Net Auth Final Exam
Which statement describes phone freaking?
A hacker mimics a tone using a whistle to make a free long-distance calls on an analog telephone network.
Which statement describes the characteristics of packet-filtering and stateful firewalls as they relate to the OSI model?
A packet-filtering firewall typically can filter up to the transport layer, whereas a stateful firewall can filter up to the session layer.
Users report to the helpdesk that icons usually seen on the menu bar are randomly appearing on their computer screens. What could be a reason that computers are displaying these random graphics?
A virus has infected the computers
What is a significant characteristic of a virus malware?
A virus is trigged by an event on the host system.
Which two statements are characteristics of a virus?
A virus typically requires end-user activation & A virus can be dormant and then activate at a specific time or date.
When implementing an inbound Internet traffic ACL, what should be included to prevent the spoofing of internal networks?
ACEs to prevent traffic from private address spaces
What is the result in the self-zone if a router is the source or destination of traffic?
All traffic is permitted
What are two actions that an IPS can perform whenever a signature detects the activity for which it is configured?
Allow the activity. Drop or prevent the activity
What three configuration steps must be performed to implement SSH access to a router?
An ip domain name & A user account & A unique hostname
What is the primary means for mitigating virus and trojan horse attacks?
Anti-virus
If AAA is already enabled, which three CLI steps are required to configure a router with a specific view ?
Assign a secret password to the view & Assign commands to the view & Create a view using the parser view view-name cmd
What is a recommended best practice when dealing with the native VLAN?
Assign it to unused vlan
What is an effect if AAA authorization on a device is not configured?
Authenticated users are granted full access rights.
Which technology provides the framework to enable scalable access security?
Authentication, authorization, and accounting - AAA
How does a DoS attack take advantage of the stateful condition of target systems?
By continuously sending packets of unexpected size or unexpected data
Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack?
CDP
What tool is available through Cisco IOS CLI to initiate security audits and to make recommended configuration changes with or without administrator input?
Cisco AutoSecure
Which task is necessary to encrypt the transfer of data between the ACS server and the AAA-enabled router?
Configure the key exactly the same way on the server and the router.
Which security measure is typically found both inside and outside a data center facility?
Continuous video surveillance
What is the only type of traffic that is forwarded by a PVLAN protected port to other protected ports?
Control
The Cisco Network Foundation Protection framework has three functional areas. The ________ plane of a router is responsible for routing packets correctly.
Data
What functional area of the Cisco Network Foundation Protection framework uses protocols such as Telnet and SSH to manage network devices?
Data plane
What packet type is user-generated and forwarded by a router?
Data plane packet
What is the meaning of the principle of minimum trust when used to design network security?
Devices in networks should not access and use one another unnecessarily and unconditionally
Which two tasks are associated with router hardening?
Disabling unused ports and interfaces& Securing administrative access
The ________ action in a Cisco IOS Zone-Based Policy Firewall is similar to a deny statement in an ACL.
Drop
Which ICMP message type should be stopped inbound?
Echo
What is the first required task when configuring server-based AAA authentication?
Enable AAA globally
What are two characteristics of ACLs?
Extended ACLs can filter on destination TCP and UDP ports and Extended ACLs can filter on source and destination IP addresses.
Antivirus software can prevent viruses from entering the network?
False
A network administrator was testing an IPS device by releasing multiple packets into the network. The administrator examined the log and noticed that a group of alarms were generated by the IPS that identified normal user traffic. Which term describes this group of alarms?
False positive
Where is the firewall policy applied when using Classic Firewall?
Interfaces
Which statement accurately characterizes the evolution of network security?
Internal threats can cause even greater damage than external threats
When configuring a method list for AAA authentication, what is the effect of the keyword local?
It accepts a locally configured username, regardless of case
When configuring a method list of AAA authentication, what is the effect of the keyword local?
It accepts a locally configured username, regardless of case.
What is the purpose of the none keyword in an AAA authentication configuration?
