Exame Modulo 16-17 Flashcards
Which component is designed to protect against unauthorized communications to and from a computer?
security center
port scanner
antimalware
antivirus
firewall
firewall
Which command will block login attempts on RouterA for a period of 30 seconds if there are 2 failed login attempts within 10 seconds?
RouterA(config)# login block-for 10 attempts 2 within 30
RouterA(config)# login block-for 30 attempts 2 within 10
RouterA(config)# login block-for 2 attempts 30 within 10
RouterA(config)# login block-for 30 attempts 10 within 2
RouterA(config)# login block-for 30 attempts 2 within 10
What is the purpose of the network security accounting function?
to require users to prove who they are
to determine which resources a user can access
to keep track of the actions of a user
to provide challenge and response questions
To keep track of the actions of a user
What type of attack may involve the use of tools such as nslookup and fping?
access attack
reconnaissance attack
denial of service attack
worm attack
reconnaissance attack
Match each weakness with an example. (Not all options are used.)

Explanation:An employee who is trying to guess the password of another user exemplifies not a weakness but an attack
Ver imagem
Match the type of information security threat to the scenario. (Not all options are used.)
Ver imagem
Explanation:
After an intruder gains access to a network, common network threats are as follows:
Information theft
Identity theft
Data loss or manipulation
Disruption of service
Cracking the password for a known username is a type of access attack.
Which example of malicious code would be classified as a Trojan horse?
malware that was written to look like a video game
malware that requires manual user intervention to spread between systems
malware that attaches itself to a legitimate program and spreads to other programs when launched
malware that can automatically spread from one system to another by exploiting a vulnerability in the target
malware that was written to look like a video game
Explanation: A Trojan horse is malicious code that has been written specifically to look like a legitimate program. This is in contrast to a virus, which simply attaches itself to an actual legitimate program. Viruses require manual intervention from a user to spread from one system to another, while a worm is able to spread automatically between systems by exploiting vulnerabilities on those devices.
What is the difference between a virus and a worm?
Viruses self-replicate but worms do not.
Worms self-replicate but viruses do not.
Worms require a host file but viruses do not.
Viruses hide in legitimate programs but worms do not.
Worms self-replicate but viruses do not.
Explanation: Worms are able to self-replicate and exploit vulnerabilities on computer networks without user participation.
Which attack involves a compromise of data that occurs between two end points?
denial-of-service
man-in-the-middle attack
extraction of security parameters
username enumeration
man-in-the-middle attack
Explanation: Threat actors frequently attempt to access devices over the internet through communication protocols. Some of the most popular remote exploits are as follows:
Man-In-the-middle attack (MITM) – The threat actor gets between devices in the system and intercepts all of the data being transmitted. This information could simply be collected or modified for a specific purpose and delivered to its original destination.
Eavesdropping attack – When devices are being installed, the threat actor can intercept data such as security keys that are used by constrained devices to establish communications once they are up and running.
SQL injection (SQLi) – Threat actors uses a flaw in the Structured Query Language (SQL) application that allows them to have access to modify the data or gain administrative privileges.
Routing attack – A threat actor could either place a rogue routing device on the network or modify routing packets to manipulate routers to send all packets to the chosen destination of the threat actor. The threat actor could then drop specific packets, known as selective forwarding, or drop all packets, known as a sinkhole attack.
Which type of attack involves an adversary attempting to gather information about a network to identify vulnerabilities?
reconnaissance
DoS
dictionary
man-in-the-middle
reconnaissance
Explanation: Reconnaissance is a type of attack where the intruder is looking for wireless network vulnerabilities.
Match the description to the type of firewall filtering. (Not all options are used.)
ver imagem
Explanation: Stateful packet inspection: Prevents or allows access based on whether the traffic is in response to requests from internal hosts.
URL filtering: Prevents or allows access based on web addresses or keywords.
Application filtering: Prevents or allows access based on the port numbers used in the request.
Packet filtering: Prevents or allows access based on the IP or MAC addresses of the source and destination.
