Term
| AES and 3DES are what kind of algorithms |
|
Definition
|
|
Term
| Double tagging is used with what kind of attack |
|
Definition
|
|
Term
| Do disabled signatures use router resources |
|
Definition
|
|
Term
| What is the main goal of STP |
|
Definition
| prevent loops by managing the actual physical path used in switching |
|
|
Term
| (Site to Site VPN) How do R1 and R2's ACL's need to be configured |
|
Definition
| Router A and B need to match but reversed (text book term is mirrored ACLs) |
|
|
Term
| main problem with stateful firewalls |
|
Definition
| limited application-layer attack detection |
|
|
Term
|
Definition
| host based intrusion prevention services. (note: not best practice to be company wide) |
|
|
Term
| MIB (Management Information Base) is defined by what |
|
Definition
a structure that defines a series of objects...
Information about a managed device’s resources and activity is
defined by a series of objects. The structure of these management
objects is defined by a managed device’s Management Information
Base (MIB) .(pg128) |
|
|
Term
Ideally IPS need to be placed at
1. Only Datacenters
2. Only Main Office
3. Only Remote offices
4. All Remote offices |
|
Definition
|
|
Term
| Port 8080 is used for what |
|
Definition
| This port is a popular alternative to port 80 for offering web services. "8080" was chosen since it is "two 80's", and also because it is above the restricted well known service port range (ports 1-1023) (Source: GRC) |
|
|
Term
| (CCP) Where are AAA Authentication policies created |
|
Definition
| Authentication Policies - Login |
|
|
Term
| (FW) By default is inbound traffic started by the outside allowed in on a sec lev 50 DMZ? |
|
Definition
|
|
Term
| (FW) By default is return traffic from inside network allowed via the DMZ interface |
|
Definition
| Yep, reply traffic is allowed by default no matter the interface requesting |
|
|
Term
| When the router is setup for login block-for what does the router go into |
|
Definition
|
|
Term
| (IPsec VPN) What is the main job of a IPSec VPN access list |
|
Definition
| decide if traffic is encrypted or not |
|
|
Term
| Do SSL-based VPN's use hashes |
|
Definition
| Yes, duh for integrity sake bro |
|
|
Term
| Can SSL VPN's use asymmetric encryption |
|
Definition
|
|
Term
| Where should root guard be used |
|
Definition
ports that should not receive BPDU.
I.E - ports that are connected to switches which are not root bridges
(Otherwise legit BPDU's would shut down the switchport.) |
|
|
Term
| What goes at the top of a ACL, specific or general entries |
|
Definition
| Specific - don't worry about 'noise' on the network |
|
|
Term
| Are router created packets filtered by host ACL's |
|
Definition
|
|
Term
| 4 kinds of IPv6 unicast address types are |
|
Definition
1&2. Link and site locals,
3. 6to4 (tunnels count as a unicast address type)
4. global unicast address |
|
|
Term
| Defense in depth provides what kinda of security control |
|
Definition
|
|
Term
| (IKE phases) The IKE policy is negotated in what phase |
|
Definition
| phase 1 is where the ike policy is negotated |
|
|
Term
| (IKE phases) Which phase supports quick mode |
|
Definition
|
|
Term
| (IKE phases) Which phase negotiates the IPSec security parameters |
|
Definition
|
|
Term
| (IKE phases) Which phase authenticates the peer using digital certs or PSK |
|
Definition
|
|
Term
| Why would you use IOS IPS over the appliance |
|
Definition
| a router knows the basic routing structure which can provides additional information and security |
|
|
Term
| What automatic digital certificate management system is used with IPSec |
|
Definition
| PKI - Public Key Infrastructure |
|
|
Term
| Do ACL's applied to router interfaces only filter data passing through the router |
|
Definition
| yes, only passing traffic is filtered with router ACL's. Since router generated traffic isn't filtered, in/out traffic must be passing through then to be filtered. |
|
|
Term
|
Definition
| Generic routing encapsulation |
|
|
Term
|
Definition
| Voice phishing - getting people to give deets over the phone |
|
|
Term
| two things that stop STP root bridge attacks |
|
Definition
|
|
Term
|
Definition
|
|
Term
| Do ACL's provide anti-spoofing protection |
|
Definition
| yes, since it limits available ip addresses for proper network access |
|
|
Term
| Does one-step lockdown disable unused ports |
|
Definition
| no. you might need those for future switch expansion |
|
|
Term
| Does / Can one-step lockdown enable ip express forwarding |
|
Definition
| yes - provides for faster switching but possibility of loops |
|
|
Term
| Does ipv6 have native IPSec |
|
Definition
