【计算机类职业资格】CISSP认证考试（通信安全与网络安全）-试卷1及答案解析.doc

《【计算机类职业资格】CISSP认证考试（通信安全与网络安全）-试卷1及答案解析.doc》由会员分享，可在线阅读，更多相关《【计算机类职业资格】CISSP认证考试（通信安全与网络安全）-试卷1及答案解析.doc（20页珍藏版）》请在麦多课文档分享上搜索。

1、CISSP认证考试（通信安全与网络安全）-试卷 1及答案解析(总分：60.00，做题时间：90 分钟)1.Layer 2 of the OSI model has two sublayers. What are those sublayers, and what are two IEEE standards that describe technologies at that layer?（分数：2.00）A.LCL and MAC; IEEE 802.2 and 802.3B.LCL and MAC; IEEE 802.1 and 802.3C.Network and MAC; IEEE 8

2、02.1 and 802.3D.LLC and MAC; IEEE 802.2 and 802.32.Which of the following is not an effective countermeasure against spam?（分数：2.00）A.Open mail relay serversB.Properly configured mail relay serversC.Filtering on an e-mail gatewayD.Filtering on the client3.Robert is responsible for implementing a comm

3、on architecture used when customers need to access confidential information through Internet connections. Which of the following best describes this type of architecture?（分数：2.00）A.Two-tiered modelB.Screened subnetC.Three-tiered modelD.Public and private DNS zones4.Two commonly used networking proto

4、cols are TCP and UPD. Which of the following correctly describes the two?（分数：2.00）A.TCP provides best-effort delivery, and UDP sets up a virtual connection with the destination.B.TCP provides more services and is more reliable in data transmission, whereas UDP takes less resources and overhead to tr

5、ansmit data.C.TCP provides more services and is more reliable, but UDP provides more security services.D.TCP is reliable, and UDP deals with flow control and ACKs.5.Which of the following indicates to a packet where to go and how to communicate with the right service or protocol on the destination c

6、omputer?（分数：2.00）A.SocketB.IP addressC.PortD.Frame6.Several different tunneling protocols can be used in dial-up situations. Which of the following would be best to use as a VPN tunneling solution?（分数：2.00）A.L2PB.PPTPC.IPSecD.L2TP7.Which of the following correctly describes Bluejacking?（分数：2.00）A.Bl

7、uejacking is a harmful, malicious attack.B.It is the process of taking over another portable device via a Bluetoothenabled device.C.It is commonly used to send contact information.D.The term was coined by the use of a Bluetooth device and the act of hijacking another device.8.DNS is a popular target

8、 for attackers due to its strategic role on the Internet. What type of attack uses recursive queries to poison the cache of a DNS server?（分数：2.00）A.DNS spoofingB.Manipulation of the hosts fileC.Social engineeringD.Domain litigation9.IP telephony networks require the same security measures as those i

9、mplemented on an IP data network. Which of the following is unique to IP telephony?（分数：2.00）A.Limiting IP sessions going through media gatewaysB.Identification of rogue devicesC.Implementation of authenticationD.Encryption of packets containing sensitive information10.Cross-site scripting (XSS) is a

10、n application security vulnerability usually found in Web applications. What type of XSS vulnerability occurs when a victim is tricked into opening a URL programmed with a rogue script to steal sensitive information?（分数：2.00）A.Persistent XSS vulnerabilityB.Nonpersistent XSS vulnerabilityC.Second-ord

11、er vulnerabilityD.DOM-based vulnerability11.Angela wants to group together computers by department to make it easier for them to share network resources. Which of the following will allow her to group computers logically?（分数：2.00）A.VLANB.Open network architectureC.IntranetD.VAN12.Which of the follow

12、ing incorrectly describes how routing commonly takes place on the Internet?（分数：2.00）A.EGP is used in the areas “between“ each AS.B.Regions of nodes that share characteristics and behaviors are called ASs.C.CAs are specific nodes that are responsible for routing to nodes outside of their region.D.Eac

13、h AS uses IGP to perform routing functionality.13.Both de facto and proprietary interior protocols are in use today. Which of the following is a proprietary interior protocol that chooses the best path between the source and destination?（分数：2.00）A.IGRPB.RIPC.BGPD.OSPF14.Which of the following catego

14、ries of routing protocols builds a topology database of the network?（分数：2.00）A.DynamicB.Distance-vectorC.Link-stateD.Static15.Which of the following does not describe IP telephony security?（分数：2.00）A.VoIP networks should be protected with the same security controls used on a data network.B.Softphone

15、s are more secure than IP phones.C.As endpoints, IP phones can become the target of attacks.D.The current Internet architecture over which voice is transmitted is less secure than physical phone lines.16.When an organization splits naming zones, the names of its hosts that are only accessible from a

