Vol 2 Part 2: Security Services Flashcards

1
Q

THIS is anything that can be considered a weakness that can compromise something else

A

A Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

THIS is a means of taking advantage of a vulnerability to compromise something else

A

An exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

THIS is the actual potential to use an exploit IOT take advantage of a vulnerability

A

A threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What do we call the measures we take in order to counteract threats?

A

Mitigation techniques

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Spoofing attacks involve an attacker spoofing what two items in order to gain unauthorized access to something?

A

IP Addresses and MAC addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

This attack refers to an attacker looking to leave server resources depleted and unavailable?

A

Denial of Service Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

During a DOS attack, the attacker opens up the BLANK connection, and then uses a fake address so that the server continues to send a BLANK expecting a reply of a BLANK

A
  1. TCP Connection
  2. SYN,ACK
  3. ACK
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An attacker can use a master computer and take control of other computers during a DOS attack, so that these other computers can take part in the DOS. What are these other computers referred to as, and what kind of attack is this known as?

A

bots, distributed denial of service (DDoS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

During a spoofing attack, the attacker uses a spoofed or “stolen” address. However, a reflection attack uses a BLANK instead of their own.

A

a legitimate host’s address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What kind of attack involves packets being sent to a server and then the server sending a reply to a different host, the target.

A

Reflection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An amplification attack differs from the reflection attack, because in an amplification attack, the attacker uses a protocol or service that does what with respect to the target host?

A

It sends a large volume of traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

This kind of attack involves an attacker wedging themselves in between the communication path of two systems

A

Man in the middle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

During a MitM attack, an attacker could be in between a host and a server without notice. What is this known as?

A

Eavesdropping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

During a MitM attacker, the attacker will commonly reply as if it is the device the original host was trying to contact. The attacker sends an ARP reply last so that the ARP table on the source host points to the attacker’s computer. This kind of attack is known as what?

A

ARP table poisoning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What command is used during a reconnaissance attack in order to reveal the owner of the domain and IP address space?

A

nslookup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What two commands are used as a compliment during a reconnaissance attack in order to query DNS information to reveal domain owners, contact info, mail servers, and more?

A

whois and dig

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

This kind of attack involves sending a large amount of data to a device with the intent to fill up the memory and crashing the device?

A

Buffer overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Malicious software is also known as what?

A

Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A trojan horse involves the hiding of an executable file within what appears to be legitimate software. When the seemingly legitimate software is installed, the malware is installed as well. What is required in order for this to happen?

A

The user must open the file or software and execute it

20
Q

This kind of malware propagates between systems more readily and must inject itself into another application, relying on user to transport the software to other victims. What is this malware known as, and how does it differ from a trojan horse?

A

A virus. It differs from a trojan horse as it is actual code that is hidden inside of software.

21
Q

This kind of malware is self-propagating, replicating itself over and over without any user interaction

A

Worm

22
Q

This kind of vulnerability is a more drastic approach of phishing. It involves the attacker modifying a DNS entry to a valid link, leading to a victim visiting a site via a link but getting sent to a malicious site instead of the legitimate one.

A

Pharming

23
Q

Explain the difference between the online and offline attack with regards to password vulnerabilities.

A

Online involve the attacker trying each time at the login prompt, offline occurs when an attacker obtains the password ahead of time

24
Q

What is AAA and explain what each letter of the abbreviation means.

A

Authentication- who is the user
Authorization- what can they access or do
Accounting- where have they been and what have they done

25
Q

An effective security program consists of three main items. What are they?

A

User awareness, user training, physical access control

26
Q

The enable secret command sets a privileged exec credential using a hashing algorithm. What was the old algorithm used and what is currently used?

A

MD5 (old) SHA-256 (new)

27
Q

What command is used if you want to enable a password using the SHA-256 algorithm? What about the scrypt encryption?

A

enable algorithm-type sha-256 secret password

enable algorithm-type scrypt secret password

28
Q

What is used in order to deny host devices outside of an IP range for telnet and SSH into a network device?

A

Access Control Lists (ACL)

29
Q

Firewalls sit in the forwarding path of all packets for inspection, functioning similarly to an ACL, but they can do much more! What can firewalls do that make them more useful than just an ACL?

A
  • Deeper packet inspection
  • Intelligent decision making based on data flow with regards to whether or not an attack is on going
  • Application layer flows to know what TCP and UDP ports are being used by the flow
  • Can match URI of an HTTP request
  • Keep state information about each packet for historical analysis (Stateful Firewall)
30
Q

What is utilized in order to define which hosts can initiate connections, ensuring that interfaces reside in these with rules in a firewall defining interaction from one to another?

A

Security Zones

31
Q

What is utilized in order to allow outsiders to access your public servers but protect your internal users from being accessed?

A

Demilitarized Zone (DMZ)

32
Q

This device compares packets with its database of exploit signatures to determine if an attack is ongoing

A

Intrusion Prevention System (IPS)

33
Q

Cisco Next-Generation Firewalls (NGFW) and Next-Generation IPS (NGIPS) rely on identifying BLANK instead of just using port numbers in order to observe traffic. It does this by using BLANK.

A
  1. the application

2. Application visibility and control

34
Q

What does advanced malware protection do?

A

It is a network-based antimalware that runs on the firewall itself

35
Q

What does URL filtering do?

A

It categorizes URLs and either filters or rate limits the traffic based on rules.

36
Q

What is Cisco Talos Security Group?

A

It monitors and creates reputation scores of web domains on the internet. NGFWs using URL filtering can utilize these scores in order to filter, categories, and/or rate limit.

37
Q

NGIPS, like a traditional IPS, compares data with exploit signatures, and also uses AVC in order to do deep packet inspection at the application later. What are the 3 other things it can do that make it better than a simple traditional IPS?

A
  1. Contextual Awareness- gathers data from hosts to determine what is on the network and focuses only on the vulnerabilities of those devices
  2. Reputation based filtering using Cisco TALOS
  3. Event impact level- provides assessments based on impact levels with characterizations as to the impact if an event is indeed an attack.
38
Q

Port security on switches allow engineers to do what?

A

Lock down ports if the device is known

39
Q

Port security identifies what kind of addresses? How does it get this address?

A

MAC Addresses. This is based on the source address on received packets inbound to an interface ONLY.

40
Q

What command is used to set the max amount of mac addresses per port? What is the default number of MACs per port?

A
  1. Switchport port-security maximum number

2. Default is 1 MAC per port

41
Q

What command is used to set a static MAC instead of a dynamic one?

A

Switchport port-security mac-address MAC ADDRESS

42
Q

What command is used to enable sticky mac?

A

Switchport port-security mac-address sticky

43
Q

What is sticky mac?

A

Sticky mac configures a switch so that it will automatically append the first learned MAC on the port without the need to manually specify a MAC

44
Q

What command is used to show dynamically learned MACs? Why wont ports with port security enabled who up when you run this command?

A
  1. Show mac address-table dynamic

2. A port with port security is no longer considered dynamically learned

45
Q

What 2 commands can be used to view ports with port security enabled?

A

Show mac address-table secure

Show mac address-table static

46
Q

What is the default violation mode when a violation is found on a port with port security? What mode will the port be in when you run a show interfaces or show interfaces status command?

A

Shutdown, err-disabled

47
Q

What commands can be used to do automatic recovery in the event of a violation of port security?

A

Errdisable recovery cause psecure-violation

Errdisable recovery interval seconds