Module 3 Flashcards

1
Q

are responsible for maintaining data assurance for an organization and ensuring the integrity and confidentiality of information.

A

Network security professionals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security specialist job roles within an enterprise include

A

Chief Information Officer (CIO),
Chief Information Security Officer (CISO),
Security Operations (SecOps) Manager,
Chief Security Officer (CSO),
Security Manager, and
Network Security Engineer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Regardless of job titles, network security
professionals must always stay one step ahead of the hackers:

A
  • They must constantly upgrade their skill set to keep abreast of the latest threats.
  • They must attend training and workshops.
  • They must subscribe to real-time feeds regarding threats.
  • They must peruse security websites daily.
  • They must maintain familiarity with network security organizations. These organizations often have
    the latest information on threats and vulnerabilities.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Network Intelligence Communities

A

SANS
Mitre
FIRST Forum of Incident Response and Security Teams
SecurityNewsWire
(ISC)2 International Information Systems Security Certification Consortium
CIS Center for Internet Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Institute resources are largely free upon request and include:

The Internet Storm Center - the popular internet early warning system
NewsBites, the weekly digest of news articles about computer security.
@RISK, the weekly digest of newly discovered attack vectors, vulnerabilities with active exploits, and explanations of how recent attacks worked
Flash security alerts
Reading Room - more than 1,200 award-winning, original research papers.
SANS also develops security courses.

A

SANS

SysAdmin, Audit, Network, Security (SANS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

maintains a list of common vulnerabilities and exposures (CVE) used by prominent security organizations making it easier for them to share data. The CVE serves as a dictionary of common names (i.e., CVE Identifiers) for known cybersecurity vulnerabilities.

A

The Mitre Corporation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

is a security organization that brings together a variety of computer security incident response teams from government, commercial, and educational organizations to foster cooperation and coordination in information sharing, incident prevention and rapid reaction.

A

Forum of Incident Response and Security Teams (FIRST)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A security news portal that aggregates the latest breaking news pertaining to alerts, exploits, and vulnerabilities.

A

SecurityNewsWire

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

provides vendor neutral education products and career services to more than 75,000+ industry professionals in more than 135 countries.

A

International Information Systems Security Certification Consortium (ISC2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

is a focal point for cyber threat prevention, protection, response, and recovery for state, local, tribal, and territorial (SLTT) governments through the Multi-State Information Sharing and Analysis Center (MS-ISAC). The MS-ISAC offers 24x7 cyber threat warnings and advisories, vulnerability identification, and mitigation and incident response.

A

Center for Internet Security (CIS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

To remain effective, a network security professional must:

A

Keep abreast of the latest threats -
This includes subscribing to real-time feeds regarding threats, routinely perusing security-related websites, following security blogs and podcasts, and more.

Continue to upgrade skills -
This includes attending security-related training, workshops, and conferences.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Information security deals with protecting information
and information systems from unauthorized access,
use, disclosure, disruption, modification, or
destruction. The ___ serves as a conceptual
foundation for the field.

A

CIA Triad

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Only authorized individuals, entities, or processes can access sensitive information.

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

This refers to the protection of data from unauthorized alteration.

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Authorized users must have uninterrupted access to the network resources and data that they require.

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

There are 14 network security domains specified by the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC).

Described by ISO/IEC 27001, these 14 domains serve to organize, at a high level, the vast realm of information and activities under the umbrella of network security.

These domains have some significant parallels with domains defined by the Certified Information Systems Security Professional (CISSP) certification.

A

CONT

The 14 domains are intended to serve as a common basis for developing organizational security standards and effective security management practices.

They also help to facilitate communication between organizations.

These 14 domains provide a convenient separation of the elements of network security. While it is not important to memorize these 14 domains, it is important to be aware of their existence and formal declaration by the ISO. In the ISO 27001 standard these are known as the 14 control sets of Annex A. They will serve as a useful reference in your work as a network security professional.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

14 Network Security Domain

A

Information Security Policies
Organization of Information Security
Human Resources Security
Asset Management
Access Control
Cryptography
Physical and Environmental Security
Operations Security
Communications Security
System Acquisition, Development, and Maintenance
Supplier Relationships
Information Security Incident Management
Business Continuity Management
Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

This annex is designed to ensure that security policies are created, reviewed, and maintained.

A

Information Security Policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

This is the governance model set out by an organization for information security. It assigns responsibilities for information security tasks within an organization.

