Busy. Please wait.
Log in with Clever

show password
Forgot Password?

Don't have an account?  Sign up 
Sign up using Clever

Username is available taken
show password

Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
Didn't know it?
click below
Knew it?
click below
Don't Know
Remaining cards (0)
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how


CCNA Security 640-554 Exam

Node-local multicast FF01::/16
link-local multicast FF02::/16
site-local multicast FF05::/16
organization-local multicast FF08::/16
global multicast FF0E::/16
reserved multicast FF0F::/16
solicited-node multicast FF02::1:FF00/104
Describe PVLAN Edge Locally significant No isolation between switches Protected port does not forward any traffic to another protected port on the same switch
Multiple Context Mode can be viewed as having multiple separate (virtual) firewalls on the same hardware. Each context is its own security entity with its own security policy and interfaces.
Privilege Level 0 Allows the user to issue the disable, enable, exit, help, and logout commands.
Privilege level 1 Any commands at the > prompt
Privilege level 15 Any command at the # prompt
SFR Signature Fidelity Rating: Indicates how accurate a signature is.
ASR Attack Severity Rating: Indicates how dangerous an attack is
TVR Target Value Rating: Indicates the relative value of an asset
RR Risk Rating: Indicates the risk that an attack presents to a target
ARR Attack Relevancy Rating: Indicates whether a target is vulnerable to an attack
With ZBF when is traffic dropped by default? Traffic sent from an interface that is not a member of a zone to an interface that is a member of a zone Traffic sent between interfaces that are members of different zones.
Dynamic PAT vs Dynamic Policy PAT Dynamic Policy PAT requires an ACL
Dynamic PAT Also called NAT Overload. Dynamically maps several private IPs to a single public IP address using ports.
Dynamic Policy PAT
Dynamic NAT Dynamically maps several private IPs to a pool of public IPs
Dynamic Policy NAT
static NAT Single private IP is mapped to a single public IP.
static PAT Single private and port is mapped to a single public IP and port.
retired signatures Not in memory
unretired signature In memory
enabled signature In memory
disabled signature In memory
Object Group A configured set of IP addresses, IP address ranges, networks, protocols, or services. Can only be used with Extended ACLs.
Logging levels: 0,1,2,3,4,5,6,7 emergency,alert,critical,error,warning,notifcations,informational,debugging
NME IPS Network Module Enhanced IPS for ISRs
AIM IPS Advanced Integration Module IPS for ISRs
AIP SSC Advanced Inspection and Protection Security Services Card for ASA
IPS 4240
ISDM-2 Intrusion Detection System Module for Catalyst 6500 switch
AIP SSM Advanced Inspection and Prevention Security Services Module for ASA
Aggressive Mode 3 packets to negotiate VPN
Main Mode 6 packets to negotiate VPN
NIPS Network-based IPS: Cannot analyze encrypted traffic.
Describe PVLAN A switch must be configured for VTP transparent mode Routers, firewalls, and gateways should be connected to promiscuous ports Include a primary vlan and one or more secondary VLANs. Primary VLAN cannot be configured as isolated or community.
ACL Syntax
Signature-based detection
anomaly-based detection
policy-based detection
reputation-based detection
Stateful filtering operates at what levels of the OSI model? 3,4,5
Static filtering operates at what levels of the OSI model?
Inside NAT If the host resides inside the network and their addresses are translated for outbound traffic flows.
Outside NAT If the host resides on the outside network and its address is translated for inbound traffic flows.
What is used to apply actions to network traffic? Policy Maps
Atomic signature engine Signatures that can match on a single packet, as compared to a string of packets
Service signature engine Signatures that examine application layer services, regardless of the operating system
String signature engine Supports flexible pattern matching, and can be identified in a single packet or group of packets, such as a session.
Other signature engine Miscellaneous signatures that may not specifically fit into other categories.
Another name for Proxy Firewall Application firewall
IronPort Email and web security
ScanSafe Cloud Web Security
IPv6 Global Unicast 2000::/3
IPv6 6to4 Unicast 2002::/16
IPv6 site-local unicast FC00::/7
IPv6 link-local unicast FE80:/10
access-class Assigned to VTY lines
access-group Assigned to an interface
How can you implement an IPS in an ISR? AIM-IPS, NME-IPS, IOS IPS
Symmetric Algorithms (examples) One key to both encrypt and decrypt.
Asymmetric Algorithms (examples) Public-private key pair to encrypt & decrypt.
secure boot-image Enables IOS image resilience. Hidden from directory listing.
secure boot-config
Static Packet-Filtering Firewall L3, L4.
Stateful Packet-Filtering Firewall L3,L4,L5
Proxy Firewall Also called Application Firewall. L3-L7.
Attack methods Reconnaissance, Social Engineering, Privilege escalation, back doors.
Secure Network Lifecycle Initiation Acquisition & Development Implementation Operations & Maintenance Disposition
AUP Acceptable use policy
Management Plane This includes the protocols and traffic that an administrator uses between his workstation and the router or switch itself. SSH, telnet, HTTPS, etc.
Control Plane This includes protocols and traffic that the network devices use on their own without direct interaction from an administrator. Routing protocols. CPU being used.
Data Plane Traffic that is being forwarded through the network (transit traffic). Traffic that is being switched or forwarded by the network devices between the client and server.
Steps to setup device for CCP ip server ip http secure-server ip http authentication local username _____ privilege 15 secret ______
Connection profiles Pre-login configuration
Group Policy Post-login configuration
L2 Security Port security, BPDU guard, Root guard, DAI, IP source guard, 802.1x, Storm Control, ACLs, DHCP snooping
Threats to IPv6 NDP, DHCPv6, Extension Headers, Autoconfig of IPv6 addresses.
ZBF Zone-based firewall.
What can ACLs protect against? IP address spoofing TCP SYN-flood attacks (DoS) Reconnaissance attacks General vulnerabilities
What implicit rule is near the end of an IPv6 ACL? Implicit allow for NS and NA
Inside local The real IP configured on an inside host such as PC1
Inside global The mapped/global address that the router is swapping out for the inside host during NAT
Outside local If performing NAT on outside devices, this is the mapped address of the outside device (such as a server) as it would appear to inside hosts
Outside global The real IP configured on an outside host, such as the IP on a server.
Shadowed rule (acl)
Orphaned rule (acl)
What is used to identify traffic? Class Maps
What is used to apply policies? Service policies
When is a zone policy applied in a ZBF? Between members of different zones with a zone pair existing between them.
When is traffic dropped in a ZBF? Between members of different zones with no zone pair between them. Between an interface that is not a member of any zone goinging to an interface that is a member of a zone.
When is traffic forwarded in a ZBF? Between two interfaces where each interface is not a member of any zone. Between two interfaces that are members of the same zone. Traffic flowing to and from the router interfaces (self zone)
What is normalization? (IPS/IDS) Normalization is the process of modifying or manipulating traffic inline based on a current set of rules. Only applies to IPS.
False Positive When the sensor thinks good traffic is bad.
False Negative When the sensor thinks bad traffic is good.
Reputation-based IPS (example of threat that is protects against) Uses a global online database to learn about threats that are happening in the world and uses the information to protect against them.
NTP master
NTP client
AH port Authentication Header - Port 51
IPsec ESP port Encapsulating Security Protocol - Port 50
IKE/ISAKMP port 500
IKE Phase 1 Modes/Steps Main/aggressive mode Authenticates peer using PSK or digital certificate Uses DH during the second message exchanges Negotiates the IKE policy
IKE Phase 2 Modes/Steps Establishes the IPsec SAs Can optionally perform additional DH exchanges Quick mode negotiates the IPsec security parameters
TACACS+ Port Numbers TCP 49
RADIUS Port Numbers 1812/1645 Authentication 1813/1646 Accounting
How do you enable anyconnect via CLI? anyconnect enable
How do you make MD5 password more secure? Salt
What is used to negotiate the SA? IKE
Another name for reconnaissance attack Footprint analysis
Advantages of Application Layer Firewall Authenticate individuals, not devices Make it harder for hackers to spoof and implement denial-of-service (DoS) attacks Can monitor and filter application data Can provide detailed logging
What is vishing? Voice phishing - Convincing people to provide personal information over the phone.
What is a blended threat? An exploit that combines elements of multiple types of malware
Created by: b1ackplague
Popular Standardized Tests sets




Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
restart all cards