Module 3

Question 1

are responsible for maintaining data assurance for an organization and ensuring the integrity and confidentiality of information.

Answer 1

Network security professionals

Question 2

Security specialist job roles within an enterprise include

Answer 2

Chief Information Officer (CIO),
Chief Information Security Officer (CISO),
Security Operations (SecOps) Manager,
Chief Security Officer (CSO),
Security Manager, and
Network Security Engineer.

Question 3

Regardless of job titles, network security
professionals must always stay one step ahead of the hackers:

Answer 3

• They must constantly upgrade their skill set to keep abreast of the latest threats.
• They must attend training and workshops.
• They must subscribe to real-time feeds regarding threats.
• They must peruse security websites daily.
• They must maintain familiarity with network security organizations. These organizations often have
  the latest information on threats and vulnerabilities.

Question 4

Network Intelligence Communities

Answer 4

SANS
Mitre
FIRST Forum of Incident Response and Security Teams
SecurityNewsWire
(ISC)2 International Information Systems Security Certification Consortium
CIS Center for Internet Security

Question 5

Institute resources are largely free upon request and include:

The Internet Storm Center - the popular internet early warning system
NewsBites, the weekly digest of news articles about computer security.
@RISK, the weekly digest of newly discovered attack vectors, vulnerabilities with active exploits, and explanations of how recent attacks worked
Flash security alerts
Reading Room - more than 1,200 award-winning, original research papers.
SANS also develops security courses.

Answer 5

SANS

SysAdmin, Audit, Network, Security (SANS)

Question 6

maintains a list of common vulnerabilities and exposures (CVE) used by prominent security organizations making it easier for them to share data. The CVE serves as a dictionary of common names (i.e., CVE Identifiers) for known cybersecurity vulnerabilities.

Answer 6

The Mitre Corporation

Question 7

is a security organization that brings together a variety of computer security incident response teams from government, commercial, and educational organizations to foster cooperation and coordination in information sharing, incident prevention and rapid reaction.

Answer 7

Forum of Incident Response and Security Teams (FIRST)

Question 8

A security news portal that aggregates the latest breaking news pertaining to alerts, exploits, and vulnerabilities.

Answer 8

SecurityNewsWire

Question 9

provides vendor neutral education products and career services to more than 75,000+ industry professionals in more than 135 countries.

Answer 9

International Information Systems Security Certification Consortium (ISC2)

Question 10

is a focal point for cyber threat prevention, protection, response, and recovery for state, local, tribal, and territorial (SLTT) governments through the Multi-State Information Sharing and Analysis Center (MS-ISAC). The MS-ISAC offers 24x7 cyber threat warnings and advisories, vulnerability identification, and mitigation and incident response.

Answer 10

Center for Internet Security (CIS)

Question 11

To remain effective, a network security professional must:

Answer 11

Keep abreast of the latest threats -
This includes subscribing to real-time feeds regarding threats, routinely perusing security-related websites, following security blogs and podcasts, and more.

Continue to upgrade skills -
This includes attending security-related training, workshops, and conferences.

Question 12

Information security deals with protecting information
and information systems from unauthorized access,
use, disclosure, disruption, modification, or
destruction. The ___ serves as a conceptual
foundation for the field.

Answer 12

CIA Triad

Question 13

Only authorized individuals, entities, or processes can access sensitive information.

Answer 13

Confidentiality

Question 14

This refers to the protection of data from unauthorized alteration.

Answer 14

Integrity

Question 15

Authorized users must have uninterrupted access to the network resources and data that they require.

Answer 15

Availability

Question 16

There are 14 network security domains specified by the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC).

Described by ISO/IEC 27001, these 14 domains serve to organize, at a high level, the vast realm of information and activities under the umbrella of network security.

These domains have some significant parallels with domains defined by the Certified Information Systems Security Professional (CISSP) certification.

Answer 16

CONT

The 14 domains are intended to serve as a common basis for developing organizational security standards and effective security management practices.

They also help to facilitate communication between organizations.

