telecommunications.docx

1、telecommunicationsTELECOMMUNICATIONS & NETWORK SECURITY1. What name was given to the device that was used to generate the sounds of coins dropping into coin boxes to defraud the telephone company?a. Blue boxb. Red boxc. Black boxd. White boxAnswer: b (Reference: Horak, Ray, Voice Network Fraud, Data

2、pro Information Services, Delran, NJ)Blue box - before all digital switches made it possible for phone companies to move them out of the audible range, one could hear the switching tones used to route long-distance calls. Early phreakers built devices called blue boxes that could reproduce these ton

3、es, which could be used to commandeer portions of the phone network. A blue box generates a 2600-Hz tone.Red box - simulates money being put into a pay phone. A combination of 1700Hz & 2200Hz. A nickel is 1 beep, a dime is 2 beeps, and a quarter is 5 beeps.Black box - a device that is hooked up to a

4、 phone that fixes the phone so that a caller is not charged for the call - as if they were calling an 800 number.White box - used to change a normal touch tone keypad to a portable unit.2. One of the security issues associated with the use of Internet based fax services is:a. Fax is stored in plaint

5、ext at the service.b. Group 2 fax does not support encryption.c. The services verify fax content.d. Fax transmissions are usually blocked by a firewall.Answer: a3. Which one of the following can be used to verify the source of a fax transmission?a. Caller IDb. Ring Differential Detectorc. ID banner

6、stamped on cover paged. Call forwardingAnswer: aReference: Bellcore CND TR _-TSY0000302230British Telcom CID Standard SIN 227EV ETSI 300Note: New acronym CND = Calling Number DeliveryDiscussion:Answer a - correct - accurate report of calling number.Answer b - wrong - this is a signaling function.Ans

7、wer c - wrong - this can be forged.Answer d - wrong - doesnt provide source.4. Why are local area networks more vulnerable to data compromise than mainframe computers?a. Transmission capacityb. Storage capacityc. Multiple points of accessd. Removable mediaAnswer: c.5. How should access to a local ar

8、ea network be controlled for outside support?a. Obtain the signature of the user.b. Issue a temporary password.c. Verify user employment.d. Request user identification.Answer: b.Reference: Security Data & Voice Communications; Simonds; McGraw-Hill; 1996; pg 104.Outside support refers to remote acces

9、s from a vendors site for system maintenance, etc. Therefore, a. & d. wouldnt be practical unless digital signatures (certificates) are used. This may be an option in the future, but now, b. is the best. The third answer, c., is obviously incorrect because the question is addressing a non-employee s

10、ituation.6. Why does fiber optic communication technology have significant security advantage over other transmission technology?a. Higher data rates can be transmitted.b. Interception of data traffic is more difficult.c. Traffic analysis is prevented by multiplexing.d. Single and double-bit errors

11、are correctable.Answer: b. Reference: Voice & Data Communications Handbook; pg 631.Discussion:Answer a - wrong - higher data rates are not a security advantage.Answer b - correct - fiber is resistant to tapping.Answer c - wrong - multiplexing is not always used with fiber.Answer d - wrong - error co

12、rrecting is not associated with a transmission medium, but with a protocol.7. Which of the following telecommunications media is MOST resistant to tapping?a. Twisted pairb. Coaxialc. Shielded coaxiald. Fiber opticAnswer: d.Reference: Voice & Datacom Handbook; J Ranade; McGraw=Hill; 1998; pg 878.Disc

13、ussion:Answer a - wrong - twisted pair can be tapped using inductive or direct attack connections.Answer b - coaxial is more difficult to tap, but the cable can be intruded without changing transmission characteristics.Answer c - wrong - shielded coaxial is more difficult to tap, but cable can be in

14、truded without changing transmission characteristics.Answer d - correct - fiber optic cant be tapped by induction or intrusion without altering transmission characteristics.8. What is a basic security problem in distributed systems?a. Knowing who to trust.b. Knowing when to reconnect.c. Knowing how

15、to name resources.d. Knowing the order of transactions.Answer: a.Reference: Secure Computing; Rita Surrons; McGraw-Hill; 1997; pg 535-536. Discussion:Answer a - correctAnswer b - wrong - reconnect what? Indiscriminate.Answer c - wrong - naming of resources may facilitate security implementation but

16、would also apply to mainframe PIDs & LIDs.Answer d - wrong - would apply to both LAN & Mainframe.9. Which network topology passes all traffic through all active nodes?a. Broadbandb. Hub and Spokec. Basebandd. Token RingAnswer: d. Reference: Voice & DataComm Handbook; 1997; J Ranada; McGraw-Hill; pg

