Network Security Flashcards

1
Q

What is network security?

A
  1. Any activity designed to protect the usability and integrity of your network and data.
  2. It includes both hardware and software technologies.
  3. Effective network security manages access to the network.
  4. It targets a variety of threats and stops them from entering or spreading on your network.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is AAA?

A

Authentication, Authorization and Accounting Framework for implanting and ensuring network access security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Local Authentication?

A

Involves storing users’ credentials locally on their devices. Various devices support local authentication, such as PCs, switches, routers, firewalls, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When a user logs in to a computer, Windows verifies the credentials against the credentials in what file?

A

local “SAM” file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Remote Authentication?

A

Involves storing user credentials on a remote server for authentication. Centralization of stored usernames and passwords. An example of remote authentication would be a PC password being checked against Active Directory in a domain environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What Does AAA Do?

A
  • Authenticate user accounts.
  • Control access to resources.
  • Audit network activity.
  • Ensure policy compliance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Triple AAA is provided by what service?

A

RADIUS and TACACS+.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Authentication?

A

Authentication verifies the user’s identity. Users accessing the network must prove who they say they are.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Authorization?

A

Authorization enforces user permissions. After authentication, authorization determines which network resources the user can access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Accounting and Auditing?

A

Tracks user activity and records what a user does once authorized on the network. Accounting keeps a record of how network resources are used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does RADIUS stand for?

A

Remote Authentication Dial-In User Service (RADIUS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does TACACS+ stand for?

A

Terminal Access Controller Access-Control System Plus (TACACS+)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Does RADIUS use TCP or UDP?

A

UPD ports 1812/1813 or 1645/1646
* Port 1812 is used for authentication and authorization.
* Port 1813 is used for accounting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What level of the OSI layer does radius operate?

A

Layer 2 Data Link Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Does RADIUS encrypt usernames, accounting information, or other information?

A

No only encrypts the password in the packet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Does TACACS+ use TCP or UDP?

A

TCP port 49

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What does TACACS+ encrypt?

A

Encrypts the entire packet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What level of the OSI layer does TACACS+ operate?

A

Layer 4 Transport Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What 2 features does TACACS support that RADIUS does not?

A

Authorization and Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What does the TACACS+ protocol provide in a AAA deployment?

A

Authorization on a per-user or per-group basis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What Is 802.1X Authentication?

A

Security protocol authenticates new users and devices requesting access to the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which term describes the ability of a web server to keep a log of the users who access the server, as well as the length of time they use it?

A

Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the first required task when configuring server-based AAA authentication?

A

Enable AAA globally.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is a characteristic of AAA accounting?

A

Possible triggers for the aaa accounting exec default command include start-stop and stop-only.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

When a method list for AAA authentication is being configured, what is the effect of the keyword local?

A

It accepts a locally configured username, regardless of case.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A user complains about not being able to gain access to a network device configured with AAA. How would the network administrator determine if login access for the user account is disabled?

A

Use the show aaa local user lockout command.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform?

A

authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What are the three components f 802.1X?

A

● Supplicant
● Authenticator
● Authentication Server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What are two features of 802.1X

A

● Access Control offers unmatched, secure, identity-based access control at network endpoints.
● Network Security ensures secure networks with minimal impact on end-users and infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is Supplicant?

A

The client (workstation) receives credentials from a user and submits them to the authenticator. Workstations can be any PC operating system or component of a software application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is Authenticator?

A

This device controls physical access to the network by acting as a proxy between the client (supplicant) and the authentication server. The authenticator relays credentials received from a supplicant to the authentication server and is typically an available network device, such as a switch or an access point.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is Authentication Server?

A

This device validates credentials received from an authenticator. The authentication server determines the level of access in the network for an end-user or device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is EAP?

A

Extensible Authentication Protocol (EAP) is an authentication framework that provides transport for request and response parameters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is MAC Spoofing?

A

Associating attacker’s MAC address with target’s IP address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What are preventions for ARP Poisoning?

A

● Identify duplicate MAC addresses.
● Check for suspicious ARP traffic.
● Use static ARP entries.
● Configure port security.
● Use encrypted protocols. Encryption protocols do not prevent ARP poisoning
● Prevent traffic interception and eavesdropping.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What is Identifying multiple MAC addresses associated with a single device

A

Duplicate MAC addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

How can you prevent unauthorized devices from accessing the network

A

Port security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Do encrypted protocols prevent ARP poisoning?

