Network Hardening Quiz Flashcards

1
Q

Of the three existing version of the Simple Network Management Protocol(SNMP), versions 1 and 2 (SNMPv1 and SNMPv2) offer authentication based on community strings sent in an unencrypted form (in Cleartext). SNMPv3 provides packet encryption, authentication, and hashing mechanisms that allow for checking whether data has changed in transit (i.e. validation of data integrity)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In IPv6, a router periodically sends a special type of message to announce its presence on the network. A mechanism that allows to filter these messages (i.e. reject those that are labeled as unwanted or rogue) is known as:

A

BPDU (Bridge Protocol Data Unit) Guard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In the context of implementing secure network designs, the term “Port security” may apply to:

A

Disabling physical ports on a device
Implementing MAC address filtering
Disabling unused logical ports (TCP/IP)
Implementing Port-based Network access Control (defined in the IEEE 802.1X standard)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following answers refers to a dedicated security mechanism that prevents ARP attacks?

A

DAI (Dynamic ARP Inspection)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Control Plane Policing (CoPP) is a Cisco-proprietary security feature designed to protect routers and switches against reconnaissance and Denial-of-Service (DoS) attacks.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Private VLANs are created via:

A

Port isolation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The process of securing networking devices should include the practice of disabling unused physical ports.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following actions allow(s) to improve the security of SOHO router?

A

Changing default admin credentials
implementing MAC address filtering
Blocking unwanted traffic via firewall settings
Disabling unused physical ports
Implementing content filtering
Performing firmware updates
Implementing physical security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following actions would be of help in the process of web server hardening?

A

Removing server version banner
Disabling unnecessary ports, services, and accounts
Keeping the system up to date via updates and patches
Enabling and monitoring logs
Permissions audits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following factors are considered important for creating strong passwords? (Select 2 answers)

A

Password length
Password complexity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A strong password that meets the password complexity requirement should contain: (Select the best answer)

A

A combination of characters from at least 3 character groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following passwords is the most complex?

A

G$L3tU8wY@z

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A security feature of a network switch that provides countermeasures against rogue DHCP servers is called:

A

DHCP snooping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Changing the native VLAN on all truck ports to an unused VLAN ID is one of the countermeasures against VLAN hopping

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the acronyms listed below refers to a set of rules that specify which users or system processes are granted access to objects as well as what operations are allowed on a given object?

A

ACL (Access Control List)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A rule-based access control mechanism implemented on routers, switches, and firewalls is referred to as:

A

ACL (Access Control List)

17
Q

Which of the following policies applies to any requests that fall outside the criteria defined in an ACL?

A

Implicit deny policy

18
Q

A 48-bit Media Access Control (MAC) address is a unique number assigned to every network adapter. A network access method whereby the MAC address (a.k.a. physical address) of the Network Interface Card (NIC) is used to grand/deny network access is known as MAC filtering or MAC address filtering.

A

True

19
Q

An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against:

A

War driving

20
Q

Which of the following would be of help in troubleshooting wireless signal loss and low wireless network signal coverage?

A

WAP power level controls

21
Q

Which of the following answers refers to a shared secret authentication method used in WPA, WPA2, and EAP?

A

PSK (Pre-Shared Key)

22
Q

A type of technology that provides control over the usage of a mobile device within a designated area is known as:

A

Geofencing

23
Q

Which of the following answers refers to a security solution that allows administrators to block network access for users until they perform required action?

A

Captive Portal