CNA 101 | Ch. 11, Building a Small Network

modular

A feature that allows add-in capabilities/technologies to a device without the need to purchase a whole new device.

Server-Based Firewall

A firewall application that generally provides a solution that combines an SPI firewall and access control based on IP address or application. Can be less secure than dedicated, appliance-based firewalls because of the security weaknesses of the general purpose OS.

Identity Theft

A form of information theft where personal information is stolen for the purpose of taking over someone's identity.

AAA

A framework that is used to implement authentication, authorization, and accounting functions into network operations.

tracert 10.1.1.5

A network technician is investigating network connectivity from a PC to a remote host with the address 10.1.1.5. Which command, when issued on a Windows PC, will display the path to the remote hosts?

ipconfig /displaydns

A particular website does not appear to be responding on a Windows 7 computer. What command could the technician use to show any cached DNS entries for this web page?

b. Have a second router that is connected to another ISP

A small company has only one router as the exit point to its ISP. Which solution could be adopted to maintain connectivity if the router itself, or its connection to the ISP, fails? a. Activate another router interface that is connected to the ISP, so the traffic can flow through it. b. Have a second router that is connected to another ISP. c. Purchase a second least-cost link from another ISP to connect to this router. d. Add more interfaces to the router that is connected to the internal network.

virus

A type of malicious software that requires a user to spread the software through the network.

worm

A type of malicious software that uses the network to spread software and infect vulnerable systems.

Ctr+Shift+6

A user can interrupt the trace process by invoking the escape sequence, which can be triggered with _____________. In Windows, the escape sequence is invoked by pressing Ctrl+C.

vulnerability

A weakness or flaw that can allow an attacker to gain access to a system.

Password attacks

Access attack that uses brute-force, packet sniffers, or a Trojan horse.

Trust Exploitation

Access attack that uses the lack of security of one device to gain access to a more secured device.

Password attacks Trust Exploitation Port Redirection Man-in-the-middle

Access attacks can be classified into four types, what are they?

security passwords min-length

Additionally, to ensure that all configured passwords are a minimum of a specified length, use the _______________ command in global configuration mode.

show file systems

An administrator wants to backup a router configuration file to a USB drive that is connected to the router. Which command should the administrator use to verify that the USB drive is being recognized by the router?

SYN Flood

An attacker sends multiple SYN requests to a web server, and while the server attempts to complete the three-way handshake, valid users are unable to gain access.

DDoS

An attacker uses many intermediate hosts, called zombies, to launch this attack that overloads a system

True.

As helpful as CDP is, it can also be a security risk because it can provide useful network infrastructure information to attackers. True or False?

Data Loss and Manipulation

Breaking into a computer to destroy or alter data records.

Information Theft

Breaking into a computer to obtain confidential information.

Personal (Host-based) Firewall

Client-side firewalls that typically filter using SPI. Often used when a host device is connected directly to an ISP modem. These firewalls are installed on end systems.

exec-timeout

Exec timeouts can be configured on console, VTY, and aux ports using the ___________ command in line configuration mode.

nslookup whois

For reconnaissance attacks, external attackers can use Internet tools, such as the _________and _______utilities, to easily determine the IP address space assigned to a given corporation or entity.

Smurf attack

For this attack, the attacker uses an amplifier and attempts to overwhelm WAN link to destination.

trojan

Hidden or disguised software that installs with another software package that a user requested

during peak utilization times and on multiple network segments

How should traffic flow be captured in order to best understand traffic patterns in a network?

protocol analyzer

If the types of traffic are unknown, a __________ will help identify the traffic and its source.

IP telephony

In ________________, the IP phone itself performs voice-to-IP conversion.

.

Indicates a time expired while waiting for an ICMP echo reply message. Could also indicate that a connectivity problem occurred somewhere along the path.

!

Indicates receipt of an ICMP echo reply message

True

Information gathered by the protocol analyzer is evaluated based on the source and destination of the traffic, as well as the type of traffic being sent. True or False?

hackers

Intruders who gain access by modifying software or exploiting software vulnerabilities

True.