17、541.Broadband - a data-transmission technique that allows multiple signals to share the bandwidth of a transmission media. Cable TV is a broadband transmission in that signals for multiple TV stations are carried over separate channels.Hub & Spoke - a star topology where all signals go through the h

18、ub but not to all nodes.Baseband - a data-transmission technique that uses the entire bandwidth of a media, without modulating a digital signal. Ethernet, Token Ring, & Arcnet use baseband transmission.Token Ring - a network architecture that passes an electronic character called a token among nodes

19、 connected in a circular, closed-loop cabling system.10. Layer 4 of the OSI stack is known asa. the data link layerb. the transport layerc. the network layerd. the presentation layerAnswer: b.Reference: Voice & Data Communications Handbook; 1997; J Ranade; McGraw-Hill; pg 335.The data link layer is

20、layer 2.The transport layer is layer 4.The network layer is layer 3.The presentation layer is layer 6.11. Another name for a VPN is aa. tunnelb. one-time passwordc. pipelined. bypassAnswer: a.Discussion:Answer a - correct - by definition, a VPN provides a secure tunnel from one site to another over

21、an insecure environment such as the Internet.Answer b - wrong - has nothing to do with virtual networking.Answer c - wrong - named-pipe is UNIX internal messaging protocol.Answer d - wrong - stream is UNIX internal messaging protocol.12. Which of the following protocols is commonly used to verify di

22、al-up connections between hosts?a. Unix-to-Unix Communication Protocol (UUCP)b. Challenge Handshake Authentication Protocol (CHAP)c. Point-to-Point Tunneling Protocol (PPTP)d. Simple Key management for Internet Protocol (SKIP)Answer: b. Reference: Simmons, Fred; Network Security - Data and Voice Com

23、munications; McGraw-Hill; 1997; pg 157.Secure Computing; Rita Summers; McGraw-_Hill; 1997; pg 529.UUCP - an application that allows one Unix timesharing system to copy files to or from another Unix timesharing system over a single connection. UUCP provides the basis for many Unix-based electronic ma

24、il applications.CHAP - uses strong authentication to provide automated identification & authentication of a remote entity.PPTP - creates tunnels for transporting multiprotocol traffic over the Internet.SKIP - enables a TCP/IP host to send an encrypted IP packet to another host without requiring a pr

25、ior message exchange to set up a secure channel.13. Which method is often used to reduce the risk to a local area network that has external connections?a. Passwordsb. Firewallc. Dial-upd. Fiber opticsAnswer: b.Reference: Internet Security; Professional Reference; New Riders; Varnors; 1996; pg 197.Di

26、scussion:Answer a - wrong - passwords are used for authentication.Answer b - correct - firewalls provide a resistance to attacks from the outside - none of the others do.Answer c - wrong - dial-up does not provide protection , only provides remote access that can be spoofed.Answer d - wrong - fiber

27、optics is a transport mechanism & doesnt provide protection.14. Which one of the following TCP/IP protocols uses a “connected” session?a. TCPb. ICMPc. UDPd. IPAnswer: a. (Reference: Simmons, Fred, Network Security - Data and Voice Communications, 1996, McGraw Hill, pg 218-219 and Socolofski and Kale

28、, IETF RFC 1180, January 1991, pg 24)TCP - Transmission Control ProtocolICMP - Internet Control Message ProtocolUDP - User Datagram ProtocolIP - Internet Protocol15. IPSEC (IP Security), S-HTTP (Secure-HTTP) and SSL (Secure Socket Layer) are examples ofa. Secure Multi-purpose Internet Mail Extension

29、s (S/MIME).b. Secure Internet protocols.c. Intranet transaction protocols.d. Application protocol interfaces.Answer: b.Reference: HISM 99; Krause/Tipton; Auerbach; 1998; pg 387.Discussion:Answer a - wrong - S/MIME is also a secure Internet protocol.Answer b - correct - all are used on the Internet t

30、o secure transmissions.Answer c - wrong - IPSEC is not transaction related; it will work with both connection & connectionless.Answer d - wrong - interfaces (i.e., API) are the connection points into a protocol. The items mentioned are full protocols.16. Which of the following is the PRIMARY objecti

31、ve of a firewall?a. Protect one network from another.b. Prevent IP traffic from going out of the network.c. Block SNA traffic.d. Monitor network traffic.Answer: a.Reference: HISM 99; Krause/Tipton; Auerbach; 1998; pg 96-103.Discussion:Answer a - correct.Answer b - wrong - a firewall may prevent some

32、 IP traffic but if it prevented all traffic, it would serve the same purpose as disconnecting.Answer c - wrong - SNA traffic is to specific to be the primary purpose.Answer d - wrong - this is a secondary result of processing data for the protected network.17. Which of the following proxies does NOT examine service commands (e.g. F