A

Organization of Information Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

This addresses security responsibilities relating to employees joining, moving within, and leaving an organization.

A

Human Resources Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

This concerns the way that organizations create an inventory of and classification scheme for information assets.

A

Asset Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

This describes the restriction of access rights to networks, systems, applications, functions, and data.

A

Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

This concerns data encryption and the management of sensitive information to protect confidentiality, integrity, and availability of data.

A

Cryptography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

This describes the protection of the physical computer facilities and equipment within an organization.

A

Physical and Environmental Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

This describes the management of technical security controls in systems and networks including malware defenses, data backup, logging and monitoring, vulnerability management, and audit considerations. This domain is also concerned with the integrity of software that is used in business operations.

A

Operations Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

This concerns the security of data as it is communicated on networks, both within an organization or between and organization and third parties such as customers or suppliers.

A

Communications Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

This ensures that information security remains a central concern in an organization’s processes across the entire lifecycle, in both private and public networks.

A

System Acquisition, Development, and Maintenance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

This concerns the specification of contractual agreements that protect an organization’s information and technology assets that are accessible by third parties that provide supplies and services to the organization.

A

Supplier Relationships

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

This describes how to anticipate and respond to information security breaches.

A

Information Security Incident Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

This describes the protection, maintenance, and recovery of business-critical processes and systems.

A

Business Continuity Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

This describes the process of ensuring conformance with information security policies, standards, and regulations.

A

Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

are the guidelines that are developed by an organization to govern its actions. The policies define standards of correct behavior for the business and its employees. In networking, policies define the activities that are allowed on the network. This sets a baseline of acceptable use. If behavior that violates business policy is detected on the network, it is possible that a security breach has occurred.

A

Business policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

These policies establish the rules of conduct and the responsibilities of both employees and employers.

Policies protect the rights of workers as well as the business interests of employers.

Depending on the needs of the organization, various policies and procedures establish rules regarding employee conduct, attendance, dress code, privacy and other areas related to the terms and conditions of employment.

A

Company policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

These policies are created and maintained by human resources staff to identify employee salary, pay schedule, employee benefits, work schedule, vacations, and more.

They are often provided to new employees to review and sign.

A

Employee policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

These policies identify a set of security objectives for a company, define the rules of behavior for users and administrators, and specify system requirements.

These objectives, rules, and requirements collectively ensure the security of a network and the computer systems in an organization.

Much like a continuity plan, a security policy is a constantly evolving document based on changes in the threat landscape, vulnerabilities, and business and employee requirements.

A

Security policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

are used to inform users, staff, and managers of an organization’s requirements for protecting technology and information assets. A______also specifies the mechanisms that are needed to meet security requirements and provides a baseline from which to acquire, configure, and audit computer systems and networks for compliance.

A

Security policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

A comprehensive security policy has a number of benefits, including the following:

A

Demonstrates an organization’s commitment to security

Sets the rules for expected behavior

Ensures consistency in system operations, software and hardware acquisition and use, and maintenance

Defines the legal consequences of violations

Gives security staff the backing of management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Specifies authorized persons that can have access to network resources and identity verification procedures.

A

Identification and authentication policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Ensures passwords meet minimum requirements and are changed regularly.

A

Password policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Identifies network applications and uses that are acceptable to the organization. It may also identify ramifications if this policy is violated.

A

Acceptable Use Policy (AUP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Identifies how remote users can access a network and what is accessible via remote connectivity.

A

Remote access policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Specifies network device operating systems and end user application update procedures.

A

Network maintenance policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Describes how security incidents are handled.

A

Incident handling procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

One of the most common security policy components is an ____. This can also be referred to as an _____ This component defines what users are allowed and not allowed to do on the various system components. This includes the type of traffic that is allowed on the network. The ___ should be as explicit as possible to avoid misunderstanding.

A

AUP / Appropriate use policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Many organizations must now also support _____. This enables employees to use
their own mobile devices to access company systems, software, networks, or information. This can bring an
increased information security risk because ____ can lead to data breaches and greater liability for the
organization.

A

Bring Your Own Device (BYOD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

BYOD security best practices to help mitigate BYOD vulnerabilities are:

A

Password protected access
Manually control wireless connectivity
Keep updated
Back up data
Enable “Find my Device”
Provide antivirus software
Use Mobile Device Management (MDM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

BYOD provides several key benefits to enterprises, including

A

increased productivity,
reduced IT and operating costs,
better mobility for employees, and
greater appeal when it comes to hiring and retaining employees.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Use unique passwords for each device and account.

