N10-007.6

Question 1

FTP Bounce

Answer 1

An FTP bounce attack uses the FTP PORT command to covertly open a connection with a remote system. Specifically, an attacker connects to an FTP server and uses the PORT command to cause the FTP server to open a communications channel with the intended victim, which might allow a connection from the FTP server, while a connection directly from the attacker might be denied.

Question 2

Root Guard

Answer 2

A switch protection mechanism for STP. The switch ensures that superior BPDU messages are ignored.

Question 3

Intrusion Detection System (IDS)

Answer 3

IDS devices can recognize the signature of a well-known attack and respond to stop the attack. However, an IDS sensor does not reside inline with the traffic flow.

Question 4

Denial of Service (DoS)

Answer 4

A DoS attack floods a system with an excessive amount of traffic or requests, which consumes the system’s processing resources and prevents the system from responding to many legitimate requests.

Question 5

Site-to-Site VPN

Answer 5

Interconnects two sites, as an alternative to a leased line, at a reduced cost.

Question 6

Flood Guard

Answer 6

Serves as a preventive control against denial of service (DoS) or distributed denial of service (DDoS) attacks. A Flood Guard is available either as a standalone device or as a firewall component. It is capable of monitoring network traffic to identify DoS attacks in progress generated through packet flooding.

Question 7

Hardware Firewall

Answer 7

A network appliance dedicated to the purpose of acting as a firewall. This appliance can have multiple interfaces for connecting to areas of a network requiring varying levels of security.

Question 8

Intrusion Prevention System (IPS)

Answer 8

IPS devices can recognize the signature of a well-known attack and respond to stop the attack. An IPS device resides inline with the traffic flow, unlike an IDS sensor.

Question 9

DHCP Snooping

Answer 9

The process of securing the network against a rogue DHCP server attack or other types of DHCP security attacks.

Question 10

Challenge-Response Authentication Mechanism Message Digest 5 (CRAM-MD5)

Answer 10

A common variant of HMAC frequently used in email systems. Like CHAP, CRAM-MD5 only performs one-way authentication (the server authenticates the client).

Question 11

Terminal Access Controller Access-Control System Plus (TACACS+)

Answer 11

A TCP-based protocol used to communicate with an AAA server. Unlike RADIUS, TACACS+ encrypts an entire authentication packet rather than just the password. TACACS+ offers authentication features, but they are not as robust as the accounting features found in RADIUS. Also, unlike RADIUS, TACACS+ is a Cisco-proprietary protocol.

Question 12

Asymmetric Encryption

Answer 12

With asymmetric encryption, the sender and receiver of a packet use different keys.

Question 13

Layer 2 Tunneling Protocol (L2TP)

Answer 13

A VPN protocol that lacks security features, such as encryption. However, L2TP can still be used for a secure VPN connection if it is combined with another protocol that provides encryption.

Question 14

Lightweight Directory Access Protocol (LDAP)

Answer 14

An open standard for storing directory information for the network such as usernames and passwords and other user and computer parameters.

Question 15

Symmetric Encryption

Answer 15

With symmetric encryption, both the sender and the receiver of a packet use the same key (a shared key) for encryption and decryption.

Question 16

Nessus

Answer 16

A network-vulnerability scanner available from Tenable Network Security.

Question 17

Insider Threat

Answer 17

In network security, this refers to an attacker who resides inside the network. Often, this might be an employee of the company.

Question 18

Pretty Good Privacy (PGP)

Answer 18

PGP is a widely deployed asymmetric encryption algorithm and is often used to encrypt email traffic

Question 19

Security Association (SA)

Answer 19

An agreement between the two IPSec peers about the cryptographic parameters to be used in an ISAKMP session.

Question 20

Network-based IPS (NIPS)

Answer 20

An NIPS device is a network appliance dedicated to acting as an IPS sensor.

Question 21

Internet Key Exchange (IKE)

Answer 21

A protocol used to set up an IPSec session.

Question 22

Encapsulating Security Payload (EPS)

Answer 22

An IPSec protocol that provides authentication, integrity, and encryption services.

Question 23

Unified Threat Management (UTM)

Answer 23

A firewall or gateway that attempts to bundle multiple security functions into a single physical or logical device.

Question 24

Demilitarized Zone (DMZ)

Answer 24

Often contains servers that should be accessible from the Internet. This approach would, for example, allow users on the Internet to initiate an email or a web session coming into an organization’s email or web server. However, other protocols would be blocked.

Question 25

Distributed Denial of Service (DDoS)

Answer 25

These attacks can increase the amount of traffic flooded to a target system. Specifically, an attacker compromises multiple systems, and those compromised systems, called zombies, can be instructed by the attacker to simultaneously launch a DDoS attack against a target system.

Question 26

Internet Security Association and Key Management Protocol (ISAKMP)

Answer 26

Negotiates parameters for an IPSec session.

Question 27

Evil Twin

Answer 27

A device that is postured to appear like a legitimate access point on the network to carry out a wireless attack.

Question 28

Buffer Overflow

Answer 28

This attack occurs when an attacker leverages a vulnerability in an application, causing data to be written to a memory area (that is, a buffer) that’s being used by a different application.

Question 29

Point-to-Point Tunneling Protocol (PPTP)

Answer 29

An older VPN protocol that supported the dial-up networking feature in older versions of Microsoft Windows. Like L2TP and L2F, PPTP lacks native security features. However, Microsoft’s versions of PPTP bundled with various versions of Microsoft Windows were enhanced to offer security features.

Question 30

Black-hole Router

Answer 30

A router that drops packets that cannot be fragmented and are exceeding the MTU size of an interface without notifying the sender.

Question 31

Short

Answer 31

A short occurs when two copper connectors touch each other, resulting in current flowing through that short rather than the attached electrical circuit, because the short has lower resistance.

Question 32

Open

Answer 32

A broken strand of copper that prevents current from flowing through a circuit.

Question 33

Decibel Loss

Answer 33

A loss of signal power. If a transmission’s dB loss is too great, the transmission cannot be properly interpreted by the intended recipient.

Question 34

What describes an IPv6 address of ::1?

Answer 34

Loopback address

Question 35

What is RAS?

Answer 35

A remote access server is a type of server that provides a suite of services to remotely connect users to a network or the Internet.