Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
IINS 640-554 Part 3
Cisco IINS 640-554 Part 3
| Question | Answer |
|---|---|
| True/False: A firewall is always inserted into the network layer as a layer 3 device? | False. However, it usually is. |
| Name the four major security protocols that are UDP | SNMP Syslog DNS RADIUS |
| Name the four major security protocols that are TCP | FTP SSH SMTP TACACS |
| Name the four major security protocols that are ICMP | source-quench packet-too-big echo echo-reply |
| Fill in the blank: A ____ firewall makes decisions based on info about data flowing through it and how it fits with other packets and the direction its flowing. | Stateful |
| Fill in the blank: A ____ firewall makes decisions based on info based on rules for that packet only. | Stateless. |
| A firewall is typically placed between: | More trusted networks and less trusted networks. |
| Name three major limitations of firewalls: | Unauthorized traffic can be tunneled as legitimate traffic. Netowrk performance can slow down. Many applications cannot pass through. |
| The current standalone Cisco security box is called what? | ASA Adaptive Security Device. |
| CBAC filters based on what? | Application layer protocol session information. |
| When an attacker floods a server with the first part of a 3-way handshake but never completes the connections, this is called a(n)_______ attack. | SYN-flood |
| How does CBAC handle UDP traffic? | UDP responses are permitted within a specific time-frame. |
| The CBAC item that specified each desired application layer protocol to inspect and generic TCP, UDP, and ICMP if desired, is the_____. | inspection rule. |
| If a particular protocol passes thru the firewall rules of acceptable applications and is not listed as a permitted protocol, what will the router do? | If it passes the inbound ACL on the inbound int, and the outbound ACL on the outbound int, it will be sent on its way with no modifications to the router. |
| A CBAC ___ occurs when a msg is displayed concerning CBAC operations. A CBAC ___ keeps track of connections that CBAC inspects. | alert, audit. |
| True/False: An interface in a zone cannot send traffic to any interface that is not a member of a zone. | True. |
| True/False: Interfaces that are members of the same zone cannnot pass traffic between each other. | False. |
| List the zone configuration steps in order: | Define firewall policies. Create the zones. Define traffic classes. Assign policy maps to zone pairs. Assign router interfaces to zones. |
| Options of CBAC: Provides stateful inspection and allows return traffic. | Inspect. |
| Options of CBAC: Does not forward traffic. | Drop/Deny. |
| Options of CBAC: Forwards traffic w/o tracking session. | Pass. |
| What is Cisco's definition for CBAC: | CBAC (Context-Based Access Control) intelligently filters TCP and User Datagram Protocol packets on the basis of application-layer protocol session information and can be used for intranets, extranets and internets. |
| Characteristics of IDS: | If an attack is detected, the target machine will experience the attack. Does not impact network (latency, jitter) because it is in promiscuous mode. Copies of packets are independently sent to the sensor for analysis. |
| Characteristics of IPS: | A sensor is placed inline. If an attack is detected, it can be immediately stopped prior to reaching the target. May impact network flow. |
| Characteristics of both IDS and IPS: | Uses sensors. Uses signatures. An alarm can be sent. |
| Characteristics of host-based solutions (HIPS) | Not concerned with fragmented packets. Cisco Agent. Can monitor operating system processes and resources. Installed on individual computers. |
| Characteristics of network-based solutions (NIPS) | Looks for network-wide malicious activity. All traffic will be unencrypted. Installed at network edge. ASA AIP-SSM. Is independent of the server operating systems. Will watch for TTL attacks. Cisco 4200. |
| Define Signature Type: | Classified based on whether the signature consists of one packet or event, or a sequence of packets. |
| Signature Trigger. | Anything that can reliably signal an intrusion or security policy violation. |
| What is a Signature Action? | The step(s) that should be taken when a matching activity is detected. |
| What is a atomic signature? | A single packet is examined to see if matches a signature. |
| What is a composite signature (aka 'stateful signature')? | A sequence of operations or packets are examined to see if together they match a signature. |
| What is a SME (Signature Micro Engine) signature? | Signatures that examine services that may be attacked. |
| Define a String SME (Signature Micro Engine): | Signatures that use regular expression-based patterns. |
| Define a Multi-string SME (Signature Micro Engine): | Supports flexible pattern matching and Trend Labs signatures. |
| Define a Pattern-Based trigger. | Looks for a specific, pre-determined pattern. |
| Define an Anomaly-based trigger. | A set of normal activities are first defined, then looks for excessive activity outside of this. |
| Define a Honey Pot-based trigger. | A dummy server is used to attract attacks. |
| Explain the process of Protocol Decodes. | Breaks the packet into fields and analyzes the fields for abnormalities. |
| Define an IPS statement of True negative: | The network is not under attack, and no alarm is generated. |
