Net Auth Exam 1
Users report to the helpdesk that icons usually seen on the menu bar are randomly appearing on their computer screens. What could be a reason that computers are displaying these random graphics? An access attack has occurred. A virus has infected the computers. A DoS attack has been launched against the network. The computers are subject to a reconnaissance attack. The user purchased an over the counter virus control product
A virus has infected the computers.
If AAA is already enabled, which three CLI steps are required to configure a router with a specific view (Choose three.) Assign a secret password to the view. Assign commands to the view. Assign users who can use the view. Associate the view with the root view. Create a superview using the�parser view�view-name�command. Create a view using the�parser view�view-name�command.
Assign a secret password to the view. Assign commands to the view. Create a view using the�parser view�view-name�command.
What is an effect if AAA authorization on a device is not configured? All authorization requests to the TACACS server receive a REJECT response. Authenticated users are granted full access rights. User access to specific services is determined by the authentication process. Character mode authorization is limited, and packet mode denies all requests.
Authenticated users are granted full access rights.
Which two options provide secure remote access to a router? (Choose two.) CHAP HTTP HTTPS SSH Telnet
HTTPS SSH
Which statement accurately characterizes the evolution of network security? Internal threats can cause even greater damage than external threats. Internet architects planned for network security from the beginning. Early Internet users often engaged in activities that would harm other users. Threats have become less sophisticated while the technical knowledge needed by an attacker has grown.
Internal threats can cause even greater damage than external threats.
What is the purpose of the�none�keyword in an AAA authentication configuration? It completely disables AAA authentication on the device. It prevents users from logging in to the device remotely. It only allows users with privilege level 15 to log in to the device. It allows users to log into the device without credentials if all other authentication methods fail. It allows nothing to happen.
It allows users to log into the device without credentials if all other authentication methods fail.
Which of the following can be used to falsify routing information, cause DoS attacks, or cause traffic to be redirected? Question options: Spooing Routing Protocol (SRP) Routing Protocol Flooding Spoofing Protocol Routing (SPR) Routing Protocol Spoofing Routing Protocol Detour
Routing Protocol Spoofing
Which OSPF authentication should be used wherever possible, because MD5 authentication is considered vulnerable to attacks? SHA The MC5 WEP SSH There is no authentication is OSPF
SHA
Which element of an SNMP implementation can be configured to respond to requests as well as to forward notifications? MIB SNMP manager SNMP agent OID O-SNMP
SNMP agent
Which Cisco network security tool is a cloud-based service that provides alerts to network professionals about current network attacks? IPS Snort IDS Security Intelligence Operations zone-based policy firewall
Security Intelligence Operations
What is a characteristic of TACACS+? TACACS+ is an open IETF standard. TACACS+ is backward compatible with TACACS and XTACACS. TACACS+ provides authorization of router commands on a per-user or per-group basis. TACACS+ uses UDP port 1645 or 1812 for authentication, and UDP port 1646 or 1813 for accounting.
TACACS+ provides authorization of router commands on a per-user or per-group basis.
Which statement identifies an important difference between TACACS+ and RADIUS? TACACS+ provides extensive accounting capabilities when compared to RADIUS. The RADIUS protocol encrypts the entire packet transmission. The TACACS+ protocol allows for separation of authentication from authorization. RADIUS can cause delays by establishing a new TCP session for each authorization request.
The TACACS+ protocol allows for separation of authentication from authorization.
Which two are characteristics of DoS attacks? (Choose two.) They always precede access attacks. They attempt to compromise the availability of a network, host, or application. They are difficult to conduct and are initiated only by very skilled attackers. They are commonly launched with a tool called L0phtCrack. Examples include smurf attacks and ping of death attacks.
They attempt to compromise the availability of a network, host, or application. Examples include smurf attacks and ping of death attacks.
What is a drawback of the local database method of securing device access that can be solved by using AAA with centralized servers? There is no ability to provide accountability. It is very susceptible to brute-force attacks because there is no username. The passwords can only be stored in plain text in the running configuration. User accounts must be configured locally on each device, which is an unscalable authentication solution. It is useless in a global economy. AAA provides free road-side assitance
User accounts must be configured locally on each device, which is an unscalable authentication solution.
Which statement describes phone freaking? A hacker uses password-cracking programs to gain access to a computer via a dialup account. A hacker gains unauthorized access to networks via wireless access points. A hacker mimics a tone using a whistle to make free long-distance calls on an analog telephone network. A hacker uses a program that automatically scans telephone numbers within a local area, dialing each one in search of computers, bulletin board systems, and fax machines. You must be 21 years or older to answer this question
A hacker mimics a tone using a whistle to make free long-distance calls on an analog telephone network.
What is a significant characteristic of virus malware? A virus is triggered by an event on the host system. Once installed on a host system, a virus will automatically propagate itself to other systems. A virus can execute independently of the host system. Virus malware is only distributed over the Internet. Malware does not really exist
A virus is triggered by an event on the host system.
