Network Security

Question 1

What are the two categories of control plane security controls:

Answer 1

signaling protection (routing protocol authC and STP)
control plane processes protection

Question 2

Which devices support MPP (management plane protection)?

Answer 2

Routers and switches

Question 3

Which Cisco devices do not support TACACS+?

Answer 3

NGFW, WSA, ESA

Question 4

Cisco offers centralized operational tools to simplify and help you manage your network security deployment. What are some?

Answer 4

These tools include Cisco Security Manager, Firepower Management Center (FMC), Cisco Content Security Management Appliance (SMA), Cisco Defense Orchestrator, and Cisco Configuration Professional (CCP) for Catalyst.

Question 5

What are some signs a network device has been compromised?

Answer 5

The signs of a compromise in a network can take many forms, including network devices that are exfiltrating data, forwarding packets to unexpected destinations, sending unrequested ICMP replies, and more

Question 6

What are the steps in the process of protecting and monitoring infrastructure devices?

Answer 6

Harden devices.

Instrument the network.

Establish a baseline.

Analyze deviations from the baseline.

Question 7

The routed control plane shares the CPU of the main router with two other groups of processes:

Answer 7

The management processes, which provide device management functions.

The slow data path processes (process switching or the Cisco Express Forwarding process path), which manage traffic that cannot be managed by the fast data path. (The fast path consists of interrupt switching functions of Cisco Express Forwarding, or hardware-assisted forwarding.)

Question 8

Where are infrastructure ACLs typically applied?

Answer 8

input direction at all the network edge routers

Question 9

Which Cisco IOS tool does CoPP use to protect the router CPU?

Answer 9

Modular QoS CLI (MQC)

Question 10

How does CPPr work?

Answer 10

CPPr extends the CoPP functionality by automatically classifying all CPU-bound traffic into three queues (or subinterfaces) under the aggregate control plane interface. Each subinterface receives and processes a specific type of CPU-bound traffic, and each subinterface has a separate traffic policy that is attached to it, which makes the limit configuration easier.

Question 11

What are the steps to configure CPPr?

Answer 11

Create traffic classes that describe valid control plane traffic. You can configure as many traffic classes as you need, depending on the required granularity of your policy.

Create a traffic policy that will permit, deny, or rate-limit the configured traffic classes and therefore conserve process layer resources, or even act as a device firewall by hiding most device resources from the network.

Apply the configured traffic policy to a required CPPr subinterface.

Question 12

What are the three control plane subinterfaces that are automatically created by control plane protection?

Answer 12

Host, Cisco Express Forwarding-exception subinterface, transit

Question 13

Which two secure authentication types can be used with OSPF authentication on Cisco IOS routers?

Answer 13

MD5 & SHA

Question 14

Which Cisco IOS command applies the CPPr policy to the host subinterface?

Answer 14

Service-policy

Question 15

Routing processes run in which network device plane?

Answer 15

Control Plane

Question 16

Which option is required to configure scalable and easy-to-maintain infrastructure ACLs?

Answer 16

contiguous address space assigned to infrastructure IP addresses

Question 17

Which Cisco IOS feature provides early rate limiting and drops traffic that is destined for the central processor of the network device by applying QoS policies to a virtual aggregate CPU-bound queue?

Answer 17

Control Plane Policing

Question 18

Which option describes a benefit of prefilter policies?

Answer 18

Prefilter policies are used to exclude traffic that does not need inspection, for better device performance.