Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password

Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Cisco IINS 640-554 Part 4

        Help!  

Question
Answer
show A VPN connection made from a mobile worker to business site.  
🗑
Define an IPSec VPN Tunnel mode:   show
🗑
What is provided by AH when using IPSec?   show
🗑
What does ESP provide that AH alone can't?   show
🗑
show FALSE  
🗑
show Establishes bidirectional IKE SA. Authenticates peer.  
🗑
show Negotiates IPSec policies. When complete, unidirectional IPSec SAs are established for each protocol/algorithm combination. Transform sets are negotiated (proposals).  
🗑
show To determine what traffic will be tunneled and what will be sent in planin text to the appropriate next hop.  
🗑
Define The crypto ACLs on both ends of a VPN tunnel should have what relationship?   show
🗑
Define SSL remote access VPN characteristics (Anyconnect):   show
🗑
show Works for all IP-based applications. Clients must have specialized software. Has a stronger auth method. The stronger security method.  
🗑
What type of VPN assigns host pc a new IP address?   show
🗑
show Adding a static route entry for a PC when using remote access VPNs?  
🗑
What is this definition of? Identify the purposes of the network to the organization?   show
🗑
show Risk Analysis.  
🗑
show Security Operations.  
🗑
show Industry-recommended practices.  
🗑
show Threat identification.  
🗑
When a failure in the system bypasses security functions, this is called _____.   show
🗑
Quantitative risk analysis uses a math model, qualitative risk analysis uses a scenario-based model.   show
🗑
show SLE - Single Loss Expectancy.  
🗑
Define: How often a threat is expected to occur.   show
🗑
show AV - Asset Value  
🗑
show SLE - Single Loss Expectancy.  
🗑
Define: The expected financial loss that a particular threat will cost an organization.   show
🗑
show ALE - Annualized Loss Expectance  
🗑
show Single Loss Expectancy  
🗑
Which Cisco product performs Policy Management?   show
🗑
Which product USED to perform Threat Mgmt (it is now retired)?   show
🗑
show Cisco Security Agent. Cisco NAC Appliance.  
🗑
What cisco product is a network infrastructure device?   show
🗑
show Rotation of duties. Two person teams. Separation of duties. Change control. Multiple staff members involved in backups.  
🗑
Planning for a failure or a natural disaster at a primary location is called ___   show
🗑
show Initiation.  
🗑
show Implementation.  
🗑
show Disposition.  
🗑
Define this process: Risk assessment, functional assurance requirements, planning, developmental testing and evaluation.   show
🗑
Define this process: Configuration management, continuous monitoring.   show
🗑
What is the difference between policies and procedures?   show
🗑
show Security awareness program.  
🗑
ALE (Annualized Loss Expectancy) =    show
🗑
Why are Internal Threats the most dangerous / serious?   show
🗑
List some truths about External Threats:   show
🗑
show 1: Keeping data private 2: Physically or logically restricting access to sensitive data. 3: Use of Network Security mechanisms to prevent unauthorized access (Firewall and ACLs).  
🗑
Last 2 Elements of Confidentiality:   show
🗑
Elements of Integrity:   show
🗑
show 1: Measurement of data's accessibility. 2: Access from everywhere if possible / recommended.  
🗑
show Data has few or no privacy requirements.  
🗑
Government/Military Data Classification: Sensitive but unclassified SBU   show
🗑
Government/Military Data Classification: Confidential   show
🗑
show Data has a reasonable probability of causing serious damage if disclosed to an unauthorized party.  
🗑
Government/Military Data Classification: Top-secret   show
🗑
Organizational Data Classification: Public   show
🗑
show Data that could cause embarrassment but not constitute a security threat if revealed.  
🗑
Organizational Data Classification: Private   show
🗑
Organizational Data Classification: Confidential   show
🗑
show primarily policy-centric. Examples: Routine security awareness training programs. Clearly defined security policies. Logging configuration changes.  
🗑
Security Solution Controls: Physical Controls   show
🗑
Security Solution Controls: Technical Controls   show
🗑
show difficult to detect because the attacker isn't actively sending traffic (malicious or otherwise) Example: attacker capturing packets from the network and attempting to decrypt them (if traffic was encrypted originally).  
🗑
Describe a Active Attack detection:   show
🗑
Describe a Close-in Attack detection:   show
🗑
show Occurs when legitimate network users leverage their credentials and knowledge of the network in a malicious fashion.  
🗑
Describe a distribution Attack detection:   show
🗑
Define the theory of Defense in Depth:   show
🗑
Defense in Depth design:   show
🗑
show Syn Syn-Ack Ack  
🗑
List the two types of IP spoofing:   show
🗑
show This occurs when attacker and the destination are on the same subnet. By being on the same subnet, the attacker might be able to use a packet-capture utility to glean sequence numbers.  
🗑
show Occurs when attacker is not on the same subnet as the destination. Obtaining correct sequence numbers is more difficult. Using techniques such as IP source routing, an attacker can accurately determine those sequence numbers.  
🗑
Describe Loose source routing attack:   show
🗑
Describe a Strict source routing attack:   show
🗑
show Promiscuous mode NIC's. Telnet and HTTP scraping.  
🗑
show Scans ranges for alive IP's and then interrogates the IP's for live ports. Port scans often help attackers identify the OS running on the target system.  
🗑
show because many companies throw away confidential information without properly shredding it, some attackers might rummage through company dumpsters in hopes of discovering information that could be used to compromise network resources.  
🗑
show data is often transmitted over wire (UTP wire) attackers can sometimes copy information traveling over the wire by intercepting EMI being emitted by the transmission medium.  
🗑
show if an attacker gains physical access to a wiring closet, they might be able to physically tap into telephone cabling to eavesdrop on telephone conversations. Might also inject a hub between target and himself.  
🗑
Confidentiality Attack Strategies for Social engineering:   show
🗑
show attacker might send or receive confidential information over a network using an overt channel. I.E. Protocol tunneling - http encapsulating IM or FTP, or steganography.  
🗑
show attacker might send or receive confidential information over a network using a covert channel, which can communicate information as a series of codes and/or events.  
🗑


   

Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
 
To hide a column, click on the column name.
 
To hide the entire table, click on the "Hide All" button.
 
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
 
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.

 
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how
Created by: pkillur
Popular Engineering sets