17. B. Pretty Good Privacy PGP is a public-private key system that uses the IDEA algorithm to

encrypt files and e-mail messages. PGP is not a standard but rather an independently developed product that has wide Internet grassroots support.

18. A. PAP, or Password Authentication Protocol, is a standardized authentication protocol for

PPP. PAP transmits usernames and passwords in the clear. It offers no form of encryption. It sim- ply provides a means to transport the logon credentials from the client to the authentication server.

19. B. Frame Relay is a layer 2 connection mechanism that uses packet-switching technology to

establish virtual circuits between the communication endpoints. The Frame Relay network is a shared medium across which virtual circuits are created to provide point-to-point communica- tions. All virtual circuits are independent of and invisible to each other.

20. B. The 169.254.x.x. subnet is in the APIPA range, which is not part of RFC 1918. The addresses

in RFC 1917 are 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, and 192.168.0.0– 192.168.255.255. Chapter 4 Communications Security and Countermeasures THE CISSP EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE: Communications Security Techniques Packet and Circuit Switching WAN Technologies E-Mail Security Facsimile Security Secure Voice Communications Security Boundaries Network Attacks and Countermeasures Data residing in a static form on a storage device is fairly simple to secure. As long as physical access control is maintained and reasonable logical access controls are implemented, stored files remain confidential, retain their integrity, and are available to authorized users. However, once data is used by an application or transferred over a network connection, the process of securing it becomes much more difficult. Communications security covers a wide range of issues related to the transportation of elec- tronic information from one place to another. That transportation may be between systems on opposite sides of the planet or between systems on the same business network. Data becomes vulnerable to a plethora of threats to its confidentiality, integrity, and availability once it is involved in any means of transportation. Fortunately, many of these threats can be reduced or eliminated with the appropriate countermeasures. Communications security is designed to detect, prevent, and even correct data transportation errors i.e., integrity protection. This is done to sustain the security of networks while support- ing the need to exchange and share data. This chapter takes a look at the many forms of com- munications security, vulnerabilities, and countermeasures. The Telecommunications and Network Security domain for the CISSP certification exam deals with topics of communications security and vulnerability countermeasures. This domain is discussed in this chapter and in the preceding chapter Chapter 3. Be sure to read and study the materials from both chapters to ensure complete coverage of the essential material for the CISSP certification exam. Virtual Private Network VPN A virtual private network VPN is simply a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an intermediary network. Most VPNs use encryption to protect the encapsulated traffic, but encryption is not necessary for the con- nection to be considered a VPN. VPNs are most commonly associated with establishing secure communication paths through the Internet between two distant networks. However, VPNs can exist anywhere, including within private networks or between end-user systems connected to an ISP. VPNs provide confidentiality and integrity over insecure or untrusted intermediary net- works. VPNs do not provide or guarantee availability.