test ch 8-11

Which hexadecimal block in an IPv6 address is is used for the Subnet ID?

fourth block

Which formulas can be used to calculate the magic number?

256-(interesting octet) and 2^h

What is the formula for determining the number of possible hosts on a network?

2^h-2=y

What is the least number of bits you would need to borrow from the network portion of a class B subnet mask to get at least 130 hosts per subnet?

8 bits

White-hat hackers (ethical hackers)

break into systems for non-malicious reasons, such as to test system security vulnerabilities or to expose undisclosed weaknesses

black hat hackers

break into systems to destroy information or for illegal gain

A DNS record spreads to other DNS servers. What kind of attack is this?

DNS poisoning

S H A-2 and S H A-3 are often implemented together for what reason?

increased security

Which command on an Arista switch too many devices try to connect to a port?

switchport port security

MFA

requires 2 or more peices of identification

reverse proxy

routes incoming requests to the correct server

What's the essential difference between an IPS and an IDS?

IDS will detect and log suspicious activity. An IPS prevents traffic from reaching the protected network or host.

NGFW

Next Generation FireWall. Originating as a marketing term from Palo Alto Networks, NGFW means a very smart firewall that understands Application Layer (layer 7) protocols.

Why is a BPDU filter needed at the demark?

The ISP's STP related topology information shouldn't be mixed with a corporate networks STP related topology network.

Distributed DoS (D DoS) attack

Orchestrated through several sources, called zombies

What kind of ticket is help by KErbero's TGS?

TGT

The_____________command is used to assign a statement to an already-installed A C L

access-list

deauthentication attack

A form of wi-fi DoS attack.

VLAN functions at which layer?

Layer 2

Firewall

(computing) a security system consisting of a combination of hardware and software that limits the exposure of a computer or computer network to attack from crackers

How many bits of a class A IP address are used for host information?

24

Distributed reflector DoS (D R D S) attack

A D DoS attack bounced off of uninfected computers, called reflectors, before being directed at target

DHCP relay agent

A DHCP configuration that provides DHCP service to multiple VLANs. The relay agent receives a DHCP-related message, then creates its own message to send the specified DHCP traffic beyond the broadcast domain.

DRDoS attack

A Distributed Reflective Denial of Service attack prevents normal or legitimate activity by consuming resources or bandwidth using an amplification network to increase the severity of the attack. Smurf and fraggle attacks are DRDOS attacks where a spoofed packet is sent to a network (bounce site) that reflects the packet multiple times, or amplifies the reflection, to the victim. This floods the system with traffic preventing legitimate activities or transactions to occur. A single attacker directed against a single target. Preventing legitimate authorized access to a resource is the goal of a distributed reflective denial of service attack.

Data VLAN

A VLAN used by typical data devices connected to an Ethernet, like PCs and servers. Used in comparison to a Voice VLAN.

Unmanaged Switch

A basic Layer 2 switch. This will work simply by plugging it in and connecting it. It is not configurable.

VLSM (Variable Length Subnet Mask)

A classless subnet mask that can be customized to a different length for each subnet based on the number of nodes on that subnet.

logic bomb

A computer program or part of a program that lies dormant until it is triggered by a specific logical event.

grey hat hackers

A cross between black and white—they will often illegally break into systems merely to flaunt their expertise to the administrator of the system they penetrated or to attempt to sell their services in repairing security breaches.

packet-filtering firewall

A firewall that examines each packet and determines whether to let the packet pass. To make this decision, it examines the source address, the destination addresses, and other data.

switch spoofing

A malicious host uses DTP to masquerade as a switch, with the goal of negotiating a trunk link and gaining access to additional VLANs.

Honeynet

A network of honeypots.

Nmap

A network utility designed to scan a network and create a map. Frequently used as a vulnerability scanner.

Metasploit

A penetration-testing tool that combines known scanning techniques and exploits to explore potentially new types of exploits.

Trunk Port

A port on a switch configured to carry all data, regardless of VLAN number, between all switches in a LAN.

Default VLAN

A preconfigured VLAN on a switch that includes all of the switch's ports and cannot be renamed or deleted. The switch might be preconfigured with other VLANs as well, depending on the device and manufacturer.

Spanning Tree Protocol (STP)

A protocol that uses the Spanning Tree algorithm, allowing a switch to dynamically work around loops in a network topology by creating a spanning tree. Switches exchange bridge protocol data unit (BPDU) messages with other switches to detect loops and then remove the loops by blocking selected switch interfaces.

Rogue D H C P server

A rogue D H C P server running on a client device could be used to implement a type of MitM attack

proxy server

A server that acts as an intermediary between a user and the Internet.

CIDR notation

A shorthand method for denoting the distinction between network and host bits in an IP address.

Managed Switch

A switch that can be configured via a command-line interface and sometimes can be configured in groups. Usually, they are assigned their own IP addresses. VLANs can only be implemented through managed switches.

IDS (Intrusion Detection System)

A system designed to monitor traffic and detect attacks.

Network Access Control (NAC)

A technique that examines the current state of a system or network device before it is allowed to connect to the network.

Insider Threat

A threat to an organization that comes from employees, contractors, and anyone else that may have willingly been given insider knowledge.

