MODULE 19 - CERTIFICATION CYBER OPS ASSOCIATE

Question 1

Access Control Concepts Communications Security:

CIA Information security deals with protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Answer 1

CIA Triad

https://snipboard.io/IMJpdQ.jpg

Question 2

CIA Triad

https://snipboard.io/IMJpdQ.jpg

As shown in the figure, the CIA triad consists of three components of information security:

Confidentiality - Only authorized individuals, entities, or processes can access sensitive information.

Integrity – This refers to the protection of data from unauthorized alteration.

Availability - Authorized users must have uninterrupted access to the network resources and data that they require.

Answer 2

As shown in the figure, the CIA triad consists of three components of information security:

Confidentiality - Only authorized individuals, entities, or processes can access sensitive information.

Integrity – This refers to the protection of data from unauthorized alteration.

Availability - Authorized users must have uninterrupted access to the network resources and data that they require.

Network data can be encrypted (made unreadable to unauthorized users) using various cryptography applications.

The conversation between two IP phone users can be encrypted. The files on a computer can also be encrypted. These are just a few examples.

Cryptography can be used almost anywhere that there is data communication. In fact, the trend is toward all communication being encrypted.

Question 3

Zero Trust Security Zero trust is a comprehensive approach to securing all access across networks, applications, and environments.

This approach helps secure access from users, end-user devices, APIs, IoT, microservices, containers, and more. It protects an organization’s workforce, workloads, and the workplace.

The principle of a zero trust approach is, “never trust, always verify.” Assume zero trust any time someone or something requests access to assets.

A zero trust security framework helps to prevent unauthorized access, contain breaches, and reduce the risk of an attacker’s lateral movement through a network.

Answer 3

Traditionally, the network perimeter, or edge, was the boundary between inside and outside, or trusted and untrusted.

In a Zero trust approach, any place at which an access control decision is required should be considered a perimeter.

This means that although a user or other entity may have successfully passed access control previously, they are not trusted to access another area or resource until they are authenticated.

In some cases, users may be required to authenticate multiple times and in different ways, to gain access to different layers of the network.

Question 4

Traditionally, the network perimeter, or edge, was the boundary between inside and outside, or trusted and untrusted.

In a Zero trust approach, any place at which an access control decision is required should be considered a perimeter.

This means that although a user or other entity may have successfully passed access control previously, they are not trusted to access another area or resource until they are authenticated.

In some cases, users may be required to authenticate multiple times and in different ways, to gain access to different layers of the network.

Answer 4

The three pillars of zero trust are workforce, workloads, and workplace. Click on the buttons to learn more about the pillars of zero trust.

– ZERO TRUST FOR THE WORKFORCE

– ZERO TRUST FOR WORKLOADS

– ZERO TRUST FOR THE WORKPLACE

Question 5

The three pillars of zero trust are workforce, workloads, and workplace. Click on the buttons to learn more about the pillars of zero trust.

– ZERO TRUST FOR THE WORKFORCE

– ZERO TRUST FOR WORKLOADS

– ZERO TRUST FOR THE WORKPLACE

Answer 5

ZERO TRUST FOR THE WORKFORCE :

This pillar consists of people (e.g., employees, contractors, partners, and vendors) who access work applications by using their personal or corporate-managed devices.

This pillar ensures only the right users and secure devices can access applications, regardless of location.

Question 6

The three pillars of zero trust are workforce, workloads, and workplace. Click on the buttons to learn more about the pillars of zero trust.

– ZERO TRUST FOR THE WORKFORCE

– ZERO TRUST FOR WORKLOADS

– ZERO TRUST FOR THE WORKPLACE

Answer 6

ZERO TRUST FOR WORKLOADS :

This pillar is concerned with applications that are running in the cloud, in data centers, and other virtualized environments that interact with one another.

It focuses on secure access when an API, a microservice, or a container is accessing a database within an application.

Question 7

The three pillars of zero trust are workforce, workloads, and workplace. Click on the buttons to learn more about the pillars of zero trust.

