Module 1

Question 1

Reasons for Network Security

Answer 1

Network security breaches can

disrupt e-commerce,
cause the loss of business data,
threaten people’s privacy, and
compromise the integrity of information.

These breaches can result in
lost revenue for corporations,
theft of intellectual property,
lawsuits, and
can even threaten public safety.

Question 2

provides comprehensive security and threat intelligence to defend customers and protect their assets.

Answer 2

Cisco Talos Intelligence Group website

Question 3

responsible for investigating and mitigating potential vulnerabilities in Cisco products.

Answer 3

Cisco Product Security Incident Response Team (PSIRT)

Question 4

An ___ is a path by which a threat actor can gain access to a server, host, or network. _____

originate from inside or outside the corporate network, as shown in the figure.

Answer 4

attack vector

Question 5

An internal user, such as an employee, can accidentally or intentionally:

Answer 5

Steal and copy confidential data to removable media, email, messaging software, and other media.

Compromise internal servers or network infrastructure devices.

Disconnect a critical network connection and cause a network outage.

Connect an infected USB drive into a corporate computer system.

Question 6

____ have the potential to cause greater damage than ___ because internal users have direct access to the building and its infrastructure devices. Employees may also have knowledge of the corporate network, its resources, and its confidential data.

Answer 6

Internal threats than external threats

Question 7

is likely to be an organization’s most valuable asset.

Answer 7

Data

Question 8

Organizational data can include

Answer 8

research and development data,
sales data,
financial data,
human resource and legal data,
employee data,
contractor data, and
customer data.

Question 9

is when data is intentionally or unintentionally lost, stolen, or leaked to the outside world.

Answer 9

Data loss, or data exfiltration,

Question 10

The data loss can result in:

Answer 10

Brand damage and loss of reputation
Loss of competitive advantage
Loss of customers
Loss of revenue
Litigation/legal action that results in fines and civil penalties
Significant cost and effort to notify affected parties and recover from the breach

Question 11

Various ____ controls must be implemented that combine strategic, operational, and tactical measures.

Answer 11

Data Loss Prevention (DLP)

Question 12

data loss vectors are

Answer 12

Email/Social Networking
Unencrypted Devices
Cloud Storage Devices
Removable Media
Hard Copy
Improper Access Control

Question 13

The most common vector for data loss includes instant messaging software and social media sites. For instance, intercepted email or IM messages could be captured and reveal confidential information.

Answer 13

Email/Social Networking

Question 14

A stolen corporate laptop typically contains confidential organizational data. If the data is not stored using an encryption algorithm, then the thief can retrieve valuable confidential data.

Answer 14

Unencrypted Devices

Question 15

Saving data to the cloud has many potential benefits. However, sensitive data can be lost if access to the cloud is compromised due to weak security settings.

Answer 15

Cloud Storage Devices

Question 16

One risk is that an employee could perform an unauthorized transfer of data to a USB drive. Another risk is that a USB drive containing valuable corporate data could be lost.

Answer 16

Removable Media

Question 17

Corporate data should be disposed of thoroughly. For example, confidential data should be shredded when no longer required. Otherwise, a thief could retrieve discarded reports and gain valuable information.

Answer 17

Hard Copy

Question 18

Passwords are the first line of defense. Stolen passwords or weak passwords which have been compromised can provide an attacker easy access to corporate data.

Answer 18

Improper Access Control

Question 19

__ consists of interconnected LANs within a limited geographic area.

Answer 19

Campus Area Networks

Question 20

Connections to untrusted networks must be checked in-depth by multiple layers of defense before reaching enterprise resources.

Answer 20

This is known as defense-in-depth.

Question 21

The Cisco Integrated Services Router is secured. It protects data in motion that is flowing from the CAN to the outside world by establishing _____. ___ ensure data confidentiality and integrity from authenticated sources.

Answer 21

Virtual Private Networks (VPNs). VPNs

Question 22

performs stateful packet filtering to filter return traffic from the outside network into the campus network.

Answer 22

ASA Firewall

A Cisco Adaptive Security Appliance (ASA) firewall

Question 23

continuously monitors incoming and outgoing network traffic for malicious activity. It logs information about the activity, and attempts to block and report it.

Answer 23

IPS

A Cisco Intrusion Prevention System (IPS) device

Question 24

These distribution layer switches are secured and provide secure redundant trunk connections to the Layer 2 switches. Several different security features can be implemented, such as ACLs, DHCP snooping, Dynamic ARP Inspection (DAI), and IP source guard.

Answer 24

Layer 3 Switches

Question 25

These access layer switches are secured and connect user-facing ports to the network. Several different security features can be implemented, such as port security, DHCP snooping, and 802.1X user authentication.

Answer 25

Layer 2 Switches

Question 26

provide advanced threat defense, application visibility and control, reporting, and secure mobility to secure and control email and web traffic.

Answer 26

ESA/WSA

A Cisco Email Security Appliance (ESA) and Web Security Appliance (WSA)

Question 27

authenticates users, authorizes what they are allowed to do, and tracks what they are doing.

Answer 27

AAA Server

An authentication, authorization, and accounting (AAA) server

Question 28

End points are secured using various features including antivirus and antimalware software, Host Intrusion Protection System features, and 802.1X authentication features.

Answer 28

Hosts

Question 29

physical security

Answer 29

fire alarms, sprinklers, seismically-braced server racks, redundant heating, ventilation, and air conditioning (HVAC), and UPS systems are in place to protect people, equipment, and data.

Question 30

data center physical security can be divided into two areas:

Answer 30

Outside perimeter security
Inside perimeter security

Question 31

This can include on-premise security officers, fences, gates, continuous video surveillance, and security breach alarms.

Answer 31

Outside perimeter security

Question 32

This can include continuous video surveillance, electronic motion detectors, security traps, and biometric access and exit sensors.

Answer 32

Inside perimeter security

Question 33

provide access to the data halls where data center data is stored.

is similar to an air lock.

Answer 33

Security traps

Question 34

allows organizations to use services such as data storage or cloud-based applications, to extend their capacity or capabilities without adding infrastructure.

Answer 34

Cloud computing

Question 35

is the foundation of cloud computing. Without it, cloud computing, as it is most-widely implemented, would not be possible.

Answer 35

Virtualization

Question 35

separates the application from the hardware.

Answer 35

Cloud computing

Question 36

separates the operating system from the hardware.

Answer 36

Virtualization

Question 37

VMs are prone to attacks

Answer 37

Hyperjacking
Instant On Activation
Antivirus Storms

Question 38

-An attacker could hijack a VM hypervisor (VM controlling software) and then use it as a launch point to attack other devices on the data center network.

Answer 38

Hyperjacking

Question 39

• When a VM that has not been used for a period of time is brought online, it may have outdated security policies that deviate from the baseline security and can introduce security vulnerabilities.

Answer 39

Instant On Activation

Question 40

• This happens when all VMs attempt to download antivirus data files at the same time.

Answer 40

Antivirus Storms

Question 41

Cisco Solution to VMs attacks

Answer 41

Cisco Secure Data Center solution

Question 42

The core components of the Cisco Secure Data Center solution provide the following services:

Answer 42

Secure Segmentation
Threat Defense
Visibility

Question 43

ASA devices and a Virtual Security Gateway integrated into the Cisco Nexus Series switches are deployed in a data center network to provide secure segmentation. This provides granular inter-virtual-machine security.

Answer 43

Secure Segmentation

Question 44

ASAs and IPS devices in data center networks use threat intelligence, passive OS fingerprinting, and reputation and contextual analysis to provide threat defense.

Answer 44

Threat Defense

Question 45

Visibility solutions are provided using software such as the Cisco Security Manager which help simplify operations and compliance reporting.

Answer 45

Visibility

Question 46

To accommodate the BYOD trend, Cisco developed the ___. ___ access to resources can be initiated by users from many locations, on many types of endpoint devices, using various connectivity methods.

