Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards
share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

IINS 640-554 Part 2

Cisco IINS 640-554 Part 2

QuestionAnswer
Which part of CIA is this definition: Information is accessible by authorized users when needed Availability
What is a security policy? A Document that describes the restrictions on member behaviors and what info may be accessed by whom
What is Asset Management Inventory and classification scheme for information assets
What is access control? Restriction of access rights to the organizations assets
What does the compliance group do? Ensuring conformance with information security policies standards and regulations
Define Information Security Incident Mgmt How to anticipate and respond to information security breaches
Define the practice of risk assesment Determine the quantitative and qualitative value of risk
Define Business Continuity Mgmt (BC) or Disaster Recovery (DR) Protection, maintenance and recovery of business-critical processes and systems
What is the definition of a trojan? An application written to look like something else. When it is opened it attacks the end-user computer from within
What is the definition of a Worm? Executes code which installs copies of itself in the memory of the infected computer, which in turn infects other hosts
What is the definition of a payload as it applies to security? Any malicious code that results in some action
Define propagation mechanism. The method by which the code replicates itself and locates new targets
Define what is an Enabling vulnerability: A vulnerability on a system that the worm or virus exploits
5 phases of attach in proper order (5 P's) 1- Probe, 2- Penetrate, 3- Persist, 4- Propagate, 5- Paralyze
Most attacks take advantage of what type of vulnerability? Overflow of a fixed memory allocation size for a particular purpose (buffer overflow)
True/False: Antivirus software will prevent viruses from entering the network. False
Define the theory of network containment: Compartmentalization and segmentation of the network to slow down or stop or prevent further infections.
Define the practice of a quarantine: Identifying and isolating infected machines within the contained areas.
Define an Access attack: Exploit known vulnerabilities to gain entry to web accounts, databases, etc..
Define a Recon (Reconnaissance) attack: Unauthorized mapping and discovery of systems, services, or vulnerabilities.
Define a DoS (Denial of Service) attack: Send extremely large numbers of requests, slowing or crashing a device or service.
Define the methods of performing a Reconnaissance Attack: Ping Sweep Port Scan Packet Sniffer Internet Information Queries
Define the methods of performing an Access Attack / Active attack: Password Attack, Man-in-the-Middle, TCP SYN flood, Smurf Attack, Poisonous Packet (ARP poisoning), Continuous Stream of Packets, Trust exploitation, Port Redirection, Buffer Overflow
List a few ways to combat recon attacks: Use Authentication, Use anti-sniffer tools
List a few ways to combat access attacks: Minimize trust relationships Use strong passwords
List a few ways to prevent DoS attacks: Implement QoS and traffic policing Anti-spoofing techniques
Name the primary mitigation for recon and access attacks: Encryption
Define the concept of Defense-in-Depth A router does a preliminary screening and passes external traffic to a firewall for verification before it reaches LAN
Define what the concept of a DMZ is: An org has an internal LAN, external connection, and a third zone where servers are housed that are to be accessed by external traffic
What is Router hardening? Eliminate abuse of unused services and connections
How does one apply Physical Security in a networking environment? Place device in secure location only accessible to authorized people
Define the concept of Out of band management: Devices are managed using a separate network from production traffic
Which router access methods do not require a password by default (bare metal / new out of box): Privilege mode console telnet sessions
What is the Local DB on a cisco device? List of valid usernames and passwords on a cisco device
List some facts about SSH: Requires configuration of a domain name. Uses port 22. Version 2 requires 1024 crypto-key (easily generated by turning on https)
True/False: A user having privilege level 10 can execute commands that are defined for level 8? TRUE Levels are downwardly inclusive (E.G. everything below the level a user is at is included)
True/False: A CLI view contains only commands, while a Superview contains only other views? TRUE A superview is like an LDAP /x.500 OU in a sense.
