10.6.2 Module Quiz – LAN Security Concepts (Answers)

Mar 24, 2021 Last Updated: Jan 8, 2023 CCNA v7 Course #2, CCNA v7.0 No Comments
Tweet Share Pin it

10.6.2 Module Quiz – LAN Security Concepts Answers

1. What two protocols are supported on Cisco devices for AAA communications? (Choose two.)

  • RADIUS
  • LLDP
  • HSRP
  • VTP
  • TACACS+

Explanation: Two AAA protocols are supported on Cisco devices, TACACS+ and RADIUS. Hot Standby Router Protocol (HSRP) is used on Cisco routers to allow for gateway redundancy. Link Layer Discovery Protocol (LLDP) is a protocol for neighbor discovery. VLAN trunking protocol (VTP) is used on Cisco switches to manage VLANs on a VTP-enabled server switch.

2. Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack?

  • HTTP
  • LLDP
  • CDP
  • FTP

Explanation: CDP is a Cisco proprietary protocol that gathers information from other connected Cisco devices, and is enabled by default on Cisco devices. LLDP is an open standard protocol which provides the same service. It can be enabled on a Cisco router. HTTP and FTP are Application Layer protocols that do not collect information about network devices.

3. When security is a concern, which OSI Layer is considered to be the weakest link in a network system?​

  • Layer 4
  • Layer 7
  • Layer 2
  • Layer 3

Explanation: Security is only as strong as the weakest link in the system, and Layer 2 is considered to be that weakest link. In addition to protecting Layer 3 to Layer 7, network security professionals must also mitigate attacks to the Layer 2 LAN infrastructure.

4. Which Layer 2 attack will result in a switch flooding incoming frames to all ports?

  • MAC address overflow
  • Spanning Tree Protocol manipulation
  • IP address spoofing
  • ARP poisoning

Explanation: When an attacker rapidly sends frames with spoofed MAC addresses to a switch, the MAC address table of the switch becomes full. Once the MAC address table of the switch is full, the switch will flood all new incoming frames to all ports.

5. Why is authentication with AAA preferred over a local database method?

  • It specifies a different password for each line or port.
  • It requires a login and password combination on the console, vty lines, and aux ports.
  • It provides a fallback authentication method if the administrator forgets the username or password.
  • It uses less network bandwidth.

Explanation: The local database method of authentication does not provide a fallback authentication method if an administrator forgets the username or password. Password recovery will be the only option. When authentication with AAA is used, a fallback method can be configured to allow an administrator to use one of many possible backup authentication methods.

6. In a server-based AAA implementation, which protocol will allow the router to successfully communicate with the AAA server?

  • SSH
  • 802.1x
  • RADIUS
  • TACACS

Explanation: With a server-based method, the router accesses a central AAA server using either the Remote Authentication Dial-In User (RADIUS) or Terminal Access Controller Access Control System (TACACS+) protocol. SSH is a protocol used for remote login. 802.1x is a protocol used in port-based authentication. TACACS is a legacy protocol and is no longer used.

7. Which Cisco solution helps prevent MAC and IP address spoofing attacks?

  • Dynamic ARP Inspection
  • IP Source Guard
  • Port Security
  • DHCP Snooping

Explanation: Cisco provides solutions to help mitigate Layer 2 attacks including:

  • IP Source Guard (IPSG) – prevents MAC and IP address spoofing attacks
  • Dynamic ARP Inspection (DAI) – prevents ARP spoofing and ARP poisoning attacks
  • DHCP Snooping – prevents DHCP starvation and SHCP spoofing attacks
  • Port Security – prevents many types of attacks including MAC table overflow attacks and DHCP starvation attacks

8. What is the purpose of AAA accounting?

  • to determine which resources the user can access
  • to collect and report application usage
  • to prove users are who they say they are
  • to determine which operations the user can perform

Explanation: AAA accounting collects and reports application usage data. This data can be used for such purposes as auditing or billing. AAA authentication is the process of verifying users are who they say they are. AAA authorization is what the users can and cannot do on the network after they are authenticated.

