What is a dictionary attack (brute force attack)?
Answer: Repeatedly generating passwords to attempt to guess a password
What command turns off DNS?
What command turns off DNS?
Answer: no ip domain-lookup
What command explicitly sets the name server addresses?
What command explicitly sets the name server addresses?
Answer: ip name-server addresses
What are the 2 main vulnerabilities of DNS?
What are the 2 main vulnerabilities of DNS?
Answer: (1) Offers no authentication or integrity assurance (2) By default, name queries are sent to the broadcast address 255.255.255.255
What is the vulnerability of NTP?
What is the vulnerability of NTP?
Answer: NTP leaves listening ports open and vulnerable
What is the vulnerability of SNMP?
What is the vulnerability of SNMP?
Answer: Version 1 and Version 2 pass management information and community strings (passwords) in clear text
Between Disrupt of peers and falsification of routing information, which one is worse and why?
Between Disrupt of peers and falsification of routing information, which one is worse and why?
Answer: Disruption of peers is less critical because routing protocols eventually readjust themselves
What are the consequences of falsifying routing information?
What are the consequences of falsifying routing information?
Answer: (1) Redirect traffic to create routing loops (2) Redirect traffic so it can be monitored on an insecure link (3) Redirect traffic to discard it
What is a payload?
What is a payload?
Answer: The data piece of a frame (IPv4 Packet)
Routing Systems can be attacked in what 2 ways?
Routing Systems can be attacked in what 2 ways?
Answer: (1) Disruption of peers (2) Falsification of routing information
What is the problem with Simple Network Management Protocol version 1 (SNMPv1)?
What is the problem with Simple Network Management Protocol version 1 (SNMPv1)?
Answer: It sends data in plaintext
What are the three steps to secure RIPv2 updates?
What are the three steps to secure RIPv2 updates?
(1) Prevent RIP routing update propagation (2) Prevent Unauthorized Reception of RIP updates (3) Verify the operation of RIP routing
What are two common uses of Eavesdropping?
What are two common uses of Eavesdropping?
Answer: (1) Info Gathering (2) Info theft
What uses a single command to disable non-essential system processes and services, eliminating potential security threats
What uses a single command to disable non-essential system processes and services, eliminating potential security threats
Answer: AutoSecure
What mode automatically executes the auto secure command with the recommended Cisco default settings. This mode is enabled with the no-interact command option.
What mode automatically executes the auto secure command with the recommended Cisco default settings. This mode is enabled with the no-interact command option.
Answer: Non-Interactive Mode
What mode prompts you with options to enable and disable services and other security features?
What mode prompts you with options to enable and disable services and other security features?
Answer: Interactive Mode
What two modes can you use auto secure in?
What two modes can you use auto secure in?
Answer: (1) Interactive mode (2) Non-interface mode
You can configure Auto Secure in privileged EXEC mode using what command ?
You can configure Auto Secure in privileged EXEC mode using what command ?
Answer: auto secure
What 5 factors will the cisco autoscecure ask you to number?
What 5 factors will the cisco autoscecure ask you to number?
Answer: (1) Interface (2) Banners (3) Passwords (4) SSH (5) IOS Firewall FEatures
Misconfiguring a router traffic filter can expose what?
Misconfiguring a router traffic filter can expose what?
Answer: internal network components to scans and attacks, making it easier for attackers to avoid detection.
A compromised route table can do what?
A compromised route table can do what?
Answer: reduce performance, deny network communication services and expose sensitive data.
A compromised Access control list can expose what?
A compromised Access control list can expose what?
Answer: network configuration details, thereby facilitating attacks against other network components.
What security policies can be used specifically for remote access?
What security policies can be used specifically for remote access?
Answer: (1) Dial-in Access Policy (2) Remote Access Policy (3) VPN Security Policy
What security policies can be used specifically for email?
What security policies can be used specifically for email?
Answer: (1) Automatically Forward E-mail Policy (2) E-mail Policy (3) Spam Policy
What are the 14 general security policies that an organization may invoke?
What are the 14 general security policies that an organization may invoke?
(1) Statement of Authority and Scope (2) Acceptable Use Policy (AUP) (3) Identification and Authentication Policy (4) Internet Access Policy (5) Campus Access Policy (6) Remote Access Policy
(7) Incident Handling Procedure (8) Account Access Request Policy (9) Acquisition Assessment Policy (10) Audit Policy (11) Information Sensitivity Policy (12) Password Policy (13) Risk Assessment Policy (14) Global Web Server Policy
A comprehensive security policy has what 4 characteristics?
