Network Hardening Techniques Flashcards
Your primary concern when hardening your network is the fact that you are
vulnerable to several DoS attacks that involve your IGP and EGP protocols.
What hardening technique addresses this challenge most directly?
a. Control plane policing
b. Geofencing
c. SNMP
d. Dynamic ARP inspection
Answer: a. Control plane policing (CoPP) can help in this situation. Because
your IGP and EGP routing protocols are part of the control plane, you can
use CoPP to watch the amount of traffic that is permitted to your CPU. In this
way, you can prevent many different types of DoS attacks that target the control plane.
What protocol makes 802.1X possible?
a. SSH
b. Telnet
c. SNMPv3
d. EAP
Answer: d. Extensible Authentication Protocol (EAP) is a flexible solution that
is used in many network environments to support a wide variety of authentication and authorization scenarios. EAP is the featured technology of 802.1X.
What device hardening technique might be found in a row of stores in a shopping mall to ensure that the different stores are segmented from each other?
a. Default VLAN
b. DHCP snooping
c. Private VLAN
d. Dynamic ARP inspection
Answer: c. Private VLANs add segmentation capabilities beyond what is typical for VLAN communication. You can create segmentation within an IP subnet by using this technology.
Which of the following is not a network hardening best practice?
a. Use SNMPv3
b. Disable unneeded services
c. Implement role-based access
d. Change to default passwords
Answer: d. Network hardening best practices include using SNMPv3
instead of earlier versions, disabling unneeded ports and unneeded services,
and changing default passwords to something other than the known default
passwords.
Which of the following means that if you have not been explicitly granted
access, then access is denied?
a. Implicit deny
b. Explicit deny
c. Allow
d. BPDU
Answer: a. An implicit deny clause (in a firewall rule) means that if the proviso
in question has not been explicitly granted, then access is denied.
What do most public networks, including WiFi hotspots, use to require users
to agree to some condition before they use the network or Internet?
a. PSKs
b. Proper antenna placement
c. Appropriate signal power levels
d. Captive portalssw
Answer: d. A public network or a WiFi hotspot may use a captive portal,
which requires users to agree to some condition before they can use the network or Internet.