13 - Security Services

Question 1

What is a Whaling attack?

Answer 1

A Phishing attack targeting high-profile individuals

Question 2

What is a Pharming attack?

Answer 2

An attack that involves compromising the services that direct users towards a well-known or trusted website e.g. DNS service

Question 3

What is a Watering hole attack?

Answer 3

An attacker determines which users frequently visit a site, then compromises a site and deposits malware there, only targeting those specific users

Question 4

What is a AAA server?

Answer 4

Authentication
Authorization
Accounting

Provide a centralized and standardized location for these functions for switches and routers

Question 5

What is Cisco ISE?

Answer 5

Identity Services Engine

Platform that Cisco implements its AAA services in

Question 6

What is TACAS+?

Answer 6

Cisco proprietary protocol that separates each of the AAA functions

Question 7

What port does TACAS+ communicate over?

Answer 7

Encrypted over TCP port 49

Question 8

What is RADIUS?

Answer 8

Standards based protocols that combines Authentication and Authorization into a single resource

Question 9

What port does RADIUS communicate over?

Answer 9

UDP ports 1812 and 1813(accounting)

Not completely encrypted

Question 10

What is a NAD?

Answer 10

Network Access Device

Question 11

What device usually is considered a NAD/NAS?

Answer 11

A Switch

Question 12

What is a switch usually referred to in the AAA client role?

Answer 12

A NAD

Question 13

What 3 basic elements should an effective security program have?

Answer 13

• User awareness
• User training
• Physical access control

Question 14

What is the issue with some older style IOS passwords?

Answer 14

They create a security exposure because the passwords existed in the configuration file as clear text

Question 15

What is the command to encrypt passwords normally stored as clear text?

Answer 15

Global command:

service password-encryption

Question 16

What does IOS add in front of passwords in the config file to signify they are encrypted?

Answer 16

7

Question 17

True/False: The no service password-encryption command immediately decrypt stored passwords that are encrypted

Answer 17

False

Question 18

True/False: The password encryption service on IOS is not strong

Answer 18

True

Question 19

Why is the enable secret command the preferred way for storing passwords?

Answer 19

It stores them as a hash rather than weak encryption

Question 20

How can you use a different algorithm type for the enable secret command?

Answer 20

enable algorithm-type {sha256 | scrypt } secret test123

Question 21

True/False: You can configure both username test password test and username test secret test commands at the same time just like enable secret and enable password

Answer 21

False

Question 22

What sub-command do you use on a vty line to enable an ACL on it?

Answer 22

access-class 3 in

Question 23

What is the Cisco ASA?

Answer 23

Adaptive Security Appliance (Firewall)

Question 24

What are firewall security zones used for?

Answer 24

Defining which hosts can initiate new connections from one zone to another

Question 25

What type of IPS mostly applies logic based on signatures?

Answer 25

Traditional IPS

Question 26

What do next generation firewalls do differently?

Answer 26

Look at the application layer data to identify the application instead of relying on port numbers. Essentially deep packet inspection

Question 27

What is AVC?

Answer 27

Application Visibility and Control (Deep packet inspection)

Question 28

What are 3 key problems with traditional IPS systems?

Answer 28

• IPS compares whole signature database to all messages
• Generates too many events
• Staff must figure out which events are useful

Question 29

How does a NGIPS improve on IPS?

Answer 29

Examines the context by gathering data from all hosts and their users in order to make more intelligent choices