Cisco Certified Network Associate (CCNA)

Ace your homework & exams now with Quizwiz!

What is one of the layers defined by the Cisco hierarchical network model? A ❍ Data link layer B ❍ Session layer C ❍ Access layer D ❍ Presentation layer

C. Access layer. The Cisco hierarchical network model defines three layers: access, distribution, and core.

What do TCP and UDP ports allow multiple network applications to do? A ❍ Resolve the MAC address of the computer host they run on B ❍ Connect to network interface card (NIC) drivers C ❍ Connect their sending and receiving counterparts on the same sending and receiving computer hosts D ❍ Resolve the IP address of the computer host they run on

C. Connect their sending and receiving counterparts on the same sending and receiving computer hosts. TCP and UDP ports allow multiple network applications to connect their sending and receiving counterparts on the same sending and receiving computer hosts.

Networking devices do which of the following? A ❍ Provide an operating system for the Internet B ❍ Allow users to use more than one computer at once C ❍ Control and optimize communication between host devices D ❍ Allow users to use more than one user interface at once

C. Control and optimize communication between host devices. Network devices manage the communication between host devices.

What do Media Access Control (MAC) addresses uniquely identify? A ❍ A specific wide-area network (WAN) B ❍ A specific local-area network (LAN) C ❍ A specific network device, such as a switch or a router, or a network interface card (NIC) in a computer host device D ❍ All of the above

C. Network device, such as a switch or a router, or a network interface card (NIC) in a computer host device. Media Access Control (MAC) addresses uniquely identify a network device, such as a switch or a router, or a network interface card (NIC) in a computer host device.

Describe protocol data units (PDUs). A ❍ Basic encryption method that allows a network interface card (NIC) to send encrypted data packets over the network B ❍ Basic encoding method that allows a network interface card (NIC) to send data packets over the network C ❍ Basic data container used by each protocol to exchange data between hosts in a network D ❍ Basic data container used by each protocol to set up a virtual circuit

C. Protocol data units (PDUs) are the basic data container used by each protocol to exchange data between hosts in a network.

IP addresses are hierarchical to facilitate which of the following? A ❍ Counting the number of hosts in a network B ❍ Counting the number of networks in a network C ❍ Routing of data packets in local and global networks D ❍ Routing of data frames in local networks

C. Routing of data packets in local and global networks. The User Datagram Protocol (UDP) is a connectionless transport protocol that does not guarantee reliable transmission.

Wireless local-area networks (WLANs) are standardized by which of the following standards? A ❍ IEEE 802.3w B ❍ IEEE 802.11w C ❍ IEEE 802.11 D ❍ All of the above

C. The IEEE 802.11 standard defines the characteristics and specifications of wireless networks.

The distribution layer in the Cisco hierarchical network model is the layer that does which of the following? A ❍ Links the session layer to the access layer B ❍ Links the data link layer to the access layer C ❍ Links the core layer to the access layer D ❍ Links the presentation layer to the access layer

C. The distribution layer in the Cisco hierarchical network model is the layer that links the core layer to the access layer.

What happens whenever a TCP segment is missing at destination? A ❍ The receiving computer host aborts transmission. B ❍ The sending computer host aborts transmission. C ❍ The receiving computer host requests a retransmission. D ❍ The sending computer host requests a retransmission.

C. The receiving computer host requests a re-transmission. Whenever a TCP segment is missing at destination, the receiving computer host requests a retransmission.

A network administrator needs to configure port security on a switch. Which two statements are true? (Choose two.) A. The network administrator can apply port security to dynamic access ports. B. The network administrator can apply port security to EtherChannels. C. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration. D. When dynamic MAC address learning is enabled on an interface, the switch can learn new addresses, up to the maximum defined. E. The network administrator can configure static secure or sticky secure MAC addresses in the voice VLAN.

C. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration. D. When dynamic MAC address learning is enabled on an interface, the switch can learn new addresses, up to the maximum defined.

Which switching method duplicates the first six bytes of a frame before making a switching decision? A. fragment-free switching B. store-and-forward switching C. cut-through switching D. ASIC switching

C. cut-through switching

Service Set Identifier (SSID)

A Service Set Identifier (SSID) identifies each wireless network. By default, the SSID is broadcast over the airwaves so that any wireless device and any host operating system can know about the existence of the wireless network. You can turn off the broadcasting of the SSID over the air. This basically hides the name (the SSID) of the wireless network. Wireless devices cannot detect the wireless network unless its SSID is broadcast. However, you can connect a wireless device to a "hidden" wireless network by typing its SSID in the network SSID options box in the device wireless configuration tool. Tools are available that can find wireless networks even if their SSID is hidden (that is, not broadcast).

Countermeasure

A countermeasure is a safeguard that somehow mitigates a potential risk. It does so by either reducing or eliminating the vulnerability, or at least reduces the likelihood of the threat agent to actually exploit the risk. For example, you might have an unpatched machine on your network, making it highly vulnerable. If that machine is unplugged from the network and ceases to have any interaction with exchanging data with any other device, you have successfully mitigated all of those vulnerabilities. You have likely rendered that machine no longer an asset, but it is safer.

Nibble

A group of 4 bits. A nibble is also a single hexadecimal digit. That is one of the reasons why it is so easy to represent a binary number in hexadecimal: Every group of 4 bits is a hexadecimal digit.

Byte

A group of 8 bits. A byte is also 2 nibbles. In many ways, a byte is the basic unit of measure in the computer industry. Most western characters are represented by a byte. Memory size and hard drive space are measured in megabytes (million bytes), gigabytes (billion bytes), and terabytes (trillion bytes).

Guidelines for Secure Network Architecture - Explain Auditing

Auditing - This refers to accounting and keeping records about what is occurring on the network. Most of this can be automated through the features of authentication, authorization, and accounting (AAA). When events happen on the network, the records of those events can be sent to an accounting server. When the separation-of-duties approach is used, those who are making changes on the network should not have direct access to modify or delete the accounting records that are kept on the accounting server.

Network security objectives usually involve three basic concepts: CIA "triad". Explain the "A" in Regards to CIA Acronym

Availability: This applies to systems and to data. If the network or its data is not available to authorized users—perhaps because of a denial-of-service (DoS) attack or maybe because of a general network failure — the impact may be significant to companies and users who rely on that network as a business tool. The failure of a system, to include data, applications, devices, and networks, generally equates to loss of revenue.

Collision Domain

A group of Ethernet or Fast Ethernet devices in a CSMA/CD LAN that are connected by repeaters and compete for access on the network. Only one device in the collision domain may transmit at any one time, and the other devices in the domain listen to the network in order to avoid data collisions. A collision domain is sometimes referred to as an Ethernet segment. Basically, a collision domain is a network segment that allows normal network traffic to flow back and forth. In the old days of hubs, this meant you had a lot of collisions, and the old CSMA/CD would be working overtime to try to get those packets re-sent every time there was a collision on the wire. With switches, you break up collision domains by switching packets bound for other collision domains.

Repeater

A hub that not only sends the frames on all ports other the originating port, but it also amplifies the electrical signal. Amplifying the electrical signal allows the hub to send over longer distances. Most hubs on the market today also amplify the electrical signal. Thereby, most hubs are also repeaters. However, do not assume this during the CCNA test.

Packet Sniffer

A packet sniffer is a network application that "listens" to IP packets traveling through a network. Packet sniffers usually trap all IP packets and display or log their contents. Packet-sniffing tools were originally designed for network troubleshooting, but they are now used for a variety of purposes, including hacking and eavesdropping.

Threat

A threat is any potential danger to an asset. If a vulnerability exists but has not yet been exploited or, more importantly, it is not yet publicly known, the threat is latent and not yet realized. If someone is actively launching an attack against your system and successfully accesses something or compromises your security against an asset, the threat is realized. The entity that takes advantage of the vulnerability is known as the malicious actor and the path used by this actor to perform the attack is known as the threat agent or threat vector.

Connection-Oriented Transport

A transport protocol that establishes a logical connection between the sending and the receiving hosts. The protocol usually guarantee reliable delivery of data segments. However, they are a bit slower than connectionless transport protocols, because they need to spend some time to establish and maintain the connection. The protocol involves both creating a logical connection between the sending and the receiving hosts, and an exchange of acknowledgments between the hosts. Data segments are sequenced, allowing them to be sent in any order and reassembled on the receiving host. ✦ TCP: Transport Control Protocol is a connection-oriented transport protocol. TCP guarantees reliable transmission.

Name one of the main functions of Layer 3 (network layer) TCP/IP protocols. A ❍ Manage the electrical aspect of network links B ❍ Choose the best route to send data packets between hosts, even when the hosts are separated by several networks C ❍ Choose the best route to send data frames between hosts, only when the hosts are located within the same local network D ❍ All of the above

B. Choose the best route to send data packets between hosts even when the hosts are separated by several networks. One of the main functions of Layer 3 (network layer) TCP/IP protocols is to choose the best route to send data packets between hosts even when the hosts are separated by several networks.

Each protocol data unit (PDU) contains which of the following? A ❍ Data payload and control information about the local computer host B ❍ Data payload and control information that helps the protocol figure out what to do with the data payload C ❍ Data payload and control information about devices in the network D ❍ Data payload and control information about the remote computer host

B. Each PDU contains data payload and control information that helps the protocol to figure out what to do with the data payload. The control information is usually stored in the header of the PDU, and sometimes in the trailer as well.

What does the CSMA/CD back-off algorithm control? A ❍ The jam signal emitted by a sending host when a frame collision occurs B ❍ How much time computer hosts wait before they start sending again when a frame collision occurs C ❍ The timeout for sending data-link frames when a frame collision occurs D ❍ The boot time of the network interface card (NIC)

B. How much time computer hosts wait before they start sending again when a frame collision occurs. The CSMA/CD back-off algorithm controls how much time computer hosts wait before they start sending again when a frame collision occurs.

Which of the following describes a Web browser? A ❍ Layer 7 (application) protocol B ❍ Layer 7 software application C ❍ Layer 6 (presentation) software application D ❍ All of the above

B. Layer 7 software application. A Web browser is a Layer 7 software application.

A routing protocol is a Layer 3 (network layer) protocol that does which of the following? A ❍ Route data packets B ❍ Send route update packets C ❍ Route data packets and send route update packets D ❍ All of the above

B. Send route update packets. A routing protocol is a Layer 3 (network layer) protocol that sends route update packets and manages the routes known by the router.

A hub does which of the following? A ❍ Modifies the MAC address of a data-link frame to allow transmission over longer distances B ❍ Sends frames it receives on all ports, except on the port where the frame is received C ❍ Amplifies the electrical signal to allow transmission over longer distances D ❍ Sends frames it receives only on the port that corresponds to the destination MAC address of the data-link frame

B. Sends frames it receives out on all ports, except on the port where the frame is received. Hubs send out frames on all ports except on the incoming port.