These 14 domains provide a convenient separation of the elements of network security. While it is not important to memorize these 14 domains, it is important to be aware of their existence and formal declaration by the ISO. In the ISO 27001 standard these are known as the 14 control sets of Annex A. They will serve as a useful reference in your work as a network security professional.

Question 17

14 Network Security Domain

Answer 17

Information Security Policies
Organization of Information Security
Human Resources Security
Asset Management
Access Control
Cryptography
Physical and Environmental Security
Operations Security
Communications Security
System Acquisition, Development, and Maintenance
Supplier Relationships
Information Security Incident Management
Business Continuity Management
Compliance

Question 18

This annex is designed to ensure that security policies are created, reviewed, and maintained.

Answer 18

Information Security Policies

Question 19

This is the governance model set out by an organization for information security. It assigns responsibilities for information security tasks within an organization.

Answer 19

Organization of Information Security

Question 20

This addresses security responsibilities relating to employees joining, moving within, and leaving an organization.

Answer 20

Human Resources Security

Question 21

This concerns the way that organizations create an inventory of and classification scheme for information assets.

Answer 21

Asset Management

Question 22

This describes the restriction of access rights to networks, systems, applications, functions, and data.

Answer 22

Access Control

Question 23

This concerns data encryption and the management of sensitive information to protect confidentiality, integrity, and availability of data.

Answer 23

Cryptography

Question 24

This describes the protection of the physical computer facilities and equipment within an organization.

Answer 24

Physical and Environmental Security

Question 25

This describes the management of technical security controls in systems and networks including malware defenses, data backup, logging and monitoring, vulnerability management, and audit considerations. This domain is also concerned with the integrity of software that is used in business operations.

Answer 25

Operations Security

Question 26

This concerns the security of data as it is communicated on networks, both within an organization or between and organization and third parties such as customers or suppliers.

Answer 26

Communications Security

Question 27

This ensures that information security remains a central concern in an organization’s processes across the entire lifecycle, in both private and public networks.

Answer 27

System Acquisition, Development, and Maintenance

Question 28

This concerns the specification of contractual agreements that protect an organization’s information and technology assets that are accessible by third parties that provide supplies and services to the organization.

Answer 28

Supplier Relationships

Question 29

This describes how to anticipate and respond to information security breaches.

Answer 29

Information Security Incident Management

Question 30

This describes the protection, maintenance, and recovery of business-critical processes and systems.

Answer 30

Business Continuity Management

Question 31

This describes the process of ensuring conformance with information security policies, standards, and regulations.

Answer 31

Compliance

Question 32

are the guidelines that are developed by an organization to govern its actions. The policies define standards of correct behavior for the business and its employees. In networking, policies define the activities that are allowed on the network. This sets a baseline of acceptable use. If behavior that violates business policy is detected on the network, it is possible that a security breach has occurred.

Answer 32

Business policies

Question 33

These policies establish the rules of conduct and the responsibilities of both employees and employers.

Policies protect the rights of workers as well as the business interests of employers.

Depending on the needs of the organization, various policies and procedures establish rules regarding employee conduct, attendance, dress code, privacy and other areas related to the terms and conditions of employment.

Answer 33

Company policies

Question 34

These policies are created and maintained by human resources staff to identify employee salary, pay schedule, employee benefits, work schedule, vacations, and more.

They are often provided to new employees to review and sign.

Answer 34

Employee policies

Question 35

These policies identify a set of security objectives for a company, define the rules of behavior for users and administrators, and specify system requirements.

These objectives, rules, and requirements collectively ensure the security of a network and the computer systems in an organization.

Much like a continuity plan, a security policy is a constantly evolving document based on changes in the threat landscape, vulnerabilities, and business and employee requirements.

Answer 35

Security policies

Question 36

are used to inform users, staff, and managers of an organization’s requirements for protecting technology and information assets. A______also specifies the mechanisms that are needed to meet security requirements and provides a baseline from which to acquire, configure, and audit computer systems and networks for compliance.

Answer 36

Security policies

Question 37

A comprehensive security policy has a number of benefits, including the following:

Answer 37

Demonstrates an organization’s commitment to security

Sets the rules for expected behavior

Ensures consistency in system operations, software and hardware acquisition and use, and maintenance

Defines the legal consequences of violations

Gives security staff the backing of management

Question 38

Specifies authorized persons that can have access to network resources and identity verification procedures.

Answer 38

Identification and authentication policy

Question 39

Ensures passwords meet minimum requirements and are changed regularly.

Answer 39

Password policies

Question 40

Identifies network applications and uses that are acceptable to the organization. It may also identify ramifications if this policy is violated.

Answer 40

Acceptable Use Policy (AUP)

Question 41

Identifies how remote users can access a network and what is accessible via remote connectivity.

Answer 41

Remote access policy

Question 42

Specifies network device operating systems and end user application update procedures.

Answer 42

Network maintenance policy

Question 43

Describes how security incidents are handled.

Answer 43

Incident handling procedures

Question 44

One of the most common security policy components is an ____. This can also be referred to as an _____ This component defines what users are allowed and not allowed to do on the various system components. This includes the type of traffic that is allowed on the network. The ___ should be as explicit as possible to avoid misunderstanding.

Answer 44

AUP / Appropriate use policy

Question 45

Many organizations must now also support _____. This enables employees to use
their own mobile devices to access company systems, software, networks, or information. This can bring an
increased information security risk because ____ can lead to data breaches and greater liability for the
organization.

Answer 45

Bring Your Own Device (BYOD)

Question 46

BYOD security best practices to help mitigate BYOD vulnerabilities are:

Answer 46

Password protected access
Manually control wireless connectivity
Keep updated
Back up data
Enable “Find my Device”
Provide antivirus software
Use Mobile Device Management (MDM)

Question 47

BYOD provides several key benefits to enterprises, including

Answer 47

increased productivity,
reduced IT and operating costs,
better mobility for employees, and
greater appeal when it comes to hiring and retaining employees.

Question 48

Use unique passwords for each device and account.

Answer 48

Password protected access

Question 49

Turn off Wi-Fi and Bluetooth connectivity when not in use. Connect only to trusted networks.

Answer 49

Manually control wireless connectivity

Question 50

Always keep the device OS and other software updated. Updated software often contains security patches to mitigate against the latest threats or exploits.

Answer 50

Keep updated

Question 51

Enable backup of the device in case it is lost or stolen.

Answer 51

Back up data

Question 52

Subscribe to a device locator service with remote wipe feature.

Answer 52

Enable “Find my Device”

Question 53

Provide antivirus software for approved BYOD devices.

Answer 53

Provide antivirus software

Question 54

MDM software enables IT teams to implement security settings and software configurations on all devices that connect to company networks.

Answer 54

Use Mobile Device Management (MDM) software

Question 55

Network security professionals must be familiar with the laws and codes of ethics that are binding on ___ professionals.

Answer 55

Information Systems Security (INFOSEC)

Question 56

A common analogy used to describe a defense-in-depth approach is called

Answer 56

“the security onion.”

Question 57

Security Onion

Answer 57

Hardened devices
Authentication, Authorization, and Accounting (AAA)
Content filtering
Intrusion Prevention Systems (IPS)
Firewall

Question 58

The changing landscape of networking, such as the evolution of borderless networks, has changed this analogy to the ____ which benefits the threat actor.

threat actors no longer have to peel away each layer. They only need to remove certain _____ The bonus is that each “leaf” of the network may reveal sensitive data that is not well secured.

Answer 58

“security artichoke”

“artichoke leaves.”

Question 59

Security Artichoke

Answer 59

Passwords
Client-side Attacks
Databases
Web Applications
Buffer Overflows

Question 60

involves using different types of tools to test the network and end devices to validate the
security of the network.

Answer 60

Ethical hacking

Question 61

uses hacker techniques and tools to evaluate the strength of network security measures. Cybersecurity personnel must also know how to use these tools when performing
network ____

Answer 61

Penetration testing

Question 62

are an integrated security solution that combines traditionally independent tools into a suite of tools that are made to work together

Answer 62

Data Security Platforms (DSP)

Question 63

One such DSP _____ is a cloud-based security operations
platform that enables organizations to integrate many
security functionalities into a single platform. ____
provides event management, network behavior
analytics, advanced threat detection, and incident
security orchestration, automation, and response
(SOAR) for response to threats as they are detected.

