Network Security
Which of the following situations would you use port security?
You wanted to restrict the device that could connect through a switch port
What is the most common type of host based intrusion detection system (IDS)?
anti virus software
Which of the following measures can you take to increase the security of remote connections to your router?
configure SSH
Which is a form of attack that either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring?
denial of service
Which of the following commands configures a password to switch to privileged EXEC mode, and saves the password using MD-5 encryption?
enable secret
You would like to use the crypto key command to generate a key pair for use with SSH. Which parameters must be set prior to running this command?
hostname, ip domain-name
Which of the following best describes spyware?
it monitors the actions you take on your machine and sends the information back to its originating source
Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which security concern?
man in the middle attack
Which of the following are differences between a firewall and an IPS?
A firewall filters individual packets, an IPS can detect patterns between multiple packets; A firewall filters traffic based on packet headers, an IPS can filter traffic based on packet data.
What are the default switch port configuration parameters on a 2960 switch?
A maximum of 1 MAC address per port is allowed, Violation action is set to shutdown
You've just enabled port security on an interface of a Catalyst 2950 switch. You want to generate an SNMP trap whenever a violation occurs. Which feature should you enable?
restrict
How does configuring banners add to the security of your router?
Banners provide a notice of intent, informing users that access is controlled or that activity may be logged
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the Internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the Internet. the library computers are in groups of 4. Each group of 4 computers is connected to a hub that is connected to the library network through an access port on a Catalyst 2960 switch. You want to restrict access to the network so only the library computers are permitted connectivity to the Internet. What can you do?
Configure port security on the switch
You have configured PPP with CHAP authentication on the BRI0 interface of your router. You now want to hide the CHAP password from view in the configuration file. What command should you use?
service password-encryption
Which of the following attacks are primarily reconnaissance attacks?
sniffing, port scanning
You have a Catalyst 2960 switch on a small local area network with one server and five workstations. The file server is named SrvFS and is connected to port Fa0/17 on the switch. You want to make sure that only this server can connect to port Fa0/17, but that it can send and receive frames from the five workstations on the network. What should you do?
Configure switch port security on Fa0/17 to allow only the MAC address of SrvFS.
You have two IP phone daisy chains as shown in the exhibit. Which of the following commands correctly configures Port Security on both Fa0/5 and 0/6?
switch (config-if)#switchport port-security; switch (config-if)#switchport port-security maximum 3
IPSec is implemented through 2 separate protocols, what are these protocols called?
ESP, AH
In addition to AH, IPSec is compromised of what other service?
Encapsulating Security Payload (ESP)
Which IPSec subprotocol provides data encryption?
Encapsulating Security Payload (ESP)
You have configured port security for the Fa0/3 interface. To test the security settings, you connect two workstations to the same port. Both are allowed to connected. You check the running-config file and find the following for the interface: "interface Fa0/3; switchport mode access; switchport port-security mac-address sticky" You want to allow only a single device to connect to this port. What should you do?
For the interface, use the switchport port-security command
You are configuring a new 2960 switch. You connect a hub with 2 work stations to port fa0/15. You power on first Device1 and then Device2. What will be the result?
Frames from Device1 will be allowed, frames from Device2 will be dropped.
Which of the following is a security service that monitors network traffic in real time or review the audit logs on servers looking for security violations?
IDS
Which of the following methods would be the best protection against a Denial of Service (DOS) attack?
IPS
Which of the following is NOT a form of social engineering?
Impersonating a user by logging on with stolen credentials
Which of the following is the most important thing to do to prevent console access to the router?
Keep the router in a locked room
Which of the following measures can you implement to help secure access to a router through the con 0 line?
Keep the router in a locked room, Set a password and use the login command
You have a Catalyst 2960 switch on a small local area network with one server and five workstations. The file server is named SrvFS and is connected to port Fa0/17 on the switch. You want to make sure that only this server can connect to port Fa0/17. If any unauthorized devices attempt to attach, you want to disable the port until you can manually re-enable it. On Fa0/17, you use the switchport port-security mac-address command to identify the MAC address of the server. What else should you include in your configuration?
switch port port-security violation shutdown, switch port port-security maximum 1
You have just enabled port security on a switch port. What are the default settings?
