Information Security W4
Which 802.1Q priority is IP phone traffic on a voice VLAN tagged with by default?
5
A smart card can be used to store all but which of the following items?
Biometric template original
Which protocol should you disable on the user access ports of a switch?
DTP
Which of the following terms is used to describe an event in which a person who should be allowed access is denied access to a system?
False negative
Which of the following can make passwords useless on a router?
Not controlling physical access to the router
Which of the following identifies the type of access that is allowed or denied for an object?
Permissions
Which of the following are examples of Something You Have authentication controls? (Select two.)
Photo ID & Smart card
What is the primary purpose of separation of duties?
Prevent conflicts of interest
Which of the following is an example of privilege escalation?
Privilege creep
Which type of group can be used for controlling access to objects?
Security
You have configured your ACL to block outgoing traffic from a device with the IP address 192.168.1.52. Which type of ACL have you configured?
Standard
When configuring VLANs on a switch, which type of switch ports are members of all VLANs defined on the switch?
Trunk ports
You are deploying a brand new router. After you change the factory default settings, what should you do next?
Update the firmware.
You are adding switches to your network to support additional VLANs. Unfortunately, the new switches are from a different vendor than the current switches. Which standard do you need to ensure that the switches are supported?
802.1Q
Which of the following is an appropriate definition of a VLAN?
A logical grouping of devices based on service need, protocol, or other criteria.
Which of the following switch attacks associates the attacker's MAC address with the IP address of the victim's devices?
ARP spoofing/poisoning
Drag each description on the left to the appropriate switch attack type on the right.
ARP spoofing/poisoning: The source device sends frames to the attacker's MAC address instead of to the correct device. Dynamic Trunking Protocol: Should be disabled on the switch's end user (access) ports before implementing the switch configuration into the network. MAC flooding: Causes packets to fill up the forwarding table and consumes so much of the switch's memory that it enters a state called Fail Open Mode. MAC spoofing: Can be used to hide the identity of the attacker's computer or impersonate another device on the network.
Which of the following should be configured on the router to filter traffic at the router level?
Access control list
Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login?
Access token
What is the MOST important aspect of a biometric device?
Accuracy
Which of the following happens by default when you create and apply a new ACL on a router?
All traffic is blocked.
Which access control model is based on assigning attributes to objects and using Boolean logic to grant access based on the attributes of the subject?
Attribute-Based Access Control (ABAC)
A remote access user needs to gain access to resources on the server. Which of the following processes are performed by the remote access server to control access to resources?
Authentication and authorization
What is the process of controlling access to resources such as computers, files, or printers called?
Authorization
Which of the following is a typical goal of MAC spoofing?
Bypass 802.1x port-based security
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID for access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using a Telnet client with a username of admin and a password of P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? (Select two.)
Change the default administrative username and password. & Use an SSH client to access the router configuration.
Which of the following is a password that relates to things that people know, such as a mother's maiden name or a pet's name?
Cognitive
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so that only library computers are permitted connectivity to the internet. What can you do?
Configure port security on the switch.
Which of the following scenarios would typically utilize 802.1x authentication?
Controlling access through a switch
Audit trails produced by auditing activities are which type of security control?
Detective
Which of the following best describes the concept of a virtual LAN?
Devices on the same network logically grouped as if they were on separate networks.
Which type of ACL should be placed as close to the source as possible?
Extended
Which of the following objects identifies a set of users with similar access needs?
Group
Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group, which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?
Have Marcus log off and log back in.
Which of the following attacks, if successful, causes a switch to function like a hub?
MAC flooding
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a cubicle near your office. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using an SSH client with the username admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device?
Move the router to a secure server room.
Which of the following principles is implemented in a mandatory access control model to determine object access by classification level?
Need to Know
The IT manager has asked you to create four new VLANs for a new department. As you are going through the VLAN configurations, you find some VLANs numbered 1002-1005. However, they are not in use. What should you do with these VLANs?
Nothing. They are reserved and cannot be used or deleted.
Match the authentication factor types on the left with the appropriate authentication factor on the right. Each authentication factor type may be used more than once.
PIN: Something You Know Smart card: Something You Have Password: Something You Know Retina scan: Something You Are Fingerprint scan: Something You Are Hardware token: Something You Have Passphrase: Something You Know Voice recognition: Something You Are Wi-Fi triangulation: Somewhere You Are Typing behaviors: Something You Do
What type of password is maryhadalittlelamb?
Passphrase
You assign access permissions so that users can only access the resources required to accomplish their specific work tasks. Which security principle are you complying with?
Principle of least privilege
You have implemented an access control method that only allows users who are managers to access specific data. Which type of access control model is being used?
RBAC
Which of the following is an example of rule-based access control?
Router access control lists that allow or deny traffic based on the characteristics of an IP packet.
Which of the following does a router use to determine where packets are forwarded to?
Routing table
Which of the following is used by Microsoft for auditing in order to identify past actions performed by users on an object?
SACL
Lori Redford, who has been a member of the Project Management group, was recently promoted to manager of the team. She has been added as a member of the Managers group. Several days after being promoted, Lori needs to have performance reviews with the team she manages. However, she cannot access the performance management system. As a member of the Managers group, she should have the Allow permission to access this system. What is MOST likely preventing her from accessing this system?
She is still a member of the Project Management group, which has been denied permission to this system. Deny permissions always override Allow permissions.
You manage a single subnet with three switches. They are connected to provide redundant paths between the switches. Which feature prevents switching loops and ensures there is only a single active path between any two switches?
Spanning Tree Protocol
A virtual LAN can be created using which of the following?
Switch
When configuring VLANs on a switch, what is used to identify which VLAN a device belongs to?
Switch port
Which of the following defines the crossover error rate for evaluating biometric systems?
The point where the number of false positives matches the number of false negatives in a biometric system.
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a locked server closet. You use an FTP client to regularly back up the router configuration to a remote server in an encrypted file. You access the router configuration interface from a notebook computer that is connected to the router's console port. You've configured the device with the username admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device?
Use SCP to back up the router configuration to a remote location.
Which security mechanism uses a unique list that meets the following specifications: - The list is embedded directly in the object itself. - The list defines which subjects have access to certain objects. - The list specifies the level or type of access allowed to certain objects.
User ACL
Which of the following is a privilege or action that can be taken on a system?
User rights
Which of the following identification and authentication factors are often well known or easily discovered by others on the same network or system?
Username
Which of the following is used for identification?
Username
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation?
VLAN
You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and internet access. Which feature should you implement?
VLANs
Which of the following are disadvantages of biometrics? (Select two.)
When used alone, they are no more secure than a strong password. & They have the potential to produce numerous false negatives.
The IT manager has asked you to create a separate VLAN to be used exclusively for wireless guest devices to connect to. Which of the following is the primary benefit of creating this VLAN?
You can control security by isolating wireless guest devices within this VLAN.
You are creating a VLAN for voice over IP (VoIP). Which command should you use?
switchport voice vlan [number]