Let's see how well you did on this test ... 1. DNS, FTP, TFTP, SNMP are provided at what level of the OSI / ISO model? Answer: Application Sorry - you had a wrong answer, please review details below. Reference: OSI/ISO. 2. The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers 6 is which of the following? Answer: Presentation Layer Sorry - you had a wrong answer, please review details below. International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers and Characteristics: Physical Layer Data Link Layer Network Layer Transport Layer Session Layer Presentation Layer Applications Layer Here's a great mnemonicfor the OSI model: "Please Do Not Trow Sausage Pizza Away". Source: STEINER, Kurt, Telecommunications and Network Security, Version 1, May 2002, CISSP Open Study Group (Domain Leader: skottikus), Page 12. Available at www.cccure.org. Thanks to Rakesh Sud for providing this question and to Don Murdoch for providing extra information. 3. Which of the following OSI layers does not provide confidentiality? Answer: Transport Sorry - you had a wrong answer, please review details below. The transport layer provides end-to-end data transport services and establishes the logical connection between two communicating computers but it does not provide any confidentiality. The presentation layer provides authentication and authorization services. The network layer provides confidentiality, authentication, data integrity, and access control services. The session layer provides confidentiality services through SSL and establishes the connections between applications and allows checkpoint for restart/recovery. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 7: Telecommunications and Network Security (page 351). Thanks to Rhonda Farrell-Oller for reviewing this question. 4. You are running a packet sniffer on a network and see a packet with a long string of "90 90 90 90...." in the middle of it traveling to an x86-based machine. This could be indicative of what? Answer: A buffer overflow Sorry - you had a wrong answer, please review details below. The Intel x86 processors use the hexadecimal number 90 to represent NOP (no operation). Most of the buffer overflow exploits designed since 11/8/1996 use a long string of NOPs to write past the base pointer and down into the stack to overwrite a return code. newer buffer overflows may not have this characteristic. Source: The LISA documentation for snort describes these packets. 5. Which of the following OSI layers provides non-repudiation services? Answer: application Sorry - you had a wrong answer, please review details below. Layer 7 of the OSI model allows applications (users) to use the network in a distributed processing environment. Non-repudiation is a user (application) function. Therefore, non-repudiation is considered to be at the application layer of the OSI model, level 7. Source: The OSI Reference Model. Thanks to Peter Mosmans for providing a reference for this question. 6. Both TCP and UDP use port numbers of what length? Answer: 16 bits Sorry - you had a wrong answer, please review details below. The port numbers range from 1 to 65535. Source: STEVENS, Richard W., TCP/IP Illustrated, Volume 1: The Protocols, 1994, AddisonWesley Pub Co., pg. 10. 7. The IP header contains a protocol field. If this field contains the value of 2, what type of data is contained within the IP datagram? Answer: IGMP Sorry - you had a wrong answer, please review details below. TCP=6, ICMP=1, UDP=17, IGMP=2 Source: STEVENS, Richard W., TCP/IP Illustrated, Volume 1: The Protocols, 1994, AddisonWesley Pub Co., pg. 10. 8. The IP header contains a protocol field. If this field contains the value of 6, what type of data is contained within the ip datagram? Answer: TCP Sorry - you had a wrong answer, please review details below. TCP=6, ICMP=1, UDP=17, IGMP=2 Source: STEVENS, Richard W., TCP/IP Illustrated, Volume 1: The Protocols, 1994, AddisonWesley Pub Co., pg. 10. 9. Fast Ethernet operates at which of the following? Answer: 100 MBps Sorry - you had a wrong answer, please review details below. Fast Ethernet operates at 100 MBps. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 108. Thanks to George Wood for providing this question. 10. Which of the following is an ipaddress that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)? Answer: 192.168.42.5 Sorry - you had a wrong answer, please review details below. Each class of addresses contains a block that are reserved for private networks and which are not routable across the public Internet. For class A, the reserved addresses are 10.0.0.0 10.255.255.255. For class B networks, the reserved addresses are 172.16.0.0 - 172.31.255.255. For class C, the reserved addresses are 192.168.0.0 - 192.168.255.255. Source: The Linux Net-HOWTO. Also ensure that you take a look at RFC 1918, which is THE reference for private address space. 