1. What two protocols are supported on Cisco devices for AAA communications? (Choose two.)
Explanation: Two AAA protocols are supported on Cisco devices, TACACS+ and RADIUS. Hot Standby Router Protocol (HSRP) is used on Cisco routers to allow for gateway redundancy. Link Layer Discovery Protocol (LLDP) is a protocol for neighbor discovery. VLAN trunking protocol (VTP) is used on Cisco switches to manage VLANs on a VTP-enabled server switch.
2. Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack?
Explanation: CDP is a Cisco proprietary protocol that gathers information from other connected Cisco devices, and is enabled by default on Cisco devices. LLDP is an open standard protocol which provides the same service. It can be enabled on a Cisco router. HTTP and FTP are Application Layer protocols that do not collect information about network devices.
3. When security is a concern, which OSI Layer is considered to be the weakest link in a network system?
- Layer 4
- Layer 7
- Layer 2
- Layer 3
Explanation: Security is only as strong as the weakest link in the system, and Layer 2 is considered to be that weakest link. In addition to protecting Layer 3 to Layer 7, network security professionals must also mitigate attacks to the Layer 2 LAN infrastructure.
4. Which Layer 2 attack will result in a switch flooding incoming frames to all ports?
- MAC address overflow
- Spanning Tree Protocol manipulation
- IP address spoofing
- ARP poisoning
Explanation: When an attacker rapidly sends frames with spoofed MAC addresses to a switch, the MAC address table of the switch becomes full. Once the MAC address table of the switch is full, the switch will flood all new incoming frames to all ports.
5. Why is authentication with AAA preferred over a local database method?
- It specifies a different password for each line or port.
- It requires a login and password combination on the console, vty lines, and aux ports.
- It provides a fallback authentication method if the administrator forgets the username or password.
- It uses less network bandwidth.
Explanation: The local database method of authentication does not provide a fallback authentication method if an administrator forgets the username or password. Password recovery will be the only option. When authentication with AAA is used, a fallback method can be configured to allow an administrator to use one of many possible backup authentication methods.
6. In a server-based AAA implementation, which protocol will allow the router to successfully communicate with the AAA server?
Explanation: With a server-based method, the router accesses a central AAA server using either the Remote Authentication Dial-In User (RADIUS) or Terminal Access Controller Access Control System (TACACS+) protocol. SSH is a protocol used for remote login. 802.1x is a protocol used in port-based authentication. TACACS is a legacy protocol and is no longer used.
7. Which Cisco solution helps prevent MAC and IP address spoofing attacks?
- Dynamic ARP Inspection
- IP Source Guard
- Port Security
- DHCP Snooping
Cisco provides solutions to help mitigate Layer 2 attacks including:
- IP Source Guard (IPSG) – prevents MAC and IP address spoofing attacks
- Dynamic ARP Inspection (DAI) – prevents ARP spoofing and ARP poisoning attacks
- DHCP Snooping – prevents DHCP starvation and SHCP spoofing attacks
- Port Security – prevents many types of attacks including MAC table overflow attacks and DHCP starvation attacks
8. What is the purpose of AAA accounting?
- to determine which resources the user can access
- to collect and report application usage
- to prove users are who they say they are
- to determine which operations the user can perform
Explanation: AAA accounting collects and reports application usage data. This data can be used for such purposes as auditing or billing. AAA authentication is the process of verifying users are who they say they are. AAA authorization is what the users can and cannot do on the network after they are authenticated.
9. Which Layer 2 attack will result in legitimate users not getting valid IP addresses?
- ARP spoofing
- DHCP starvation
- IP address spoofing
- MAC address flooding
Explanation: The DHCP starvation attack causes the exhaustion of the IP address pool of a DHCP server before legitimate users can obtain valid IP addresses.
10. Which three Cisco products focus on endpoint security solutions? (Choose three.)
- NAC Appliance
- Adaptive Security Appliance
- SSL/IPsec VPN Appliance
- IPS Sensor Appliance
- Web Security Appliance
- Email Security Appliance
Explanation: The primary components of endpoint security solutions are Cisco Email and Web Security appliances, and Cisco NAC appliance. ASA, SSL/IPsec VPN, and IPS sensor appliances all provide security solutions that focus on the enterprise network, not on endpoint devices.
11. True or False?
In the 802.1X standard, the client attempting to access the network is referred to as the supplicant.
Explanation: In 802.1X terminology the client workstation is known as the supplicant.
12. What is involved in an IP address spoofing attack?
- Bogus DHCPDISCOVER messages are sent to consume all the available addresses on a DHCP server.
- A rogue DHCP server provides false IP configuration parameters to legitimate DHCP clients.
- A rogue node replies to an ARP request with its own MAC address indicated for the target IP address.
- A legitimate network IP address is hijacked by a rogue node.
Explanation: In an IP address spoofing attack, the IP address of a legitimate network host is hijacked and used by a rogue node. This allows the rogue node to pose as a valid node on the network.
13. What three services are provided by the AAA framework? (Choose three.)
Explanation: The authentication, authorization, and accounting (AAA) framework provides services to help secure access to network devices.
14. Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this?
Explanation: One of the components in AAA is authorization. After a user is authenticated through AAA, authorization services determine which resources the user can access and which operations the user is allowed to perform.
15. What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow?
- Enable port security.
- Disable DTP.
- Disable STP.
- Place unused ports in an unused VLAN.
Explanation: A MAC address (CAM) table overflow attack, buffer overflow, and MAC address spoofing can all be mitigated by configuring port security. A network administrator would typically not want to disable STP because it prevents Layer 2 loops. DTP is disabled to prevent VLAN hopping. Placing unused ports in an unused VLAN prevents unauthorized wired connectivity.