Chapter 7 Network Defense

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Which protocol should you disable on the user access ports of a switch? DTP TCP IPSec PPTP

DTP dynamic trunking protocol

You have configured a NIDS to monitor network traffic. Which of the following describes an attack that is not detected by the NIDS device? Negative False positive Positive False negative

False negative

Which of the following devices does "NOT" examine the MAC address in a frame before processing or forwarding the frame? Hub Router Network interface card (NIC) Switch

Hub

Which of the following solutions would you implement to eliminate switching loops? Intervlan routing Autoduplex CSMA/CD Spanning tree

Spanning Tree

You want to increase the security of your network by allowing only authenticated users to be able to access network devices through a switch. Which of the following should you implement? IPsec Spanning tree Port security 802.1x

802.1x

Which characteristic of a switch can improve bandwidth utilization and reduce the risk of sniffing attacks on the network? A switch filters port traffic based on MAC address. A switch passes broadcasts to all ports. A switch does not pass broadcast traffic to all ports. A switch repeats all received frames to all ports.

A switch filters port traffic based on MAC address.

Which of the following switch attacks associates the attacker's MAC address with the IP address of the victim's devices? Crosssite scripting DNS poisoning MAC spoofing ARP spoofing/poisoning

ARP spoofing/poisoning (mac to ip)

You are concerned about protecting your network from network-based attacks from the Internet. Specially, you are concerned about attacks that have not yet been identified or that do not have prescribed protections. Which type of device should you use? Antivirus scanner Anomaly based IDS Signature based IDS Network based firewall Host based firewall

Anomaly based IDS

What is the most common form of host based IDS that employs signature or pattern matching detection methods? Motion detectors Honey pots Firewalls Antivirus software

Anti-virus software

While deploying a network application, a programmer adds functionally that allows her to access the running program, whithout authentication, to capture debugging data. what type of security weakness does this represent? Privilege escalation Backdoor Weak passwords Buffer overflow

Backdoor

Which of the following is an advantage of using switches to create virtual LANs? Messages are forwarded to all devices on the network. Broadcast traffic travels to a subset of devices rather than to all devices on the network. Traffic is routed between separate networks. Broadcast traffic is routed through the WAN.

Broadcast traffic travels to a subset of devices rather than to all devices on the network.

Which is a typical goal of MAC spoofing? Causing incoming packets to broadcast to all ports Rerouting local switch traffic to a specified destination Causing a switch to enter fail open mode Bypassing 802.1x portbased security

Bypassing 802.1x port-based security

You've just deployed a new Cisco router that a connects several network segments in your Org. What should you do to increase the security of this device? select two Use an SSH client to access the router configuration. Use encrypted type 7 passwords. Use TFTP to back up the router configuration to a remote location. Change the default administrative user name and password. Use a Web browser to access the router configuration using an HTTP connection.

Change the default admin username and password Use an SSH client to access the router configuration

You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the Internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the Internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access point on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the internet. What can you do? Remove the hub and place each library computer on its own access port. Create static MAC addresses for each computer and associate it with a VLAN. Create a VLAN for each group of four computers. Configure port security on the switch

Configure port security on the switch

Which of the following applications typically use 802.1x authentication? select two Controlling access through a wireless access point Controlling access through a switch Authenticating remote access clients Authenticating VPN users through the Internet Controlling access through a router

Controlling access through a wireless access point Controlling access though a switch

Which of the following best describes the concept of virtual LAN? Devices connected by a transmission medium other than cable (i.e. microwave, radio transmissions) Devices in separate networks (i.e. different network addresses) logically grouped as if they were in the same network Devices on different networks that can receive multicast packets Devices on the same network logically grouped as if they were on separate networks

Device on the same network logically grouped as if they were on separate networks

If maintaining confidentiality is of the utmost importance to your organization, what is the best response when an intruder is detected on your network? Disconnect the intruder Delay the intruder Record audit trails about the intruder Monitor the intruder's actions

Disconnect the intruder

Match the fabric zoning implementation on the right with the appropriate description on the left Hard zoning Port zoning Soft zoning The SAN fabric Zone membership The SAN switch is configured

Hard zoning The SAN switch is configured Port zoning Zone membership Soft zoning The SAN fabric

You want to create a collection of computers on your network that appear to have valuable data, but are really computers configured with fake data that could entice a potential intruder. Once the intruder connects, you want to be able to observe and gather information about the methods of attack that is being deployed. What should you implement? NIDS NIPS Honeynet Extranet

Honeynet

What do host based intrusion detection systems often rely upon to perform their detection activities? External sensors Network traffic Remote monitoring tools Host system auditing capabilities

Host system auditing capabilities

What characteristic of hubs poses a security threat? Hubs create multiple broadcast domains. Hubs often include repeaters that amplify the signal strength. Hubs transmit frames to all hosts on all ports. Hubs create multiple collision domains.

Hubs transmit frames to all hosts on all ports.