A

Password protected access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Turn off Wi-Fi and Bluetooth connectivity when not in use. Connect only to trusted networks.

A

Manually control wireless connectivity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Always keep the device OS and other software updated. Updated software often contains security patches to mitigate against the latest threats or exploits.

A

Keep updated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Enable backup of the device in case it is lost or stolen.

A

Back up data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Subscribe to a device locator service with remote wipe feature.

A

Enable “Find my Device”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Provide antivirus software for approved BYOD devices.

A

Provide antivirus software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

MDM software enables IT teams to implement security settings and software configurations on all devices that connect to company networks.

A

Use Mobile Device Management (MDM) software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Network security professionals must be familiar with the laws and codes of ethics that are binding on ___ professionals.

A

Information Systems Security (INFOSEC)

56
Q

A common analogy used to describe a defense-in-depth approach is called

A

“the security onion.”

57
Q

Security Onion

A

Hardened devices
Authentication, Authorization, and Accounting (AAA)
Content filtering
Intrusion Prevention Systems (IPS)
Firewall

58
Q

The changing landscape of networking, such as the evolution of borderless networks, has changed this analogy to the ____ which benefits the threat actor.

threat actors no longer have to peel away each layer. They only need to remove certain _____ The bonus is that each “leaf” of the network may reveal sensitive data that is not well secured.

A

“security artichoke”

“artichoke leaves.”

59
Q

Security Artichoke

A

Passwords
Client-side Attacks
Databases
Web Applications
Buffer Overflows

60
Q

involves using different types of tools to test the network and end devices to validate the
security of the network.

A

Ethical hacking

61
Q

uses hacker techniques and tools to evaluate the strength of network security measures. Cybersecurity personnel must also know how to use these tools when performing
network ____

A

Penetration testing

62
Q

are an integrated security solution that combines traditionally independent tools into a suite of tools that are made to work together

A

Data Security Platforms (DSP)

63
Q

One such DSP _____ is a cloud-based security operations
platform that enables organizations to integrate many
security functionalities into a single platform. ____
provides event management, network behavior
analytics, advanced threat detection, and incident
security orchestration, automation, and response
(SOAR) for response to threats as they are detected.

A

FireEye Helix

64
Q

platform works with
diverse products that combine to safeguard your
network, users and endpoints, cloud edge, and
applications. SecureX functionality is built in to a
large and diverse portfolio of Cisco security
products including next-generation firewalls, VPN,
network analytics, identity service engine,
advanced malware protection (AMP), and many
other systems that work to secure all aspects of a
network. SecureX also integrates a range of thirdparty security tools.

A

Cisco SecureX

65
Q

___ is one of the largest commercial threat
intelligence teams in the world. The goal of ___ is to help
protect enterprise users, data, and infrastructure from
active adversaries. The ____ team collects information
about active, existing, and emerging threats.____ then
provides comprehensive protection against these attacks
and malware to its subscribers.

A

Cisco Talos Threat Intelligence Group

66
Q

Defending / Securing the Network

A

Develop a written security policy for the company.

Educate employees about the risks of social engineering, and develop strategies to validate identities over the phone, via email, or in person.

Control physical access to systems.

Use strong passwords and change them often.

Encrypt and password-protect sensitive data.

Implement security hardware and software such as firewalls, IPSs, virtual private network (VPN) devices, antivirus software, and content filtering.

Perform backups and test the backed-up files on a regular basis.

Shut down unnecessary services and ports.

Keep patches up-to-date by installing them weekly or daily, if possible, to prevent buffer overflow and privilege escalation attacks.

Perform security audits to test the network.

67
Q

Mitigating Malware

A

Antivirus software (virus and trojan) helps prevent hosts from getting infected and spreading malicious code. It requires much more time to clean up infected computers than it does to maintain up-to-date antivirus software and antivirus definitions on the same machines.

Antivirus are host-based. antivirus software helps prevent hosts from getting infected and spreading malicious code.

These products are installed on computers and servers to detect and eliminate viruses.
However, they do not prevent viruses from entering the network.

Another way to mitigate
malware threats is to prevent malware files from entering the network at all. Security devices at
the network perimeter can identify known malware files based on their indictors of compromise.
The files can be removed from the incoming data stream before they can cause an incident.