– ZERO TRUST FOR THE WORKFORCE

– ZERO TRUST FOR WORKLOADS

– ZERO TRUST FOR THE WORKPLACE

Answer 7

ZERO TRUST FOR THE WORKPLACE :

This pillar focuses on secure access for any and all devices, including on the internet of things (IoT), that connect to enterprise networks, such as user endpoints, physical and virtual servers, printers, cameras, HVAC systems, kiosks, infusion pumps, industrial control systems, and more.

Question 8

Access Control Models

An organization must implement proper access controls to protect its network resources, information system resources, and information.

Answer 8

A security analyst should understand the different basic access control models to have a better understanding of how attackers can break the access controls.

Question 9

A security analyst should understand the different basic access control models to have a better understanding of how attackers can break the access controls.

Answer 9

The table lists various types of access control methods. :

– Discretionary access control (DAC)

– Mandatory access control (MAC)

– Role-based access control (RBAC)

– Attribute-based access control (ABAC)

– Rule-based access control (RBAC)

– Time-based access control (TAC)

Question 10

The table lists various types of access control methods. :

– Discretionary access control (DAC)

– Mandatory access control (MAC)

– Role-based access control (RBAC)

– Attribute-based access control (ABAC)

– Rule-based access control (RBAC)

– Time-based access control (TAC)

Answer 10

Discretionary access control (DAC) :

This is the least restrictive model and allows users to control access to their data as owners of that data.

DAC may use ACLs or other methods to specify which users or groups of users have access to the information.

Question 11

The table lists various types of access control methods. :

– Discretionary access control (DAC)

– Mandatory access control (MAC)

– Role-based access control (RBAC)

– Attribute-based access control (ABAC)

– Rule-based access control (RBAC)

– Time-based access control (TAC)

Answer 11

Mandatory access control (MAC) :

This applies the strictest access control and is typically used in military or mission critical applications.

It assigns security level labels to information and enables users with access based on their security level clearance.

Question 12

The table lists various types of access control methods. :

– Discretionary access control (DAC)

– Mandatory access control (MAC)

– Role-based access control (RBAC)

– Attribute-based access control (ABAC)

– Rule-based access control (RBAC)

– Time-based access control (TAC)

Answer 12

Role-based access control (RBAC) :

Access decisions are based on an individual’s roles and responsibilities within the organization.

Different roles are assigned security privileges, and individuals are assigned to the RBAC profile for the role.

Roles may include different positions, job classifications or groups of job classifications.

Also known as a type of non-discretionary access control.

Question 13

The table lists various types of access control methods. :

– Discretionary access control (DAC)

– Mandatory access control (MAC)

– Role-based access control (RBAC)

– Attribute-based access control (ABAC)

– Rule-based access control (RBAC)

– Time-based access control (TAC)

Answer 13

Attribute-based access control (ABAC) :

ABAC allows access based on attributes of the object (resource) to be accessed, the subject (user) accessing the resource, and environmental factors regarding how the object is to be accessed, such as time of day.

Question 14

The table lists various types of access control methods. :

– Discretionary access control (DAC)

– Mandatory access control (MAC)

– Role-based access control (RBAC)

– Attribute-based access control (ABAC)

– Rule-based access control (RBAC)

– Time-based access control (TAC)

Answer 14

Rule-based access control (RBAC) :

Network security staff specify sets of rules regarding or conditions that are associated with access to data or systems.

These rules may specify permitted or denied IP addresses, or certain protocols and other conditions. Also known as Rule Based RBAC.

Question 15

The table lists various types of access control methods. :

– Discretionary access control (DAC)

– Mandatory access control (MAC)

– Role-based access control (RBAC)

– Attribute-based access control (ABAC)

– Rule-based access control (RBAC)

– Time-based access control (TAC)

Answer 15

Time-based access control (TAC) :

TAC Allows access to network resources based on time and day.

Question 16

Another access control model is the principle of least privilege, which specifies a limited, as-needed approach to granting user and process access rights to specific information and tools.

The principle of least privilege states that users should be granted the minimum amount of access required to perform their work function.

Answer 16

A common exploit is known as privilege escalation.

