- _______________ is a layer 2 connection mechanism that uses packet-switching technology to establish virtual circuits between the communication endpoints.
(a) ISDN
(b) Frame Relay
(c) SMDS
(d) ATM
Answer:
(b)
Explanation:
Frame Relay is a layer 2 connection mechanism that uses packet-switching technology or establishes virtual circuits between the communication endpoints. The Frame Relay network is a shared medium across which virtual circuits are created to provide point-to-point communications. All virtual circuits are independent of, and invisible to, each other.
- What is needed to allow an external client to initiate a communication session with an internal system if the network uses a NAT proxy?
(a) IPsec tunnel
(b) Static mode NAT
(c) Static private IP address
(d) Reverse DNS
Answer:
(b)
Explanation:
Static mode NAT is needed to allow an outside entity to initiate communications with an internal system behind a NAT proxy.
- At which OSI model layer does the IPsec protocol function?
(a) Data Link
(b) Transport
(c) Session
(d) Network
Answer:
(d)
Explanation:
IPsec operates at the Network layer (Layer 3).
- When you’re designing a security system for internet-delivered email, which of the following is least important?
(a) Non-repudiation
(b) Availability
(c) Message integrity
(d) Access restriction
Answer:
(b)
Explanation:
Although availability is a key aspect of security in general, it is the least important aspect of security systems for internet-delivered email.
- What is the function of the network access server in a RADIUS environment?
(a) Authentication server
(b) Client
(c) AAA server
(d) Firewall
Answer:
(b)
Explanation:
The network access server is the client within a RADIUS architecture. The RADIUS server is the authentication server and provides authentication, authorisation & accounting (AAA) services. The network access server might have a host firewall enabled, but that isn’t the primary function.
- Accountability requires all of the following items except one. Which item is not required for accountability?
(a) Identification
(b) Authentication
(c) Auditing
(d) Authorisation
Answer:
(d)
- Who, or what, grants permissions to users in a DAC model?
(a) Administrators
(b) Access control list
(c) Assigned labels
(d) The data custodian
Answer:
(b)
Explanation:
The data custodian (or owner) grants permissions to users in a Discretionary Access Control (DAC) model. Administrators grant permission for resources they own, but not for all resources in a DAC model. A rule-based access control model uses an access control list. The Mandatory Access Control (MAC) model uses labels.
- Which of the following models is also known as an identity-based access control model?
(a) DAC
(b) RBAC
(c) Rule-based access control
(d) MAC
Answer:
(a)
Explanation:
A Discretionary Access Control (DAC) model is as identity-based access control model. It allows the owner (or data custodian) of a resource to grant permissions at the discretion of the the owner. The rule-based access control model is based on roles within an ACL. The Mandatory Access Control (MAC) model uses assigned labels to identify access.
- A central authority determines which files a user can access. Which of the following best describes this?
(a) An access control list (ACL)
(b) An access control matrix
(c) Discretionary Access Control model
(d) Non-discretionary access control model
Answer:
(d)
Explanation:
A non-discretionary access control model uses a central authority to determine which objects (such as files) that users (and other subjects) can access. In contrast, a Discretionary Access Control (DAC) model allows users to grant & reject access to any objects they own. An ACL is an example of a rule-based access control model that uses rules, not roles.
- Which of the following BEST describes a characteristic of the MAC model?
(a) Employs explicit-deny philosophy
(b) Permissive
(c) Rule-based
(d) Prohibitive
Answer:
(d)
Explanation:
The Mandatory Access Control (MAC) model is prohibitive (not permissive) and uses an implicit-deny (not explicity-deny) philosophy. It uses labels rather than rules.
- Comment
- Reblog
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
My CISSP Notes 