Which two statements are characteristics of a virus? (Choose two.) A virus typically requires end-user activation. A virus has an enabling vulnerability, a propagation mechanism, and a payload. A virus replicates itself by independently exploiting vulnerabilities in networks. A virus provides the attacker with sensitive data, such as passwords. A virus can be dormant and then activate at a specific time or date.
A virus typically requires end-user activation. A virus can be dormant and then activate at a specific time or date.
Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack? HTTP CDP FTP LLDP LMNOP
CDP
What tool is available through the Cisco IOS CLI to initiate security audits and to make recommended configuration changes with or without administrator input? Cisco ACS Control Plane Policing Cisco AutoSecure Simple Network Management Protocol Cisco CLI Secure Plus
Cisco AutoSecure
Which task is necessary to encrypt the transfer of data between the ACS server and the AAA-enabled router? Question options: Specify the�single-connection�keyword. Create a VPN tunnel between the server and the router. Configure the key exactly the same way on the server and the router. Use identical reserved ports on the server and the router. Nothing, ACS servers automatically encrypts data.
Configure the key exactly the same way on the server and the router.
The Cisco Network Foundation Protection framework has three functional areas. The ________ �plane of a router is responsible for routing packets correctly.
Control
What is the meaning of the principle of minimum trust when used to design network security? All network and internetwork data communications should be encrypted. Accounts should be disabled after a specific number of unsuccessful logins. Devices in networks should not access and use one another unnecessarily and unconditionally. Encrypted and one-time passwords should be used at all times. Network access should be controlled by multifactor authentication.
Devices in networks should not access and use one another unnecessarily and unconditionally.
What is the first required task when configuring server-based AAA authentication? Configure the type of AAA authentication. Enable AAA globally. Specify the type of server providing the authentication. Configure the IP address of the server. aaa accounting network start-stop group radius aaa accounting network start-stop group tacacs+
Enable AAA globally.
Antivirus software can prevent viruses from entering the network. True False
False
When configuring a method list for AAA authentication, what is the effect of the keyword local? It accepts a locally configured username, regardless of case. It defaults to the vty line password for authentication. The login succeeds, even if all methods return an error. It uses the enable password for authentication.
It accepts a locally configured username, regardless of case.
Why is the�username�name�algorithm-type scrypt secret�password�command preferred over the�username�name�secret�password�command? It uses the MD5 algorithm for encrypting passwords. It uses the standard type 7 algorithm for encrypting passwords. It uses the SCRYPT algorithm for encrypting passwords. It does not require the�login local�command to enable the local database for authentication. It requires an already encrypted password to be accepted.
It uses the SCRYPT algorithm for encrypting passwords.
What is the biggest issue with local implementation of AAA? Local implementation cannot provide secure authentication. Local implementation supports only RADIUS servers. Local implementation supports only TACACS+ servers. Local implementation does not scale well.
Local implementation does not scale well.
Which two statements describe access attacks? (Choose two.) Port redirection attacks use a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN. Password attacks can be implemented using brute-force attack methods, Trojan Horses, or packet sniffers. Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or exploit systems to execute malicious code. Port scanning attacks scan a range of TCP or UDP port numbers on a host to detect listening services. Trust exploitation attacks can use a laptop acting as a rogue access point to capture and copy all network traffic in a public location on a wireless hotspot.
Password attacks can be implemented using brute-force attack methods, Trojan Horses, or packet sniffers.Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or exploit systems to execute malicious code.
Which statement describes a difference between RADIUS and TACACS+? RADIUS uses TCP whereas TACACS+ uses UDP. RADIUS is supported by the Cisco Secure ACS software whereas TACACS+ is not. RADIUS encrypts only the password whereas TACACS+ encrypts all communication. RADIUS separates authentication and authorization whereas TACACS+ combines them as one process.
RADIUS encrypts only the password whereas TACACS+ encrypts all communication.
What is the result if an administrator configures the aaa authorization command prior to creating a user with full access rights? The administrator is immediately locked out of the system. The administrator is denied all access except to aaa authorization commands. The administrator is allowed full access using the enable secret password. The administrator is allowed full access until a router reboot, which is required to apply changes.
The administrator is immediately locked out of the system.
Which three options describe the phases of worm mitigation? Question options: The containment phase requires the use of incoming and outgoing ACLs on routers and firewalls. The containment phase tracks down and identifies the infected machines within the contained areas. The inoculation phase disconnects, blocks, or removes infected machines. The inoculation phase patches uninfected systems with the appropriate vendor patch for the vulnerability. The quarantine phase terminates the worm process, removes modified files or system settings, and patches the vulnerability the worm used to exploit the system. The treatment phase disinfects actively infected systems.
The containment phase requires the use of incoming and outgoing ACLs on routers and firewalls. The inoculation phase patches uninfected systems with the appropriate vendor patch for the vulnerability. The treatment phase disinfects actively infected systems.
After accounting is enabled on an IOS device, how is a default accounting method list applied? Accounting method lists are applied only to the VTY interfaces. A named accounting method list must be explicitly defined and applied to desired interfaces. Accounting method lists are not applied to any interfaces until an interface is added to the server group. The default accounting method list is automatically applied to all interfaces, except those with named accounting method lists.
The default accounting method list is automatically applied to all interfaces, except those with named accounting method lists.
