CCNA2 - Module 10 Flashcards

1
Q

– This is a coordinated attack from many devices, called zombies, with the intention of degrading or halting public access to an organization’s website and resources.

A

Distributed Denial of Service (DDoS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

– This is an attack in which an organization’s data servers or hosts are compromised to steal confidential information.

A

Data Breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

– This is an attack in which an organization’s hosts are infected with malicious software that cause a variety of problems. For example, ransomware such as WannaCry encrypts the data on a host and locks access to it until a ransom is paid.

A

Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  • provides a secure connection to remote users across a public network and into the enterprise network. VPN services can be integrated into the firewall.
A

Virtual Private Network (VPN) enabled router

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  • provides stateful packet inspection, application visibility and control, a next-generation intrusion prevention system (NGIPS), advanced malware protection (AMP), and URL filtering.
A

Next-Generation Firewall (NGFW)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  • includes authentication, authorization, and accounting (AAA) services. In larger enterprises, these services might be incorporated into an appliance that can manage access policies across a wide variety of users and device types. The Cisco Identity Services Engine (ISE) is an example of a NAC device.
A

Network Access Control (NAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  • are hosts which commonly consist of laptops, desktops, servers, and IP phones, as well as employee-owned devices. Endpoints are particularly susceptible to malware-related attacks that originate through email or web browsing.
  • have typically used traditional host-based security features, such as antivirus/antimalware, host-based firewalls, and host-based intrusion prevention systems (HIPSs).
  • are best protected by a combination of NAC, AMP software, an email security appliance (ESA), and a web security appliance (WSA).
A

Endpoints

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

is designed to monitor Simple Mail Transfer Protocol (SMTP). The Cisco ESA is constantly updated by real-time feeds from the Cisco Talos, which detects and correlates threats and solutions by using a worldwide database monitoring system. This threat intelligence data is pulled by the Cisco ESA every three to five minutes.

A

Cisco ESA device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  • is a mitigation technology for web-based threats. It helps organizations address the challenges of securing and controlling web traffic.
  • combines advanced malware protection, application visibility and control, acceptable use policy controls, and reporting.
  • provides complete control over how users access the internet. Certain features and applications, such as chat, messaging, video and audio, can be allowed, restricted with time and bandwidth limits, or blocked, according to the organization’s requirements.
  • can perform blacklisting of URLs, URL-filtering, malware scanning, URL categorization, Web application filtering, and encryption and decryption of web traffic.
A

Cisco Web Security Appliance (WSA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The simplest method of remote access authentication is to configure a login and password combination on ____________

A

console, vty lines, and aux ports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

AAA

A

Authentication, Authorization, and Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  • provides the primary framework to set up access control on a network device.
  • is a way to control who is permitted to access a network (authenticate), what they can do while they are there (authorize), and to audit what actions they performed while accessing the network (accounting).
A

AAA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  • Method stores usernames and passwords locally in a network device (e.g., Cisco router).
  • Users authenticate against the local database.
  • Local AAA is ideal for small networks.
A

Local AAA Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  • With the server-based method, the router accesses a central AAA server.
  • The AAA server contains the usernames and password for all users.
  • The router uses either the Remote Authentication Dial-In User Service (RADIUS) or Terminal Access Controller Access Control System (TACACS+) protocols to communicate with the AAA server.
  • When there are multiple routers and switches, server-based AAA is more appropriate.
A

Server-Based AAA Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  • is automatic and does not require users to perform additional steps after authentication.
  • governs what users can and cannot do on the network after they are authenticated.
  • uses a set of attributes that describes the user’s access to the network. These attributes are used by the AAA server to determine privileges and restrictions for that user.
    *
A

AAA authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

collects and reports usage data. This data can be used for such purposes as auditing or billing. The collected data might include the start and stop connection times, executed commands, number of packets, and number of bytes.

A

AAA accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

is a port-based access control and authentication protocol. This protocol restricts unauthorized workstations from connecting to a LAN through publicly accessible switch ports. The authentication server authenticates each workstation that is connected to a switch port before making available any services offered by the switch or the LAN.

A

IEEE 802.1X standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  • This is a device running 802.1X-compliant client software, which is available for wired or wireless devices.
A

Client (Supplicant)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

–The switch acts as an ` intermediary between the client and the authentication server`. It requests identifying information from the client, verifies that information with the authentication server, and relays a response to the client. Another device that could act as authenticator is a wireless access point.

A

Switch (Authenticator)

20
Q

–The server validates the identity of the client and notifies the switch or wireless access point that the client is or is not authorized to access the LAN and switch services.

A

Authentication server

21
Q

Examples: Includes MAC address flooding attacks.

