Security Fundamentals Flashcards

1
Q

What are the four categories of physical threats

A

Administrative, electrical, environmental, hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Electrical threats

A

inadequate power, unconditioned power, and total loss of power

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A ___ is a good line of defense against electrical threats

A

UPS generator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Hardware threats

A

physical damage, component damage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

To prevent hardware threats

A

restrict physical access, log physical access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Environmental threats

A

temperature, and humidity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Environmental threats can be mitigated by climate control systems and ___

A

monitoring the environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Administrative threats

A

maintenance errors, poorly labeled cables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Administrative threats can be mitigated by

A

using a clear labeling system, maintaining an adequate supply of of spare parts, proper handling of electrical equipment at all times

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Reconnaissance attacks

A

passive attacks that are designed to gather information about a network or network device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Examples of reconnaissance attacks

A

packet sniffing, ping sweeps, port scans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Packet sniffing is limited to ___ networks

A

broadcast

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Packet sniffing attacks rely on ___ mode operation

A

promiscuous

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Packet sniffing attacks can identify

A

unencrypted passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Packet sniffing attacks can be mitigated by

A

switched networks, encrypted connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Packet sniffers are commonly used to

A

extract clear text passwords from network traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Ping sweeps

A

are used to determine which IP addresses are active within a particular range

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Ping sweeps rely on ___ protocol

A

ICMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Ping sweeps can be mitigated by

A

disabling ICMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Port scans

A

are used to discover active services, operating system revision, and configured network services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Port scans can be detected by

A

IDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Access attacks

A

are used to gain unauthorized access to network systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Common access attacks

A

password attacks, buffer overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Cisco password best practices

A

combination of upper and lower case letters
numbers and punctuation
five plus characters
no real words, slang, jargon
not based on personal information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Buffer overflow attacks

A

exploit software vulnerabilities to execute malicious code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A buffer overflow occurs when a

A

program writes data beyond the region of memory that has been allocated to that program
an attacker can use the BO to write arbitrary code into memory and have the code executed by the program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Mitigate buffer overflow attacks

A

host based IPS, (HIPS), executable space protection, safe programming libraries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

___ are the most common form of logical access control

A

passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Local passwords are configured on

A

the device to which the user is authenticating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Local passwords are stored in the ___

A

startup configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Local passwords are visible in the ___

A

running configuration

32
Q

Local passwords are stored as ___ but can be encrypted

A

plain text

33
Q

When configuring an encrypted password, you can create multiple privilege levels from 0 to 15. Which privilege level is granted to a user if the privilege level has not been configured in enable password or enable secret commands

A

15

34
Q

Level 0 password encryption

A

indicates that a password is unencrypted

35
Q

Level 5 password encryption

A

indicates that the password is an MD5 hash

36
Q

Level 7 password encryption

A

indicates that the password was encrypted using Cisco’s original password algorithm

37
Q

service password-encryption

A

encrypts all existing and future passwords

38
Q

no service password-encryption

A

does not decrypt existing passwords

39
Q

Passwords must be changed every __ days

A

90

40
Q

A password must be __ days old before it can be changed

A

2

41
Q

A password cannot be reused until it has been changed ___ times

A

10

42
Q

Passwords must be at least ___ characters long

A

8

43
Q

Password strings must contain a certain amount of complexity that includes

A

numbers, letters, and symbols

44
Q

Type 1 authentication

A

something you know

45
Q

Type 2 authentication

A

something you have

46
Q

Type 3 authentication

A

something you are

47
Q

ACLs

A

are sets of rules that identify traffic

48
Q

Standard ACLs

A

based on the source IP address alone

49
Q

Extended ACLs

A

identify traffic based on the source IP, destination IP, protocol and port number

50
Q

Named ACLs

A

can either be standard or extended ACLs

51
Q

implicit deny rule

A

traffic is dropped unless it is matched by an ACL statement that is configured with the permit keyword

52
Q

In order for a device to take action on matched traffic, ACLs must first be applied to an

A

interface, line, route map, or other configuration that supports ACLs

53
Q

Standard ACLs are numbered in a range from ___ to ___ or from ___ to ___

A

1 to 99
1300 to 1999

54
Q

Extended ACLs are numbered in a range from ___

A

100 to 199
2000 to 2699

55
Q

PKI encrypts communications based on

A

public and private key pair

56
Q

PKI certs can be used in place of

A

traditional authentication credentials

57
Q

DHCP spoofing attack

A

a rouge DHCP server is installed on the network in an attempt to intercept DHCP requests

and respond with its own IP address as the gateway default address

58
Q

DHCP snooping

A

monitors DHCP traffic between a trusted DHCP server and untrusted hosts

59
Q

DHCP snooping binding table

A

contains mappings between host MAC addresses, IP address, VLANs, and switchports

60
Q

ip dhcp snooping

A

globally enables the DHCP snooping feature

61
Q
A
62
Q

DHCP snooping is not enabled on any interfaces until the ___ command is issued

A

ip dhcp snooping vlan vlan-range

63
Q

show ip dhcp snooping

A

verify DHCP snooping configuration on a switch

64
Q

show ip dhcp snooping binding

A

view IP-to-MAC

65
Q

DAI uses ___ transactions to track IP address-to-MAC address bindings

A

DHCP

66
Q

DAI enhances security by

A

intercepting, logging, and discarding ARP packets that have invalid IP-to-MAC address bindings

67
Q

DAI is configured ___ on a switch for specific VLANs

A

globally

68
Q

You cannot configure DAI on ___ interfaces

A

specific

69
Q

All ports on a switch are ___ by default

A

active

70
Q

By default all switchports use ___ to negotiate trunk mode

A

dynamic trunking protocol

71
Q

switchport nonegotiate

A

prevents any attempts by the switch to negotiate by using DTP

72
Q

port security protect

A

the switch will discard the traffic

73
Q

port security restrict

A

the switch will discard the traffic, log the unauthorized entry attempt, increment the Security Violation counter, and send a SNMP trap message

74
Q

port security shutdown

A

the switch will discard the traffic, log the unauthorized entry attempt, increment the Security Violation counter, and place the port into the error-disabled state

75
Q

By default, a switchport with port security enabled will be configured for ___ mode

A

shutdown

76
Q

To enable an interface that is in the error-disabled state, you must manually

A

issue the shutdown command, followed by the no shutdown command

77
Q
A