CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources]

Which of the following objectives are fundamental in the design of SAFE IP telephony networks?

1. Designation of responsibility

2. Quality of service

3. Integration with existing network infrastructure

4. Authentication of users and devices (identity)

5. Flexibility of the design

6. Secure management

What network feature should be deployed throughout the network infrastructure to ensure a successful IP telephony design?

1. QoS

2. ACLs

3. Authentication

4. IDS

5. IPS

Which of the following is one of the key axioms in the SAFE IP telephony design?

1. Security and attack mitigation based on policy

2. Voice and data segmentation

3. User authentication

4. Options for high availability (some designs)

5. Secure management

Which of the following protocols currently are used in IP telephony products?

1. IGMP

2. MGCP

3. SIP

4. CGMP

5. CDP

6. Q.773

7. H.323

Why does a firewall need to be "intelligent" when dealing with H.323 traffic?

1. The firewall must be capable of recognizing the traffic to encrypt it properly.

2. H.323 uses multiple static ports for signaling and media streams, and the firewall needs to know about those.

3. H.323 traffic must be authenticated at the firewall, and, therefore, the firewall needs to be capable of recognizing that traffic.

4. H.323 utilizes multiple dynamic ports for call sessions, and the firewall must be capable of determining those ports from the signaling channel.

5. H.323 cannot use NAT, and, therefore, the firewall must be capable of identifying H.323 traffic appropriately.

Which of the following is a tool that you can use to reconstruct a voice conversation?

1. dsniff

2. TCPdump

3. ARPwatch

4. VOMIT

5. MITM

Which of the following are legitimate connections that should be allowed through the stateful firewall protecting the call-processing manager?

1. PC web browser connecting to voice-mail server

2. IP phone connecting to PC clients in the data segment

3. Call establishment and configuration traffic

4. Browsing of the IP phone web servers by PC clients

5. Connections from IP phones in the voice segment and the voice-mail system

6. Communication between the voice-mail system and the call-processing manager

What are the two most common recommended methods of authentication for IP phones?

1. Device authentication

2. Network authentication

3. Proxy authentication

4. User authentication

5. Null authentication

Security design reliance should be based on which of the following?

1. VLAN segmentation

2. Data sharing between voice and data VLANs

3. Access control

4. Layered security best practices

5. Multicast join restriction

Which of the following are services provided by the edge router in the small IP telephony design?

1. VLAN segmentation

2. Stateful firewalling

3. NAT

4. QoS

5. All of these answers are correct

What is the purpose of the call-processing manager in each of the SAFE IP telephony designs?

1. The call-processing manager provides data services to IP telephony devices in the module.

2. The call-processing manager provides voice services to IP telephony devices in the module.

3. The call-processing manager does not provide voice-mail storage in the modules.

4. The call-processing manager provides data storage for the IP phones.

What two basic designs are possible in the small and medium blueprints for IP telephony?

1. Hub

2. Spoke

3. Headend

4. Remote

5. Branch

What is the purpose of the Layer 3 switches in the server module?

1. The switches in the module are not Layer 3 switches; they are Layer 2 switches.

2. No special purpose is assigned to the Layer 3 switches in this module.

3. The Layer 3 switches provide routing and switching services to both voice and data traffic, in addition to filtering, QoS, VLANs, and private VLANs to the servers. They also provide for traffic inspection through the use of integrated NIDS.

4. The Layer 3 switches provide firewall services through the use of an integrated firewall service module.