16、n intranet are hidden from the Internet. Which of the following best describes why this is done?（分数：2.00）A.To prevent attackers from accessing serversB.To prevent the manipulation of the hosts fileC.To avoid providing attackers with valuable information that can be used to prepare an attackD.To avoi

17、d providing attackers with information needed for cybersquatting17.Which of the following best describes why e-mail spoofing is easily executed?（分数：2.00）A.SMTP lacks an adequate authentication mechanism.B.Administrators often forget to configure an SMTP server to prevent inbound SMTP connections for

18、 domains it doesnt serve.C.Keyword filtering is technically obsolete.D.Blacklists are undependable.18.Which of the following is not a benefit of VoIP?（分数：2.00）A.CostB.ConvergenceC.FlexibilityD.Security19.Today, satellites are used to provide wireless connectivity between different locations. What tw

19、o prerequisites are needed for two different locations to communicate via satellite links?（分数：2.00）A.They must be connected via a phone line and have access to a modem.B.They must be within the satellites line of site and footprint.C.They must have broadband and a satellite in low Earth orbit.D.They

20、 must have a transponder and be within the satellites footprint.20.Brad is a security manager at Thingamabobs Inc. He is preparing a presentation for his companys executives on the risks of using instant messaging (IM) and his reasons for wanting to prohibit its use on the company network. Which of

21、the following should not be included in his presentation?（分数：2.00）A.Sensitive data and files can be transferred from system to system over IM.B.Users can receive informationincluding malwarefrom an attacker posing as a legitimate sender.C.IM use can be stopped by simply blocking specific ports on th

22、e network firewalls.D.A security policy is needed specifying IM usage restrictions.21.There are several different types of authentication technologies. Which type is being shown in the graphic that follows? （分数：2.00）A.802. lxB.Extensible Authentication ProtocolC.Frequency hopping spread spectrumD.Or

23、thogonal frequency-division multiplexing22.What type of security encryption component is missing from the table that follows? （分数：2.00）A.Service Set IDB.Temporal Key Integrity ProtocolC.Ad hoc WLAND.Open system authentication23.What type of technology is represented in the graphic that follows? （分数：

24、2.00）A.Asynchronous Transfer ModeB.Synchronous Optical NetworksC.Frequency-division multiplexingD.Multiplexing24.What type of telecommunication technology is illustrated in the graphic that follows?（分数：2.00）A.Digital Subscriber LineB.Integrated Services Digital NetworkC.BRI ISDND.Cable modem25.Which

25、 type of WAN tunneling protocol is missing from the table that follows? （分数：2.00）A.IPSecB.FDDIC.L2TPD.CSMA/CD26.IPv6 has many new and different characteristics and functionality compared to IPv4. Which of the following is an incorrect functionality or characteristic of IPv6? i. IPv6 allows for nonsc

26、oped addresses, which enables an administrator to restrict specific addresses for specific servers or file and print sharing, for example. ii. IPv6 has IPSec integrated into the protocol stack, which provides application-based secure transmission and authentication, iii. IPv6 has more flexibility an

27、d routing capabilities compared to IPv4 and allows for Quality of Service (QoS) priority values to be assigned to timesensitive transmissions. iv. The protocol offers autoconfiguration, which makes administration much easier compared to IPv4, and it does not require network address translation (NAT)

28、 to extend its address space.（分数：2.00）A.i, iiiB.i, iiC.ii, iiiD.ii, iv27.Hanna is a new security manager for a computer consulting company. She has found out that the company has lost intellectual property in the past because malicious employees installed rogue devices on the network, which were use

29、d to capture sensitive traffic. Hanna needs to implement a solution that ensures only authorized devices are allowed access to the company network. Which of the following IEEE standards was developed for this type of protection?（分数：2.00）A.IEEE 802.1ARB.IEEE 802.1 AEC.IEEE 802.1 AFD.IEEE 802.1 XR28.T

30、here are common cloud computing service models._ usually requires companies to deploy their own operating systems, applications, and software onto the provided infrastructure._is the software environment that runs on top of the infrastructure. In the _model the provider commonly gives the customers

31、network-based access to a single copy of an application.（分数：2.00）A.Platform as a Service, Infrastructure as a Service, Software as a ServiceB.Platform as a Service, Platform as Software, Application as a ServiceC.Infrastructure as a Service, Application as a Service, Software as a ServiceD.Infrastru

32、cture as a Service, Platform as Software, Software as a Service29._is a set of extensions to DNS that provides to DNS clients (resolvers) origin authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attack types.（分数：2.00）A.Resource recordsB.Zone transferC.DNSSECD.Re

33、source transfer30.Which of the following best describes the difference between a virtual firewall that works in bridge mode versus one that is embedded into a hypervisor?（分数：2.00）A.Bridge-mode virtual firewall allows the firewall to monitor individual traffic links, and hypervisor integration allows