Which command can you enter to view the ports that are assigned to VLAN 20? A. Switch#show ip interface vlan 20 B. Switch#show vlan id 20 C. Switch#show ip interface brief D. Switch#show interface vlan 20

B. Switch#show vlan id 20

What is the function of the access layer in the Cisco hierarchical network model? A ❍ Interconnects core routers to LANs B ❍ Interconnects end devices such as hosts to LANs C ❍ Interconnects distribution routers to LANs D ❍ Interconnects end devices such as hosts to core routers

B. The access layer in the Cisco hierarchical network model interconnects end devices such as hosts into LANs.

Tools and technologies provide network administrators with the ability to identify the existence of malware on the network. Explain Advanced Malware Protection

Advanced Malware Protection: Cisco Advanced Malware Protection (AMP) is designed for Cisco FirePOWER network security appliances. It provides visibility and control to protect against highly sophisticated, targeted, zero-day, and persistent advanced malware threats. AMP helps to identify inconspicuous attacks by continuously analyzing and monitoring files after they've entered the network, utilizing retrospective security alerts to help administrators take action during and after an attack, and provides multi-source indications of compromise to aid in the correlation of discrete events for better detection.

Message Collision

After two computers know about each other and they start to communicate, they send data frames on the link that is shared by all other computers in that network segment. If two computers try to send frames at the same time, on the same wire, the frames collide. In that case, both computers back off: They stop sending frames, they wait a little while, and they try to resend. You have no guarantee that the frames will not collide again when they are resent. Typically, there are few chances that they collide again, because the two computers wait random time periods that are likely different. However, collisions do happen, and they can slow a network considerably. The more hosts you add to a network segment, the more chances of having frame collisions. It's best to keep network segments as small as possible.

Ethernet cabling - Channel Attenuation

All cables are exposed to channel attenuation, also known as inherent attenuation. Channel attenuation is the loss of signal strength as the electrical signal travels through the transmission medium.

What is the function of mobile device managers?

Also known as MDM - is to deploy, manage, and monitor the mobile devices that make up the Cisco BYOD solution. These devices consist not only of mobile phones, smartphones, and tablets but also notebooks, laptops, and any other user devices that connect back to the corporate network and that can physically be moved from the office to the home, hotels, and other remote locations offering public Internet connectivity.

Denial-of-service (DoS) attack and distributed denial-of-service (DDoS) attack and Reflected DDoS (RDDoS) attack

An example is using a botnet to attack a target system. If an attack is launched from a single device or multiple devices with the intent to cause damage to an asset. Both types of attacks want the same result, The type of attack just depends on how many source machines are used in the attack. An RDDoS takes place when the source of the initial (query) packets is actually spoofed by the attacker. The response packets are then "reflected" back from the unknowing participant to the victim of the attack; that is, the original (spoofed) source of the initial (query) packets.

MAC Address Filtering may be a good solution for small-to medium-size wireless networks. However, MAC address filtering becomes difficult to manage in larger wireless networks when many wireless devices need to connect. Explain MAC Address Filtering Concept

Another way to control devices that are allowed to connect to a wireless network is filtering by MAC address. Most WAP devices allow creating a list of MAC addresses that can connect to the wireless network. The MAC address of each device that needs to connect to the wireless network is added to the list. The WAP then refuses connection to any wireless device that is not in the "allowed MAC address" list.

Network Devices

Can be any devices that stand between computer host devices, including switches, routers, hubs, repeaters, and firewalls. These devices control and optimize communication between host devices.

Explain the BYOD Solution Component - Aggregation Services Routers (ASR)

Cisco Aggregation Services Routers (ASR) provide WAN and Internet access at the corporate campus and serve as aggregation points for all the branch and home office networks connecting back to the corporate campus for the Cisco BYOD solution.

Explain the BYOD Solution Component - Integrated Services Routers (ISR)

Cisco ISRs will be used in the Cisco BYOD solution to provide WAN and Internet access for the branch offices and Internet access for home office environments. In addition, the ISR will provide both wired and WLAN connectivity in the branch office environments. Finally, the ISRs can be leveraged to provide VPN connectivity for mobile devices that are part of the BYOD solution.

Explain the BYOD Solution Component - Wireless LAN (WLAN) controllers

Cisco WLAN controllers (WLC) serve as a centralized point for the configuration, management, and monitoring of the Cisco WLAN solution. WLCs are used to implement and enforce the security requirements for the BYOD solution that map back to an organization's security policies. The WLC works with the Cisco Identity Services Engine (ISE) to enforce both authentication and authorization policies on each of the BYOD endpoints that require connectivity to the corporate network, both direct and remotely.

Explain the BYOD Solution Component - Wireless access points (AP)

Cisco wireless APs provide wireless network connectivity to the corporate network for both corporate-owned and personally owned BYOD devices. These APs can be physically located in the corporate campus, the branch office environment, or in the home offices of the employees.

Tools and technologies provide network administrators with the ability to identify the existence of malware on the network. Explain Packet Captures.

Collecting, storing, and analyzing the raw packets that are traversing the network is certainly one way of inspecting traffic for the presence of malware. Although they provide the most granular look into the traffic that is on the network, one primary hurdle in its use for malware identification is the fact that you are looking for the proverbial "needle in a haystack" due to the volume of data generated.

Phishing

Common forms of social engineering that elicits secure information through an e-mail message that appears to come from a legitimate source such as a service provider or financial institution. The e-mail message may ask the user to reply with the sensitive data, or to access a website to update information such as a bank account number.

Purpose of Computer Networks

Computer networks were developed to aggregate the computing power of several individual computers into initially local networks, then campus networks, then metropolitan networks, then countrywide networks, and finally, global networks. A computer network is a group of computer host devices that communicate with each other.

Which of the following describes Ethernet? A ❍ A standard UTP implementation that specifies characteristics of UTP cabling operation at the physical and data link layers B ❍ A standard WAN implementation that specifies characteristics of WAN operation at the physical and data link layers C ❍ A standard fiber-optic implementation that specifies characteristics of fiber-optic cabling operation at the physical and data link layers D ❍ A standard LAN implementation that specifies characteristics of LAN operation at the physical and data link layers

D. A standard LAN implementation that specifies characteristics of LAN operation at the Physical and Datalink Layers. Ethernet is a standard LAN implementation that specifies characteristics of LAN operation at the Physical and Datalink Layers.

What are distribution layer switches and routers best suited to do? A ❍ Find the best network route for packets into and out of LANs and WANs B ❍ Filter packets C ❍ Interconnect LANs and connect LANs to WANs D ❍ All of the above

D. All of the above. Distribution layer switches and routers are best suited to find the best network route for packets into and out of LANs and WANs, to filter packets, and to interconnect LANs and to connect LANs to WANs.

On the receiving host, what is the function of each network layer? A ❍ Receives a PDU from the lower layer B ❍ Strips out the lower-layer header and trailer because it doesn't need them C ❍ Extracts its own PDU, containing a control header, data payload, and optionally a control trailer D ❍ All of the above

D. All of the above. Each network layer on the receiving host receives a PDU from the lower layer, strips out the lower-layer header and trailer because it doesn't need them, and extracts its own PDU, containing a control header, data payload, and optionally a control trailer.

On the sending host, what is the function of each network layer? A ❍ Receives a PDU from the upper layer B ❍ Builds its own PDU containing the upper-layer PDU encapsulated within its own PDU C ❍ Encapsulates original data payload in several nested PDUs, one for each layer D ❍ All of the above

D. All of the above. Each network layer on the sending host receives a PDU from the upper layer, builds its own PDU by adding control information in the header and/or trailer of the new PDU, and encapsulates the original PDU received from the upper layer within the new PDU.

In connection-oriented transport, which of the following occurs? A ❍ Sending and receiving hosts exchange TCP acknowledgments. B ❍ Sending and receiving hosts sequence their TCP segments. C ❍ Sending and receiving hosts perform a three-way handshake. D ❍ All of the above.

D. All of the above. In connection-oriented transport, sending and receiving hosts exchange TCP acknowledgments, sequence their TCP segments, and perform a three-way handshake to establish a connection before they start their communication.

WLAN security issues can be mitigated using which of the following? A ❍ Wi-Fi Protected Access (WPA) B ❍ MAC address filtering C ❍ Wired Equivalent Privacy (WEP) D ❍ All of the above

D. All of the above. Several methods are available to mitigate the inherent security risks of wireless networks, including WPA, MAC address filtering, and WEP.

Name some of the benefits of designing networks according to the Cisco hierarchical network model. A ❍ Specialization B ❍ Scalability C ❍ Limitation of problem domain D ❍ All of the above

D. All of the above. The main benefits of designing networks according to the Cisco hierarchical network model are specialization, scalability, and limitation of problem domain.

What should you do to ensure that the core layer in the Cisco hierarchical network model is fast? A ❍ Avoid enabling any services that would slow the core router B ❍ Avoid connecting end devices such as host devices at the core layer C ❍ Avoid enabling slower routing protocols on core routers D ❍ All of the above

D. All of the above. To ensure that the core layer in the Cisco hierarchical network model is fast, you should avoid enabling any services that would slow the core router, avoid connecting end devices such as host devices at the core layer, and avoid enabling slower routing protocols on core routers.

What is a disadvantage of wireless LANs? A ❍ Limited range B ❍ Piggybacking C ❍ Potential security risks D ❍ All of the above

D. All of the above. Wireless networks are typically unreliable, provide a limited range, and are exposed to piggybacking and packet sniffing.

Which feature can you implement to reserve bandwidth for VoIP calls across the call path? A. PQ B. CBWFQ C. round robin D. RSVP

D. RSVP The Resource Reservation Protocol (RSVP) is a transport layer[1] protocol designed to reserve resources across a network using the integrated services model. RSVP operates over an IPv4 or IPv6 and provides receiver-initiated setup of resource reservations for multicast or unicast data flows.

A switch does which of the following? A ❍ Modifies the MAC address of a data-link frame to allow transmission over longer distances B ❍ Sends frames it receives on all ports, except on the port where the frame is received C ❍ Amplifies the electrical signal to allow transmission over longer distances D ❍ Sends frames it receives only on the port that corresponds to the destination MAC address of the data-link frame

D. Sends frames it receives only on the port corresponding to the destination MAC address of the data-link frame. Switches send frames only on the destination port.

Which logging command can enable administrators to correlate syslog messages with millisecond precision? A. no logging console B. logging buffered 4 C. no logging monitor D. service timestamps log datetime mscec E. logging host 10.2.0.21

D. service timestamps log datetime mscec

Which command can you enter to determine whether a switch is operating in trunking mode? A. show ip interface brief B. show vlan C. show interfaces D. show interface switchport

D. show interface switchport

Connectionless Transport

Data can be sent between two hosts without establishing a logical connection between sending and receiving hosts. Connectionless transport protocols do not guarantee reliable delivery of data segments. However, they are a bit faster than connection-oriented transport protocols, because they do not need to spend time to establish and maintain connections. User Datagram Protocol (UDP) is a connectionless transport protocol. ✦ UDP: User Datagram Protocol is a connectionless transport protocol. UDP does not guarantee reliable transmission.

Tools and technologies provide network administrators with the ability to identify the existence of malware on the network. Explain NetFlow

NetFlow: Packet capture is often referred to as micro-analytical in terms of the granularity of data being analyzed, but NetFlow data is considered more of a macro-analytical approach. The use of NetFlow data collection consists of the creation of buckets or flows of data that are based on a set of predefined parameters such as source IP address, source port, destination IP address, destination port, IP protocol, ingress interface, and Type of Service (ToS). Each time one of these parameters differs, a new flow is created. Flows are stored locally on the device for a configured time interval, after which time the flows are exported to external collectors. Although NetFlow data will not provide the same details sometimes needed for the identification of malware on the network, it can serve as an excellent tool in the toolbox to help trace back evidence of a compromise once some of the details of the malware become known to network security administrators.

Function of a Switch

Each port of a switch is a collision domain. Switches learn about MAC addresses connected to their ports, and they build an internal table that lists which MAC address is connected to each port. The switch identifies the port where the destination MAC address is connected and forwards the frame only on that port. Other hosts don't receive it. This dramatically reduces collision chances and thereby improves network performance. Switches limit the collision domain, but they do not limit the broadcast domain. The switch broadcasts requests on all ports. Broadcast domains can be limited by either using virtual local-area networks (VLANs) on a switch or by using routers.

Networks can be arranged in various topologies, or layouts: Explain Ring Topology

Hosts are connected sequentially in a daisy-chain fashion. Traffic flows around the ring. The last host in the ring is connected to the first host, thereby closing the ring. Token Ring is the typical ring topology example. Fiber Distributed Data Interface (FDDI) is also a ring topology.

Networks can be arranged in various topologies, or layouts: Explain Star Topology

Hosts connect to a central device. All traffic flows through the central device. The star topology is also known as a Hub-and-Spoke Topology. Ethernet networks using hubs or switches and twisted-pair cabling are star topologies.

Networks can be arranged in various topologies, or layouts: Explain Bus Topology

Hosts that are are connected through a single cable, usually coaxial cable. Ethernet networks using coaxial cable are bus topologies.

Identity Services Engine (ISE)

Identity Services Engine (ISE) is an identity and access control policy platform that can validate that a computer meets the requirements of a company's policy related to virus definition files, service pack levels, and so on before allowing the device on the network.

Trust Exploitation Attack Method

If the firewall has three interfaces, and the outside interface allows all traffic to the demilitarized zone (DMZ) but not to the inside network, and the DMZ allows access to the inside network from the DMZ, an attacker could leverage that by gaining access to the DMZ and using that location to launch his attacks from there to the inside network. Other trust models, if incorrectly configured, may allow unintentional access to an attacker including active directory and NFS (Network File System in UNIX).

Cisco Internetwork Operating System (IOS), Cisco Network Assistant (CNA), Cisco Security Device Manager (SDM), Cisco Device Manager (DM): Explain Cisco IOS...

Is Cisco's proprietary switch and router operating system. Is stored in flash memory on the Cisco device.

Cisco Internetwork Operating System (IOS), Cisco Network Assistant (CNA), Cisco Security Device Manager (SDM), & the Cisco Device Manager (DM). Explain Cisco Device Manager...

Is a Web-based tool that is installed on all Cisco switches and routers at the factory. To access this tool, you need to browse to the management IP address of the Cisco switch or router from a computer host connected to the network. It is part of the Cisco IOS software package, and it's stored in the Cisco device flash memory.

A Botnet Attack Method

Is a collection of infected computers that are ready to take instructions from the attacker. For example, if the attacker has the malicious backdoor software installed on 10,000 computers, from his central location, he could instruct those computers to all send TCP SYN requests or ICMP echo requests repeatedly to the same destination. To add insult to injury, he could also spoof the source IP address of the request so that reply traffic is sent to yet another victim. The attacker generally uses a covert channel to manage the individual devices that make up the botnet.

Networking Concepts - Collision Domain

Is a logical network space where frames can collide, because several hosts are sharing the bandwidth of the network medium and they can potentially send frames on the wire at the same time. It is best to segment networks into several smaller collision domains to reduce the chances of having frame collisions.

Ethernet cabling - Crosstalk

Is signal interference that occurs when two cables run next to each other. Twisting the cables together in pairs almost completely eliminates the crosstalk effect. The main difference between UTP categories is the number of wire twists per foot in each pair of wires. The more twists, the more chances to cancel "It" out and the higher the category. To further protect the cable against electrical interference, shielded twisted-pair (STP) cable can be used. STP is recommended for environments that have high electromagnetic fields, such as industrial environments.

Campus-Area Network (CAN)

Is the network topology used to provide connectivity, data, applications, and services to users of an organization that are physically located at the corporate office (headquarters). This network topology includes a module for each building in the campus, for the data center, for WAN Aggregation, and for the Internet Edge.

Cisco Internetwork Operating System (IOS), Cisco Network Assistant (CNA), Cisco Security Device Manager (SDM), & the Cisco Device Manager (DM). Explain Cisco Network Assistant (CNA)....

It is a Java-based application used to monitor and manage Cisco switches and routers from a central management console. It is available for Windows, Mac OS X, and Linux. It provides a graphical user interface (GUI) that allows the network administrator to have both global and detailed views of the Cisco networking environment. It is stored on the hard drive of the computer host where it's installed.

Cisco Internetwork Operating System (IOS), Cisco Network Assistant (CNA), Cisco Security Device Manager (SDM), and Cisco Device Manager (DM). Explain Cisco SDM...

It is a computer application used to monitor and manage Cisco routers from a central management console. It is available for Windows. It provides a graphical user interface (GUI) that allows the network administrator to have both global and detailed views of the Cisco routing environment.

Microsegmentation

It is a network design (functionality) where each workstation or device on a network gets its own dedicated segment (collision domain) to the switch. Each network device gets the full bandwidth of the segment and does not have to share the segment with other devices. It can even eliminate collisions because each segment is its own collision domain -> . Note: It decreases the number of collisions but it increases the number of collision domains.

Phone Scams

It is not uncommon for someone to call up an employee and attempt to convince employees to divulge information about themselves or others within the organization. An example is a miscreant posing as a recruiter asking for names, e-mail addresses, and so on for members of the organization and then using that information to start building a database to leverage for a future attack, reconnaissance mission, and so forth.

Bridge

It works very similarly to a switch, except that it uses software instead of hardware Application-Specific Integrated Circuit (ASIC) processors to process the MAC address filtering and forwarding. Consequently, a bridge is typically slower and less expensive than a switch. Switches have become very affordable lately, however, and it is very rare to find bridges on the market anymore.

Denial-of service (DoS) and distributed DoS (DDoS) attacks have been around for quite some time now. DDoS attacks can generally be divided into the following three categories: Direct DDoS Attacks, Reflected DDoS Attacks, and Amplification Attacks. Explain Direct DDoS attacks.

Occur when the source of the attack generates the packets, regardless of protocol, application, and so on, that are sent directly to the victim of the attack.

Occur when the sources of the attack are sent spoofed packets that appear to be from the victim, and then the sources become unwitting participants in the DDoS attacks by sending the response traffic back to the intended victim. UDP is often used as the transport mechanism because it is more easily spoofed due to the lack of a three-way handshake. For example, if the attacker (A) decides he wants to attack a victim (V), he will send packets (for example, Network Time Protocol [NTP] requests) to a source (S) who thinks these packets are legitimate. The source (S) then responds to the NTP requests by sending the responses to the victim (V), who was never expecting these NTP packets from source (S).

"Noise" Generated by Broadcast Queries

One computer sends a broadcast query to every other device in the network to obtain an IP address or a MAC address, and eventually the target computer responds. Meanwhile, all computers in the broadcast domain have "heard" the broadcast request. They were disturbed by a request that does not concern them. If lots of broadcast requests are being sent on the network by hosts that just joined the network, for example, a broadcast storm can occur: Everyone is disturbed by everyone's broadcast request, and the network performance is considerably impacted.

Bit

One single binary value. So, it is a single-digit binary number that is either 0 or 1.

OSI

Open Systems Interconnection. The International Organization for Standardization (ISO) defined the Open Systems Interconnection (OSI) reference model to standardize networking of devices from different vendors. The OSI reference model is mostly an architecture blueprint that networking and computer device manufacturers implement. The OSI model has never been implemented exactly as defined. The TCP/IP protocol stack is the closest implementation available today.

Phishing

Phishing elicits secure information through an e-mail message that appears to come from a legitimate source such as a service provider or financial institution. The e-mail message may ask the user to reply with the sensitive data, or to access a website to update information such as a bank account number.

Phone Scams

Phone Scams: It is not uncommon for someone to call up an employee and attempt to convince employees to divulge information about themselves or others within the organization. An example is a miscreant posing as a recruiter asking for names, e-mail addresses, and so on for members of the organization and then using that information to start building a database to leverage for a future attack, reconnaissance mission, and so forth.

Cisco software in read-only memory (ROM): Four software programs are stored in ROM on Cisco devices. These programs are the first programs that the Cisco device runs upon powering up. They are used to verify and bootstrap the Cisco device, during startup, prior to loading the Cisco IOS and transitioning into normal operation mode. Explain Power-On Self Test (POST)

Power-On Self Test (POST): This program is used to verify the Cisco device hardware. It is the first program the Cisco device runs when you power it up.

Domain Name System (DNS)

Query a name server, also known as a Domain Name System (DNS) server to obtain the IP address for the name. DNS servers keep tables of host names and their corresponding IP addresses. Whenever they are queried for the IP address of a host, they search the host name in their table, and if they find it, they return the IP address. The logical IP address can be used to obtain the physical (MAC) address to establish a connection between the NICs. In a small network, a host can simply broadcast a request to obtain another host's MAC address. The broadcast is sent to the data link layer broadcast address, which is FF:FF:FF:FF:FF:FF. This is the standard broadcast address to query for MAC addresses. In larger networks, the amount of requests on the data link layer would harm performance. Thus, it is best to limit the size of the network.

