Module 1-4: Securing Networks

What three configuration steps must be performed to implement SSH access to a router? (Choose three.) -an encrypted password -a user account -an enable mode password -a password on the console line -a unique hostname -an IP domain name

-a user account -a unique hostname -an IP domain name

What three items are components of the CIA triad? (Choose three.) -scalability -access -intervention -availability -confidentiality -integrity

-availability -confidentiality -integrity

What command will prevent all unencrypted passwords from displaying in plain text in a configuration file? A. (config)# service password-encryption B. (config-line)# password secret C. (config)# enable secret Secret_Password D. (config)# enable password secret E. (config)# enable secret Encrypted_Password

A. (config)# service password-encryption

A security intern is reviewing the corporate network topology diagrams before participating in a security review. Which network topology would commonly have a large number of wired desktop computers? A. CAN B. SOHO C. Data Center D. cloud

A. CAN

What security tool allows a threat actor to hack into a wireless network and detect security vulnerabilities? A. KisMac B. SuperScan C. NMap D. Click fuzzers

A. KisMac

Which technology is used to secure, monitor, and manage mobile devices? A. MDM B. VPN C. ASA firewall D. rootkit

A. MDM

Which security measure is typically found both inside and outside a data center facility? A. Security Traps B. Continuous Video surveillance C. Exit sensors D. Biometric Access

B. Continuous Video surveillance

Which statement describes the term attack surface? A. It is the total number of attacks toward an organization within a day. B. It is the total sum of vulnerabilities in a system that is accessible to an attacker. C. It is the group of hosts that experiences the same attack. D. It is the network interface where attacks originate.

B. It is the total sum of vulnerabilities in a system that is accessible to an attacker.

What threat intelligence group provides blogs and podcasts to help network security professionals remain effective and up-to-date? A. CybOX B. Talos C. Mitre D. FireEye

B. Talos

What is a good password recommendation for a Cisco router? A. Zeroize all passwords used. B. Use one or more spaces within a multiword phrase. C. Use the service password-encryption command to protect a password used to log into a remote device across the network. D. Use a minimum of 7 characters.

B. Use one or more spaces within a multiword phrase.

What is an example of a local exploit? A. A buffer overflow attack is launched against an online shopping website and causes the server crash. B. A threat actor performs a brute force attack on an enterprise edge router to gain illegal access. C. A threat actor tries to gain the user password of a remote host by using a keyboard capture software installed on it by a Trojan. D. Port scanning is used to determine if the Telnet service is running on a remote server.

C. A threat actor tries to gain the user password of a remote host by using a keyboard capture software installed on it by a Trojan.

Which statement accurately characterizes the evolution of threats to network security? A. Threats have become less sophisticated while the technical knowledge needed by an attacker has grown. B. Early Internet users often engaged in activities that would harm other users. C. Internal threats can cause even greater damage than external threats. D. Internet architects planned for network security from the beginning.

C. Internal threats can cause even greater damage than external threats.

What is a common security task performed when securing administrative access to a network infrastructure device? A. Enable at least two ports for remote access. B. Disable discovery protocols for all user-facing ports. C. Log and account for all access. D. Block local access.

C. Log and account for all access.

What is one difference between using Telnet or SSH to connect to a network device for management purposes? A. Telnet supports a host GUI whereas SSH only supports a host CLI. B. Telnet does not provide authentication whereas SSH provides authentication. C. Telnet sends a username and password in plain text, whereas SSH encrypts the username and password. D. Telnet uses UDP as the transport protocol whereas SSH uses TCP.

C. Telnet sends a username and password in plain text, whereas SSH encrypts the username and password.

When considering network security, what is the most valuable asset of an organization? A. personnel B. financial resources C. data D. customers

C. data

Which type of network commonly makes use of redundant air conditioning and a security trap? A. WAN B. CAN C. data center D. cloud

C. data center

What name is given to an amateur hacker? A. blue team B. red hat C. script kiddie D. black hat

C. script kiddie

How does BYOD change the way in which businesses implement networks? A. BYOD requires organizations to purchase laptops rather than desktops. B. BYOD devices are more expensive than devices that are purchased by an organization. C. BYOD users are responsible for their own network security, thus reducing the need for organizational security policies. D. BYOD provides flexibility in where and how users can access network resources.

D. BYOD provides flexibility in where and how users can access network resources.

In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services? A. MITM B. address spoofing C. session hijacking D. DoS

D. DoS

Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode? A. Provision the router with the maximum amount of memory possible. B. Configure secure administrative control to ensure that only authorized personnel can access the router. C. Keep a secure copy of the router Cisco IOS image and router configuration file as a backup. D. Locate the router in a secure locked room that is accessible only to authorized personnel. E. Disable all unused ports and interfaces to reduce the number of ways that the router can be accessed.

D. Locate the router in a secure locked room that is accessible only to authorized personnel.

In what way are zombies used in security attacks? A. They probe a group of machines for open ports to learn which services are running. B. They are maliciously formed code segments used to replace legitimate applications. C. They target specific individuals to gain corporate or personal information. D. They are infected machines that carry out a DDoS attack.