The ping of death is no longer a threat because updates to operating systems have fixed the vulnerability that it exploited. True or False?

show

The status of nearly every process or function of the router can be displayed using a _____ command.

Access attacks

The unauthorized manipulation of data, system access, or user privileges.

arp -a

The_________ command lists all devices currently in the ARP cache of the host, which includes the IPv4 address, physical address, and the type of addressing (static/dynamic), for each device.

U

This ICMP echo request response indicates that an ICMP unreachable message was received.

Ping of Death

This is when an attacker sends a malformed or very large ping packet, which could cause a system to crash.

Technological

This primary vulnerability includes TCP/IP protocol weakness, operating system weakness and equipment weakness.

Security policy

This primary vulnerability includes politics, lack of authentication continuity, logical access controls not applied, software and hardware installation and changes not following procedure, and either a weak or nonexistent disaster recovery plan.

Configuration

This primary vulnerability includes unsecured user accounts, system accounts with easily guessed passwords, misconfigured internet services, unsecured default settings within products, or misconfigured network equipment.

no cdp run.

To disable CDP globally, use the global configuration command _________.

no cdp enable

To disable CDP on an interface, use the interface command ___________.

login local transport input ssh

To enable inbound SSH sessions use the line vty commands __________ and ______________.

crypto key generate rsa

To generate the SSH key, use the ___________________ command in global configuration mode.

ping sweep

To help automate the attack process, an attacker may use a ___________ tool, such as fping or gping.

endpoints

Typically, the network devices under attack are the _________, such as servers and desktop computers.

malware

Unwanted malicious software that can harm or disrupt a system operation.

service password-encryption

Using the global configuration command __________prevents unauthorized individuals from viewing passwords in plain text in the configuration file

True.

Voice-enabled routers are not required within a network with an integrated IP telephony solution. True or False?

Electrical

Voltage spikes, insufficient supply voltage, unconditioned power, and total power loss is what type of threat?

Hardware threats Environmental threats Electrical threats Maintenance threats

What are the four classes of physical threats?

Network documentation Device inventory Budget Traffic analysis

What are the four required elements involved with scaling a network?

1. Password length of 8 or more characters (10+ preferred) 2. Complexity - Upper/lowercase, symbols, #s, & spaces 3. Avoid repetition, common words, letters/numbers sequences, family or animal names/dates etc.. 4. Deliberately misspell a password Smith=Smyth 5. Change passwords often. 6. Do not write passwords down and leave them in unsecured locations.

What are the standard guidelines we should follow to ensure a strong password is in use?

Install redundant power supplies Install UPS systems

What are two management practices for Electrical Procedure?

Control temperature and humidity Create positive air flow

What are two management practices for Environmental Procedure?

Use security cameras Lock up devices/prevent unauthorized access

What are two management practices for Hardware Procedure?

Control access to console ports Label critical cables and components

What are two management practices for Maintenance Procedure?

RouterA(config)#login block-for 30 attempts 2 within 10

What command could you issue to block login attempts on RouterA for a period of 30 seconds if there are 2 failed login attempts within 10 seconds?

brownout

What is another term for insufficient supply voltage?

Download security updates from the OS vendor and patch all vulnerable systems

What is considered the most effective way to mitigate a worm attack?

firewalls

What is one of the most effective security tools available for protecting users from external threats?

360-2048 bits 1024 bits

What is the range of the modulus, and what is the minimum recommend modulus length?

DHCP

What process failed if a computer cannot access the internet and received an IP address of 169.254.142.5?

Fixed configuration

What type of networking device configuration has a specific number and type of ports or interfaces?

voice

What type of traffic would most likely have the highest priority through the network?

False. Additional security configuration is required for adequate protection.

When a new operating system is installed on a device, the security settings are set to the default values. In most cases, this level of security is considered to be adequate. True or False?

network documentation

Which element of scaling a network involves identifying the physical and logical topologies?

ICMP

Which protocol is used by the traceroute command to send and receive echo-requests and echo-replies?

b. 'U' may indicate that a router along the path did not contain a route to the destination address and that the ping was unsuccessful.