What three configuration steps must be performed to implement SSH access to a router? (Choose three.) a password on the console line an IP domain name a user account an enable mode password a unique hostname an encrypted password
an IP domain name a user account a unique hostname
Which two network security solutions can be used to mitigate DoS attacks? (Choose two.) virus scanning data encryption anti-spoofing technologies intrusion protection systems applying user authentication
anti-spoofing technologies intrusion protection systems
What is the primary means for mitigating virus and Trojan horse attacks? antivirus software encryption antisniffer software blocking ICMP echo and echo-replies Helen of Troy anti-Trojan software package
antivirus software
Which technology provides the framework to enable scalable access security? role-based�CLI access Simple Network Management Protocol AutoSecure Cisco Configuration Professional communities authentication, authorization, and accounting
authentication, authorization, and accounting
How does a DoS attack take advantage of the stateful condition of target systems? by executing code that corrupts or deletes system files by continuously sending packets of unexpected size or unexpected data by using a dictionary of passwords to attempt to access the system by intercepting and analyzing or manipulating data as it is sent across the network by using IP spoofing attacks through mobile devicesby using a reverse packet sniffer attack
by continuously sending packets of unexpected size or unexpected data
Which security measure is typically found both inside and outside a data center facility? a gate exit sensors security traps biometrics access continuous video surveillance
continuous video surveillance
Which packet type is user-generated and forwarded by a router? data plane packet control plane packet management plane packet routing protocol update packet HTTPS packet
data plane packet
Which two tasks are associated with router hardening? (Choose two.) installing the maximum amount of memory possible placing the router in a secure room using uninterruptible power supplies disabling unused ports and interfaces securing administrative access Installing the Cisco Steel Router protocol
disabling unused ports and interfaces securing administrative access
What IOS privilege levels are available to assign for custom user-level privileges? levels 1 through 15 levels 0, 1, and 15 levels 2 through 14 levels 0 and 1 five
levels 2 through 14
A network administrator needs to protect a router against brute force login attempts. What is the correct�login-block-for�command syntax to disable login for 3 minutes if more than 3 failed attempts are made within a 2 minute period? Login block-for 3 min 3 att 2 min login block-for within 180 attempts 3, 120 login block-for within 120 attempts 3, 180 login block-for 180 attempts 3 within 120 login block-for attempts 180 3 120
login block-for 180 attempts 3 within 120
What functional area of the Cisco Network Foundation Protection framework uses protocols such as Telnet and SSH to manage network devices? data plane management plane control plane forwarding plane secure data plane
management plane
How does a Cisco Secure ACS improve performance of the TACACS+ authorization process? reduces overhead by using UDP for authorization queries reduces delays in the authorization queries by using persistent TCP sessions reduces bandwidth utilization of the authorization queries by allowing cached credentials reduces number of authorization queries by combining the authorization process with authentication
reduces delays in the authorization queries by using persistent TCP sessions
When role-based CLI is used, which�view is the only view that has the ability to add or remove commands from existing views? admin super user root sudo commander Cisco
root
Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.) physical security flash security operating system security remote access security router hardening zone isolation
router hardening physical security operating system security
What is considered a valid method of securing the control plane in the Cisco NFP framework? Question options: authorization of actions DHCP snooping dynamic ARP inspection login and password�policy routing protocol�authentication role-based access control
routing protocol�authentication
Which statement describes a characteristic of authorization in an AAA solution? t works similarly to privilege levels and role-based CLI. It only applies to packet mode AAA and not character mode AAA. It requires users to perform an additional step after authentication. It accepts usernames and passwords to determine if users are who they say they are.
t works similarly to privilege levels and role-based CLI.
What is hyperjacking? taking over a virtual machine hypervisor as part of a data center attack overclocking the mesh network which connects the data center servers adding outdated security software to a virtual machine to gain access to a data center server using processors from multiple computers to increase data processing power
taking over a virtual machine hypervisor as part of a data center attack
What are two reasons for securing the data plane in the Cisco NFP framework? (Choose two.) to protect against DoS�attacks� to provide bandwidth control to force technicians to use SSH and HTTPS when managing devices to provide a record of who accessed the device, what occurred, and when it occurred to allow users to control�the flow of traffic that is managed by the route processor of their network devices
to protect against DoS�attacks� to provide bandwidth control
What is a main purpose of launching an access attack on network systems? to prevent other users from accessing the system to gather information about the network to scan for accessible networks to retrieve data to give access to legitimate users
to retrieve data
What are two purposes of launching a reconnaissance attack on a network? (Choose two.) to retrieve and modify data to scan for accessibility to escalate access privileges to gather information about the network and devices to prevent other users from accessing the system propagation mechanism
to scan for accessibility to gather information about the network and devices
What port state is used by 802.1X if a workstation fails authorization? unauthorized down disabled blocking lock down
unauthorized
Which type of security threat can be described as software that attaches to another program to execute a specific unwanted function? virus worm proxy Trojan Horse Denial of Service Trojan Horse
virus
What type of malware has the primary objective of spreading across the network? worm virus Trojan horse botnet shape shifter
worm