Network Security (4.1, 4.3 & 4.5)

Question 1

Network Security Fundamentals

Answer 1

▪ Networks are increasingly dependent on interconnecting with other
networks
▪ Risks exist not just on the untrusted Internet, but also inside our own
organization’s networks and must be minimized or eliminated
▪ Understanding the various threats facing our networks is important in
order to best defend the network against the onslaught of cyber-attacks
they are constantly facing

Question 2

Network Security Goals

Answer 2

▪ Commonly called the CIA Triad
● Confidentiality
● Integrity
● Availability

Question 3

Confidentiality

Answer 3

▪ Keeping the data private and safe
● Encryption
● Authentication to access resources
▪ Encryption ensures that data can only be read (decoded) by the intended
recipient
● Symmetric encryption
● Asymmetric encryption

Question 4

Symmetric Encryption (Confidentiality)

Answer 4

▪ Both sender and receiver use the same key
▪ DES (Data Encryption Standard)
● Developed in the mid-1970s
● 56-bit key
● Used by SNMPv3
● Considered weak today
▪ 3DES (Triple DES)
● Uses three 56-bit keys (168-bit total)
● Encrypt, decrypt, encrypt
▪ AES (Advanced Encryption Standard)
● Preferred symmetric encryption standard
● Used by WPA2
● Available in 128-bit, 192-bit, and 256-bit keys
▪ Sender and receiver use the same key to encrypt and decrypt the
messages

Question 5

Asymmetric Encryption (Confidentiality)

Answer 5

▪ Uses different keys for sender and receiver
▪ RSA is the most popular implementation
▪ RSA algorithm is commonly used with a public key infrastructure (PKI)
▪ PKI is used to encrypt data between your web browser and a shopping
website
▪ Can be used to securely exchange emails
▪ Sender and receiver use different keys to encrypt and decrypt the
messages

Question 6

Confidentiality with HTTPS

Answer 6

▪ Uses asymmetrically encrypted messages to transfer a symmetric key

Question 7

Integrity

Answer 7

▪ Ensures data has not been modified in transit
▪ Verifies the source that traffic originates from
▪ Integrity violations
● Defacing a corporate web page
● Altering an e-commerce transaction
● Modifying electronically stored financial records

Question 8

Hashing (Integrity)

Answer 8

▪ Sender runs string of data through algorithm
● Result is a hash or hash digest
▪ Data and its hash are sent to receiver
▪ Receiver runs data received through the same algorithm and obtains a
hash
▪ Two hashes are compared
● If the same, the data was not modified

Question 9

Hashing Algorithms (Integrity

Answer 9

▪ Message digest 5 (MD5)
● 128-bit hash digest
▪ Secure Hash Algorithm 1 (SHA-1)
● 160-bit hash digest
▪ Secure Hash Algorithm 256 (SHA-256)
● 256-bit hash digest
▪ Challenge-Response Authentication Mechanism Message Digest 5
(CRAMMD5)
● Common variant often used in e-mail systems

Question 10

Availability

Answer 10

vailability
▪ Measures accessibility of the data
▪ Increased by designing redundant networks
▪ Compromised by
● Crashing a router or switch by sending improperly formatted data
● Flooding a network with so much traffic that legitimate requests
cannot be processed
o Denial of Service (DoS)
o Distributed Denial of Service

Question 11

Threat

Answer 11

o Threat
▪ A person or event that has the potential for impacting a valuable
resource in a negative manner
o Vulnerability
▪ A quality or characteristic within a given
resource or its environment that might
allow the threat to be realized
● Internal Threat
o Any threat that originates
within the organization
itself
● External Threat
o Any threat that could be
people, like a hacker, or it
can be an event or
environmental condition

Question 12

Threat

Answer 12

o Threat
▪ A person or event that has the potential for impacting a valuable
resource in a negative manner
o Vulnerability
▪ A quality or characteristic within a given
resource or its environment that might
allow the threat to be realized
● Internal Threat
o Any threat that originates
within the organization
itself
● External Threat
o Any threat that could be
people, like a hacker, or it
can be an event or
environmental condition

