Match term to definition
1-283 of 283
Select a definition to match it with its term
A5-162
Two-factor authentication can be circumvented through which of the following attacks?
A. Denial-of-service B. Man-in-the-middle C. Key logging
D. Brute force
Give this one a go later!
, B is the correct answer. Justification:
A. A denial-of-service attack does not have a relationship to authentication.
B. A Man-in-the-middle attack is similar to piggybacking in that the attacker
pretends to be the legitimate destination, and then merely retransmits whatever is
sent by the authorized user along with additional transactions after authentication
has been accepted. This is done in many instances of bank fraud.
C. Key logging could circumvent single-factor authentication but not two-factor
authentication.
D. Brute force could circumvent single-factor authentication but not two-factor
authentication.
AS-174 To prevent Internet Protocol (IP) spoofing attacks, a firewall should be configured to
drop a packet for which the sender of a packet:
A. specifies the route that a packet should take through the network (the source routing field
is enabled).
B. puts multiple destination hosts (the destination field has a broadcast address).
C. indicates that the computer should immediately stop using the TCP connection (a reset
flag is turned on).
D. allows use of dynamic routing instead of static routing (Open Shortest Path First protocol
is enabled).
Give this one a go later!
A is the correct answer. Justification:
A. Internet Protocol (IP) spoofing takes advantage of the source-routing option in
the IP. With this option enabled, an attacker can insert a spoofed soorce IP
address. The packet will travel the network according to the information within the
source-routing field, bypassing the logic in each router, including dynamic and
static routing.
B. If a packet has a broadcast destination address, it is definitely suspicious and if
allowed to pass will be sent to all addresses in the subnet. This is not related to IP
spoofing.
C. Turning on the reset flag is part of the normal procedure to end a Transmission
, Control Protocol connection.
D. The use of dynamic or static routing will not represent a spoofing attack.
AS-127 An organization has experienced a large amount of traffic being re-routed from its
Voice-over Internet Protocol packet network. The organization believes it is a victim of
eavesdropping. Which of the following could result in eavesdropping ofVolP traffic?
A. Corruption of the Address Resolution Protocol cache in Ethernet switches
B. Use of a default administrator password on the analog phone switch
C. Deploying virtual local area networks without enabling encryption
D. End users having access to software tools such as packet sniffer applications
Give this one a go later!
A is the correct answer. Justification:
A. On an Ethernet switch there is a data table known as the Address Resolution
Protocol (ARP)
cache, which stores mappings between media access control and IP addresses.
During BOrm.aJ
operations, Ethernet switches only allow directed traffic to flow between the ports
involved in the conversation and no other ports can see that traffic. However, if
the ARP cache is intentionally corrupted with an ARP poisoning attack, some
Ethernet switches simply "flood" the directed traffic to all ports of the switch,
which could allow an attacker to monitor traffic not normally visible to the port
where the attacker was connected, and thereby eavesdrop on Voice-over Internet
Protocol (VoIP) traffic.
R VolP systems do not use analog switches and inadequate administrator security
controls would not be
an issue.
C. VolP data are not normally encrypted in a LAN environment because the
controls regarding VLA:N
security are adequate.
D.Mostsoftwaretoolssuchas packetsnifferscannotmakechangestoLAN
devices,suchas theVLAN
, configurationofanEthernetswitchusedforVolP'Therefore,theuseofsoftwareutilitiesof
thistype isnotarisk.
A5-156 The IS management ofa multinational company is considering upgrading its existing
virtual private network to support Voice-over Internet Protocol communication via tunneling.
Which of the following considerations should be PRIMARILY addressed?
A. Reliability and quality of service
B. Means of authentication
C. Privacy of voice transmissions
D. Confidentiality of data transmissions
Give this one a go later!
A is the correct answer. Justification:
A. Reliability and quality of service (QoS) are the primary considerations to be
addressed. Voice
communications require consistent levels of service, which may be provided
through QoS and class of service controls.
B. The company currently has a virtual private network (VPN); authentication has
been implemented by the VPN using tunneling.
C. Privacy ofvoice transmissions is provided by the VPN protocol.
D. The company currently has a VPN; confidentiality of both data and Voice-over
Internet Protocol traffic has been implemented by the VPN using tunneling.
A5-245 The computer security incident response team of an organization disseminates
detailed descriptions of recent threats. An IS auditor's GREATEST concern should be that the
users may:
A. use this information to launch attacks.
B. forward the security alert.
1-283 of 283
Select a definition to match it with its term
A5-162
Two-factor authentication can be circumvented through which of the following attacks?
A. Denial-of-service B. Man-in-the-middle C. Key logging
D. Brute force
Give this one a go later!
, B is the correct answer. Justification:
A. A denial-of-service attack does not have a relationship to authentication.
B. A Man-in-the-middle attack is similar to piggybacking in that the attacker
pretends to be the legitimate destination, and then merely retransmits whatever is
sent by the authorized user along with additional transactions after authentication
has been accepted. This is done in many instances of bank fraud.
C. Key logging could circumvent single-factor authentication but not two-factor
authentication.
D. Brute force could circumvent single-factor authentication but not two-factor
authentication.
AS-174 To prevent Internet Protocol (IP) spoofing attacks, a firewall should be configured to
drop a packet for which the sender of a packet:
A. specifies the route that a packet should take through the network (the source routing field
is enabled).
B. puts multiple destination hosts (the destination field has a broadcast address).
C. indicates that the computer should immediately stop using the TCP connection (a reset
flag is turned on).
D. allows use of dynamic routing instead of static routing (Open Shortest Path First protocol
is enabled).
Give this one a go later!
A is the correct answer. Justification:
A. Internet Protocol (IP) spoofing takes advantage of the source-routing option in
the IP. With this option enabled, an attacker can insert a spoofed soorce IP
address. The packet will travel the network according to the information within the
source-routing field, bypassing the logic in each router, including dynamic and
static routing.
B. If a packet has a broadcast destination address, it is definitely suspicious and if
allowed to pass will be sent to all addresses in the subnet. This is not related to IP
spoofing.
C. Turning on the reset flag is part of the normal procedure to end a Transmission
, Control Protocol connection.
D. The use of dynamic or static routing will not represent a spoofing attack.
AS-127 An organization has experienced a large amount of traffic being re-routed from its
Voice-over Internet Protocol packet network. The organization believes it is a victim of
eavesdropping. Which of the following could result in eavesdropping ofVolP traffic?
A. Corruption of the Address Resolution Protocol cache in Ethernet switches
B. Use of a default administrator password on the analog phone switch
C. Deploying virtual local area networks without enabling encryption
D. End users having access to software tools such as packet sniffer applications
Give this one a go later!
A is the correct answer. Justification:
A. On an Ethernet switch there is a data table known as the Address Resolution
Protocol (ARP)
cache, which stores mappings between media access control and IP addresses.
During BOrm.aJ
operations, Ethernet switches only allow directed traffic to flow between the ports
involved in the conversation and no other ports can see that traffic. However, if
the ARP cache is intentionally corrupted with an ARP poisoning attack, some
Ethernet switches simply "flood" the directed traffic to all ports of the switch,
which could allow an attacker to monitor traffic not normally visible to the port
where the attacker was connected, and thereby eavesdrop on Voice-over Internet
Protocol (VoIP) traffic.
R VolP systems do not use analog switches and inadequate administrator security
controls would not be
an issue.
C. VolP data are not normally encrypted in a LAN environment because the
controls regarding VLA:N
security are adequate.
D.Mostsoftwaretoolssuchas packetsnifferscannotmakechangestoLAN
devices,suchas theVLAN
, configurationofanEthernetswitchusedforVolP'Therefore,theuseofsoftwareutilitiesof
thistype isnotarisk.
A5-156 The IS management ofa multinational company is considering upgrading its existing
virtual private network to support Voice-over Internet Protocol communication via tunneling.
Which of the following considerations should be PRIMARILY addressed?
A. Reliability and quality of service
B. Means of authentication
C. Privacy of voice transmissions
D. Confidentiality of data transmissions
Give this one a go later!
A is the correct answer. Justification:
A. Reliability and quality of service (QoS) are the primary considerations to be
addressed. Voice
communications require consistent levels of service, which may be provided
through QoS and class of service controls.
B. The company currently has a virtual private network (VPN); authentication has
been implemented by the VPN using tunneling.
C. Privacy ofvoice transmissions is provided by the VPN protocol.
D. The company currently has a VPN; confidentiality of both data and Voice-over
Internet Protocol traffic has been implemented by the VPN using tunneling.
A5-245 The computer security incident response team of an organization disseminates
detailed descriptions of recent threats. An IS auditor's GREATEST concern should be that the
users may:
A. use this information to launch attacks.
B. forward the security alert.