| Yes via the Virtual tunnel interface features |
|
|
Term
| Does the PVLAN edge forward traffic between protected ports |
|
Definition
|
|
Term
| Define non-designated ports |
|
Definition
| ports not used to send BPDU |
|
|
Term
| Does IronPort security gateways provide email encryption & spam protection |
|
Definition
|
|
Term
| first requirement for role-base CLI |
|
Definition
| enabling root view on routers |
|
|
Term
| What default class map uses the INBOUND rule |
|
Definition
|
|
Term
|
Definition
|
|
Term
| Cisco Security Manager (CSM) has what 3 application parts |
|
Definition
Config manager
Event viewer
Report Manager |
|
|
Term
| 2 key advantages of a app layer firewall |
|
Definition
| resistant to DoS attacks and authenticates individuals |
|
|
Term
| Is it best practice to place trunk ports in the native Vlan |
|
Definition
|
|
Term
| What kind of encryption is IDEA, AES and 3DES |
|
Definition
|
|
Term
| What kind of encryption is RSA |
|
Definition
|
|
Term
| What creates a shared-secret key which only the 2 partners know |
|
Definition
|
|
Term
| How many bits is the MD5 digest |
|
Definition
|
|
Term
| What does Control Plane Policing (Cpp)use to protect the control plane against Dos attacks |
|
Definition
|
|
Term
preshared key IPsec VPN's need 4 things:
1. pre-shared key
2. interesting traffic
3. -
4. - |
|
Definition
3. Interfaces for the VPN connection
4. VPN Peer IP Address |
|
|
Term
| What IPS term is used for the goal of alerting admin with actual problems and only responding if appropriate. with the result of reducing noise. |
|
Definition
|
|
Term
| STP loop T-shoot requires what 2 things |
|
Definition
| Topology of Switched network and location of root bridges |
|
|
Term
| CLI - verify phase 2 of IPsec VPN |
|
Definition
|
|
Term
| Does IPsec ESP transport mode authenticate a IP header |
|
Definition
|
|
Term
| Does RADIUS use TCP or UDP |
|
Definition
|
|
Term
| Does TACACS use IP or TCP (port 49) |
|
Definition
| TCP 49, but supports the IP protocol |
|
|
Term
| Main difference between dynamic NAT and dynamic PAT |
|
Definition
NAT = range of mapped IP addresses
PAT = 1 address |
|
|
Term
(ZBFW)
Port 1 - 3 and in zones
Port 4 - 6 are not in a zone
does traffic flow from port 4 to 5?
( in other words:
does traffic flow among interfaces that are not explicitly assigned a-zone?) |
|
Definition
traffic between 'unzoned' interfaces are allowed,
Traffic is NOT allowed from a assigned zone to a non assigned zone.
(unless its return traffic) |
|
|
Term
|
Definition
| Warning - Warning messages, not an error, but indication that an error will occur if action is not taken, e.g. file system 85% full - each item must be resolved within a given time. |
|
|
Term
|
Definition
| Notice - Events that are unusual but not error conditions - might be summarized in an email to developers or admins to spot potential problems - no immediate action required. |
|
|
Term
|
Definition
| Informational - Normal operational messages - may be harvested for reporting, measuring throughput, etc. - no action required. |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| Critical issue - Should be corrected immediately, but indicates failure in a secondary system, an example is a loss of a backup ISP connection. |
|
|
Term
|
Definition
| Alert - Should be corrected immediately, therefore notify staff who can fix the problem. An example would be the loss of a primary ISP connection. |
|
|
Term
|
Definition
| Emergency - System is unusable. |
|
|
Term
|
Definition
| Every Alert Cisco Employee Will Need Information Daily (Level 0 - > 7 ) |
|
|
Term
| VPN security policies fall under what kind of process policy |
|
Definition
|
|
Term
Which plane secures router acces
1. Data
2. Management
3. Control |
|
Definition
| Management plane secures router access |
|
|
Term
| What does the control plane do |
|
Definition
| involves packets that are sent directly to the router (e.x. ospf updates) |
|
|
Term
| (ZBFW) where are inspection policies applied |
|
Definition
|
|
Term
| Does a ASA create partitions resulting in multiple virtual firewalls? |
|
Definition
|
|
Term
What is IOS image resilience
(or what is the point of #secure boot-config) |
|
Definition
| hide the image file in the show flash cmd |
|
|
Term
| (CLI) what verifies aaa authentication? |
|
Definition
|
|
Term
| (ASA CLI) what verifies aaa authentication |
|
Definition
| test aaa-server authentication |
|
|
Term
| does a IPS or IDS stream normalization techniques? |
|
Definition
| Being inline, an IPS sensor can use stream normalization techniques to reduce or eliminate many of the network evasion capabilities that exist. |
|
|