Question 13

Environmental Vulnerabilities

Answer 13

▪ Undesirable conditions or weaknesses that are in the general area
surrounding the building where a network is run

Question 14

Physical Vulnerabilities

Answer 14

▪ Undesirable conditions or weaknesses in the building where the network
is located

Question 15

Operational Vulnerabilities

Answer 15

▪ Focuses on how the network and its systems are run from the
perspective of an organization’s policies and procedures

Question 16

Technical Vulnerabilities

Answer 16

▪ System-specific conditions that create security weaknesses
● Common Vulnerabilities and Exposures (CVE)
o A list of publicly disclosed computer security weaknesses
● Zero-Day Vulnerability
o Any weakness in the system design, implementation,
software code, or a lack of preventive mechanisms in place
▪ CVEs (Known vulnerabilities)
▪ Zero-Day (Brand new vulnerability)

Question 17

Exploit

Answer 17

▪ Piece of software code that takes advantage of a security flaw or
vulnerability within a system or network
▪ Keep systems properly patched and antimalware software updated

Question 18

Risk Management

Answer 18

o The identification, evaluation, and prioritization of risks to minimize, monitor,
and control the vulnerability exploited by a threat

Question 19

Risk Assessment

Answer 19

▪ A process that identifies potential hazards and analyzes what could
happen if a hazard occurs
● Security
● Business

Question 20

Security Risk Assessment

Answer 20

▪ Used to identify, assess, and implement key security controls within an
application, system, or network

Question 21

Threat Assessment

Answer 21

▪ Focused on the identification of the different threats that may wish to
attack or cause harm to your systems or network

Question 22

Vulnerability Assessment

Answer 22

▪ Focused on identifying, quantifying, and prioritizing the risks and
vulnerabilities in a system or network
● Nessus
● QualysGuard
● OpenVAS
o Threat controlled by the attacker of event
o Vulnerability within your control

Question 23

Penetration Test

Answer 23

▪ Evaluates the security of an IT infrastructure by safely trying to exploit
vulnerabilities within the systems or network

Question 24

Posture Assessment

Answer 24

▪ Assesses cyber risk posture and exposure to threats caused by
misconfigurations and patching delays
● Define mission-critical components
● Identify strengths, weaknesses, and security issues
● Stay in control
● Strengthen position

Question 25

Business Risk Assessment

Answer 25

▪ Used to identify, understand, and evaluate potential hazards in the
workplace

Question 26

Process Assessment

Answer 26

▪ The disciplined examination of the processes used by the organization
against a set of criteria
● Determines if you are doing things right, and if you are doing the
right things
● Vendor Assessment
● The assessment of a prospective vendor to determine if they can
effectively meet the obligations and the needs of the business

Question 27

Least Privilege

Answer 27

▪ Using the lowest level of permissions or privileges needed in order to
complete a job function or admin task

Question 28

Least Privilege

Answer 28

▪ Using the lowest level of permissions or privileges needed in order to
complete a job function or admin task

Question 29

Role-based Access

Answer 29

▪ Discretionary Access Control (DAC)
● An access control method where access is determined by the
owner of the resource
o Every object in a system has to have an owner
o Each owner must determine the access rights and
permissions for each object
▪ Mandatory Access Control (MAC)
● An access control policy where the computer system gets to
decide who gets access to what objects
o Unclassified
o Confidential
o Secret
o Top secret

Question 30

Role-Based Access Control (RBAC)

Answer 30

▪ An access model that is controlled by the system but focuses on a set of
permissions versus an individual’s permissions
▪ Creating groups makes it easy to control permissions based around actual
job functions

Question 31

Zero-Trust

Answer 31

▪ A security framework that requires users to be authenticated and
authorized before being granted access to applications and data
1. Reexamine all default access controls
2. Employ a variety of prevention techniques and defense in depth
3. Enable real-time monitoring and
controls to identify and stop
malicious activity quickly
4. Ensure the network’s zero-trust
architecture aligns to a broader
security strategy

