Section 8: Securing Networks

Question 1

Switch

Answer 1

Operates at Layer 2
▪ Makes traffic switching decisions based on the MAC address of the
sending and receiving devices through transparent bridging
▪ A switch remembers devices and their switchports based on their MAC

Question 2

CAM Table and MAC Flood

Answer 2

Content Addressable Memory (CAM) Table
▪ Stores information about the MAC addresses available on any given port
of the switch
o MAC Flood
▪ Causes a MAC address overflow to occur in the CAM table by flooding the
switch with random MAC addresses

Question 3

Persistent MAC Learning (Sticky MAC)

Answer 3

Persistent MAC Learning (Sticky MAC)
▪ Enables an interface to dynamically associate the first MAC address that
it connected to as an authorized address

Question 4

What can prevent a switching loop

Answer 4

Spanning Tree Protocol

Question 4

ARP Poisoning/ARP Spoofing

Answer 4

▪ Sends malicious ARP packets to a default gateway on the network to
change the IP and MAC address pairings in its ARP table

Question 5

Dynamic ARP Inspection (DAI)

Answer 5

▪ Intercepts all ARP requests and responses and compares each one to the MAC-IP bindings in a trusted table a Cisco switch has access to

Question 6

6to4

Answer 6

▪ Provides the ability for IPv6 packets to be transmitted over a standard
IPv4 network without the need to create explicit tunnels

Question 7

Teredo

Answer 7

▪ Provides full IPv6 connectivity for hosts even if they do not have a
connection to a native IPv6 network

Question 7

Generic Routing Encapsulation (GRE) Tunnel

Answer 7

▪ Carries IPv6 packets across an IPv4 network by encapsulating them inside of GRE IPv4 packets

Question 8

It is a best practice to include a ____ all rule at the end of an ACL

Most specific rules should be placed at the ___ of the list, with more
generic rules towards the ___

Answer 8

deny

top

bottom

Question 9

Packet-Filtering Firewall

Answer 9

Packet-Filtering Firewall
o Only inspects the header of the packet to determine if
traffic is allowed or denied based on IP addresses and port
numbers

Similar to an ACL on a router, not very secure.

Question 10

Kernel Proxy or Fifth Generation Firewall

Answer 10

o Has minimal impact to performance that it has on the
network, even while still conducting a full inspection of the
packet at every layer

Question 11

Unified Threat Management (UTM)

Answer 11

● Provides the ability to conduct numerous
security functions within a single device or
network appliance

Firewall, VPN, Web Security, Email Spam Filtering, etc… all in one device.

Con: Single point of failure.

Question 12

Web Application Firewall (WAF)

Answer 12

● Utilizes specific rule sets to prevent common attacks against web applications, such as cross-site scripting and SQL
injections

Deep inspection of http and https packets.

Question 13

Forward Proxy vs Reverse Proxy

Answer 13

Forward/transparent proxy (Outbound traffic)
● is usually positioned at the edge of your corporate network and
regulates the outbound traffic according to specific policies your
organization has created

▪ Reverse proxy (Inbound traffic)
● content caching, traffic scrubbing (ddos), IP masking, and load balancing

If you host a website, and you have your website in America, you could place a reverse proxy in India, so that all clients in India will be able to access your website faster by connecting to the reverse proxy instead of your server directly.

Question 14

NAT gateways vs Internet Gateways

Answer 14

NAT gateways
▪ Gives endpoints without public IP addresses access to the internet
without exposing those resources to incoming internet connections.

Only outbound connections are possible, nothing can reach the endpoints from the outside because they have no public IP address.

Internet gateways (Same concept as a reverse proxy)
▪ Allows inbound connections to be initiated from the internet and relays or proxies them to internal resources.

Question 15

Application Programming Interface (API) gateway

Answer 15

▪ Acts as a reverse proxy to accept all API calls and aggregates the required services to fulfill such requests.

Question 16

Network Access Control (NAC)

Answer 16

Keeps unauthorized users or devices from accessing a private network. (Via VPN or Directly)

▪ Persistent
● A piece of software installed on a device requesting access to the
network

▪ Agentless NAC Volatile Agent
● Installs the scanning engine on the domain controller instead of
the end point device

Question 17

Virtual Network Computing (VNC)

Answer 17

▪ Similar to RDP but fully cross-platform and open-source. (RDP only works for windows)

▪ Should only be used in our internal networks because it is not encrypted by default. If you want to access it from external you can VPN or SSH into the network first and then use VNC through that secure connection.

Port 5900

Question 18

What can prevent cache poisoning?

Answer 18

DNSSEC