Security
With the evolution of borderless networks, which vegetable is now used to describe a defense-in-depth approach?
Artichoke
How does BYOD change the way in which businesses implement networks?
BYOD devices provide flexibility in where and how users can access network resources.
Refer to the exhibit. An IT security manager is planning security updates on this particular network. Which type of network is displayed in the exhibit and is being considered for updates?
CAN
Which section of a security policy is used to specify that only authorized individuals should have access to enterprise data?
Identification and authentication policy.
What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?
Phishing
A user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent?
Social Engineering
In the video that describes the anatomy of an attack, a threat actor was able to gain access through a network device, download data, and destroy it. Which flaw allowed the threat actor to do this?
a flat network with no subnets or VLANS
Which two characteristics describe a worm? (Choose two.)
travels to new computers without any intervention or knowledge of the user is self-replicating
Describe the difference between an ACL and a Firewall.
A firewall has one main use and purpose and that is to examine traffic passing through a part of the network and make decisions about what to let through and what to block. ACLs do stateless inspection, which means that the access list looks at a packet and has no knowledge of what has come before it.
What is an example of a local exploit?
A threat actor tries to gain the user password of a remote host by using a keyboard capture installed by a Trojan
What is the primary means for mitigating virus and Trojan horse attacks?
Antivirus Software
A security intern is reviewing the corporate network topology diagrams before participating in a security review. Which network topology would commonly have a large number of wired desktop computers?
CAN
What three items are components of the CIA triad? (Choose three.)
Confidentiality, Integrity, and Availability
In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services?
DoS
Describe where to assign ingress traffic and where to assign egress traffic in a network design.
Egress in the world of networking implies traffic that exits an entity or a network boundary, while Ingress is traffic that enters the boundary of a network.
Which statement accurately characterizes the evolution of threats to network security?
Internal threats can cause even greater damage than external threats
What functional area of the Cisco Network Foundation Protection framework uses protocols such as Telnet and SSH to manage network devices?
Management plane
Which evasion method describes the situation that after gaining access to the administrator password on a compromised host, a threat actor is attempting to login to another host using the same credentials?
Pivoting
Which risk management plan involves discontinuing an activity that creates a risk?
Risk Avoidance
Which security implementation will provide control plane protection for a network device?
Routing Protocol Authentication
Explain the difference between a standard and an extended ACL
Standard ACLs: These ACLs permit or deny packets based only on the source IPv4 address. Extended ACLs: These ACLs permit or deny packets based on the source IPv4 address and destination IPv4 address, protocol type, source and destination TCP or UDP ports
List and briefly describe at least three (3) different types of Firewalls discussed in the course.
Stateless Packet Filtering Firewall Stateful Inspection Firewalls Proxy Firewalls
What threat intelligence group provides blogs and podcasts to help network security professionals remain effective and up-to-date?
Talos
In what way are zombies used in security attacks?
They are infected machines that carry out a DDoS attack.
What is the primary function of SANS?
To maintain the Internet Storm Center.
What worm mitigation phase involves actively disinfecting infected systems?
Treatment
Which security technology is commonly used by a teleworker when accessing resources on the main corporate office network?
VPN
Describe a VLAN Hopping Attack
a method of attacking the network resources of the VLAN by sending packets to a port not usually accessible from an end system.
Which type of network commonly makes use of redundant air conditioning and a security trap?
data center
What is an Access Control list?
encodes the rules stating which addresses are allowed or prohibited
What is hyperjacking?
taking over a virtual machine hypervisor as part of a data center attack
Why would a rootkit be used by a hacker?
to gain access to a device without being detected
Describe the difference between a Firewall and Intrusion Detection/Intrusion Prevention.
An IDS provides no actual protection to the endpoint or network. A firewall, on the other hand, is designed to act as a protective system. It performs analysis of the metadata of network packets and allows or blocks traffic based upon predefined rules
List and briefly describe at least three (3) types of Layer 2 attacks.
Media Access Control (MAC) Spoofing Cisco Discovery Protocol (CDP)/Link Layer Discovery Protocol (LLDP) Reconnaissance Address Resolution Protocol (ARP) Attacks
Which two statements describe access attacks? (Choose two.)
Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers. Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code.
Which resource is affected due to weak security settings for a device owned by the company, but housed in another location?
cloud storage device
What name is given to an amateur hacker?
script kiddie
What method can be used to mitigate ping sweeps?
Blocking ICMP echo and echo-replies at the network edge.
Which statement describes the term attack surface?
It is the total sum of vulnerabilities in a system that is accessible to an attacker
What security tool allows a threat actor to hack into a wireless network and detect security vulnerabilities?
KisMac.
Which technology is used to secure, monitor, and manage mobile devices?
MDM
Compare and contrast the difference between router based firewall technologies and ASA based firewall technologies.
One difference is that the IOS router starts out by allowing all traffic [on your untrusted interfaces], where as the ASA starts by denying all traffic. Consequently you have to configure the actual hardening of your IOS router. I will say the ASA typically offers faster performance, but that's partially because the ASA is sort of a 1 trick pony and not doing any dynamic routing.
Describe the purpose of an ACL.
contains rules that grant or deny access to certain digital environments
Which security measure is typically found both inside and outside a data center facility?
continuous video surveillance
When considering network security, what is the most valuable asset of an organization?
data
Describe VLAN Double-Tagging.
is a method by which the attacker tries to reach a different VLAN using the vulnerabilities in the trunk port configuration.
Describe looping as it relates to Layer 2 devices and explain how to mitigate Layer 2 looping.
is a security mechanism used to detect loops on a Layer 2 network. When a Layer 2 loop occurs, a large number of packets will be repeatedly sent to a router's CPU
Describe the difference between a site-to-site VPN and a remote access VPN. Provide a short example of where each is appropriate.
remote-access VPNs securely connect individual devices to a remote LAN, site-to-site VPNs securely connect two or more LANs in different physical locations. Site-to-site VPNs use the public internet to extend your company's network across multiple office locations.