ROM Monitor (ROMMON): The ROM Monitor is used to maintain, test, and troubleshoot the configuration stored in ROM and in the flash memory of the Cisco device. ROMMON is also used to troubleshoot hardware problems. Most management features provided by ROMMON can also be done with Rx-boot. It is best practice to use Rx-boot whenever possible. ROMMON is typically used to change the value stored in the configuration register or as a last resort when booting problems cannot be fixed with Rx-boot. ROMMON is accessed from the rommon> prompt on a Cisco device. To get to the rommon> prompt, you need to break out of the bootstrap process by pressing Ctrl+Break while the Cisco device is booting up.

What is "Risk"

Risk is the potential for unauthorized access to, compromise, destruction, or damage to an asset. If a threat exists, but proper countermeasures and protections are in place (it is your goal to provide this protection), the potential for the threat to be successful is reduced (thus reducing the overall risk).

Guidelines for Secure Network Architecture - Explain Separation of Duties

Separation of duties: When you place specific individuals into specific roles, there can be checks and balances in place regarding the implementation of the security policy. Rotating individuals into different roles periodically will also assist in verifying that vulnerabilities are being addressed, because a person who moves into a new role will be required to review the policies in place.

Tools and technologies provide network administrators with the ability to identify the existence of malware on the network. Explain Snort

Snort is an open source intrusion detection and prevention technology developed by the founder of Sourcefire (now a part of Cisco). The speed, power, and performance of Snort have made it the most popular intrusion detection/prevention system (IDS/IPS) technology in the world. The Snort engine consists of threat identification, detection, and prevention components that combine to reassemble traffic, prevent evasions, detect threats, and output information about advanced threats while minimizing false positives and missing legitimate threats (false negatives).

Layer 5: Session

Some applications need to open logical communication channels between the computer hosts. Logical communication channels (sessions) maintain data about the communication established between the network application running on the sending host and the network application running on the receiving host. The session layer does the following: ✦ Opens and maintains logical communication channels between network applications running on the sending host and network applications running on the receiving host. ✦ Handles authentication: Some network applications use authentication mechanisms before they open a logical communication channel (session) with a remote host. - This layer controls the dialogues (connections) between computers. It establishes, manages and terminates the connections between the local and remote application. It provides for full-duplex, half-duplex, or simplex operation, and establishes procedures for checkpointing, suspending, restarting, and terminating a session. In the OSI model, this layer is responsible for gracefully closing a session, which is handled in the Transmission Control Protocol at the transport layer in the Internet Protocol Suite.

Network Applications - World Wide Web

Technically, this is a network application that allows the exchange of text pages coded in Hypertext Markup Language (HTML) using the Hypertext Transfer Protocol (HTTP). Initially, these HTML pages only supported hyperlinks to jump from one page to another. Now, HTTP and HTML have been augmented with dynamic extensions to allow a much more advanced, rich, multimedia Web experience than just jumping from one page to another.

Explain the BYOD Solution Component - Active Directory

The Active Directory (AD) server enforces access control to the network, to servers, and to applications. It restricts access to those users with valid authentication credentials.

Network security objectives usually involve three basic concepts: CIA "triad". Explain the "C" in Regards to CIA Acronym

The CIA triad of Confidentiality, Integrity, and Availability is at the heart of information security. Confidentiality: There are two types of data: data in motion as it moves across the network; and data at rest, when data is sitting on storage media (server, local workstation, in the cloud, and so forth). Confidentiality means that only the authorized individuals/ systems can view sensitive or classified information. This also implies that unauthorized individuals should not have any type of access to the data. Regarding data in motion, the primary way to protect that data is to encrypt it before sending it over the network. Another option you can use with encryption is to use separate networks for the transmission of confidential data.

Explain the BYOD Solution Component - Adaptive Security Appliance (ASA)

The Cisco ASA provides all the standard security functions for the BYOD solution at the Internet edge. In addition to traditional firewall and intrusion prevention system (IPS) functions, the ASA also serves as a VPN termination point for mobile devices connecting over the Internet from home offices, branch offices, public wireless networks, and 3G/4G/4G LTE mobile networks.

Explain the BYOD Solution Component - Cisco AnyConnect Secure Mobility Client

The Cisco AnyConnect Client provides connectivity for end users who need access to the corporate network. For users within the corporate campus, branch, and home offices, the AnyConnect Client leverages 802.1X to provide secure access to the corporate network. For users who are using public Internet access (coffee shops, hotels, and so on), the AnyConnect Client provides secure VPN connectivity, including posture checking, for the user's BYOD device.

Explain the BYOD Solution Component - Identity Services Engine (ISE)

The Cisco ISE is a critical piece to the Cisco BYOD solution. It is the cornerstone of the authentication, authorization, and accounting (AAA) requirements for endpoint access, which are governed by the security policies put forth by the organization.

Cisco Hierarchical Network Model - Distribution Layer

The Distribution Layer links the Core Layer to the Access Layer. The distribution layer is also called the Workgroup Layer. The distribution layer is involved in routing packets between nodes connected at the access layer. Packets may need to be routed to a different network, which may be located within the same distribution layer network, or through the core layer in a different distribution layer network. Routers typically interconnect at the distribution layer. The main functions performed by switches and routers at the distribution layer are as follows: ✦ Finding the best network route for packets ✦ Filtering packets ✦ Interconnecting LANs ✦ Connecting LANs to WANs ✦ Relaying packets to the core layer as needed ✦ Securing networks ✦ Distribution and Core Layers: Routers, on the other hand, specialize in efficient and optimal routing of data packets between networks. Hence, they typically operate at the distribution and core layer, which are optimized for bulk and backbone traffic handling. No end-device connections are done at the distribution and core layers.

Explain the BYOD Solution Component - RSA SecurID

The RSA SecurID server provides one-time password (OTP) generation and logging for users that access network devices and other applications which require OTP authentication.

Cisco Hierarchical Network Model - Access Layer

The access layer is the layer that interconnects host devices to LANs. The access layer is where workgroup LANs are defined. This layer is also called the Desktop Layer, because it usually involves interconnecting desktop computers and concentrating their traffic into a distribution layer switch or router. Switches, small routers, and computer host devices typically interconnect at the access layer. Most services that are bound to a particular LAN are typically enabled at the access layer. For example, traffic segmentation is typically configured at the access layer, because traffic is usually segmented on a per-LAN basis, or on a per-VLAN basis. The main functions performed by switches and routers at the access layer are as follows: ✦ Connecting host devices to a LAN ✦ Segmenting network traffic using switched LANs and VLANs ✦ Relaying traffic to switches and routers at the distribution layer ✦ Access layer: Host devices and other end-node devices connect only at the access layer, which is optimized for endpoint connections and local network traffic handling.

Cisco Hierarchical Network Model - Core Layer

The core layer is the layer that sits at the center of the network. This layer is also called the backbone. Ultimately, traffic from all devices in the network may end up being routed to the core of the network. The core layer is "where networks meet." Large routers typically interconnect at the core layer. The core layer specializes in providing very high-speed, very highly available connectivity between large global networks. No host devices are typically connected at the core level. Only very fast, multiple port, highly available routers connect at this layer. A failure at the core layer affects all host devices that need to send traffic through that backbone. ✦ Distribution and Core Layers: Routers, on the other hand, specialize in efficient and optimal routing of data packets between networks. Hence, they typically operate at the distribution and core layer, which are optimized for bulk and backbone traffic handling. No end-device connections are done at the distribution and core layers.

Wired Equivalent Privacy (WEP)

The first wireless security protocol that was introduced to secure the over-the-air communication between Wireless Access Point (WAP) Devices and Wireless Network Interface Card (NIC) Devices. It's very easy to configure but not very secure.

Branch Office/Home Office Topology [Small Office/Home Office (or Single Office/Home Office]

The network topology site will provide connectivity to its users through the use of WAN routers that find their way back to the WAN Aggregation module in the CAN via MPLS WANs. Within the SOHO, users are provided network connectivity through the presence of access switches.

Cisco defines a network design model that is hierarchical: Three layers define the type of connectivity needed between devices in the network. The Cisco hierarchical model also defines where specific services should best be offered in a network. Cisco Hierarchical Network Model - Cisco conceptually divides networks into what three layers.

✦ Core layer ✦ Distribution layer ✦ Access layer

✦ Power-on self test (POST) ✦ Bootstrap program ✦ Boot Image (Rx-boot) ✦ ROM Monitor (ROMMON):

Layer 4: Transport

The transport layer manages the transport of data between two hosts over a network. In a nutshell, the transport layer does the following: ✦ Slices the data to be transmitted into small chunks called data segments that can be easily sent over the network medium. ✦ Reassembles the data in order on the receiving host: Data segments are not guaranteed to arrive in order at destination since they may use different routes to reach the destination host. The transport layer is responsible to reassemble the data in order on the receiving host. - This layer controls the reliability of a given link through flow control, segmentation/de-segmentation, and error control. Some protocols are state- and connection-oriented. This means that this layer can keep track of the segments and retransmit those that fail delivery. This layer also provides the acknowledgement of the successful data transmission and sends the next data if no errors occurred. This layer creates segments out of the message received from the application layer. Segmentation is the process of dividing a long message into smaller messages.

Explain the BYOD Solution Component - BYOD devices

These are the corporate owned and personally owned endpoints that require access to the corporate network regardless of their physical location. This physical location can be within the corporate campus, the branch office, the home office, or from a public location such as a coffee shop or hotel. BYOD devices include laptops smartphones tablets e-readers and notebooks.

These attacks are a form of reflected attacks in which the response traffic (sent by the unwitting participants) is made up of packets that are much larger than those that were initially sent by the attacker (spoofing the victim). An example of this is when DNS queries are sent and the DNS responses are much larger in packet size than the initial query packets. The end result is that the victim gets flooded by large packets for which it never actually issued queries.

Brute-force (password-guessing) types of attacks

These attacks are performed when an attacker's system attempts thousands of possible passwords looking for the right match. This is best protected against by specifying limits on how many unsuccessful authentication attempts can occur within a specified time frame. It can also be done through malware, man-in-the-middle attacks using packet sniffers, or by using key loggers.

Cisco Device Memory: Five areas comprise the memory of Cisco devices. These memory areas are used to store static and dynamic device configuration data. ✦ Read-only memory (ROM): ✦ Flash memory: ✦ Nonvolatile random-access memory (NVRAM): ✦ Random-access memory (RAM): ✦ Configuration register: Explain Read-only memory (ROM)

This "Memory Area" stores programs and data necessary to start up the Cisco device. This memory keeps its contents even when the Cisco device is powered down. This "Memory Area" is kept on EPROM (Erasable Programmable Read-Only Memory) chips.