Which statement is true about Cisco IOS ping indicators? a. '!' indicates that the ping was unsuccessful and that the device may have issues finding a DNS server. !! ! b. 'U' may indicate that a router along the path did not contain a route to the destination address and that the ping was unsuccessful. c. '.' indicates that the ping was successful but the response time was longer than normal. d. A combination of '.' and '!' indicates that a router along the path did not have a route to the destination address and responded with an ICMP unreachable message.

show ip route

You and running the EIGRP routing protocol and need to know the update intervals and what active interfaces and networks are being advertised by your router. What command would you issue to accomplish this?

show version

You are on a call with the Cisco technical assistance personnel. they ask you for the switch IOS name, RAM, NVRAM, and flash available. They also ask for the hexadecimal boot location. What command would you issue to accomplish this?

ip domain-name

You can configure the IP domain name of the network using the_____________ command in global configuration mode.

username

You can create a local database username entry using the ______ global configuration command.

show ip protocols

You cannot get to the internet. You need to find out if your router has a path to the internet and which protocols are being used to provide the paths. What command would you issue to accomplish this?

show startup-config

You suspect there is a problem with the current switch configuration. You want to see the saved configuration so that you can compare it to what is currently running. What command would you issue to accomplish this?

VoIP Analog Telephone Adapter (ATA)

______ devices convert analog into digital IP packets. The device could be an ___________ that is attached between a traditional analog phone and the Ethernet switch.

Real-Time Transport Protocol (RTP) Real-Time Transport Control Protocol (RTCP)

_______ and _______ enable control and scalability of the network resources by allowing Quality of Service (QoS) mechanisms to be incorporated.

Network

_________ firewalls reside between two or more networks, control the traffic between them, and help prevent unauthorized access.

Denial of Service (DOS)

______________ attacks are the most publicized form of attack and also among the most difficult to eliminate.

Appliance-Based firewalls

Specialized computers that do not have peripherals or hard drives can use this type of firewall. They also inspect traffic faster than other firewalls and are less prone to failure.

Environmental threats

Temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry) is what type of threat?

show cdp neighbors detail

The ____________________ command reveals the IP address of a neighboring device. CDP will reveal the neighbor's IP address regardless of whether or not you can ping that neighbor. This command can help determine if one of the CDP neighbors has an IP configuration error.

ping

The ____command uses the Internet Control Message Protocol (ICMP) and verifies Layer 3 connectivity.

stateful packet inspection (SPI)

The ability of a device to track TCP connections and only allow returning data to the inside connection. Can also include the capability to recognize and filter out specific types of attacks, such as denial of service (DoS).

URL filtering

The ability to filter traffic based on a web address.

application filtering.

The ability to filter traffic based on destination port numbers.

packet filtering

The ability to perform packet inspection at Layer 3 based on the source and destination IP addresses and source and destination port numbers.

arp -d*

The cache can be cleared by using the _______ command in the event the network administrator wants to repopulate the cache with updated information.

Reconnaissance attacks

The discovery and mapping of systems, services, and vulnerabilities for nefarious purposes.

redundancy

The duplication of devices, links, or technologies to increase high availability.

Technological Configuration Security policy

Name the three primary vulnerabilities or weaknesses in every network and device.

protocols

Network services use ______ to define a set of rules that govern how devices communicate and the data formats used in a network.

True.

On Cisco routers, leading spaces are ignored for passwords, but spaces after the first character are not. True or False?

Console ports vty ports

On which two interfaces or ports can security be improved by configuring executive timeouts?

show ip interface brief

One of the most frequently used commands is the _____________ command. This command displays all interfaces on the router, the IP address assigned to each interface, if any, and the operational status of the interface.

Hardware

Physical damage to servers, routers, switches, cabling plant, and workstations is what type of threat?

Maintenance

Poor handling of key electrical components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling is what type of threat?

Disruption of Services

Preventing legitimate users from accessing services to which they should be entitled.