Which of the following devices is capable of detecting and responding to security threats? IPS Multilayer switch DNS server IDS

IPS

Your organization uses a Web server to host an e-commerce site.... The security control must be able to identify malicious payloads and block them.What should you do? Install an antimalware scanner on the Web server. Implement an applicationaware IPS in front of the Web server. Implement an applicationaware IDS in front of the Web server. Implement a stateful firewall in front of the Web server. Implement a packetfiltering firewall in front of the Web server

Implement an application-aware IPS in front of the Web server.

you are designing a Gibre Channel SAN implementation that will be used by the file servers in your org. Which of the following is true in this scenario? LUN masking is enforced by the SAN switch using ACLs. LUN masking provides weak security as it only obscures volumes on the SAN. Encryption protocols such as ESP are not compatible with LUN masking. Authentication protocols such as DHCHAP are not compatible with LUN masking.

LUN masking provides weak security as it only obscures volume on the SAN

Which of the following describes a false positive when using an IPS device? The source address matching the destination address Legitimate traffic being flagged as malicious Malicious traffic not being identified Malicious traffic masquerading as legitimate traffic The source address identifies a nonexistent host

Legitimate traffic being flagged as malicious

Which of the following attacks, if successful, causes a switch to function like a hub? MAC spoofing Replay ARP poisoning MAC flooding

MAC flooding

Which of the following activities are considered passive in regards to the functioning of an IDS? select two Listening to network traffic Monitoring the audit trails on a server Disconnecting a port being used by a zombie Transmitting FIN or RES packets to an external host

Monitoring the audit trails on a server Listening to network traffic

You've just deployed a new Cisco router that a connects several network segments in your Org. The router is physically located in a cubicle near your office What should you do to increase the security of this device? Use TFTP to back up the router configuration to a remote location. Use encrypted type 7 passwords. Move the router to a secure server room. Change the default administrative user name and password. Use a Telnet client to access the router configuration

Move the router to a secure server room

In the lobby of your building are three RJ-45 ports connected to the switch. You want to make sure that visitors cannot plug in their computer to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network. What feature should you configure? Bonding Port authentication Spanning tree Mirroring VLANs

Port authentication

Match the SAN security control on the right with the appropriate description on the left. Port locking Fabric zoning Port type locking Virtual SANs LUN masking Makes LUNs available to some SAN hosts and unavailable to other SAN hosts. Binds specific SAN IDs to specific SAN switch ports Divides a SAN into multiple logical SANs. Limits the type of devices that can connect to a SAN switch port. Makes devices within a zone visible only to others devices within that same zone.

Port locking Binds specific SAN IDs to specific SAN switch ports Fabric zoning Makes devices within a zone visible only to others devices within that same zone. Port type locking Limits the types of devices Virtual SANs Devices a SAN into LUN masking Makes LUNs available

A relative new employee in the data entry cubical farm was assigned a user account similar to that of all of the other data entry employees. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred? Smurf attack Social engineering Maninthemiddle attack Privilege escalation

Privilege escalation

An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions? Replay Social engineering Impersonation Privilege escalation

Privilege escalation

You can use a variety of methods to manage the configuration of a network router. Match the management option on the right with its corresponding description on the left. SSL HTTP SSH Telnet Console port Transfers data in clear text Cannot be sniffed Uses public-key crypto

SSL Uses public-key crypto HTTP Transfers data in clear text SSH Uses public-key crypto Telnet Transfers data in clear text Console port cannot be sniffed

Which IDS method searches for intrusion or attack attempts by recognizing patterns or identities listed in a database? Heuristics based Stateful inspection based Anomaly analysis based Signature based

Signature based

You manage a network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternate path is available. What feature should your switch support? Spanning tree Trunking Mirroring PoE

Spanning tree

You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. Which feature prevents switching loops and ensures there is only a single active path between any two switches? Trunking 802.1x Bonding PoE Spanning tree

Spanning tree

A virtual LAN can be created using which of the following? Router Hub Switch Gateway

Switch

You want to reduce collisions by creating separate collision domains and virtual LANs. Which of the following devices should you choose? Switch Bridge Active hub Router

Switch

When configuring VLANs on a switch, what is used to identify VLAN membership of a device? Hostname IP address Switch port MAC address

Switch port

You are implementing a Fibre Channel SAN that will be used by the database servers in your organization. You are concerned about security, so your design specifies that SAN hosts must authenticate with each other before a connection over the SAN will be allowed. In addition, you want data being transferred over the SAN to be encrypted.Which of the following are true in this scenario? select two The ChallengeHandshake Authentication Protocol (CHAP) and Reverse CHAP can be used to mutually authenticate SAN hosts. The Internet Protocol Security (IPsec) protocol can be used to encrypt data in transit. The Encapsulating Security Payload (ESP) protocol can be used to encrypt data in transit. The DiffieHellman Challenge Handshake Authentication Protocol (DHCHAP) can be used to mutually authenticate SAN hosts. Kerberos can be used to mutually authenticate SAN hosts.

