ENSA- Cisco Chapter 2
When creating an ACL, which keyword should be used to document and interpret the purpose of the ACL statement on a Cisco device?
remark
Which network security device monitors incoming and outgoing traffic looking for malware, network attack signatures, and if it recognizes a threat, it can immediately stop it?
IPS
To facilitate the troubleshooting process, which inbound ICMP message should be permitted on an outside interface?
echo reply
Which wildcard mask would permit only host 10.10.10.1?
0.0.0.0
Which wildcard mask would permit all hosts from the 192.168.10.0/24 network?
0.0.0.255
Which wildcard mask would permit only hosts from the 10.10.0.0/16 network?
0.0.255.255
Which range represents all the IP addresses that are affected when network 10.120.160.0 with a wildcard mask of 0.0.7.255 is used in an ACE?
10.120.160.0 to 10.120.167.255
A network administrator configures an ACL with the command R1(config)# access-list 1 permit 172.16.0.0 0.0.15.255. Which two IP addresses will match this ACL statement? (Choose two.)
172.16.0.255 172.16.15.36
Which wildcard mask would permit all hosts?
255.255.255.255
How many total ACLs (both IPv4 and IPv6) can be configured on an interface?
4
What is a significant characteristic of virus malware?
A virus is triggered by an event on the host system
Which network security device contains a secure database of who is authorized to access and manage network devices?
AAA Server
Which network security device ensures that internal traffic can go out and come back, but external traffic cannot initiate connections to inside hosts?
ASA Firewall
What type of attack is a password attack?
Access
What type of attack is address spoofing?
Access
What type of attack is man-in-the-middle?
Access
Which attack being used is when a threat actor creates packets with false source IP address information to either hide the identity of the sender, or to pose as another legitimate user?
Address Spoofing Attack
Which malware typically displays annoying pop-ups to generate revenue for its author?
Adware
Which attack is being used when threat actors initiate a simultaneous, coordinated attack from multiple source machines?
Amplification and Reflection Attacks
Which three statements describe ACL processing of packets? (Choose three.)
An implicit deny any rejects any packet that does not match any ACE. Each statement is checked only until a match is detected or until the end of the ACE list. A packet can either be rejected or forwarded as directed by the ACE that is matched.
Which scenario would cause an ACL misconfiguration and deny all traffic?
Apply an ACL that has all deny ACE statements
Which security term is used to describe anything of value to the organization? It includes people, equipment, resources, and data
Asset
Which type of hacker is described in the scenario: From my laptop, I transferred $10 million to my bank account using victim account numbers and PINs after viewing recordings of victims entering the numbers.
Black Hat
Which type of hacker is described in the scenario: I used malware to compromise several corporate systems to steal credit card information. I then sold that information to the highest bidder.
Black Hat
The IT department is reporting that a company web server is receiving an abnormally high number of web page requests from different locations simultaneously. Which type of security attack is occurring?
DDoS
Which cyber attack involves a coordinated attack from a botnet of zombie computers?
DDoS
Which penetration testing tool is used by black hats to reverse engineer binary files when writing exploits? They are also used by white hats when analyzing malware.
Debuggers
Which network security device filters known and suspicious internet malware sites?
ESA/WSA
Which penetration testing tool uses algorithm schemes to encode the data, which then prevents access to the data?
Encryption Tools
Which security term is used to describe a mechanism that takes advantage of a vulnerability?
Exploit
Where should an extended ACL be placed?
Extended ACLs should be located as close to the source as possible
Which penetration testing tool is used by white hat hackers to sniff out any trace of evidence existing in a computer?
Forensic Tools
Which type of hacker is described in the scenario: After hacking into ATM machines remotely using a laptop, I worked with ATM manufacturers to resolve the security vulnerabilities that I discovered.
Gray Hat
Which attack is being used when threat actors use pings to discover subnets and hosts on a protected network, to generate flood attacks, and to alter host routing tables?
ICMP Attack
Which statement about the operation of a standard ACL is incorrect?
If there are no matching ACEs in the ACL, the packet is forwarded because there is an implicit permit ACE automatically applied to all ACLs.