A

No, but they prevent traffic interception and eavesdropping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

In what mode does the switch operate in CAM overflow.

A

Switch operates in fail-open mode and behaves like a hub. In this mode, it begins forwarding frames out of all switch ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What is Dynamic ARP Inspection (DAI)?

A

Feature that rejects fabricated ARP packets using DHCP snooping. )

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

True of False by default, all physical ports on a switch learn the MAC addresses of connected clients

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What are the 3 port security violation modes?

A

Shutdown, restrict, and protect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What happens in shutdown mode?

A

Automatically shuts down port and sends notification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What happens in restrict mode?

A

Drops frames with unfamiliar source MAC addresses and sends a notification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What happens in protect mode?

A

Drops frames with unknown source MAC addresses without notification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What are the two secure MAC address types

A

Manual and Sticky

47
Q

What is Manual (secure MAC address)

A

Requires manual configuration of each allowed MAC address per interface

48
Q

What is Sticky (secure MAC address)

A

MAC addresses learned dynamically with a maximum number per interface

49
Q

What is the maximum number of MAC addresses allowed for port security?

A

Port security allows a maximum number of MAC addresses between 1 and 3072 (default is 1).

50
Q

What is the default port for port security?

A

Default port is 1

51
Q

What is VLAN Hopping?

A

Occurs when a frame is sent to one VLAN but is believed to be in a different VLAN

52
Q

When an attacker bypasses switch restrictions and intercepts traffic from various VLANs it is called?

A

VLAN Hopping

53
Q

Switch Spoofing manipulates which Cisco protocol?

A

Dynamic Trunking Protocol (DTP)

54
Q

True or False DTP negotiation is enabled by default, even if the interface runs in access mode.

A

True

55
Q

How can you prevent switch spoofing?

A

Disabling DTP negotiation on switch ports

56
Q

What is the command to disable DTP?

A

switchport nonegotiate

57
Q

What is double-tagging?

A

Exploits 802.1q tagging process to bypass switch restrictions

58
Q

What happens in double-tagging to the tag on the second switch?

A

The second switch does not notice the frame’s source, only its tag.

59
Q

Mapping and identifying aspects of an unprotected network is known as?

A

CDP/LLDP Reconnaissance

60
Q

What is CDP?

A

Cisco Discovery Protocol Cisco Discovery Protocol (CDP) Layer 2 discovery protocol that sends updates insecurely

61
Q

What us LLDP?

A

Link Layer Discovery Protocol (LLDP), Layer 2 discovery protocol that sends updates insecurely

62
Q

Dynamic routing updates are sent in plain text, without authentication. What vulnerability does this cause?

A

It enables attackers to craft fake updates and manipulate the routers for malicious purposes.

63
Q

What attacks are caused by fake routing update attacks?

A

● Rogue Router
o A rogue router is connected to the network and causes changes in the routing table.
● Forged Routing Update Packets
o Packets are crafted with false routing update information to alter the routing table.

64
Q

What is Network Time Protocol (NTP)

A

Synchronizes time information over a network

65
Q

What is NTP Spoofing?

A

Impersonates a legitimate time server to manipulate network device clocks

66
Q

What is NTP Amplification?

A

DoS attack that floods targets with UDP traffic using open NTP servers

67
Q

What is NTP Authentication?

A

Configuring authentication mechanism for NTP

68
Q

What are steps to prevent an NTP attacks?

A

● Configure an NTP authentication mechanism.
● Configure NTP access-control lists.
● Disable the monlist command on the server.

69
Q

What are two common DHCP attacks?

A

DHCP Spoofing, DHCP Starvation

70
Q

What is DHCP Spoofing

A

Rogue DHCP server manipulates network settings (On-Path attack)

71
Q

What is DHCP Starvation?

A

Continuous IP address assignment requests drain DHCP pool (is a type of DDOS attack)

72
Q

What is a preventing method for DHCP spoofing?

A

Enable DHCP snooping

73
Q

What is DHCP Snooping?

A

Validating DHCP packets using a binding table that are sent to a server. Determines whether a source is trustworthy or not and can filter suspicious DHCP traffic.

74
Q

What is the purpose of network analysis?