A comprehensive security policy has what 4 characteristics?
Answer: (1) Protects people and information (2) Sets the rules for expected behavior by users, system administrators, management and security personnel (3)Authorizes security personnel to monitor, probe and investigate (4) Defines and authorizes the consequences of violations
A security policy benefits an organization in what 7 ways?
A security policy benefits an organization in what 7 ways?
Answer: (1) Provides a means to audit existing network security and compare the requirements to what is in place. (2) Plan security improvements, including equipment, software, and procedures. (3) Defines the roles and responsibilities of the company executives, administrators, and users (4) Defines which behavior is and is not allowed (5) Defines a process for handling network security incidents (6) Creates a basis for legal action if necessary (7) Enables global security implementation and enforcement by acting as a standard between sites.
What part of the network security wheel is defined as the information collected from the monitoring and testing phases, IDSs can be used to develop and implement improvement mechanisms that augment the security policy and results in adding items to step 1
What part of the network security wheel is defined as the information collected from the monitoring and testing phases, IDSs can be used to develop and implement improvement mechanisms that augment the security policy and results in adding items to step 1
Answer: Improve
What part of the network security wheel is defined as the functionality of the security solutions implemented in step 1 and the system auditing and intrusion detection methods implemented in step 2 are verified.
What part of the network security wheel is defined as the functionality of the security solutions implemented in step 1 and the system auditing and intrusion detection methods implemented in step 2 are verified.
Answer: Test
What is considered to be a passive method in detecting security violations?
What is considered to be a passive method in detecting security violations?
Answer: IDS devices to detect intrusion
What is considered to be an active method in detecting security violations?
What is considered to be an active method in detecting security violations?
Answer: Audit host-level log files
In Step 2 of the network security wheel, what two types of methods are used to detect security violations?
In Step 2 of the network security wheel, what two types of methods are used to detect security violations?
Answer: (1) Active Method (2) Passive Methods
In step 1 of the network security wheel, what 2 security solutions must be implemented?
In step 1 of the network security wheel, what 2 security solutions must be implemented?
Answer: (1) Threat Defense (2) Stateful inspection and packet filtering
What 4 factors does the security policy include?
What 4 factors does the security policy include?
Answer: (1) Identifies the security objectives of the organization (2) Documents the resources to be protected (3) Identifies the network infrastructure with current maps and inventories (4) Identifies the critical resources that need to be protected (risk analysis)
What does the Network Security Wheel Promote?
What does the Network Security Wheel Promote?
Answer: Retesting and reapplying updated security measures on a continuous basis
What are the four steps of the Network Security Wheel?
What are the four steps of the Network Security Wheel?
Answer: (1) Secure (2) Monitor (3) Test (4) Improve
What are the 3 types of technologies typically used for security?
What are the 3 types of technologies typically used for security?
Answer: (1) Firewall (2) Intrusion Prevention (3) VPN
What are the three building blocks that are apart of the integrated approach to security appliances and applications?
What are the three building blocks that are apart of the integrated approach to security appliances and applications?
Answer: (1) Threat Control (1a) Regulates network access, isolates infected systems, prevents intrusions and protects assets by counteracting malicious traffic such as viruses and worms. (2) Secure Communications (2a) Secures network endpoints with VPN (3) Network Admission Control (NAC) (3a) Provides a roles-based method of preventing unauthorized access to a network
How are agents typically installed?
How are agents typically installed?
Answer: On publicly accessible servers and corporate mail and application servers. Agent reports events to a central console server located inside the corporate firewall. As an alternative, agents on the host can send logs as e-mail to an administrator
How does SICO provide HIPS?
How does SICO provide HIPS?
Answer: Security Agent Software
What is an inline technology; it stops the attack, prevents damage and blocks the propagation of worms and viruses and can be set to shut down the network connection or to stop impacted services automatically. Corrective action can be taken immediately
What is an inline technology; it stops the attack, prevents damage and blocks the propagation of worms and viruses and can be set to shut down the network connection or to stop impacted services automatically. Corrective action can be taken immediately
Answer: Host-Based Intrusion Prevention System (HIPS)
What is a passive technology; it sends logs to a management console after the attack has occurred and the damage is done
What is a passive technology; it sends logs to a management console after the attack has occurred and the damage is done
Answer: Host-Based Intrusion Prevention Systems (HIDS)
Can both Prevention and Reaction active defenses be implemented simultaneously in Intrusion Prevention Systems?