Answer 63

FireEye Helix

Question 64

platform works with
diverse products that combine to safeguard your
network, users and endpoints, cloud edge, and
applications. SecureX functionality is built in to a
large and diverse portfolio of Cisco security
products including next-generation firewalls, VPN,
network analytics, identity service engine,
advanced malware protection (AMP), and many
other systems that work to secure all aspects of a
network. SecureX also integrates a range of thirdparty security tools.

Answer 64

Cisco SecureX

Question 65

___ is one of the largest commercial threat
intelligence teams in the world. The goal of ___ is to help
protect enterprise users, data, and infrastructure from
active adversaries. The ____ team collects information
about active, existing, and emerging threats.____ then
provides comprehensive protection against these attacks
and malware to its subscribers.

Answer 65

Cisco Talos Threat Intelligence Group

Question 66

Defending / Securing the Network

Answer 66

Develop a written security policy for the company.

Educate employees about the risks of social engineering, and develop strategies to validate identities over the phone, via email, or in person.

Control physical access to systems.

Use strong passwords and change them often.

Encrypt and password-protect sensitive data.

Implement security hardware and software such as firewalls, IPSs, virtual private network (VPN) devices, antivirus software, and content filtering.

Perform backups and test the backed-up files on a regular basis.

Shut down unnecessary services and ports.

Keep patches up-to-date by installing them weekly or daily, if possible, to prevent buffer overflow and privilege escalation attacks.

Perform security audits to test the network.

Question 67

Mitigating Malware

Answer 67

Antivirus software (virus and trojan) helps prevent hosts from getting infected and spreading malicious code. It requires much more time to clean up infected computers than it does to maintain up-to-date antivirus software and antivirus definitions on the same machines.

Antivirus are host-based. antivirus software helps prevent hosts from getting infected and spreading malicious code.

These products are installed on computers and servers to detect and eliminate viruses.
However, they do not prevent viruses from entering the network.

Another way to mitigate
malware threats is to prevent malware files from entering the network at all. Security devices at
the network perimeter can identify known malware files based on their indictors of compromise.
The files can be removed from the incoming data stream before they can cause an incident.

Question 68

Mitigating Worms (4 phase)

Answer 68

1. Containment
2. Inoculation
3. Quarantine
4. Treatment

Question 69

involves limiting the spread of a worm infection to areas of the network that are already affected. This requires compartmentalization and segmentation of the network to slow down or stop the worm and to prevent currently infected hosts from targeting and infecting other systems. ______ requires using both outgoing and incoming ACLs on routers and firewalls at control points within the network.

Answer 69

The containment phase

Question 70

runs parallel to or subsequent to the containment phase. During the inoculation phase, all uninfected systems are patched with the appropriate vendor patch. The ____ process further deprives the worm of any available targets.

Answer 70

The inoculation phase

Question 71

involves tracking down and identifying infected machines within the contained areas and disconnecting, blocking, or removing them. This isolates these systems appropriately for the treatment phase.

Answer 71

The quarantine phase

Question 72

involves actively disinfecting infected systems. This can involve terminating the worm process, removing modified files or system settings that the worm introduced, and patching the vulnerability the worm used to exploit the system. Alternatively, in more severe cases, the system may need to be reinstalled to ensure that the worm and its by-products are removed.

Answer 72

The treatment phase

Question 73

Mitigating Reconnaissance Attacks

Answer 73

Implementing authentication to ensure proper access.

Using encryption to render packet sniffer attacks useless.

Using anti-sniffer tools to detect packet sniffer attacks.

Implementing a switched infrastructure.

Using a firewall and IPS.

Question 74

are typically the precursor to other attacks that have the intent of gaining unauthorized access to a network or disrupting network functionality.

Answer 74

Reconnaissance attacks

Question 75

provides intrusion prevention in a standalone device. Additionally, the Cisco Integrated Service Router supports network-based intrusion prevention through the Cisco IOS security image.

