Since the application layer firewall makes decisions based on application-layer information in the packet, it operates at the application layer of the OSI stack. "OSI protocol layer 6, the presentation layer" is incorrect. The application layer firewall must have access to the application layer information in the packet and therefore operates at the application layer. "OSI protocol layer 5, the session layer" is incorrect. The application layer firewall must have access to the application layer information in the packet and therefore operates at the application layer. "OSI protocol layer 4, the transport layer" is incorrect. The application layer firewall must have access to the application layer information in the packet and therefore operates at the application layer. References: CBK, p. 467 AIO3, pp.488 - 490
Question 513
If any server in the cluster crashes, processing continues transparently, however, the cluster suffers some performance degradation. This implementation is sometimes called a:
Correct Answer: A
Section: Network and Telecommunications Explanation/Reference: If any server in the cluster crashes, processing continues transparently, however, the cluster suffers some performance degradation. This implementation is sometimes called a "server farm." Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 67.
Question 514
What is NOT true about a one-way hashing function?
Correct Answer: A
A one way hashing function can only be use for the integrity of a message and not for authentication or confidentiality. Because the hash creates just a fingerprint of the message which cannot be reversed and it is also very difficult to create a second message with the same hash. A hash by itself does not provide Authentication. It only provides a weak form or integrity. It would be possible for an attacker to perform a Man-In-The-Middle attack where both the hash and the digest could be changed without the receiver knowing it. A hash combined with your session key will produce a Message Authentication Code (MAC) which will provide you with both authentication of the source and integrity. It is sometimes referred to as a Keyed Hash. A hash encrypted with the sender private key produce a Digital Signature which provide authentication, but not the hash by itself. Hashing functions by themselves such as MD5, SHA1, SHA2, SHA-3 does not provide authentication. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001, Page 548
Question 515
Which of the following is true about link encryption?
Correct Answer: C
Section: Network and Telecommunications Explanation/Reference: In link encryption, each entity has keys in common with its two neighboring nodes in the transmission chain. Thus, a node receives the encrypted message from its predecessor, decrypts it, and then re-encrypts it with a new key, common to the successor node. Obviously, this mode does not provide protection if anyone of the nodes along the transmission path is compromised. Encryption can be performed at different communication levels, each with different types of protection and implications. Two general modes of encryption implementation are link encryption and end-to-end encryption. Link encryption encrypts all the data along a specific communication path, as in a satellite link, T3 line, or telephone circuit. Not only is the user information encrypted, but the header, trailers, addresses, and routing data that are part of the packets are also encrypted. The only traffic not encrypted in this technology is the data link control messaging information, which includes instructions and parameters that the different link devices use to synchronize communication methods. Link encryption provides protection against packet sniffers and eavesdroppers. In end-to-end encryption, the headers, addresses, routing, and trailer information are not encrypted, enabling attackers to learn more about a captured packet and where it is headed. Reference(s) used for this question: Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (pp. 845-846). McGraw-Hill. And: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 132).
Question 516
All of the following can be considered essential business functions that should be identified when creating a Business Impact Analysis (BIA) except one. Which of the following would not be considered an essential element of the BIA but an important TOPIC to include within the BCP plan:
Correct Answer: C
Public Relations, although important to a company, is not listed as an essential business function that should be identified and have loss criteria developed for. All other entries are considered essential and should be identified and have loss criteria developed. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, chapter 9: Disaster Recovery and Business continuity (page 598).