Can both Prevention and Reaction active defenses be implemented simultaneously in Intrusion Prevention Systems?
Answer: Yes
What two active defenses does Intrusion Prevention systems provide?
What two active defenses does Intrusion Prevention systems provide?
Answer: (1) Prevention (1a) Stops the detected attack from executing (2) Reaction (2a) Immunizes the system from future attacks
What detects attacks and sends logs to a management console?
What detects attacks and sends logs to a management console?
Answer: Intrusion Detection System
What is a solution to the problem of downloading security updates and patching vulnerable systems with uncontrolled systems in a local network or systems remotely connected via VPN and RAS
What is a solution to the problem of downloading security updates and patching vulnerable systems with uncontrolled systems in a local network or systems remotely connected via VPN and RAS
Answer: Create a central Patch Server that all systems must communicate with after a set period of time
What is the most effective way to mitigate a worm and its variants?
What is the most effective way to mitigate a worm and its variants?
Answer: Download security updates and patch all vulnerable systems
What are 2 examples of Host and Server based security (Device Hardening)
What are 2 examples of Host and Server based security (Device Hardening)
Answer: (1) Antivirus Software (2) Personal Firewalls
What are the three simple steps that should be taken when a new operating system is installed on a computer?
What are the three simple steps that should be taken when a new operating system is installed on a computer?
Answer: (1) Default usernames and passwords should be changed (2) Access to system resources should be restricted to only the individuals that are authorized (3) Any unnecessary services should be turned off or uninstalled.
What is classified as an entire application being written to look like something else, when in fact it is an attack tool.
What is classified as an entire application being written to look like something else, when in fact it is an attack tool.
Answer: Trojan Horse
What is the key element that distinguishes a computer worm from a computer virus?
What is the key element that distinguishes a computer worm from a computer virus?
Answer: Human interaction is required to facilitate the spread of a virus.
What normally requires a delivery mechanism-a vector-such as a zip file or some other executable file attached to an e-mail, to carry the virus code from one system to another.
What normally requires a delivery mechanism-a vector-such as a zip file or some other executable file attached to an e-mail, to carry the virus code from one system to another.
Answer: Virus
What is malicious software that is attached to another program for the purpose of executing a particular unwanted function on a workstation.
What is malicious software that is attached to another program for the purpose of executing a particular unwanted function on a workstation.
Answer: Virus
What part of the worm anatomy is classified as when once a host is infected with a worm, the attacker has access to the host, often as a privileged user. Attackers could use a local exploit to escalate their privilege level to administrator
What part of the worm anatomy is classified as when once a host is infected with a worm, the attacker has access to the host, often as a privileged user. Attackers could use a local exploit to escalate their privilege level to administrator
Answer: Payload
What part of the worm anatomy is classified as when after gaining access to a host, a worm copies itself to that host and then selects new targets
What part of the worm anatomy is classified as when after gaining access to a host, a worm copies itself to that host and then selects new targets
Answer: Propagation Mechanism
What part of the worm anatomy is classified as when the worm installs itself by exploiting known vulnerabilities in systems, such as naïve end users who open unverified executable attachments in e-mails
What part of the worm anatomy is classified as when the worm installs itself by exploiting known vulnerabilities in systems, such as naïve end users who open unverified executable attachments in e-mails
Answer: The Enabling Vulnerability
What are the three anatomy parts the worm attack?
What are the three anatomy parts the worm attack?
Answer: (1) The enabling vulnerability (2) Propagation Mechanism (3) Payload
What is the primary form of attack on end-user workstations?
What is the primary form of attack on end-user workstations?
Answer: Worm, Virus, and Trojan Horse Attacks
What are 4 examples of Distributed Denial of Service Attacks?
What are 4 examples of Distributed Denial of Service Attacks?
Answer: (1) SMURF Attack (2) Tribe Flood Network (TFN) (3) Stacheldraht (4) MyDoom
What attacks are designed to saturate network links with illegitimate data
What attacks are designed to saturate network links with illegitimate data
Answer: Distributed Denial of Service Attacks
What are programs send bulk e-mails monopolizing services.
