Which of the following is the FIRST step for defining Service Level Requirements (SLR)?
Correct Answer: C
Question 82
What can happen when an Intrusion Detection System (IDS) is installed inside a firewall- protected internal network?
Correct Answer: B
Question 83
Which service usually runs on port 25?
Correct Answer: C
Explanation/Reference: Explanation: SMTP uses port 25. Incorrect Answers: A: FTP uses port 21. B: Telnet uses port 23. D: DNS uses port 53. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1289
Question 84
Which TCP/IP protocol operates at the OSI Network layer?
Correct Answer: B
The correct answer is IP. IP operates at the network layer of the OSI model and at the Internet layer of the TCP/IP model. FTP operates at the application layer of the TCP/IP model, which is roughly similar to the top three layers of the OSI model: the Application, Presentation, and Session layers. TCP and UDP both operate at the OSI Transport layer, which is similar to the TCP/IP Host-to-host layer.
Question 85
What is the primary goal of setting up a honey pot?
Correct Answer: D
Explanation/Reference: Explanation: A honeypot system is a computer that usually sits in the screened subnet, or DMZ, and attempts to lure attackers to it instead of to actual production computers. To make a honeypot system lure attackers, administrators may enable services and ports that are popular to exploit. Some honeypot systems have services emulated, meaning the actual service is not running but software that acts like those services is available. Honeypot systems can get an attacker's attention by advertising themselves as easy targets to compromise. They are configured to look like regular company systems so that attackers will be drawn to them like bears are to honey. Honeypots can work as early detection mechanisms, meaning that the network staff can be alerted that an intruder is attacking a honeypot system, and they can quickly go into action to make sure no production systems are vulnerable to that specific attack type. Organizations use these systems to identify, quantify, and qualify specific traffic types to help determine their danger levels. The systems can gather network traffic statistics and return them to a centralized location for better analysis. So as the systems are being attacked, they gather intelligence information that can help the network staff better understand what is taking place within their environment. Incorrect Answers: A: A honeypot does act as a decoy system in that it can lure hackers into attacking the honeypot system instead of live production servers. However, this is not the primary goal of a honeypot. The primary goal is to learn about attack techniques so the network can be fortified. B: Entrapping and tracking down attackers is not the goal of a honeypot. Learning about possible attack techniques is more valuable to a company. C: It is not the goal of a honeypot to set up a sacrificial lamb on the network. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 655
