How To Secure Routers And Switches Information Technology Essay

How To bulletproof Routers And Switches Information Technologarithmy quizYou reserve been approached by your manager give a talk on the Ne twork protective cover stock ISO 17799. Write a short precise detailing the purpose of this document and the main components within move 1 and 2 of the document. (http//www.17799central.com/iso17799.htm)Write a brief analysis detailing the possible threats and consequences for a union that does not bring an adequate warrantor Policy.Write a summary of how an Edge router cease be assembled into a firew whole include detail of how it can be personad to filter art. Describe the doing of CBACDetail the encryption techniques that atomic number 18 use upd in VPN systems and explain how/when they argon used.Describe how you can furbish up/harden routers and switchesRouter hardening, countersignature requirements, ssh, parser views, etcPort surety, vlan hopping, anti-snooping, private vlansMulti-choice Review Questions1.In which type o f invade does the potential interloper attempt to discover and map out systems, services, and vulnerabilities?stake outreconnaissancetappingsniffing2.Which type of attack prevents a exploiter from approach pathing the targeted burden legion?Reconnaissance attackDenial of service attackPrevention of pre displaceation attackDisruption of structure attack3.Which type of carry out does the ping sweep pose to an memorial tablet?eavesdroppingreconnaissancedenial of serviceunauthorized access4.An employee of ABC Comp either receives an e-mail from a co-worker with an attachment. The employee opens the attachment and receives a c either from the net profit executive a few proceeding later, stating that the employees machine has been attacked and is displace SMTP messages. Which category of attack is this? B)denial of servicetrojan horseport scanning discussion attacksocial engineering5.What is a major characteristic of a Worm? D) vicious softw be that copies itself into early (a) executable programstricks drug users into running the infected softw atomic number 18a set of computer instructions that lies dormant until triggered by a specific eventexploits vulnerabilities with the intent of propagating itself across a net income6.A abundant investment firm has been attacked by a worm. In which order should the web support team perform the travel to mitigate the attack? A)A. inoculationB. treatmentC. containmentD. quarantineC,A,D,BA,B,C,DA,C,B,DD,A,C,BC,B,A,D7.At XYZ Comp whatsoever, the indemnity for entanglement use requires that employees log in to a Windows domain controller when they power on their work computers. Although XYZ does not implement all possible security measures, outgoing affair is filtered victimisation a firewall. Which security model is the club utilise? D)open accessclosed accesshybrid accessRestrictive access8.Which one- troika of these be common causes of persistent vulnerabilities in networks? (Choose three.) cutting exploits in lively softw aremis pieced hardware or softwarepoor network designchanges in the transmission control communications protocol/IP protocolchanges in the core routers on the Internetend-user carelessness9.A new network administrator is assigned the task of conducting a guess assessment of the companys network. The administrator immediately conducts a pic assessment. Which important task should the administrator have accomplished setoff?threat recognitionsecurity level applicationpatch and update deploymentasset identificationperimeter security upgrade10.A company deployed a web innkeeper on the company DMZ to provide external web services. While reviewing firewall log files, the administrator discovered that a federation was make to the internal e-mail server from the web server in DMZ. After reviewing the e-mail server logs, the administrator discovered that an unauthorized describe was created. What type of attack was successfully carried out?phishingport redir ection assurance exploitationman-in-the-middle11.Users are unable to access a company server. The system logs show that the server is in operation(p) slowly because it is receiving a high level of fake requests for service. Which type of attack is slide byring?reconnaissanceaccess res publicaworms, viruses, and Trojan horses12.Which two are examples of Distributed Denial of Service attacks? (Choose two.) B) D)SYN FloodStacheldrahtPing of DeathSmurfWinNukeTarga.c13.Which two of these are examples of DDoS network attacks? (Choose two.) A) B)smurf attackTribal Flood Network (TFN)teardrop.cman-in-the-middle attackport redirectionsocial engineering14.Which two are technological flunkes that can lead to a br for each one in an validations security? (Choose two.) C) D)software compatibility impuissanceDHCP security weaknessTCP/IP protocol weakness run system weaknessLDAP weakness15.What is the effect of applying this moderate to a cisco router? E)router(config) no service fingerUNI X commands are disabled on the router.All TCP/IP services are disabled.PING usage is disabled.Users logged into the router remotely allow for not be able to see if other users are logged into the router16.A partial router configuration is shown in the brilliant. The network administrator adds the