20. Which of the following identifies calls originating from nonexistent telephone extensions to detect voice-mail fraud?

a. Antihacker software

b. Call-accounting system

c. Antihacker hardware

d. Toll-fraud monitoring system

20. b. A call-accounting system can indicate calls originating from nonexistent “phantom” telephone extensions or trunks. Along with misconfigured voice-mail systems, unused telephone extensions and uncontrolled maintenance ports are key reasons for voice-mail fraud.

Call-accounting systems provide information about hacking patterns. Antihacker software and hardware can provide multilevel passwords and a self-destruct feature that enables users to delete all messages in their mailboxes if they forget their password. Toll-fraud monitoring systems enable you to catch the voice hacker’s activities quickly as the fraud is taking place.

21. Which of the following voice-mail fraud prevention controls can be counterproductive and at the same time counterbalancing?

1. Turning off direct inward system access ports during nonworking hours

2. Separating internal and external call-forwarding privileges

3. Implementing call vectoring

4. Disconnecting dial-in maintenance ports

a. 1 and 2

b. 1 and 4

c. 3 and 4

d. 2 and 3

21. b. Direct inward system access (DISA) is used to enable an inward calling person access to an outbound line, which is a security weakness when not properly secured. Because hackers work during nonworking hours (evenings and weekends), turning off DISA appears to be a preventive control. However, employees who must make business phone calls during these hours cannot use these lines. They have to use their company/personal credit cards when the DISA is turned off. Similarly, disconnecting dial-in maintenance ports appears to be a preventive control; although, hackers can get into the system through these ports.

Emergency problems cannot be handled when the maintenance ports are disabled. Turning off direct inward system access (DISA) ports during nonworking hours and disconnecting dial-in maintenance ports are counterproductive and counterbalancing.

By separating internal and external call-forwarding privileges for internal lines, an inbound call cannot be forwarded to an outside line unless authorized. Call vectoring can be implemented by answering a call with a recorded message or nothing at all, which may frustrate an attacker. Separating internal and external call-forwarding privileges and implementing call vectoring are counterproductive and balancing.

22. Regarding instant messaging (IM), which of the following is an effective countermeasure to ensure that the enclave users cannot connect to public messaging systems?

a. Disable file-sharing feature

b. Restrict IM chat announcements

c. Block ports at the enclave firewall

d. Install antivirus software

22. c. Blocking ports at the enclave firewall ensures that enclave users cannot connect to public messaging systems. Although a firewall can be effective at blocking incoming connections and rogue outgoing connections, it can be difficult to stop all instant messaging (IM) traffic connected to commonly allowed destination ports (e.g., HTTP, Telnet, FTP, and SMTP), thus resulting in a bypass of firewalls. Therefore, domain names or IP addresses should be blocked in addition to port blocking at a firewall.

IM also provides file-sharing capabilities, which is used to access files on remote computers via a screen name which could be infected with a Trojan horse. To launch malware and file-sharing attacks, an attacker may use the open IM ports because he does not need new ports. Therefore, the file-sharing feature should be disabled on all IM clients.

Restricting IM chat announcements to only authorized users can limit attackers from connecting to computers on the network and sending malicious code. IM is a potential carrier for malware because it provides the ability to transfer text messages and files, thereby becoming an access point for a backdoor Trojan horse. Installing antivirus software with plug-ins to IM clients and scanning files as they are received can help control malware.

23. What do terminating network connections with internal and external communication sessions include?

1. De-allocating associated TCP/IP addresses and port pairs at the operating system level

2. Logically separating user functionality from system management functionality

3. De-allocating networking assignments at the application system level

4. Isolating security functions from nonsecurity functions at boundaries

a. 1 and 2

b. 1 and 3

c. 2 and 4

d. 1, 2, 3, and 4

23. b. An information system should terminate the internal and external network connection associated with a communications session at the end of the session or after a period of inactivity. This is achieved through de-allocating addresses and assignments at the operating system level and application system level.

24. In a wireless local-area network (WLAN) environment, what is a technique used to ensure effective data security called?

a. Message authentication code and transponder

b. Transmitting in different channels and message authentication code

c. Transmitting on different channels and enabling encryption

d. Encryption and transponder

24. c. In a wireless local-area network (WLAN) environment, transmitting in different channels at the same time or different times ensures that an intruder cannot predict the transmission patterns. Data can be compared from different channels for completeness and accuracy. In addition, data encryption techniques can be used for encrypting all wireless traffic and for highly secure applications. It is true that anyone with the appropriate receiver device can capture the signal transmitted from one unit to another.

A message authentication code is not applicable here because it is a process for detecting unauthorized changes made to data transmitted between users or machines or to data retrieved from storage. A transponder is not applicable here because it is used in satellites to receive a signal, to change its frequency, and to retransmit it.

25. Synchronization of file updates in a local-area network environment cannot be accomplished by using which of the following?

a. File locks

b. Record locks

c. Semaphores

d. Security labels

25. d. Security labels deal with security and confidentiality of data, not with file updates. A security label is a designation assigned to a system resource such as a file, which cannot be changed except in emergency situations. File updates deal with the integrity of data. The unique concept of a local-area network (LAN) file is its capability to be shared among several users. However, security controls are needed to assure synchronization of file updates by more than one user.