The Encapsulating Security Payload (ESP) protocol can be used to encrypt data in transit. The DiffieHellman Challenge Handshake Authentication Protocol (DHCHAP) can be used to mutually authenticate SAN hosts.

What actions can a typical passive intrusion Detection System (IDS) take when it detects and attack? select two An alert is generated and delivered via email, the console, or an SNMP trap. The IDS configuration is changed dynamically and the source IP address is banned. LAN side clients are halted and removed from the domain. The IDS logs all pertinent data about the intrusion.

The IDS logs all pertinent data about the intrusion An alert is generated and delivered via email, the console, or an SNMP trap

You are implementing an iSCSI SAN that will be used by the file servers in your organization. You are concerned about security, so your design specifies that iSCSI initiators and targets must authenticate with each other before a connection over the SAN will be allowed. In addition, you want data being transferred over the SAN to be encrypted.Which of the following are true in the scenario? select two The Internet Protocol Security (IPsec) protocol can be used to encrypt data in transit. The ChallengeHandshake Authentication Protocol (CHAP) and Reverse CHAP can be used to mutually authenticate SAN hosts. The Fibre Channel Authentication Protocol (FCAP) can be used to mutually authenticate SAN hosts. The Encapsulating Security Payload (ESP) protocol can be used to encrypt data in transit.

The Internet Protocol Security (IPsec) protocol can be used to encrypt data in transit. The ChallengeHandshake Authentication Protocol (CHAP) and Reverse CHAP can be used to mutually authenticate SAN hosts.

A honey pot is used for what purpose? To prevent sensitive data from being accessed To disable an intruder's system To delay intruders in order to gather auditing data

To delay intruders in order to gather auditing data

When configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch? Uplink ports Gigabit and higher Ethernet ports Any port not assigned to a VLAN Trunk ports Each port can only be a member of a single VLAN

Trunk ports

An active IDS system often performs which of the following actions? select two Trap and delay the intruder until the authorities arrive. Perform reverse lookups to identify an intruder. Request a second logon test for users performing abnormal activities. Update filters to block suspect traffic.

Update filters to block suspect traffic perform reverse lookups to identify an intruder

You have just installed a new network-based IDS system that uses signature recognition. What should you do on a regular basis? Generate a new baseline Update the signature files Check for backdoors Modify clipping levels

Update the signature files

You've just deployed a new Cisco router that a connects several network segments in your Org. You use an FTP client to regularly back up the router configuration to a remote server in an encrypted file.What should you do to increase the security of this device? Use SCP to back up the router configuration to a remote location. Use an SSH client to access the router configuration. Use encrypted type 7 passwords. Move the router to a secure data center

Use SCP to back up the router configuration to a remote location

You manage a network with a single switch. All hosts connect to the network through the switch. You want to increase the security of devices that are part of the accounting department. You want to make sure that broadcast traffic sent by an accounting computer is only received by other accounting computers, and you want to implement ACLs to control traffic sent to accounting computers through network. What should you do? Configure MAC address filtering on the switch for the accounting computers. Implement NAC with 802.1x authentication for the accounting computers. Configure a VLAN on the switch for the accounting computers. Use a router to configure a subnet for the accounting computers.

Use a router to configure a subnet for the accounting computers.

You've just deployed a new Cisco router that a connects several network segments in your Org. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You configured the management interface with a user name of admin and a password of password. What should you do to increase the security of this device? Use a stronger administrative password. Use an SSH client to access the router configuration. Move the device to a secure data center. Use a web browser to access the router configuration using an HTTP connection

Use a stronger administrative password

Which of the following describes how a router can be used to implement security on your network? Use an access control list to deny traffic sent from specific users. Use an access control list to deny traffic from specific IP addresses. Use a lookup table to deny access to traffic from specific MAC addresses. Examine the packet payload to deny packets with malformed data.

Use an access control list to deny traffic from specific IP addresses.

You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive doc. on a computer that would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you implement? VLAN Spanning tree Port security VPN

VLAN

Your company is a small start-up company that has leased office in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides Internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented? Spanning tree Port security VLAN

VLAN

You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain Internet Access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and Internet access. Which feature should you implement? DMZ VLANs NAT Port authentication

VLANs

In which of the following situations would you use port security? You want to control the packets sent and received by a router. You want to restrict the devices that could connect through a switch port. You want to prevent sniffing attacks on the network. You want to prevent MAC address spoofing.

You wanted to restrict the devices that could connect through a switch port


Kaugnay na mga set ng pag-aaral

Chapter 3 technology for success

View Set

Gender and Sexuality (AP Psychology Chapter 10)

View Set

The Renaissance in Quattrocento Italy

View Set

PSCI 2305 Soomo Webtext Chapter 1

View Set

history of law enforcement vocab

View Set

Chapter 18: Intraoperative Nursing Management (Exam 2)

View Set

Computer Science 105 Chapter 6 and 7 Study Guide

View Set