Maximum of 1 device, Shutdown violation mode, Dynamically-learned allowed addresses.
What is the main security weakness in using the service password-encryption command?
Passwords can be easily broken
Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through emails or web sites that impersonate an online entity that the victim trusts, such as a financial institution or well known ecommerce site?
Phishing
How can an organization help prevent social engineering attacks?
Publish and enforce clearly written security policies, educate employees on the risks and countermeasures
Which of the following is not a VPN tunnel protocol?
RADIUS
You have several remote clients that need to connect to your company network while traveling. They will connect to the Internet at hotels and airports using company issued laptops. You would like to allow access without the use of a browser. You want to provide them with a secure solution for accessing company resources. What should you include in your configuration?
Remote access VPN, SSL VPN in full tunnel mode
You have established a SSH connection to your router. You use the following command and receive the error message shown: "Router>enable/% Error in authentication" Which command would correct the problem?
RouterA(config)#enable secret cisco
To secure remote console sessions, you have just configured your router to require SSH with the following command: "RouterA(config-line)#transport input ssh" When you go to connect, the system prompts you for a username and a password. You recall that you did not configure this information. Which command(s) would complete the SSH configuration?
RouterA(config)#username admin password canyon
You have several traveling sales representatives that need to connect to your company network while traveling. They will connect to the Internet at hotels and kiosks using a variety of computers, many of which will be managed by other organizations. You want to provide them with a secure solution for accessing company resources. What should you include in your configuration?
SSL VPN in clientless mode, Remote access VPN
Which VPN solution provides access through Java plugins, port forwarding, and shared folder content?
SSL VPN in thin-client mode
Your company has just merged with a partner company. During the merger, you need to provide users in Dallas with access to the company network in Houston. You want to minimize the configuration on individual client workstations. You want to prove them with a secure solution for accessing company resources. What should you include in your configuration?
Site to site VPN, IPSec
A VPN (Virtual Private Network) is used primarily for what purpose?
Support secured communications over an untrusted network.
You are the network administrator for a high school. Throughout the school are several groups of computers that provide students access to the school network. Supervision of these computers has been difficult. You've had problems with students bringing personal laptops into the school and disconnecting the network cables from the school computers to connect their laptops to the network. The school computers are in groups of 4. Each group of 4 computers is connected to a hub that is connected to the school network through an access port on a Catalyst 2950 switch. You want to configure Port Security so whenever a non-school computer attempts to connect to the port, the frames it generates are not forwarded. you do no want to be required to re-enable the port. What two commands should you use?
Switchport port-security violation protect, switch port port-security maximum 4
Which of the following are features of an IPS system?
The ability to look for malicious traffic patterns across multiple packets; the ability to detect DOS attacks and fragmented packets.
You have a switch that has port security enabled on the Fa0/3 interface. What is true of the output of the show port-security interface fa0/3 command? (A)
The port allows up to two connected devices, The port has learned one MAC address and saved that address in the running-config file
Your in the process of configuring a new router. You have configured a hostname and ip domain name for the router. What would you do to establish a remote console session with the router?
use admin for a username and television for the password, run SSH
In which of the following situations should you implement a demilitarized zone (DMZ)?
you want to protect a public web server from attack
In which of the following situations should you install a firewall?
you want to restrict internet users from accessing private data on your network
You have a switch that has port security enabled on the Fa0/3 interface. What is true of the output of the show port-security interface fa0/3 command? (B)
The port has been disabled because too many MAC addresses have been detected
Which of the following are true of port security sticky addresses?
They are placed in the running-config file, and can be saved to the startup-config file; they can be learned automatically or manually configured.
You manage a local area network that uses Cisco 2960 switches to support 200 workstations. You have recently had a problem where some workers bring hubs into the workplace so they can use their single network connection to connect multiple devices in their office. You want to make sure that users cannot connect hubs and multiple devices to their network connection. When multiple devices on a port are detected, you want to allow the first device, but no others. How should you configure the switchport security?
Use protect for the violation mode; Set a maximum of 1 device per port, then configure the switch to learn the MAC address.
Which of the following is the best countermeasure for packet sniffing?
VPN