CCNA 3 v7 Modules 3 – 5: Network Security Flashcards
The IT department is reporting that a company web server is receiving an abnormally high number of web page requests from different locations simultaneously. Which type of security attack is occurring?
adware
DDoS
phishing
social engineering
spyware
DDoS
What causes a buffer overflow?
launching a security countermeasure to mitigate a Trojan horse
downloading and installing too many software updates at one time
attempting to write more data to a memory location than that location can hold
sending too much information to two or more interfaces of the same device, thereby causing dropped packets
sending repeated connections such as Telnet to a particular device, thus denying other data sources
attempting to write more data to a memory location than that location can hold
Which objective of secure communications is achieved by encrypting data?
authentication
availability
confidentiality
integrity
confidentiality
What type of malware has the primary objective of spreading across the network?
worm
virus
Trojan horse
botnet
worm
What commonly motivates cybercriminals to attack networks as compared to hactivists or state-sponsored hackers?
financial gain
fame seeking
status among peers
political reasons
financial gain
Which type of hacker is motivated to protest against political and social issues?
hacktivist
cybercriminal
script kiddie
vulnerability broker
hacktivist
What is a ping sweep?
a query and response protocol that identifies information about a domain, including the addresses that are assigned to that domain.
a scanning technique that examines a range of TCP or UDP port numbers on a host to detect listening services.
a software application that enables the capture of all network packets that are sent across a LAN.
a network scanning technique that indicates the live hosts in a range of IP addresses.
a network scanning technique that indicates the live hosts in a range of IP addresses.
In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services?
address spoofing
MITM
session hijacking
DoS
DoS
Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?
nonrepudiation
authentication
integrity
confidentiality
integrity
If an asymmetric algorithm uses a public key to encrypt data, what is used to decrypt it?
a digital certificate
a different public key
a private key
DH
a private key
Refer to the exhibit. Which two ACLs would permit only the two LAN networks attached to R1 to access the network that connects to R2 G0/1 interface? (Choose two.)
- access-list 1 permit 192.168.10.0 0.0.0.127
- access-list 2 permit host 192.168.10.9
access-list 2 permit host 192.168.10.69 - access-list 5 permit 192.168.10.0 0.0.0.63
access-list 5 permit 192.168.10.64 0.0.0.63 - access-list 3 permit 192.168.10.128 0.0.0.63
- access-list 4 permit 192.168.10.0 0.0.0.255
-> access-list 1 permit 192.168.10.0 0.0.0.127
-> access-list 5 permit 192.168.10.0 0.0.0.63
access-list 5 permit 192.168.10.64 0.0.0.63
Which two packet filters could a network administrator use on an IPv4 extended ACL? (Choose two.)
destination UDP port number
computer type
destination MAC address
ICMP message type
source TCP hello address
destination UDP port number
ICMP message type
What type of ACL offers greater flexibility and control over network access?
numbered standard
named standard
extended
flexible
extended
What is the quickest way to remove a single ACE from a named ACL?
Use the no keyword and the sequence number of the ACE to be removed.
Copy the ACL into a text editor, remove the ACE, then copy the ACL back into the router.
Create a new ACL with a different number and apply the new ACL to the router interface.
Use the no access-list command to remove the entire ACL, then recreate it without the ACE.
Use the no keyword and the sequence number of the ACE to be removed.
Refer to the exhibit. A network administrator is configuring a standard IPv4 ACL. What is the effect after the command no access-list 10 is entered?
ACL 10 is removed from both the running configuration and the interface Fa0/1.
ACL 10 is removed from the running configuration.
ACL 10 is disabled on Fa0/1.
ACL 10 will be disabled and removed after R1 restarts.
ACL 10 is removed from the running configuration.
Refer to the exhibit. A network administrator has configured ACL 9 as shown. Users on the 172.31.1.0 /24 network cannot forward traffic through router CiscoVille. What is the most likely cause of the traffic failure?
The established keyword is not specified.
The sequence of the ACEs is incorrect.
The port number for the traffic has not been identified with the eq keyword.
The permit statement specifies an incorrect wildcard mask.
The sequence of the ACEs is incorrect.
A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.)
Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0
Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.255
Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.255
Router1(config)# access-list 10 permit host 192.168.15.23
Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.0
Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0
Router1(config)# access-list 10 permit host 192.168.15.23
Refer to the exhibit. Which command would be used in a standard ACL to allow only devices on the network attached to R2 G0/0 interface to access the networks attached to R1?
access-list 1 permit 192.168.10.128 0.0.0.63
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.10.96 0.0.0.31
access-list 1 permit 192.168.10.0 0.0.0.63
access-list 1 permit 192.168.10.96 0.0.0.31
A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16 network, but permit all other traffic. Which two commands should be used? (Choose two.)
