Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

MC-CompTia Network+ (N10-008) > Section 16: Network Hardening > Flashcards

Section 16: Network Hardening Flashcards

1
Q

Patch Management

A

Planning, testing, implementing, and auditing of software patches
▪ Provides security
▪ Increases uptime
▪ Ensures compliance
▪ Improves features

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Patch Management: Planning

A

▪ Tracks available patches and updates and determines how to test and deploy each patch

Microsoft End Point Configuration manager, patch management server, Mobile device management,

Firmware managers: Cisco UCS Manager, ManageEngine Device Expert

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Patch Management: Testing

A

▪ Tests any patch received from a manufacturer prior to automating its deployment through the network
▪ Have a small test network, lab, or machine for testing new patches before deployment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Patch Management: Implementing

A

▪ Deploys the patch to all of the workstations and servers that require it
▪ Disable the Windows Update service from running automatically on the workstation
▪ Also implement patching through a mobile device manager (MDM), if needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Patch Management: Auditing

A

▪ Scans the network and determines if the patch was installed properly and if there are any unexpected failures that may have occurred
▪ Also conduct firmware management for your network devices (Microsoft SCCM, Linux RPM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Inspection and Policing: DAI

A

Dynamic ARP Inspection (DAI)
▪ Validates the Address Resolution Protocol (ARP) packets
▪ Only valid ARP requests and responses are relayed
▪ Invalid ARP packets are dropped

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Inspection and Policing: DHCP Snooping

A

DHCP Snooping
▪ A layer two security protocol that inspectd DHCP traffic and filters untrusted DHCP packages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Inspection and Policing: Untrusted Interface

A

Untrusted Interface
▪ Any interface that is configured to receive messages from outside the network or firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Inspection and Policing: Trusted Interface

A

Trusted Interface
▪ Any interface that is configured to receive messages only from within the network
▪ Configure switches and VLANs to allow DHCP snooping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Inspection and Policing: IPv6 RA-Guard

A

IPv6 Router Advertisement Guard (RA-Guard)
▪ Mitigates attack vectors based on forged ICMPv6 router advertisement messages
▪ Operates at Layer 2 for IPv6 networks to specify which interfaces are not allows to have router advertisements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Inspection and Policing: CPP

A

Control Plane Policing (CPP)
▪ Configures a QoS filter that manages the traffic flow of control plane packets to protect the control plane of Cisco IOS routers and switches
● Data plane
● Management plane
● Control plane
● Service plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

MC-CompTia Network+ (N10-008) (22 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions