12 - Network Security Basics

Question 1

What are the three general goals of adversaries?

Answer 1

access to information
modification of information
denial of access to information

Question 2

What is an adversary?

Answer 2

An entity that poses a threat to the operation of a network device

Question 3

What is a passive attack?

Answer 3

do not modify data and typically involve the monitoring of data flows between systems
ie packet sniffing

Question 4

What is an active attack?

Answer 4

typically modify or disrupt the flow of data

ie denial of service attack

Question 5

What is a close-in attack?

Answer 5

those that rely on the close physical proximity of the attacker to the target system
ie an attacker watching a user type in a password

Question 6

What is an insider attack?

Answer 6

involves a user that normally has some form of access to the target system
ie employee transferring confidential data

Question 7

What is a distribution attack?

Answer 7

occurs when a malicious user modifies hardware or software prior to installation
ie a software backdoor created by the vendor

Question 8

What are the four types of physical threats to a network?

Answer 8

electrical
hardware
environmental
administrative

Question 9

What are the two most threatening types of environmental threats?

Answer 9

temperature

humidity

Question 10

What are some tools used in a reconnaissance attack?

Answer 10

ping sweeps
packet sniffing
port scans

Question 11

What is promiscuous mode?

Answer 11

it will no longer ignore data that is no specifically addressed to the device

Question 12

What is an access attack?

Answer 12

used to gain unauthorized access to network systems

Question 13

What are some tools used to protect assets in a network?

Answer 13

antivirus software
antispyware software
ids and ips
firewalls

Question 14

What banner is always displayed prior to login?

Answer 14

the login banner

Question 15

What banner is displayed prior to login for telnet but not ssh?

Answer 15

the MOTD or message of the day banner

Question 16

What banner is displayed prior to the login banner?

Answer 16

MOTD banner

Question 17

What banner is displayed once the user successfully authenticates?

Answer 17

exec banner

Question 18

What are the three types of warning banners?

Answer 18

login banner
exec banner
motd banner

Question 19

What is the command for banner logins?

Answer 19

banner motd
banner login
banner exec

Question 20

What is the command for reverse telnet sessions?

Answer 20

banner incoming

Question 21

What command is needed for the password command to work on vty, aux, or console sessions?

Answer 21

login

Question 22

What command is needed to encrypt passwords on a cisco device?

Answer 22

service password-encryption

Question 23

What command is needed for the password command to work on vty, aux, or console sessions?

Answer 23

login local

Question 24

What are the three phases of AAA?

Answer 24

Authentication-verifying a users identity
authorization-verifying the level of access for a user
accounting-process of recording the use of resources

Question 25

What AAA standard is cisco proprietary?

Answer 25

Tacacs+

Question 26

What organization standardizes Radius?

Answer 26

IETF or internet engineering task force

Question 27

What AAA standard combines authentication and authorization?

Answer 27

Radius

Question 28

What AAA standard encrypts the entire contents of the packet?

Answer 28

tacacs+

Question 29

What AAA standard only encrypts the password in a packet?

Answer 29

Radius

Question 30

What port/ports is used in Radius AAA?

Answer 30

udp 1812 for authentication

udp 1813 for accounting

Question 31

What port/ports is used in Tacacs+ AAA?

Answer 31

tcp 49 for all three

Question 32

How do you configure AAA?

Answer 32

aaa new-model

username backup secret B0s0n

Question 33

What happens automatically when the aaa new-model command is issued?

Answer 33

local authentication is automatically applied to all interfaces and vty lines but not the console line

Question 34

What does enable password 0 mean?

Answer 34

the 0 indicates the password is unencrypted

Question 35

What does enable password 7 mean?

Answer 35

the 7 indicates the password is encrypted with ciscos original password algorithm

Question 36

What does enable secret 5 mean?

Answer 36

the 5 indicates the password is and md5 hash

Question 37

What is a logging severity of 0?

Answer 37

emergencies

Question 38

What is a logging severity of 1?

Answer 38

alerts

Question 39

What is a logging severity of 2?

Answer 39

critical

Question 40

What is a logging severity of 3?

Answer 40

errors

Question 41

What is a logging severity of 4?

Answer 41

warnings

Question 42

What is a logging severity of 5?

Answer 42

notifications

Question 43

What is a logging severity of 6?

Answer 43

informational

Question 44

What is a logging severity of 7?

Answer 44

debugging

Question 45

What is the default logging severity for console, monitor, and buffer?

Answer 45

all severities or debugging

Question 46

What command is used to send log messages to the vty lines?

Answer 46

logging monitor

Question 47

Where does logging buffered send log messages?

Answer 47

to the local device in memory, cleared out on reboots

Question 48

What command can you use to verify logging?

Answer 48

sh logging

Question 49

What command/commands are used to configure logging to a server?

Answer 49

logging host 10.10.10.10

logging trap 5

Question 50

What are best practices for unused switchports?

Answer 50

to shut them off

Question 51

How do you disable dynamic trunking protocol?

Answer 51

manually configuring an access or trunk port

switchport nonegotiate

Question 52

What does the switchport port-security mac-address sticky command do?

Answer 52

the switch will automatically create static mac address entries for that port, they will be lost on a reboot unless the writ mem command is issued

Question 53

What is the default port-security violation?

Answer 53

shutdown

Question 54

What does the port-security violation of protect do?

Answer 54

the switch will discard the traffic

Question 55

What does the port-security violation of restrict do?

Answer 55

discard the traffic, log the attempt, increment the security violation counter, and send and snmp trap message

Question 56

What does the port-security violation of shutdown do?

Answer 56

discard the traffic, log the attempt, increment the security violation counter, and place the port in err-disabled

Question 57

What command is used to verify port security on an interface?

Answer 57

sh port-security int fa0/1

Question 58

What command is used to verify that an NTP client is successfully authenticated?

Answer 58

sh ntp assoiations detail

Question 59

What is the default severity level for monitoring to a syslog server?

Answer 59

informational or 6

Question 60

What is the default date/time stamp for log messages?

Answer 60

uptime since routers last reboot