Router(config)# access-list 95 deny 172.16.0.0 255.255.0.0
Router(config)# access-list 95 permit any
Router(config)# access-list 95 host 172.16.0.0
Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255
Router(config)# access-list 95 172.16.0.0 255.255.255.255
Router(config)# access-list 95 deny any
Router(config)# access-list 95 permit any
Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255
Refer to the exhibit. An ACL was configured on R1 with the intention of denying traffic from subnet 172.16.4.0/24 into subnet 172.16.3.0/24. All other traffic into subnet 172.16.3.0/24 should be permitted. This standard ACL was then applied outbound on interface Fa0/0. Which conclusion can be drawn from this configuration?
The ACL should be applied outbound on all interfaces of R1.
The ACL should be applied to the FastEthernet 0/0 interface of R1 inbound to accomplish the requirements.
All traffic will be blocked, not just traffic from the 172.16.4.0/24 subnet.
Only traffic from the 172.16.4.0/24 subnet is blocked, and all other traffic is allowed.
An extended ACL must be used in this situation.
All traffic will be blocked, not just traffic from the 172.16.4.0/24 subnet.
Refer to the exhibit. A network administrator needs to add an ACE to the TRAFFIC-CONTROL ACL that will deny IP traffic from the subnet 172.23.16.0/20. Which ACE will meet this requirement?
30 deny 172.23.16.0 0.0.15.255
15 deny 172.23.16.0 0.0.15.255
5 deny 172.23.16.0 0.0.15.255
5 deny 172.23.16.0 0.0.255.255
5 deny 172.23.16.0 0.0.15.255
Refer to the exhibit. A network administrator configures an ACL on the router. Which statement describes the result of the configuration?
An SSH connection is allowed from a workstation with IP 172.16.45.16 to a device with IP 192.168.25.18.
An SSH connection is allowed from a workstation with IP 192.168.25.18 to a device with IP 172.16.45.16.
A Telnet connection is allowed from a workstation with IP 192.168.25.18 to a device with IP 172.16.45.16.
A Telnet connection is allowed from a workstation with IP 172.16.45.16 to a device with IP 192.168.25.18.
An SSH connection is allowed from a workstation with IP 192.168.25.18 to a device with IP 172.16.45.16.
Refer to the exhibit. What can be determined from this output?
The ACL is missing the deny ip any any ACE.
The ACL is only monitoring traffic destined for 10.23.77.101 from three specific hosts.
Because there are no matches for line 10, the ACL is not working.
The router has not had any Telnet packets from 10.35.80.22 that are destined for 10.23.77.101.
The router has not had any Telnet packets from 10.35.80.22 that are destined for 10.23.77.101.
Refer to the exhibit. A network administrator wants to permit only host 192.168.1.1 /24 to be able to access the server 192.168.2.1 /24. Which three commands will achieve this using best ACL placement practices? (Choose three.)
R2(config)# interface fastethernet 0/1
R2(config-if)# ip access-group 101 out
R2(config)# access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
R2(config-if)# ip access-group 101 in
R2(config)# access-list 101 permit ip any any
R2(config)# interface fastethernet 0/0
R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1
R2(config-if)# ip access-group 101 in
R2(config)# interface fastethernet 0/0
R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1
Which two actions are taken if the access list is placed inbound on a router Gigabit Ethernet port that has the IP address 192.168.10.254 assigned? (Choose two.)
- Only Layer 3 connections are allowed to be made from the router to any other network device.
- Devices on the 192.168.10.0/24 network are not allowed to reply to any ping requests.
- Devices on the 192.168.10.0/24 network can sucessfully ping devices on the 192.168.11.0 network.
- A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this access list assigned.
- Devices on the 192.168.10.0/24 network are allowed to reply to any ping requests.
- Only the network device assigned the IP address 192.168.10.1 is allowed to access the router.
- A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this access list assigned.
- Devices on the 192.168.10.0/24 network are allowed to reply to any ping requests.
Refer to the exhibit. The named ACL “Managers” already exists on the router. What will happen when the network administrator issues the commands that are shown in the exhibit?
The commands are added at the end of the existing Managers ACL.
The commands overwrite the existing Managers ACL.
The commands are added at the beginning of the existing Managers ACL.
The network administrator receives an error that states that the ACL already exists.
The commands are added at the end of the existing Managers ACL.
In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections?
port scan attack
SYN flood attack
session hijacking attack
reset attack
SYN flood attack
Which protocol is attacked when a cybercriminal provides an invalid gateway in order to create a man-in-the-middle attack?
DHCP
DNS
ICMP
HTTP or HTTPS
DHCP
Refer to the exhibit. An administrator has configured a standard ACL on R1 and applied it to interface serial 0/0/0 in the outbound direction. What happens to traffic leaving interface serial 0/0/0 that does not match the configured ACL statements?
The traffic is dropped.
The source IP address is checked and, if a match is not found, traffic is routed out interface serial 0/0/1.
The resulting action is determined by the destination IP address.
The resulting action is determined by the destination IP address and port number.
The traffic is dropped.