Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
IINS 640-554 Part 2
Cisco IINS 640-554 Part 2
| Question | Answer |
|---|---|
| Which part of CIA is this definition: Information is accessible by authorized users when needed | Availability |
| What is a security policy? | A Document that describes the restrictions on member behaviors and what info may be accessed by whom |
| What is Asset Management | Inventory and classification scheme for information assets |
| What is access control? | Restriction of access rights to the organizations assets |
| What does the compliance group do? | Ensuring conformance with information security policies standards and regulations |
| Define Information Security Incident Mgmt | How to anticipate and respond to information security breaches |
| Define the practice of risk assesment | Determine the quantitative and qualitative value of risk |
| Define Business Continuity Mgmt (BC) or Disaster Recovery (DR) | Protection, maintenance and recovery of business-critical processes and systems |
| What is the definition of a trojan? | An application written to look like something else. When it is opened it attacks the end-user computer from within |
| What is the definition of a Worm? | Executes code which installs copies of itself in the memory of the infected computer, which in turn infects other hosts |
| What is the definition of a payload as it applies to security? | Any malicious code that results in some action |
| Define propagation mechanism. | The method by which the code replicates itself and locates new targets |
| Define what is an Enabling vulnerability: | A vulnerability on a system that the worm or virus exploits |
| 5 phases of attach in proper order (5 P's) | 1- Probe, 2- Penetrate, 3- Persist, 4- Propagate, 5- Paralyze |
| Most attacks take advantage of what type of vulnerability? | Overflow of a fixed memory allocation size for a particular purpose (buffer overflow) |
| True/False: Antivirus software will prevent viruses from entering the network. | False |
| Define the theory of network containment: | Compartmentalization and segmentation of the network to slow down or stop or prevent further infections. |
| Define the practice of a quarantine: | Identifying and isolating infected machines within the contained areas. |
| Define an Access attack: | Exploit known vulnerabilities to gain entry to web accounts, databases, etc.. |
| Define a Recon (Reconnaissance) attack: | Unauthorized mapping and discovery of systems, services, or vulnerabilities. |
| Define a DoS (Denial of Service) attack: | Send extremely large numbers of requests, slowing or crashing a device or service. |
| Define the methods of performing a Reconnaissance Attack: | Ping Sweep Port Scan Packet Sniffer Internet Information Queries |
| Define the methods of performing an Access Attack / Active attack: | Password Attack, Man-in-the-Middle, TCP SYN flood, Smurf Attack, Poisonous Packet (ARP poisoning), Continuous Stream of Packets, Trust exploitation, Port Redirection, Buffer Overflow |
| List a few ways to combat recon attacks: | Use Authentication, Use anti-sniffer tools |
| List a few ways to combat access attacks: | Minimize trust relationships Use strong passwords |
| List a few ways to prevent DoS attacks: | Implement QoS and traffic policing Anti-spoofing techniques |
| Name the primary mitigation for recon and access attacks: | Encryption |
| Define the concept of Defense-in-Depth | A router does a preliminary screening and passes external traffic to a firewall for verification before it reaches LAN |
| Define what the concept of a DMZ is: | An org has an internal LAN, external connection, and a third zone where servers are housed that are to be accessed by external traffic |
| What is Router hardening? | Eliminate abuse of unused services and connections |
| How does one apply Physical Security in a networking environment? | Place device in secure location only accessible to authorized people |
| Define the concept of Out of band management: | Devices are managed using a separate network from production traffic |
| Which router access methods do not require a password by default (bare metal / new out of box): | Privilege mode console telnet sessions |
| What is the Local DB on a cisco device? | List of valid usernames and passwords on a cisco device |
| List some facts about SSH: | Requires configuration of a domain name. Uses port 22. Version 2 requires 1024 crypto-key (easily generated by turning on https) |
| True/False: A user having privilege level 10 can execute commands that are defined for level 8? | TRUE Levels are downwardly inclusive (E.G. everything below the level a user is at is included) |
| True/False: A CLI view contains only commands, while a Superview contains only other views? | TRUE A superview is like an LDAP /x.500 OU in a sense. |
| True/False: A person must be in root view to create a view | True: Also AAA must be enabled. |
