Module 16
This zone is used to house servers that should be accessible to outside users.
DMZ The DMZ, or demilitarized zone, is used for servers that need to be accessible to external users.
What kind of threat is described when a threat actor alters data records?
Data loss or manipulation Altering data records is an example of data loss or manipulation.
What kind of threat is described when a threat actor sends you a virus that can reformat your hard drive?
Data loss or manipulation Sending a virus that will format the hard drive of a computer is an example of data loss or manipulation threat.
What kind of threat is described when a threat actor impersonates another person to obtain credit information about that person?
Identify theft Using identity information to impersonate someone to obtain credit is an example of identity theft.
What kind of threat is described when a threat actor makes illegal online purchases using stolen credit information?
Identify theft Using stolen credit or identity information to make illegal online purchases is an example of identity theft.
What kind of threat is described when a threat actor is stealing the user database of a company?
Information theft Stealing data records or proprietary information is an example of information theft.
MODULE-16 NETWORK-ATTACK-MITIGATION
Network Attack Mitigation
MODULE-16 NETWORK-ATTACKS
Network Attacks
MODULE-16 END-OF-CHAPTER-QUIZ
Network Security Fundamentals
Which command will block login attempts on RouterA for a period of 30 seconds if there are 2 failed login attempts within 10 seconds?
RouterA(config)# login block-for 30 attempts 2 within 10 Topic 16.4.0 - The correct syntax is RouterA(config)# login block-for (number of seconds) attempts (number of attempts) within (number of seconds).
What does the term vulnerability mean?
a weakness that makes a target susceptible to an attack Topic 16.1.0 - A vulnerability is not a threat, but it is a weakness that makes the PC or the software a target for attacks.
Which benefit does SSH offer over Telnet for remotely managing a router?
encryption Topic 16.4.0 - SSH provides secure access to a network device for remote management. It uses a stronger password authorization than Telnet does and encrypts any data that is transported during the session.
Arianna found a flash drive lying on the pavement of a mall parking lot. She asked around but could not find the owner. She decided to keep it and plugged it into her laptop, only to find a photo folder. Feeling curious, Arianna opened a few photos before formatting the flash drive for her own use. Afterwards, Arianna noticed that her laptop camera was active. What type of attack is described in this scenario?
malware attack Malware attacks include viruses, worms, and Trojan horses. These types of attacks can allow a threat actor to take control of an infected system.
Jeremiah was browsing the internet from his personal computer when a random website offered a free program to clean his system. After the executable was downloaded and running, the operating system crashed. Crucial operating system related files had been corrupted and Jeremiah's computer required a full disk format and operating system re-installation. What type of attack is described in this scenario?
malware attack Malware attacks include viruses, worms, and Trojan horses. These types of attacks can result in crashed systems and deleted or corrupted files.
A network administrator establishes a connection to a switch via SSH. What characteristic uniquely describes the SSH connection?
remote access to a switch where data is encrypted during the session Topic 16.4.0 - SSH provides a secure remote login through a virtual interface. SSH provides a stronger password authentication than Telnet. SSH also encrypts the data during the session.
What kind of threat is described when a threat actor prevents legal users from accessing data services?
Disruption of service Disruption of service attacks occur when legitimate users are prevented from accessing data and services.
Some routers and switches in a wiring closet malfunctioned after an air conditioning unit failed. What type of threat does this situation describe?
environmental Topic 16.1.0 - The four classes of threats are as follows: Hardware threats - physical damage to servers, routers, switches, cabling plant, and workstations Environmental threats - temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry) Electrical threats - voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss Maintenance threats - poor handling of key electrical components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling
George needed to share a video with a co-worker. Because of the large size of the video file, he decided to run a simple FTP server on his workstation to serve the video file to his co-worker. To make things easier, George created an account with the simple password of "file" and provided it to his co-worker on Friday. Without the proper security measures or a strong password, the IT staff was not surprised to learn on Monday that George's workstation had been compromised and was trying to upload work related documents to the internet. What type of attack is described in this scenario?
access attack An access attack, if successful, exploits known vulnerabilities. These attacks can allow a threat actor to gain access to resources they have no rights to access.
What is the objective of a network reconnaissance attack?
discovery and mapping of systems Topic 16.2.0 - The objective of a network reconnaissance attack is to discover information about a network, network systems, and network services.
Which device controls traffic between two or more networks to help prevent unauthorized access?
firewall A firewall is a dedicated device that helps prevent unauthorized access by not allowing external traffic to initiate connections to internal hosts.
For security reasons a network administrator needs to ensure that local computers cannot ping each other. Which settings can accomplish this task?
firewall settings Topic 16.3.0 - Smartcard and file system settings do not affect network operation. MAC address settings and filtering may be used to control device network access but cannot be used to filter different data traffic types.