following(a) command at the router prompt.router(config) security watchwords min-length 10Which of the following is correct? A)The current parole provide continue to be used as a valid give-and-take until changed.No password is required.The current password is invalid and will not allow a login.A password that is at least ten characters long must immediately be implemented for a successful login.17.The security drift promotes a continuous process to retest and reapply updated security measures. What is the core or hub component of the Security Wheel? D)testing policymonitorimprovesecurity policy18.After providing for all operational requirements of the network, the network support team has pin downd that the servers should be hardened against security threats so that the network can ascertain at full potential. At which stage of the network life cycle does server hardening occur? E)planningdesignimplementationoperationoptimization19.A network administrator installs a new stateful firewall. Which type of security solution is this? doctor connectivitythreat defensepolicy enforcementtrust and identityassay-mark20.XYZ Company recently adopted software for installation on critical servers that will detect malicious attacks as they occur. In addition, the software will stop the execution of the attacks and send an alarm to the network administrator. Which applied science does this software utilize? phalanx-based intrusion detectionhost-based intrusion protectionhost-based intrusion preventionhost-based intrusion presentation21.A security team is charged with hardening network devices. What must be accomplished first earlier deciding how to configure security o n any device?Audit all pertinent network devices.Document all router configurations.Create or update security policies.Complete a vulnerability assessment.22.Which two objectives must a security policy accomplish? (Choose two.)provide a hold backlist for the installation of secure serversdescribe how the firewall must be assembledocument the re computer addresss to be protected distinguish the security objectives of the organizationidentify the specific tasks involved in hardening a router23.Which router command will result in the router only accepting passwords of 16 characters or more?service password-encryptionenable secret min-length 16security passwords min-length 16security passwords max-length 1624.Which command will encrypt all passwords in the router configuration file? D)enable secretpassword encrypt allenable password-encryptionservice password-encryptionno white-text password25.MD5 can be used for authenticating routing protocol updates for which three protocols? (Ch oose three.) B), D) E)RIPv1RIPv2IGRPEIGRPBGP26.Which configuration will allow an administrator to access the solace port using a password of password? B)router(config) key aux 0router(config- epithelial duct) loginrouter(config- decipher) password passwordrouter(config) line console 0router(config-line) loginrouter(config-line) password passwordrouter(config) line console 0router(config-line) password passwordrouter(config) line console 0router(config-line) accessrouter(config-line) password passwordrouter(config) line vty 0router(config-line) password passwordrouter(config) line vty 0router(config-line) accessrouter(config-line) password password27.Which command sets the inactivity timer, for a particular line or group of lines, to four minutes and fifteen seconds? Erouter(config) line-timeout 4 15router(config-line) line-timeout 4 15router(config-line) exec-timeout 255router(config-line) timeout 255router(config-line) exec-timeout 4 15router(config-line) line-timeout 25528.Whic h encryption type uses the MD5 hash algorithm? suit 0Type 1Type 5Type 729.Which privilege level has the most access to the Cisco IOS?level 0level 1level 7level 15level 16level 2030.Which algorithm implements stateful inter-group communication control through with(predicate) the PIX Security thingumajig?Network Address comment AlgorithmAccess Control Security AlgorithmAdaptive Security AlgorithmSpanning Tree protocol Algorithm31.The Cisco Security Device Manager (SDM) allows administrators to securely configure back up routers by using which security protocol in Microsoft Internet Explorer? B)IPSecSSLSSHL2TPPPTP32.A network administrator has received a Cisco PIX Security thingamajig from another division within the company. The existing configuration has IP addresses that will cause problems on the network. What command sequence will successfully clear all the existing IP addresses and configure a new IP address on ethernet0? B)pix1(config) clear ip allpix1(config) interface e thernet0pix1(config-if) ip address 192.168.1.2pix1(config) clear ippix1(config) interface ethernet0pix1(config-if) ip address 192.168.1.2 255.255.255.0pix1(config) no ip addresspix1(config) interface ethernet0pix1(config-if) ip address 192.168.1.2 255.255.255.0pix1(config) clear ippix1(config) interface ethernet0pix1(config-if) ip address 192.168.1.2 0.0.0.25533.A network team is configuring a Cisco PIX Security Appliance for NAT so that local addresses are translated. The team is creating a global address pool using a subnet of network 192.168.5.0 with a 27-bit mask. What is the befitting syntax to set up this global address