Module 16 Network Security Fundamentals (FT)

Question 1

_____ on a network can be devastating and can result in a loss of time and money due to damage, or theft of important information or assets.

Answer 1

Attacks

Question 2

_____ can gain access to a network through software vulnerabilities, hardware attacks, or through guessing someone’s username and password

Answer 2

Intruders

Question 3

What are the four types of threats that may arise:?

Answer 3

• Information Theft
• Data Loss and Manipulation
• Identity Theft
• Disruption of Service

Question 4

_____ is the degree of weakness in a network or a device.

Answer 4

Vulnerability

Question 5

What are the three primary vulnerabilities or weakness?

Answer 5

• Technological Vulnerabilities
• Configuration Vulnerabilities
• Security Policy Vulnerabilities

Question 6

might include TCP/IP Protocol weaknesses, Operating System Weaknesses, and Network Equipment weaknesse

Answer 6

Technological Vulnerabilities

Question 7

might include unsecured user accounts, system accounts with easily guessed passwords, misconfigured internet services, unsecure default settings, and misconfigured network equipment.

Answer 7

Configuration Vulnerabilities

Question 8

might include lack of a written security policy, politics, lack of authentication continuity, logical access controls not applied, software and hardware installation and changes not following policy, and a nonexistent disaster recovery plan.

Answer 8

Security Policy Vulnerabilities

Question 9

If network resources can be physically compromised, a ______ can deny the use of network resources.

Answer 9

threat actor

Question 10

What are the four classes of physical threats

Answer 10

• Hardware Threats
• Environmental Threats
• Electrical Threats
• Maintenance Threats

Question 11

This includes physical damage to servers, routers, switches, cabling plant, and workstations.

Answer 11

Hardware Threats

Question 12

This includes temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry).

Answer 12

Environmental Threats

Question 13

This includes voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss.

Answer 13

Electrical Threats

Question 14

-This includes poor handling of key electrical components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling.

Answer 14

Maintenance Threats

Question 15

_____ is short for malicious software

Answer 15

Malware

Question 16

It is code or software specifically designed to damage, disrupt, steal, or inflict “Bad” or illegitimate action on data, hosts, or networks.

Answer 16

Malware

Question 17

What are the various types of malware:

Answer 17

• Viruses
• Worms
• Trojan Horses

Question 18

A _____ is a type of malware that propagates by inserting a copy of itself into, and becoming part of, another program.

Answer 18

Viruses

Question 19

It spreads from one computer to another, leaving infections as it travels.

Answer 19

Viruses

Question 20

_____ are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage

Answer 20

Computer worms

Question 21

In contrast to viruses, which require the spreading of an infected host file, ____ are standalone software and do not require a host program or human help to propagate.

Answer 21

worms

Question 22

It is a harmful piece of software that looks legitimate. Unlike viruses and worms, _____ do not reproduce by infecting other files. They self-replicate

Answer 22

Trojan horses

Question 23

_____ must spread through user interaction such as opening an email attachment or downloading and running a file from the internet.

Answer 23

Trojan horses

Question 24

What are some classified network attacks:

Answer 24

• Reconnaissance Attacks
• Access Attacks
• Denial of Service

Question 25

The discovery and mapping of systems, services, or vulnerabilities.

Answer 25

Reconnaissance Attakcs

Question 26

The unauthorized manipulation of data, system access, or user privileges.

Answer 26

Access Attacks

Question 27

The disabling or corruption of networks, systems, or services.

Answer 27

Denial of Service

Question 28

For reconnaissance attacks, external threat actors can use internet tools, such as the ______ and _____ utilities, to easily determine the IP address space assigned to a given corporation or entity.

Answer 28

nslookup and whois 

Question 29

______ exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information.

Answer 29

Access Attacks

Question 30

What are the classified Access Attacks:

Answer 30

- Password Attacks - Trust Exploitation - Port Redirection - Man-in-the-middle

Question 31

Implemented using brute force, trojan horse, and packet sniffers

Answer 31

Password Attacks

Question 32

A threat actor uses unauthorized privileges to gain access to a system, possibly compromising the target.

Answer 32

Trust Exploitation

Question 33

- A threat actor uses a compromised system as a base for attacks against other targets. For example, a threat actor using SSH (port 22) to connect to a compromised host A. Host A is trusted by host B and, therefore, the threat actor can use Telnet (port 23) to access it.

Answer 33

Port Redirection

Question 34

The threat actor is positioned in between two legitimate entities in order to read or modify the data that passes between the two parties.

Answer 34

Man-in-the-middle

Question 35

______ attacks are the most publicized form of attack and among the most difficult to eliminate. However, because of their ease of implementation and potentially significant damage, _____ attacks deserve special attention from security administrators.

Answer 35

Denial of service (DoS)

Question 36

These attacks are relatively simple to conduct, even by an unskilled threat actor can do

Answer 36

Denial of Service

Question 37

A network of infected hosts, known as _____

Answer 37

zombie

Question 38

A network of zombies is called _____

Answer 38

botnet

Question 39

The threat actor uses a ______ program to instruct the botnet of zombies to carry out a DDoS attack

Answer 39

Command and Control (CnC)

Question 40

To mitigate network attacks, most organizations employ a ______ approach (Also known as layered approach) to security

Answer 40

Defense in depth

Question 41

What are some security devices and services that are implemented to protect organization's users and assets against TCP/IP threats:

Answer 41

- VPN - ASA Firewall - IPS - ESA/WSA - AAA Server

Question 42

_____ is one of the most effective ways of protecting against data loss

Answer 42

Backing up device configurations and data

Question 43

____ should be performed on a regular basis as identified in the security policy.

Answer 43

Backups

Question 44

______ are usually stored offsite to protect the backup media if anything happens to the main facility

Answer 44

Data backups

Question 45

- Perform backups on a regular basis as identified in the security policy. - Full backups can be time-consuming, therefore perform monthly or weekly backups with frequent partial backups of changed files.