What type of attack may involve the use of tools such as nslookup and fping?
reconnaissance attack Topic 16.2.0 - For reconnaissance attacks, external attackers can use Internet tools, such as the nslookup and who is utilities, to easily determine the IP address space assigned to a given corporation or entity. After the IP address space is determined, an attacker can then ping the publicly available IP addresses to identify the addresses that are active. Fping is a ping sweep tool that can help automate this process.
Which device is used by other network devices to authenticate and authorize management access?
AAA server AAA servers perform authentication, authorization and accounting services on behalf of other devices to manage access to resources.
What kind of threat is described when a threat actor overloads a network to deny other users network access?
Disruption of service Disruption of service attacks occur when legitimate users are prevented from accessing data and services or the network.
Which type of network threat is intended to prevent authorized users from accessing resources?
DoS attacks Topic 16.2.0 - Network reconnaissance attacks involve the unauthorized discovery and mapping of the network and network systems. Access attacks and trust exploitation involve unauthorized manipulation of data and access to systems or user privileges. DoS, or Denial of Service attacks, are intended to prevent legitimate users and devices from accessing network resources.
What kind of threat is described when a threat actor steals scientific research data?
Information theft Stealing research data or proprietary information is an example of information theft.
MODULE-16 NETWORK-SECURITY-FUNDAMENTALS
Network Security Fundamentals
What three configuration steps must be performed to implement SSH access to a router? (Choose three.)
a user account an IP domain name a unique hostname Topic 16.4.0 - To implement SSH on a router the following steps need to be performed: Configure a unique hostname. Configure the domain name of the network. Configure a user account to use AAA or local database for authentication. Generate RSA keys. Enable VTY SSH sessions.
Which three services are provided by the AAA framework? (Choose three.)
accounting authorization authentication Topic 16.3.0 - The authentication, authorization, and accounting (AAA) framework provides services to help secure access to network devices.
Which is appropriate for providing endpoint security?
antivirus software Antivirus software running on an endpoint or host is part of a comprehensive endpoint security solution.
A computer is used as a print server for ACME Inc. The IT staff failed to apply security updates to this computer for over 60 days. Now the print server is operating slowly, and sending a high number of malicious packets to its NIC. What type of attack is described in this scenario?
denial of service (DoS) attack A denial of service (DoS) attack, if successful, prevents authorized users from accessing system resources.
Angela, an IT staff member at ACME Inc., notices that communication with the company's web server is very slow. After investigating, she determines that the cause of the slow response is a computer on the internet sending a very large number of malformed web requests to ACME'S web server. What type of attack is described in this scenario?
denial of service (DoS) attack A denial of service (DoS) attack, if successful, prevents authorized users from accessing system resources.
Which component is designed to protect against unauthorized communications to and from a computer?
firewall Topic 16.3.0 - Antivirus and antimalware software are used to prevent infection from malicious software. A port scanner is used to test a PC network connection to determine which ports the PC is listening to. The security center is an area of Windows that keeps track of the security software and settings on the PC. A firewall is designed to block unsolicited connection attempts to a PC unless they are specifically permitted.
What is one of the most effective security tools available for protecting users from external threats?
firewalls Topic 16.3.0 - A firewall is one of the most effective security tools for protecting internal network users from external threats. A firewall resides between two or more networks, controls the traffic between them, and helps prevent unauthorized access. A host intrusion prevention system can help prevent outside intruders and should be used on all systems.
Sharon, an IT intern at ACME Inc., noticed some strange packets while revising the security logs generated by the firewall. A handful of IP addresses on the internet were sending malformed packets to several different IP addresses, at several different random port numbers inside ACME Inc. What type of attack is described in this scenario?
reconnaissance attack In a reconnaissance attack, the threat actor can probe a system to find what ports are open, and what services are running.
What is the purpose of the network security accounting function?
to keep track of the actions of a user Topic 16.3.0 - Authentication, authorization, and accounting are network services collectively known as AAA. Authentication requires users to prove who they are. Authorization determines which resources the user can access. Accounting keeps track of the actions of the user.
Which backup policy consideration is concerned with using strong passwords to protect the backups and for restoring data?
validation Backup validation is concerned with using strong passwords to protect backups and for restoring data.
Which malicious code attack is self-contained and tries to exploit a specific vulnerability in a system being attacked?
worm Topic 16.2.0 - A worm is a computer program that is self replicated with the intention of attacking a system and trying to exploit a specific vulnerability in the target. Both virus and Trojan horse rely on a delivery mechanism to carry them from one host to another. Social engineering is not a type of malicious code attack.