Which of the following is not one of the three AAA services provided by RADIUS and TACACS+?

Access Control

What feature of Windows Server allows for agentless authentication?

Active directory

What software might be installed on a device in order to authenticate it to the network?

Agent

User awareness

An NGFW (Next Generation Firewall) feature that adapts a firewall's configuration to the class of a specific user or user group.

posture assessment

An assessment of an organization's security vulnerabilities. Posture assessments should be performed at least annually and preferably quarterly—or sooner if the network has undergone significant changes. For each risk found, it should rate the severity of a potential breach, as well as its likelihood of happening.

security audit

An assessment performed by a company that has been accredited by an agency that sets network security standards

Phishing

An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information

DNS poisoning

An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device.

Kerberos

An authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.

Native VLAN

An untagged VLAN on a switch that will automatically receive all untagged frames. Options for native VLANs vary according to the switch manufacturer and model.

VTP (VLAN Trunking Protocol)

Cisco's protocol for exchanging VLAN information over trunks. VTP allows one switch on a network to centrally manage all VLANs.

Denial-of-service (DoS) attack

Hacker issues flood of broadcast ping messages

five subtypes of Dos attacks

DDOS DRDS DRSoS PDoS Friendly DoS

Double tagging attack

Hacker stacks V LAN tags in Ethernet frames

Any traffic that is not explicitly permitted in the ACL is ________ which is called__________.

Dropped; implicit deny

Segmentation accomplishes What?

Enhance security Improve performance Simplify troubleshooting

what causes most firewall failures

Firwall misconfiguration

Networks are commonly segmented according to one of the following groupings:

Geographic locations Departmental boundaries Device types

security token

Hardware device that must be present during login to authenticate a user.

What characteristic of ARP makes it particularly vulnerable to being used in a DoS attack?

It performs no authentication.

Active Directory and 389 Directory Server are both compatible with which directory access protocol?

LDAP

On which networking device do you configure VLANS?

Layer 2 switch

subnetting happens at which layer?

Layer 3

At what layer do proxy servers operate?

Layer 7 application layer.

MDM software

Mobile Device Management software

Unified Threat Management (UTM)

Network hardware that provides multiple security functions.

RADIUS (Remote Authentication Dial-In User Service):

Open-source and standardized by the I E T F Runs in the Application layer and can use either U D P or T C P in the Transport layer Can operate as application on remote access server Or on dedicated RADIUS server Highly scalable May be used to authenticate wireless, mobile, and remote users RADIUS services are often combined with other network services on a single machine

What kinds of issues might indicate a misconfigured ACL?

Problems with performance between two hosts or when some applications or ports can make the connection while others cant.

Worms

Programs that run independently and travel between computers and across networks

Non-security devices with security features

Proxy servers and A C Ls

What are the two primary features that give proxy servers an advantage over NAT?

Proxy servers function at the application layer rather than lower at the network layer. They also improve performance for users accessing resources external to their network by caching filing.

RBAC

Role-based access control. An access control model that uses roles to define access and it is often implemented with groups. A user account is placed into a role, inheriting the rights and permissions of the role. Other access control models are MAC and DAC.

Only one _______ exsits on a network using STP?

Root bridge.

Which form of SHA was developed by private designers?

SHA-3

SHA

Secure Hashing Algorithm Most commonly used hashing algorithm Advantage: its resistance to collisions

Back door

Security flaws that allow unauthorized users to gain access to the system

which cisco command lists configured VLANs on a switch?

Show VLAN

Two primary methods for detecting threats:

Statistical anomaly detection and Signature-based detection

TACACS+

Terminal Access Controller Access Control System Plus

802.1Q

The IEEE standard that specifies how VLAN and trunking information appears in frames and how switches and bridges interpret that information.

What unique characteristic of zero-day exploits make them so dangerous?

The Vulnerability is exploited before the software developer has the opportunity to provide a solution for it.

BYOD (bring your own device)

The practice of allowing users to use their own personal devices to connect to an organizational network.

Port Scanning

Type of scanning that might identify the Telnet is running on a server.

A C L (access control list):

Used by routers to decline forwarding certain packets Acts like a filter to instruct the router to permit or deny traffic according to one or more of the following variables: Network layer protocol (e.g., IP or I C M P) Transport layer protocol (e.g., T C P or U D P) Source IP address Destination IP address T C P or U D P port number

Honeypot

Vulnerable computer that is set up to entice an intruder to break into it

application awareness

Which NGFW feature allows a network admin to restrict traffic generated by a specific game?

What features is common to both an NGFW and traditional firewalls?

application control

what kind of firewall blocks traffic based on application data contained within the packets?

contenting filtering firewall

What do well-chosen subnets accomplish?

network documentation is easier

Two types of agents

non persistent or disolvable and persistent

Intrusion Prevention System (IPS)

software or hardware that monitors patterns in the traffic flow to identify and automatically block attacks

exploit

take advantage of a vulnerability

Which of the following is not a good reason to segment a network?

to increase the number of networking devices

2FA

two-factor authentication--requires something you provide and something you know.

Three types of attack simulations

vulnarbility scanning, penetration testing and red team- blue team exercise

What kind of ticket is help by KErbero's TGS?

wireless