CISSP 电信题目.doc

通信安全知识域练习题1. Which of the following does not allow for a workstation to get an IP address assigned?a) BOOTPb) RARPc) DHCPd) ICMP2. A Wide Area Network (WAN) may be privately operated for a specific user community, may support multiple communication protocols, or may provide network connectivity and services via:a) interconnected network segments (extranets, internets, and Virtual Private Networks).b) interconnected netBIOS segments (extranets, intranets, and Virtual Private Networks).c) interconnected netBIOS segments (extranets, internets, and Virtual Private Networks).d) interconnected network segments (extranets, intranets, and Virtual Private Networks).3. A proxy server should:a) Be connected directly to the external network.b) Have routing enabled.c) Be located behind a firewall.d) Allow access from external clients.4. Which of the following is true of Network-based ID systems?a) They commonly reside on a discrete network segment and monitor the traffic on that network segment.b) They commonly will not reside on a discrete network segment and monitor the traffic on that network segment.c) They commonly reside on a discrete network segment but do not monitor the traffic on that network segment.d) They commonly do not reside on a discrete network segment and monitor the traffic on that network segment.5. Which of the following error correction methods is more effective when bursts of errors may be present?a) Parity checkb) Cyclic redundancy checkc) Block sum checkd) Block chaining check6. Which of the following describe elements that create reliability and stability in networks and systems and which assures that connectivity is accessible when needed?a) Availabilityb) Acceptabilityc) confidentialityd) Integrity7. In stateful inspection firewalls, packets are queued and then:a) accessed at only one Open Systems Interconnect (OSI) layer.b) analyzed at all Open Systems Interconnect (OSI) layers.c) decapsulated at all Open Systems Interconnect (OSI) layers.d) encapsulated at all Open Systems Interconnect (OSI) layers.8. There is no good logical reason for not using a DMZ:a) If a company decides not to use one, they are ignorant of security risks or theyre just careless.b) If a company decides not to use one, they must have no Extranet connectionsc) If a company decides to use one, they must have only wireless connections.d) If a company decides not to use one, they HAVE A GOOD REASON as DMZ are useless9. Which cable technology refers to the CAT3 and CAT5 categories?a) Coaxial cablesb) Fiber Optic cablesc) Axial cablesd) Twisted Pair cables10. Which backup method is used if time and tape space is at an extreme premium?a) Incremental backup method.b) Differential backup method.c) Full backup method.d) Tape backup method.D D C A B A B A D A11. A TCP SYN attack:a) requires a synchronized effort by multiple attackers.b) takes advantage of the way a TCP session is established.c) may result in elevation of privileges.d) is not something system users would notice.B12. How would an IP spoofing attack be best classified?a) Session hijacking attackb) Passive attackc) Fragmentation attackd) Sniffing attackA13. Which of the following NAT firewall translation modes allows a large group of internal clients to share a single or small group of internal IP addresses for the purpose of hiding their identities?a) Static translationb) Load balancing translationc) Network redundancy translationd) Dynamic translationD14. The general philosophy for DMZs is that:a) any system on the DMZ can be compromized because its accessible from the Internet.b) any system on the DMZ cannot be compromized because its not accessible from the Internet.c) some systems on the DMZ can be compromized because they are accessible from the Internet.d) any system on the DMZ cannot be compromized because its by definition 100 percent safe and not accessible from the Internet.A15. A packet filtering firewall looks at the data packet to get information about the source and destination addresses of an incoming packet, the sessions communications protocol (TCP, UDP, or ICMP), and the source and destination application port for the:a) desired service.b) dedicated service.c) delayed service.d) distributed service.A16. CAT3 is an older specification with a:a) longer effective distance.b) shorter effective distance.c) longer effective strength.d) higher EMI protection.B17. Which of the following is true related to network sniffing?a) Sniffers allow an attacker to monitor data passing across a network.b) Sniffers alter the source address of a computer to disguise and exploit weak authentication methods.c) Sniffers take over network connections.d) Sniffers send IP fragments to a system that overlap with each other.A18. Which of the following includes notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incidents effects?a) Intrusion Evaluation (IE) and Responseb) Intrusion Recognition (IR) and Responsec) Intrusion Protection (IP) and Responsed) Intrusion Detection (ID) and Response.D19. Which of the following offers security to wireless communications?a) S-WAPb) WTLSc) WSPd) WDPB20. Application Level Firewalls operate at the:a) OSI protocol Layer seven, the Application Layer.b) OSI protocol Layer six, the Presentation Layer.c) OSI protocol Layer five, the Session Layer.d) OSI protocol Layer four, the