Which of the following forms of authentication would most likely apply a digital signature algorithm to every bit of data that is sent from the claimant to the verifier?
Correct Answer: B
Explanation/Reference: Continuous authentication is a type of authentication that provides protection against impostors who can see, alter, and insert information passed between the claimant and verifier even after the claimant/verifier authentication is complete. These are typically referred to as active attacks, since they assume that the imposter can actively influence the connection between claimant and verifier. One way to provide this form of authentication is to apply a digital signature algorithm to every bit of data that is sent from the claimant to the verifier. There are other combinations of cryptography that can provide this form of authentication but current strategies rely on applying some type of cryptography to every bit of data sent. Otherwise, any unprotected bit would be suspect. Robust authentication relies on dynamic authentication data that changes with each authenticated session between a claimant and a verifier, but does not provide protection against active attacks. Encrypted authentication is a distracter. Source: GUTTMAN, Barbara & BAGWILL, Robert, NIST Special Publication 800-xx, Internet Security Policy: A Technical Guide, Draft Version, May 25, 2000 (page 34).
Question 42
A variation of the application layer firewall is called a:
Correct Answer: D
Section: Network and Telecommunications Explanation/Reference: Terminology can be confusing between the different souces as both CBK and AIO3 call an application layer firewall a proxy and proxy servers are generally classified as either circuit-level proxies or application level proxies. The distinction is that a circuit level proxy creates a conduit through which a trusted host can communicate with an untrusted one and doesn't really look at the application contents of the packet (as an application level proxy does). SOCKS is one of the better known circuit-level proxies. Firewalls Packet Filtering Firewall - First Generation n Screening Router n Operates at Network and Transport level n Examines Source and Destination IP Address n Can deny based on ACLs n Can specify Port Application Level Firewall - Second Generation n Proxy Server n Copies each packet from one network to the other n Masks the origin of the data n Operates at layer 7 (Application Layer) n Reduces Network performance since it has do analyze each packet and decide what to do with it. n Also Called Application Layer Gateway Stateful Inspection Firewalls - Third Generation n Packets Analyzed at all OSI layers n Queued at the network level n Faster than Application level Gateway Dynamic Packet Filtering Firewalls - Fourth Generation n Allows modification of security rules n Mostly used for UDP n Remembers all of the UDP packets that have crossed the network's perimeter, and it decides whether to enable packets to pass through the firewall. Kernel Proxy - Fifth Generation n Runs in NT Kernel n Uses dynamic and custom TCP/IP-based stacks to inspect the network packets and to enforce security policies. "Current level firewall" is incorrect. This is an amost-right-sounding distractor to confuse the unwary. "Cache level firewall" is incorrect. This too is a distractor. "Session level firewall" is incorrect. This too is a distractor. References CBK, p. 466 - 467 AIO3, pp. 486 - 490 CISSP Study Notes from Exam Prep Guide
Question 43
Before the advent of classless addressing, the address 128.192.168.16 would have been considered part of:
Correct Answer: B
Section: Network and Telecommunications Explanation/Reference: Before the advent of classless addressing, one could tell the size of a network by the first few bits of an IP address. If the first bit was set to zero (the first byte being from 0 to 127), the address was a class A network. Values from 128 to 191 were used for class B networks whereas values between 192 and 223 were used for class C networks. Class D, with values from 224 to 239 (the first three bits set to one and the fourth to zero), was reserved for IP multicast. Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 3: TCP/IP from a Security Viewpoint.
Question 44
Which of the following security mode of operation does NOT require all users to have the clearance for all information processed on the system?
Correct Answer: B
The multilevel security mode permits two or more classification levels of information to be processed at the same time when all the users do not have the clearance of formal approval to access all the information being processed by the system. In dedicated security mode, all users have the clearance or authorization and need-to-know to all data processed within the system. In system-high security mode, all users have a security clearance or authorization to access the information but not necessarily a need-to-know for all the information processed on the system (only some of the data). In compartmented security mode, all users have the clearance to access all the information processed by the system, but might not have the need-to-know and formal access approval. Generally, Security modes refer to information systems security modes of operations used in mandatory access control (MAC) systems. Often, these systems contain information at various levels of security classification. The mode of operation is determined by: The type of users who will be directly or indirectly accessing the system. The type of data, including classification levels, compartments, and categories, that are processed on the system. The type of levels of users, their need to know, and formal access approvals that the users will have. Dedicated security mode In this mode of operation, all users must have: Signed NDA for ALL information on the system. Proper clearance for ALL information on the system. Formal access approval for ALL information on the system. A valid need to know for ALL information on the system. All users can access ALL data. System high security mode In this mode of operation, all users must have: Signed NDA for ALL information on the system. Proper clearance for ALL information on the system. Formal access approval for ALL information on the system. A valid need to know for SOME information on the system. All users can access SOME data, based on their need to know. Compartmented security mode In this mode of operation, all users must have: Signed NDA for ALL information on the system. Proper clearance for ALL information on the system. Formal access approval for SOME information they will access on the system. A valid need to know for SOME information on the system. All users can access SOME data, based on their need to know and formal access approval. Multilevel security mode In this mode of operation, all users must have: Signed NDA for ALL information on the system. Proper clearance for SOME information on the system. Formal access approval for SOME information on the system. A valid need to know for SOME information on the system. All users can access SOME data, based on their need to know, clearance and formal access approval. REFERENCES: WALLHOFF, John, CBK#6 Security Architecture and Models (CISSP Study Guide), April 2002 (page 6). and http://en.wikipedia.org/wiki/Security_Modes
Question 45
The preliminary steps to security planning include all of the following EXCEPT which of the following?
Correct Answer: C
Explanation/Reference: The keyword within the question is: preliminary This means that you are starting your effort, you cannot audit if your infrastructure is not even in place. Reference used for this question: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
