Deck 7 Flashcards
An attacker managed to associate his/her MAC address with the IP address of the default gateway. In result, a targeted host is sending network traffic to the attacker’s IP address instead of the IP address of the default gateway. Based on the given info, which type of attack is taking place in this scenario?
ARP Poisoning
The term “DHCP snooping” refers to an exploit that enables operation of a rogue DHCP network server.
False.
DHCP Snooping is a security feature that can be enabled on a network switch to prevent rogue DHCP servers from being introduced on the network. DHCP snooping works by intercepting and validating DHCP messages exchanged between DHCP clients and servers.
An attack that relies on altering the burned-in address of a NIC to assume the identity of a different network host is known as?
MAC Spoofing
MAC Cloning.
Which of the following attacks relies on altering the source layer 3 address?
IP Spoofing.
Of the three existing versions of the Simple Network Management Protocol (SNMP), versions 1 and 2 (SNMPv1 and SNMPv2) offer authentication based on community strings sent in an unencrypted form (in cleartext). SNMPv3 provides packet encryption, authentication, and hashing mechanisms that allow for checking whether data has changed in transit (i.e. validation of data integrity).
True.
In IPv6, a router periodically sends a special type of message to announce its presence on the network. A mechanism that allows to filter these messages (i.e. reject those that are labeled as unwanted or rogue) is known as?
RA Guard.
RA Guard is Router Advertisement Guard and is a security feature that can be enabled on a network switch to prevent rogue router advertisements. It works by intercepting and validating RAs exchanged between gateways and hosts.
Which of the following answers refers to a dedicated security mechanism that prevents ARP attacks?
DAI (not NGFW).
DAI is Dynamic ARP Inspection and protects ARP from poisoning. DAI checks all ARP packets on untrusted interfaces and compares the information in the ARP packet with the DHCP snooping database and/or an ARP access list.
Rogue DHCP Servers?
A rogue DHCP server is a server on a network not under administrative control. It is a network device such as a modem or router and can intercept network traffic and manipulate settings. It can potentially route traffic from a target system through this device, for monitoring or manipulation.
Private VLANs are created via?
Port Isolation.
Private VLANs are used to achieve fine-grained isolation and security. They enhance access control and improve network reliability and security. They segregate traffic on one physical link into its broadcast domain, meaning all hosts connected to the same physical link can see each other, but not talk directly with any host outside the VLAN. It also provides protection against attacks such as ARP Poisoning.
Changing the native VLAN on all trunk ports to an unused VLAN ID is one of the countermeasures against VLAN hopping?
True.
Which of the acronyms listed below refers to a set of rules that specify which users or system processes are granted access to objects as well as what operations are allowed on a given object?
ACL.
A rule-based access control mechanism implemented on routers, switches, and firewalls is referred to as?
ACL.
Which VPN type is used for connecting computers to a network?
Remote access.
Client-to-site.
An HTML5 VPN portal is an example of clientless VPN implementation where an HTML5-compliant web browser along with TLS encryption can be used instead of a dedicated VPN client software.
True.
Which of the terms listed below is used to describe a type of VPN that alleviates bottlenecks and conserves bandwidth by enabling utilization of both the VPN and public network links?
Split Tunnel.
