.C.Steganography does not draw
31、 attention to itself like encryption does.D.Media files are ideal for steganographic transmission because of their large size.26.Which of the following correctly describes a drawback of symmetric key systems?(分数:2.50)A.Computationally less intensive than asymmetric systemsB.Work much more slowly tha
32、n asymmetric systemsC.Carry out mathematically intensive tasksD.Key must be delivered via secure courier27.Which of the following occurs in a PKI environment?(分数:2.50)A.The RA creates the certificate, and the CA signs it.B.The CA signs the certificate.C.The RA signs the certificate.D.The user signs
33、the certificate.28.Encryption can happen at different layers of an operating system and network stack, where does PPTP encryption take place?(分数:2.50)A.Data link layerB.Within applicationsC.Transport layerD.Data link and physical layers29.Which of the following correctly describes the difference bet
34、ween public key cryptography and public key infrastructure?(分数:2.50)A.Public key cryptography is the use of an asymmetric algorithm, while public key infrastructure is the use of a symmetric algorithm.B.Public key cryptography is used to create public/private key pairs, and public key infrastructure
35、 is used to perform key exchange and agreement.C.Public key cryptography provides authentication and nonrepudiation, while public key infrastructure provides confidentiality and integrity.D.Public key cryptography is another name for asymmetric cryptography, while public key infrastructure consists
36、of public key cryptographic mechanisms.30.Which of the following best describes Key Derivation Functions (KDFs)?(分数:2.50)A.Keys are generated from a master key.B.Session keys are generated from each other.C.Asymmetric cryptography is used to encrypt symmetric keys.D.A master key is generated from a
37、session key.31.An elliptic curve cryptosystem is an asymmetric algorithm. What sets it apart from other asymmetric algorithms?(分数:2.50)A.It provides digital signatures, secure key distribution, and encryption.B.It computes discrete logarithms in a finite field.C.It uses a larger percentage of resour
38、ces to carry out encryption.D.It is more efficient.32.If implemented properly, a one-time pad is a perfect encryption scheme. Which of the following incorrectly describes a requirement for implementation?(分数:2.50)A.The pad must be securely distributed and protected at its destination.B.The pad must
39、be made up of truly random values.C.The pad must always be the same length.D.The pad must be used only one time.33.Sally is responsible for key management within her organization. Which of the following incorrectly describes a principle of secure key management?(分数:2.50)A.Keys should be backed up or
40、 escrowed in case of emergencies.B.The more a key is used, the shorter its lifetime should be.C.Less secure data allows for a shorter key lifetime.D.Keys should be stored and transmitted by secure means.34.Mandy needs to calculate how many keys must be generated for the 260 employees using the compa
41、ny“s PKI asymmetric algorithm. How many keys are required?(分数:2.50)A.33,670B.520C.67,340D.26035.Which of the following works similarly to stream ciphers?(分数:2.50)A.One-time padB.AESC.BlockD.RSA36.There are two main types of symmetric ciphers: stream and block. Which of the following is not an attrib
42、ute of a good stream cipher?(分数:2.50)A.Statistically unbiased keystreamB.Statistically predictableC.Long periods of no repeating patternsD.Keystream not linearly related to key37.Which of the following best describes how a digital signature is created?(分数:2.50)A.The sender encrypts a message digest
43、with his private key.B.The sender encrypts a message digest with his public key.C.The receiver encrypts a message digest with his private key.D.The receiver encrypts a message digest with his public key.38.In cryptography, different steps and algorithms provide different types of security services.
44、Which of the following provides only authentication, nonrepudiation, and integrity?(分数:2.50)A.Encryption algorithmB.Hash algorithmC.Digital signatureD.Encryption paired with a digital signature39.Advanced Encryption Standard is an algorithm used for which of the following?(分数:2.50)A.Data integrityB.
45、Bulk data encryptionC.Key recoveryD.Distribution of symmetric keys40.SSL is a de facto protocol used for securing transactions that occur over untrusted networks. Which of the following best describes what takes place during an SSL connection setup process?(分数:2.50)A.The server creates a session key
46、 and encrypts it with a public key.B.The server creates a session key and encrypts it with a private key.C.The client creates a session key and encrypts it with a private key.D.The client creates a session key and encrypts it with a public key.计算机 CISSP 认证-4 答案解析(总分:100.00,做题时间:90 分钟)1.IP telephony
47、networks require the same security measures as those implemented on an IP data network. Which of the following is unique to IP telephony?(分数:2.50)A.Limiting IP sessions going through media gateways B.Identification of rogue devicesC.Implementation of authenticationD.Encryption of packets containing
48、sensitive information解析:解析 A 正确。媒体网关(media gateway)是不同电信网络之间的转译单元。VoIP(Voice over Internet Protocol)媒体网关将时分复用模式(Time Division Multiplexing, TDM)语音转换为 VoIP。作为一种安全措施,通过媒体网关的呼叫数量应该受到限制。否则,媒体网关很容易受拒绝服务攻击、劫持和其他类型的攻击。 B 不正确。因为识别 IP 电话和数据网络上的流氓设备很有必要。在 IP 电话网络上,很有必要专门寻找流氓 IP 电话和流氓软件电话。流氓意味着这些设备是未经授权的,因而它们不
49、受 IT 的管理和安全保护,会给网络带来额外的风险。数据网络上常见的流氓设备是无线接入点。流氓接入点会为未授权的用户提供进入该网络的入口。 C 不正确。因为在数据网络和语音网络中都推荐使用身份验证。在这两种网络中,身份验证允许对网络上的用户和设备进行注册,从而使管理员能在有人试图连接该网络时,验证他们的确是他们所声称的人。身份验证也允许管理员拒绝那些未经授权的用户和设备访问该网络。 D 不正确。因为敏感数据既可以通过语音网络传输也可以通过数据网络传输,但数据在这两种网络中传输时都被加密了。窃听(eavesdropping)是 VoIP 网络面临的一个非常现实的威胁。所有的销售会议、管理层会议、财务会议等都是通过电话进行的。这些会议上说的每句话都易遭受窃听。加密语音数据是保护这些敏感数据的最好方法之一。2.Cross-site scripting (XSS) is an application security vulnerability usually found in Web applications. What type of XSS vulnerability occurs when a victim is tricked into opening a URL programmed with a rog
