Network Hardening Quiz Flashcards
Of the three existing version of the Simple Network Management Protocol(SNMP), versions 1 and 2 (SNMPv1 and SNMPv2) offer authentication based on community strings sent in an unencrypted form (in Cleartext). SNMPv3 provides packet encryption, authentication, and hashing mechanisms that allow for checking whether data has changed in transit (i.e. validation of data integrity)
True
In IPv6, a router periodically sends a special type of message to announce its presence on the network. A mechanism that allows to filter these messages (i.e. reject those that are labeled as unwanted or rogue) is known as:
BPDU (Bridge Protocol Data Unit) Guard
In the context of implementing secure network designs, the term “Port security” may apply to:
Disabling physical ports on a device
Implementing MAC address filtering
Disabling unused logical ports (TCP/IP)
Implementing Port-based Network access Control (defined in the IEEE 802.1X standard)
Which of the following answers refers to a dedicated security mechanism that prevents ARP attacks?
DAI (Dynamic ARP Inspection)
Control Plane Policing (CoPP) is a Cisco-proprietary security feature designed to protect routers and switches against reconnaissance and Denial-of-Service (DoS) attacks.
True
Private VLANs are created via:
Port isolation
The process of securing networking devices should include the practice of disabling unused physical ports.
True
Which of the following actions allow(s) to improve the security of SOHO router?
Changing default admin credentials
implementing MAC address filtering
Blocking unwanted traffic via firewall settings
Disabling unused physical ports
Implementing content filtering
Performing firmware updates
Implementing physical security controls
Which of the following actions would be of help in the process of web server hardening?
Removing server version banner
Disabling unnecessary ports, services, and accounts
Keeping the system up to date via updates and patches
Enabling and monitoring logs
Permissions audits
Which of the following factors are considered important for creating strong passwords? (Select 2 answers)
Password length
Password complexity
A strong password that meets the password complexity requirement should contain: (Select the best answer)
A combination of characters from at least 3 character groups
Which of the following passwords is the most complex?
G$L3tU8wY@z
A security feature of a network switch that provides countermeasures against rogue DHCP servers is called:
DHCP snooping
Changing the native VLAN on all truck ports to an unused VLAN ID is one of the countermeasures against VLAN hopping
True
Which of the acronyms listed below refers to a set of rules that specify which users or system processes are granted access to objects as well as what operations are allowed on a given object?
ACL (Access Control List)
A rule-based access control mechanism implemented on routers, switches, and firewalls is referred to as:
ACL (Access Control List)
Which of the following policies applies to any requests that fall outside the criteria defined in an ACL?
Implicit deny policy
A 48-bit Media Access Control (MAC) address is a unique number assigned to every network adapter. A network access method whereby the MAC address (a.k.a. physical address) of the Network Interface Card (NIC) is used to grand/deny network access is known as MAC filtering or MAC address filtering.
True
An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against:
War driving
Which of the following would be of help in troubleshooting wireless signal loss and low wireless network signal coverage?
WAP power level controls
Which of the following answers refers to a shared secret authentication method used in WPA, WPA2, and EAP?
PSK (Pre-Shared Key)
A type of technology that provides control over the usage of a mobile device within a designated area is known as:
Geofencing
Which of the following answers refers to a security solution that allows administrators to block network access for users until they perform required action?
Captive Portal