What is the purpose of the network security authentication function?
to require users to prove who they are
to determine which resources a user can access
to keep track of the actions of a user
to provide challenge and response questions
to require users to prove who they are
Explanation: Authentication, authorization, and accounting are network services collectively known as AAA. Authentication requires users to prove who they are. Authorization determines which resources the user can access. Accounting keeps track of the actions of the use
Which firewall feature is used to ensure that packets coming into a network are legitimate responses to requests initiated from internal hosts?
stateful packet inspection
URL filtering
application filtering
packet filtering
stateful packet inspection
Explanation: Stateful packet inspection on a firewall checks that incoming packets are actually legitimate responses to requests originating from hosts inside the network. Packet filtering can be used to permit or deny access to resources based on IP or MAC address. Application filtering can permit or deny access based on port number. URL filtering is used to permit or deny access based on URL or on keywords.
When applied to a router, which command would help mitigate brute-force password attacks against the router?
exec-timeout 30
service password-encryption
banner motd $Max failed logins = 5$
login block-for 60 attempts 5 within 60
login block-for 60 attempts 5 within 60
Explanation: The login block-for command sets a limit on the maximum number of failed login attempts allowed within a defined period of time. If this limit is exceeded, no further logins are allowed for the specified period of time. This helps to mitigate brute-force password cracking since it will significantly increase the amount of time required to crack a password. The exec-timeout command specifies how long the session can be idle before the user is disconnected. The service password-encryption command encrypts the passwords in the running configuration. The banner motd command displays a message to users who are logging in to the device.
Identify the steps needed to configure a switch for SSH. The answer order does not matter. (Not all options are used.)
ver imagem
Explanation: The login and password cisco commands are used with Telnet switch configuration, not SSH configuration.
What feature of SSH makes it more secure than Telnet for a device management connection?
confidentiality with IPsec
stronger password requirement
random one-time port connection
login information and data encryption
login information and data encryption
Explanation: Secure Shell (SSH) is a protocol that provides a secure management connection to a remote device. SSH provides security by providing encryption for both authentication (username and password) and the transmitted data. Telnet is a protocol that uses unsecure plaintext transmission. SSH is assigned to TCP port 22 by default. Although this port can be changed in the SSH server configuration, the port is not dynamically changed. SSH does not use IPsec.
What is the advantage of using SSH over Telnet?
SSH is easier to use.
SSH operates faster than Telnet.
SSH provides secure communications to access hosts.
SSH supports authentication for a connection request.
SSH provides secure communications to access hosts.
Explanation: SSH provides a secure method for remote access to hosts by encrypting network traffic between the SSH client and remote hosts. Although both Telnet and SSH request authentication before a connection is established, Telnet does not support encryption of login credentials.
What is the role of an IPS?
detecting and blocking of attacks in real time
connecting global threat information to Cisco network security devices
authenticating and validating traffic
filtering of nefarious websites
detecting and blocking of attacks in real time
Explanation: An intrusion prevention system (IPS) provides real-time detection and blocking of attacks.
A user is redesigning a network for a small company and wants to ensure security at a reasonable price. The user deploys a new application-aware firewall with intrusion detection capabilities on the ISP connection. The user installs a second firewall to separate the company network from the public network. Additionally, the user installs an IPS on the internal network of the company. What approach is the user implementing?
attack based
risk based
structured
layered
layered
Explanation: Using different defenses at various points of the network creates a layered approach.
What is an accurate description of redundancy?
configuring a router with a complete MAC address database to ensure that all frames can be forwarded to the correct destination
configuring a switch with proper security to ensure that all traffic forwarded through an interface is filtered
designing a network to use multiple virtual devices to ensure that all traffic uses the best path through the internetwork
designing a network to use multiple paths between switches to ensure there is no single point of failure
designing a network to use multiple paths between switches to ensure there is no single point of failure
Explanation: Redundancy attempts to remove any single point of failure in a network by using multiple physically cabled paths between switches in the network.