In this exploit, vulnerabilities in servers or access control systems are exploited to grant an unauthorized user, or software process, higher levels of privilege than they should have.

After the privilege is granted, the threat actor can access sensitive information or take control of a system.

Question 17

AAA Operation

A network must be designed to control who is allowed to connect to it and what they are allowed to do when they are connected.

These design requirements are identified in the network security policy. The policy specifies how network administrators, corporate users, remote users, business partners, and clients access network resources.

The network security policy can also mandate the implementation of an accounting system that tracks who logged in and when and what they did while logged in.

Some compliance regulations may specify that access must be logged and the logs retained for a set period of time.

Answer 17

The Authentication, Authorization, and Accounting (AAA) protocol provides the necessary framework to enable scalable access security.

The table lists the three independent security functions provided by the AAA architectural framework.

AAA Components:

– Authentication

– Authorization

– Accounting

Question 18

The Authentication, Authorization, and Accounting (AAA) protocol provides the necessary framework to enable scalable access security.

The table lists the three independent security functions provided by the AAA architectural framework.

AAA Components:

– Authentication

– Authorization

– Accounting

Answer 18

Authentication : Users and administrators must prove that they are who they say they are.

Authentication can be established using username and password combinations, challenge and response questions, token cards, and other methods.

AAA authentication provides a centralized way to control access to the network.

Question 19

The Authentication, Authorization, and Accounting (AAA) protocol provides the necessary framework to enable scalable access security.

The table lists the three independent security functions provided by the AAA architectural framework.

AAA Components:

– Authentication

– Authorization

– Accounting

Answer 19

Authorization :

After the user is authenticated, authorization services determine which resources the user can access and which operations the user is allowed to perform.

An example is “User ‘student’ can access host server XYZ using SSH only.”

Question 20

The Authentication, Authorization, and Accounting (AAA) protocol provides the necessary framework to enable scalable access security.

The table lists the three independent security functions provided by the AAA architectural framework.

AAA Components:

– Authentication

– Authorization

– Accounting

Answer 20

Accounting :

Accounting records what the user does, including what is accessed, the amount of time the resource is accessed, and any changes that were made.

Accounting keeps track of how network resources are used. An example is “User ‘student’ accessed host server XYZ using SSH for 15 minutes.”

Question 21

This concept is similar to the use of a credit card, as indicated by the figure.

The credit card identifies who can use it, how much that user can spend, and keeps account of what items the user spent money on.

https://snipboard.io/2zAMb3.jpg

Answer 21

This concept is similar to the use of a credit card, as indicated by the figure.

The credit card identifies who can use it, how much that user can spend, and keeps account of what items the user spent money on.

https://snipboard.io/2zAMb3.jpg

Question 22

AAA Authentication

AAA Authentication can be used to authenticate users for administrative access or it can be used to authenticate users for remote network access.

Answer 22

Cisco provides two common methods of implementing AAA services :

– Local AAA Authentication

– Server Based AAA Authentication

Question 23

Cisco provides two common methods of implementing AAA services :

– Local AAA Authentication

– Server Based AAA Authentication

Answer 23

Local AAA Authentication :

This method is sometimes known as self-contained authentication because it authenticates users against locally stored usernames and passwords, as shown in the figure.

Local AAA is ideal for small networks.

https://snipboard.io/7UREx8.jpg

Question 24

Cisco provides two common methods of implementing AAA services :

– Local AAA Authentication

– Server Based AAA Authentication

Answer 24

Server Based AAA Authentication :

This method authenticates against a central AAA server that contains the usernames and passwords for all users, as shown in the figure.

Server-based AAA authentication is appropriate for medium-to-large networks.

https://snipboard.io/HJ9BTs.jpg

Question 25

Centralized AAA is more scalable and manageable than local AAA authentication and therefore, it is the preferred AAA implementation.

Answer 25

Devices communicate with the centralized AAA server using either the Remote Authentication Dial-In User Service (RADIUS) or Terminal Access Controller Access Control System (TACACS+) protocols.

Question 26

Devices communicate with the centralized AAA server using either the Remote Authentication Dial-In User Service (RADIUS) or Terminal Access Controller Access Control System (TACACS+) protocols.

The table lists the differences between the two protocols.

Answer 26

– Functionality

– TACACS+ – RADIUS

– Standard

– TACACS+ – RADIUS

– Transport

– TACACS+ – RADIUS

– Protocol CHAP

– TACACS+ – RADIUS

– Confidentiality

– TACACS+ – RADIUS

– Customization

– TACACS+ – RADIUS

– Accounting

– TACACS+ – RADIUS

Question 27

– Functionality

– TACACS+ – RADIUS

– Standard

– TACACS+ – RADIUS

– Transport

– TACACS+ – RADIUS

– Protocol CHAP

– TACACS+ – RADIUS

– Confidentiality

– TACACS+ – RADIUS

– Customization

– TACACS+ – RADIUS

– Accounting

– TACACS+ – RADIUS

Answer 27

Functionality

– TACACS+ – RADIUS

TACACS+ :

It separates authentication, authorization, and accounting functions according to the AAA architecture. This allows modularity of the security server implementation.

RADIUS :

It combines authentication and authorization but separates accounting, which allows less flexibility in implementation than TACACS+

Question 28

– Functionality

– TACACS+ – RADIUS

– Standard

– TACACS+ – RADIUS

– Transport

– TACACS+ – RADIUS

– Protocol CHAP

– TACACS+ – RADIUS

– Confidentiality

– TACACS+ – RADIUS

– Customization

– TACACS+ – RADIUS

– Accounting

– TACACS+ – RADIUS

Answer 28

Standard –

TACACS+ – RADIUS :

TACACS+ : Mostly Cisco supported

RADIUS : Open/RFC standard

Question 29

– Functionality

– TACACS+ – RADIUS

– Standard

– TACACS+ – RADIUS

– Transport

– TACACS+ – RADIUS

– Protocol CHAP

– TACACS+ – RADIUS

– Confidentiality

– TACACS+ – RADIUS

– Customization

– TACACS+ – RADIUS

– Accounting

– TACACS+ – RADIUS

Answer 29

Transport

– TACACS+ – RADIUS

TACACS+ TCP port 49

RADIUS UDP ports 1812 and 1813, or 1645 and 1646

Question 30

– Functionality

– TACACS+ – RADIUS

– Standard

– TACACS+ – RADIUS

– Transport

– TACACS+ – RADIUS

– Protocol CHAP

– TACACS+ – RADIUS

– Confidentiality

– TACACS+ – RADIUS

– Customization

– TACACS+ – RADIUS

– Accounting

– TACACS+ – RADIUS

Answer 30

Protocol CHAP

– TACACS+ – RADIUS

TACACS+ Bidirectional challenge and response as used in Challenge Handshake Authentication Protocol (CHAP)

RADIUS: Unidirectional challenge and response from the RADIUS security server to the RADIUS client

Question 31

– Functionality

– TACACS+ – RADIUS

– Standard

– TACACS+ – RADIUS

– Transport

– TACACS+ – RADIUS

– Protocol CHAP

– TACACS+ – RADIUS

– Confidentiality

– TACACS+ – RADIUS

– Customization

– TACACS+ – RADIUS

– Accounting

– TACACS+ – RADIUS

Answer 31

Confidentiality

– TACACS+ – RADIUS

TACACS+ : Encrypts the entire body of the packet but leaves a standard TACACS+ header.

RADIUS : Encrypts only the password in the access-request packet from the client to the server.

The remainder of the packet is unencrypted, leaving the username, authorized services, and accounting unprotected.

Question 32

– Functionality

– TACACS+ – RADIUS

– Standard

– TACACS+ – RADIUS

– Transport

– TACACS+ – RADIUS

– Protocol CHAP

– TACACS+ – RADIUS

– Confidentiality

– TACACS+ – RADIUS

– Customization

– TACACS+ – RADIUS

– Accounting

– TACACS+ – RADIUS

Answer 32

Customization

– TACACS+ – RADIUS

TACACS+ : Provides authorization of router commands on a per-user or per-group basis

RADIUS : Has no option to authorize router commands on a per-user or per-group basis

Question 33

– Functionality

– TACACS+ – RADIUS

– Standard

– TACACS+ – RADIUS

– Transport

– TACACS+ – RADIUS

– Protocol CHAP

– TACACS+ – RADIUS

– Confidentiality

– TACACS+ – RADIUS

– Customization

– TACACS+ – RADIUS

– Accounting

– TACACS+ – RADIUS

Answer 33

Accounting

– TACACS+ – RADIUS

TACACS+ : Limited

RADIUS : Extensive

Question 34

AAA Accounting Logs

Centralized AAA also enables the use of the Accounting method.

Accounting records from all devices are sent to centralized repositories, which simplifies auditing of user actions.

Answer 34

AAA Accounting collects and reports usage data in AAA logs.

These logs are useful for security auditing.

The collected data might include the start and stop connection times, executed commands, number of packets, and number of bytes.

Question 35

AAA Accounting collects and reports usage data in AAA logs.

These logs are useful for security auditing.

The collected data might include the start and stop connection times, executed commands, number of packets, and number of bytes.

One widely deployed use of accounting is to combine it with AAA authentication. This helps with managing access to internetworking devices by network administrative staff.

Accounting provides more security than just authentication.

The AAA servers keep a detailed log of exactly what the authenticated user does on the device, as shown in the figure.

Answer 35

This includes all EXEC and configuration commands issued by the user.

The log contains numerous data fields, including the username, the date and time, and the actual command that was entered by the user.

This information is useful when troubleshooting devices. It also provides evidence against individuals who perform malicious actions.

https://snipboard.io/UKOhsW.jpg

Question 36

The table displays the various types of accounting information that can be collected.

– Network Accounting

– Connection Accounting

– EXEC Accounting

– System Accounting

– Command Accounting

– Resource Accounting

Answer 36

The table displays the various types of accounting information that can be collected.

– Network Accounting

– Connection Accounting

– EXEC Accounting

– System Accounting

– Command Accounting

– Resource Accounting

Question 37

The table displays the various types of accounting information that can be collected.

– Network Accounting

– Connection Accounting

– EXEC Accounting

– System Accounting

– Command Accounting

– Resource Accounting

Answer 37

Network Accounting :

Network accounting captures information for all Point-to-Point Protocol (PPP) sessions, including packet and byte counts.

Question 38

The table displays the various types of accounting information that can be collected.

– Network Accounting

– Connection Accounting

– EXEC Accounting

– System Accounting

– Command Accounting

– Resource Accounting

Answer 38

Connection Accounting :

Connection accounting captures information about all outbound connections that are made from the AAA client, such as by SSH.

Question 39

The table displays the various types of accounting information that can be collected.

– Network Accounting

– Connection Accounting

– EXEC Accounting

– System Accounting

– Command Accounting

– Resource Accounting

Answer 39

EXEC Accounting :

EXEC accounting captures information about user EXEC terminal sessions (user shells) on the network access server, including username, date, start and stop times, and the access server IP address.

Question 40

The table displays the various types of accounting information that can be collected.

– Network Accounting

– Connection Accounting

– EXEC Accounting

– System Accounting

– Command Accounting

– Resource Accounting

Answer 40

System Accounting :

System accounting captures information about all system-level events (for example, when the system reboots or when accounting is turned on or off).

Question 41

The table displays the various types of accounting information that can be collected.

– Network Accounting

– Connection Accounting

– EXEC Accounting

– System Accounting

– Command Accounting

– Resource Accounting

Answer 41

Command Accounting :

Command accounting captures information about the EXEC shell commands for a specified privilege level, as well as the date and time each command was executed, and the user who executed it.

Question 42

The table displays the various types of accounting information that can be collected.

– Network Accounting

– Connection Accounting

– EXEC Accounting

– System Accounting

– Command Accounting

– Resource Accounting

Answer 42

Resource Accounting :

The Cisco implementation of AAA accounting captures “start” and “stop” record support for connections that have passed user authentication.

The additional feature of generating “stop” records for connections that fail to authenticate as part of user authentication is also supported.

Such records are necessary for users employing accounting records to manage and monitor their networks.