Network Hardening Quiz

Question 1

Of the three existing version of the Simple Network Management Protocol(SNMP), versions 1 and 2 (SNMPv1 and SNMPv2) offer authentication based on community strings sent in an unencrypted form (in Cleartext). SNMPv3 provides packet encryption, authentication, and hashing mechanisms that allow for checking whether data has changed in transit (i.e. validation of data integrity)

Answer 1

True

Question 2

In IPv6, a router periodically sends a special type of message to announce its presence on the network. A mechanism that allows to filter these messages (i.e. reject those that are labeled as unwanted or rogue) is known as:

Answer 2

BPDU (Bridge Protocol Data Unit) Guard

Question 3

In the context of implementing secure network designs, the term “Port security” may apply to:

Answer 3

Disabling physical ports on a device
Implementing MAC address filtering
Disabling unused logical ports (TCP/IP)
Implementing Port-based Network access Control (defined in the IEEE 802.1X standard)

Question 4

Which of the following answers refers to a dedicated security mechanism that prevents ARP attacks?

Answer 4

DAI (Dynamic ARP Inspection)

Question 5

Control Plane Policing (CoPP) is a Cisco-proprietary security feature designed to protect routers and switches against reconnaissance and Denial-of-Service (DoS) attacks.

Answer 5

True

Question 6

Private VLANs are created via:

Answer 6

Port isolation

Question 7

The process of securing networking devices should include the practice of disabling unused physical ports.

Answer 7

True

Question 8

Which of the following actions allow(s) to improve the security of SOHO router?

Answer 8

Changing default admin credentials
implementing MAC address filtering
Blocking unwanted traffic via firewall settings
Disabling unused physical ports
Implementing content filtering
Performing firmware updates
Implementing physical security controls

Question 9

Which of the following actions would be of help in the process of web server hardening?

Answer 9

Removing server version banner
Disabling unnecessary ports, services, and accounts
Keeping the system up to date via updates and patches
Enabling and monitoring logs
Permissions audits

Question 10

Which of the following factors are considered important for creating strong passwords? (Select 2 answers)

Answer 10

Password length
Password complexity

Question 11

A strong password that meets the password complexity requirement should contain: (Select the best answer)

Answer 11

A combination of characters from at least 3 character groups

Question 12

Which of the following passwords is the most complex?

Answer 12

G$L3tU8wY@z

Question 13

A security feature of a network switch that provides countermeasures against rogue DHCP servers is called:

Answer 13

DHCP snooping

Question 14

Changing the native VLAN on all truck ports to an unused VLAN ID is one of the countermeasures against VLAN hopping

Answer 14

True

Question 15

Which of the acronyms listed below refers to a set of rules that specify which users or system processes are granted access to objects as well as what operations are allowed on a given object?

Answer 15

ACL (Access Control List)

Question 16

A rule-based access control mechanism implemented on routers, switches, and firewalls is referred to as:

Answer 16

ACL (Access Control List)

Question 17

Which of the following policies applies to any requests that fall outside the criteria defined in an ACL?

Answer 17

Implicit deny policy

Question 18

A 48-bit Media Access Control (MAC) address is a unique number assigned to every network adapter. A network access method whereby the MAC address (a.k.a. physical address) of the Network Interface Card (NIC) is used to grand/deny network access is known as MAC filtering or MAC address filtering.

Answer 18

True

Question 19

An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against:

Answer 19

War driving

Question 20

Which of the following would be of help in troubleshooting wireless signal loss and low wireless network signal coverage?

Answer 20

WAP power level controls

Question 21

Which of the following answers refers to a shared secret authentication method used in WPA, WPA2, and EAP?

Answer 21

PSK (Pre-Shared Key)

Question 22

A type of technology that provides control over the usage of a mobile device within a designated area is known as:

Answer 22

Geofencing

Question 23

Which of the following answers refers to a security solution that allows administrators to block network access for users until they perform required action?

Answer 23

Captive Portal