It allows users to log into the device without credentials if all other authentication methods fail.
Which statement describes a stateful firewall?
It can determine if the connection is in the initiation, data transfer, or termination phase.
What is a zero-day attack?
It is a computer attack that exploits unreported software vulnerabilities
What is an IPS signature?
It is a set of rules used to detect typical intrusive activity
Why is the username name algorithm-type scrypt secret password command preferred over the username name secret password command?
It uses the SCRYPT algorithm for encrypting passwords
Which statement describes a characteristic of authorization in an AAA solution?
It works similarly to privilege levels and role-based CLI
At which layer of the OSI model does Spanning Tree Protocol operate?
Layer 2
What is involved in an IP address spoofing attack?
Legitimate network IP address is hijacked by a rogue node.
What IOS privilege levels are available to assign for custom user-level privileges?
Levels 2 though 14
What is the biggest issue with local implementation of AAA?
Local implementation does not scale well
A network administrator needs to protect a router against brute force login attempts. What is the correct login-block-for command syntax to disable login for 3 minutes if more than 3 failed attempts are made within a 2-minute period?
Login block-for 180 attempts 3 within 120
Consider the access list command applied outbound on a router serial interface. Access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo reply. What is the effect of applying this access list command?
No traffic will be allowed outbound on the serial interface.
Where would the following ACE be placed? permit icmp any any nd-na
On an IPv6-enabled router interface that connects to another router
Which two statements describe access attacks?
Password attacks can be implemented using brute-force attack methods, Trojan Horses, or packet sniffers & Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or exploit system to execute malicious code.
Which three areas of router security must be maintained to secure an edge router at the network perimeter?
Physical security & Router Hardening & Operating System Security
A network administrator is configuring the triggering mechanism for the network-based IPS by defining a pattern of web surfing activities. The signature is applied across the corporate campus regardless of the type of web browser used. What type of triggering mechanism is being implemented?
Policy-based
Which two types of addresses should be denied inbound on a router interface that attaches to the internet?
Private IP address and any IP address that starts with the number 127
What is one advantage of using a next-generation firewall rather than a stateful firewall?
Proactive rather than reactive protection from Internet threats
Which set of Cisco IOS commands instructs the IPS to compile a signature category named ios_ips into memory and use it to scan traffic?
R1(config)# ip ips signature-category R1(config-ips-category)# category ios_ips basic R1(config-ips-category-action)# retired false
A network administrator is configuring the action type for a specific IPS signature that identifies an attack that contains a specific series of TCP packets. Once detected, the action to be taken is to terminate the current packet and future packets associated with the TCP flow. Which command should be used?
R1(config-sigdef-sig)# event-action deny-connection-inline
Which statement describes a difference between RADIUS and TACAC+?
RADIUS encrypts only the password whereas TACACS+ encrypts all communication.
How does a Cisco Secure ACS improve performance of the TACACS+ authorization process?
Reduces delays in the authorization queries by using persistent TCP sessions
When role based CLI is used, which view is the only view that has the ability to add or remove commands from existing views?
Root
Which of the following can be used to falsify routing information, cause DoS attacks, or cause traffic to be redirected?
Router Protocol Spoofing
Which command releases the dynamic resources associated with the Cisco IOS IPS on a Cisco router?
Router# clear ip ips configuration
Which command helps verify the Cisco IOS IPS configuration?
Router# show ip ips configuration
What is considered a valid method of securing the control plane in the Cisco NFP framework?
Routing protocol authentication
Which OSPF authentication should be used wherever possible, because MD5 authentication is considered vulnerable to attacks?
SHA
Which element of an SNMP implementation can be configured to respond to requests as well as to forward notifications?
SNMP agent
Which Cisco feature sends copies of frames entering one port to a different port on the same switch in order to perform traffic analysis?
SPAN
With IP voice systems on data networks, which two types of attacks target VoIP specifically.
SPIT & Vishing
Which two options provide secure remote access to a router?