Cisco Device Memory: Five areas comprise the memory of Cisco devices. These memory areas are used to store static and dynamic device configuration data. ✦ Read-only memory (ROM): ✦ Flash memory: ✦ Nonvolatile Random-Access Memory (NVRAM): ✦ Random-access memory (RAM): ✦ Configuration register: Explain Nonvolatile Random-Access Memory (NVRAM)

This "Memory Area" stores the startup configuration. This is the configuration that Cisco IOS loads when it boots up. This "Memory Area" keeps its contents even when the Cisco device is powered down.

Defense in Depth

This concept suggests that you have security implemented on nearly every point of your network. An example is filtering at a perimeter router, filtering again at a firewall, using IPSs to analyze traffic before it reaches your servers, and using host-based security precautions at the servers, as well. Additional methods that can be used include using authentication and authorization mechanisms, web and e-mail security, content security, application inspection monitoring, traffic monitoring, and malware protection. The concept behind defense in depth is that if a single security technology fails, additional levels, or mechanisms, of security are still in place to protect the data, applications, and devices on the network.

Several types of data are particularly attractive to the miscreants of the cyber (under) world. Explain Intellectual Property (IP)

This consists of any type of data or documentation that is the property of an organization and has been created or produced by employees of the organization. Often it refers to the designs, drawings, and documents that support the development, sale, and support of an organization's products.

Flow Control

This control is also part of connection-oriented reliable data transport. It involves the sender and the receiver coordinating to sustain an optimal data transfer flow: As the receiver processes the data segments, it acknowledges reception to the sender. The sender then sends more segments. - The TCP transport protocol is a connection-oriented protocol that can control the flow of data transmission to guarantee reliable transmissions. TCP on the sending host establishes a logical connection to TCP on the receiving host. This step is called three-way handshake, call setup, or virtual circuit setup. The sending host and the receiving host use this connection, or virtual circuit, to coordinate their data transfer. The connection is terminated when no more data needs to be transferred. Any host can initiate TCP connections.

Several types of data are particularly attractive to the miscreants of the cyber (under) world. Explain Personally identifiable information (PII)

This information includes names, dates of birth, addresses, and Social Security numbers (SSN).

Network Applications - Electronic Mail

This is a network application that allows the exchange of messages between two hosts. In fact, studies show that this network application is by far the most commonly used network application.

Malvertising

This is the act of incorporating malicious ads on trusted websites, which results in users' browsers being inadvertently redirected to sites hosting malware.

Network Applications - File Transfer and File Sharing

This network application allows the transfer of files from one computer host device to another. Several variations of this application exist, such as File Transfer Protocol (FTP), Secure FTP (SFTP), Network File System (NFS), and Server Message Block (SMB), but all versions serve the same purpose: To transfer files from one network host to another.

Network Applications - Voice over IP (VoIP) and Video over IP

This network application allows the transfer of voice and video signals over the Internet Protocol. Many Web sites stream video over the Internet today. These sites use some VoIP network application to wrap their video content in IP packets and send them over the network to the computer host that requested the streamed video content. Another example of VoIP is Cisco IP phones, which are being adopted today by many organizations to save costs by concentrating their phone and data traffic over the same IP infrastructure.

Network Applications - Remote Control

This network application allows you to control a computer host remotely from another host in the network. As with file transfer, several remote control applications exist, such as Windows Remote Desktop, Virtual Network Computing (VNC), and remote shell (rsh).

Network Applications - Shared Network Storage

This network application connects advanced specialized storage devices to a storage network, making them accessible to any computer host connected to that storage network. Storage networks can be either • Isolated, that is, connecting only to a few computer hosts locally • Connected to other data networks

Network Applications - High Availability (HA) and Parallel Processing

This network application enables computer hosts to act as a single logical host, sometimes also called a "Computer Cluster". The hosts use clustering software that manages the logical "supercomputer." The clustering software needs to have those physical computers interconnected in a network. Computer clusters are used for the following: • High availability: Several levels of high availability exist, but generally speaking, HA implies that whenever one of the physical computers in the cluster fails, the remaining computer(s) takes over the load of the failed computer. • Parallel Processing: In parallel processing, all physical computers in the cluster can process data at the same time, thereby improving processing speed and reliability. Both HA and parallel processing require a network connection between the physical computer hosts involved.

Data Center Networks

This network topology contains the Unified Computing System (UCS) servers, voice gateways, and CUCM servers supporting the VoIP environment, all of which is provided network connectivity by a series of Nexus switches. This network topology is protected by a set of firewalls at the edge that filters all traffic ingressing and egressing the Data Center.

Cloud, Wide-Area Network (WAN)

This network topology provides a logical and physical location for data and applications that an organization prefers to have moved off-site. This alleviates an organization from having to expend resources to operate, maintain, and manage the services that have been previously located within the organization's purview.

Auditing

This refers to accounting and keeping records about what is occurring on the network. Most of this can be automated through the features of authentication, authorization, and accounting (AAA). When events happen on the network, the records of those events can be sent to an accounting server. When this approach is used, those who are making changes on the network should not have direct access to modify or delete the accounting records that are kept on the accounting server.

Rule of Least Privilege

This rule states that minimal access is only provided to the required network resources, and not any more than that. An example of this is an access list applied to an interface for filtering that says "deny all." Before this, specific entries could be added allowing only the bare minimum of required protocols, and only then between the correct source and destination addresses.

Networks can be arranged in various topologies, or layouts: Point-to-Point

Two hosts connect directly to each other. The sending end of one host is connected to the receiving end of the other host. In its simplest form, the two hosts are connected with a crossover cable. This is usually the case in serial connections.

TCP/IP protocols at Layer 2 - CSMA/CD: Carrier Sense Multiple Access / Collision Detect Protocol

Used to allow the host and network device to share the bandwidth of a given interconnection medium.

TCP/IP protocols at Layer 2 - RARP: Reverse Address Resolution Protocol

Used to resolve (find) the logical (IP) address of a host or network device, when only its physical (MAC) address is known.

TCP/IP protocols at Layer 2 - ARP: Address Resolution Protocol

Used to resolve (find) the physical (MAC) address of a host or network device, when only its logical (IP) address is known.

What is AAA in Cisco IOS

Using authentication, authorization, and accounting (AAA) to verify the identity of a user, and what that user is authorized to do, is a great way to secure the management plane on a router or switch. This centralized database where all the usernames and passwords are kept for authentication and what the individual users are allowed to do (the authorization portion of AAA). This is primarily what the Access Control Server (ACS) can provide. It is a two-part process. The first part is to configure on the ACS server information about the users and their passwords and what those users are allowed to do. The second part is to tell the router that it should refer any of its decisions about authentication or Authorization to the ACS server.

What is the minimum size for an effective TACACS+ group of servers? a. 1 b. 2 c. 5 d. 6

a. 1

Which of the following might you find in a network that is based on a defense-indepth security implementation? (Choose all that apply.) a. Firewall b. IPS c. Access lists d. Current patches on servers

a. Firewall b. IPS c. Access lists d. Current patches on servers

Which of the following could likely cause an ACS authentication failure, even when the user is using the correct credentials? (Choose all that apply.) a. Incorrect secret on the ACS b. Incorrect IP address of the ACS configured on the router c. Incorrect routing d. Incorrect filtering between the ACS and the router

a. Incorrect secret on the ACS b. Incorrect IP address of the ACS configured on the router c. Incorrect routing d. Incorrect filtering between the ACS and the router

What is the primary purpose of the Integrated Services Routers (ISR) in the BYOD solution? a. Provide connectivity in the home office environment back to the corporate campus b. Provide WAN and Internet access for users on the corporate campus c. Enforce firewall-type filtering in the data center d. Provide connectivity for the mobile phone environment back to the corporate campus

a. Provide connectivity in the home office environment back to the corporate campus

Which devices or users would be clients of an ACS server? (Choose all that apply.) a. Routers b. Switches c. VPN users d. Administrators

a. Routers b. Switches

Which of the following are most likely to be used for authentication of a network administrator accessing the CLI of a Cisco router? (Choose all that apply.) a. TACACS+ b. Diameter c. RADIUS d. ACS

a. TACACS+ d. ACS

Where in the ACS do you go to create a new group of administrators? a. Users and Identity Stores > Identity Groups b. Identity Stores > Identity Groups c. Identity Stores and Groups > Identity Groups d. Users and Groups > Identity Groups

a. Users and Identity Stores > Identity Groups

Which security term refers to a person, property, or data of value to a company? a. Risk b. Asset c. Threat prevention d. Mitigation technique

b. Asset What is an asset? It is anything that is valuable to an organization. These could be tangible items (people, computers, and so on) or intangible items (intellectual property, database information, contact lists, accounting info). Knowing the assets that you are trying to protect and their value, location, and exposure can help you more effectively determine the time and money to spend securing those assets.

The Identity Services Engine (ISE) provides which of the following? a. Access, authentication, accounting b. Authentication, authorization, accounting c. Access, authorization, accounting d. Authentication, authorization, access

b. Authentication, authorization, accounting

Which statement is true for ACS 5.x and later? a. User groups are nested in network device groups. b. Authorization policies can be associated with user groups that are accessing specific network device groups. c. There must be at least one user in a user group. d. User groups can be used instead of device groups for simplicity.

b. Authorization policies can be associated with user groups that are accessing specific network device groups.

The purpose of the certificate authority (CA) is to ensure what? a. BYOD endpoints are posture checked b. BYOD endpoints belong to the organization c. BYOD endpoints have no malware installed d. BYOD users exist in the corporate LDAP directory

b. BYOD endpoints belong to the organization

Which of the following is not a motivation of malicious actors? a. Disruption b. Bug bounty awards c. Financial d. Geopolitical

b. Bug bounty awards - The Bug Bounty Reward program encourages security researchers to identify and submit vulnerability reports regarding virtually everything that bears the Bitdefender brand, including but not limited to the website, products and services.

With what can you configure AAA on the router? (Choose all that apply.) a. ACS b. CCP c. CLI d. TACACS+

b. CCP - The Compression Control Protocol (CCP) is responsible for configuring, enabling, and disabling data compression algorithms on both ends of the point-to-point link. It is also used to signal a failure of the compression/decompression mechanism in a reliable manner. c. CLI - Command-Line Interface (CLI) processes commands to a computer program in the form of lines of text. The program which handles the interface is called a command-line interpreter or command-line processor. Operating systems implement a command-line interface in a shell for interactive access to operating system functions or services.