Question 32

Defense in Depth

Answer 32

o Cybersecurity approach in which a series of
defensive mechanisms are layered in order to protect valuable data and
information
▪ Physical
▪ Logic
▪ Administrative

Question 33

DMZ

Answer 33

▪ A perimeter network that protects an organization’s internal local area
network from untrusted traffic

Question 34

Screen Subnet

Answer 34

▪ Subnet in the network architecture that uses a single firewall with three
interfaces to connect three dissimilar networks
● Triple-homed firewall

Question 35

Separation of Duties

Answer 35

▪ Prevent frauds and abuse by distributing various tasks and approval
authorities across a number of different users

Question 36

Dual Control

Answer 36

▪ Two people have to be present at the same time to do something

Question 37

Split Knowledge

Answer 37

▪ Two people each have half of the knowledge of how to do something

Question 38

Honeypot/ Honeynet

Answer 38

▪ Attracts and traps potential attackers to counteract any attempts at
unauthorized access to a network
▪ Think vertical through the layers as well as horizontal or lateral across the
network using screen subnets

Question 39

Multifactor Authentication

Answer 39

o Authenticates or proves an identity using more than one method
▪ Something you know
▪ Something you have
▪ Something you are
▪ Something you do
▪ Somewhere you are

Question 40

Dictionary Attack

Answer 40

▪ Guesses the password by attempting to check every single word or
phrase contained within a word list, called a dictionary
● Do not use anything that looks like a regular word

Question 41

Brute Force Attack

Answer 41

▪ Tries every possible combination until they figure out the password
● Use a longer and more complicated password
o Uppercase
o Lowercase
o Numbers
o Special characters
● For good security, use a minimum of 12 characters

Question 42

Hybrid Attack

Answer 42

▪ Combination of dictionary and brute force attacks

Question 43

Local Authentication

Answer 43

▪ Process of determining whether someone or something is who or what it
● Claims itself to be
● Simplified version of X.500

Question 44

Lightweight Directory Access Protocol (LDAP)

Answer 44

▪ Validates a username and password combination against an LDAP server
as a form of authentication
● Port 389 LDAP
● Port 636 LDAP Secure

Question 45

Active Directory (AD)

Answer 45

▪ Organizes and manages everything on the network, including clients,
servers, devices, and users

Question 46

Kerberos

Answer 46

▪ Focused on authentication and authorization within a Windows domain
environment
▪ Provides secure authentication over an insecure network

Question 47

Remote Authentication Dial-In User Service (RADIUS)

Answer 47

▪ Provides centralized administration of dial-up, VPN, and wireless network
authentication
● Authentication
● Authorization
● Accounting
o Commonly uses:
▪ Port 1812 Authentication messages
▪ Port 1813 Accounting messages
o Proprietary versions of RADIUS may also use:
▪ Port 1645 Authentication messages
▪ Port 1646 Accounting messages

Question 48

Terminal Access Controller Access Control System Plus (TACACS+)

Answer 48

▪ Used to perform the role of an authenticator in an 802.1x network
● RADIUS (UDP)
● TACACS+ (TCP)
● Ensure Port 49 is open
● Excellent if using Cisco devices

Question 49

802.1x

Answer 49

▪ A standardized framework that’s used for port-based authentication on
both wired and wireless networks
● Supplicant
● Authenticator
● Authentication server

Question 50

Extensible Authentication Protocol (EAP)

Answer 50

▪ Allows for numerous different mechanisms of authentication

Question 51

EAP-MD5

Answer 51

o Utilizes simple passwords and the challenge handshake
authentication process to provide remote access
authentication

Question 52

EAP-TLS

Answer 52

o Uses public key infrastructure with a digital certificate

being installed on both the client and the server

Question 53

EAP-TTLS

Answer 53

o Requires a digital certificate on the server and a password
on the client for its authentication

Question 54

EAP Flexible Authentication via Secure Tunneling (EAP-FAST)

Answer 54

o Uses a protected access credential to establish mutual

authentication between devices

Question 55

Protected EAP (PEAP)

Answer 55

o Uses server certificates and Microsoft’s Active Directory

databases to authenticate a client’s password

Question 56

Lightweight EAP (LEAP)

