CRT 10.6 Module Quiz - LAN Security Concepts

What is involved in an IP address spoofing attack? - A rogue DHCP server provides false IP configuration parameters to legitimate DHCP clients. - A rogue node replies to an ARP request with its own MAC address indicated for the target IP address. - A legitimate network IP address is hijacked by a rogue node. - Bogus DHCPDISCOVER messages are sent to consume all the available IP addresses on a DHCP server.

- A legitimate network IP address is hijacked by a rogue node. Topic 10.5.0 - In an IP address spoofing attack, the IP address of a legitimate network host is hijacked and used by a rogue node. This allows the rogue node to pose as a valid node on the network.

Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack? - HTTP - LLDP - FTP - CDP

- CDP Topic 10.5.0 - CDP is a Cisco proprietary protocol that gathers information from other connected Cisco devices, and is enabled by default on Cisco devices. LLDP is an open standard protocol which provides the same service. It can be enabled on a Cisco router. HTTP and FTP are Application Layer protocols that do not collect information about network devices.

Which Layer 2 attack will result in legitimate users not getting valid IP addresses? - MAC address flooding - IP address spoofing - DHCP starvation - ARP spoofing

- DHCP starvation Topic 10.5.0 - The DHCP starvation attack causes the exhaustion of the IP address pool of a DHCP server before legitimate users can obtain valid IP addresses.

What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow? - Disable DTP. - Place unused ports in an unused VLAN. - Disable STP. - Enable port security.

- Enable port security. Topic 10.3.0 - A MAC address (CAM) table overflow attack, buffer overflow, and MAC address spoofing can all be mitigated by configuring port security. A network administrator would typically not want to disable STP because it prevents Layer 2 loops. DTP is disabled to prevent VLAN hopping. Placing unused ports in an unused VLAN prevents unauthorized wired connectivity.

Which Cisco solution helps prevent MAC and IP address spoofing attacks? - IP Source Guard - DHCP Snooping - Port Security - Dynamic ARP Inspection

- IP Source Guard Topic 10.1.0 - The primary components of endpoint security solutions are Cisco Email and Web Security appliances, and Cisco NAC appliance. ASA, SSL/IPsec VPN, and IPS sensor appliances all provide security solutions that focus on the enterprise network, not on endpoint devices.

Why is authentication with AAA preferred over a local database method? - It uses less network bandwidth. - It requires a login and password combination on the console, vty lines, and aux ports.​ - It specifies a different password for each line or port. - It provides a fallback authentication method if the administrator forgets the username or password.

- It provides a fallback authentication method if the administrator forgets the username or password. Topic 10.2.0 - The local database method of authentication does not provide a fallback authentication method if an administrator forgets the username or password. Password recovery will be the only option. When authentication with AAA is used, a fallback method can be configured to allow an administrator to use one of many possible backup authentication methods.

When security is a concern, which OSI Layer is considered to be the weakest link in a network system?​ - Layer 4 - Layer 3 - Layer 7 - Layer 2

- Layer 2 Topic 10.3.0 - Security is only as strong as the weakest link in the system, and Layer 2 is considered to be that weakest link. In addition to protecting Layer 3 to Layer 7, network security professionals must also mitigate attacks to the Layer 2 LAN infrastructure.

Which Layer 2 attack will result in a switch flooding incoming frames to all ports? - Spanning Tree Protocol manipulation - MAC address overflow - ARP poisoning - IP address spoofing

- MAC address overflow Topic 10.4.0 - When an attacker rapidly sends frames with spoofed MAC addresses to a switch, the MAC address table of the switch becomes full. Once the MAC address table of the switch is full, the switch will flood all new incoming frames to all ports.

Which three Cisco products focus on endpoint security solutions? (Choose three.) - Adaptive Security Appliance - IPS Sensor Appliance - SSL/IPsec VPN Appliance - NAC Appliance - Email Security Appliance - Web Security Appliance

- NAC Appliance - Email Security Appliance - Web Security Appliance Topic 10.1.0 - The primary components of endpoint security solutions are Cisco Email and Web Security appliances, and Cisco NAC appliance. ASA, SSL/IPsec VPN, and IPS sensor appliances all provide security solutions that focus on the enterprise network, not on endpoint devices.

In a server-based AAA implementation, which protocol will allow the router to successfully communicate with the AAA server? - 802.1x - SSH - RADIUS - TACACS​

- RADIUS Topic 10.2.0 - With a server-based method, the router accesses a central AAA server using either the Remote Authentication Dial-In User (RADIUS) or Terminal Access Controller Access Control System (TACACS+) protocol. SSH is a protocol used for remote login. 802.1x is a protocol used in port-based authentication. TACACS is a legacy protocol and is no longer used.

What two protocols are supported on Cisco devices for AAA communications? (Choose two.) - RADIUS - VTP - HSRP - TACACS+ - LLDP

- RADIUS - TACACS+ Topic 10.2.0 - Two AAA protocols are supported on Cisco devices, TACACS+ and RADIUS. Hot Standby Router Protocol (HSRP) is used on Cisco routers to allow for gateway redundancy. Link Layer Discovery Protocol (LLDP) is a protocol for neighbor discovery. VLAN trunking protocol (VTP) is used on Cisco switches to manage VLANs on a VTP-enabled server switch.

True or False? In the 802.1X standard, the client attempting to access the network is referred to as the supplicant.

- True Topic 10.2.0 - In 802.1X terminology the client workstation is known as the supplicant.

What three services are provided by the AAA framework? (Choose three.) - accounting - autobalancing - autoconfiguration - automation - authorization - authentication

- accounting - authorization - authentication Topic 10.2.0 - The authentication, authorization, and accounting (AAA) framework provides services to help secure access to network devices.

Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this? - auditing - accessibility - authorization - authentication - accounting

- authorization Topic 10.2.0 - One of the components in AAA is authorization. After a user is authenticated through AAA, authorization services determine which resources the user can access and which operations the user is allowed to perform.

What is the purpose of AAA accounting? - to collect and report application usage - to determine which resources the user can access - to prove users are who they say they are - to determine which operations the user can perform

- to collect and report application usage Topic 10.2.0 - AAA accounting collects and reports application usage data. This data can be used for such purposes as auditing or billing. AAA authentication is the process of verifying users are who they say they are. AAA authorization is what the users can and cannot do on the network after they are authenticated.