Which of the following is not considered a type of DDoS attack? a. Directed b. Cached c. Reflected d. Amplified

b. Cached

Which data classification label is usually not found in a government organization? a. Unclassified b. Classified but not important c. Sensitive but unclassified d. For official use only e. Secret

b. Classified but not important Governmental classifications are: Unclassified, Sensitive but unclassified (SBU), Confidential, Secret, and Top secret Private sector classifications are: Public, Sensitive, Private, and Confidential Classification criteria are: Value, Age, Replacement cost, and Useful lifetime Classification roles are : Owner (the group ultimately responsible for the data, usually senior management of a company), Custodian (the group responsible for implementing the policy as dictated by the owner), and User (those who access the data and abide by the rules of acceptable use for the data)

Which three items are the primary network security objectives for a company? a. Revenue generation b. Confidentiality c. Integrity d. Availability

b. Confidentiality c. Integrity d. Availability

On the router, what should be created and applied to a vty line to enforce a specific set of methods for identifying who a user is? a. RADIUS server b. TACACS+ server c. Authorization method list d. Authentication method list

d. Authentication method list - Authentication is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing's identity, authentication is the process of verifying that identity. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate, determining the age of an artifact by carbon dating, or ensuring that a product or document is not counterfeit.

Which type of an attack involves lying about the source address of a frame or packet? a. Man-in-the-middle attack b. Denial-of-service attack c. Reconnaissance attack d. Spoofing attack

d. Spoofing attack

Which asset characteristic refers to risk that results from a threat and lack of a countermeasure? a. High availability b. Liability c. Threat prevention d. Vulnerability

d. Vulnerability A vulnerability is an exploitable weakness in a system or its design. Vulnerabilities can be found in protocols, operating systems, applications, and system designs. Vulnerabilities abound, with more discovered every day.

Broadcast Domain

Broadcasting sends a message to everyone on the local network (subnet). An example for Broadcasting would be DHCP Request from a Client PC. The Client is asking for a IP Address, but the client does not know how to reach the DHCP Server. So the client sends a DHCP Discover packet to EVERY PC in the local subnet (Broadcast). But only the DHCP Server will answer to the Request. Broadcast domains are exactly what they imply: they are network segments that allow broadcasts to be sent across them. Since switches and bridges allow for broadcast traffic to go unswitched, broadcasts can traverse collision domains freely. Routers, however, don't allow broadcasts through by default, so when a broadcast hits a router (or the perimeter of a VLAN), it doesn't get forwarded. The simple way to look at it is this way: switches break up collision domains, while routers (and VLANs) break up collision domains and broadcast domains. Also, a broadcast domain can contain multiple collision domains, but a collision domain can never have more than one broadcast domain associated with it.

Which of the following is not a valid defense against social engineering? a. Two-factor authentication b. Information classification c. Infrastructure hardening d. Physical security

c. Infrastructure hardening

Which tool provides the most granular information to help in the identification of malware? a. NetFlow b. Syslog c. Packet capture d. Server logs

c. Packet capture

Which of the following is not used for identification of malware on the network? a. NetFlow b. IPS events c. Routing Information Base (RIB) d. Packet captures

c. Routing Information Base (RIB) or Routing Table is a data table that lists the routes to network destinations, and in some cases, metrics (distances). The Routing Table contains information about the topology of the network.

Which of the following allows for granular control related to authorization of specific Cisco IOS commands that are being attempted by an authenticated and authorized Cisco router administrator? a. RADIUS b. Diameter c. TACACS+ d. ISE

c. TACACS+ Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol developed by Cisco and released as an open standard beginning in 1993. Although derived from TACACS, TACACS+ is a separate protocol that handles authentication, authorization, and accounting (AAA) services. TACACS+ have largely replaced their predecessors.

Which of the following is not a business driver for a BYOD solution? a. Need for employees to work anywhere and anytime b. Increase in the type of devices needed and used by employees to connect to the corporate network c. The lack of IPv4 address space d. Fluidity of today's work schedules

c. The lack of IPv4 address space

Why is UDP the "protocol of choice" for reflected DDoS attacks? a. There are more application choices when using UDP. b. UDP requires a three-way handshake to establish a connection. c. UDP is much more easily spoofed. d. TCP cannot be used in DDoS attacks.

c. UDP is much more easily spoofed.

Which component provides Wi-Fi access for employees in home offices, branch offices, and on the corporate campus? a. WLAN controllers (WLC) b. Cisco AnyConnect Client c. Wireless access points (AP) d. Identity Services Engine (ISE)

c. Wireless access points (AP)

From the router, which method tests the most about the ACS configuration, without forcing you to log in again at the router? a. ping b. traceroute c. test aaa d. telnet

c. test aaa

Which of the following is not enabled through the use of the Cisco AnyConnect Client? a. 802.1X b. VPN c. AAA d. Posture checking

c. AAA - Authentication, Authorization, Accounting

Which of the following is not a form of social engineering? a. Phone scams b. Phishing c. Denial of service (DoS) d. Malvertising

c. Denial of service (DoS)

Which of the following represents a physical control? a. Change control policy b. Background checks c. Electronic lock d. Access lists

c. Electronic lock

Cisco Device Memory: Five areas comprise the memory of Cisco devices. These memory areas are used to store static and dynamic device configuration data. ✦ Read-Only Memory (ROM): ✦ Flash Memory: ✦ Nonvolatile Random-Access Memory (NVRAM): ✦ Random-Access Memory (RAM): ✦ Configuration Register: Explain Random-Access Memory (RAM)

"IT" stores the running configuration. This is the dynamic data that changes while the Cisco device is in normal operation mode. This includes the Address Resolution Protocol (ARP) cache (MAC address tables), routing tables, STP data, VLAN data, EtherChannel configuration data, and temporary buffers. "IT" does not keep its contents when the Cisco device is powered down. Upon startup, "IT" is initialized with contents from NVRAM.

Tools and technologies provide network administrators with the ability to identify the existence of malware on the network. Explain IPS Events

(Intrusion Protection System) IPS Events: When using IPS devices on your network, it is possible to leverage the alarms triggered on the IPS device as an emergency flare that network traffic should be further analyzed for the presence of malware. Often, IPS devices have signatures for specific strains of malware, which, when triggered, can be an indication that malicious traffic exists on the network.

"IT" is a 2-byte (16-bit) area of NVRAM that holds a numeric value that defines how the Cisco device starts up. By default, the value stored in "IT" instructs the bootstrap program to load the Cisco IOS from flash memory and to load the startup configuration from NVRAM. You can change the value of the configuration register from the ROMMON prompt. To get to the rommon> prompt, you need to break out of the bootstrap process by pressing Ctrl+Break while the Cisco device is booting up.

"IT" stores the Cisco Internetwork Operating System (IOS). IT keeps its contents even when the Cisco device is powered down. "IT" is kept on EEPROM chips, on PCMCIA cards, or on CompactFlash cards. The PCMCIA and CompactFlash cards can be accessed either internally on the Cisco device motherboard or externally through a PCMCIA or CompactFlash external slot. - Personal Computer Memory Card International Association (PCMCIA)

Hub

- A simple network can be three hosts connected to a hub. A hub works very much like a multiplexer, or a multiple socket power bar: Hosts connect to the hub, and they can "speak" and "hear" each other. - An Ethernet hub, active hub, network hub, repeater hub, multiport repeater, or simply hub is a network hardware device for connecting multiple Ethernet devices together and making them act as a single network segment. It has multiple input/output (I/O) ports, in which a signal introduced at the input of any port appears at the output of every port except the original incoming. A hub works at the physical layer (layer 1) of the OSI model. A repeater hub also participates in collision detection, forwarding a jam signal to all ports if it detects a collision. - A hub is basically a multiplexed connection device: All devices connected to a hub can send frames to all other devices connected to the hub. A hub sends frames it receives on all ports, except on the port where the frame is received. Thus, even if a frame is only addressed to one of the six hosts plugged in to the hub, in reality, all five hosts, other than the sending host, will receive the frame. Four hosts will have to discard the frame because it is not addressed to them. Some hubs also amplify the electrical signal before sending it on all ports other than the originating port. Those hubs are also repeaters.

Computer Host Devices

- Can be any other devices used to access the network, including servers, workstations, personal computers, smart phones, and laptops. - A network host is a computer or other device connected to a computer network. A host may work as a server offering information resources, services, and applications to users or other hosts on the network. Hosts are assigned at least one network address.

Networking Concepts - Bandwidth

- The maximum amount of information (Bits/Second) that can be transmitted on a transmission medium. - In computing, bandwidth is the maximum rate of data transfer across a given path. Bandwidth may be characterized as network bandwidth, data bandwidth, or digital bandwidth.

Switch

- You can segment a network using a data link layer switch instead of a hub. Data-link switches are also called Layer 2 switches, because the data link layer is the second layer in the TCP/IP protocol stack. Switches segment networks into one collision domain per port. A collision domain is a logical space where messages can collide. - A network switch (also called switching hub, bridging hub, officially MAC bridge) is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A network switch is a multiport network bridge that uses MAC addresses to forward data at the data link layer (layer 2) of the OSI model. Some switches can also forward data at the network layer (layer 3) by additionally incorporating routing functionality. Such switches are commonly known as layer-3 switches or multilayer switches. - A switch is smarter (and more expensive) than a hub: It learns about devices that send frames into the switch. A switch builds a MAC address table that lists the MAC address of the host device that is sending on each port. Whenever a frame enters the switch, the switch looks at the destination MAC address of the frame. Then, the switch looks into its MAC address table and identifies the port that corresponds to the destination MAC address of the frame. It then sends the frame only on that port.

The International Organization for Standardization (ISO) defined the Open Systems Interconnection (OSI) reference model to standardize networking of devices from different vendors. The OSI reference model is mostly an architecture blueprint that networking and computer device manufacturers implement. A layer serves the layer above it and is served by the layer below it. For example, a layer that provides error-free communications across a network provides the path needed by applications above it, while it calls the next lower layer to send and receive packets that constitute the contents of that path. What Are the Seven-Layers of the OSI Model?

7. Application layer 6. Presentation layer 5. Session layer 4. Transport layer 3. Network layer 2. Data link layer 1. Physical layer

What are three benefits of implementing VLANs? (Choose three.) A. A higher level of network security can be reached by separating sensitive data traffic from other network traffic. B. A more efficient use of bandwidth can be achieved allowing many physical groups to use the same network infrastructure. C. A more efficient use of bandwidth can be achieved allowing many logical networks to use the same network infrastructure. D. Broadcast storms can be mitigated by decreasing the number of broadcast domains, thus increasing their size. E. Port-based VLANs increase switch-port use efficiency, thanks to 802.1Q trunks. F. VLANs make it easier for IT staff to configure new logical groups, because the VLANs all belong to the same broadcast domain. G. Broadcast storms can be mitigated by increasing the number of broadcast domains, thus reducing their size.