True/False: A person must be in root view to create a view True: Also AAA must be enabled.
What happens when "no service password-recovery" is issued? Access to ROMMON mode is disabled, removing the ability to reset the password. The only recovery is completely wiping the config (not recovering the password, but a true 100% write erase)
List the types of syslog events in order of severity: Emergencies Alerts Critical Warning Notifications Informational Debugging
What is the phrase to remember syslog severity ratings? Every Alligator Consumes Wheaties Near Its Den
Which SNMP command is the equivalent of having the enable secret password? SET
What is the best way to set multiple devices' time source? NTP server and make network devices clients.
What port and protocol does NTP user? UDP port #123
What are turned of as best practices on a bare-metal cisco device (usually - new devices) SNMP Finger DNS Gratuitous Arp (GARP) TCP and UDP minor services
Answers the AAA question "What did you do?" Accounting
Answers the AAA question "Who are you?" Authentication.
Answers the AAA question "What can you do?" Authorization.
What type of system stores usernames and passwords on a centralized server location and has access from multiple devices? Server-Based AAA Authentication.
What is a locally located username and password database called? Local AAA
What is the max number of auth methods permitted when using AAA? 4
True/False: If a system has 2 AAA authorization methods configured, if the user is denied access by the first checked method, it will see if the other one permits it? False - AAA and security in general is always least permissive role set chosen.
an admin issues AAA new-model but no other aaa commands. Local uname has been set, which type of login will require a password? All except the console.
What is a primary difference between "AAA local authentication attempts max-fail" and the "login delay" commands? The aaa command locks the user out until teh admin releases the account, whereas login delay does not require intervention.
Which AAA method is this: Entire packet is encrypted. TACACS+ Primary reason for using TACACS is encryption via TCP.
Which AAA method is this: router command auth per-user or per-group. TACACS+
Which AAA method is this: separates all components of AAA TACACS+
Which AAA method is this: TCP port 49. TACACS+ Remember that TACACS is on TCP so it's guaranteed results, so it's bi-directional by design.
Which AAA method is this: Bidirectional challenge and response. TACACS+ Remember that TACACS is on TCP so it's guaranteed results, so it's bi-directional by design.
Which AAA method is this: Primarily Cisco supported. TACACS+
Which AAA method is this: Limited accounting (historically). TACACS+
Which AAA method is this: Unidirectional server challenge responseĀ . RADIUS
Which AAA method is this: Supports 802.1x and SIP. RADIUS
Which AAA method is this: Uses port 1645 or 1812 for authorization. RADIUS
Which AAA method is this: Combines authenticaiton and authorization, separates accounting. RADIUS
Which AAA method is this: Only the password is encrypted. RADIUS
Which AAA method is this: UDP port 1646 or 1813 for accounting. RADIUS
Extensive Accounting.
Cisco's AAA server is called... Cisco Secure ACS. But everyone refers to it as simply 'ACS'.
ACL's numbered 1 - 99 are what type, and what do they filter on? Standard, makes decisions based on source IP address.
ACL's numbered 100 - 199 are what type, and what do they filter on? Extended, makes decisions based on Source or Destination IP or port#. Much more flexible - almost all modern ACL's are of this type.
ACL's numbered 700 - 799 are what type and what do they filter? Makes decisions based on source MAC address
Which ACLs that do not impact packets whose source is the router itself. Trick question. Both standard and extended ACLs do not affect packets from the router's ip address and/or ports.
Which ACLs that Should be applied closest to the destination? standard ACL's.
Which ACLs should be applied closest to the source? Extended ACL's.
A good use for Nmap is to... Identify open ports on a device.
What is a CLI command to view the number of packets matching a given ACL entry: sh ip access-list
It can be used on only extended access lists and is meant to block internet traffic except replies to TCP traffic initiated inside. TCP Keyword "established".
This type of ACL adds temporary ACL Entries (ACE) into an extended ACL that has been applied to external interface based on match of an ACE with a reflect parameter for any type of IP traffic. Reflexive ACL.
The purpose of using an access list number on the debug ip packet command is to... limit the packets displayed and reduce usage of system resources.
Created by: pkillur