CertiGuide to Security+ - Getting Ready for Chapter 3

WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Read this whole guide offline with no ads, for a low price!

Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!

Get It Here!

CertiGuide to Security+
9 Chapter 3: Infrastructure Security (Domain 3.0; 20%)

Getting Ready for Chapter 3 - Questions

3.0 Infrastructure Security

Getting Ready for Chapter 3 - Answers

1. If you wish to allow only certain departments to surf the Internet you would set up a firewall .

Explanation: In the real-world differences in products are blurring. "Building the Perfect Box" -- Information Security October 2002 Page 16... A circuit level firewall will allow application access control. This may be included in some proxy servers.

2. A router operates on layer 3. This means a packet sniffer can access only the subnet that the packet snifer exists on .

Explanation: A router performs by directing IP traffic based on source and destination IP addresses. That would limit sniffing to the sub network area. If the packet sniffer is at the router, it can monitor everything that moves through the router. (Of course, if a cracker can manipulate the router to route additional traffic over to the subnet the cracker has compromised, that traffic can be seen as well. The key is that the packets have to be passing through the subnet on which the sniffer is installed.)

3. A subnet can be isolated from sniffing either a switch or a router .

Explanation: While a router will limit exposure via directed IP traffic, a switch will screen to the sub-net level by using MAC addresses. Do be aware that deploying switches does not make you totally immune to sniffing, as switches were not designed to segment traffic for security reasons, and many have at least one vulnerability that reduces their effectiveness for security.

4. A modem that is not part of the "official" modem pool in a firm is susceptible to war dialing .

Explanation: This is a very old form of hacking that is beginning to rise in popularity again. It is trivially easy to find a freeware program to dial numbers to log phone numbers that have modems attached, then checking to see if the connection has a back door. Such a modem could potentially be used by an attacker to bypass restrictions in place at the organization's official dial-ins or their Internet firewall.

5. The technology that enables the use of one-time passwords or pass phrases is called smartcards .

Explanation: Smart cards and other access tokens rely on one-time-only passwords, challenge-response phrases or public-key security to dramatically increase authentication strength

Getting Ready for Chapter 3 - Questions

3.0 Infrastructure Security

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!

Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.