Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
640-554
CCNA Security 640-554 Exam
| Question | Answer |
|---|---|
| Node-local multicast | FF01::/16 |
| link-local multicast | FF02::/16 |
| site-local multicast | FF05::/16 |
| organization-local multicast | FF08::/16 |
| global multicast | FF0E::/16 |
| reserved multicast | FF0F::/16 |
| solicited-node multicast | FF02::1:FF00/104 |
| Describe PVLAN Edge | Locally significant No isolation between switches Protected port does not forward any traffic to another protected port on the same switch |
| Multiple Context Mode | can be viewed as having multiple separate (virtual) firewalls on the same hardware. Each context is its own security entity with its own security policy and interfaces. |
| Privilege Level 0 | Allows the user to issue the disable, enable, exit, help, and logout commands. |
| Privilege level 1 | Any commands at the > prompt |
| Privilege level 15 | Any command at the # prompt |
| SFR | Signature Fidelity Rating: Indicates how accurate a signature is. |
| ASR | Attack Severity Rating: Indicates how dangerous an attack is |
| TVR | Target Value Rating: Indicates the relative value of an asset |
| RR | Risk Rating: Indicates the risk that an attack presents to a target |
| ARR | Attack Relevancy Rating: Indicates whether a target is vulnerable to an attack |
| With ZBF when is traffic dropped by default? | Traffic sent from an interface that is not a member of a zone to an interface that is a member of a zone Traffic sent between interfaces that are members of different zones. |
| Dynamic PAT vs Dynamic Policy PAT | Dynamic Policy PAT requires an ACL |
| Dynamic PAT | Also called NAT Overload. Dynamically maps several private IPs to a single public IP address using ports. |
| Dynamic Policy PAT | |
| Dynamic NAT | Dynamically maps several private IPs to a pool of public IPs |
| Dynamic Policy NAT | |
| static NAT | Single private IP is mapped to a single public IP. |
| static PAT | Single private and port is mapped to a single public IP and port. |
| retired signatures | Not in memory |
| unretired signature | In memory |
| enabled signature | In memory |
| disabled signature | In memory |
| Object Group | A configured set of IP addresses, IP address ranges, networks, protocols, or services. Can only be used with Extended ACLs. |
| Logging levels: 0,1,2,3,4,5,6,7 | emergency,alert,critical,error,warning,notifcations,informational,debugging |
| NME IPS | Network Module Enhanced IPS for ISRs |
| AIM IPS | Advanced Integration Module IPS for ISRs |
| AIP SSC | Advanced Inspection and Protection Security Services Card for ASA |
| IPS 4240 | |
| ISDM-2 | Intrusion Detection System Module for Catalyst 6500 switch |
| AIP SSM | Advanced Inspection and Prevention Security Services Module for ASA |
| IOS IPS | For ISRs |
| Aggressive Mode | 3 packets to negotiate VPN |
| Main Mode | 6 packets to negotiate VPN |
| NIPS | Network-based IPS: Cannot analyze encrypted traffic. |
| Describe PVLAN | A switch must be configured for VTP transparent mode Routers, firewalls, and gateways should be connected to promiscuous ports Include a primary vlan and one or more secondary VLANs. Primary VLAN cannot be configured as isolated or community. |
| ACL Syntax | |
| Phishing | |
| Pharming | |
| Signature-based detection | |
| anomaly-based detection | |
| policy-based detection | |
| reputation-based detection | |
| Stateful filtering operates at what levels of the OSI model? | 3,4,5 |
| Static filtering operates at what levels of the OSI model? | |
| Inside NAT | If the host resides inside the network and their addresses are translated for outbound traffic flows. |
| Outside NAT | If the host resides on the outside network and its address is translated for inbound traffic flows. |
| What is used to apply actions to network traffic? | Policy Maps |
| Atomic signature engine | Signatures that can match on a single packet, as compared to a string of packets |
| Service signature engine | Signatures that examine application layer services, regardless of the operating system |
| String signature engine | Supports flexible pattern matching, and can be identified in a single packet or group of packets, such as a session. |
| Other signature engine | Miscellaneous signatures that may not specifically fit into other categories. |
| Another name for Proxy Firewall | Application firewall |
| IronPort | Email and web security |
| ScanSafe | Cloud Web Security |
| IPv6 Global Unicast | 2000::/3 |
| IPv6 6to4 Unicast | 2002::/16 |
| IPv6 site-local unicast | FC00::/7 |
| IPv6 link-local unicast | FE80:/10 |
| access-class | Assigned to VTY lines |
| access-group | Assigned to an interface |
| How can you implement an IPS in an ISR? | AIM-IPS, NME-IPS, IOS IPS |
| Symmetric Algorithms (examples) | One key to both encrypt and decrypt. |
