Mod 11 | NETI 104 | EOC Review Questions
Active Directory and 389 Directory Server are both compatible with which directory access protocol? a. LDAP b. RADIUS c. Kerberos d. AD DS
A | LDAP Explanation: AD (Active Directory) and 389 Directory Server are built to be compliant with LDAP (Lightweight Directory Access Protocol), which is a standard protocol for accessing an authentication directory. An alternative to Active Directory is the cross-platform RADIUS (Remote Authentication Dial-In User Service). Kerberos is a cross-platform authentication protocol that uses key encryption to verify the identity of clients and to securely exchange information after a client logs on to a system. AD DS (Active Directory Domain Services) is a component of Active Directory.
Which principle ensures auditing processes are managed by someone other than the employees whose activities are being audited? a. Separation of duties b. Principle of least privilege c. Shared responsibility model d. Defense in depth
A | Separation of duties Explanation: In the context of AAA's accounting and auditing components, SoD (separation of duties) requires that no one is responsible for monitoring and reporting on themselves, which would create a conflict of interest for that person. The principle of least privilege means employees and contractors are only given enough access and privileges to do their jobs. Cloud security works according to the shared responsibility model, meaning that the cloud provider is partially responsible for your cloud's security and you're responsible for the rest of it. Defense in depth requires that security be implemented in many, seemingly redundant layers that permeate the network and protect resources from every angle.
What information in a transmitted message might an IDS use to identify network threats? a. Signature b. FIM c. Port mirroring d. ACL
A | Signature Explanation: An Intrusion Detection System (IDS) looks for identifiable patterns, or signatures, of code that are known to indicate specific vulnerabilities, exploits, or other undesirable traffic on the organization's network. An HIDS solution might also include FIM (file integrity monitoring), which alerts the system of any changes made to files that shouldn't change, such as operating system files. A NIDS might use port mirroring, where one port on a switch is configured to send a copy of all the switch's traffic to the device connected to that port, to monitor traffic carried by that switch. A router can use ACLs (access control lists) to decline to forward certain packets depending on their content.
What characteristic of ARP makes it particularly vulnerable to being used in a DoS attack?
ARP performs no authentication.
What is the purpose of an ACL when configuring Control Plan Policing (CoPP)?
An ACL identifies which traffic is relevant to CoPP policies.
What's the essential difference between an IPS and an IDS?
An IDS can only detect and log suspicious activity. An IPS can react when alerted to such activity.
Which device would allow an attacker to make network clients use an illegitimate default gateway? a. RA guard b. DHCP server c. Proxy server d. Network-based firewall
B | DHCP server Explanation: A rogue Dynamic Host Configuration Protocol (DHCP) server running on a client device could be used to implement an on-path attack by configuring the attacker's IP address as the victim computers' default gateway. The Router Advertisement (RA) guard feature on switches filters RA messages so these messages can only come from specific interfaces on the switch. A proxy server, or proxy, acts as an intermediary between external and internal networks, screening all incoming and outgoing traffic. A network-based firewall protects an entire private network instead of an individual host.
Which of the following ACL commands would permit web-browsing traffic from any IP address to any IP address? a. access-list acl_2 deny tcp any any b. access-list acl_2 permit https any any c. access-list acl_2 deny tcp host 2.2.2.2 host 3.3.3.3 eq www d. access-list acl_2 permit icmp any any
B | access-list acl_2 permit http any any Explanation: Web-browsing traffic is identified by the protocols HTTP and HTTPS (not TCP or ICMP), which is permitted by the command access-list acl_2 permit https any any. Specifying addresses limits approved source or destination hosts.
Which of the following is not one of the AAA services provided by RADIUS and TACACS+? a. Authentication b. Authorization c. Administration d. Accounting
C | Administration Explanation: Administration is not part of AAA. RADIUS (Remote Authentication Dial-In User Service) treats authentication and authorization as a single process, meaning that the same type of packet is used for both functions, while accounting is a separate process. TACACS+ (Terminal Access Controller Access Control System Plus) offers network administrators the option of separating the authentication, authorization, and auditing capabilities.
Which of the following criteria can a packet-filtering firewall not use to determine whether to accept or deny traffic? a. Destination IP address b. SYN flags c. Application data d. ICMP message
C | Application data Explanation: Application layer firewalls can block designated types of traffic based on application data contained within packets. However, packet-filtering firewalls are limited to information contained in layer 3 and 4 headers, such as IP addresses, TCP flags (such as the SYN flag), and protocols used (such as ICMP).
At what layer of the OSI model do proxy servers operate? a. Layer 3 b. Layer 2 c. Layer 7 d. Layer 4
C | Layer 7 Explanation: Proxy servers manage security at layer 7 of the OSI model. Some common criteria by which a packet-filtering firewall might accept or deny traffic at layers 3 and 4 include IP addresses, ports, and TCP flags. Application layer firewalls support filtering at the highest layers of the OSI model.
What kinds of issues might indicate a misconfigured ACL?
Connectivity and performance issues between two hosts in which some applications or ports can make the connection while others can't could indicate an ACL misconfiguration.
What are the two primary features that give proxy servers an advantage over NAT?
Content filtering and file caching.
Which policy ensures messages are discarded when they don't match a specific firewall rule? a. Implicit allow b. Explicit deny c. Explicit allow d. Implicit deny
D | Implicit deny Explanation: Like with ACLs, firewalls maintain an implicit deny policy for any messages that don't match a specific rule. Other rules enforce explicit deny or allow policies for specific traffic. A firewall should never be configured with an implicit allow rule, which would allow all traffic not explicitly blocked.
Who is responsible for the security of hardware on which a public cloud runs? a. The cloud customer b. It depends c. Both the cloud customer and the cloud provider d. The cloud provider
D | The cloud provider Explanation: Cloud security works according to the shared responsibility model, meaning the cloud provider is partially responsible for security and customers are responsible for the rest of it. However, when using a public cloud, the cloud provider is always responsible for the security of the underlying hardware.
What causes most firewall failures?
Firewall misconfiguration.
What kind of ticket is held by Kerberos's Ticket Granting Service (TGS)?
TGT (ticket-granting ticket)
Why would you need separate RA guard policies for network hosts and routers attached to a switch?
The hosts policy blocks all RA messages for interfaces with that policy applied, while the ROUTERS policy would only need to filter RA messages to ensure they're coming from a trusted router.
Why do network administrators create domain groups to manage user security privileges?
To simplify the process of granting rights to users
Any traffic that is not explicitly permitted in the ACL is ____________, which is called the ____________.
denied; implicit deny rule