Answer 56

o A proprietary protocol that only works on Cisco-based

devices

Question 57

Network Access Control (NAC)

Answer 57

o Ensures a device is scanned to determine its current state of security prior to
being allowed network access

Question 58

Persistent Agent

Answer 58

▪ A piece of software installed on a device requesting access to the
network

Question 59

Non-Persistent Agent

Answer 59

▪ Requires the users to connect to the network and go to a web-based
captive portal to download an agent onto their devices

Question 60

IEEE 802.1x

Answer 60

▪ Used in port-based Network Access Contro

Question 61

Time-based

Answer 61

o Defines access periods for given hosts on using a timebased schedule

Question 62

Location-based

Answer 62

o Evaluates the location of the endpoint requesting access

using IP or GPS geolocation

Question 63

Role-Based (Adaptive NAC)

Answer 63

o Reevaluates a device’s authentication when it’s being used

to do something

Question 64

Rule-based

Answer 64

o Uses a complex admission policy that might enforce a

series of rules with the use of logical statements

Question 65

Detection Methods

Answer 65

▪ Security control used during an event to find out whether or not
something malicious may have happened

Question 66

Wired

Answer 66

o Allows the device to be physically cabled from its camera

all the way to a central monitoring station

Question 67

Wireless

Answer 67

o Easier to install, but they can interfere with other wireless
systems, like 802.11 wireless networks
▪ Indoor and Outdoor
● Indoor cameras tend to be lighter, cheaper, and easier to install

Question 68

Infrared System

Answer 68

● Displays images based on the amount of heat in a room
1. Quickly and easily identify where a person is inside the room
2. Identify hot spots in the room and detect gear that could
overheat before it actually does

Question 69

Ultrasonic Camera

Answer 69

● A type of surveillance camera that uses sound-based detection

Question 70

Asset Tag

Answer 70

● Identifies a piece of equipment using a unique serial number,
code, or barcode
o Reduce theft and helps to identify the device

Question 71

Tamper Detection

Answer 71

● Ensures a network equipment has not been modified once labeled
and stored

Question 72

eFuse

Answer 72

● An electronic detection mechanism that can record the version of
the IOS used by a switch

Question 73

Prevention Method

Answer 73

▪ Security control used to prevent incidents from occurring
● Access control hardware
● Access control vestibules
● Smart lockers
● Locking racks
● Locking cabinets
● Employee training

Question 74

Access Control Vestibule (Mantrap)

Answer 74

▪ An area between two doorways that holds people until they are
identified and authenticated

Question 75

Smart Locker

Answer 75

▪ A fully integrated system that allows you to keep your laptop, tablet,
smartphone, or other valuables inside
● 69% ROI
o Small and medium sized business
● 248% ROI
o Large enterprises

Question 76

Asset Disposal

Answer 76

o Occurs whenever a system is no longer needed by an organization
▪ Perform a factory reset
▪ Wipe the configuration
▪ Sanitize the devices

Question 77

Factory Reset

Answer 77

▪ Removes all customer specific data that has been added to a network
device since the time it was shipped from the manufacturer
● Enable
● Factory-reset all
● Write-erase
▪ NVRAM stores configuration files
▪ Flash Module stores the Cisco IOS

Question 78

Degaussing

Answer 78

▪ Exposes the hard drive to a powerful magnetic field to wipe previously
written data from the drive

Question 79

o Purging/Sanitizing

Answer 79

▪ Removes data which cannot be reconstructed using any known forensic
techniques

Question 80

Clearing Technique

Answer 80

▪ Removes data with a certain amount of assurance that it can’t be
reconstructed

Question 81

Data Remnants

Answer 81

▪ Leftover pieces of data that may exist in the hard drive which we no
longer need

Question 82

Network Security Attacks

Answer 82

▪ Our security goals (CIA) are subject to attack
▪ Confidentiality attack
● Attempts to make data viewable by an attacker
▪ Integrity attack
● Attempts to alter data
▪ Availability attack
● Attempts to limit network accessibility and usability