CCNA 3 v7 Modules 3 - 5: Network Security Exam
Studied by 0 people
Knowt Play
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/65
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
66 Terms
What type of malware has the primary objective of spreading across the network?
worm
What is a ping sweep?
a network scanning technique that indicates the live hosts in a range of IP addresses.
Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?
integrity
If an asymmetric algorithm uses a public key to encrypt data, what is used to decrypt it?
a private key
Which two packet filters could a network administrator use on an IPv4 extended ACL? (Choose two.)
destination UDP port number
ICMP message type
What type of ACL offers greater flexibility and control over network access?
extended
What is the quickest way to remove a single ACE from a named ACL?
Use the no keyword and the sequence number of the ACE to be removed.
A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.)
Router1(config)# access-list 10 permit host 192.168.15.23
Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0
A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16 network, but permit all other traffic. Which two commands should be used? (Choose two.)
Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255
Router(config)# access-list 95 permit any
Consider the following access list.
access-list 100 permit ip host 192.168.10.1 anyaccess-list 100 deny icmp 192.168.10.0 0.0.0.255 any echoaccess-list 100 permit ip any any
Which two actions are taken if the access list is placed inbound on a router Gigabit Ethernet port that has the IP address 192.168.10.254 assigned? (Choose two.)
Devices on the 192.168.10.0/24 network can sucessfully ping devices on the 192.168.11.0 network.
A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this access list assigned.
In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections?
SYN flood attack
28. Which protocol is attacked when a cybercriminal provides an invalid gateway in order to create a man-in-the-middle attack?
DCHP
Which statement describes a characteristic of standard IPv4 ACLs?
They filter traffic based on source IP addresses only.
What is considered a best practice when configuring ACLs on vty lines?
Place identical restrictions on all vty lines.
Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet?
access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23
A technician is tasked with using ACLs to secure a router. When would the technician use the any configuration option or command?
to identify any IP address
Which statement accurately characterizes the evolution of threats to network security?
Internal threats can cause even greater damage than external threats.
Which two keywords can be used in an access control list to replace a wildcard mask or address and wildcard mask pair? (Choose two.)
host
any
The host keyword is used when using a specific device IP address in an ACL. For example, the deny host 192.168.5.5 command is the same is the deny 192.168.5.5 0.0.0.0 command. The any keyword is used to allow any mask through that meets the criteria. For example, the permit any command is the same as permit 0.0.0.0 255.255.255.255 command.
Which statement describes a difference between the operation of inbound and outbound ACLs?
Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed.
With an inbound ACL, incoming packets are processed before they are routed. With an outbound ACL, packets are first routed to the outbound interface, then they are processed. Thus processing inbound is more efficient from the router perspective. The structure, filtering methods, and limitations (on an interface, only one inbound and one outbound ACL can be configured) are the same for both types of ACLs.
What effect would the Router1(config-ext-nacl)# permit tcp 172.16.4.0 0.0.0.255 any eq www command have when implemented inbound on the f0/0 interface?
Traffic originating from 172.16.4.0/24 is permitted to all TCP port 80 destinations.
Which ACE will permit a packet that originates from any network and is destined for a web server at 192.168.1.1?
access-list 101 permit tcp any host 192.168.1.1 eq 80
A technician is tasked with using ACLs to secure a router. When would the technician use the access-class 20 in configuration option or command?
to secure administrative access to the router
What is the term used to describe the same pre-shared key or secret key, known by both the sender and receiver to encrypt and decrypt data?
symmetric encryption algorithm
A technician is tasked with using ACLs to secure a router. When would the technician use the 'ip access-group 101 in' configuration option or command?
to apply an extended ACL to an interface
In which type of attack is falsified information used to redirect users to malicious Internet sites?
DNS cache poisoning
What is a feature of an IPS?
It can stop malicious packets.
What does the CLI prompt change to after entering the command ip access-list standard aaa from global configuration mode?