68
Q

Mitigating Worms (4 phase)

A
  1. Containment
  2. Inoculation
  3. Quarantine
  4. Treatment
69
Q

involves limiting the spread of a worm infection to areas of the network that are already affected. This requires compartmentalization and segmentation of the network to slow down or stop the worm and to prevent currently infected hosts from targeting and infecting other systems. ______ requires using both outgoing and incoming ACLs on routers and firewalls at control points within the network.

A

The containment phase

70
Q

runs parallel to or subsequent to the containment phase. During the inoculation phase, all uninfected systems are patched with the appropriate vendor patch. The ____ process further deprives the worm of any available targets.

A

The inoculation phase

71
Q

involves tracking down and identifying infected machines within the contained areas and disconnecting, blocking, or removing them. This isolates these systems appropriately for the treatment phase.

A

The quarantine phase

72
Q

involves actively disinfecting infected systems. This can involve terminating the worm process, removing modified files or system settings that the worm introduced, and patching the vulnerability the worm used to exploit the system. Alternatively, in more severe cases, the system may need to be reinstalled to ensure that the worm and its by-products are removed.

A

The treatment phase

73
Q

Mitigating Reconnaissance Attacks

A

Implementing authentication to ensure proper access.

Using encryption to render packet sniffer attacks useless.

Using anti-sniffer tools to detect packet sniffer attacks.

Implementing a switched infrastructure.

Using a firewall and IPS.

74
Q

are typically the precursor to other attacks that have the intent of gaining unauthorized access to a network or disrupting network functionality.

A

Reconnaissance attacks

75
Q

provides intrusion prevention in a standalone device. Additionally, the Cisco Integrated Service Router supports network-based intrusion prevention through the Cisco IOS security image.

A

Cisco’s Adaptive Security Appliance (ASA)

76
Q

is also effective for mitigating packet sniffer attacks. If traffic is _____, using a packet sniffer is of little use because captured data is not readable.

A

Encryption

76
Q

____ detect changes in the response time of hosts to determine whether the hosts are processing more traffic than their own traffic loads would indicate. While this does not completely eliminate the threat, as part of an overall mitigation system, it can reduce the number of instances of threat.

A

Anti-sniffer software and hardware tools

77
Q

It is impossible to mitigate port scanning, but using an _____ can limit the information that can be discovered with a port scanner.

A

intrusion prevention system (IPS) and firewall

78
Q

Mitigating Access Attacks

A

Use strong passwords -
Strong passwords are at least eight characters and contain uppercase letters, lowercase letters, numbers, and special characters.

Disable accounts after a specified number of unsuccessful logins has occurred -
This practice helps to prevent continuous password attempts.

78
Q

The network should also be designed using the principle of minimum trust.

A

True

79
Q

is a critical component of any modern secure network.

A

Cryptography

80
Q

Educate employees about the risks of social
engineering, and develop strategies to validate identities over the phone, via email, or in
person. _____ has become increasingly common.

A

Multifactor authentication (MFA)

81
Q

Using ___ for remote access to a network is recommended. Routing protocol traffic should also be ____

A

encryption

82
Q

One of the first signs of a DoS attack is a large number of user complaints about
unavailable resources or unusually slow network performance. A network utilization graph
showing unusual activity could indicate a DoS attack. To minimize the number of attacks,
a ___ should be running at all times.

A

network utilization software package

83
Q

Historically, many DoS attacks were sourced from spoofed addresses. Cisco routers and
switches support many antispoofing technologies, such as

A

port security,
Dynamic Host Configuration Protocol (DHCP) snooping,
IP Source Guard,
Dynamic Address Resolution Protocol (ARP) Inspection, and
access control lists (ACLs).

84
Q

____ provides comprehensive guidelines for protecting the network infrastructure. These guidelines form the foundation for continuous delivery of service.

A

The Cisco Network Foundation Protection (NFP) framework

85
Q

NFP logically divides routers and switches into three functional areas,

A

Control Plane
Management Plane
Data Plane (Forwarding Plane)

86
Q

Responsible for routing data correctly. Control plane traffic consists of device-generated packets required for the operation of the network itself, such as ARP message exchanges, or OSPF routing advertisements.
Control plane -

A

Control plane

87
Q

Responsible for managing network elements. Management plane traffic is generated either by network devices or network management stations using processes and protocols such as Telnet, SSH, TFTP, FTP, NTP, AAA, SNMP, syslog, TACACS+, RADIUS, and NetFlow.

A

Management plane

88
Q

Responsible for forwarding data. Data plane traffic normally consists of user-generated packets being forwarded between end devices. Most traffic travels through the router, or switch, via the data plane.