pool? B)pix1(config) global ( at heart) 1 192.168.5.33-192.168.5.62pix1(config) global ( outside(a)) 1 192.168.5.33-192.168.5.62pix1(config) global (inside) 1 192.168.5.65-192.168.5.95pix1(config) global (outside) 1 192.168.5.65-192.168.5.95pix1(config) global (inside) 1 192.168.5.64-192.168.5.127pix1(config) global (outside) 1 192.168.5.65-192.168.5.12734.A n etwork administrator has configured an access control list on the Cisco PIX Security Appliance that allows inside hosts to ping outside hosts for troubleshooting. Which correct command can be used to troubleshoot if pings between hosts are not successful?debug icmp inside outsidedebug pingdebug icmp tracedebug trace icmp35.Which protocol provides time synchronization?STPTSPNTPSMTPL2TP36.Which command would configure a PIX Security Appliance to send syslog messages from its inside interface to a syslog server with the IP address of 10.0.0.3? Dpixfirewall(config) syslog inside 10.0.0.3pixfirewall(config) logging inside 10.0.0.3pixfirewall(config) syslog host inside 10.0.0.3pixfirewall(config) logging host inside 10.0.0.337.The configuration in the graphic has been entered into a PIX Security Appliance with three interfaces. The interfaces are inside, outside, and DMZ. What source address range will the employment from inside devices use when they access devices in the DMZ?10.0.0.1 t o 10.0.0.254172.16.0.20 to 172.16.0.254172.16.0.1 to 172.16.0.254192.168.0.20 to 192.168.0.25410.0.0.1 to 10.255.255.25438.What source IP address will the art from devices in the 10.0.2.0 network have when they leave the trusted network? C)192.168.0.8 always192.168.0.9 always192.168.0.8 if ports are available, or 192.168.0.9 if 192.168.0.8s ports are exhausted192.168.0.9 if ports are available, or 192.168.0.8 if 192.168.0.9s ports are exhausted39.The commands in the graphic have been entered into a PIX Security Appliance. Which two statements are accurate descriptions of what will happen to outgoing traffic when it leaves the trusted network? (Choose two.) B) C)The source IP address will be from a pool of addresses in the 192.168.0.3 to 192.168.0.254 range.The source port will be a random port above port 1023.The source IP address will be 192.168.0.2 for all outgoing traffic.The source port will be port 1024.The source IP address will be in the range 10.0.0.1 to 10.0.255.254.40.In terface Ethernet3 on a PIX Security Appliance has been configured with three subinterfaces to pass tagged traffic from three different VLANs. What protocol will be used to tag the VLAN traffic?ISL802.1xVTP802.1q41.Which two commands will configure a static default route on the PIX Security Appliance in the network shown in the graphic? (Choose two.)route inside outside 0.0.0.0 0.0.0.0 172.16.0.2 1route outside 0.0.0.0 0.0.0.0 172.16.0.2 1ip route inside outside 0 0 192.168.0.2 1route outside 0 0 172.16.0.2 1ip route inside outside 0 0 172.16.0.2 1route outside 0 0 192.168.0.2 142.How are transactions between a rung leaf node and a RADIUS server authenticated?by using a shared secret which is never sent over the networkby hashing the secret using MD5 and then sending it over the networkby hashing the secret using MD4 and then sending it over the networkby using a clear-text password and then sending it over the network43.RADIUS uses which transport layer protocol? C)IPTCPUDPICMPDLC 44.Which certificate mode is susceptible to playback attacks? C)passwords using S/ observepasswords using token cardpasswords requiring periodical changepasswords using one-time password applied science45.Which enfranchisement method sends passwords over the network in clear text yet protects against eavesdropping and password cracking attacks? C)authentication with FTPauthentication with Telnetauthentication with S/KEYauthentication in POP3 e-mail46.After a security audit, network managers realized that the authentication method used by their telecommuting employees needed to be improved. They set up a server and installed client software on the employee laptops of their remote users. They also provided a device for each remote user that generated a password every time they needed to make a remote network connection. Which authentication technology does this process describe? B)authentication with S/KEYauthentication with token cardauthentication with encrypted passwordauthen tication with compressed password47.What function does a digital certificate offer to information security? C) surenessaccountingnonrepudiationintrusion prevention48.Bookline Inc., an online bookstore, recently installed a web server running Microsoft Windows 2003 Server. Where should the company obtain a digital signature for the web server in order to assure customers that they are connecting to Booklines server and not an impersonating web server?a digital signature generated by the CA in Microsofts corporate headquartersa digital signature generated by the CA from a trusted third partya digital signature generated by the CA from a government agencya digital signature generated by any CA that establishes a secure connection49.A large law firm wishes to secure dialup access to its corporate network for employees working at home. Since much of the information to be transmitted is highly confidential, the firm requires a high level of