Net Auth ch 11-17

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What are two characteristics of an IPS operating in promiscuous mode? (Choose two.)

It requires the assistance of another network device to respond to an attack. It does not impact the flow of packets in forwarded traffic

What is a minimum system requirement to activate Snort IPS functionality on a Cisco router?

K9 license

At which layer of the OSI model does Spanning Tree Protocol operate?

Layer 2

What is the result of a DHCP starvation attack?

Legitimate clients are unable to lease IP addresses.

Which algorithm can ensure data integrity?

MD5

What technology has a function of using trusted third-party protocols to issue credentials that are accepted as an authoritative identity?

PKI certificates

Two devices that are connected to the same switch need to be totally isolated from one another. Which Cisco switch security feature will provide this isolation?

PVLAN Edge

What is an example of the one-time pad cipher?

RC4

Which protocol should be used to mitigate the vulnerability of using Telnet to remotely manage network devices?

SSH

Which tool can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks?

Snort

Which Snort IPS feature enables a router to download rule sets directly from cisco.com or snort.org?

Snort rule set pull

What two internal LAN elements need to be secured? (Choose two.)

Switches IP phones

What are two properties of a cryptographic hash function? (Choose two.)

The output is a fixed length. The hash function is one way and irreversible.

What is the behavior of a switch as a result of a successful CAM table attack?

The switch will forward all received frames to all other ports.

Two users must authenticate each other using digital certificates and a CA. Which option describes the CA authentication procedure?

The users must obtain the certificate of the CA and then their own certificate.

Why are traditional network security perimeters not suitable for the latest consumer-based network endpoint devices?

These devices are more varied in type and are portable.

Which statement describes asymmetric encryption algorithms?

They are relatively slow because they are based on difficult computational algorithms.

What Layer 2 attack is mitigated by disabling Dynamic Trunking Protocol?

VLAN hopping

What is a network tap?

a passive device that forwards all traffic and physical layer errors to an analysis device

What is PulledPork?

a rule management application that can be used to automatically download Snort rule updates

Which command is used as part of the 802.1X configuration to designate the authentication method that will be used?

aaa authentication dot1x

What is contained in an OVA file?

an installable version of a virtual machine

What are two examples of traditional host-based security measures? (Choose two.)

antimalware software host-based IPS

Which term describes the role of a Cisco switch in the 802.1X port-based access control?

authenticator

What is provided by the fail open and close functionality of Snort IPS?

blocks the traffic flow or bypasses IPS checking in the event of an IPS engine failure

What are two characteristics of both IPS and IDS sensors? (Choose two.)

both can detect atomic patterns both use signatures to detect patterns

How can DHCP spoofing attacks be mitigated?

by implementing DHCP snooping on trusted ports

an IPS service enabled on first gen ISRs that is no longer supported

cisco IOS IPS

a dedicated inline threat prevention appliance

cisco firepower next gen IPS

an IPS service enabled on a second gen ISR

cisco snort IPS

Which two ports can send and receive Layer 2 traffic from a community port on a PVLAN? (Choose two.)

community ports belonging to the same community promiscuous ports

testing the strength of security by breaking secret codes

cryptanalysis

indivuduals who try to crack secret codes

cryptanalyst

the development and use of codes

cryptography

the sceince of making and breaking secret codes

cryptology

As data is being stored on a local hard disk, which method would secure the data from unauthorized access?

data encryption

The following message was encrypted using a Caesar cipher with a key of 2: fghgpf vjg ecuvng What is the plaintext message?

defend the castle

blocks and logs the packet

drop

What are two actions that an IPS can perform whenever a signature detects the activity for which it is configured? (Choose two.)

drop or prevent the activity allow the activity

In an 802.1x deployment, which device is a supplicant?

end-user station

an IPS solution that requires a promiscous port and an external snort IDS/IPS

external snort IPS server

A network administrator is trying to download a valid file from an internal server. However, the process triggers an alert on a NMS tool. What condition describes this alert?

false positive

In a hierarchical CA topology, where can a subordinate CA obtain a certificate for itself?

from the root CA or another subordinate CA at a higher level

Which three security services are provided by digital signatures? (Choose three.)

guarantees data has not changed in transit provides data encryption authenticates the source

Which IPS signature trigger category uses a decoy server to divert attacks away from production devices?

honey pot-based detection

Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?​

integrity

What is a characteristic of the Community Rule Set type of Snort term-based subscriptions?

it is available for free

What is a characteristic of the connectivity policy setting when configuring Snort threat protection?

it provides the lowest level of protection

In which method used in cryptanalysis does the attacker know a portion of the plaintext and the corresponding ciphertext?​

meet-in-the-middle

What situation will generate a true negative IPS alarm type?

normal traffic that is correctly being ignored and forwarded

A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?

origin authentication

What type of data does the DLP feature of Cisco Email Security Appliance scan in order to prevent customer data from being leaked outside of the company?

outbound messages

ignores the packet

pass

What is another name for confidentiality of information?

privacy

Which two items are used in asymmetric encryption? (Choose two.)

private key public key

Alice and Bob are using a digital signature to sign a document. What key should Alice use to sign the document so that Bob can make sure that the document came from Alice?

private key from Alice

blocks and logs the packet and sends a TCP reset or ICMP port unreachable message

reject

blocks but does not log the packet

sdrop

An 802.1X client must authenticate before being allowed to pass data traffic onto the network. During the authentication process, between which two devices is the EAP data encapsulated into EAPOL frames? (Choose two.)

supplicant (client) authenticator (switch)

What device is considered a supplicant during the 802.1X authentication process?

the client that is requesting authentication

What is the keyspace of an encryption algorithm?

the set of all possible values used to generate a key

What information must an IPS track in order to detect attacks matching a composite signature?

the state of packets related to the attack

A network administrator is configuring DAI on a switch with the command ip arp inspection validate dst-mac . What is the purpose of this configuration command?

to check the destination MAC address in the Ethernet header against the target MAC address in the ARP body

What is the goal of the Cisco NAC framework and the Cisco NAC appliance?

to ensure that only hosts that are authenticated and have had their security posture examined and approved are permitted onto the network

What is the purpose for using digital signatures for code signing?

to verify the integrity of executable files downloaded from a vendor website

A company implements 802.1X security on the corporate network. A PC is attached to the network but has not authenticated yet. Which 802.1X state is associated with this PC?

unauthorized

What are two symmetric encryption algorithms? (Choose two.)

3DES AES

Which protocol defines port-based authentication to restrict unauthorized hosts from connecting to the LAN through publicly accessible switch ports?

802.1x

What is involved in an IP address spoofing attack?

A legitimate network IP address is hijacked by a rogue node.

What popular encryption algorithm requires that both the sender and receiver know a pre-shared key?

AES

A network administrator uses the spanning-tree loopguard default global configuration command to enable Loop Guard on switches. What components in a LAN are protected with Loop Guard?

All point-to-point links between switches.

Which procedure is recommended to mitigate the chances of ARP spoofing?

Enable DHCP snooping on selected VLANs.

What is an advantage of HIPS that is not provided by IDS?

HIPS protects critical system resources and monitors operating system processes.

An IT enterprise is recommending the use of PKI applications to securely exchange information between the employees. In which two cases might an organization use PKI applications to securely exchange information between users? (Choose two.)

HTTPS web service 802.1x authentication

What technology supports asymmetric key encryption used in IPsec VPNs?

IKE

Which Cisco solution helps prevent MAC and IP address spoofing attacks?

IP Source Guard

What is the purpose of a digital certificate?

It authenticates a website and establishes a secure connection to exchange confidential data.

What is an advantage of using an IPS?

It can stop trigger packets.

Which statement describes the function of the SPAN tool used in a Cisco switch?

It copies the traffic from one switch port and sends it to another switch port that is connected to a monitoring device.

What is a characteristic of an IDS?

It often requires assistance from other network devices to respond to an attack.


Ensembles d'études connexes

Module 3 managerial accounting video questions

View Set

Manhattan GRE Advanced and Essential Combo Word list-zaheer

View Set

Chapter 9 - Interest Groups: Organizing for Influence

View Set

HESI / NCLEX Leadership and Management

View Set

MANA3335 MindTap Learn It: Chapter 07: Organization Change and Innovation

View Set