1. Trunk lines are used in which one of the following scenarios?
A. Remote office ISDN wiring for an employee
B. Communication between two switches at a central office
C. Internal wiring in a token ring architecture
D. Communication between terminals for different classes of traffic
2. There are different types of Internet connection technologies with different characteristics. Which of the following is an “always on” technology?
A. BRI
B. PRI
C. Dial-up
D. DSL
3. Which is not true about Trivial File Transfer Protocol (TFTP)?
A. It has a smaller subset of commands compared to FTP.
B. It has less functionality than FTP.
C. It could allow any user read and write privileges.
D. Encrypted passwords provide the only form of security.
4. Because ARP does not perform authentication, it is vulnerable to what two types of attacks?
A. Table poisoning
B. Masquerading
C. Fragment
D. Birthday
5. What protocol protects the IP header as well as the upper-layer protocol headers above IP?
A. RARP
B. IPSec
C. FDDI
D. SLIP
6. Which is not considered a firewall architecture used to protect networks?
A. Screened host

B.
Screened subnet
C.
NAT gateway
D.
Dual-homed host
7.
8.
When a router modifies an unregistered IP address of a computer into a registered IP address to send out through an external link, it is performing
____________.
A. Network Address Translation
B. Polling
C. Address Resolution Protocol
D. Multiplexing
Which polling protocol is used mainly to communicate with IBM mainframe systems?
A. PDLC
B. SDLC
C. SMDS
D. X.25
9. HDLC improves upon SDLC in which two ways?
A. It works over asynchronous lines.
B. It is bit-oriented.
C. It provides a higher throughput.
D. It supports full-duplex transmissions.
10. A SONET architecture used to connect internal networks in each building of a large university is an example of what?
A. WAN
B. LAN
C. MAN
D. Extranet
11. The Internet Protocol has gone through different generations. IP Version 6 is being slowly deployed in the U.S. and more quickly in Asia. IP Version 6 has how many address bits?
A. 16
B. 32
C. 64
D. 128
12. What takes place at the session layer?
A. Dialog control
B.
Routing
C.
Packet sequencing
D.
Addressing
13. All of the following are true statements about bastion hosts except which?
A. Bastion hosts are locked-down systems.

B. Bastion hosts are often the first device to be tampered with by hackers.
C. Bastion hosts contain no unnecessary applications.
D. Bastion hosts are protected by the DMZ and have internal user accounts.
14. How does data encapsulation and the protocol stack work?
A. Each protocol or service at each layer in the OSI model multiplexes other packets to the data as it is passed down the protocol stack.
B. Each protocol or service at each layer in the OSI model adds its own information to the data as it is passed down the protocol stack.
C. The packet is encapsulated and grows as it hops from router to router.
D. The packet is encapsulated and grows when it is passed up the protocol stack.
15. Internet Protocol Security (IPSec) is actually a suite of protocols. Each protocol within the suite provides different functionality. Collectively, IPSec does everything except which of the following?
A. Encrypt
B. Work at the data link layer
C. Authenticate
D. Protect the payload and the headers
1. B
Trunks are used to connect multiple switches for traffic of the same class. The best example of a trunk is the communication channel between two voice switches at a local phone company’s central office. The other answers refer to links or lines that connect endpoints to a larger network.
2. D
Digital Subscriber Line (DSL) has a continuous connection, which offers convenience to a user, but can also offer security concerns since it is “always on” for potential hackers to infiltrate. Basic Rate Interface (BRI) and Primary
Rate Interface (PRI) are different flavors of ISDN. Cable modems also use an
“always on” technology.
3. D
TFTP is an insecure protocol with much less functionality than FTP. It has no encryption or authentication capabilities and exists simply to transfer files.
The use of passwords with FTP is insecure, as they are sent in cleartext.
4. A and B
ARP table poisoning is a type of masquerading attack that takes advantage of the weakness in the ARP protocol. An attacker who successfully “poisons” an
ARP table will replace the victim’s MAC address with his own. Now the IP address that is mapped to its assigned MAC address is actually being mapped to the attacker’s address.

5. B
Internet Protocol Security (IPSec) can be applied in two distinct ways: transport mode or tunnel mode. Transport mode refers to protecting just the data payload. In tunnel mode, the headers and data payload are protected. The other protocols do not provide protection and also work at the data link layer.
6. C
The other answers describe basic firewall architectures, meaning where they can be placed within an environment. Network address translation (NAT) maps public to private addresses and does not provide traffic monitoring capabilities. Some firewalls provide NAT services, but the goals of the services are different.
7. A
Network Address Translation (NAT) helps to conserve the use of registered IP addresses. Companies use private addresses to communicate internally and use NAT to change them to public addresses when connecting with the outside world.
8.
9.
B
Synchronous Data Link Control (SDLC) enables secondary devices to communicate with the primary stations or mainframes in an IBM architecture.
SDLC is the original IBM proprietary protocol. HDLC provides basically the same functionality and more, and it is an open protocol.
C and D
HDLC is based upon the SDLC protocol. Both are bit-oriented, and both work over synchronous lines. However, HDLC supports full-duplex connections, and thus can provide a higher throughput. Like SDLC, HDLC provides polling, enabling secondary units to communicate with primary units.
10. C
A metropolitan area network (MAN) is a backbone network that joins together local area networks. In this example, each building’s network is a LAN. The
LANs communicate with one another through the SONET network or MAN.
11. D
IP Version 6, which is slowly replacing the current Version 4, offers 128-bit addresses. The additional bits will dramatically increase the number of available addresses, thus solving one of the major limitations of Version 4.
Other benefits of Version 6 include improved quality-of-service and IPSec.
12. A
The session layer is responsible for controlling how applications communicate, not how computers communicate. Not all applications use protocols that work at the session layer, so this layer is not always used in networking functions. A session layer protocol will set up the connection to

the other application logically and control the dialog going back and forth.
Session layer protocols allow applications to keep state of the dialog.
13. D
The demilitarized zone (DMZ) is a buffer zone between two networks.
Devices in the area, like the bastion host, are extremely vulnerable to hacking.
Because of this, no unnecessary programs, user information, utilities or subsystems should be placed on them. Bastion hosts should not have internal user accounts. They should only have the accounts necessary to carry out their tasks.
14. B
Data encapsulation means that a piece of data is put inside another type of data. This usually means that individual protocols apply their own instruction set in the form of headers and trailers. As a data package goes down the OSI or protocol stack of a system, each protocol that is involved adds its own instructions. This process is reversed at the destination.
15. B
IPSec is a protocol used to provide VPN functionality that boasts strong encryption and authentication functionality. It can protect in two different modes: tunnel mode (payload and headers are protected) or in transport mode
(payload protection only). IPSec works at the network layer, not the data link layer.
Return to SearchSecurity.com’s Security School for CISSP training:
CISSP Essentials library: http://www.searchsecurity.com/CISSPessentials
Class 5 briefing: http://www.searchsecurity.com/Class5briefing