Vol 2 Part 2: Security Services Flashcards Preview

CCNA Volume 2 > Vol 2 Part 2: Security Services > Flashcards

Flashcards in Vol 2 Part 2: Security Services Deck (47)
Loading flashcards...

THIS is anything that can be considered a weakness that can compromise something else

A Vulnerability


THIS is a means of taking advantage of a vulnerability to compromise something else

An exploit


THIS is the actual potential to use an exploit IOT take advantage of a vulnerability

A threat


What do we call the measures we take in order to counteract threats?

Mitigation techniques


Spoofing attacks involve an attacker spoofing what two items in order to gain unauthorized access to something?

IP Addresses and MAC addresses


This attack refers to an attacker looking to leave server resources depleted and unavailable?

Denial of Service Attack


During a DOS attack, the attacker opens up the *BLANK* connection, and then uses a fake address so that the server continues to send a *BLANK* expecting a reply of a *BLANK*

1. TCP Connection
3. ACK


An attacker can use a master computer and take control of other computers during a DOS attack, so that these other computers can take part in the DOS. What are these other computers referred to as, and what kind of attack is this known as?

bots, distributed denial of service (DDoS)


During a spoofing attack, the attacker uses a spoofed or "stolen" address. However, a reflection attack uses a *BLANK* instead of their own.

a legitimate host's address


What kind of attack involves packets being sent to a server and then the server sending a reply to a different host, the target.



An amplification attack differs from the reflection attack, because in an amplification attack, the attacker uses a protocol or service that does what with respect to the target host?

It sends a large volume of traffic


This kind of attack involves an attacker wedging themselves in between the communication path of two systems

Man in the middle


During a MitM attack, an attacker could be in between a host and a server without notice. What is this known as?



During a MitM attacker, the attacker will commonly reply as if it is the device the original host was trying to contact. The attacker sends an ARP reply last so that the ARP table on the source host points to the attacker's computer. This kind of attack is known as what?

ARP table poisoning


What command is used during a reconnaissance attack in order to reveal the owner of the domain and IP address space?



What two commands are used as a compliment during a reconnaissance attack in order to query DNS information to reveal domain owners, contact info, mail servers, and more?

whois and dig


This kind of attack involves sending a large amount of data to a device with the intent to fill up the memory and crashing the device?

Buffer overflow


Malicious software is also known as what?



A trojan horse involves the hiding of an executable file within what appears to be legitimate software. When the seemingly legitimate software is installed, the malware is installed as well. What is required in order for this to happen?

The user must open the file or software and execute it


This kind of malware propagates between systems more readily and must inject itself into another application, relying on user to transport the software to other victims. What is this malware known as, and how does it differ from a trojan horse?

A virus. It differs from a trojan horse as it is actual code that is hidden inside of software.


This kind of malware is self-propagating, replicating itself over and over without any user interaction



This kind of vulnerability is a more drastic approach of phishing. It involves the attacker modifying a DNS entry to a valid link, leading to a victim visiting a site via a link but getting sent to a malicious site instead of the legitimate one.



Explain the difference between the online and offline attack with regards to password vulnerabilities.

Online involve the attacker trying each time at the login prompt, offline occurs when an attacker obtains the password ahead of time


What is AAA and explain what each letter of the abbreviation means.

Authentication- who is the user
Authorization- what can they access or do
Accounting- where have they been and what have they done


An effective security program consists of three main items. What are they?

User awareness, user training, physical access control


The enable secret command sets a privileged exec credential using a hashing algorithm. What was the old algorithm used and what is currently used?

MD5 (old) SHA-256 (new)


What command is used if you want to enable a password using the SHA-256 algorithm? What about the scrypt encryption?

enable algorithm-type sha-256 secret *password*
enable algorithm-type scrypt secret *password*


What is used in order to deny host devices outside of an IP range for telnet and SSH into a network device?

Access Control Lists (ACL)


Firewalls sit in the forwarding path of all packets for inspection, functioning similarly to an ACL, but they can do much more! What can firewalls do that make them more useful than just an ACL?

-Deeper packet inspection
-Intelligent decision making based on data flow with regards to whether or not an attack is on going
-Application layer flows to know what TCP and UDP ports are being used by the flow
-Can match URI of an HTTP request
-Keep state information about each packet for historical analysis (Stateful Firewall)


What is utilized in order to define which hosts can initiate connections, ensuring that interfaces reside in these with rules in a firewall defining interaction from one to another?

Security Zones