Answer 46

Borderless Network

Question 47

To support this blurred network edge, Cisco devices support ____. ____ secure, monitor, and manage mobile devices, including corporate-owned devices and employee-owned devices. ____supported and managed devices include not only handheld devices, such as smartphones and tablets, but also laptop and desktop computing devices.

Answer 47

Mobile Device Management (MDM) features.

Question 48

Critical functions performed by MDM (Mobile Device Management

Answer 48

Data Encryption
PIN Enforcement
Data Wipe
Data Loss Prevention (DLP)
Jailbreak / Root Detection

Question 49

Most devices have built-in ___ capabilities, both at the device and file level. MDM features can ensure that only devices that support ___ and have it enabled can access the network and corporate content.

Answer 49

data encryption

Question 50

____ is the first and most effective step in preventing unauthorized access to a device. Furthermore, strong password policies can also be enforced by an MDM, reducing the likelihood of brute-force attacks.

Answer 50

Enforcing a PIN lock

Question 51

Lost or stolen devices can be remotely fully- or partially-____, either by the user or by an administrator via the MDM.

Answer 51

wiped / data wipe

Question 52

While data protection functions (like PIN locking, data encryption and remote data wiping) prevent unauthorized users from accessing data, __ prevents authorized users from doing careless or malicious things with critical data.

Answer 52

Data Loss Prevention (DLP)

Question 53

____ (on Apple iOS devices) and __ (on Android devices) are a means to bypass the management of a device. MDM features can detect such bypasses and immediately restrict a device’s access to the network or other corporate assets.

Answer 53

Jailbreaking apple
rooting android

Question 54

The____ network type consists of a number of LANs that are connected together across a limited geographic area.

Answer 54

CAN Campus Area Network

Question 55

networks include a consumer grade router with basic security features to protect inside assets from outside attackers.

Answer 55

SOHO Small Office and Home Office

Question 56

networks may use high-speed Nexus switches to connect off-site facilities to corporate sites.

Answer 56

Data center

Question 57

is a security measure found both inside and outside a data center facility. A gate provides outside perimeter security. Security traps, biometrics access, and exit sensors provide inside perimeter security.

Answer 57

Continuous video surveillance

Question 58

can be intentional or accidental and cause greater damage than external threats because the internal user has direct access to the internal corporate network and corporate data.

Answer 58

Internal threats

Question 59

are commonly used between corporate sites and between mobile or remote workers that connect to and use resources on the corporate network.

Answer 59

VPNs

Question 60

commonly have multiple LANs that have host devices attached. A SOHO topology contains wired and wireless hosts on a limited basis. Data centers and cloud topologies typically do not have PCs.

Answer 60

Campus area networks (CANs)

Question 61

The company had a ___network with no subnets. The threat actor was able to access and destroy all kinds of corporate data due to a thermostat that was on the network, but was not scanned as part of the security procedures.

Answer 61

flat

Question 62

use a variety of techniques for security including redundant heating, ventilation, and air conditioning (HVAC), UPS systems, fire alarms, sprinklers, video surveillance, electronic motion detectors, security traps, biometric security, security officers, fences, gates, video surveillance, and security breach alarms. Even though cloud-based virtualized servers and network devices may be housed in a data center, protection for cloud computing requires other technologies.

Answer 62

Data centers

Question 63

is used to secure, monitor, and manage both corporate-owned and employee-owned devices such as smartphones, tablets, laptops, and desktops.

Answer 63

Mobile Device Management (MDM)

Question 64

occurs when an attacker hijacks a virtual machine (VM) hypervisor and then uses that VM to launch an attack on other data center devices.

Answer 64

Hyperjacking

Question 64

Data, such as research and development data, sales data, financial data, human resource and legal data, employee data, contractor data, and customer data, is likely to be the ____ for an organization.

Answer 64

most valuable asset

Question 65

is popular and has many benefits. However data stored there could be compromised due to weak security settings.

Answer 65

Cloud storage

Question 66

A distinguishing factor of campus area networks (CANs) are that they have ___

Answer 66

interconnected LANs.