| Define an IPS statement of False Negative: | The network is under an attack, but no alarm is generated. |
| Define an IPS statement of True positive: | The network is under attack, and an alarm is generated. |
| Define an IPS statement of False Positive: | The network is not being attacked, but an alarm is generated. |
| What actions may be taken if a signature is detected? | Produce an alert. Log the activity. Drop the packet. Block future similar activity. Allow the activity. |
| How is an updated group of signatures added to a Cisco router? | Download and install a signature package. |
| Purpose of a crypto key to be used by IOS IPS is what? | To verify the master signature file is from Cisco. |
| When an administrator edits a signature action or paramter, this is referred to as ______. | IPS / IDS tuning. |
| Define NAC - Network Authentication Control | What is the type of product that checks a user for authentication and checks a device for compliance with OS and applications standards prior to allowing it on the network. |
| Unified Communications is what? | What is the name of the Cisco product that runs VoIP phones and svcs. |
| Describe a MAC Spoofing attack. | Attacker assumes the MAC address of another device. |
| Describe a MAC address table overflow attack: | Attacker floods the switch with MAC addresses. |
| Describe a STP attack attack: | Attacker becomes the root bridge. |
| Describe a LAN Storm attack: | Packets are flooded on all ports of one VLAN. |
| Describe a VLAN Hopping attack: | A packet is double-tagged. |
| Define a tactic for MAC spoofing mitigation: | Statically Assign a MAC address (port security). |
| Define a tactic for MAC address table overflow mitigation: | Permit a limited number of MAC addresses to be learned from a port. (Turning this on causes the CAM table to wrap) |
| Define a tactic for STP Attack mitigation: | Enable root guard on all root ports (trunks). Enable portfast and bpduguard on all non-trunking ports. |
| Define a tactic for LAN storm mitigation: | Enable storm control. |
| Define a tactic for VLAN attack mitigation: | Disable auto trunking and manually enable trunking on appropriate ports. Disable trunking on all access ports (switchport mode access). |
| What is the best security technique to use when using a WiFi hostpot for business? | IPSec VPNs to internet or DMZ. |
| What is a useful mitigation technique to protect VoIP at layer 2? | Create a separate Voice VLAN (switchport mode voice vlan x) |
| Popular SAN transport protocols. | FIbre Channel FCIP iSCSI. |
| Definition of Confidentiality: | If the message is captured it cannot be deciphered. |
| Definition of Integrity: | Guarantees that the message has not been altered. |
| Definition of Authenticity: | The message is not a forgery and does actually come from whom it says. |
| Describe a Brute-force attack: | Attacker tries every possible key with the decryption algorithm. Takes a long time. |
| Describe a Cyphertext only attack: | attacker has the ciphertext of several messages all using the same encryption algorithm. |
| Describe a known plaintext attack: | attacker has access to the ciphertext of several messages, but also knows something about the plaintext underlying that ciphertext. |
| Describe a Chosen Plaintext attack: | attacker chooses which data the encryption device encrypts and observes the ciphertext output. |
| Describe a meet in the middle attack: | a known plaintext attack in which the attacker knows a portion of the plaintext and the corresponding ciphertext. |
| Describe a Chosen cyphertext attack: | attacker can choose ifferent ciphertext to be decrypted and has access to the decrypted plaintext. |
| Basic definition of cryptographic Key generation. | In a modern cryptographic system, key generation is usually automated and not left to users (E.G. MD5, etc) |
| Define Key Verification | Almost all cryptographic algorithms have some weak keys that should not be used. (Bigger is better with crypto - ALWAYS!) |
| Define a problem with local Key Storage | If a Trojan Horse program were installed on the PC an attacker could then have access to the private keys. |
| What is a fact about Crypto Key Exchange: | Key mgmt procedures should provide a secure key exchange mechanism. |
| Key Revocation and Destruction. | Notifies all interested parties tha a certain key has been compromised and should no longer be used. Erases old keys in amanner that prevents malicious attackers from recovering them. Usually done with CA's. |
| Define symmetric keys: | Exchanged between two routers supporting a VPN. The key to encrypt and decrypt are the same. |
| Define Asymmetric keys: | The key to encrypts and decrypt are different, but related. Most commonly used in secure HTTPS applications. |
| Define Digital Signatures: | Widely used for code signing. |
| Define hash keys: | Used in symmetric and assymmetric key generation, digital signatures and other types of applications. |
| List the most common types of Hashes: | SHA MD5 |
| List the most common types of symmetrical encryption: | 3DES AES Blowfish DES |
| List the most common types of asymmetrical encryption: | DH RSA |
| Define what a private key is used for: | I want you to be sure the information came only from me. |
| Define what a public key is used for: | I want to be sure that you are the only person who can read the file. |
| Define the concept of Non-repudiation: | I cannot deny the file came from me. |
Created by:
pkillur
Popular Engineering sets