Answer 45

Frequency

Question 46

- Always validate backups to ensure the integrity of the data and validate the file restoration procedures.

Answer 46

Storage

Question 47

- Backups should be transported to an approved offsite storage location on a daily, weekly, or monthly rotation, as required by the security policy.

Answer 47

Security

Question 48

- Backups should be protected using strong passwords. The password is required to restore the data.

Answer 48

Validation

Question 49

The most effective way to mitigate a worm attack is to _____ from the operating system vendor and patch all vulnerable systems

Answer 49

download security updates

Question 50

One solution to the management of critical security patches is to make sure all end systems ______.

Answer 50

automatically download updates.

Question 51

What is the meaning of "AAA" or "Triple A"

Answer 51

Authentication, Authorization, and accounting

Question 52

_____ network security services provide the primary framework to set up access control on network devices.

Answer 52

Authentication, Authorization, and accounting ("AAA")

Question 53

AAA is a way to control who is permitted to access a network

Answer 53

Authenticate

Question 54

AAA. What actions they perform while accessing the network

Answer 54

Authorize

Question 55

AAA. Making a record of what was done while they are there

Answer 55

Accounting

Question 56

____ reside between two or more networks, control the traffic between them, and help prevent unauthorized access.

Answer 56

Network firewalls

Question 57

A ____could allow outside users controlled access to specific services.

Answer 57

firewall

Question 58

 ______ - Prevents or allows access based on IP or MAC addresses

Answer 58

Packet Filtering

Question 59

______ - Prevents or allows access by specific application types based on port numbers

Answer 59

Application filtering

Question 60

_____ - Prevents or allows access to websites based on specific URLs or keywords

Answer 60

URL filtering

Question 61

______ - Incoming packets must be legitimate responses to requests from internal hosts.

Answer 61

Stateful packet inspection (SPI)

Question 62

An ______, or host, is an individual computer system or device that acts as a network client. Common _____ are laptops, desktops, servers, smartphones, and tablets.

Answer 62

endpoint

Question 63

_____ is one of the most challenging jobs of a network administrator because it involves human nature. A company must have well-documented policies in place and employees must be aware of these rules.

Answer 63

Securing endpoint devices

Question 64

For Cisco routers, the ______ feature can be used to assist securing the system.

Answer 64

Cisco AutoSecure

Question 65

- Default usernames and passwords should be changed immediately. - Access to system resources should be restricted to only the individuals that are authorized to use those resources. - Any unnecessary services and applications should be turned off and uninstalled when possible. - Often, devices shipped from the manufacturer have been sitting in a warehouse for a period of time and do not have the most up-to-date patches installed. It is important to update any software and install any security patches prior to implementation.

Answer 65

READ

Question 66

- Use a password length of at least eight characters, preferably 10 or more characters. - Make passwords complex. Include a mix of uppercase and lowercase letters, numbers, symbols, and spaces, if allowed. - Avoid passwords based on repetition, common dictionary words, letter or number sequences, usernames, relative or pet names, biographical information, such as birthdates, ID numbers, ancestor names, or other easily identifiable pieces of information. - Deliberately misspell a password. For example, Smith = Smyth = 5mYth or Security = 5ecur1ty. - Change passwords often. If a password is unknowingly compromised, the window of opportunity for the threat actor to use the password is limited. - Do not write passwords down and leave them in obvious places such as on the desk or monitor.

Answer 66

READ

Question 67

On Cisco routers, leading spaces are _____ for passwords, but spaces after the first character are not.

Answer 67

Ignored

Question 68

A _____ is often easier to remember than a simple password. It is also longer and harder to guess.

Answer 68

passphrase

Question 69

Encrypt all plaintext passwords with the ______ command.

Answer 69

service password-encryption

Question 70

Set a minimum acceptable password length with the _____ command.

Answer 70

security passwords min-length

Question 71

Deter brute-force password guessing attacks with the ______ command.

Answer 71

login block-for # attempts # within #

Question 72

Disable an inactive privileged EXEC mode access after a specified amount of time with the ______ command.

Answer 72

exec-timeout

Question 73

ENABLE SSH 1. Configure a unique device hostname. A device must have a unique hostname other than the default. 2. Configure the IP domain name. Configure the IP domain name of the network by using the global configuration mode command ip-domain name. 3. Generate a key to encrypt SSH traffic. SSH encrypts traffic between source and destination. However, to do so, a unique authentication key must be generated by using the global configuration command crypto key generate rsa general-keys modulus bits. The modulus bits determines the size of the key and can be configured from 360 bits to 2048 bits. The larger the bit value, the more secure the key. However, larger bit values also take longer to encrypt and decrypt information. The minimum recommended modulus length is 1024 bits. 4. Verify or create a local database entry. Create a local database username entry using the username global configuration command. 5. Authenticate against the local database. Use the login local line configuration command to authenticate the vty line against the local database. 6. Enable vty inbound SSH sessions. By default, no input session is allowed on vty lines. You can specify multiple input protocols including Telnet and SSH using the transport input [ssh | telnet] command.

Answer 73

READ