Router(config-std-nacl)#
Refer to the exhibit. Many employees are wasting company time accessing social media on their work computers. The company wants to stop this access. What is the best ACL type and placement to use in this situation?
extended ACLs inbound on R1 G0/0 and G0/1
A technician is tasked with using ACLs to secure a router. When would the technician use the 40 deny host 192.168.23.8 configuration option or command?
to create an entry in a numbered ACL
What wild card mask will match networks 172.16.0.0 through 172.19.0.0?
0.3.255.255
A technician is tasked with using ACLs to secure a router. When would the technician use the no ip access-list 101 configuration option or command?
to remove a configured ACL
A technician is tasked with using ACLs to secure a router. When would the technician use the ip access-group 101 in configuration option or command?
to apply an extended ACL to an interface
A technician is tasked with using ACLs to secure a router. When would the technician use the remark configuration option or command?
to add a text entry for documentation purposes
A technician is tasked with using ACLs to secure a router. When would the technician use the established configuration option or command?
to allow returning reply traffic to enter the internal network
A technician is tasked with using ACLs to secure a router. When would the technician use the deny configuration option or command?
to restrict specific traffic access through an interface
A technician is tasked with using ACLs to secure a router. When would the technician use the host configuration option or command?
to identify one specific IP address
What specialized network device is responsible for enforcing access control policies between networks?
Intrusion detection system (IDS)
Which type of DNS attack involves the cybercriminal compromising a parent domain and creating multiple subdomains to be used during the attacks?
tunneling
Which two types of hackers are typically classified as grey hat hackers? (Choose two.)
Vulnerability brokers
Hacktivists
Which penetration testing tool uses algorithm schemes to encode the data, which then prevents access to the data?
Encryption tools
Which penetration testing tool is used by black hats to reverse engineer binary files when writing exploits? They are also used by white hats when analyzing malware.
Debuggers
Which penetration testing tool is used to probe and test a firewall's robustness?
Packet crafting tools
Which penetration testing tool is used by white hat hackers to sniff out any trace of evidence existing in a computer?
Forensic tools
Which penetration testing tool identifies whether a remote host is susceptible to a security attack?
Vulnerability exploitation tools
What type of attack is tailgaiting?
Social engineering
What type of attack is a password attack?
Access
What type of attack is port scanning?
Reconnaissance
What type of attack is man-in-the-middle?
Access
What type of attack is address spoofing?
Access
Which attack is being used when threat actors gain access to the physical network, and then use an MiTM attack to capture and manipulate a legitimate user's traffic?
Session hijacking
Which attack is being used when threat actors initiate a simultaneous, coordinated attack from multiple source machines?
Amplification and reflection attacks
Which attack exploits the three-way handshake?
TCP SYN flood attack
Two hosts have established a TCP connection and are exchanging data. A threat actor sends a TCP segment with the RST bit set to both hosts informing them to immediately stop using the TCP connection. Which attack is this?
TCP reset attack
Which attack is being used when the threat actor spoofs the IP address of one host, predicts the next sequence number, and sends an ACK to the other host?
TCP session hijacking
A program sends a flood of UDP packets from a spoofed host to a server on the subnet sweeping through all the known UDP ports looking for closed ports. This will cause the server to reply with an ICMP port unreachable message. Which attack is this?
UDP flood attack
- Ensures that internal traffic can go out and come back, but external traffic cannot initiate connections to inside hosts
(ASA) firewall
Contains a secure database of who is authorized to access and manage network devices
AAA server
filters known and suspicious internet malware sites
ESA/WSA
security devices provides secure services with corporate sites and remote access support for remote users using secure encrypted tunnels
VPN
- monitors incoming and outgoing traffic looking for malware, network attack signatures, etc.
- stops threats immediately
IPS
Encrypts data one byte or one bit at a time
stream cipher
stream cipher that is used to secure web traffic in SSL and TLS
Rivest cipher
uses a set of rules called signatures to detect patterns in network traffic
IPS
cybercriminal compromises a parent domain and created multiple subdomains to be used during the attacks
shadowing
What wildcard mask corresponds with the "host" keyword, permitting a single host?
0.0.0.0
What wildcard mask corresponds with the "any" keyword, permitting all hosts?
255.255.255.255