16.5.4 Module Quiz – Network Security Fundamentals Answers
1. What three configuration steps must be performed to implement SSH access to a router? (Choose three.)
- a password on the console line
- an IP domain name
- a user account
- an enable mode password
- a unique hostname
- an encrypted password
Explanation: To implement SSH on a router the following steps need to be performed:
- Configure a unique hostname.
- Configure the domain name of the network.
- Configure a user account to use AAA or local database for authentication.
- Generate RSA keys.
- Enable VTY SSH sessions.
2. What is the objective of a network reconnaissance attack?
- discovery and mapping of systems
- unauthorized manipulation of data
- disabling network systems or services
- denying access to resources by legitimate users
Explanation: The objective of a network reconnaissance attack is to discover information about a network, network systems, and network services.
3. For security reasons a network administrator needs to ensure that local computers cannot ping each other. Which settings can accomplish this task?
- smartcard settings
- firewall settings
- MAC address settings
- file system settings
Explanation: Smartcard and file system settings do not affect network operation. MAC address settings and filtering may be used to control device network access but cannot be used to filter different data traffic types.
4. A network administrator establishes a connection to a switch via SSH. What characteristic uniquely describes the SSH connection?
- out-of-band access to a switch through the use of a virtual terminal with password authentication
- remote access to the switch through the use of a telephone dialup connection
- on-site access to a switch through the use of a directly connected PC and a console cable
- remote access to a switch where data is encrypted during the session
- direct access to the switch through the use of a terminal emulation program
Explanation: SSH provides a secure remote login through a virtual interface. SSH provides a stronger password authentication than Telnet. SSH also encrypts the data during the session.
5. Which benefit does SSH offer over Telnet for remotely managing a router?
- encryption
- TCP usage
- authorization
- connections via multiple VTY lines
Explanation: SSH provides secure access to a network device for remote management. It uses a stronger password authorization than Telnet does and encrypts any data that is transported during the session.
6. What is one of the most effective security tools available for protecting users from external threats?
- firewalls
- router that run AAA services
- patch servers
- password encryption techniques
Explanation: A firewall is one of the most effective security tools for protecting internal network users from external threats. A firewall resides between two or more networks, controls the traffic between them, and helps prevent unauthorized access. A host intrusion prevention system can help prevent outside intruders and should be used on all systems.
7. Which type of network threat is intended to prevent authorized users from accessing resources?
- DoS attacks
- access attacks
- reconnaissance attacks
- trust exploitation
Explanation: Network reconnaissance attacks involve the unauthorized discovery and mapping of the network and network systems. Access attacks and trust exploitation involve unauthorized manipulation of data and access to systems or user privileges. DoS, or Denial of Service attacks, are intended to prevent legitimate users and devices from accessing network resources.
8. Which three services are provided by the AAA framework? (Choose three.)
- accounting
- automation
- authorization
- authentication
- autobalancing
- autoconfiguration
Explanation: The authentication, authorization, and accounting (AAA) framework provides services to help secure access to network devices.
9. Which malicious code attack is self-contained and tries to exploit a specific vulnerability in a system being attacked?
- virus
- worm
- Trojan horse
- social engineering
Explanation: A worm is a computer program that is self replicated with the intention of attacking a system and trying to exploit a specific vulnerability in the target. Both virus and Trojan horse rely on a delivery mechanism to carry them from one host to another. Social engineering is not a type of malicious code attack.
10. Some routers and switches in a wiring closet malfunctioned after an air conditioning unit failed. What type of threat does this situation describe?
- configuration
- environmental
- electrical
- maintenance
Explanation: The four classes of threats are as follows:
- Hardware threats – physical damage to servers, routers, switches, cabling plant, and workstations
- Environmental threats – temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry)
- Electrical threats – voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss
- Maintenance threats – poor handling of key electrical components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling
11. What does the term vulnerability mean?
- a weakness that makes a target susceptible to an attack
- a computer that contains sensitive information
- a method of attack to exploit a target
- a known target or victim machine
- a potential threat that a hacker creates
Explanation: A vulnerability is not a threat, but it is a weakness that makes the PC or the software a target for attacks.
12. Which component is designed to protect against unauthorized communications to and from a computer?
- security center
- port scanner
- antimalware
- antivirus
- firewall
Explanation: Antivirus and antimalware software are used to prevent infection from malicious software. A port scanner is used to test a PC network connection to determine which ports the PC is listening to. The security center is an area of Windows that keeps track of the security software and settings on the PC. A firewall is designed to block unsolicited connection attempts to a PC unless they are specifically permitted.
13. Which command will block login attempts on RouterA for a period of 30 seconds if there are 2 failed login attempts within 10 seconds?
- RouterA(config)# login block-for 10 attempts 2 within 30
- RouterA(config)# login block-for 30 attempts 2 within 10
- RouterA(config)# login block-for 2 attempts 30 within 10
- RouterA(config)# login block-for 30 attempts 10 within 2
Explanation: The correct syntax is RouterA(config)# login block-for (number of seconds) attempts (number of attempts) within (number of seconds).
14. What is the purpose of the network security accounting function?
- to require users to prove who they are
- to determine which resources a user can access
- to keep track of the actions of a user
- to provide challenge and response questions
Explanation: Authentication, authorization, and accounting are network services collectively known as AAA. Authentication requires users to prove who they are. Authorization determines which resources the user can access. Accounting keeps track of the actions of the user.
15. What type of attack may involve the use of tools such as nslookup and fping?
- access attack
- reconnaissance attack
- denial of service attack
- worm attack
Explanation: For reconnaissance attacks, external attackers can use Internet tools, such as the nslookup and whois utilities, to easily determine the IP address space assigned to a given corporation or entity. After the IP address space is determined, an attacker can then ping the publicly available IP addresses to identify the addresses that are active. Fping is a ping sweep tool that can help automate this process.