Module 13 Flashcards

1
Q

there are two internal LAN elements to
secure:

A
  • Endpoints
  • Network infrastructure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Traditional Endpoint Security

The endpoints also used traditional host-based security measures:

A
  • Antivirus/Antimalware Software
  • Host-based IPS
  • Host-based firewall
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

borderless network

A

byod

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Security for Endpoints in the Borderless Network

A

antimalware software
Protect endpoints from malware.

spam filtering
Prevent spam emails from reaching endpoints.

blocklisting
Prevent endpoints from connecting to websites with bad reputations by immediately blocking connections based on the latest reputation intelligence.

data loss prevention (DLP)
Prevent sensitive information from being lost or stolen.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Network-Based Malware Protection

The following are examples of devices and
techniques that implement host protections
at the network level:

A
  • Advanced Malware Protection
    (AMP)
  • Email Security Appliance (ESA)
  • Web Security Appliance (WSA)
  • Network Admission Control (NAC)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Endpoints are also susceptible to data theft. For instance, if a corporate laptop is lost or stolen, a thief could scour the hard drive for sensitive information, contact information, personal information, and more.

The solution is to

A

lThe solution is to locally encrypt the disk drive with a strong encryption
algorithm such as 256-bit AES encryption. The encryption protects the
confidential data from unauthorized access. The encrypted disk volumes can
only be mounted for normal read/write access with the authorized password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

purpose of network access control (NAC) is to

A

allow only authorized and compliant
systems, whether managed or unmanaged, to access the network.
It unifies endpoint security technologies with user or device authentication and network security policy enforcement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

NAC systems can have the following capabilities:

A
  • Profiling and visibility – This recognizes and users and their devices before malicious
    code can cause damage.
  • Guest network access – This manages guests through a customizable, self-service
    portal that includes guest registration, guest authentication, guest sponsoring, and a
    guest management portal.
  • Security posture checking – This evaluates security-policy compliance by user type,
    device type, and operating system.
  • Incident response - Mitigating network threats by enforcing security policies that block,
    isolate, and repair noncompliant machines without administrator attention.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The goal of NAC systems is to

A

ensure that only hosts that are authenticated
and have had their security posture
examined and approved are permitted
onto the network.

Network access devices can function
as the enforcement layer, as shown in
the figure. They force the clients to
query a RADIUS server for
authentication and authorization. The
RADIUS server can query other
devices, such as an antivirus server,
and reply to the network enforcers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The ____ standard defines a port-based access control and authentication protocol that restricts unauthorized workstations from connecting to a LAN through publicly accessible switch ports.

A

IEEE 802.1X

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The 802.1x roles include:

A

Supplicant (Client)
Authenticator (Switch)
Authentication server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The device (workstation) that requests access to LAN and switch services and then responds to requests from the switch. The workstation must be running 802.1X-compliant client software. (The port that the client is attached to is the supplicant [client] in the IEEE 802.1X specification.)

A

Supplicant (Client)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Controls physical access to the network based on the authentication status of the client. The switch acts as an intermediary (proxy) between the client (supplicant) and the authentication server, requesting identifying information from the client, verifying that information with the authentication server, and relaying a response to the client. The switch uses a RADIUS software agent, which is responsible for encapsulating and de-encapsulating the EAP (Extensible Authentication Protocol) frames and interacting with the authentication server.

A

Authenticator (Switch)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Performs the actual authentication of the client. The authentication server validates the identity of the client and notifies the switch whether the client is authorized to access the LAN and switch services. Because the switch acts as the proxy, the authentication service is transparent to the client. The RADIUS security system with EAP extensions is the only supported authentication server

A

Authentication server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  • Between the supplicant and the authenticator
A
  • EAP data is encapsulated in EAPOL frames.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  • Between the authenticator and the authentication server
A

‐ EAP data is encapsulated using RADIUS

17
Q

Many devices and technologies enhance host-based endpoint protections including

A

email security appliances, web security appliances, NAC, and the Cisco Identity Services Engine (ISE).

18
Q

Another way that endpoints can be protect from data loss is through the use of

A

encryption using software, such as BitLocker.

19
Q

is a system that can check whether endpoints that attempt to the network comply with network security policies.

A

Network Access Control

20
Q

combines AAA and NAC and into a single system.

A

Cisco ISE

21
Q

provides a means by which authenticator network access switch can act as an
intermediary between a client and an authentication server.

A

802.1X

22
Q

The system uses ____ to carry authentication traffic between the switch and the
authenticator switch

A

EAP and EAPOL

23
Q

What prevents endpoints from connecting with websites that have a bad reputation based on the latest reputation intelligence?

A

Blocklisting blocks access to websites that have a bad reputation.

24
Q

What protects endpoints from malicious software?

A

Antimalware software protects endpoints from malicious software such as viruses and worms.

25
Q

What prevents sensitive information from being lost or stolen?

A

Data loss prevention (DLP) prevents sensitive information from being lost or stolen.

26
Q

What filters unwanted emails before they reach the endpoint?

A

Spam filtering prevents unwanted emails from reaching endpoints.

27
Q

A switch has the following command issued as part of an 802.1X deployment.

address ipv4 10.1.1.50 auth-port 1812 acct-port 1813

What is the purpose of this command?

A

it identifies the address of the RADIUS server and ports on the server used for RADIUS traffic

When using 802.1x authentication, a switch must be configured with the IP address of the RADIUS server, and the port numbers used to communicate with the authentication server.

28
Q

Which device is used as the authentication server in an 802.1X implementation?

A

RADIUS server

In an 802.1x implementation the authentication server is typically a host server running software supporting the RADIUS and EAP protocols.

29
Q

What are two main capabilities of a NAC system? (Choose two.)

A

security posture check

incident response

The primary goal of a network access control (NAC) system is to allow only authorized and compliant systems onto the network. NAC systems can have the following capabilities:
profiling and visibility – recognize and profile users and devices before malicious code can cause damage
guest network access – manage guest access including authentication, registration, and sponsoring
security posture check – evaluate security policy compliance by user type, device type, and operating system
incident response – mitigate network threats by enforcing security policies

30
Q

Which Cisco appliance can be used to filter network traffic contents to report and deny traffic based on the web server reputation?

A

WSA

The Cisco Web Security Appliance (WSA) acts as a web proxy for an enterprise network. WSA can provide many types of logs related to web traffic security including ACL decision logs, malware scan logs, and web reputation filtering logs. The Cisco Email Security Appliance (ESA) is a tool to monitor most aspects of email delivery, system functioning, antivirus, antispam operations, and block list and allowed list decisions. The Cisco ASA is a firewall appliance. The Cisco Application Visibility and Control (AVC) system combines multiple technologies to recognize, analyze, and control over 1000 applications.

31
Q

Which command is used to enable AAA as part of the 802.1X configuration process on a Cisco device?

A

aaa new-model

The first step in configuring 802.1X is to enable AAA using the aaa new-model global configuration command. The next step is to designate the RADIUS server and configure its address and ports.

32
Q

The switch port to which a client attaches is configured for the 802.1X protocol. The client must authenticate before being allowed to pass data onto the network. Between which two 802.1X roles is EAP data encapsulated using RADIUS? (Choose two.)

A

authentication server

authenticator

When a client supplicant is starting the 802.1X message exchange, an EAPOL-Start message is sent between the supplicant and the authenticator, which is the switch. The authenticator then sends EAP data, encapsulated using RADIUS, to the authentication server.

33
Q

Which host-based security measure is used to restrict incoming and outgoing connections?

A

host-based firewall

A host-based firewall is software installed on a single host that restricts incoming and outgoing connections to that host.

34
Q

Which security service is provided by 802.1x?

A

port-based network access control

802.1x is an industry standard for providing port-based network access control. It provides a mechanism to authenticate devices onto the local-area networks and WLANs.

35
Q

Why is it important to protect endpoints?

A

after an endpoint is breached, an attacker can gain access to other devices

Two internal LAN elements to protect are the endpoints and the network infrastructure devices. Endpoints are susceptible to malware-related attacks and once infiltrated, can become a starting point to access other system devices.

36
Q

Websites are rated based on the latest website reputation intelligence. Which endpoint security measure prevents endpoints from connecting to websites that have a bad rating?

A

denylisting

Denylisting blocks endpoints from connecting to suspicious websites that have a bad reputation based on the latest intelligence.

37
Q

When would the authentication port-control command be used during an 802.1X implementation?

A

when an organization needs to control the port authorization state on a switch

The authentication port-control switch interface command is used when an organization wants to control the port authorization state, of a particular port, during the 802.1X authentication process. When the authentication port-control auto command is issued, it enables 802.1X port-based authentication and only allows EAPOL, STP, and CDP traffic to be sent until the client device has been authenticated.

38
Q

When using 802.1X authentication, what device controls physical access to the network, based on the authentication status of the client?

A

the switch that the client is connected to

The devices involved in the 802.1X authentication process are as follows:
The supplicant, which is the client that is requesting network access
The authenticator, which is the switch that the client is connecting and that is actually controlling physical network access
The authentication server, which performs the actual authentication

39
Q

A port has been configured for the 802.1X protocol and the client has successfully authenticated. Which 802.1X state is associated with this PC?

A

authorized

When a port is configured for 802.1X, the port starts in the unauthorized state and stays that way until the client has successfully authenticated. Once authenticated, the port moves to the authorized state and the client is granted access to the network.