A network administrator is upgrading a small business network to give high priority to real-time applications traffic. What two types of network services is the network administrator trying to accommodate? (Choose two.)
voice
video
instant messaging
FTP
SNMP
voice
video
Explanation: Streaming media, such as video, and voice traffic, are both examples of real-time traffic. Real-time traffic needs higher priority through the network than other types of traffic because it is very sensitive to network delay and latency.
What is the purpose of a small company using a protocol analyzer utility to capture network traffic on the network segments where the company is considering a network upgrade?
to identify the source and destination of local network traffic
to capture the Internet connection bandwidth requirement
to document and analyze network traffic requirements on each network segment
to establish a baseline for security analysis after the network is upgraded
to document and analyze network traffic requirements on each network segment
Explanation: An important prerequisite for considering network growth is to understand the type and amount of traffic that is crossing the network as well as the current traffic flow. By using a protocol analyzer in each network segment, the network administrator can document and analyze the network traffic pattern for each segment, which becomes the base in determining the needs and means of the network growth.
Refer to the exhibit. An administrator is testing connectivity to a remote device with the IP address 10.1.1.1. What does the output of this command indicate?
Connectivity to the remote device was successful.
A router along the path did not have a route to the destination.
A ping packet is being blocked by a security device along the path.
The connection timed out while waiting for a reply from the remote device.
ver imagem
R: A router along the path did not have a route to the destination.
Explanation: In the output of the ping command, an exclamation mark (!) indicates a response was successfully received, a period (.) indicates that the connection timed out while waiting for a reply, and the letter “U” indicates that a router along the path did not have a route to the destination and sent an ICMP destination unreachable message back to the source.
Which method is used to send a ping message specifying the source address for the ping?
Issue the ping command from within interface configuration mode.
Issue the ping command without specifying a destination IP address.
Issue the ping command without extended commands.
Issue the ping command after shutting down un-needed interfaces.
Issue the ping command without specifying a destination IP address.
Explanation: By issuing the ping command without a destination IP address in privileged EXEC mode, the Cisco IOS enters extended ping mode. This allows the user to implement extended commands which include source IP address.
A network engineer is analyzing reports from a recently performed network baseline. Which situation would depict a possible latency issue?
a change in the bandwidth according to the show interfaces output
a next-hop timeout from a traceroute
an increase in host-to-host ping response times
a change in the amount of RAM according to the show version output
an increase in host-to-host ping response times
Explanation: While analyzing historical reports an administrator can compare host-to-host timers from the ping command and depict possible latency issues.
Which statement is true about Cisco IOS ping indicators?
‘!’ indicates that the ping was unsuccessful and that the device may have issues finding a DNS server.
‘U’ may indicate that a router along the path did not contain a route to the destination address and that the ping was unsuccessful.
‘.’ indicates that the ping was successful but the response time was longer than normal.
A combination of ‘.’ and ‘!’ indicates that a router along the path did not have a route to the destination address and responded with an ICMP unreachable message.
‘U’ may indicate that a router along the path did not contain a route to the destination address and that the ping was unsuccessful.
Explanation: The most common indicators of a ping issued from the Cisco IOS are “!”, “.”, and “U”. The “!” indicates that the ping completed successfully, verifying connectivity at Layer 3. The “.” may indicate that a connectivity problem, routing problem, or device security issue exists along the path and that an ICMP destination unreachable message was not provided. The “U” indicates that a router along the path may not have had a route to the destination address, and that it responded with an ICMP unreachable message.
A user reports a lack of network connectivity. The technician takes control of the user machine and attempts to ping other computers on the network and these pings fail. The technician pings the default gateway and that also fails. What can be determined for sure by the results of these tests?
The NIC in the PC is bad.
The TCP/IP protocol is not enabled.
The router that is attached to the same network as the workstation is down.
Nothing can be determined for sure at this point.
Nothing can be determined for sure at this point.
Explanation: In networks today, a failed ping could mean that the other devices on the network are blocking pings. Further investigation such as checking network connectivity from other devices on the same network is warranted.
