Network Security

Question 1

Access Control Entry (ACE)

Answer 1

An individual rule found within an Access Control List (ACL).

Question 2

Access Control List (ACL)

Answer 2

A set of rules that define how to allow or deny traffic at the router interface, based on specific criteria. ACLs can also be used to match traffic for classification and QoS purposes.

Question 3

Amplified Denial of Service (DoS) Attack

Answer 3

A type of DoS attack where an attacker exploits weaknesses in domain name system (DNS) servers in order to send a large amount of DNS record information to a target system.

Question 4

ARP Poisoning

Answer 4

A tactic used in man-in-the-middle attacks where a threat actor sends gratuitous ARP replies to a client system, in an attempt to convince the client system to send frames destined for its default gateway to the attacker’s computer instead.

Question 5

Brute Force

Answer 5

An attack where a series of consecutive strings (referred to as a dictionary) are used in an attempt to find a password or key.

Question 6

What is a deauthentication attack

Answer 6

An attack where a malicious user sends a deauthentication frame along with a spoofed IP address to a wireless access point, which causes a legitimate user to be dropped form the wireless network and forced over to a rogue access point instead.

Question 7

Denial of Service (DoS) Attack

Answer 7

An attack where a targeted system is overwhelmed with a large volume of requests, causing it to consume resources to the point where it can’t perform its intended function.

Question 8

DHCP Snooping

Answer 8

A Layer 2 security feature that is used to detect and drop traffic from unauthorized DHCP servers on a network.

Question 9

DHCP Spoofing Attack

Answer 9

An attack where a malicious user has a rogue DHCP server that responds to DHCP Discover messages sent from a legitimate DHCP client.

Question 10

Distributed Denial of Service Attack (DoS)

Answer 10

A type of DoS attack where multiple compromised systems are used together in order to attack a target system.

Question 11

DNS Poisoning

Answer 11

When an attacker advertises incorrect domain name resolution information into a DNS server, causing DNS requests to resolve to a compromised system instead of a legitimate one.

Question 12

Dynamic ARP Inspection (DAI)

Answer 12

A security feature that rejects invalid and malicious ARP packets, preventing circumstances such as Man-in-the-Middle attacks.

Question 13

Evil Twin

Answer 13

A rogue access point appearing to be a legitimate wireless access point.

Question 14

Extended Access Control List (ACL)

Answer 14

A type of ACL that provides greater control over traffic than a standard ACL by allowing traffic prioritization based on source and destination IP address, source and destination port, or protocol ID. These types of ACLs should be placed as close to the destination as possible. 100-199, 2000-2699

Question 15

Insider Threat

Answer 15

A security risk that originates from within the organization itself, such as current or former employees.

Question 16

Logic Bomb

Answer 16

A malicious piece of code that can perform some destructive action based on a time or an event that occurs.

Question 17

MAC Flooding Attack

Answer 17

A type of network attack where an attacker floods a switch with a large number of Ethernet frames from spoofed source MAC addresses, in an attempt to fill up the switch’s Content Addressable Memory (CAM) table.

Question 18

Man-in-the-Middle Attack

Answer 18

An attack where a malicious user somehow injects themselves inside a communication flow between two systems, enabling them to intercept that flow’s traffic.

Question 19

Named Access Control List (ACL)

Answer 19

A feature of Cisco IOS that allows for intuitive naming of an ACL, rather than simply being identified by a number. This can be applied to either standard or extended ACLs.

Question 20

Phishing

Answer 20

Attempts to obtain confidential information by leveraging resources that look to be legitimate, such as fake websites or spoofed e-mail.

Question 21

Port Security

Answer 21

A Layer 2 traffic control feature that allows for the restriction of switch ports, ensuring that they are only associating with specified, allowed MAC addresses.

Question 22

Ransomware

Answer 22

Malware that prevents users from accessing their data unless they pay a ransom.

Question 23

Reflective Denial of Service (DoS) Attack

Answer 23

A type of DoS attack where an attacker hides their identity by spoofing their IP address, sending requests to third-party devices in order to cause them to respond to the target system.

Question 24

Social Engineering

Answer 24

Methods for influencing others to reveal confidential data, such as passwords or financial information.

Question 25

Spoofing

Answer 25

Methods used by attackers to falsifying information in an attempt to conceal their true identify, or to appear as a legitimate user on a target network or system.

Question 26

Standard Access Control List (ACL)

Answer 26

A type of ACL that allows traffic prioritization based only on the source IP address. These types of ACLs should be placed as close to the destination as possible. 1-99, 1300-1999

Question 27

VLAN Hopping

Answer 27

When a malicious user gets access to a normally restricted VLAN by either seeming to be connected to a trunk port or by double tagging the frame.

Question 28

War Driving

Answer 28

Driving around a geographical area in an attempt to find a wireless hotspot that can be accessed.

Question 29

What does password 7 {hash} command do?

Answer 29

configures an encrypted virtual terminal (VTY) login password when the command is issued in VTY line config mode.

Question 30

What does switchport port-security violation restrict command do?

Answer 30

When traffic from an unauthorized host arrives at the interface, traffic is discarded and incremented in the SecurityViolation counter

Question 31

What does switchport port-security violation protect command do?

Answer 31

When traffic from an unauthorized host arrives at the interface, traffic is discarded and the SecurityViolation is NOT incremented.

Question 32

What does switchport port-security violation shutdown command do?

Answer 32

When traffic from an unauthorized host arrives at the interface, port moves into err-disabled state and the SecurityViolation is incremented.