Chp 10 & 11
A threat actor changes the MAC address of the threat actor's device to the MAC address of the default gateway.
>Address spoofing<< ARP spoofing STP attack CDP reconnaissance
A threat actor leases all the available IP addresses on a subnet. What type of attack is this?
>DHCP starvation< STP attack Address spoofing CDP reconnaissance
What would be the primary reason a threat actor would launch a MAC address overflow attack?
>>So that the threat actor can see frames that are destined for other devices<< So that the threat actor can execute arbitrary code on the switch. So that the switch stops forwarding traffic So that legitimate hosts cannot obtain a MAC address
What mitigation technique must be implemented to prevent MAC address overflow attacks?
>Port Security< IPSG DAI DHCP snooping
requests identifying information from the client, verifies that information with the authentication server, and relays a response to the client.
Authenticator
Which AAA component is responsible for determining what the user can access?
Authorization
This is a device running 802.1X-compliant client software
Supplicant
Common protocols which are insecure
Syslog, Simple Network Management Protocol (SNMP), Trivial File Transfer Protocol (TFTP), telnet, File Transfer Protocol (FTP)
What is the behavior of a switch as a result of a successful MAC address table attack?
The switch will forward all received frames to all other ports within the VLAN
Which of the following is a function of a Cisco WSA?
URL categorization
provides a secure connection to remote users across a public network and into the enterprise network
VPN enabled router
Which device monitors HTTP traffic to block access to risky sites and encrypt outgoing messages?
WSA
Proving you are who you say you are
Authentication
Which of the following mitigation techniques prevents ARP spoofing and ARP poisoning attacks?
DAI
What is the best way to prevent a VLAN hopping attack?
Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports
Which device is specifically designed for network security?
NGFW (New-generation Firewall)
Which of the following mitigation techniques prevents many types of attacks including MAC address table overflow and DHCP starvation attacks?
Port Security
DAI (Dynamic ARP Inspection)
Prevents ARP spoofing and ARP poisoning attacks.
IPSG (IP Source Guard)
Prevents MAC and IP address spoofing attacks.
Secure variants of common management protocols
SSH, Secure Copy Protocol (SCP), Secure FTP (SFTP), and Secure Socket Layer/Transport Layer Security (SSL/TLS).
VLAN Hopping attack
enables traffic from one VLAN to be seen by another VLAN without the aid of a router.
Which of the following is NOT a function of the Cisco ESA?
encryption and decryption of web traffic
validates the identity of the client and notifies the switch or wireless access point that the client is or is not authorized to access the LAN and switch services
Authentication Server
In an 802.1X implementation, which device is responsible for relaying responses?
Authenticator
Which of the following mitigation techniques prevents DHCP starvation and DHCP spoofing attacks?
DHCP Snooping
an attack in which an organization's data servers or hosts are compromised to steal confidential information.
Data Breach
Which device monitors SMTP traffic to block threats and encrypt outgoing messages to prevent data loss?
ESA
Which of the following mitigation techniques prevents MAC and IP address spoofing?
IPSG
Related to security, this is considered to be the weakest link/layer of the OSI model
Layer 2 (Data Link layer)
A threat actor sends a BPDU message with priority 0. What type of attack is this?
A) STP attack<correct answer B) DHCP starvation C) Address spoofing D) ARP spoofing
What is a recommended best practice when dealing with the native VLAN?
Assign it to an unused VLAN
Which AAA component is responsible for controlling who is permitted to access the network?
Authentication