D. They are infected machines that carry out a DDoS attack.

Which resource is affected due to weak security settings for a device owned by the company, but housed in another location? A. social networking B. hard copy C. removable media D. cloud storage device

D. cloud storage device

What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source? A. backdoor B. vishing C. Trojan D. phishing

D. phishing

Which type of access is secured on a Cisco router or switch with the enable secret command? A. virtual terminal B. console line C. AUX port D. privileged EXEC

D. privileged EXEC

A user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent? A. anonymous keylogging B. spam C. DDoS D. social engineering

D. social engineering

Why would a rootkit be used by a hacker? A. to do reconnaissance B. to reverse engineer binary files C. to try to guess a password D. to gain access to a device without being detected

D. to gain access to a device without being detected

What is the purpose of using a banner message on a Cisco network device? A. It can provide more security by slowing down attacks. B. It can protect the organization from a legal perspective. C. It is effective in deflecting threat actors from entering the device. D. It can be used to create a quiet period where remote connections are refused.

B. It can protect the organization from a legal perspective.

Which security technology is commonly used by a teleworker when accessing resources on the main corporate office network? A. IPS B. VPN C. biometric access D. SecureX

B. VPN

With the evolution of borderless networks, which vegetable is now used to describe a defense-indepth approach? A. artichoke B. lettuce C. onion D. cabbage

A. artichoke

At what point in the enterprise network are packets arriving from the internet examined prior to entering the network? A. network edge B. campus core C. WAN edge D. internet edge

A. network edge

Which evasion method describes the situation that after gaining access to the administrator password on a compromised host, a threat actor is attempting to login to another host using the same credentials? A. pivoting B. resource exhaustion C. traffic substitution D. protocol-level misinterpretation

A. pivoting

A network administrator establishes a connection to a switch via SSH. What characteristic uniquely describes the SSH connection? A. remote access to a switch where data is encrypted during the session B. remote access to the switch through the use of a telephone dialup connection C. out-of-band access to a switch through the use of a virtual terminal with password authentication D. on-site access to a switch through the use of a directly connected PC and a console cable E. direct access to the switch through the use of a terminal emulation program

A. remote access to a switch where data is encrypted during the session

Which security implementation will provide control plane protection for a network device? A. routing protocol authentication B. NTP for consistent timestamps on logging messages C. AAA for authenticating management access D. encryption for remote access connections

A. routing protocol authentication

What is hyperjacking? A. taking over a virtual machine hypervisor as part of a data center attack B. using processors from multiple computers to increase data processing power C. adding outdated security software to a virtual machine to gain access to a data center server D. overclocking the mesh network which connects the data center servers

A. taking over a virtual machine hypervisor as part of a data center attack

What is the primary function of SANS? A. to maintain the Internet Storm Center B. to maintain the list of common vulnerabilities and exposures (CVE) C. to provide vendor neutral education products and career services D. to foster cooperation and coordination in information sharing, incident prevention, and rapid reaction

A. to maintain the Internet Storm Center

What is the primary means for mitigating virus and Trojan horse attacks? A. encryption B. antivirus software C. blocking ICMP echo and echo-replies D. antisniffer software

B. antivirus software

What method can be used to mitigate ping sweeps? A. installing antivirus software on hosts B. blocking ICMP echo and echo-replies at the network edge C. using encrypted or hashed authentication protocols D. deploying antisniffer software on all network devices

B. blocking ICMP echo and echo-replies at the network edge

A company is planning to use a DMZ for their servers and is concerned about securing the network infrastructure. Which device should the network security team use for the edge router? A. Layer 2 switch with port security features enabled B. firewall C. Cisco D. Nexus switch VPN gateway

B. firewall

Which section of a security policy is used to specify that only authorized individuals should have access to enterprise data? A. statement of scope Internet access policy B. identification and authentication C. policy campus D. access policy E. acceptable use policy F.statement of authority

B. identification and authentication

What functional area of the Cisco Network Foundation Protection framework uses protocols such as Telnet and SSH to manage network devices? A. data plane B. management plane C. control plane D. forwarding plane

B. management plane

Which risk management plan involves discontinuing an activity that creates a risk? A. risk sharing B. risk avoidance C. risk retention D. risk reduction

B. risk avoidance

Which two characteristics describe a worm? (Choose two.) A. infects computers by attaching to software code B. travels to new computers without any intervention or knowledge of the user C. executes when software is run on a computer D. hides in a dormant state until needed by an attacker E. is self-replicating

B. travels to new computers without any intervention or knowledge of the user E. is self-replicating

What worm mitigation phase involves actively disinfecting infected systems? A. containment B. treatment C. quarantine D. inoculation

B. treatment

Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.) A. zone isolation B. remote access security C. router hardening D. operating system security E. physical security F. flash security

C. router hardening D. operating system security E. physical security

Which two statements describe access attacks? (Choose two.) A. To detect listening services, port scanning attacks scan a range of TCP or UDP port numbers on a host. B. Port redirection attacks use a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN. C. Trust exploitation attacks often involve the use of a laptop to act as a rogue access point to capture and copy all network traffic in a public location, such as a wireless hotspot. D. Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers. E. Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code.

D. Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers. E. Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code.

In the video that describes the anatomy of an attack, a threat actor was able to gain access through a network device, download data, and destroy it. Which flaw allowed the threat actor to do this? A. improper physical security to gain access to the building B. open ports on the firewall C. lack of a strong password policy D. a flat network with no subnets or VLANs

D. a flat network with no subnets or VLANs

A network administrator is issuing the login blockfor 180 attempts 2 within 30 command on a router. Which threat is the network administrator trying to prevent? A. a worm that is attempting to access another part of the network B. a device that is trying to inspect the traffic on a link C. an unidentified individual who is trying to access the network equipment room D. a user who is trying to guess a password to access the router

D. a user who is trying to guess a password to access the router