Effective CISSP Questions

Users report connections to the enterprise information portal (EIP) often timed out because of poor network performance. As a security analyst, you suspect it can be resulted from denial-of-service (DOS) or distributed DOS (DOS) attacks. You connect your laptop to the mirror port of the core switching hub and start capturing traffic in promiscuous mode. Which of the following attack targets is least likely to appear in the captured traffic? (Source: Wentz QOTD)

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D.

The IP addresses of the subnet,

  • Broadcast:
  • Unicast: and
  • Subnet/Network address:

The subnet IP address,, won’t be delivered and captured on the network. IP packets are delivered in the forms of unicast, broadcast, and multicast. Subnet IP addresses won’t be assigned to the IP field, Destination IP Addresses, and delivered as IP packets on the network; they are typically used when configuring routers and transmitted as payloads of routing protocols, e.g., RIP, OSPF, etc.

Forms of Packets (RFC 1812)



Is Subnetting Too Deep for CISSP?

IMHO, it’s a no. I’m afraid it’s the essential concept that a CISSP should know, let alone the ISC2 claims in the CISSP Exam Outline that “CISSP validates an information security professional’s deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization.”

Deep technical and managerial knowledge and experience

CISSP Certification Exam Outline

Mirror Port

The mirror port of a switching hub support port mirroring, “also known as SPAN (Switched Port Analyzer), is a method of monitoring network traffic. With port mirroring enabled, the switch sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packet can be analyzed.” (MiaRec)

Promiscuous Mode

In computer networking, promiscuous mode is a mode for a wired network interface controller (NIC) or wireless network interface controller (WNIC) that causes the controller to pass all traffic it receives to the central processing unit (CPU) rather than passing only the frames that the controller is specifically programmed to receive. This mode is normally used for packet sniffing that takes place on a router or on a computer connected to a wired network or one being part of a wireless LAN. Interfaces are placed into promiscuous mode by software bridges often used with hardware virtualization.

Source: Wikipedia


Source: Wireshark User’s Guide

DoS and DDoS Attacks


A “Denial of Service,” or “DoS” attack, is a category of advanced cyberattack in which a single malicious user denies legitimate users access to a service by blocking or exhausting the resources of a victim system. The DoS is commonly carried out through some form of flooding mechanism, which generates a large volume of network traffic around the area of the target system, resulting in undesirable network congestion and bandwidth utilization. This flooding causes the system to perform too much processing and responding, an aspect called “amplification.”

  • Physical DoS
    • The Smurf Attack
    • The Fraggle Attack
    • The LAND Attack
    • The Tear Drop Attack
    • The Ping of Death
    • DNS Amplification Attack
  • Logical DoS
  • The Permanent DoS Attack


The “Distributed Denial of Service (DDoS) attack differs from a regular DoS attack in that it’s a large-scale, coordinated attack originating from MANY attacking computers. Most DDoS attacks are launched from a bot herder who uses his botnet (hundreds or thousands of compromised “zombie” computers) to attack a target system. Compared to a DoS attack that uses just one attacker, the DDoS attack gives the attacker the ability to wage a larger and more disruptive attack.

Source: DoS and DDoS Attacks: How They’re Executed, Detected, and Prevented


使用者反應連線公司入口網站(EIP)時常因網絡效能不佳而逾時。 作為安全分析人員,您懷疑這可能是由於阻斷式(DoS)或DDoS攻擊造成的。 您將筆電連接到核心交換器的鏡像端口,並開始以混雜(promiscuous)模式截取流量。 以下哪個攻擊目標最不可能出現在截獲的流量中?


My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

Leave a Reply