Module 13

Question 1

Where do many attacks originate from?

Answer 1

Inside the network

Question 2

Traditional host-based security measures

Answer 2

Antivirus/Antimalware Software
Host-based IPS
Host-based firewall

Question 3

Antivirus/Antimalware Software

Answer 3

Installed on a host to detect and mitigate viruses and malware

Question 4

Host-based IPS

Answer 4

Installed on the local host to monitor and report on the system configuration and application activity, provide log analysis, event correlation, integrity checking, policy enforcement, rootkit detection, and alerting

Question 5

Host-based firewall

Answer 5

Installed on a host that restricts incoming and outgoing connections to those initiated by that host only

Question 6

Spam filtering

Answer 6

Prevents spam emails from reaching endpoints

Question 7

Blocklisting

Answer 7

Prevents endpoints from connecting to websites with bad reputations by immediately blocking connections based on the latest reputation intelligence

Question 8

Data Loss Prevention (DLP)

Answer 8

Prevents sensitive information from being lost or stolen

Question 9

Advanced Malware Protection (AMP)

Answer 9

Provides endpoint protection from viruses and malware

Question 10

Email Security Appliance (ESA)

Answer 10

Provides filtering of SPAM and potentially malicious emails before they reach the endpoint

Question 11

Web Security Appliance (WSA)

Answer 11

Provides filtering and blocking of websites to prevent hosts from reaching dangerous locations on the web

Question 12

What does Cisco WSA provide?

Answer 12

Control over how users access the internet and can enforce acceptable use policies, control access to specific sites and services, and scan for malware

Question 13

Network Admission Control (NAC)

Answer 13

Permits only authorized and compliant systems to connect to the network

Question 14

What is susceptible to data theft?

Answer 14

Endpoints

Question 15

NAC system capabilities

Answer 15

Profiling and visibility
Guest network access
Security posture checking
Incident response

Question 16

Profiling and visibility

Answer 16

Recognizes and profiles users and their devices before malicious code can cause damage

Question 17

Guest network access

Answer 17

Manages guests through a customizable, self-service portal that includes guest registration, guest authentication, guest sponsoring, and a guest management portal

Question 18

Security posture checking

Answer 18

Evaluates security-policy compliance by user type, device type, and operating system

Question 19

Incident response

Answer 19

Mitigates network threats by enforcing security policies that block, isolate, and repair noncompliant machines without administrator attention

Question 20

Cisco Identity Services Engine (ISE) combines?

Answer 20

AAA and network device profiling into a single system

Question 21

How do network access devices function as the enforcement layer?

Answer 21

They force the clients to query for authentication and authorization. They can query other devices, such as an antivirus server, and reply to the network enforcers

Question 22

What does IEEE 802.1X standard define?

Answer 22

A port-based access control and authentication protocol that restricts unauthorized workstations from connecting to a LAN through publicly accessible switch ports. It authenticates each workstation before making available any services offered by the switch or LAN

Question 23

Supplicant (Client)

Answer 23

Workstation that requests access to LAN and switch services and then responds to requests from the switch. Workstation has to run 802.1X-compliant client software

Question 24

Authenticator (Switch)

Answer 24

Controls physical access to the network based on the authentication status of the client

Question 25

Why does the switch use a RADIUS software agent?

Answer 25

It is responsible for encapsulating and de-encapsulating the Extensible Authentication Protocol (EAP) frames and interacting with the authentication server

Question 26

Authentication server

Answer 26

Performs the actual authentication of the client. It validates the identity of the client and notifies the switch whether the client is authorized to access the LAN and switch services