CISSP PRACTICE QUESTIONS – 20210620

Effective CISSP Questions

You are implementing IT services to support meetings. Participants rely on wireless services to access intranet resources and cast screens. To provide handy and secure wireless services, which of the following is the least concern? (Wentz QOTD)
A. 802.1X
B. Ad hoc mode
C. Captive portals
D. Automatic Private IP Addressing (APIPA)

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Automatic Private IP Addressing (APIPA).

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams, and an informative reference for security professionals.

One example of a captive portal (Source: The Electronic Frontier Foundation)

To provide handy and secure wireless services in terms of access to intranet resources and screencasting:

  • 802.1X provides network access control through EAP, aka EAP over LAN.
  • Captive Portals ensure wireless security and protect privacy.
  • Wireless display standards such as AirPlay (Apple), Miracast (Microsoft), WiDi (Intel), Chromecast (Google), and DLNA (Intel) typically work in ad hoc or peer-to-peer mode. They are now commonly used in projecting computer or device screens. They provide handy services in meeting rooms.

APIPA

APIPA (Automatic Private IP Addressing) is an automation feature for IP addressing, not a concern, which aims to configure the IP address of client computers in a LAN if static or manual IP assignment or DHCP is not available. It’s a common feature of modern operating systems or IT products. It works in the way of zero-configuration; network administrators don’t need to configure it. APIPA uses the following address blocks:

  • IPv4: 169.254.0.0/16
  • IPv6: fe80::/10

However, client computers with APIPA addresses may not be connected to intranet resources.

IPv4 Link-Local addresses are not suitable for communication with devices not directly connected to the same physical (or logical) link, and are only used where stable, routable addresses are not available (such as on ad hoc or isolated networks).

Source: RFC 3927

Captive Portal

A captive portal is a web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources. Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement, acceptable use policy, survey completion, or other valid credentials that both the host and user agree to adhere by. Captive portals are used for a broad range of mobile and pedestrian broadband services – including cable and commercially provided Wi-Fi and home hotspots. A captive portal can also be used to provide access to enterprise or residential wired networks, such as apartment houses, hotel rooms, and business centers.

The captive portal is presented to the client and is stored either at the gateway or on a web server hosting the web page. Depending on the feature set of the gateway, websites or TCP ports can be white-listed so that the user would not have to interact with the captive portal in order to use them. The MAC address of attached clients can also be used to bypass the login process for specified devices.

Source: Wikipedia

Reference


您正在實施 IT 服務來支持會議。 與會者依靠無線服務來訪問內網資源和投屏。 為提供方便且安全的無線服務,以下哪一項最不受關注? (Wentz QOTD)
A. 802.1X
B. Ad hoc 模式
C. 強制門戶 (Captive portals)
D. 自動私有 IP 尋址 (APIPA)


Leave a Reply