Which attack is being used when threat actors position themselves between a source and destination to transparently monitor, capture, and control the communication?
MiTM Attack
Which security term is used to describe the counter-measure for a potential threat or risk?
Mitigation
Which statement about ACLs is true?
Named ACLs can be standard or extended
Consider the access list command applied outbound on a router serial interface. access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo reply What is the effect of applying this access list command?
No traffic will be allowed outbound on the serial interface
Which penetration testing tool is used to probe and test a firewall's robustness?
Packet Crafting Tools
Which encryption method is a stream cipher and is used to secure web traffic in SSL and TLS?
Rivest Cipher
An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL?
R1(config-line)# access-class 1 in
Which malware denies access to the infected computer system and demands payment before the restriction is removed?
Ransomware
What type of attack is port scanning?
Reconnaissance
Which security term is used to describe the likelihood of a threat to exploit the vulnerability of an asset, with the aim of negatively affecting an organization?
Risk
Which malware is installed on a compromised system and provides privileged access to the threat actor?
Rootkit
Which two commands will configure a standard ACL? (Choose two.)
Router(config)# access-list 35 permit host 172.31.22.7 Router(config)# access-list 90 permit 192.168.10.5 0.0.0.0
What packets would match the access control list statement that is shown below? access-list 110 permit tcp 172.16.0.0 0.0.0.255 any eq 22
SSH traffic from the 172.16.0.0 network to any destination network.
Which attack is being used when threat actors gain access to the physical network, and then use an MiTM attack to capture and manipulate a legitimate user's traffic?
Session Hijacking
What type of attack is tailgating?
Social Engineering
Which malware is used to gather information about a user and then, without the user's consent, sends the information to another entity?
Spyware
Which packet filtering statement is true?
Standard ACLs filter at Layer 3 only
Where should a standard ACL be placed?
Standard ACLs should be placed as close to the destination as possible.
Which encryption method encrypts plaintext one byte or one bit at a time?
Stream Cipher
Which encryption method uses the same key to encrypt and decrypt data?
Symmetric
Which attack exploits the three-way handshake?
TCP SYN Flood attack
Two hosts have established a TCP connection and are exchanging data. A threat actor sends a TCP segment with the RST bit set to both hosts informing them to immediately stop using the TCP connection. Which attack is this?
TCP reset attack
A network administrator is configuring an ACL to restrict access to certain servers in the data center. The intent is to apply the ACL to the interface connected to the data center LAN. What happens if the ACL is incorrectly applied to an interface in the inbound direction instead of the outbound direction?
The ACL does not perform as designed
When configuring router security, which statement describes the most effective way to use ACLs to control Telnet traffic that is destined to the router itself?
The ACL should be applied to all vty lines in the in direction to prevent an unwanted user from connecting to an unsecured port.
Consider the configured access list. R1# show access-lists extended IP access list 100 deny tcp host 10.1.1.2 host 10.1.1.1 eq telnet deny tcp host 10.1.2.2 host 10.1.2.1 eq telnet permit ip any any (15 matches) What are two characteristics of this access list? (Choose two.)
The access list has been applied to an interface Any device on the 10.1.1.0/24 networks(except the to 10.1.1.2 device) can telnet to the router that has the IP address 10.1.1.1 assigned.
Which two statements describe appropriate general guidelines for configuring and applying ACLs? (Choose two.)
The most specific ACL statements should be entered first because of the top-down sequential nature of ACLs. If an ACL contains no permit statements, all traffic is denied by default.
Which two conditions would cause a router to drop a packet? (Choose two.)
The packet source address does not match the source as permitted in a standard inbound ACE. No routing table entry exists for the packet destination, but the packet matches a permitted address in an outbound ACL.
Which security term is used to describe a potential danger to a company's assets, data, or network functionality?
Threat
Which encryption method repeats an algorithm process three times and is considered very trustworthy when implemented using very short key lifetimes?
Triple DES
Which malware is non-self-replicating type of malware? It often contains malicious code that is designed to look like something else, such as a legitimate application or file. It attacks the device from within.