A

Data plane (Forwarding plane)

89
Q

exchange of routing information <—–> routing protocol —–> ip routing protocol

A

Control plane

90
Q

incoming IP packet —> IP forwarding table —> outgoing IP packet

ip routing table —-> ip forwarding table

A

Data plane

91
Q

Management processes <—- Management Sessions

A

Management plane

92
Q

______ consists of device-generated packets required for the operation of the network itself.

A

Control plane traffic

93
Q

Securing the Control Plane

A

Routing protocol authentication
Control Plane Policing (CoPP)
AutoSecure

94
Q

prevents a router from accepting fraudulent routing updates. Most routing protocols support neighbor authentication.

A

Routing protocol authentication or neighbor authentication

95
Q

is a Cisco IOS feature designed to allow users to control the flow of traffic that is handled by the route processor of a network device.

A

Control Plane Policing (CoPP)

96
Q

can lock down the management plane functions and the forwarding plane services and functions of a router.

A

AutoSecure

97
Q

is designed to prevent unnecessary traffic from overwhelming the route processor. The ____ feature treats the control plane as a separate entity with its own ingress (input) and egress (output) ports. A set of rules can be established and associated with the ingress and egress ports of the control plane.

A

CoPP Control Plane Policing

98
Q

Securing the Management Plane

A

Login and password policy
Present legal notification
Ensure the confidentiality of data
Role-based access control (RBAC)
Authorize actions
Enable management access reporting

99
Q

Restricts device accessibility. Limits the accessible ports and restricts the “who” and “how” methods of access.

A

Login and password policy

100
Q

Displays legal notices. These are often developed by legal counsel of a corporation.

A

Present legal notification

101
Q

Protects locally stored sensitive data from being viewed or copied. Uses management protocols with strong authentication to mitigate confidentiality attacks aimed at exposing passwords and device configurations.

A

Ensure the confidentiality of data

102
Q

Ensures access is only granted to authenticated users, groups, and services. RBAC and authentication, authorization, and accounting (AAA) services provide mechanisms to effectively manage access control.

A

Role-based access control (RBAC)

103
Q

Restricts the actions and views that are permitted by any particular user, group, or service.

A

Authorize actions

104
Q

Logs and accounts for all access. Records who accessed the device, what occurred, and when it occurred.

A

Enable management access reporting

105
Q

is generated either by network devices or network
management stations using processes and protocols such as Telnet, SSH, and TFTP, etc. The _____ is a very attractive target to hackers.

A

Management plane traffic

106
Q

____ restricts user access based on the role of the user. Roles are created according to job or task functions, and assigned access permissions to specific assets. Users are then assigned to roles, and are granted the permissions that are defined for that role.

A

RBAC Role based access control

107
Q

In Cisco IOS, the role-based CLI access feature implements RBAC for ____ . The feature creates different “views” that define which commands are accepted and what configuration information is visible. For scalability, users, permissions, and roles are usually created and maintained in a central repository server. This makes the access control policy available to multiple devices. The central repository server can be a Cisco Identity Services Engine (ISE) which can provide authentication, authorization, and accounting (AAA) network services.

A

router management access

108
Q

Securing the Data Plane

A

Blocking unwanted traffic or users

Reducing the chance of DoS attacks

Mitigating spoofing attacks

Providing bandwidth control

Classifying traffic to protect the Management and Control planes

109
Q

consists mostly of user packets being forwarded through the router via the_____ .

A

Data plane traffic

110
Q

Data plane security can be implemented using

A

ACLs,
antispoofing mechanisms, and
Layer 2 security features,

111
Q

____ can also be used as an antispoofing mechanism by discarding traffic that has an invalid source address. This means that attacks must be initiated from valid, reachable IP addresses, which allows the packets to be traced to the originator of an attack.

A

ACLs

112
Q

Features, such as___ can be used to complement the antispoofing strategy.

A

Unicast Reverse Path Forwarding (uRPF),

113
Q

Layer 2 security tools are integrated into the Cisco Catalyst switches:

A

Port security
DHCP snooping
Dynamic ARP Inspection (DAI)
IP Source Guard (IPSG)

114
Q

Prevents MAC address spoofing and MAC address flooding attacks.

A

Port security

115
Q

Prevents client attacks on the DHCP server and switch.

A

DHCP snooping

116
Q

Adds security to ARP by using the DHCP snooping table to minimize the impact of ARP poisoning and spoofing attacks.

