Securing Networks Flashcards

1
Q

What’s the difference between standard ACL and Extended ACL

A

Standard ACL 1-99 only looks at source address for traffic filtering, while Extended ACL looks at both source address and destination address for traffic filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What’s the implicit condition of an ACL

A

there is an implicit deny any at the bottom of any ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What protocol is HTTP under

A

TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What protocol is HTTP under

A

TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What’s the max number of ACLs on an interface

A

one inward max one outward max

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How is an ACL executed

A

Lower number to higher number, more specific should be placed at the top

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Place a range of ports in an unused VLAN

A

create vlan 999
int range fa 0/1 - 24
switchport access?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the IEEE standard for a VLAN

A

IEEE 802.1q

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a native VLAN

A

A VLAN on a IEEE 802.1q trunk whose frames are not tagged

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a typical VLAN port

A

Port 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does AAA stand for

A

Authentication, Authorization, Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the three components of 802.1x

A

Supplicant: asks permission for network access
Authenticator
Authentication Server
1. Authenticator sends challenge
2. Supplicant sends Username/Password
3. Authentication Server sends Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the difference between TACACS+ vs RADIUS

A

TACACS+ is a Cisco proprietary protocol, Separates A’s into separate tasks, 2 way challenge, encrypts whole packet, uses TCP
RADIUS uses UDP, all A’s in one function, one way challenge, only encrypts password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is DHCP Snooping

A

When we allow a switch port to reject packets if that port is set to an untrusted state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is an ip helper-address for?

A

If the DHCP server is in a different VLAN compared to where the router or host is, it can set the helper-address to the address of the DHCP server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the 4 stages of a DHCP exchange

A

DORA where Discover Offer Request Acknowledgement

17
Q

Configure DHCP snooping

A
ip dhcp snooping 
ip dhcp snooping (vlan)
ip dhcp snooping limit
interface:
ip dhcp snooping trust
18
Q

What’s the difference between interface down and line protocol down

A

interface = layer 1, line protocol = layer 2
Interface down = cable faulty or not connected on one or both ends
Line Protocol down = port must be shut down from other side or connection issue