DoS is the prevention of authorized access to resources or the delaying of time-critical operations. DoS results from DoQ. QoS is related to QoP and DoS which, in turn, relates to DoQ. Therefore, QoS, QoP, QA, QC, DoQ, and DoS are related to each other.

2. The first step toward securing the resources of a local-area network (LAN) is to verify the identities of system users. Organizations should consider which of the following prior to connecting their LANs to outside networks, particularly the Internet?

a. Plan for implementing locking mechanisms.

b. Plan for protecting the modem pools.

c. Plan for considering all authentication options.

d. Plan for providing the user with his account usage information.

2. c. The best thing is to consider all authentication options, not just using the traditional method of passwords. Proper password selection (striking a balance between being easy to remember for the user but difficult to guess for everyone else) has always been an issue. Password-only mechanisms, especially those that transmit the password in the clear (in an unencrypted form) are susceptible to being monitored and captured. This can become a serious problem if the local-area network (LAN) has any uncontrolled connections to outside networks such as the Internet. Because of the vulnerabilities that still exist with the use of password-only mechanisms, more robust mechanisms such as token-based authentication and use of biometrics should be considered.

Locking mechanisms for LAN devices, workstations, or PCs that require user authentication to unlock can be useful to users who must frequently leave their work areas (for a short period of time). These locks enable users to remain logged into the LAN and leave their work areas without exposing an entry point into the LAN.

Modems that provide users with LAN access may require additional protection. An intruder that can access the modem may gain access by successfully guessing a user password. The availability of modem use to legitimate users may also become an issue if an intruder is allowed continual access to the modem. A modem pool is a group of modems acting as a pool instead of individual modems on each workstation. Modem pools provide greater security in denying access to unauthorized users. Modem pools should not be configured for outgoing connections unless access can be carefully controlled.

Security mechanisms that provide a user with his account usage information may alert the user that the account was used in an abnormal manner (e.g., multiple login failures). These mechanisms include notification such as date, time, and location of the last successful login and the number of previous login failures.

3. Which of the following attacks take advantage of dynamic system actions and the ability to manipulate the timing of those actions?

a. Active attacks

b. Passive attacks

c. Asynchronous attacks

d. Tunneling attacks

3. c. Asynchronous attacks take advantage of dynamic system activity to get access. User requests are placed into a queue and are satisfied by a set of predetermined criteria. An attacker can penetrate the queue and modify the data that is waiting to be processed or printed. He might change a queue entry to replace someone else’s name or data with his own or to subvert that user’s data by replacing it. Here, the time variable is manipulated.

With an active attack, the intruder modifies the intercepted messages with the goal of message modification. An effective tool for protecting messages against both active and passive attacks is cryptography.

With a passive attack, an intruder intercepts messages to view the data. This intrusion is also known as eavesdropping.

Tunneling attacks use one data transfer method to carry data for another method. It may carry unauthorized data in legitimate data packets. It exploits a weakness in a system at a low level of abstraction.

4. Routers, which are network connectivity devices, use which of the following?

a. Sink tree and spanning tree

b. Finger table and routing table

c. Fault tree and decision tree

d. Decision table and truth table

4. a. A sink tree shows the set of optimal routes from all sources to a given destination, rooted at the destination. A sink tree does not contain any loops, so each packet is delivered within a finite and bounded number of hops. The goal of all routing algorithms is to identify and use the sink trees for all routers. A spanning tree uses the sink tree for the router initiating the broadcast. A spanning tree is a subset of the subnet that includes all the routers but does not contain any loops.

A finger table is used for node lookup in peer-to-peer (P2P) networks. Routers use routing tables to route messages and packets. A fault tree is used in analyzing errors and problems in computer software. A decision tree is a graphical representation of the conditions, actions, and rules in making a decision with the use of probabilities in calculating outcomes. A decision table presents a tabular representation of the conditions, actions, and rules in making a decision. A truth table is used in specifying computer logic blocks by defining the values of the outputs for each possible set of input values.

5. Enforcing effective data communications security requires other types of security such as physical security. Which of the following can easily compromise such an objective?

a. Smart cards with PINs

b. Nonreusable passwords

c. Network cabling

d. Last login messages

5. c. Data communications security requires physical security and password controls. The network cables that carry data are vulnerable to intruders. It is a simple matter to tap into cabling and relatively easy to cut the wiring. Therefore, a basic physical security control such as locking up the wiring closet is important.

Smart cards with PINs are incorrect because they do not compromise data communications. They enhance security by using cryptographic keys. Nonreusable passwords are used only once. A series of passwords are generated by a cryptographic secure algorithm and given to the user for use at the time of login. Each password expires after its initial use and is not repeated or stored anywhere. Last login messages are incorrect because they alert unauthorized uses of a user’s password and ID combination.

6. Which of the following refers to closed-loop control to handle network congestion problems?

1. Mid-course corrections are not made.

2. Current state of the network is ignored.

3. Feedback loop is provided.

4. Mid-course corrections are made.

a. 1 only

b. 1 and 2

c. 4 only

d. 3 and 4

6. d. With the open-loop control, when the system is up and running, mid-course corrections are not made, thus ignoring the current states of the network. On the other hand, the closed-loop control is based on the concept of feedback loop with mid-course corrections allowed.

7. Which of the following security threats is not applicable to wireless local-area networks (WLANs)?

a. Message interception

b. System unavailability

c. System unreliability