Network Hardening Quiz Flashcards
Of the three existing version of the Simple Network Management Protocol(SNMP), versions 1 and 2 (SNMPv1 and SNMPv2) offer authentication based on community strings sent in an unencrypted form (in Cleartext). SNMPv3 provides packet encryption, authentication, and hashing mechanisms that allow for checking whether data has changed in transit (i.e. validation of data integrity)
True
In IPv6, a router periodically sends a special type of message to announce its presence on the network. A mechanism that allows to filter these messages (i.e. reject those that are labeled as unwanted or rogue) is known as:
BPDU (Bridge Protocol Data Unit) Guard
In the context of implementing secure network designs, the term “Port security” may apply to:
Disabling physical ports on a device
Implementing MAC address filtering
Disabling unused logical ports (TCP/IP)
Implementing Port-based Network access Control (defined in the IEEE 802.1X standard)
Which of the following answers refers to a dedicated security mechanism that prevents ARP attacks?
DAI (Dynamic ARP Inspection)
Control Plane Policing (CoPP) is a Cisco-proprietary security feature designed to protect routers and switches against reconnaissance and Denial-of-Service (DoS) attacks.
True
Private VLANs are created via:
Port isolation
The process of securing networking devices should include the practice of disabling unused physical ports.
True
Which of the following actions allow(s) to improve the security of SOHO router?
Changing default admin credentials
implementing MAC address filtering
Blocking unwanted traffic via firewall settings
Disabling unused physical ports
Implementing content filtering
Performing firmware updates
Implementing physical security controls
Which of the following actions would be of help in the process of web server hardening?
Removing server version banner
Disabling unnecessary ports, services, and accounts
Keeping the system up to date via updates and patches
Enabling and monitoring logs
Permissions audits
Which of the following factors are considered important for creating strong passwords? (Select 2 answers)
Password length
Password complexity
A strong password that meets the password complexity requirement should contain: (Select the best answer)
A combination of characters from at least 3 character groups
Which of the following passwords is the most complex?
G$L3tU8wY@z
A security feature of a network switch that provides countermeasures against rogue DHCP servers is called:
DHCP snooping
Changing the native VLAN on all truck ports to an unused VLAN ID is one of the countermeasures against VLAN hopping
True
Which of the acronyms listed below refers to a set of rules that specify which users or system processes are granted access to objects as well as what operations are allowed on a given object?
ACL (Access Control List)