What are programs send bulk e-mails monopolizing services.
Answer: e-mail bombs
These attacks are Java, JavaScript, or ActiveX that cause destruction or tie up computer resources
These attacks are Java, JavaScript, or ActiveX that cause destruction or tie up computer resources
Answer: Malicious applets
What are the four most common types of DoS Attacks?
What are the four most common types of DoS Attacks?
Answer: (1) Ping of Death (2) SYN Flood (3) E-mail Bombs (4) Malicious Applets
What can be used to mitigate LAN Man in the middle attacks?
What can be used to mitigate LAN Man in the middle attacks?
Answer: Port Security on LAN switches
What 2 software solutions are used in LAN Man in the middle attacks?
What 2 software solutions are used in LAN Man in the middle attacks?
Answer: (1) ettercap (2) ARP poisoning
WAN Man-in-the-middle attacks can be mitigated using what?
WAN Man-in-the-middle attacks can be mitigated using what?
Answer: VPN tunnels
What type of attack is carried out by attackers that position themselves between two hosts.
What type of attack is carried out by attackers that position themselves between two hosts.
Answer: Man-in-the-middle
Port redirection can be mitigated through the use a host-based what?
Port redirection can be mitigated through the use a host-based what?
Answer: Intrusion Detection System (IDS)
What utility provides the port redirection attack?
What utility provides the port redirection attack?
Answer: netcat
What type of trust exploitation attack uses a compromised host to pass traffic through a firewall that would otherwise be blocked.
What type of trust exploitation attack uses a compromised host to pass traffic through a firewall that would otherwise be blocked.
Answer: Port Redirection
What type of attack is to compromise a trusted host, using it to stage attacks on other hosts in a network.If a host in a network of a company is protected by a firewall (inside host), but is accessible to a trusted host outside the firewall (outside host), the inside host can be attacked through the trusted outside host.
What type of attack is to compromise a trusted host, using it to stage attacks on other hosts in a network.If a host in a network of a company is protected by a firewall (inside host), but is accessible to a trusted host outside the firewall (outside host), the inside host can be attacked through the trusted outside host.
Answer: Trust Exploitation
What are the two types of vulnerabilities exploited in an access attack?
What are the two types of vulnerabilities exploited in an access attack?
Answer: (1) Passwords (2) Trust Exploitation
What type of attack exploits vulnerabilities in authentication, FTP, and Web services to gain entry to Web accounts, confidential databases and sensitive information
What type of attack exploits vulnerabilities in authentication, FTP, and Web services to gain entry to Web accounts, confidential databases and sensitive information
Answer: Access Attacks
What are the three most effect methods for counteracting eavesdropping?
What are the three most effect methods for counteracting eavesdropping?
Answer: (1) Using switched networks instead of hubs (2) Using encryption that meets the data security needs (3) Forbidding the use of protocols with known susceptibilities to eavesdropping?
What is classified as Internal attackers attempting to "eavesdrop" on network traffic.
What is classified as Internal attackers attempting to "eavesdrop" on network traffic.
Answer: Packet Sniffers
What are 4 examples of Reconnaissance Attacks?
What are 4 examples of Reconnaissance Attacks?
Answer: (1) Internet Information Queries (2) Ping Sweeps (3) Port Scans (4) Packet Sniffers
What is the most feared type of network attack?
What is the most feared type of network attack?
Answer: Denial of Service
What are 2 examples of port scanners?
What are 2 examples of port scanners?
Answer: (1) Nmap (2) Superscan
What is when the active IP addresses are identified, the intruder uses a port scanner to determine which network services or ports are active on the live IP addresses?
What is when the active IP addresses are identified, the intruder uses a port scanner to determine which network services or ports are active on the live IP addresses?
Answer: Port Scans
What are 2 examples of ping sweep tools?
What are 2 examples of ping sweep tools?
Answer: (1) fping (2) gping
What is when After the IP address space is determined, an attacker can then ping the publicly available IP addresses to identify the addresses that are active.
What is when After the IP address space is determined, an attacker can then ping the publicly available IP addresses to identify the addresses that are active.
Answer: Ping Sweeps
What are the 4 types of Network Attacks?
What are the 4 types of Network Attacks?