Answer 75

Cisco’s Adaptive Security Appliance (ASA)

Question 76

is also effective for mitigating packet sniffer attacks. If traffic is _____, using a packet sniffer is of little use because captured data is not readable.

Answer 76

Encryption

Question 76

____ detect changes in the response time of hosts to determine whether the hosts are processing more traffic than their own traffic loads would indicate. While this does not completely eliminate the threat, as part of an overall mitigation system, it can reduce the number of instances of threat.

Answer 76

Anti-sniffer software and hardware tools

Question 77

It is impossible to mitigate port scanning, but using an _____ can limit the information that can be discovered with a port scanner.

Answer 77

intrusion prevention system (IPS) and firewall

Question 78

Mitigating Access Attacks

Answer 78

Use strong passwords -
Strong passwords are at least eight characters and contain uppercase letters, lowercase letters, numbers, and special characters.

Disable accounts after a specified number of unsuccessful logins has occurred -
This practice helps to prevent continuous password attempts.

Question 78

The network should also be designed using the principle of minimum trust.

Answer 78

True

Question 79

is a critical component of any modern secure network.

Answer 79

Cryptography

Question 80

Educate employees about the risks of social
engineering, and develop strategies to validate identities over the phone, via email, or in
person. _____ has become increasingly common.

Answer 80

Multifactor authentication (MFA)

Question 81

Using ___ for remote access to a network is recommended. Routing protocol traffic should also be ____

Answer 81

encryption

Question 82

One of the first signs of a DoS attack is a large number of user complaints about
unavailable resources or unusually slow network performance. A network utilization graph
showing unusual activity could indicate a DoS attack. To minimize the number of attacks,
a ___ should be running at all times.

Answer 82

network utilization software package

Question 83

Historically, many DoS attacks were sourced from spoofed addresses. Cisco routers and
switches support many antispoofing technologies, such as

Answer 83

port security,
Dynamic Host Configuration Protocol (DHCP) snooping,
IP Source Guard,
Dynamic Address Resolution Protocol (ARP) Inspection, and
access control lists (ACLs).

Question 84

____ provides comprehensive guidelines for protecting the network infrastructure. These guidelines form the foundation for continuous delivery of service.

Answer 84

The Cisco Network Foundation Protection (NFP) framework

Question 85

NFP logically divides routers and switches into three functional areas,

Answer 85

Control Plane
Management Plane
Data Plane (Forwarding Plane)

Question 86

Responsible for routing data correctly. Control plane traffic consists of device-generated packets required for the operation of the network itself, such as ARP message exchanges, or OSPF routing advertisements.
Control plane -

Answer 86

Control plane

Question 87

Responsible for managing network elements. Management plane traffic is generated either by network devices or network management stations using processes and protocols such as Telnet, SSH, TFTP, FTP, NTP, AAA, SNMP, syslog, TACACS+, RADIUS, and NetFlow.

Answer 87

Management plane

Question 88

Responsible for forwarding data. Data plane traffic normally consists of user-generated packets being forwarded between end devices. Most traffic travels through the router, or switch, via the data plane.

Answer 88

Data plane (Forwarding plane)

Question 89

exchange of routing information <—–> routing protocol —–> ip routing protocol

Answer 89

Control plane

Question 90

incoming IP packet —> IP forwarding table —> outgoing IP packet

ip routing table —-> ip forwarding table

Answer 90

Data plane

Question 91

Management processes <—- Management Sessions

Answer 91

Management plane

Question 92

______ consists of device-generated packets required for the operation of the network itself.

Answer 92

Control plane traffic

Question 93

Securing the Control Plane

Answer 93

Routing protocol authentication
Control Plane Policing (CoPP)
AutoSecure

Question 94

prevents a router from accepting fraudulent routing updates. Most routing protocols support neighbor authentication.

Answer 94

Routing protocol authentication or neighbor authentication

Question 95

is a Cisco IOS feature designed to allow users to control the flow of traffic that is handled by the route processor of a network device.

Answer 95

Control Plane Policing (CoPP)

Question 96

can lock down the management plane functions and the forwarding plane services and functions of a router.

