CISSP Practice Test

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

A.

Packet filtering

B.

Port services filtering

C.

Content filtering

D.

Application access control

What is the purpose of an Internet Protocol (IP) spoofing attack?

A.

To send excessive amounts of data to a process, making it unpredictable

B.

To intercept network traffic without authorization

C.

To disguise the destination address from a target’s IP filtering devices

D.

To convince a system that it is communicating with a known entity

Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

A.

Intrusion Prevention Systems (IPS)

B.

Intrusion Detection Systems (IDS)

C.

Stateful firewalls

D.

Network Behavior Analysis (NBA) tools

An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

A.

Add a new rule to the application layer firewall

B.

Block access to the service

C.

Install an Intrusion Detection System (IDS)

D.

Patch the application source code

An external attacker has compromised an organization’s network security perimeter and
installed a sniffer onto an inside computer. Which of the following is the MOST effective
layer of security the organization could have implemented to mitigate the attacker’s ability
to gain further information?

A.

Implement packet filtering on the network firewalls

B.

Install Host Based Intrusion Detection Systems (HIDS)

C.

Require strong authentication for administrators

D.

Implement logical network segmentation at the switches