Which of the following protocols that provide integrity and authentication for IPSec, can also provide non- repudiation in IPSec?
Correct Answer: A
Section: Cryptography Explanation/Reference: As per the RFC in reference, the Authentication Header (AH) protocol is a mechanism for providing strong integrity and authentication for IP datagrams. It might also provide non-repudiation, depending on which cryptographic algorithm is used and how keying is performed. For example, use of an asymmetric digital signature algorithm, such as RSA, could provide non-repudiation. from a cryptography point of view, so we will cover it from a VPN point of view here. IPSec is a suite of protocols that was developed to specifically protect IP traffic. IPv4 does not have any integrated security, so IPSec was developed to bolt onto IP and secure the data the protocol transmits. Where PPTP and L2TP work at the data link layer, IPSec works at the network layer of the OSI model. The main protocols that make up the IPSec suite and their basic functionality are as follows: A. Authentication Header (AH) provides data integrity, data origin authentication, and protection from replay attacks. B. Encapsulating Security Payload (ESP) provides confidentiality, data-origin authentication, and data integrity. C. Internet Security Association and Key Management Protocol (ISAKMP) provides a framework for security association creation and key exchange. D. Internet Key Exchange (IKE) provides authenticated keying material for use with ISAKMP. The following are incorrect answers: ESP is a mechanism for providing integrity and confidentiality to IP datagrams. It may also provide authentication, depending on which lgorithm and algorithm mode are used. Non-repudiation and protection from traffic analysis are not provided by ESP (RFC 1827). SSL is a secure protocol used for transmitting private information over the Internet. It works by using a public key to encrypt data that is transferred of the SSL connection. OIG 2007, page 976 SSH-2 is a secure, efficient, and portable version of SSH (Secure Shell) which is a secure replacement for telnet. Reference(s) used for this question: Shon Harris, CISSP All In One, 6th Edition , Page 705 and RFC 1826, http://tools.ietf.org/html/rfc1826, paragraph 1.
Question 108
Domain Name Service is a distributed database system that is used to map:
Correct Answer: A
Explanation/Reference: The Domain Name Service is a distributed database system that is used to map domain names to IP addresses and IP addresses to domain names. The Domain Name System is maintained by a distributed database system, which uses the client-server model. The nodes of this database are the name servers. Each domain has at least one authoritative DNS server that publishes information about that domain and the name servers of any domains subordinate to it. The top of the hierarchy is served by the root nameservers, the servers to query when looking up (resolving) a TLD. Reference(s) used for this question: KRUTZ, Ronald L & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 100. and https://en.wikipedia.org/wiki/Domain_Name_System
Question 109
Which of the following usually provides reliable, real-time information without consuming network or host resources?
Correct Answer: A
A network-based IDS usually provides reliable, real-time information without consuming network or host resources. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 48.
Question 110
Which of the following addresses a portion of the primary memory by specifying the actual address of the memory location?
Correct Answer: A
Section: Security Operation Adimnistration Explanation/Reference: Absolute/Direct +------+-----+--------------------------------------+ | load | reg | address | +------+-----+--------------------------------------+ (Effective address = address as given in instruction) This requires space in an instruction for quite a large address. It is often available on CISC machines which have variable-length instructions, such as x86. Some RISC machines have a special Load Upper Literal instruction which places a 16-bit constant in the top half of a register. An OR literal instruction can be used to insert a 16-bit constant in the lower half of that register, so that a full 32-bit address can then be used via the register-indirect addressing mode, which itself is provided as "base-plus-offset" with an offset of 0. http://en.wikipedia.org/wiki/Addressing_mode (Very good coverage of the subject) also see: Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 186. also see: http://www.comsci.us/ic/notes/am.html
Question 111
Which of the following are NT Audit events? (Choose all that apply)