Answer 96

AutoSecure

Question 97

is designed to prevent unnecessary traffic from overwhelming the route processor. The ____ feature treats the control plane as a separate entity with its own ingress (input) and egress (output) ports. A set of rules can be established and associated with the ingress and egress ports of the control plane.

Answer 97

CoPP Control Plane Policing

Question 98

Securing the Management Plane

Answer 98

Login and password policy
Present legal notification
Ensure the confidentiality of data
Role-based access control (RBAC)
Authorize actions
Enable management access reporting

Question 99

Restricts device accessibility. Limits the accessible ports and restricts the “who” and “how” methods of access.

Answer 99

Login and password policy

Question 100

Displays legal notices. These are often developed by legal counsel of a corporation.

Answer 100

Present legal notification

Question 101

Protects locally stored sensitive data from being viewed or copied. Uses management protocols with strong authentication to mitigate confidentiality attacks aimed at exposing passwords and device configurations.

Answer 101

Ensure the confidentiality of data

Question 102

Ensures access is only granted to authenticated users, groups, and services. RBAC and authentication, authorization, and accounting (AAA) services provide mechanisms to effectively manage access control.

Answer 102

Role-based access control (RBAC)

Question 103

Restricts the actions and views that are permitted by any particular user, group, or service.

Answer 103

Authorize actions

Question 104

Logs and accounts for all access. Records who accessed the device, what occurred, and when it occurred.

Answer 104

Enable management access reporting

Question 105

is generated either by network devices or network
management stations using processes and protocols such as Telnet, SSH, and TFTP, etc. The _____ is a very attractive target to hackers.

Answer 105

Management plane traffic

Question 106

____ restricts user access based on the role of the user. Roles are created according to job or task functions, and assigned access permissions to specific assets. Users are then assigned to roles, and are granted the permissions that are defined for that role.

Answer 106

RBAC Role based access control

Question 107

In Cisco IOS, the role-based CLI access feature implements RBAC for ____ . The feature creates different “views” that define which commands are accepted and what configuration information is visible. For scalability, users, permissions, and roles are usually created and maintained in a central repository server. This makes the access control policy available to multiple devices. The central repository server can be a Cisco Identity Services Engine (ISE) which can provide authentication, authorization, and accounting (AAA) network services.

Answer 107

router management access

Question 108

Securing the Data Plane

Answer 108

Blocking unwanted traffic or users

Reducing the chance of DoS attacks

Mitigating spoofing attacks

Providing bandwidth control

Classifying traffic to protect the Management and Control planes

Question 109

consists mostly of user packets being forwarded through the router via the_____ .

Answer 109

Data plane traffic

Question 110

Data plane security can be implemented using

Answer 110

ACLs,
antispoofing mechanisms, and
Layer 2 security features,

Question 111

____ can also be used as an antispoofing mechanism by discarding traffic that has an invalid source address. This means that attacks must be initiated from valid, reachable IP addresses, which allows the packets to be traced to the originator of an attack.

Answer 111

ACLs

Question 112

Features, such as___ can be used to complement the antispoofing strategy.

Answer 112

Unicast Reverse Path Forwarding (uRPF),

Question 113

Layer 2 security tools are integrated into the Cisco Catalyst switches:

Answer 113

Port security
DHCP snooping
Dynamic ARP Inspection (DAI)
IP Source Guard (IPSG)

Question 114

Prevents MAC address spoofing and MAC address flooding attacks.

Answer 114

Port security

Question 115

Prevents client attacks on the DHCP server and switch.

Answer 115

DHCP snooping

Question 116

Adds security to ARP by using the DHCP snooping table to minimize the impact of ARP poisoning and spoofing attacks.

Answer 116

Dynamic ARP Inspection (DAI)

Question 117

Prevents spoofing of IP addresses by using the DHCP snooping table.

Answer 117

IP Source Guard (IPSG)

Question 118

The ____ uses Control Plane Policing (CoPP) to allow users to control the flow of traffic that is handled by the route processor of a network device.

Answer 118

control plane

Question 118

The information flow between in the _____ can be out-of-band (OOB), where information flows within a network on which no production traffic resides. It can also be in-band, where information flows across the enterprise production network, the internet, or both.

