Network Security Concepts and Device Configuration Q&A
Security Fundamentals and Risk Management
Firewall Capabilities
Which two statements about firewalls are true?
- They can be used with an Intrusion Prevention System (IPS).
- They can limit unauthorized user access to protect data.
Organizational Assets and Risk Avoidance
When considering network security, what is the most valuable asset of an organization? Data
Which risk management plan involves discontinuing an activity that creates a risk? Risk avoidance
Purpose of a Banner Message
What is the purpose of using a banner message on a Cisco network device? It can protect the organization from a legal perspective.
Defense-in-Depth Strategy
This uses multiple layers of security prior to traffic entering the protected LAN. = Defense-in-Depth
A common analogy used to describe a defense-in-depth approach is called = A Security Onion
Security Management Definitions
This describes the management of technical security controls in systems and networks, including malware defenses, data backup, logging and monitoring, vulnerability management, and audit considerations. = Operations Security
This describes the restriction of access rights to networks, systems, applications, functions, and data. = Access Control
Employee Policies
These policies are created and maintained by human resources staff to identify employee salary, pay schedule, employee benefits, work schedule, vacations, and more. = Employee Policies
Threats, Attacks, and Mitigation
Local Exploit Example
What is an example of a local exploit? A threat actor tries to gain the user password of a remote host by using keyboard capture software installed on it by a Trojan.
Rootkit Detection and Usage
What is a directory and file integrity checker used by white hats to detect installed rootkits? = Rootkit Detectors
Why would a rootkit be used by a hacker? To gain access to a device without being detected.
Network Attacks
- What is it called when a threat actor captures and listens to network traffic? = Eavesdropping attack
- In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services? Denial of Service (DoS)
- Is like a DoS attack but it originates from multiple coordinated sources = Distributed Denial of Service (DDoS)
- Occur when a threat actor has captured enterprise traffic and has altered the data in the packets without the knowledge of the sender or receiver. = Data Modification Attack
Virtualization and Teleworker Security
What is hyperjacking? Taking over a virtual machine hypervisor as part of a data center attack.
Which security technology is commonly used by a teleworker when accessing resources on the main corporate office network? VPN
Layer 2 and Social Engineering Attacks
Which three options are types of Layer 2 network attacks? (Choose three.)
- Spoofing attacks
- VLAN Hopping
- ARP Attacks
A user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent? Social engineering
Security Roles and Devices
What name is given to an amateur hacker? Script Kiddie
A company is planning to use a DMZ for their servers and is concerned about securing the network infrastructure. Which device should the network security team use for the edge router? Firewall
Which system continuously monitors incoming and outgoing network traffic for malicious activity? = Intrusion Prevention System (IPS)
Cisco Device Access and Hardening
VTY Password Configuration
Refer to the exhibit (implied configuration snippet). Which user-mode password has just been set?
R1#config t R1(config)# line vty 0 15 R1(config-line)#password CIscO R1(config-line)#login TelnetThe password set for VTY access is CIscO.
Telnet vs. SSH
What is one difference between using Telnet or SSH to connect to a network device for management purposes? Telnet sends a username and password in plain text, whereas SSH encrypts the username and password.
SSH Implementation Requirements
What three configuration steps must be performed to implement SSH access to a router? (Choose three.)
- An IP domain name
- A user account
- A unique hostname
Edge Router Security Maintenance
Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.)
- Operating System security
- Physical security
- Router hardening
Telnet Access Passwords
Which two passwords must be supplied in order to connect by Telnet to a properly secured Cisco switch and make changes to the device configuration?
- Enable secret password
- VTY password
Line Connections and Access Types
How many VTY line connections can you have at the same time? 16 (Lines 0 through 15)
How many console line connections can you have at the same time? 1
Which type of access is secured on a Cisco router or switch with the
enable secretcommand? Privileged EXECPassword Security Command
What is a global configuration command that prevents unauthorized individuals from viewing plaintext passwords in the configuration file? =
service password-encryption
Access Control Lists (ACLs)
ACL Definition and Purpose
Which of the following can be suited as a definition of an Access List? Set of rules used for packet filtering
What is the primary purpose of an ACL? Restrict access to network resources
ACL Types and Filtering
- Which type of ACL filters traffic based only on source IP address? Standard ACL
- On which options are standard access lists based? Source address and wildcard mask
- Which type of ACL offers greater flexibility and control over network access? Extended ACL
- Which ACL type allows filtering based on source, destination, protocol, and port? Extended ACL
Extended ACL Criteria
Which set of things will be taken into account in order to filter the packets in an extended access list? Source IP address, protocol, port number, and destination IP address
Which of the following statements is true when using Extended ACLs with port numbers? Port numbers can be filtered for both TCP and UDP traffic in Extended ACLs.
ACL Configuration and Verification
How do you check the currently configured extended ACLs on a Cisco router?
show access-listsWhat command is used to apply an ACL to an interface in Cisco routers?
ip access-groupWhich operator is used in an ACL statement to match packets of a specific application?
eq(Equal)Specific Filtering Cases
Which ICMP message type should be stopped inbound? Echo
Port Access Control Lists (PACLs)
What is the main advantage of Port Access Control Lists? It can have 2 access lists on a Layer 2 interface (one inbound, one outbound).
AAA (Authentication, Authorization, Accounting)
AAA Protocols
Which two protocols are used to provide server-based AAA authentication? (Choose two.)
- TACACS+
- RADIUS
TACACS+ vs. RADIUS Comparison
- Which statement describes a difference between RADIUS and TACACS+? RADIUS encrypts only the password, whereas TACACS+ encrypts all communication.
- Which of the following is an advantage of using TACACS+ over RADIUS? TACACS+ encrypts the entire packet.
Authorization and Accounting
What does the TACACS+ protocol provide in a AAA deployment? Authorization on a per-user or per-group basis
Which of the following commands enables AAA authorization for all EXEC shell access on a Cisco device?
aaa authorization exec default group radius localWhat is a common use case for AAA accounting? To keep a record of user login times, command usage, and network resource consumption.
What is the main difference between
aaa accounting execandaaa accounting commandsconfigurations?aaa accounting exectracks session events, whileaaa accounting commandstracks command execution.DNS Blocking Consequence
What is a potential consequence of blocking all outbound DNS queries using an extended ACL? Users will be unable to resolve domain names.