encryption and also prefers that each component of AAA be provided separately. Which security protocol best meets these requirements?TACACSXTACACSTACACS+RADIUS50.What are three reasons TACACS+ is preferent over RADIUS for authentication services? (Choose three.)RADIUS has limited name space for attributes.RADIUS is not an industry supported standard.TACACS+ encrypts the entire TACACS+ packet.TACACS+ authentication is included with more recent Windows Server versions.TACACS+ separates authentication and authorization.RADIUS uses TCP as a transport protocol creating additional overhead51.A static username/password authentication method is susceptible to which three types of attacks? (Choose three.)playbacktheftteardropsyn floodeavesdropping52.Company security policy requires the use of a centralized AAA server for network access authentication. Which two protocols are supported by the AAA server? (Choose two.) C) D)IPSecSSLRADIUSTACACS+SSH53.Which three are functions of AAA? (Choose three.) A), C) E)accountingavailabilityauthen ticationarchitectureauthorizationaccessibility54.A network administrator wishes to use port-level authentication technology to determine network access and assign IP addresses from different DHCP pools to authenticated and unauthenticated users. What standardized framework supports this objective? A)IEEE 802.1xIEEE 802.11afIEEE 802.1qIEEE 802.1p55.What will be the result of executing the command in the graphic? C)The default login method will use TACACS+ only.TACACS+ accounting will be enabled at login.The enable password will be used if a TACACS+ server is not available.The default TACACS+ user shell will be enabled.56.Which AAA service reduces IT operating costs by providing detailed reporting and monitoring of network user behavior, and also by keeping a record of every access connection and device configuration change across the network?authenticationaccreditationaccountingauthorization57.What tool should you use to add a single user account to the Cisco Secure ACS for Windows user database?database replicationUnknown User PolicyRDBMS SynchronizationCisco Secure ACS HTML interface58.Refer to the exhibit. Which two services can the network access server use to direct requests from the remote user to the Cisco Secure ACS authentication service? (Choose two.)CSAuthCSUtilRADIUSRDBMSTACACS+59.RTA(config) tacacs-server key emailprotected?RTA(config) tacacs-server host 10.1.2.4RTA(config) tacacs-server host 10.1.2.5What will be the effect of these commands on router RTA? C)The TACACS+ server is now authenticating for the hosts 10.1.2.4 and 10.1.2.5.The TACACS+ server key has been exported to the hosts 10.1.2.4 and 10.1.2.5.The TACACS+ servers 10.1.2.4 and 10.1.2.5 and the router have been set to share the same authentication key.The TACACS+ servers are 10.1.2.4 and 10.1.2.5 and the configuration adds router RTA as a third TACACS+ server.60.RTA(config) abdominal aortic aneurysm new-modelRTA(config) abdominal aortic aneurysm authentication login default group taca cs+ enableAfter entering the configuration shown, the administrator loses the connection to the router before having the chance to create a new TACACS+ account. What is the easiest way for the administrator to regain administrative access to router RTA? C)Connect to the router, and use the default TACACS+ username and password.Erase NVRAM, and redo the configuration from scratch.Connect to the router, and supply the enable password. discharge a password recovery procedure on the router61.Which command associates the group MYGROUP with the AAA server using the TACACS+ protocol? D)Pixfirewall(config) abdominal aortic aneurysm-server MYGROUP tacacs+ protocolPixfirewall(config) abdominal aortic aneurysm-server protocol tacacs+ MYGROUPPixfirewall(config) abdominal aortic aneurysm-server tacacs+ protocol MYGROUPPixfirewall(config) abdominal aortic aneurysm-server MYGROUP protocol tacacs+62.Which configuration command defines the association of initiating HTTP protocol traffic with an auth entication proxy name MYPROXY? C)Router(config) ip auth-proxy MYPROXY httpRouter(config) auth-proxy MYPROXY ip httpRouter(config) ip auth-proxy name MYPROXY httpRouter(config) auth-proxy name MYPROXY ip http63.With the following configuration command, how long does the PIX Security Appliance try to access the AAA server 10.0.1.10 before choosing the next AAA server if there is no response from 10.0.1.10?abdominal aortic aneurysm-server MYTACACS (inside) host 10.0.1.10 secretkey12 seconds15 seconds20 seconds30 seconds64.Which command will enable AAA services on a router? BRouter(config) abdominal aortic aneurysm enableRouter(config) aaa new-modelRouter(config) aaa set enableRouter(config) aaa new-model enable65.What is the default timeout in minutes for the inactivity-timer parameter of the ip auth-proxy command?153045609066.The network administrator configured the aaa authorization command below on the PIX Security Appliance. What is the effect of this command?pix(config) aaa author ization include tcp/22 outside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 auth1FTP traffic from outside is suit to authorization by the AAA server.SSH traffic from outside is subject to authorization by the AAA server.HTTP traffic from outside is