Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards
share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

IINS 640-554 Part 1

Cisco IINS 640-554 Part 1

Question`Answer
What layer is alg 3,4,5,7
IPsec VPN's use what two protocols (primarily) Authentication Header (AH) and Encapsulating Security Payload (ESP)
What port numbers used by FTP 20 and 21
What IOS command prevents recovery mode no service password-recovery
Which algorythyms are symmetric key algorithms Advanced Encryption Standard (AES), Data Encryption Standard (DES), Triple DES (3DES), Blowfish, IDEA, RC4, RC5, and RC6
What are the three actions that can be applied to a traffic class using the Cisco IOS zone-based firewall Pass, Inspect, and Drop
What term describes an attack pattern that can be identified by an Intrusion Prevention System (IPS) by examining a single packet? Atomic Pattern
Which aspect of network security ensures that access to important data is uninterrupted? Availability
What type of network attack attempts to discover running applications on network hosts? port scan
What command takes a snapshot of the running configuration and securely archives it in permanent storage? The secure boot-config command
What command is enabled by default in newer IOS versions and prevents the forwarding of subnet-based broadcast packets? The no ip directed-broadcast command
Which encryption algorithm was officially approved by the U.S. Government in 2002? Advanced Encryption Standard (AES)
What is a benefit of SNMP version 3 over previous versions? SNMPv3 supports message encryption
What is an Intrusion Prevention System (IPS) method of securing the network by examining traffic and comparing it to a database of recognized attack patterns? What is an Intrusion Prevention System (IPS) method of securing the network by examining traffic and comparing it to a database of recognized attack patterns?
What command enables Cisco IOS image resilience? The secure boot-image command
Which command can be used to verify that the Cisco IOS image and configuration files have been properly backed up and secured? show secure bootset
Which command can be used to verify that the Cisco IOS image and configuration files have been properly backed up and secured? access-class
Which term describes a logical broadcast domain than can span multiple physical LAN segments? vlan
Which switch command configures an interface as a permanent access port? switchport mode access
What protocol and port number does TACACS+ use? TCP port 49
What are the two keys used in asymmetric encryption, and describe their purpose. Public key to encrypt data, and Private key to decrypt data
What are the three major SNMP management components? Manager, Agent, and Management Information Base (MIB)
What is the minimum recommended length for cryptographic keys? 1024
What is the length of a MD5 hash value? 128 bit
What command is used to create a zone for use in the Cisco IOS Zone-based firewall? The global configuration zone security zone-name command
What protocol is used by VPN peers when establishing the symmetric key? Diffie-Helman
What command applies a created IOS firewall zone to a particular interface? The interface-level zone-member security zone-name command
What are the US govt levels of classification TS, unclassified, confidential
3 parts of SDN (Self Defending Network) Integrated, Collaborative, Adaptive
examples of offsie dr hot, warm, and cold
What sets the minimum password to 8 on a router? security passwords min-length 8
When using the security audit wizard what two things does admin provide? inside, outside interfaces & vulnerabilities to fix.
5 definitions of confidentiality attacks packet sniffing, wiretapping, emanation capturing,dumpster diving, social engineering
Describe passive attacks Scanners, protocol analyzers - anything not sending data
Describe active attacks Hackers sending data via DDOS, ping sweep, login, brute force
Describe close-in attacks Close physical proximity to devices (console, ethernet, etc)
Describe insider attacks Legitimate user taking their network credentials and attacking the network infrastructure
Describe distribution attacks These are backdoor attacks made be software and hardware designers
What does md5 look like username admin secret 5 <key>
Describe Separation of Duties (SoD) types Two-man - auditing and approving changes of each other. Dual Control - multiple people required to complete a task.
Primary purpose of a firewall to enforce access control policies between networks
Define an untrusted path Has a lower security level than another interface
The mode that permits one to change config Config / Enable Mode
Has a higher security level than another interface Is therefore Trusted
Adaptive Security Algorithm does what Maintains security perimiters between networks
Mode that enables one to update an image or perform password recovery rommon
Mode accessed by entering the enable password, and uses # prompt Privileged Mode
Mode that is obtained by accessing the device and uses > prompt Unprivleged mode / Usermode
Define the tag dmz An interface name that has no automatically assigned securiyt level
Interface name that is typically assigned to e0 or fa0 and automatically assigned security level of 0 outisde interface
Interface name automatically assigned a security level of 100, typically e1/fa1/g1 inside interface
A request initiated by an interface with a security level of 90 to an int with a sec level of 40 is allowed or denied allowed
A request initiated by an interface with a security level of 50 to an interface with a security level of 60. deny
nameif command names the interface
security-level command sets a security level for an int
nat-control enables NAT
nat command sets which local addresses may use NAT and from which interfaces
global command sets which global addresses will be used for NAT and on which interfaces
static command Sets a specific local to global address translation for a dev
route command sets a specific static IP route
how is a udp request handled as a connection object in a CSA A single response is permitted within a specific timeframe
What will happen based on the following NAT statements? nat-control global (outside) 1 150.12.16.4 netmask 255.255.255.0 global (dmz) 2 147.16.5.14-147.16.5.20 netmask 255.255.255.0 nat (inside) 1 10.0.0.0 255.255.255.0 The LAN computers can access the Internet, but not the devices on the dmz.
What is the most correct method to config a server to use same inside and outside address nat (inside) 0 200.100.50.10 255.255.255.0
What is the global address for this device after the following command is configured? static (inside, outside) 200.100.50.10 199.47.41.10 netmask 255.255.255.0 200.100.50.10
Which of the below best describes what will happen if the following statement is entered on a Cisco security appliance? route inside 188.31.10.0 255.255.0.0 188.31.10.55 1 Traffic to the 188.31.10.0/24 subnet will be sent to the fa1 interface and addressed to 188.31.10.55.
Cut-thru proxy authentication is what? Authenticating users prior to permitting their packets to be sent to any other dev's on the internal networks
What is an advantage to using ACS and AAA over other authentication servers is? It is the only server that can download ACLs on a per-user or per-group basis
whatis the primary purpose of ACLs on a ASA To override the default security appliance security level policies on any interface
What is a turbo ACL compiled and stored ACL in machine language code to make it faster to use, must be over 19 lines in length
deep level inspection is what The firewall looks at the application level command to be issued inside the packet payload and decides wheterh or not to permit the packet
Created by: pkillur