Section 16: Networking Hardening

Question 1

What is a Simple Network Management Protocol (SNMP)?

Answer 1

Allows us to easily gather information from our various network devices back to a centralized management server

Question 2

What makes SNMP v3 so secure?

Answer 2

Uses encoded parameters to provide its authentication as a part of the SNMP architecture

Question 3

What is a Router Advertisement Guard (RA-Guard)?

Answer 3

Operates at Layer 2 of the OSI model for IPv6 network to specify which interfaces are not allowed to have router advertisements on

Question 4

What is Port Security?

Answer 4

Prevents unauthorized access to a switchport by identifying and limiting the MAC addresses of the hosts that are allowed

Question 5

What is a Dynamic ARP Inspection (DAI)?

Answer 5

Ensures only valid ARP requests and responses are relayed across the network device

Question 6

What is Control Plane Policing (CPP)?

Answer 6

Configures a QoS filter that manages the traffic flow of control plane packets to protect the control plane of Cisco IOS routers and switches

Question 7

What are Private VLANs?

Answer 7

A technique where a VLAN contains switchports that are restricted to using a single uplink

Question 8

What is DHCP Snooping?

Answer 8

Provides security by inspecting DHCP traffic, filtering untrusted DHCP messages, and building and maintaining a DHCP snooping binding table

Question 9

What is a Strong Password?

Answer 9

Sufficiently long and complex which creates lots of possible combinations for brute force attacks to be completed in time

Question 10

What is a Default VLAN labeled as?

Answer 10

VLAN 1

Question 11

What is a Default VLAN?

Also Known as a NAtive VLAN

Answer 11

A VLAN where untagged traffic is put once it is received on a trunk port

Question 12

What is Patch Management?

Answer 12

Involves planning, testing, implementing, and auditing of software patches

Question 13

What is an Access Control List (ACL)?

Answer 13

A list of permissions associated with a given system or network resource

Question 14

What is Role-Based Access?

Answer 14

Defines the privileges and responsibilities of administrative users who control firewalls and their ACLs

Question 15

What is an Explicit Deny regarding firewalls?

Answer 15

Blocks matching traffic

Question 16

What is an Implicit Deny regarding firewalls?

Answer 16

Blocks traffic to anything not explicitly specified

Question 17

What is MAC Filtering?

Answer 17

Defines a list of devices and only allows those on your Wi-Fi network

Question 18

What do most WAPs come pre-installed with what type of antenna?

Answer 18

Omnidirectional

Question 19

What is the pro and con for a WAP using more power levels?

Answer 19

Pro: Covers more area
Con: Radio waves leave the building which isn’t good for security

Question 20

What is a Wireless Client Isolation?

Answer 20

Prevents wireless clients from communicating with one another

Question 21

What is a Guest Network Isolation?

Answer 21

Keeps guests away from your internal network communications

Question 22

What are Pre-Shared Keys (PSK)?

Answer 22

Secures wireless networks, including those protected with WEP, WPA, WPA2, and WPA3

Question 23

What is an Extensible Authentication Protocol (EAP)?

Answer 23

Acts as a framework and transport for other authentication protocols

Question 24

What is Geofencing?

Answer 24

A virtual fence created within a certain location

Question 25

What is a Captive Portal?

Answer 25

A web page displayed to newly connected Wi-Fi users before being granted broader access to network resources

Question 26

What are some IoT Considerations? List at least 4

Answer 26

• Understand your endpoints
• Patch vulnerabilities
• Change defaults credentials
• Use encryption protocols
• Track and manage your devices
• Conduct test and evaluation
• Segment IoT devices