A. A higher level of network security can be reached by separating sensitive data traffic from other network traffic. C. A more efficient use of bandwidth can be achieved allowing many logical networks to use the same network infrastructure. G. Broadcast storms can be mitigated by increasing the number of broadcast domains, thus reducing their size.

What does the positive acknowledgment and retransmission (PAR) TCP process ensure? A ❍ That all TCP segments are received within a certain time period B ❍ That all UDP segments are received within a certain time period C ❍ That all TCP/IP segments are received within a certain time period D ❍ That all IP segments are received within a certain time period

A. All TCP segments are received within a certain time period. The positive acknowledgment and retransmission (PAR) TCP process ensures that all TCP segments are received within a certain time period.

Computer networks do which of the following? A ❍ Allow computer hosts to communicate data between each other B ❍ Provide a user interface to control computer hosts C ❍ Provide a user interface to control networking devices D ❍ Operate solar power stations

A. Allow computer hosts to communicate data between each other. Networks allow computers to communicate.

What do distribution layer switches and routers manage? A ❍ NAT (Network Address Translation), ACLs (access control lists), firewalls, inter-LAN and inter-VLAN routing B ❍ NAT (Network Address Translation), ACLs (access control lists), firewalls, routing within LANs and routing within VLANs C ❍ NAT (Network Address Translation), ACLs (access control lists), firewalls D ❍ All of the above

A. Distribution layer switches and routers typically manage NAT (Network Address Translation), ACLs (access control lists), firewalls, and inter-LAN and inter-VLAN routing.

What is the main purpose of the CSMA/CD protocol? A ❍ To monitor a shared carrier medium used by several computer hosts to transmit data and to detect frame collisions when they occur B ❍ To monitor a shared network interface card (NIC) used by several computer hosts to transmit data and to detect frame collisions when they occur C ❍ To monitor MAC addresses of incoming traffic on a network interface card (NIC) on a computer host and to detect frame collisions when they occur D ❍ To monitor MAC addresses of full-duplex traffic on a network interface card (NIC) on a computer host and to detect frame collisions when they occur

A. Monitor a shared carrier medium used by several computer hosts to transmit data, and detect frame collisions when they occur. The CSMA/CD protocol monitors a shared carrier medium used by several computer hosts to transmit data, and detect frame collisions when they occur.

Which three statements about link-state routing are true? (Choose three.) A. OSPF is a link-state protocol. B. Updates are sent to a broadcast address. C. It uses split horizon. D. Routes are updated when a change in topology occurs. E. RIP is a link-state protocol. F. Updates are sent to a multicast address by default.

A. OSPF is a link-state protocol. D. Routes are updated when a change in topology occurs. F. Updates are sent to a multicast address by default.

What does the three-way handshake process allow two hosts to do? A ❍ Open a bidirectional TCP connection B ❍ Open a bidirectional IP channel C ❍ Open a bidirectional UDP session D ❍ All of the above

A. Open a bi-directional TCP connection. The three-way handshake process allows two hosts to open a bi-directional TCP connection.

A routed protocol is a Layer 3 (network layer) protocol that does which of the following? A ❍ Route data packets B ❍ Send route update packets C ❍ Route data packets and send route update packets D ❍ All of the above

A. Route data packets. A routed protocol is a Layer 3 (network layer) protocol that routes data packets.

What does independence of layer functionality allow? A ❍ Layers to change internally without impacting other layers B ❍ Layers to interact with network hardware C ❍ Layers to interact with network software D ❍ Layers to migrate from one operating system to another

A. The independence of layer functionality allows each network layer to change without affecting the other.

What is the main advantage of wireless LANs? A ❍ Elimination of wired connections B ❍ Elimination of crosstalk C ❍ Elimination of signal attenuation D ❍ All of the above

A. The main advantage of wireless connections is the elimination of wired connections.

To ensure that the core layer in the Cisco hierarchical network model is highly available, you need to do which of the following? A ❍ Design redundancy into the network: redundant routing, redundant links to distribution layer, redundant power supplies, redundant cooling systems B ❍ Design the network using blade hardware only: use only blade-based routers when designing core layer connectivity C ❍ Design the core layer using Layer 2 switches only D ❍ All of the above

A. To ensure that the core layer in the Cisco hierarchical network model is highly available, you need to design redundancy into the network: redundant routing, redundant links to the distribution layer, redundant power supplies, and redundant cooling systems.

Which two spanning-tree port states does RSTP combine to allow faster convergence? (Choose two.) A. blocking B. learning C. forwarding D. discarding E. listening AE

A. blocking E. listening

A receiving host computes the checksum on a frame and determines that the frame is damaged. The frame is then discarded. At which OSI layer did this happen? A. session B. transport C. network D. data link E. physical

Answer: D The Data Link layer provides the physical transmission of the data and handles error notification, network topology, and flow control. The Data Link layer formats the message into pieces, each called a data frame, and adds a customized header containing the hardware destination and source address. Protocols Data Unit (PDU) on Datalink layer is called frame.

The core layer in the Cisco hierarchical network model is the layer that provides which of the following? A ❍ Very high-speed, very highly available connectivity between large local networks B ❍ Very high-speed, very highly available connectivity between large global networks C ❍ Very high-speed, very highly available connectivity for hosts D ❍ Very high-speed, very highly available connectivity for IP phones

B. The core layer in the Cisco hierarchical network model is the layer that provides very high-speed, very highly available connectivity between large global networks. Access - controls user and workgroup access to the resources on the network. This layer usually incorporates Layer 2 switches and access points that provide connectivity between workstations and servers. You can manage access control and policy, create separate collision domains, and implement port security at this layer. Distribution - serves as the communication point between the access layer and the core. Its primary functions are to provide routing, filtering, and WAN access and to determine how packets can access the core. This layer determines the fastest way that network service requests are accessed. This layer usually consists of routers and multilayer switches. Core - also referred to as the network backbone, this layer is responsible for transporting large amounts of traffic quickly. The core layer provides interconnectivity between distribution layer devices it usually consists of high speed devices, like high end routers and switches with redundant links.

Describe wireless networks. A ❍ Short- or medium-range networks that connect host devices using satellites B ❍ Short- or medium-range networks that connect host devices using airwaves C ❍ Short- or medium-range networks that connect host devices using optical fiber D ❍ All of the above

B. Wireless networks connect host devices over short or medium distances using airwaves.

Where does routing occur within the DoD TCP/IP reference model? A. application B. internet C. network D. transport

B. internet - Internet Layer of TCP/IP is equivalent to the Network Layer which is responsible for routing decision.

Which interface counter can you use to diagnose a duplex mismatch problem? A. no carrier B. late collisions C. giants D. CRC errors E. deferred F. runts

B. late collisions

Boot Image (Rx-boot): The Boot Image (Rx-boot) is a subset of the Cisco IOS. The Rx-boot image is used to download the Cisco IOS to the Cisco device from a Trivial File Transfer Protocol (TFTP) server whenever the IOS needs to be upgraded, or whenever the IOS needs to be replaced. The Rx-boot image is accessed from the (boot)> prompt on a Cisco device.

Bootstrap Program: This program brings up the Cisco device by loading the Cisco IOS stored in flash memory. The bootstrap program is run right after the POST.

Explain the BYOD Solution Component - Cloud Web Security (CWS)

Formerly ScanSafe, Cisco Cloud Web Security (CWS) provides enhanced security for all the BYOD solution endpoints while they access Internet websites using publicly available wireless hotspots and 3G, 4G, and 4G LTE mobile networks.

Several types of data are particularly attractive to the miscreants of the cyber (under) world. Explain the Desire for Credit/Debit Cards.

In addition to PII, which is often stolen/compromised during data breaches, credit and debit card information (the information contained on the magnetic stripe or within the embedded chip in chip and pin cards) is extremely desired by the malicious actors to make purchases.

Network security objectives usually involve three basic concepts: CIA "triad". Explain the "I" in Regards to CIA Acronym

Integrity: Integrity for data means that changes made to data are done only by authorized individuals/systems. Corruption of data is a failure to maintain data integrity.

Networks can be arranged in various topologies, or layouts: Explain Mesh Topology

Multiple hosts are connected point to point to each other. These are multiple point-to-point connections that typically link every host in the network with every other host in the network. You find two types of mesh topologies: • Full-Mesh Topologies provide several connections between hosts in the network, thereby improving reliability. The cost is high, though. • Partial-Mesh Topologies are a good compromise because they can offer multiple connections for certain mission-critical hosts, yet they present cost savings over full-mesh configurations.

Tools and technologies provide network administrators with the ability to identify the existence of malware on the network. Explain NGIPS

NGIPS: The Cisco FirePOWER Next-Generation Intrusion Prevention System (NGIPS) solution provides multiple layers of advanced threat protection at high inspection throughput rates. The NGIPS threat protection solution is centrally managed through the Cisco FireSIGHT Management Center and can be expanded to include additional features such as AMP, application visibility and control, and URL filtering.

Explain the BYOD Solution Component - Certificate Authority

Server provides for, among other things, the onboarding of endpoints that meet certificate requirements for access to the corporate network. This Server ensures that only devices with corporate certificates can access the corporate network.

You find two configurations on Cisco switches and routers: ✦ the Startup Configuration ✦ the Running Configuration Explain Running Configuration

The running configuration is the dynamic data that changes while the Cisco device is in normal operation mode. This includes the ARP cache (MAC address tables), routing tables, STP data, VLAN data, EtherChannel configuration data, and temporary buffers. The Cisco IOS loads the startup configuration from NVRAM into RAM during the boot process. After it's in RAM, the startup configuration becomes the running configuration and can change dynamically. You can save the running configuration to NVRAM to replace the startup configuration with updated data. To do this, use the "copy running-config startup-config" Cisco IOS command. You can also save the running configuration to a file on a computer host.

You find two configurations on Cisco switches and routers: ✦ the Startup Configuration ✦ the Running Configuration Explain Startup Configuration

The startup configuration is the configuration that the Cisco IOS loads when it boots up. The startup configuration is stored in NVRAM, which keeps its contents even when the Cisco device is powered down. Cisco switches and routers start in setup mode to allow you to create a startup configuration whenever no startup configuration exists in NVRAM. After you complete the setup mode, you are prompted to save the configuration to NVRAM. If you answer yes, the configuration you created is saved to NVRAM: It becomes the startup configuration. You can also manually save the current configuration to NVRAM by using the copy running-config startupconfig Cisco IOS command. Cisco devices use the startup configuration data to configure the device before normal operation starts. The Cisco IOS loads the startup configuration from NVRAM into RAM. At that point, the startup configuration becomes the running configuration. The switch is up and ready in normal operation mode.

