Chapter 6
You want to increase the security of your network by allowing only authenticated users to be able to access network devices through a switch. Which of the following should you implement?
802.1x
Which of the following switch attacks associates the attacker's MAC address with the IP address of the victim's devices?
ARP spoofing/poisoning
While developing a network application, a programmer adds functionally that allows her ta access the running program without authentication so she can capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application. What type of security weakness does this represent?
Backdoor
What is a typical goal of MAC spoofing?
Bypassing 802.1x port-based security
You've just deployed a new Cisco router so you can connect a new segment to your organization's network. The router is physically located in a server room that can only be accessed with an ID card. You've backed up the the router configuration to a remote location in an encrypted file. You access the router configuration from your notebook computer by connecting it to the console port an the router. The web-based management interface uses the default user name of *cusadmin* and a password of *highspeed*. What should you do to increase the security of this device?
Change the user name and create a more complex password.
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the Internet. Supervision of these computers has been difficult. You've had problems with patrons brining personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the Internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access point on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the internet. What can you do?
Configure port security on the switch
Which of the following applications typically use 802.1x authentication? (Select two)
Controlling access through a wireless access point Controlling access through a switch
You notice that over the last few months more and more static systems, such as the office environment control system, the security system, and lighting controls, are connecting to your network. You know that these devices can be a security threat. Which of the following measures can you take to minimize the damage these devices can cause if they are compromised?
Create a VLAN to use as a low-trust network zone for these static systems to connect to.
Which protocol should you disable on the user access ports of a switch?
DTP
Which of the following best describes the concept of virtual LAN?
Device on the same network logically grouped as if they were on separate networks
You are implementing a new application control solution. Prior to enforcing your application whitelist, you want to monitor user traffic for a period of time to discover user behaviors and log violations for later review. How should you configure the application control software to handle applications not contained in the whitelist?
Flag
Your organization's security policy specifies that peer-to-peer file sharing is not allowed. Recently, you received an anonymous tip that an employee has been using a BitTorrent client to download copyrighted media while at work. You research BitTorrent and find that it uses TCP ports 6881—6889 by default. When you check your perimeter firewall configuration, only ports 80 and 443 are open. When you check your firewall logs, you find that no network traffic using ports 6881—6889 has been blocked. What should you do?
Implement an application control solution
Which of the following attacks, if successful, causes a switch to function like a hub?
MAC flooding
Your network devices are categorized into the following zone types: • No-trust zone • Low-trust zone • Medium-trust zone • High-trust zone Your network architecture employs multiple VLANs for each of these network zones. Each zone is separated by a firewall that ensures only specific traffic IS allowed. Which of the following is the secure architecture concept that is being used on this network?
Network Segmentation
What common design feature among Instant Messaging clients make them more insecure than other means of communicating over the Internet?
Peer-to-peer networking
You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to make sure that visitors cannot plug in their computer to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network. What feature should you configure?
Port authentication
Instant messaging does *not* provide which of the following?
Privacy
A relatively new employee in the data entry cubical farm was assigned a user account similar to the other data entry employees' accounts. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred?
Privilege escalation
An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions?
Privilege escalation
What type of attack is most likely to succeed against communications between Instant Messaging clients?
Sniffing
You manage a network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternate path is available. What feature should your switch support?
Spanning Tree
Which of the following solutions would you implement to eliminate switching loops?
Spanning tree
You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. Which feature prevents switching loops and ensures there is only a single active path between any two switches?
Spanning tree
A virtual LAN can be created using which of the following?
Switch
When configuring VLANs on a switch, what is used to identify which VLAN a device belongs to?
Switch port
When configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch?
Trunk ports
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You configured the management interface with a user name of admin and a password of password. What should you do to increase the security of this device?
Use a stronger administrative password
Your organization has started receiving phishing emails. You suspect that an attacker is attempting to find an employee workstation they can compromise. You know that a workstation can be used as a pivot point to gain access to more sensitive systems. Which of the following is the most important aspect of maintaining network security against this type of attack?
User education and training
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive doc. on a computer that would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you implement?
VLAN
Your company is a small start-up company that has leased office in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides Internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented?
VLAN
You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain Internet Access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and Internet access. Which feature should you implement?
VLANs
In which of the following situations would you use port security?
You wanted to restrict the devices that could connect through a switch port
As a security professional, you need to understand your network on multiple levels. You should focus on the following areas: • Entry points • Inherent vulnerabilities • Documentation • Network baseline Drag the area of focus on the left to the appropriate example on the right. (Areas of focus may be used once, more than once, or not at all.)
[10T and SCADA devices.] *Inherent vulnerabilities* [Used to identify a weak network architecture or design.] *Documentation* [Public-facing servers, workstations, Wi-Fi networks, and personal devices.] *Entry points* [An older version of Windows that is used for a particular application.] *Inherent vulnerabilities* [What activity looks like in normal day-to-day usage.] *Network baseline*
Drag the description on the left to the appropriate switch attack type shown on the right.
[ARP Spoofing/ Poisoning] The source device sends frames to the attacker's MAC address instead of the correct device. [Dynamic Trunking Protocol] Should be disabled on the switch's end user (access) ports before implementing the switch configuration into the network. [MAC Flooding] Causes packets to fill up the forwarding table and consumes so much of the switch's memory that enters a state called fail open mode. [MAC Spoofing] Can be used to hide the identity of the attacker's computer or impersonate another device on the network.
Drag the network attack technique on the left to the appropriate description or example on the right. (each technique may be used once, more than once, or not at all.)
[Perpetrators attempt to compromise or affect the operations of a system.] *Active attack* [Unauthorized individuals try to breach a network from off-site.] *External attack* [Attempting to find the root password on a web server by brute force.] *Active attack* [Attempting to gather information without affecting the flow of information on the network.] *Passive attack* [Sniffing network packets or performing a port scan.] *Passive attack*