Security Fundamentals Flashcards by Nora Molnoskey

What are the four categories of physical threats

Administrative, electrical, environmental, hardware

How well did you know this?

Not at all

Perfectly

Electrical threats

inadequate power, unconditioned power, and total loss of power

How well did you know this?

Not at all

Perfectly

A ___ is a good line of defense against electrical threats

UPS generator

How well did you know this?

Not at all

Perfectly

Hardware threats

physical damage, component damage

How well did you know this?

Not at all

Perfectly

To prevent hardware threats

restrict physical access, log physical access

How well did you know this?

Not at all

Perfectly

Environmental threats

temperature, and humidity

How well did you know this?

Not at all

Perfectly

Environmental threats can be mitigated by climate control systems and ___

monitoring the environment

How well did you know this?

Not at all

Perfectly

Administrative threats

maintenance errors, poorly labeled cables

How well did you know this?

Not at all

Perfectly

Administrative threats can be mitigated by

using a clear labeling system, maintaining an adequate supply of of spare parts, proper handling of electrical equipment at all times

How well did you know this?

Not at all

Perfectly

Reconnaissance attacks

passive attacks that are designed to gather information about a network or network device

How well did you know this?

Not at all

Perfectly

Examples of reconnaissance attacks

packet sniffing, ping sweeps, port scans

How well did you know this?

Not at all

Perfectly

Packet sniffing is limited to ___ networks

broadcast

How well did you know this?

Not at all

Perfectly

Packet sniffing attacks rely on ___ mode operation

promiscuous

How well did you know this?

Not at all

Perfectly

Packet sniffing attacks can identify

unencrypted passwords

How well did you know this?

Not at all

Perfectly

Packet sniffing attacks can be mitigated by

switched networks, encrypted connections

How well did you know this?

Not at all

Perfectly

Packet sniffers are commonly used to

extract clear text passwords from network traffic

How well did you know this?

Not at all

Perfectly

Ping sweeps

are used to determine which IP addresses are active within a particular range

How well did you know this?

Not at all

Perfectly

Ping sweeps rely on ___ protocol

ICMP

How well did you know this?

Not at all

Perfectly

Ping sweeps can be mitigated by

disabling ICMP

How well did you know this?

Not at all

Perfectly

Port scans

are used to discover active services, operating system revision, and configured network services

How well did you know this?

Not at all

Perfectly

Port scans can be detected by

IDS

How well did you know this?

Not at all

Perfectly

Access attacks

are used to gain unauthorized access to network systems

How well did you know this?

Not at all

Perfectly

Common access attacks

password attacks, buffer overflow

How well did you know this?

Not at all

Perfectly

Cisco password best practices

combination of upper and lower case letters
numbers and punctuation
five plus characters
no real words, slang, jargon
not based on personal information

How well did you know this?

Not at all

Perfectly

Buffer overflow attacks

exploit software vulnerabilities to execute malicious code

A buffer overflow occurs when a

program writes data beyond the region of memory that has been allocated to that program an attacker can use the BO to write arbitrary code into memory and have the code executed by the program

Mitigate buffer overflow attacks

host based IPS, (HIPS), executable space protection, safe programming libraries

___ are the most common form of logical access control

passwords

Local passwords are configured on

the device to which the user is authenticating

Local passwords are stored in the ___

startup configuration

Local passwords are visible in the ___

running configuration

Local passwords are stored as ___ but can be encrypted

plain text

When configuring an encrypted password, you can create multiple privilege levels from 0 to 15. Which privilege level is granted to a user if the privilege level has not been configured in enable password or enable secret commands

Level 0 password encryption

indicates that a password is unencrypted

Level 5 password encryption

indicates that the password is an MD5 hash

Level 7 password encryption

indicates that the password was encrypted using Cisco's original password algorithm

service password-encryption

encrypts all existing and future passwords

no service password-encryption

does not decrypt existing passwords

Passwords must be changed every __ days

A password must be __ days old before it can be changed

A password cannot be reused until it has been changed ___ times

Passwords must be at least ___ characters long

Password strings must contain a certain amount of complexity that includes

numbers, letters, and symbols

Type 1 authentication

something you know

Type 2 authentication

something you have

Type 3 authentication

something you are

ACLs

are sets of rules that identify traffic

Standard ACLs

based on the source IP address alone

Extended ACLs

identify traffic based on the source IP, destination IP, protocol and port number

Named ACLs

can either be standard or extended ACLs

implicit deny rule

traffic is dropped unless it is matched by an ACL statement that is configured with the **permit** keyword

In order for a device to take action on matched traffic, ACLs must first be applied to an

interface, line, route map, or other configuration that supports ACLs

Standard ACLs are numbered in a range from ___ to ___ or from ___ to ___

1 to 99 1300 to 1999

Extended ACLs are numbered in a range from ___

100 to 199 2000 to 2699

PKI encrypts communications based on

public and private key pair

PKI certs can be used in place of

traditional authentication credentials

DHCP spoofing attack

a rouge DHCP server is installed on the network in an attempt to intercept DHCP requests and respond with its own IP address as the gateway default address

DHCP snooping

monitors DHCP traffic between a trusted DHCP server and untrusted hosts

DHCP snooping binding table

contains mappings between host MAC addresses, IP address, VLANs, and switchports

ip dhcp snooping

globally enables the DHCP snooping feature

DHCP snooping is not enabled on any interfaces until the ___ command is issued

ip dhcp snooping vlan *vlan-range*

show ip dhcp snooping

verify DHCP snooping configuration on a switch

show ip dhcp snooping binding

view IP-to-MAC

DAI uses ___ transactions to track IP address-to-MAC address bindings

DHCP

DAI enhances security by

intercepting, logging, and discarding ARP packets that have invalid IP-to-MAC address bindings

DAI is configured ___ on a switch for specific VLANs

globally

You cannot configure DAI on ___ interfaces

specific

All ports on a switch are ___ by default

active

By default all switchports use ___ to negotiate trunk mode

dynamic trunking protocol

switchport nonegotiate

prevents any attempts by the switch to negotiate by using DTP

port security protect

the switch will discard the traffic

port security restrict

the switch will discard the traffic, log the unauthorized entry attempt, increment the Security Violation counter, and send a SNMP trap message

port security shutdown

the switch will discard the traffic, log the unauthorized entry attempt, increment the Security Violation counter, **and** place the port into the error-disabled state

By default, a switchport with port security enabled will be configured for ___ mode

shutdown

To enable an interface that is in the error-disabled state, you must manually

issue the shutdown command, followed by the no shutdown command