34、 the firewall to monitor all activities taking place within a host system.B.Bridge-mode virtual firewall allows the firewall to monitor individual network links, and hypervisor integration allows the firewall to monitor all activities taking place within a guest system.C.Bridge-mode virtual firewall

35、 allows the firewall to monitor individual traffic links, and hypervisor integration allows the firewall to monitor all activities taking place within a guest system.D.Bridge-mode virtual firewall allows the firewall to monitor individual guest systems, and hypervisor integration allows the firewall

36、 to monitor all activities taking place within a network system.CISSP认证考试（通信安全与网络安全）-试卷 1答案解析(总分：60.00，做题时间：90 分钟)1.Layer 2 of the OSI model has two sublayers. What are those sublayers, and what are two IEEE standards that describe technologies at that layer?（分数：2.00）A.LCL and MAC; IEEE 802.2 and 80

37、2.3B.LCL and MAC; IEEE 802.1 and 802.3C.Network and MAC; IEEE 802.1 and 802.3D.LLC and MAC; IEEE 802.2 and 802.3 解析：解析：D 正确。OSI 模型的数据链路层(Data Link Layer)(即第 2层)负责为数据包添加头和尾，为数据包可以转换为适合于局域网和广域网线路传输的二进制格式做准备。第 2层可以分为两个功能子层，上子层是逻辑链路控制(Logical Link Control，LLC)子层，并在 IEEE 8022 规范中定义，它与数据链路层之上的网络层(NetworkL

38、ayer)通信。LLC 下面是介质访问控制层(Media Access Control，MAC)，它按物理层协议的要求描述了网络接口。因此，这一层的规格取决于物理层的技术。以太网的 IEEE MAC格式是 8023，令牌环是 8025，无线 LAN是 80211，等等。所以，当你看到对 IEEE标准的引用时，如80211 或 80216，它指的是在协议堆栈中数据链路层中的 MAC子层工作的协议。 A 不正确。因为 LCL是一个干扰项。数据链路层上的子层的名称首字母大写缩写形式是 LLC，它代表逻辑链路控制。通过提供多路复用和流量控制机制，LLC 允许网络协议在多点网络中并存，并通过同一网络介质

39、进行传输。 B 不正确。因为 LCL是一个干扰项。数据链路层的子层是逻辑链路控制层和介质访问控制层。此外，LLC 是在IEEE 8022 规范中定义的，而不是在 IEEE 8021 规范中。IEEE 8021 规范与 MAC和 LLC层上面的协议层有关。它解决了 LANMAN 体系结构、网络管理、LAN 和 WAN之间的互联以及链接安全等问题。 C 不正确。因为网络不是数据链路层的子层。数据链路层的子层是逻辑链路控制层和介质访问控制层。LLC 位于网络层(数据链路层上面紧挨的一层)和 MAC子层之间。另外，LLC 是在 IEEE 8022 规范中定义的，而不是在 IEEE 8021 规范中。正

40、如前面的解释，IEEE 8021 标准解决了 LANMAN 体系结构、网络管理、LAN和 WAN之间的互联以及链接安全等问题。IEEE 8021 的 4个主动工作组是：网络互连(Internetworking)、安全(Security)、音频视频桥接(AudioVideoBridging)和数据中心桥接(Data Center Bridging)。2.Which of the following is not an effective countermeasure against spam?（分数：2.00）A.Open mail relay servers B.Properly config

41、ured mail relay serversC.Filtering on an e-mail gatewayD.Filtering on the client解析：解析：A 正确。开放邮件中继服务器并不是抵制垃圾邮件的有效对策。实际上，垃圾邮件发送者经常用它们来发送垃圾邮件，因为它们允许攻击者掩藏他们的身份。开放邮件中继服务器是一个 SMTP服务器，它被配置成允许来自任何人的入站 SMTP请求以及到 Internet上任何人的 SMTP请求。这就是最初的Internet工作方式，但是现在许多中继都已经得到合理配置，能够防止攻击者利用它们来发送垃圾邮件或者色情邮件。 B 不正确。因为配置合理的

42、邮件中继服务器仅允许从已知用户发送或接收邮件。封闭的邮件中继服务器使用这种方式防止了垃圾邮件的散布。为了成为封闭的邮件中继服务器，SMTP 服务器应该设置成可以从本地 IP地址到本地信箱、从本地 IP地址到非本地信箱、从已知且可信的 IP地址到本地信箱、从已通过身份验证和授权的用户那里接收和转发邮件。开放服务器被认为是对系统缺乏管理所致的结果。 C 不正确。因为在电子邮件网关处使用垃圾邮件过滤器是抵制垃圾邮件最常见的对策。这样做有助于保护网络和服务器容量，减少合法电子邮件被丢弃的风险，并且还能节约用户时间。目前有大量基于各种算法的商业垃圾邮件过滤器可供使用。这种过滤软件以接收到的邮件作为输入，