(1) Recon Attacks (2) Access Attacks (3) Denial of Service Attacks (4) Works, Viruses, and Trojan Horses
What is when an External attackers can use Internet tools, such as the nslookup and whois utilities, to easily determine the IP address space assigned to a given corporation or entity.
What is when an External attackers can use Internet tools, such as the nslookup and whois utilities, to easily determine the IP address space assigned to a given corporation or entity.
Answer: Internet Information Queries
What is when malicious software is inserted onto a host to damage or corrupt a system, replicate itself, or deny access to networks, systems, or services.
What is when malicious software is inserted onto a host to damage or corrupt a system, replicate itself, or deny access to networks, systems, or services.
Answer: Worms, Viruses, and Trojan Horses
What is when an attacker disables or corrupts networks, systems, with the intent to deny services to intended users?
What is when an attacker disables or corrupts networks, systems, with the intent to deny services to intended users?
Answer: Denial of Service
What is the ability for an intruder to gain access to a device for which the intruder does not have password?
What is the ability for an intruder to gain access to a device for which the intruder does not have password?
Answer: System Access
What is the unauthorized discovery and mapping of systems, services, or vulnerabilities?
What is the unauthorized discovery and mapping of systems, services, or vulnerabilities?
Answer: Reconnaissance
What is a type of social engineering attack that involves using e-mail in an attempt to trick others into providing sensitive information, such as credit card numbers or passwords.
What is a type of social engineering attack that involves using e-mail in an attempt to trick others into providing sensitive information, such as credit card numbers or passwords.
Answer: Phishing
____ occur when someone has authorized access to the network with either an account or physical access.
____ occur when someone has authorized access to the network with either an account or physical access.
Answer: Internal Threats
___ can arise from individuals or organizations working outside of a company who do not have authorized access to the computer systems or network.
___ can arise from individuals or organizations working outside of a company who do not have authorized access to the computer systems or network.
Answer: External threats
What are threats that consist of come from individuals or groups that are more highly motivated and technically competent. They break into business computers to commit fraud, destroy or alter records, or simply to create havoc
What are threats that consist of come from individuals or groups that are more highly motivated and technically competent. They break into business computers to commit fraud, destroy or alter records, or simply to create havoc
Answer: structured threats
What are threats that consist of mostly inexperienced individuals using easily available hacking tools, such as shell scripts and password crackers
What are threats that consist of mostly inexperienced individuals using easily available hacking tools, such as shell scripts and password crackers
Answer: Unstructured Threats
What are the 4 primary classes of threats of networks
What are the 4 primary classes of threats of networks
(1) Unstructured Threats (2) Structured Threats (3) External Threats (4) Internal Threats
What 5 things can you do to prevent maintenance damage?
What 5 things can you do to prevent maintenance damage?
(1) Use neat cable runs (2) Label critical cables and components (3) Use electrostatic discharge procedures (4) Stock critical spares (5) Control access to console ports
What 5 things can you do to prevent electrical damage?
What 5 things can you do to prevent electrical damage?
(1) Install UPS systems (2) Install generate sets (3) Fallow a preventative maintenance plan (4) Install redundant power supplies (5) Perform remote alarming and monitoring
What 3 things can you do to prevent Environmental damage?
What 3 things can you do to prevent Environmental damage?
(1) Temperature control (2) Humidity control (3) Positive air flow (4) Remote environmental alarming and recording and monitoring
What 3 things can you do to prevent hardware damage?
What 3 things can you do to prevent hardware damage?
(1) Lock up Equipment to prevent unauthorized access from the doors, ceiling, raised floor, etc (2) Monitor and control closet entry with electronic logs (3) Use security cameras
Temperature extremes or humidity extremes are examples of what?
Temperature extremes or humidity extremes are examples of what?
Answer: Environmental Threats
What is physical damage to servers, routers, swithces, cabling plant, and workstations?
What is physical damage to servers, routers, swithces, cabling plant, and workstations?
Answer: Hardware Threats
What are the 4 classes of physical threats?
What are the 4 classes of physical threats?
(1) Hardware (2) Environment (3) Electrical (4) Maintenance
What are five examples of security policy weaknesses?
What are five examples of security policy weaknesses?
(1) Lack of written security policy (2) Politics (3) Lack of Continuity (4) Logical access controls not applied (5) Software and hardware installation and changed do not follow policy (6) Disaster recovery plan is nonexistent
Subscribe to:
Posts (Atom)