Layer 2: Data link

This layer does the following: ✦ Transmits the data on the physical medium. ✦ Routes the data locally on the physical network medium. This layer uses physical addresses assigned to each physical network device in the local network to route data from one physical device to another. ✦ This layer receives each packet from the network layer on the sending host and wraps it in a data frame along with local routing data. ✦ This layer sends each data frame down to the physical layer to code an electrical or optical signal to transmit the data frame over a wire or over the air (wireless transmission). ✦ On the receiving host, this layer unwraps the data frame received to extract the packet and sends it to the network layer. - This layer provides node-to-node data transfer — a link between two directly connected nodes. It detects and possibly corrects errors that may occur in the physical layer. It defines the protocol to establish and terminate a connection between two physically connected devices. It also defines the protocol for flow control between them. IEEE 802 divides this layer into two sublayers: ✦ Medium access control (MAC) layer - responsible for controlling how devices in a network gain access to a medium and permission to transmit data. ✦ Logical link control (LLC) layer - responsible for identifying and encapsulating network layer protocols, and controls error checking and frame synchronization.

6. Presentation layer

This layer is mostly concerned with data format. It converts the data between different formats so that both the sender and the receiver can use heterogeneous data. For example, mail messages contain various data formats: text, application attachments, video, audio, and graphical signature. ✦ The presentation layer on the sending host receives the data payload from the application layer. ✦ The presentation layer on the sending host converts the data into a format that is easily transportable over the network. ✦ The presentation layer on the receiving host converts the data from the network format back to its native format that can be easily interpreted, used, and displayed by the application layer above. - This layer establishes context between application-layer entities, in which the application-layer entities may use different syntax and semantics if the presentation service provides a mapping between them. If a mapping is available, presentation protocol data units are encapsulated into session protocol data units and passed down the protocol stack. This layer provides independence from data representation by translating between application and network formats. The presentation layer transforms data into the form that the application accepts. This layer formats data to be sent across a network.

Layer 1: Physical

This layer provides the electrical, optical, or over-the-air connection between the sending host device and the receiving host device. This typically involves copper or fiber-optic cabling, or wireless radio connections, patch panels, signal repeaters, submarine cables, or satellites.... you do need to understand that data is always converted into bits that can be transmitted over a medium using electrical current or optical signals that simulate a 1 (signal) or a 0 (no signal). In a nutshell, this layer defines mechanical, electrical, optical, radio, procedural, and functional standards to enable the transmission of data-link (Layer 2) frames over a certain transmission medium. These standards define how a physical link is built, activated, maintained, and deactivated to enable transmissions between DTE (data terminal equipment) and DCE (data communications equipment). DTEs are host devices. DCEs are network devices, that is, any device that stands between two host devices. - This layer is responsible for the transmission and reception of unstructured raw data between a device and a physical transmission medium. It converts the digital bits into electrical, radio, or optical signals. Layer specifications define characteristics such as voltage levels, the timing of voltage changes, physical data rates, maximum transmission distances, modulation scheme, channel access method and physical connectors. This includes the layout of pins, voltages, line impedance, cable specifications, signal timing and frequency for wireless devices. Bit rate control is done at this layer.

Layer 7: Application Layer

This layer represents the various network applications such as e-mail reader, Web browser, Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Network File System (NFS). ✦ This Layer provides a user interface and processes network data. ✦ This Layer on the sending host produces the network data to be transmitted from the sender host. ✦ This Layer on the receiving host consumes the network data produced and transmitted by the sender host. This layer is the OSI layer closest to the end user. This layer interacts with software applications that implement a communicating component. This layer function(s) typically include identifying communication partners, determining resource availability, and synchronizing communication.

Layer 3: Network

This layer routes data packets across networks that link the sending and the receiving host. In a nutshell, This layer does the following: ✦ Chooses the best route to send packets between hosts. ✦ Assigns logical addresses to all devices in the network to be able to identify each source host and each destination host, as well as each network through which packets need to be routed. Logical addresses are assigned at the network protocol level. Physical addresses are assigned on a physical device, such as a network card. ✦ Receives each data segment from the transport layer on the sending host and wraps it in a data packet along with routing data. The packet is sent down to the data link layer to send it over the network physical medium. ✦ On the receiving host, This layer unwraps the packet received to extract the data segment and sends it up to the transport layer. Several protocols operate at this layer, such as IP, IPX, AppleTalk, and SNA, but the CCNA test is only concerned with IP. The Internet Protocol (IP) is the TCP/IP implementation of this layer. IP addresses are logical addresses provided by the IP in TCP/IP.

Covert Channel Attack Method

This method uses programs or communications in unintended ways. For example, if the security policy says that web traffic is allowed but peer-to-peer messaging is not, users can attempt to tunnel their peer-to-peer traffic inside of HTTP traffic. An attacker may use a similar technique to hide traffic by tunneling it inside of some other allowed protocol to avoid detection. An example of this is a backdoor application collecting keystroke information from the workstation and then slowly sending it out disguised as Internet Control Message Protocol (ICMP).

Wi-Fi Protected Access (WPA) : WPA is a security certification program that was created by the Wi-Fi Alliance to secure wireless networks. The Wi-Fi Alliance is a group of wireless device manufacturers. The group includes Cisco. One the goals of the WPA program is to provide a more secure alternative to the Wired Equivalent Privacy (WEP) security protocol previously used in wireless networks. Two versions of WPA wireless security exist today: WPA-1 and WPA-2. Explain WPA-1

WPA-1 is an improvement over WEP. WPA-1 uses Temporal Key Integrity Protocol (TKIP). The basic input-output system (BIOS) of most wireless network interface cards, even as old as 1999, can be upgraded to support WPA-1. However, wireless access point (WAP) devices require modification to support WPA-1. Hence, most WAP devices built before 2003 do not support WPA-1. To summarize, most wireless devices, both NICs and WAPs, and host operating systems built after 2003, support WPA-1. The Wi-Fi Alliance tests and certifies wireless NIC and WAP devices to determine whether they comply with the WPA-1 standard. If they do, a WPA-1 logo is visible on the packaging and on the device. TKIP was designed by the IEEE 802.11i task group and the Wi-Fi Alliance as an interim solution to replace WEP without requiring the replacement of legacy hardware.

WPA-2 is defined by the IEEE 802.11i standard. This fixes WEP shortcomings as well as some flaws discovered in TKIP (Temporal Key Integrity Protocol) used in WPA-1. WPA-2 does not use TKIP. Instead, it uses the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) encryption algorithm, which is considered fully secure. WPA-2 is currently the most secure wireless security protocol. Not all wireless NIC and WAP devices support WPA-2. Particularly, devices manufactured before 2004 do not typically comply with the WPA-2 Wi-Fi certification. The Wi-Fi Alliance tests and certifies wireless NIC and WAP devices to determine whether they comply with the WPA-2 standard. If they do, a WPA-2 logo is visible on the packaging and on the device.

Separation of Duties

When you place specific individuals into specific roles, there can be checks and balances in place regarding the implementation of the security policy. Rotating individuals into different roles periodically will also assist in verifying that vulnerabilities are being addressed, because a person who moves into a new role will be required to review the policies in place.

NetFlow provides which of the following? a. Detailed data about each packet on the network b. Troubleshooting messages about the network devices c. Information on the types of traffic traversing the network d. Network names of routers, end hosts, servers

c. Information on the types of traffic traversing the network

Which two approaches to security provide the most secure results on day one? a. Role based b. Defense in depth c. Authentication d. Least privilege

b. Defense in depth d. Least privilege Defense in depth - This concept suggests that you have security implemented on nearly every point of your network. An example is filtering at a perimeter router, filtering again at a firewall, using IPSs to analyze traffic before it reaches your servers, and using host-based security precautions at the servers, as well. Additional methods that can be used to implement a defense-in-depth approach include using authentication and authorization mechanisms, web and e-mail security, content security, application inspection monitoring, traffic monitoring, and malware protection. The concept behind defense in depth is that if a single security technology fails, additional levels, or mechanisms, of security are still in place to protect the data, applications, and devices on the network. Rule of least privilege - This rule states that minimal access is only provided to the required network resources, and not any more than that. An example of this is an access list applied to an interface for filtering that says "deny all." Before this, specific entries could be added allowing only the bare minimum of required protocols, and only then between the correct source and destination addresses.

Which is not a function of mobile device management (MDM)? a. Enforce strong passwords on BYOD devices b. Deploy software updates to BYOD devices c. Remotely wipe data from BYOD devices d. Enforce data encryption requirements on BYOD devices

b. Deploy software updates to BYOD devices

Which is not an advantage of an On-Premise MDM solution? a. Higher level of control over the BYOD solution b. Ease of deployment and operation of the BYOD solution c. Ability to meet regulatory requirements d. Security of the overall BYOD solution

b. Ease of deployment and operation of the BYOD solution

What is the primary motivation for most attacks against networks today? a. Political b. Financial c. Theological d. Curiosity

b. Financial

Which of the following is leveraged in social engineering? a. Software vulnerabilities b. Human nature c. Protocol violations d. Application issues

b. Human nature

The purpose of the RSA SecurID server/application is to provide what? a. Authentication, authorization, accounting (AAA) functions b. One-time password (OTP) capabilities c. 802.1X enforcement d. VPN access

b. One-time password (OTP) capabilities

Which is not an advantage of a cloud-based MDM solution? a. Scalability of the MDM solution b. Security of the overall MDM solution c. Flexibility in deploying the MDM solution d. Speed of deployment of MDM solution

b. Security of the overall Mobile Device Management solution

Which type of data is not often attractive to malicious actors? a. Personally identifiable information (PII) b. Training schedules c. Credit and debit card data d. Intellectual property (IP)

b. Training schedules

In relation to production networks, which of the following are viable options when dealing with risk? (Choose all that apply.) a. Ignore it b. Transfer it c. Mitigate it d. Remove it

Cisco Certified Network Associate (CCNA)

Related study sets

Data Mining Exam 1: Lecture 3

econ, chapter 19 - public goods and tragety of the commons

Computers in Health Care Units 1 2 3 4

Exam 2

Micro- Exam 1

intermediate chap 23

Tax Accounting - Chapter 4

Unit 2-2 Lesson 13

US Government Chapter 7

ACC 202 EXAM 1

Strategic Management: Exam 1 Study Guide

AP Bio Unit 6 DNA and Gene expression review

Module2HW

CFA Level I - Corporate Finance

Introduction to Ammunition

4-Authzd Relps Duties and Disclosre

IB Chemistry HL - Unit 10 Organic Chemistry

Final prep

PUR 3000 Exam 1

MNGT 4800 EXAM 1