43、然后或者原封不动地将邮件转发给收件人，或者将该信息重定向发到别处，或者丢弃该信息。 D 不正确。因为位于客户端的过滤是抵制垃圾邮件的一个对策。实际上，过滤既可以发生在网关(这是最常用的方法)，也可以发生在电子邮件服务器上或者客户端。同样，过滤方法也有多种。基于关键词的过滤曾经是一个非常流行的方法，但现在也已经过时了，因为很容易 m现误报情况，并且垃圾邮件发送者可以很容易地绕过它们。现在使用的过滤器更为复杂，比如基于统计分析或者基于电子邮件流量模式分析的过滤器。3.Robert is responsible for implementing a common architecture used

44、when customers need to access confidential information through Internet connections. Which of the following best describes this type of architecture?（分数：2.00）A.Two-tiered modelB.Screened subnetC.Three-tiered model D.Public and private DNS zones解析：解析：C 正确。当前许多电子商务的体系结构都采用三层体系结构的方法。这种三层的体系结构是客户机服务器体系结

45、构，其中用户界面、功能进程逻辑(functionalprocess logic)和数据存储往往在不同的平台上作为独立开发和维护的组件而运行。这种三层体系结构的模块化使得三层中的任何一层都可以在不影响其他两层的情况下，根据需要进行升级或修改。在电子商务中，表示层是与用户进行交互的前端 Web服务器。它既能提供静态内容，又能提供缓存的动态内容。业务逻辑层是请求进行格式化和处理的地方。它通常是一个动态内容处理和生成级别的应用程序服务器。数据存储是保留敏感数据的地方。它是一个后台数据库，其中既有数据，又有管理并为这些数据提供访问的数据库管理系统软件。这些独立的层可以通过中间件连接起来，也可在各自的物理

46、服务器上运行。 A 不正确。因为两层模型或客户机服务器描述的是服务器向一个或者多个请求服务的客户提供服务的体系结构。目前许多商业应用程序和Internet协议都使用这种客户机服务器模型。这种体系结构使用两个系统：一个客户端；一个服务器。客户端是一层，服务器是另一层，因此叫两层体系结构。客户端软件的每个实例都与一个或者多个服务器相连。客户端把信息请求发送给服务器，服务器处理这个请求后把数据返还给客户端。对来自Internet的请求而言，三层体系结构是一种更好的保护敏感信息的方法。它比两层模型多一层，攻击者要想访问位于后台服务器的敏感数据必须经过这一层。 B 不正确。因为屏蔽的主机体系结构意味着服

47、务器受到防火墙的保护，这在本质上属于一层的体系结构。一个外部的、面向公众的防火墙将屏蔽掉来自诸如 Internet等不可信网络上的请求。如果这一层(即唯一的防火墙)被攻破的话，攻击者就能相当容易地访问位于服务器上的敏感数据。 D 不正确。因为虽然把 DNS服务器分为公共服务器和私人服务器能够提供一定的保护，但它却不是能实现本问题中所提出的目标的真正的体系结构。组织应该把 DNS分开(公共和私人)，这意味着在 DMZ中的 DNS服务器用于处理外部决议请求，而内部 DNS服务器仅处理内部请求。这有助于确保内部 DNS拥有保护层，不至于暴露给 Internet连接。4.Two commonly us

48、ed networking protocols are TCP and UPD. Which of the following correctly describes the two?（分数：2.00）A.TCP provides best-effort delivery, and UDP sets up a virtual connection with the destination.B.TCP provides more services and is more reliable in data transmission, whereas UDP takes less resources

49、 and overhead to transmit data. C.TCP provides more services and is more reliable, but UDP provides more security services.D.TCP is reliable, and UDP deals with flow control and ACKs.解析：解析：B 正确。TCPIP 堆栈中工作在传输层的两个主要协议是 TCP和 UDP。TCP 是一个可靠的面向连接的协议，这意味着它可以确保数据包一定会被传递到目标计算机。如果数据包在传输过程中丢失了，TCP有能力确认这个问题，并重新发送这个丢失或受损的数据包。TCP 之所以被称为面向连接的协议，是因为在用户数据被真正发送之前，想要通信的两个系统之间会握手。一旦握手成功完成，两个系统之间便建立了一个虚拟连接。UDP 被认为是一个无连接的协议，因为它不经历这些步骤。相反，UDP 在不联系目标计算机的情况下便发出消息，它也不知道数据包是被正确接收了还是被丢弃了。TCP 提供了一个全双工的、可靠的通信机制。如果有数据包丢失或遭破坏，那些数据包会被重新发送。然而，与 UDP相比，TCP需要很多的系统开销。如有程序员知道在传输过