Flashcards in 101-200 Deck (72):
FirePOWER impact flag is used for?
A value that indicates the potential severity of an attack.
Two services define cloud networks?
Infrastructure as a service
Platform as a Service
In a security context, which action can you take to address compliance?
Implement rules to prevent a vulnerability
What can the SMTP preprocessor in FP normalize?
It can extract and decode email attachments in client to server traffic.
Want to allow all users to access Internet, but want to hide individual addresses - 2 options?
Configure a proxy server to hide local IP.
configure a firewall to use PAT.
2 Auth types OSPF supports
Admin can't execute "config T" with following config - why?
Username Admin password checkme
Username Admin privilege 6 autocommand show running
Remove "autocommand and arguments"...this just does a show run when connected and drops.
Command to verify DHCP binding table status?
show ip dhcp snooping database
If a switch receives a superior BPDU and goes directly into blocked state, what mechanism must be in use?
Type of packet creates and performs network operations on a network device?
control plane packets.
2 functions can SIEM provide? Security Information Event Manager.
Correlation between logs and events from multiple systems.
event aggregation that allows for reduced log storage requirements.
3 actions are limitations when running IPS in promiscuous mode?
deny attacker, deny packet, modify packet
ASA command to authenticate users when they enter "enable" to a local DB w/o failback?
aaa authentication enable console LOCAL
accounting notices are used to send a failed authentication attempt record to a AAA server? 2
If native VLAN on a trunk is different on each end of line, what may occur?
STP loops may occur
Which type of IPS can identify worms that are propagating in a network?
which kind of victim is tricked into entering username and PW at a disguised website?
Cisco product can help mitigate web-based attacks within a network?
Web Security Appliance
State about a Private VLAN?
partitions the layer 2 broadcast domain of a VLAN into subdomains
Cisco feature can help mitigate spoofing attacks by verifying symmertry of the traffic path?
Unicast REverse Path Forwarding
Most common CDP V1 attack?
CIsco preferred countermeasure to mitigate CAM overflows?
Dynamic port security
When a switch has multiple links connected to a downstream switch, what is the first step that STP takes to prevent loops?
elects the root bridge
Countermeasure can mitigate ARP spoofing attacks? (2)
Dynamic ARP inspection
Type of security control is defense in depth?
CCP screen do you enable AAA?
configure mode(level) used for "ip ospf authentication-key c1$c0"?
2 uses of SIEM
alerting administrators to security events in real time.
collecting and archiving syslog data.
statement about malware?
unwanted software that is harmful or destructive.
discovered a malicious program that has been harvesting the CEO's email messages and the company's user DB for 6 months...what are 2 possible types of attacks your team discovered?
advanced persistent threat, and maybe targeted malware
FP preprocessor engine is used to prevent SYN attacks?
Only permitted operation for processing multicast traffic on ZBF?
Only control plane policing can protect the control plane against multicast traffic.
encryption technology has the broadcast platform support to protect OS?
Feature of Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?
SourceFire action should you choose if you want to block only malicious traffic from a particular end-user?
allow with inspection
How can you detect a false negative on an IPS?
Use a 3rd party system to perform penetration testing.
Type of PVLAN port allows host in the same VLAN to communicate directly with the other?
Community for hosts in the PVLAN
State shows MM_NO_STATE with show crypto isakmp sa - what does this mean?
Main Mode was created on source, but failed to negotiate with destination.
"single-connection" under TACACS server config means what for multiple servers?
the device will establish one connection for all TACACS transactions.
Crypto IPsec transform-set myset esp-md5-hmac esp-aes-256 > two things this does?
Authentication uses MD5-HMAC
Encryption uses AES-256
What is a valid implicit permit rule for traffic that is traversing the ASA Firewall?
ARPs in both directions are permitted in transparent mode only.
best practice for URL filtering to solve issue of website which keeps changing IP?
Enable URL filtering and use URL categorization to block the webistes that violate company policy.
Potential issue for leaving native VLAN set to 1?
could be susceptible to VLAN hopping attack.
IPS mode provides the max number of actions?
technology can be used to rate data fidelity and provide an authenticated hash for data?
config allows Anyconnect to authenticate automatically and establish VPN when user logs in to PC?
Switch port goes right into blocked state when a superior BPDU is received - what mechanisms does this?
STP Root Guard
feature filters CoPP packets?
best way to confirm AAA authentication is working properly?
use the test aaa command
benefit for Web application firewall?
blocks known vulnerabilities w/o patching applications.
improvement for EAP-FAST v2 over v1?
allows multiple creds be passe din a single EAP exchange.
statement about IOS privilege levels?
Each level supports commands at its own level and all levels below it.
mechanism does asymmetric crytopgraph use to secure data?
Type of attack trying to overload a CAM table on a switch?
Two ways to prevent eavesdropping when you preform device-maintenance?
FW config to allow traffic to flow in both directions between two zones?
You must configure two zone pairs, one for each direction.
3 ways RADIUS differs from TACACS
RADIUS authenticates and authorizes simultaneously. causing fewer packets to be transmitted.
RADIUS Encrypts only the PW field in authentication packets.
USes UDP to communicate to NAS.
Data breach occurred and your company DB has been copied - what web security principle has been violated?
Primary purpose of a defined rule in an IPS?
To configure an event action that takes place when a signature is triggered.
How does PEAP protect EAP exchange?
it encrypts the exchange using the server cert.
How can FP block malicious email attachments?
it sends the traffic through a file policy.
proxy firewall protects against which type of attack?
cross-site scripting attacks.
3 statements about DHCP spoofing?
modify traffic in transit.
used to perform main-in-the middle attack.
Protect the identity of the attacker by masking the DHCP address. or use ARP poisoning.
When should you use OOB MGMT?
When you manage apps need concurrent access to the device.
When you require admins access from multiple locations.
Sourcefire event action you should choose if you want to block only malicious traffic?
Allow with inspection.
Two NAT types allows only objects or groups to reference an IP address?
Is ip ospf authentication message-digest needed for MD5 Auth in OSPF?
Statement about EIGRP/OSPF about MD authentication?
Router Process (only for OSPF) must be configured; key chain in EIGRP.
component of CIA triad relate to safe data which is in transit?
user level to use: enable, disable, exit... commands?
Two valid TCP connection states.