11. Telnet and rlogin use which protocol? Answer: TCP Sorry - you had a wrong answer, please review details below. Source: STEVENS, Richard W., TCP/IP Illustrated, Volume 1: The Protocols, 1994, AddisonWesley Pub Co., pg. 25. 12. In the OSI / ISO model, at what level are TCP and UDP provided? Answer: Transport Sorry - you had a wrong answer, please review details below. The Transport layer of the OSI/ISO model supports the TCP and UDP protocol. 13. The connection using fiber optics from the phone company's branch office to local customers is which of the following? Answer: local loop Sorry - you had a wrong answer, please review details below. Transmission on fiber optic wire requires repeating at distance intervals. The glass fiber requires more protection within an outer cable than copper. For these reasons and because the installation of any new wiring is labor-intensive, few communities yet have fiber optic wires or cables from the phone company's branch office to local customers (local loop). Source: STEINER, Kurt, Telecommunications and Network Security, Version 1, May 2002, CISSP Open Study Group (Domain Leader: skottikus), Page 14. Available at www.cccure.org. Thanks to Rakesh Sud for providing this question. 14. A packet containing a long string of NOP's followed by a command is usually indicative of what? Answer: A buffer overflow Sorry - you had a wrong answer, please review details below. Most of the buffer overflow exploits designed since 11/8/1996 use a long string of NOPs to write past the base pointer and down into the stack to overwrite a return code. newer buffer overflows may not have this characteristic. Source: The LISA documentation for snort describes these packets. 15. Which of the following is an ipaddress that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)? Answer: 10.0.42.5 Sorry - you had a wrong answer, please review details below. Each class of addresses contains a block that are reserved for private networks and which are not routable across the public Internet. For class A, the reserved addresses are 10.0.0.0 10.255.255.255. For class B networks, the reserved addresses are 172.16.0.0 - 172.31.255.255. For class C, the reserved addresses are 192.168.0.0 - 192.168.255.255. Source: The Linux Net-HOWTO. Also ensure that you take a look at RFC 1918, which is THE reference for private address space. 16. Which of the following statements about the "Intranet" is NOT true? Answer: It is unrestricted and publicly available. Sorry - you had a wrong answer, please review details below. Details and reference for this question are not yet available. This question is a new question that was submitted by one of the member of the site and I have to find a reference for it. If you do have a reference to this question, please send it to Christian at cvezina@noos.fr with the question above. Thanks. Clement. 17. Which of the following OSI layers provides routing and related services? Answer: Network Sorry - you had a wrong answer, please review details below. The network layer provides routing and related functions that enable multiple data links to be combined into an Internetwork. Reference: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 7: Telecommunications and Network Security (page 351). Thanks to Christian Vezina for providing a reference for this question. 18. What is the proper term to refer to a single unit of IP data? Answer: IP datagram Sorry - you had a wrong answer, please review details below. The proper terms are TCP segment, IP datagram, and Ethernet frame. Source: STEVENS, Richard W., TCP/IP Illustrated, Volume 1: The Protocols, 1994, AddisonWesley Pub Co., pg. 10. 19. ICMP and IGMP belong to which layer of the OSI model? Answer: Network Sorry - you had a wrong answer, please review details below. Although ICMP and IGMP are moved across the network within IP datagrams like TCP, do not provide end-to-end transport so they cannot be part of the transport layer like TCP. Source: STEVENS, Richard W., TCP/IP Illustrated, Volume 1: The Protocols, 1994, AddisonWesley Pub Co., pg. 2. 20. Which of the following is true related to network sniffing? Answer: Sniffers allow an attacker to monitor data passing across a network. Sorry - you had a wrong answer, please review details below. Sniffers allow an attacker to monitor data passing across a network ... Sniffers exploit characteristics of several data-link technologies, including Token Ring and especially Ethernet. IP Spoofing is a network-based attack, which involves altering the source address of a computer to disguise the attacker and exploit weak authentication methods. Session Hijacking tools allow an attacker to take over network connections, kicking off the legitimate user or sharing a login. Malformed Packer attacks are a type of DoS attack that involves one or two packets that are formatted in an unexpected way. Many vendor product implementations do not take into account all variations of user entries or packet types. If software handles such errors poorly, the system may crash when it receives such packets. A classic example of this type of attack involves sending IP fragments to a system that overlap with each other (the fragment offset values are incorrectly set. Some unpatched Windows and Linux systems will crash when the encounter such packets. Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 2, Auerbach, NY, NY 2001, Chapter 22, Hacker Tools and Techniques by Ed Skoudis. 21. Which of the following provide network redundancy in a local network environment? Answer: Dual backbones Sorry - you had a wrong answer, please review details below. Growth in data traffic, coupled with the requirement to utilize bandwidth more efficiently, has in many cases resulted in organizations setting up dedicated data networks. In the meantime, the TDM backbone remained in place to service voice requirements. The result is dual backbones one for voice, the other for data. Thanks to Rakesh Sud for providing details to this question. 22. How do you distinguish between a bridge and a router? Answer: The bridge connects two networks at the link layer, while router connects two networks at the network layer. Sorry - you had a wrong answer, please review details below. Source: STEVENS, Richard W., TCP/IP Illustrated, Volume 1: The Protocols, 1994, AddisonWesley Pub Co., pg. 6. 23. The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers are in which of the following order (1 to 7) ? Answer: Physical Layer, Data Link Layer, Network Layer, Transport Layer, Session Layer, Presentation Layer, Application Layer Sorry - you had a wrong answer, please review details below. International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers and Characteristics: Physical Layer Data Link Layer Network Layer Transport Layer Session Layer Presentation Layer Applications Layer Mnemonics: Please Do Not Throw Sausage Pizza Away (bottom to top layer) All People Seem To Need Data Processing (top to bottom layer). Source: STEINER, Kurt, Telecommunications and Network Security, Version 1, May 2002, CISSP Open Study Group (Domain Leader: skottikus), Page 10. Available at www.cccure.org. Thanks to Rakesh Sud for providing this question and to Arlen Fletcher for reviewing it. 24. The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers does NOT have which of the following characteristics? Answer: Used to gain information from network devices such as count of packets received and routing tables Sorry - you had a wrong answer, please review details below. The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers and Characteristics Standard model for network communications allows dissimilar networks to communicate, Defines 7 protocol layers (a.k.a. protocol stack) Each layer on one workstation communicates with its respective layer on another workstation using protocols (i.e. agreed-upon communication formats) "Mapping" each protocol to the model is useful for comparing protocols. Mnemonics: Please Do Not Throw Sausage Pizza Away (bottom to top layer) All People Seem To Need Data Processing (top to bottom layer). Source: STEINER, Kurt, Telecommunications and Network Security, Version 1, May 2002, CISSP Open Study Group (Domain Leader: skottikus), Page 12. Available at www.cccure.org. Thanks to Rakesh Sud for providing this question. 25. ARP and RARP map between which of the following? Answer: 32-bit addresses in IPv4 and 48-bit hardware addresses Sorry - you had a wrong answer, please review details below. Source: STEVENS, Richard W., TCP/IP Illustrated, Volume 1: The Protocols, 1994, AddisonWesley Pub Co., pg. 22. 26. Which of the following layers provides end-to-end service? Answer: Transport Layer Sorry - you had a wrong answer, please review details below. Both TCP and UDP are transport layer protocols Source: STEVENS, Richard W., TCP/IP Illustrated, Volume 1: The Protocols, 1994, AddisonWesley Pub Co., pg. 19. 27. In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a Class B network? Answer: The first bit of the ipaddress would be set to one and the second bit set to zero. Sorry - you had a wrong answer, please review details below. Source: SEMERIA, Chuck, Understanding IP Addressing: Everything You Ever Wanted To Know, 3Com Corporation. 28. Which of the following access methods is used by Ethernet? Answer: CSMA/CD Sorry - you had a wrong answer, please review details below. CSMA/CD is an acronym for "Carrier Sense, Multiple Access with Collision Detection". Source: STEVENS, Richard W., TCP/IP Illustrated, Volume 1: The Protocols, 1994, AddisonWesley Pub Co., pg. 21. 