Net Auth ch 11-17
What are two characteristics of an IPS operating in promiscuous mode? (Choose two.)
It requires the assistance of another network device to respond to an attack. It does not impact the flow of packets in forwarded traffic
What is a minimum system requirement to activate Snort IPS functionality on a Cisco router?
K9 license
At which layer of the OSI model does Spanning Tree Protocol operate?
Layer 2
What is the result of a DHCP starvation attack?
Legitimate clients are unable to lease IP addresses.
Which algorithm can ensure data integrity?
MD5
What technology has a function of using trusted third-party protocols to issue credentials that are accepted as an authoritative identity?
PKI certificates
Two devices that are connected to the same switch need to be totally isolated from one another. Which Cisco switch security feature will provide this isolation?
PVLAN Edge
What is an example of the one-time pad cipher?
RC4
Which protocol should be used to mitigate the vulnerability of using Telnet to remotely manage network devices?
SSH
Which tool can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks?
Snort
Which Snort IPS feature enables a router to download rule sets directly from cisco.com or snort.org?
Snort rule set pull
What two internal LAN elements need to be secured? (Choose two.)
Switches IP phones
What are two properties of a cryptographic hash function? (Choose two.)
The output is a fixed length. The hash function is one way and irreversible.
What is the behavior of a switch as a result of a successful CAM table attack?
The switch will forward all received frames to all other ports.
Two users must authenticate each other using digital certificates and a CA. Which option describes the CA authentication procedure?
The users must obtain the certificate of the CA and then their own certificate.
Why are traditional network security perimeters not suitable for the latest consumer-based network endpoint devices?
These devices are more varied in type and are portable.
Which statement describes asymmetric encryption algorithms?
They are relatively slow because they are based on difficult computational algorithms.
What Layer 2 attack is mitigated by disabling Dynamic Trunking Protocol?
VLAN hopping
What is a network tap?
a passive device that forwards all traffic and physical layer errors to an analysis device
What is PulledPork?
a rule management application that can be used to automatically download Snort rule updates
Which command is used as part of the 802.1X configuration to designate the authentication method that will be used?
aaa authentication dot1x
What is contained in an OVA file?
an installable version of a virtual machine
What are two examples of traditional host-based security measures? (Choose two.)
antimalware software host-based IPS
Which term describes the role of a Cisco switch in the 802.1X port-based access control?
authenticator
What is provided by the fail open and close functionality of Snort IPS?
blocks the traffic flow or bypasses IPS checking in the event of an IPS engine failure
What are two characteristics of both IPS and IDS sensors? (Choose two.)
both can detect atomic patterns both use signatures to detect patterns
How can DHCP spoofing attacks be mitigated?
by implementing DHCP snooping on trusted ports
an IPS service enabled on first gen ISRs that is no longer supported
cisco IOS IPS
a dedicated inline threat prevention appliance
cisco firepower next gen IPS
an IPS service enabled on a second gen ISR
cisco snort IPS
Which two ports can send and receive Layer 2 traffic from a community port on a PVLAN? (Choose two.)
community ports belonging to the same community promiscuous ports
testing the strength of security by breaking secret codes
cryptanalysis
indivuduals who try to crack secret codes
cryptanalyst
the development and use of codes
cryptography
the sceince of making and breaking secret codes
cryptology
As data is being stored on a local hard disk, which method would secure the data from unauthorized access?
data encryption
The following message was encrypted using a Caesar cipher with a key of 2: fghgpf vjg ecuvng What is the plaintext message?
defend the castle
blocks and logs the packet
drop
What are two actions that an IPS can perform whenever a signature detects the activity for which it is configured? (Choose two.)
drop or prevent the activity allow the activity
In an 802.1x deployment, which device is a supplicant?
end-user station
an IPS solution that requires a promiscous port and an external snort IDS/IPS
external snort IPS server
A network administrator is trying to download a valid file from an internal server. However, the process triggers an alert on a NMS tool. What condition describes this alert?