A

Dynamic ARP Inspection (DAI)

117
Q

Prevents spoofing of IP addresses by using the DHCP snooping table.

A

IP Source Guard (IPSG)

118
Q

The ____ uses Control Plane Policing (CoPP) to allow users to control the flow of traffic that is handled by the route processor of a network device.

A

control plane

118
Q

The information flow between in the _____ can be out-of-band (OOB), where information flows within a network on which no production traffic resides. It can also be in-band, where information flows across the enterprise production network, the internet, or both.

A

management plane

119
Q

The ___ is responsible for applying ACLs such as whether traffic from hosts, networks, or users, can access the network.

A

data plane

120
Q

The control plane is responsible for

A

routing protocol authentication,
route processor traffic (CoPP), and
AutoSecure.

121
Q

The management plane is responsible for the following features:

A

login and password policy;
present legal notification;
data confidentiality;
role-based access control (RBAC);
action authorization; and
management access reporting.

122
Q

The data plane is responsible for

A

ACLs and
port security that block unwanted traffic
as well as mitigating spoof attacks.

123
Q

is the primary means of mitigating both virus and Trojan horse attacks. By using up-to-date antivirus software, the spread of viruses and Trojan horse attacks can be reduced.

A

Antivirus software

124
Q

The CIA triad contains three components: _____ . It is a guideline for information security for an organization.

A

confidentiality, integrity, and availability

125
Q

Which section of a security policy is used to specify that only authorized individuals should have access to enterprise data?

A

The identification and authentication policy section of the security policy typically specifies authorized persons that can have access to network resources and identity verification procedures.

125
Q

Which security implementation will provide control plane protection for a network device?

A

routing protocol authentication

Control plane traffic such as ARP messages or routing protocol advertisements are generated by a network device in order to support network operations. Routing protocol authentication provides an extra measure of security to authenticate the source of routing updates. Encrypting remote access connections, utilizing the NTP protocol, and using AAA, are all measures implemented to secure management plane traffic.

126
Q

What threat intelligence group provides blogs and podcasts to help network security professionals remain effective and up-to-date?

A

The Cisco Talos Group provides blogs and podcasts on security-related topics from a number of industry experts. These blogs and podcasts provide advice, research, and recommended mitigation techniques.

127
Q

What worm mitigation phase involves actively disinfecting infected systems?

A

The four phases of worm mitigation are:
Containment
Inoculation
Quarantine
Treatment

Disinfecting systems is accomplished in the treatment phase and involves terminating the worm process, removing infected files, and patching vulnerabilities exploited by the worm.

128
Q

With the evolution of borderless networks, which vegetable is now used to describe a defense-in-depth approach?

A

The artichoke is now used to provide a visual analogy to describe a defense-in-depth security approach. The onion used to be descriptive because the attacker would “peel away” each layer of the network defense mechanisms. Now the artichoke is used because a single petal or leaf can be moved or removed to reveal sensitive information.

129
Q

How does BYOD change the way in which businesses implement networks?​

A

BYOD provides flexibility in where and how users can access network resources

A BYOD environment requires an organization to accommodate a variety of devices and access methods. Personal devices, which are not under company control, may be involved, so security is critical. Onsite hardware costs will be reduced, allowing a business to focus on delivering collaboration tools and other software to BYOD users.

130
Q

What functional area of the Cisco Network Foundation Protection framework uses protocols such as Telnet and SSH to manage network devices?

A

Management plane

There are three functional areas of the Cisco Network Foundation Protection (NFP) framework:

Control plane: Responsible for routing functions. Consists of the traffic generated by network devices to operate the network
Management plane: Responsible for managing network devices
Data (Forwarding) plane: Responsible for forwarding user data

131
Q

What security tool allows a threat actor to hack into a wireless network and detect security vulnerabilities?

A

Aircrack-ng, Kismet, InSSIDer, KisMAC, Firesheep, and NetStumbler are examples of tools used to hack into a wireless network.

132
Q

What is the primary function of SANS?

A

One of the primary functions of the SysAdmin, Audit, Network, Security (SANS) Institute is the maintenance of the Internet Storm Center early warning system.

133
Q

What method can be used to mitigate ping sweeps?

A

blocking ICMP echo and echo-replies at the network edge

To mitigate ping sweeps, ICMP echo and echo-reply messages can be blocked on network edge routers. This does come at a cost. Because ICMP is also used for network diagnostic data, this diagnostic data will be blocked as well.