Trojan Horse
Consider the following output for an ACL that has been applied to a router via the access-class in command. What can a network administrator determine from the output that is shown? R1# <output omitted> Standard IP access list 2 10 permit 192.168.10.0, wildcard bits 0.0.0.255 (2 matches) 20 deny any (1 match)
Two devices were able to use SSH or Telnet to gain access to the router
A program sends a flood of UDP packets from a spoofed host to a server on the subnet sweeping through all the known UDP ports looking for closed ports. This will cause the server to reply with an ICMP port unreachable message. Which attack is this?
UDP flood attack
Which network security device is used to provide secure services with corporate sites and remote access support for remote users using secure encrypted tunnels?
VPN
Which security term is used to describe a weakness in a system, or its design, that could be exploited by a threat.?
Vulnerability
Which penetration testing tool identifies whether a remote host is susceptible to a security attack?
Vulnerability Exploitation Tools
Which type of hacker is described in the scenario It is my job to work with technology companies to fix a flaw with DNS.
White Hat
Which type of hacker is described in the scenario: During my research for security exploits, I stumbled across a security vulnerability on a corporate network that I am authorized to access.
White Hat
Which type of hacker is described in the scenario: My job is to identify weaknesses in my company's network.
White Hat
Which malware executes arbitrary code and installs copies of itself in the memory of the infected computer? The main purpose of this malware is to automatically replicate from system to system across the network.
Worm
Which of the following is an ACL best practice?
Write the ACL before configuring it on a router
Which location is recommended for extended numbered or extended named ACLs?
a location as close to the source of traffic as possible
To which category of security attacks does man-in-the-middle belong?
access
What are the permit or deny statements in an ACL called?
access control entries
The computers used by the network administrators for a school are on the 10.7.0.0/27 network. Which two commands are needed at a minimum to apply an ACL that will ensure that only devices that are used by the network administrators will be allowed Telnet access to the routers? (Choose two.)
access-class 5 in access-list 5 permit 10.7.0.0 0.0.0.31
What single access list statement matches all of the following networks? 192.168.16.0 192.168.17.0 192.168.18.0 192.168.19.0
access-list 10 permit 192.168.16.0 0.0.15.255
What two ACEs could be used to deny IP traffic from a single source host 10.1.1.1 to the 192.168.0.0/16 network? (Choose two.)
access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255, access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255
Which access list statement permits HTTP traffic that is sourced from host 10.1.129.100 port 4300 and destined to host 192.168.30.10?
access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 4300 192.168.30.0 0.0.0.15 eq www
What causes a buffer overflow?
attempting to write more data to a memory location than that location can hold.
Which objective of secure communications is achieved by encrypting data?
confidentiality
What three items are components of the CIA triad? (Choose three.)
confidentiality, availability, integrity
Which operator is used in an ACL statement to match packets of a specific application?
eq
Which ACL is capable of filtering based on TCP port number?
extended ACL
What specialized network device is responsible for enforcing access control policies between networks?
firewall
A college student is studying for the Cisco CCENT certification and is visualizing extended access lists. Which three keywords could immediately follow the keywords permit or deny as part of an extended access list? (Choose three.) telnet
icmp, tcp, and udp
If the provided ACEs are in the same ACL, which ACE should be listed first in the ACL according to best practice?
permit udp 172.16.0.0 host 172.16.1.5 eq snmptrap
Which type of DNS attack involves the cybercriminal compromising a parent domain and creating multiple subdomains to be used during the attacks?
shadowing
Which command will verify the number of packets that are permitted or denied by an ACL that restricts SSH access?
show access-lists
A cleaner attempts to enter a computer lab but is denied entry by the receptionist because there is no scheduled cleaning for that day. What type of attack was just prevented?
social engineering
What is the role of an IPS?
to detect patterns of malicious traffic by the use of signature files
What type of malware has the primary objective of spreading across the network?
worm
In applying an ACL to a router interface, which traffic is designated as outbound?
traffic that is leaving the router and going toward the destination host.
Which two types of hackers are typically classified as grey hat hackers? (Choose two.)
vulnerability broker, hacktivists