Monitoring electromagnetic pulse emanations from PCs and CRTs provides a

hacker with that significant

advantage?
A. Defeat the TEMPEST safeguard
B. Bypass the system security application.
C. Gain system information without trespassing
D. Undetectable active monitoring.
Answer: D
Tempest equipment is implemented to prevent intruders from picking up
information through the
airwaves with listening devices. - Shon Harris All-in-one CISSP Certification
Guide pg 192. In
Harris's other book CISSP PASSPORT, she talks about tempest in terms of spy
movies and how
a van outside is listening or monitoring to the activities of someone. This
lends credence to the
answer of C (trespassing) but I think D is more correct. In that all the
listener must do is listen to
the RF. Use your best judgment based on experience and knowledge.
QUESTION 346:
What name is given to the study and control of signal emanations from
electrical and electromagnetic
equipment?
A. EMI
B. Cross Talk
C. EMP
D. TEMPEST
Answer: D
QUESTION 347:
TEMPEST addresses
A. The vulnerability of time-dependent transmissions.
B. Health hazards of electronic equipment.
C. Signal emanations from electronic equipment.
D. The protection of data from high energy attacks.
Answer: C
"Tempest is the study and control of spurious electrical signals that are
emitted by electrical
equipment." Pg 167 Shon Harris: All-In-One CISSP Certification Exam Guide
QUESTION 348:
Which one of the following is the MOST solid defense against interception of a
network
transmission?
A. Frequency hopping
B. Optical fiber
C. Alternate routing
D. Encryption
Answer: B
An alternative to conductor-based network cabling is fiber-optic cable. Fiber-
optic cables
transmit pulses of light rather than electricity. This has the advantage of
being extremely fast and
near impervious to tapping.
Pg 85 Tittel: CISSP Study Guide.
QUESTION 349:
Which of the following media is MOST resistant to tapping?
A. Microwave
B. Twisted pair
C. Coaxial cable
D. Fiber optic
Answer: D
QUESTION 350:
What type of wiretapping involves injecting something into the communications?
A. Aggressive
B. Captive
C. Passive
D. Active
Answer: D
Most communications are vulnerable to some type of wiretapping or
eavesdropping. It can usually be done
undetected and is referred to as a passive attack versus an active attack. -
Shon Harris All-in-one CISSP
Certification Guide pg 649
"(I) An attack that intercepts and accesses data and other information
contained in a flow in a
communication system. (C) Although the term originally referred to making a
mechanical
connection to an electrical conductor that links two nodes, it is now used to
refer to reading
information from any sort of medium used for a link or even directly from a
node, such as
gateway or subnetwork switch. (C) "Active wiretapping" attempts to alter the
data or otherwise
affect the flow; "passive wiretapping" only attempts to observe the flow and
gain knowledge of
information it contains. (See: active attack, end-to-end encryption, passive
attack.)"
http://www.linuxsecurity.com/dictionary/dict-455.html
QUESTION 351:
Why would an Ethernet LAN in a bus topology have a greater risk of
unauthorized
disclosure than switched Ethernet in a hub-and-spoke or star topology?
A. IEEE 802.5 protocol for Ethernet cannot support encryption.
B. Ethernet is a broadcast technology.
C. Hub and spoke connections are highly multiplexed.
D. TCP/IP is an insecure protocol.
Answer: B
Ethernet is broadcast and the question asks about a bus topology vs a SWITCHED
Ethernet.
Most switched Ethernet lans are divided by vlans which contain broadcasts to a
single vlan, but
remember only a layer 3 device can stop a broadcast.
QUESTION 352:
What type of attacks occurs when a smartcard is operating under normal
physical
conditions, but sensitive information is gained by examining the bytes going
to and from
the smartcard?
A. Physical attacks.
B. Logical attacks.
C. Trojan Horse attacks.
D. Social Engineering attacks.
Answer: B
Explanation:
Logical attacks occur when a smartcard is operating under normal physical
conditions,
but sensitive information is gained by examining the bytes going to and from
the
smartcard. One example is the so-called "timing attack" described by Paul
Kocher. In
this attack, various byte patterns are sent to the card to be signed by the
private
key. Information such as the time required to perform the operation and the
number of
zeroes and ones in the input bytes are used to eventually obtain the private
key. There
are logical countermeasures to this attack but not all smartcard manufacturers
have
implemented them. This attack does require that the PIN to the card be known,
so that
many private key operations can be performed on chosen input bytes.
QUESTION 353:
What is an effective countermeasure against Trojan horse attack that targets
smart cards?
A. Singe-access device driver architecture.
B. Handprint driver architecture.
C. Fingerprint driver architecture.
D. All of the choices.
Answer: A
Explanation:
The countermeasure to prevent this attack is to use "single-access device
driver"
architecture. With this type of architecture, the operating system enforces
that only
one application can have access to the serial device (and thus the smartcard)
at any
given time. This prevents the attack but also lessens the convenience of the
smartcard
because multiple applications cannot use the services of the card at the same
time.
Another way to prevent the attack is by using a smartcard that enforces a "one
private
key usage per PIN entry" policy model. In this model, the user must enter
their PIN
every single time the private key is to be used and therefore the Trojan horse
would
not have access to the key.
QUESTION 354: