Exam Compass Net+ Network Hardening Flashcards
Of the three existing versions of the Simple Network Management Protocol (SNMP), which versions offer authentication based on community strings sent in an unencrypted form (in cleartext)?
Which verstions provide packet encryption, authentication, and hashing mechanisms that allow for checking whether data has changed in transit (i.e. validation of data integrity)?
cleartext: v1 and v2
encryption: v3
In IPv6, a router periodically sends a special type of message to announce its presence on the network. A mechanism that allows to filter these messages (i.e. reject those that are labeled as unwanted or rogue) is known as what?
RA Guard
In the context of implementing secure network designs, the term “Port security” may apply to which of the following (select all that apply)?
Disabling physical ports on a device (e.g. RJ-45 device ports on a switch)
MAC address filtering
Disabling unused logical ports (TCP/UDP)
Implementing Port-based Network Access Control (defined in the IEEE 802.1X standard)
All of the above
What is a dedicated security mechanism that prevents ARP attacks?
DAI (Dynamic ARP Inspection)
This is a Cisco-proprietary security feature designed to protect routers and switches against reconnaissance and Denial-of-Service (DoS) attacks.
Control Plane Policing (CoPP)
Private VLANs are created via which of the following:
Port mirroring
Port forwarding
Port isolation
Port aggregation
Port isolation
T/F: The process of securing networking devices should include the practice of disabling unused physical ports.
True
Which of the following actions allow(s) to improve the security of a SOHO router (select all that apply)?
Changing default admin credentials
Implementing MAC address filtering
Blocking unwanted traffic via firewall settings
Disabling unused physical ports
Implementing content filtering
Performing firmware updates
Implementing physical security controls (e.g. a door lock)
All of the above
Which of the following actions would be of help in the process of web server hardening?
Removing server version banner
Disabling unnecessary ports, services, and accounts
Keeping the system up to date via updates and patches
Enabling and monitoring logs
Permissions audits
All of the above
Which of the following factors are considered important for creating strong passwords? (Select 2 answers)
Password length Minimum password age Password history Password complexity Maximum password age
length and complexity
Which of the following passwords is the most complex?
YzGdL3tU8wx T$7C52WL4S9@W0 G$L3tU8wY@z @TxBL$nW@Xt*a#
G$L3tU8wY@z
A security feature of a network switch that provides countermeasures against rogue DHCP servers is called:
DHCP scope DHCP reservation DHCP snooping DHCP relay agent
DHCP snooping
What is an effective countermeasure against VLAN Hopping?
Changing the native VLAN on all trunk ports to an unused VLAN ID
What is a set of rules that specify which users or system processes are granted access to objects as well as what operations are allowed on a given object?
ACL
What is a rule-based access control mechanism implemented on routers, switches, and firewalls?
ACL