29. What is the proper term to refer to a single unit of TCP data at the transport layer? Answer: TCP segment Sorry - you had a wrong answer, please review details below. The proper terms is TCP segment. Source: STEVENS, Richard W., TCP/IP Illustrated, Volume 1: The Protocols, 1994, AddisonWesley Pub Co., pg. 10. 30. In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a Class C network? Answer: The first two bits of the ip address would be set to one, and the third bit set to zero. Sorry - you had a wrong answer, please review details below. Each class of addresses contains a block that are reserved for private networks and which are not routable across the public Internet. For class A, the reserved addresses are 10.0.0.0 10.255.255.255. For class B networks, the reserved addresses are 172.16.0.0 - 172.31.255.255. For class C, the reserved addresses are 192.168.0.0 - 192.168.255.255. Source: SEMERIA, Chuck, Understanding IP Addressing: Everything You Ever Wanted To Know, 3Com Corporation. 31. What is the proper term to refer to a single unit of Ethernet data? Answer: Ethernet frame Sorry - you had a wrong answer, please review details below. The proper terms is Ethernet frame. Source: STEVENS, Richard W., TCP/IP Illustrated, Volume 1: The Protocols, 1994, AddisonWesley Pub Co., pg. 10. 32. Which of the following is an ipaddress that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)? Answer: 172.31.42.5 Sorry - you had a wrong answer, please review details below. Each class of addresses contains a block that are reserved for private networks and which are not routable across the public Internet. For class A, the reserved addresses are 10.0.0.0 10.255.255.255. For class B networks, the reserved addresses are 172.16.0.0 - 172.31.255.255. For class C, the reserved addresses are 192.168.0.0 - 192.168.255.255. Source: The Linux Net-HOWTO. Also ensure that you take a look at RFC 1918, which is THE reference for private address space. 33. In The OSI / ISO model, at what layer are some of the SLIP, CSLIP, PPP control functions are provided? Answer: Link Sorry - you had a wrong answer, please review details below. The Data Link layer of the OSI/ISO model provides SLIP, CSLIP and PPP protocol. RFC 1661 - The Point-to-Point Protocol (PPP) specifies that the Point-to-Point Protocol (PPP) provides a standard method for transporting multi-protocol datagrams over point-to-point links. PPP is comprised of three main components: 1 A method for encapsulating multi-protocol datagrams. 2 A Link Control Protocol (LCP) for establishing, configuring, and testing the data-link connection. 3 A family of Network Control Protocols (NCPs) for establishing and configuring different network-layer protocols. 34. Which of the following is TRUE? Answer: TCP is connection-oriented. UDP is not. Sorry - you had a wrong answer, please review details below. TCP is a connection-oriented transport for guaranteed delivery of data. UDP does not provide for error correction UDP is useful for shorter messages Reference: Understanding the Difference between TCP/IP and IPX/SPX. James's TCP-IP FAQ - Understanding Port Numbers. 35. The IP header contains a protocol field. If this field contains the value of 1, what type of data is contained within the IP datagram? Answer: ICMP Sorry - you had a wrong answer, please review details below. TCP=6, ICMP=1, UDP=17, IGMP=2 Source: STEVENS, Richard W., TCP/IP Illustrated, Volume 1: The Protocols, 1994, AddisonWesley Pub Co., pg. 10. 36. The IP header contains a protocol field. If this field contains the value of 17, what type of data is contained within the ip datagram? Answer: UDP Sorry - you had a wrong answer, please review details below. TCP=6, ICMP=1, UDP=17, IGMP=2 Source: STEVENS, Richard W., TCP/IP Illustrated, Volume 1: The Protocols, 1994, AddisonWesley Pub Co., pg. 10. 37. Frame relay and X.25 networks are part of which of the following? Answer: Packet-switched services Sorry - you had a wrong answer, please review details below. Reference: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 7: Telecommunications and Network Security (pages 451-461). Thanks to Don Murdoch for providing a reference to this question. 38. Which of the following is an ipaddress that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)? Answer: 172.16.42.5 Sorry - you had a wrong answer, please review details below. Each class of addresses contains a block that are reserved for private networks and which are not routable across the public Internet. For class A, the reserved addresses are 10.0.0.0 10.255.255.255. For class B networks, the reserved addresses are 172.16.0.0 - 172.31.255.255. For class C, the reserved addresses are 192.168.0.0 - 192.168.255.255. Source: The Linux Net-HOWTO. Also ensure that you take a look at RFC 1918, which is THE reference for private address space. You scored 0 out of 38 (0 %). Thanks! for using the CISSP OSG test facility Submit your own questions to improve the test! Questions and comments can be sent to: cvezina@noos.fr