subject to authorization by the AAA server.SMTP traffic from outside is subject to authorization by the AAA server.67.Which type of authentication is being used when authentication is required via the PIX Security Appliance before direct traffic flow is allowed between users and the company web server? C)access authenticationconsole access authenticationcut-through proxy authenticationtunnel access authentication68.What will be the effect in the router after these configuration commands are entered? B)Router(config) ip auth-proxy name aprule httpRouter(config) interface ethernet0Router(config-if) ip auth-proxy apruleAn authentication proxy rule called aprule is created making all authentication proxy services available only through the ethernet0 inte rface.An authentication proxy rule called aprule has been created for the HTTP protocol and is associated with the ethernet0 interface.An authentication proxy rule called aprule has been created for all protocols except the HTTP protocol and is associated with the ethernet0 interface.An authentication proxy rule called aprule has been created for the HTTP server running internally to the router and is associated with anyone attempting to access the web server from the ethernet0 interface.69.When Cisco IOS Firewall authentication proxy is enabled, a user sends HTTP traffic which will trigger the authentication proxy. What is the first action taken by the proxy? C)The user will be asked to supply a valid username and password.The TACACS+ server will be contacted to see if the user is a valid user.The authentication proxy will tab to see if the user has already been authenticated.If the authentication proxy has no user account for the user, it will check to see if a default guest user has been defined.70.A TACACS+ server is configured to provide authentication, authorization, and accounting. The IP address of the server is 192.168.50.1, and the AAA authentication encryption key is S3crtK3y. Which command sequence will configure a Cisco router to communicate with the TACACS+ server? D)Router(config) aaa new-modelRouter(config) aaa authentication default group tacacs+Router(config) aaa authorization auth-proxy default group tacacs+Router(config) aaa tacacs-server host 192.168.50.1Router(config) aaa tacacs-server key S3crtK3yRouter(config) aaa enableRouter(config) aaa authentication default group tacacs+Router(config) aaa authorization auth-proxy default group tacacs+Router(config) tacacs-server host 192.168.50.1Router(config) tacacs-server key S3crtK3yRouter(config) aaa enableRouter(config) aaa authentication login default group tacacs+Router(config) aaa authorization auth-proxy default group tacacs+Router(config) aaa tacacs-server host 192.168.50.1Router(config) aaa tacacs-server key S3crtK3yRouter(config) aaa new-modelRouter(config) aaa authentication login default group tacacs+Router(config) aaa authorization auth-proxy default group tacacs+Router(config) tacacs-server host 192.168.50.1Router(config) tacacs-server key S3crtK3y71.The lead network administrator notices that unknown users have made router configuration changes. These changes are adversely affecting the network. Which command can be entered on the router to help identify future configuration changes and who made these changes?aaa accountingshow uauthaaa accounting consoleaaa accounting contain72.Refer to the exhibit. Since ABC, Inc. is strengthening security, a PIX Security Appliance firewall must be configured with AAA services. Accounting should be provided for all FTP and HTTP traffic from any host to the network server at 192.168.2.10.Which command sequence would successfully process the desired traffic to the NY_ACS accounting server? Apixfirewall(config) access-list on e hundred ten stomach tcp any host 192.168.2.10 eq ftppixfirewall(config) access-list 110 permit tcp any host 192.168.2.10 eq httppixfirewall(config) aaa accounting match 110 outside NY_ACSpixfirewall(config) access-list 110 permit tcp any host 192.168.2.10 eq ftppixfirewall(config) access-list 110 permit tcp any host 192.168.2.10 eq httppixfirewall(config) aaa accounting access-list 110 outside 10.0.0.2pixfirewall(config) access-list 110 permit tcp any host 10.0.0.2 eq ftppixfirewall(config) access-list 110 permit tcp any host 10.0.0.2 eq httppixfirewall(config) aaa accounting match 110 outside NY_ACSpixfirewall(config) access-list 110 permit tcp any host 192.168.2.10 eq ftppixfirewall(config) access-list 110 permit tcp any host 192.168.2.10 eq httppixfirewall(config) aaa accounting match 110 outside 10.0.0.273.Which command displays the current authenticated users, the host IP to which they are bound, and any cached IP and port authorization information on a Cisco PIX Security Ap pliance configured for AAA? B)pixfirewall(config) show aaa allpixfirewall(config) show uauthpixfirewall(config) show aaa statisticspixfirewall(config) show aaa-server74.A user has initiated an HTTP session through a firewall and has been authenticated by an authentication proxy. They have not generated any traffic in a while and the idle timer has expired for that user. What will the user have to do to allow them to go through the firewall again? D)The user can manually restart the idle timer.The user can simply TFTP their user profile to t