Answer 118

management plane

Question 119

The ___ is responsible for applying ACLs such as whether traffic from hosts, networks, or users, can access the network.

Answer 119

data plane

Question 120

The control plane is responsible for

Answer 120

routing protocol authentication,
route processor traffic (CoPP), and
AutoSecure.

Question 121

The management plane is responsible for the following features:

Answer 121

login and password policy;
present legal notification;
data confidentiality;
role-based access control (RBAC);
action authorization; and
management access reporting.

Question 122

The data plane is responsible for

Answer 122

ACLs and
port security that block unwanted traffic
as well as mitigating spoof attacks.

Question 123

is the primary means of mitigating both virus and Trojan horse attacks. By using up-to-date antivirus software, the spread of viruses and Trojan horse attacks can be reduced.

Answer 123

Antivirus software

Question 124

The CIA triad contains three components: _____ . It is a guideline for information security for an organization.

Answer 124

confidentiality, integrity, and availability

Question 125

Which section of a security policy is used to specify that only authorized individuals should have access to enterprise data?

Answer 125

The identification and authentication policy section of the security policy typically specifies authorized persons that can have access to network resources and identity verification procedures.

Question 125

Which security implementation will provide control plane protection for a network device?

Answer 125

routing protocol authentication

Control plane traffic such as ARP messages or routing protocol advertisements are generated by a network device in order to support network operations. Routing protocol authentication provides an extra measure of security to authenticate the source of routing updates. Encrypting remote access connections, utilizing the NTP protocol, and using AAA, are all measures implemented to secure management plane traffic.

Question 126

What threat intelligence group provides blogs and podcasts to help network security professionals remain effective and up-to-date?

Answer 126

The Cisco Talos Group provides blogs and podcasts on security-related topics from a number of industry experts. These blogs and podcasts provide advice, research, and recommended mitigation techniques.

Question 127

What worm mitigation phase involves actively disinfecting infected systems?

Answer 127

The four phases of worm mitigation are:
Containment
Inoculation
Quarantine
Treatment

Disinfecting systems is accomplished in the treatment phase and involves terminating the worm process, removing infected files, and patching vulnerabilities exploited by the worm.

Question 128

With the evolution of borderless networks, which vegetable is now used to describe a defense-in-depth approach?

Answer 128

The artichoke is now used to provide a visual analogy to describe a defense-in-depth security approach. The onion used to be descriptive because the attacker would “peel away” each layer of the network defense mechanisms. Now the artichoke is used because a single petal or leaf can be moved or removed to reveal sensitive information.

Question 129

How does BYOD change the way in which businesses implement networks?​

Answer 129

BYOD provides flexibility in where and how users can access network resources

A BYOD environment requires an organization to accommodate a variety of devices and access methods. Personal devices, which are not under company control, may be involved, so security is critical. Onsite hardware costs will be reduced, allowing a business to focus on delivering collaboration tools and other software to BYOD users.

Question 130

What functional area of the Cisco Network Foundation Protection framework uses protocols such as Telnet and SSH to manage network devices?

Answer 130

Management plane

There are three functional areas of the Cisco Network Foundation Protection (NFP) framework:

Control plane: Responsible for routing functions. Consists of the traffic generated by network devices to operate the network
Management plane: Responsible for managing network devices
Data (Forwarding) plane: Responsible for forwarding user data

Question 131

What security tool allows a threat actor to hack into a wireless network and detect security vulnerabilities?

Answer 131

Aircrack-ng, Kismet, InSSIDer, KisMAC, Firesheep, and NetStumbler are examples of tools used to hack into a wireless network.

Question 132

What is the primary function of SANS?

Answer 132

One of the primary functions of the SysAdmin, Audit, Network, Security (SANS) Institute is the maintenance of the Internet Storm Center early warning system.

Question 133

What method can be used to mitigate ping sweeps?

Answer 133

blocking ICMP echo and echo-replies at the network edge

To mitigate ping sweeps, ICMP echo and echo-reply messages can be blocked on network edge routers. This does come at a cost. Because ICMP is also used for network diagnostic data, this diagnostic data will be blocked as well.