Module 3

Question 1

Security network organization to keep you informed-

Answer 1

SANS, Mitre, FIRST, SecurityNewsWire, ISC^2, and CIS

Question 2

What does information security deal with?

Answer 2

Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction

Question 3

What does the CIA triad consist of?

Answer 3

Three components of information security: Confidentiality, Integrity, and Availability

Question 4

Who is responsible for maintaining data assurance for an organization and ensuring the integrity and confidentiality of information?

Answer 4

Network security professionals

Question 5

There are 14 network security domains specified but the ISO/IEC that serve as what?

Answer 5

A common basis for developing organizational security standards

Question 6

What provides as analogies for understanding approaches to network security?

Answer 6

The Security Onion and security Artichoke

Question 7

Why are penetration tools used by security personnel?

Answer 7

To validate network security

Question 8

What allows the exchange of latest threat information?

Answer 8

Threat intelligence services like Cisco Talos

Question 9

What might various tools, software, and services help with?

Answer 9

Mitigation of malware, reconnaissance, DoS and address spoofing attacks

Question 10

What does the Cisco Network Foundation Protection framework (CoPP) provide?

Answer 10

Comprehensive guidelines for protecting the network infrastructure by addressing security at the control plane, management plane, and data plane (forwarding plane) of network devices

Question 11

What Layer 2 security tools are integrated into the Cisco Catalyst switches?

Answer 11

Port security, DHCP snooping, DAI, and IPSG

Question 12

What do the 14 network security domains do?

Answer 12

THey serve as a common basis for developing organizational security standards and effective security management practices

Question 13

What can also help facilitate communication between organizations?

Answer 13

The 14 network security domains

Question 14

In networking, what do policies define?

Answer 14

They define the activities that are allowed on the network

Question 15

What policies may be included in a security policy?

Answer 15

-Identification and authentication policy
-Password policies
-Acceptable use policy
-Remote access policy
-Network maintenance policy
-Incident handling procedures

Question 16

What would a threat actor do with a Security Onion defense-in-depth approach?

Answer 16

They would have to peel away at the network’s defense layer by layer, similar to peeling an onion

Question 17

How is a security policy a “living document”?

Answer 17

The document is regularly updated as technology, business, and employee requirements change

Question 18

Why has the Security Onion changed into the Security Artichoke?

Answer 18

The changing landscape of networking, such as the evolution of borderless networks

Question 19

What would a threat actor do with a Security Artichoke defense-in-depth approach?

Answer 19

The threat actor wouldn’t need to peel away each layer like the Security Onion. They would only need to remove certain “artichoke leaves”

Question 20

What has been developed to help validate the security of a network and its systems?

Answer 20

Network penetration testing tools

Question 21

What are the different types of penetration testing tools?

Answer 21

-Password crackers
-Wireless hacking tools
-Network scanning and hacking tools
-Packet crafting tools
-Packet sniffers
-Rootkit detectors
-Fuzzers to search for vulnerabilities
-Forensic tools
-Debuggers
-Hacking operating systems
-Encryption tools
-Vulnerability exploitation tools
-Vulnerability scanners

Question 22

What do threat intelligence services do?

Answer 22

They allow the exchange of threat information such as vulnerabilities, IOCs, and mitigation techniques
(ex. Cisco Talos Threat Intelligence Group)

Question 23

What are the best practices used for securing a network?

Answer 23

-Develop a written security policy
-Educate employees
-Control physical access to systems
-Use strong passwords and change them often
-Encrypt and password- protect sensitive data
-Implement security hardware and software
-Perform backups and test the backup files
-Shut down unnecessary services and ports
-keep patches up-to-date
-Perform security audits and tests

Question 24

What is the primary mean of mitigating virus and Trojan horse attacks?

Answer 24

Antivirus software

Question 25

Why must network security professionals be aware of major viruses and keep track of security updates regarding emerging viruses?

Answer 25

Antivirus software doesn’t prevent viruses from entering the network

Question 26

Which malware is more network based? Worms or viruses?

Answer 26

Worms are more network based

Question 27

What are the four phases used to respond to a worm attack?

Answer 27

-Containment
-Inoculation
-Quarantine
-Treatment

Question 28

What are Reconnaissance attacks?

Answer 28

They are typically the precursor to additional attacks, with the intent of gaining unauthorized access to a network or disrupting network functionality

Question 29

How can a network professional detect when a reconnaissance attack is underway?

Answer 29

By receiving notifications from pre-configured alarms

Question 30

How can Reconnaissance be mitigated?

Answer 30

-Implementing authentication to ensure proper access
-Use encryption to render packet sniffer attacks useless
-Use anti-sniffer tools to detect packet sniffer attacks
-Implement a switched infrastructure
-Use a firewall and IPS
-Encryption

Question 31

What are some techniques used for mitigating access attacks?

Answer 31

-Strong password security
-Principle of minimum trust
-Cryptography
-Applying operating system and application patches

Question 32

Historically, what were DoS attacks were sourced from?

Answer 32

They were sourced from spoofed addresses

Question 33

What does NFP do?

Answer 33

It logically divides routers and switches into three functional areas

Question 34

What areas does NFP divide?

Answer 34

-Control plane
-Management plane
-Data plane (forwarding plane)

Question 35

What features can secure the Control plane?

Answer 35

-Routing protocol authentication
-CoPP
-Route processor

Question 36

What does CoPP do?

Answer 36

It is designed to prevent unnecessary traffic from overwhelming the route processor

Question 37

What features can secure the Management plane?

Answer 37

-Login and password policy
-Present legal notification
-Ensure the data confidentiality
-RBAC
-Authorize actions
-enable management access reporting

Question 38

What features can secure the Data plane?

Answer 38

-ACLs
-Anti-spoofing mechanism
-Layer 2 security features

Question 39

How are ACLs used to secure data?

Answer 39

-Blocking unwanted traffic or users
-Reducing the chance of DoS attacks
-Mitigating spoofing attacks
-Providing bandwidth control
-Classifying traffic to protect the Management and Control planes

Question 40

How are ACLs used as an antispoofing mechanism?

Answer 40

By discarding traffic that has invalid source address

Question 41

What is uRPF?

Answer 41

Unicast Reverse Path Forwarding, is used to complement the antispoofing strategy with ACLs

Question 42

What Layer 2 security tools are integrated into the Cisco Catalyst switches?

Answer 42

-Port security
-DHCP snooping
-DAI
-IPSG