| What happens when "no service password-recovery" is issued? | Access to ROMMON mode is disabled, removing the ability to reset the password. The only recovery is completely wiping the config (not recovering the password, but a true 100% write erase) |
| List the types of syslog events in order of severity: | Emergencies Alerts Critical Warning Notifications Informational Debugging |
| What is the phrase to remember syslog severity ratings? | Every Alligator Consumes Wheaties Near Its Den |
| Which SNMP command is the equivalent of having the enable secret password? | SET |
| What is the best way to set multiple devices' time source? | NTP server and make network devices clients. |
| What port and protocol does NTP user? | UDP port #123 |
| What are turned of as best practices on a bare-metal cisco device (usually - new devices) | SNMP Finger DNS Gratuitous Arp (GARP) TCP and UDP minor services |
| Answers the AAA question "What did you do?" | Accounting |
| Answers the AAA question "Who are you?" | Authentication. |
| Answers the AAA question "What can you do?" | Authorization. |
| What type of system stores usernames and passwords on a centralized server location and has access from multiple devices? | Server-Based AAA Authentication. |
| What is a locally located username and password database called? | Local AAA |
| What is the max number of auth methods permitted when using AAA? | 4 |
| True/False: If a system has 2 AAA authorization methods configured, if the user is denied access by the first checked method, it will see if the other one permits it? | False - AAA and security in general is always least permissive role set chosen. |
| an admin issues AAA new-model but no other aaa commands. Local uname has been set, which type of login will require a password? | All except the console. |
| What is a primary difference between "AAA local authentication attempts max-fail" and the "login delay" commands? | The aaa command locks the user out until teh admin releases the account, whereas login delay does not require intervention. |
| Which AAA method is this: Entire packet is encrypted. | TACACS+ Primary reason for using TACACS is encryption via TCP. |
| Which AAA method is this: router command auth per-user or per-group. | TACACS+ |
| Which AAA method is this: separates all components of AAA | TACACS+ |
| Which AAA method is this: TCP port 49. | TACACS+ Remember that TACACS is on TCP so it's guaranteed results, so it's bi-directional by design. |
| Which AAA method is this: Bidirectional challenge and response. | TACACS+ Remember that TACACS is on TCP so it's guaranteed results, so it's bi-directional by design. |
| Which AAA method is this: Primarily Cisco supported. | TACACS+ |
| Which AAA method is this: Limited accounting (historically). | TACACS+ |
| Which AAA method is this: Unidirectional server challenge response . | RADIUS |
| Which AAA method is this: Supports 802.1x and SIP. | RADIUS |
| Which AAA method is this: Uses port 1645 or 1812 for authorization. | RADIUS |
| Which AAA method is this: Combines authenticaiton and authorization, separates accounting. | RADIUS |
| Which AAA method is this: Only the password is encrypted. | RADIUS |
| Which AAA method is this: UDP port 1646 or 1813 for accounting. | RADIUS |
| Extensive Accounting. | |
| Cisco's AAA server is called... | Cisco Secure ACS. But everyone refers to it as simply 'ACS'. |
| ACL's numbered 1 - 99 are what type, and what do they filter on? | Standard, makes decisions based on source IP address. |
| ACL's numbered 100 - 199 are what type, and what do they filter on? | Extended, makes decisions based on Source or Destination IP or port#. Much more flexible - almost all modern ACL's are of this type. |
| ACL's numbered 700 - 799 are what type and what do they filter? | Makes decisions based on source MAC address |
| Which ACLs that do not impact packets whose source is the router itself. | Trick question. Both standard and extended ACLs do not affect packets from the router's ip address and/or ports. |
| Which ACLs that Should be applied closest to the destination? | standard ACL's. |
| Which ACLs should be applied closest to the source? | Extended ACL's. |
| A good use for Nmap is to... | Identify open ports on a device. |
| What is a CLI command to view the number of packets matching a given ACL entry: | sh ip access-list |
| It can be used on only extended access lists and is meant to block internet traffic except replies to TCP traffic initiated inside. | TCP Keyword "established". |
| This type of ACL adds temporary ACL Entries (ACE) into an extended ACL that has been applied to external interface based on match of an ACE with a reflect parameter for any type of IP traffic. | Reflexive ACL. |
| The purpose of using an access list number on the debug ip packet command is to... | limit the packets displayed and reduce usage of system resources. |
Created by:
pkillur
Popular Engineering sets