Transport Layer.A21. Which of the following technologies has been developed to support TCP/IP networking over low-speed serial interfaces?a) ISDNb) SLIPc) xDSLd) T1B22. Which protocol is used for the writing of graphical user interface-based client/server applications?a) X Window.b) Motifc) OpenLookd) GnomeA23. How do you distinguish between a bridge and a router?a) A bridge simply connects multiple networks, a router examines each packet to determine which network to forward it to.b) Bridge and router are synonyms for equipment used to join two networksc) The bridge is a specific type of router used to connect a LAN to the global Internetd) The bridge connects two networks at the link layer, while router connects two networks at the network layer.D24. Which of the following best defines source routing?a) The packets hold the forwarding information so they dont need bridges and routers to find their way to the destination.b) The packets hold source information in a fashion that source address cannot be forged.c) The packets are encapsulated to conceal source information.d) The packets hold information about redundant paths in order to provide a higher reliability.A25. Which of the following can be defined as the task of monitoring systems for evidence of an intrusion or an inappropriate usage?a) Intrusion Detection (ID) and Responseb) Intrusion Evaluation (IE) and Responsec) Intrusion Protection (IP) and Responsed) Intrusion Recognition (IR) and ResponseA26. What is the maximum length for a twisted-pair, Category 5 10Base-T cable?a) 80 metersb) 100 metersc) 185 metersd) 500 metersB27. What is a decrease in amplitude as a signal propagates along a transmission medium best known as?a) Crosstalkb) Noisec) Delay distortiond) AttenuationD28. Which backup method does not reset the archive bit on files that are backed up?a) Full backup methodb) Incremental backup methodc) Differential backup methodd) Additive backup methodC29. Which of the following OSI layers provides routing and related services?a) Network.b) Presentationc) Sessiond) PhysicalA30. Which SSL version offers client-side authentication?a) SSL v1b) SSL v2c) SSL v3d) SSL v4C31. Which of the following protocols is used by the Internet?a) SNAb) DECnetc) TCP/IPd) MAPC32. When RAID runs as part of the operating system on the file server, it is an example of a:a) software implementationb) hardware implementation.c) network implementation.d) server implementation.A33. Which of the following is a token-passing scheme like token ring that also has a second ring that remains dormant until an error condition is detected on the primary ring?a) Fiber Distributed Data Interface (FDDI).b) Fiber Distributed Database Interface (FDDI).c) Fiber Dual Data Interface (FDDI).d) Fiber Designated Data Interface (FDDI).A34. The IP header contains a protocol field. If this field contains the value of 17, what type of data is contained within the ip datagram?a) TCPb) ICMPc) UDPd) IGMPC35. Which layer of the OSI/ISO model handles physical addressing, network topology, line discipline, error notification, orderly delivery of frames, and optional flow control?a) Physicalb) Data linkc) Networkd) SessionB36. Which technique is specifically a weakness of callback systems?a) between-the-lines entryb) spoofingc) call forwardingd) social engineeringC37. Which of the following firewall implementations is the most secure?a) Dual-homed host firewallb) Packet filtering firewallc) Screened subnet firewalld) Screened host firewallC38. Intrusion detection has which of the following sets of characteristics?a) It is adaptive rather than preventative.b) It is administrative rather than preventative.c) It is disruptive rather than preventative.d) It is detective rather than preventative.D39. With Token ring, a NIC that is set to the wrong speed or is in an error state:a) can bring down part of the ring.b) can bring down the ring which is controlling the beacon signal.c) can eliminate the backup token.d) can bring down the entire ring.D40. Which of the following is an advantage that UDP has over TCP?a) UDP is connection-oriented whereas TCP is not.b) UDP is more reliable than TCP.c) UDP is faster than TCP.d) UDP makes a better effort to deliver packets.C41. Which of the following transmission media would NOT be affected by cross talk or interference?a) Coaxial cablesb) Shielded twisted pairs (STP)c) Satellite radiolink systemsd) Fiber optic cablesD42. RAID Level 15 is created by combining which of the following?a) level 1 (mirroring) with level 5 (interleave).b) level 0 (striping) with level 5 (interleave).c) level 2 (hamming) with level 5 (interleave).d) level 10 (striping and mirroring) with level 5 (interleave).A43. Which layer of the TCP/IP protocol stack corresponds to the ISO/OSI Network layer (layer 3)?a) Host-to-host layerb) Internet layerc) Network access layerd) Session layerB44. Which of the following remote access authentication systems is the most robust?a) TACACS+b) RADIUSc) PAPd) TACACSA45. Which of the following protocols primary function is to send messages between network devices regarding the health of the network?a) Reverse Address Resolution Protocol (RARP).b) Address Resolution Protocol (ARP).c) Internet Protocol (IP).d) Internet Control Message protocol (ICMP).D46. Unshielded (UTP) does not require the fixed spacing between