| Asymmetric Algorithms (examples) | Public-private key pair to encrypt & decrypt. |
| secure boot-image | Enables IOS image resilience. Hidden from directory listing. |
| secure boot-config | |
| Static Packet-Filtering Firewall | L3, L4. |
| Stateful Packet-Filtering Firewall | L3,L4,L5 |
| Proxy Firewall | Also called Application Firewall. L3-L7. |
| Attack methods | Reconnaissance, Social Engineering, Privilege escalation, back doors. |
| Secure Network Lifecycle | Initiation Acquisition & Development Implementation Operations & Maintenance Disposition |
| AUP | Acceptable use policy |
| Management Plane | This includes the protocols and traffic that an administrator uses between his workstation and the router or switch itself. SSH, telnet, HTTPS, etc. |
| Control Plane | This includes protocols and traffic that the network devices use on their own without direct interaction from an administrator. Routing protocols. CPU being used. |
| Data Plane | Traffic that is being forwarded through the network (transit traffic). Traffic that is being switched or forwarded by the network devices between the client and server. |
| Steps to setup device for CCP | ip server ip http secure-server ip http authentication local username _____ privilege 15 secret ______ |
| Connection profiles | Pre-login configuration |
| Group Policy | Post-login configuration |
| L2 Security | Port security, BPDU guard, Root guard, DAI, IP source guard, 802.1x, Storm Control, ACLs, DHCP snooping |
| Threats to IPv6 | NDP, DHCPv6, Extension Headers, Autoconfig of IPv6 addresses. |
| ZBF | Zone-based firewall. |
| What can ACLs protect against? | IP address spoofing TCP SYN-flood attacks (DoS) Reconnaissance attacks General vulnerabilities |
| What implicit rule is near the end of an IPv6 ACL? | Implicit allow for NS and NA |
| Inside local | The real IP configured on an inside host such as PC1 |
| Inside global | The mapped/global address that the router is swapping out for the inside host during NAT |
| Outside local | If performing NAT on outside devices, this is the mapped address of the outside device (such as a server) as it would appear to inside hosts |
| Outside global | The real IP configured on an outside host, such as the IP on a server. |
| Shadowed rule (acl) | |
| Orphaned rule (acl) | |
| What is used to identify traffic? | Class Maps |
| What is used to apply policies? | Service policies |
| When is a zone policy applied in a ZBF? | Between members of different zones with a zone pair existing between them. |
| When is traffic dropped in a ZBF? | Between members of different zones with no zone pair between them. Between an interface that is not a member of any zone goinging to an interface that is a member of a zone. |
| When is traffic forwarded in a ZBF? | Between two interfaces where each interface is not a member of any zone. Between two interfaces that are members of the same zone. Traffic flowing to and from the router interfaces (self zone) |
| What is normalization? (IPS/IDS) | Normalization is the process of modifying or manipulating traffic inline based on a current set of rules. Only applies to IPS. |
| False Positive | When the sensor thinks good traffic is bad. |
| False Negative | When the sensor thinks bad traffic is good. |
| Reputation-based IPS (example of threat that is protects against) | Uses a global online database to learn about threats that are happening in the world and uses the information to protect against them. |
| NTP master | |
| NTP client | |
| AH port | Authentication Header - Port 51 |
| IPsec ESP port | Encapsulating Security Protocol - Port 50 |
| IKE/ISAKMP port | 500 |
| IKE Phase 1 Modes/Steps | Main/aggressive mode Authenticates peer using PSK or digital certificate Uses DH during the second message exchanges Negotiates the IKE policy |
| IKE Phase 2 Modes/Steps | Establishes the IPsec SAs Can optionally perform additional DH exchanges Quick mode negotiates the IPsec security parameters |
| TACACS+ Port Numbers | TCP 49 |
| RADIUS Port Numbers | 1812/1645 Authentication 1813/1646 Accounting |
| How do you enable anyconnect via CLI? | anyconnect enable |
| How do you make MD5 password more secure? | Salt |
| What is used to negotiate the SA? | IKE |
| Another name for reconnaissance attack | Footprint analysis |
| Advantages of Application Layer Firewall | Authenticate individuals, not devices Make it harder for hackers to spoof and implement denial-of-service (DoS) attacks Can monitor and filter application data Can provide detailed logging |
| What is vishing? | Voice phishing - Convincing people to provide personal information over the phone. |
| What is a blended threat? | An exploit that combines elements of multiple types of malware |
Created by:
b1ackplague
Popular Standardized Tests sets