A

Network analysis offers an insight into network communications to identify performance problems, locate security breaches, analyze application behavior, and perform capacity planning

75
Q

Name at least three troubleshooting tasks that can be performed using network analysis.

A
  1. Locate faulty network devices.
  2. Measure high delays along a path.
  3. Locate the point of packet loss.
76
Q

What is the purpose of Npcap?

A

Architecture for packet capture and network analysis for Windows operating systems, consisting of a software library and a network driver.

77
Q

How can packet comments be viewed in wireshark?

A

Selecting Analyze > Expert Information in the main menu of the capture interface

78
Q

What does the double && sign indicate?

A

Designate AND

79
Q

What does the double (pipes) ||sign indicate?

A

Designate OR

80
Q

What does Capture File Properties filters show?

A

Metadata about the capture

81
Q

What does Protocol Hierarchy filters show?

A

Provides a breakdown of each protocol present in the capture from an OSI model perspective, accounting for all metadata within each protocol for deeper analysis.

82
Q

What does Conversations filters show?

A

Traffic between specific IP addresses

83
Q

What does Endpoints filters show?

A

Traffic to and from an IP address

84
Q

What does I/O Graphs: filters show?

A

Visualizing the number of packets (or similar) in time

85
Q

What is Network Monitor?

A

Microsoft product that monitors traffic to and from the host system. Looks at processes

86
Q

What is Network Miner?

A

An open-source network forensic analysis tool (NFAT) for Windows OS, Network Miner can perform file extraction from .pcap files.

87
Q

What is Cryptology?

A

Branch of mathematics for secure communication and data storage

88
Q

What is encryption?

A

The form of converting human-readable information (plaintext) into something that is not readable (ciphertext).

89
Q

What is decryption?

A

The practice of converting encrypted data back into its readable form (plaintext)

90
Q

What is a Password Hash?

A

Hashed representation of a password stored in an OS

91
Q

What is Hiding?

A

Making data imperceivable by conventional methods (e.g., steganography)

92
Q

What is Obfuscation?

A

Scrambling text to make it unreadable

93
Q

What is Transposition?

A

Changing the order of letters

94
Q

What is Substitution?

A

Replacing characters with others

95
Q

What is Symmetric Cryptography

A

Encryption and decryption using the same key

96
Q

What is Asymmetric Cryptography

A

Encryption with one key, decryption with another

97
Q

What is Base64?

A

Most email traffic and email attachments are encoded in this manner. Base64 encoding and use strings that end in = or =

98
Q

What is Base32?

A

32-character, uppercase ASCII set represents the encoded data.

99
Q

What is ASCII-Hex?

A

Information is converted from characters to its associated hexadecimal representation.

100
Q

What is Base64 Python Library?

A

Python library for working with Base64 encoding. Data can be encoded and decoded automatically using Python

101
Q

What are Hash Algorithms?

A

One-way functions for data integrity and validation

102
Q

What is Salt?

A

Salts strengthen the security of the hashed data by introducing a random string to the data before hashing. The salt is then stored alongside the data

103
Q

What is Pepper?

A

Shared string for all data in a database database and is not stored alongside the hashed data in the same database

104
Q

True or False salting and peppering passwords can help prevent Brute-Force password attacks and the use of rainbow tables by cybercriminals.?

A

True

105
Q

What is a Rainbow Table?

A

Precomputed table of hashed outputs for reverse-engineering

106
Q

What is Symmetric Cipher Encryption?

A

Use the same key to encrypt and decrypt data. Symmetric keys represent a shared secret19 between the sender and recipient.

107
Q

What is Asymmetric Cipher Encryption?

A

Require public and private keys to encrypt messages (see Diffie-Hellman Exchange discussed later in this chapter). Hiding data with public and private keys

108
Q

What is XOR Cipher?

A

Bitwise operation for changing text characters

109
Q

What is Caesar Cipher?

A

Shifting each character of the alphabet based on a value

110
Q

What is Digital Signatures?

A

Electronic documents with public and private keys

111
Q

What is Digital Certificates?

A

Documents issued by certificate authorities for authentication

112
Q

What are Web Certificates?

A

Certificates for website ownership validation

113
Q

What is Public Key Infrastructure?

A

Trusted authority organization for creating and distributing digital certificates

114
Q

What is SSL Handshake Flow?

A

Process of client and server beginning secure communications