SSH & HTTPS
Which Cisco network security tool is a cloud-based service that provides alerts to network professionals about current network attacks?
Security Intelligence Operations
A network security administrator would like to check the number of packets that have been audited by the IPS. What command should the administrator use?
Show ip ips statistics
What would be the primary reason an attacker would launch a MAC address overflow attack?
So that the attacker can see frames that are destined for other hosts
The inspect action in a Cisco IOS Zone-Based Policy Firewall configures Cisco IOS _______ packet inspection.
Stateful
A network administrator configures the alert generation of an IPS device in such a way that when multiple attack packets that match the same signature are detected, a single alert for the first packet is generated and the remaining duplicate alarms are counted, but not sent, for a specific time period. When the specified time period is reached, an alert is sent that indicates the number of alarms that occurred during the time interval. What kind of alert generation pattern is configured?
Summary alerts
Which command is used to configure the PVLAN Edge feature?
Switchport protected
What is a characteristics of TACACS+?
TACACS+ provides authorization of router commands on a per-user or per-group basis
What is hyper jacking?
Taking over a virtual machine hypervisor as part of a data center attack
Which statement identifies an important difference between TACACS+ and RADIUS?
The TACACS+ protocol allows for separation of authentication from authorization.
What is the result if an administrator configures the AAA authorization command prior to creating a user with full access rights?
The administrator is immediately locked out of the system
Which three options describe the phases of worm mitigation?
The containment phase requires the use of incoming and outgoing ACLs on routers and firewalls & The inoculation phase patches uninfected systems with the appropriate vendor patch for the vulnerability & The treatment phase disinfects actively infected systems
After accounting is enabled on an IOS device, how is a default accounting method list applied?
The default accounting method list is automatically applied to all interfaces, except those named accounting method lists.
Refer to the exhibit. As an administrator is configuring an IPS, the error message that is shown appears. What does this error message indicate?
The public crypto key is invalid or entered incorrectly
Why are traditional network security perimeters not suitable for the latest consumer-based network endpoint devices?
These devices are more varied in type and are portable
Refer to the exhibit. A network administrator is configuring an IOS IPS. Which statement describes the IPS signatures that are enabled?
These signatures detect attacks within a single packet
Which statement is a characteristic of a packet filtering firewall?
They are susceptible to IP spoofing
Which two are characteristics of DoS attacks?
They attempt to compromise the availability of a network, host, or application & Examples include smurf attacks and ping of death attacks
What is a disadvantage of network-based IPS devices?
They cannot detect attacks that are launched using encrypted packets
What is the goal of Cisco NAC framework and the Cisco NAC appliance?
To ensure that only hosts that are authenticated and have had their security posture examined and approved are permitted onto the network
What are two reasons for securing the data plane in the Cisco NFP framework?
To protect against DoS attacks & To provide bandwidth control
What is a main purpose of launching an access attack on network systems?
To retrieve data
What are two purposes of launching a reconnaissance attack on a network?
To scan for accessibility & To gather information about the network and devices
Which statement describes a typical security policy for a DMZ firewall configuration?
Traffic that originates from the DMZ interface is selectively permitted to the outside interface.
What port state is used by 802.1X if a workstation fails authorization?
Unauthorized
Which two measures are recommended to mitigate VLAN hopping attacks?
Use a dedicated native VLAN for all trunk ports & Disable trunk negotiation on all ports connecting to workstations
What is a drawback of the local database method of securing device access that can be solved by using AAA with centralized servers?
User accounts must be configured locally on each device, which is an unscalable authentication solution.
Which two methods are used to mitigate VLAN attacks?
Using a dummy VLAN for the native VLAN & Disabling DTP auto negotiation on all trunk ports
Which type of security threat can be described as software that attaches to another program to execute a specific unwanted function?
Virus
Which two network security solutions can be used to mitigate DoS attacks?
Virus scanning, intrusion protection systems
What type of malware has the primary objective of spreading across the network?
Worm