false positive
In a hierarchical CA topology, where can a subordinate CA obtain a certificate for itself?
from the root CA or another subordinate CA at a higher level
Which three security services are provided by digital signatures? (Choose three.)
guarantees data has not changed in transit provides data encryption authenticates the source
Which IPS signature trigger category uses a decoy server to divert attacks away from production devices?
honey pot-based detection
Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?
integrity
What is a characteristic of the Community Rule Set type of Snort term-based subscriptions?
it is available for free
What is a characteristic of the connectivity policy setting when configuring Snort threat protection?
it provides the lowest level of protection
In which method used in cryptanalysis does the attacker know a portion of the plaintext and the corresponding ciphertext?
meet-in-the-middle
What situation will generate a true negative IPS alarm type?
normal traffic that is correctly being ignored and forwarded
A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?
origin authentication
What type of data does the DLP feature of Cisco Email Security Appliance scan in order to prevent customer data from being leaked outside of the company?
outbound messages
ignores the packet
pass
What is another name for confidentiality of information?
privacy
Which two items are used in asymmetric encryption? (Choose two.)
private key public key
Alice and Bob are using a digital signature to sign a document. What key should Alice use to sign the document so that Bob can make sure that the document came from Alice?
private key from Alice
blocks and logs the packet and sends a TCP reset or ICMP port unreachable message
reject
blocks but does not log the packet
sdrop
An 802.1X client must authenticate before being allowed to pass data traffic onto the network. During the authentication process, between which two devices is the EAP data encapsulated into EAPOL frames? (Choose two.)
supplicant (client) authenticator (switch)
What device is considered a supplicant during the 802.1X authentication process?
the client that is requesting authentication
What is the keyspace of an encryption algorithm?
the set of all possible values used to generate a key
What information must an IPS track in order to detect attacks matching a composite signature?
the state of packets related to the attack
A network administrator is configuring DAI on a switch with the command ip arp inspection validate dst-mac . What is the purpose of this configuration command?
to check the destination MAC address in the Ethernet header against the target MAC address in the ARP body
What is the goal of the Cisco NAC framework and the Cisco NAC appliance?
to ensure that only hosts that are authenticated and have had their security posture examined and approved are permitted onto the network
What is the purpose for using digital signatures for code signing?
to verify the integrity of executable files downloaded from a vendor website
A company implements 802.1X security on the corporate network. A PC is attached to the network but has not authenticated yet. Which 802.1X state is associated with this PC?
unauthorized
What are two symmetric encryption algorithms? (Choose two.)
3DES AES
Which protocol defines port-based authentication to restrict unauthorized hosts from connecting to the LAN through publicly accessible switch ports?
802.1x
What is involved in an IP address spoofing attack?
A legitimate network IP address is hijacked by a rogue node.
What popular encryption algorithm requires that both the sender and receiver know a pre-shared key?
AES
A network administrator uses the spanning-tree loopguard default global configuration command to enable Loop Guard on switches. What components in a LAN are protected with Loop Guard?
All point-to-point links between switches.
Which procedure is recommended to mitigate the chances of ARP spoofing?
Enable DHCP snooping on selected VLANs.
What is an advantage of HIPS that is not provided by IDS?
HIPS protects critical system resources and monitors operating system processes.
An IT enterprise is recommending the use of PKI applications to securely exchange information between the employees. In which two cases might an organization use PKI applications to securely exchange information between users? (Choose two.)
HTTPS web service 802.1x authentication
What technology supports asymmetric key encryption used in IPsec VPNs?
IKE
Which Cisco solution helps prevent MAC and IP address spoofing attacks?
IP Source Guard
What is the purpose of a digital certificate?
It authenticates a website and establishes a secure connection to exchange confidential data.
What is an advantage of using an IPS?
It can stop trigger packets.
Which statement describes the function of the SPAN tool used in a Cisco switch?
It copies the traffic from one switch port and sends it to another switch port that is connected to a monitoring device.
What is a characteristic of an IDS?
It often requires assistance from other network devices to respond to an attack.