A

MAC Table Attacks

22
Q

Examples: Includes VLAN hopping and VLAN double-tagging attacks. It also includes attacks between devices on a common VLAN

A

VLAN Attacks

23
Q

Examples: Includes DHCP starvation and DHCP spoofing attacks.

A

DHCP Attacks

24
Q

Examples: Includes ARP spoofing and ARP poisoning attacks.

A

ARP Attacks

25
Q

Examples: Includes MAC address and IP address spoofing attacks

A

Address Spoofing Attacks

26
Q

Examples: Includes Spanning Tree Protocol manipulation attacks

A

STP Attacks

27
Q

prevents many types of attacks including MAC address flodding attacks and DHCP starvation attacks

A

port security

28
Q

prevents DHCP starvation and DHCP spoofing attacks

A

DHCP Snooping

29
Q

prevents ARP spoofing and ARP poisoning attacks

A

Dynamic ARP Inspection (DAI)

30
Q

prevents MAC and IP address spoofing attacks

A

IP Source Guard (IPSG)

31
Q
32
Q

enables traffic from one VLAN to be seen by another VLAN without the aid of a router.

A

VLAN hopping attack

33
Q

configures the host to spoof 802.1Q signaling and Cisco-proprietary Dynamic Trunking Protocol (DTP) signaling to trunk with the connecting switch. If successful, the switch establishes a trunk link with the host, as shown in the figure. Now the threat actor can access all the VLANs on the switch. The threat actor can send and receive traffic on any VLAN, effectively hopping between VLANs.

A

threat actor

34
Q

is specific situations could embed a hidden 802.1Q tag inside the frame that already has an 802.1Q tag. This tag allows the frame to go to a VLAN that the original 802.1Q tag did not specify.

A

threat actor

35
Q
  • is unidirectional and works only when the attacker is connected to a port residing in the same VLAN as the native VLAN of the trunk port
  • allows the attacker to send data to hosts or servers on a VLAN that otherwise would be blocked by some type of access control configuration.
A

VLAN double-tagging attack

36
Q
  • VLAN hopping and VLAN double-tagging attacks can be prevented by implementing the following trunk security guidelines
A

VLAN Attack Mitigation

37
Q

dynamically provide IP configuration information including IP address, subnet mask, default gateway, DNS servers, and more to clients. A review of the sequence of the DHCP message exchange between client and server is show in the figure.

A

DHCP servers

38
Q

– The goal of this attack is to create a DoS for connecting clients. DHCP starvation attacks require an attack tool such as Gobbler. Gobbler has the ability to look at the entire scope of leasable IP addresses and tries to lease them all. Specifically, it creates DHCP discovery messages with bogus MAC addresses.

A

DHCP Starvation Attack

39
Q

– This occurs when a rogue DHCP server is connected to the network and provides false IP configuration parameters to legitimate clients. A rogue server can provide a variety of misleading information, including the following:

A

DHCP Spoofing Attack

40
Q
  • The rogue server provides an invalid gateway or the IP address of its host to create a man-in-the-middle attack. This may go entirely undetected as the intruder intercepts the data flow through the network.
A

Wrong default gateway

41
Q
  • The rogue server provides an incorrect DNS server address pointing the user to a nefarious website.
A

Wrong DNS server

42
Q
  • The rogue server provides an invalid IP address effectively creating a DoS attack on the DHCP client.
A

Wrong IP address

43
Q

occur when the threat actors alter the MAC address of their host to match another known MAC address of a target host. The switch overwrites the current MAC table entry and assigns the MAC address to the new port. It then inadvertently forwards frames destined for the target host to the attacking host.

A

MAC address spoofing attacks

44
Q

is when a threat actor hijacks a valid IP address of another device on the subnet or uses a random IP address. IP address spoofing is difficult to mitigate, especially when it is used inside a subnet in which the IP belongs.

A

IP address spoofing

45
Q

is a proprietary Layer 2 link discovery protocol. It is enabled on all Cisco devices by default. Network administrators also use CDP to help configure and troubleshoot network devices.

A

Cisco Discovery Protocol (CDP)

46
Q

is also vulnerable to reconnaissance attacks. Configureno lldp runto disable LLDP globally. To disable LLDP on the interface, configureno lldp transmitandno lldp receive.

A

Link Layer Discovery Protocol (LLDP)

47
Q

To mitigate the exploitation of CDP, limit the use of CDP on devices or ports. For example, disable CDP on edge ports that connect to untrusted devices.

A
  • To disable CDP globally on a device, use theno cdp runglobal configuration mode command. To enable CDP globally, use thecdp runglobal configuration command.
  • To disable CDP on a port, use theno cdp enableinterface configuration command. To enable CDP on a port, use thecdp enableinterface configuration command.