9. Which Layer 2 attack will result in legitimate users not getting valid IP addresses?

  • ARP spoofing
  • DHCP starvation
  • IP address spoofing
  • MAC address flooding

Explanation: The DHCP starvation attack causes the exhaustion of the IP address pool of a DHCP server before legitimate users can obtain valid IP addresses.

10. Which three Cisco products focus on endpoint security solutions? (Choose three.)

  • NAC Appliance
  • Adaptive Security Appliance
  • SSL/IPsec VPN Appliance
  • IPS Sensor Appliance
  • Web Security Appliance
  • Email Security Appliance

Explanation: The primary components of endpoint security solutions are Cisco Email and Web Security appliances, and Cisco NAC appliance. ASA, SSL/IPsec VPN, and IPS sensor appliances all provide security solutions that focus on the enterprise network, not on endpoint devices.

11. True or False?
In the 802.1X standard, the client attempting to access the network is referred to as the supplicant.

  • false
  • true

Explanation: In 802.1X terminology the client workstation is known as the supplicant.

12. What is involved in an IP address spoofing attack?

  • Bogus DHCPDISCOVER messages are sent to consume all the available addresses on a DHCP server.
  • A rogue DHCP server provides false IP configuration parameters to legitimate DHCP clients.
  • A rogue node replies to an ARP request with its own MAC address indicated for the target IP address.
  • A legitimate network IP address is hijacked by a rogue node.

Explanation: In an IP address spoofing attack, the IP address of a legitimate network host is hijacked and used by a rogue node. This allows the rogue node to pose as a valid node on the network.

13. What three services are provided by the AAA framework? (Choose three.)

  • authentication
  • authorization
  • accounting
  • autoconfiguration
  • automation
  • autobalancing

Explanation: The authentication, authorization, and accounting (AAA) framework provides services to help secure access to network devices.

14. Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this?

  • authorization
  • authentication
  • accessibility
  • accounting
  • auditing

Explanation: One of the components in AAA is authorization. After a user is authenticated through AAA, authorization services determine which resources the user can access and which operations the user is allowed to perform.

15. What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow?

  • Enable port security.
  • Disable DTP.
  • Disable STP.
  • Place unused ports in an unused VLAN.

Explanation: A MAC address (CAM) table overflow attack, buffer overflow, and MAC address spoofing can all be mitigated by configuring port security. A network administrator would typically not want to disable STP because it prevents Layer 2 loops. DTP is disabled to prevent VLAN hopping. Placing unused ports in an unused VLAN prevents unauthorized wired connectivity.

16. Which of the following encrypts the data on end-devices, which can be decrypted only if a payment is made?

  • DDoS
  • Ransomware
  • Virus
  • Worm

Explanation: Ransomware encrypts the data on a host and locks access to it until a ransom is paid.

17. Which network security device monitors and encrypts SMTP traffic to block threats and prevent data loss?

  • ESA
  • NAC
  • NGFW
  • WSA

Explanation: An ESA is a network security device that is specifically designed to monitor and secure SMTP traffic.

18. Which AAA component is responsible for determining what access is permitted?

  • Accounting
  • Administration
  • Authentication
  • Authorization

Explanation: Authorization determines which resources the user can access and which operations the user is allowed to perform.

19. Which small network router authentication method authenticates device access by referring to local usernames and passwords?

  • Local AAA authentication
  • Local AAA over RADIUS or TACACS+
  • Server-based AAA
  • Server-based AAA over RADIUS or TACACS+

Explanation: Local AAA stores usernames and passwords locally in the Cisco router, and users authenticate against the local database. Local AAA is ideal for small networks.

20. Which 802.1X term is used to describe the device that is responsible for relaying 802.1X responses?

  • Authenticator
  • Authentication server
  • Client
  • Supplicant

Explanation: A switch or wireless access point are 802.1X authenticators in between the client and the authentication server. Authenticators request identifying information from the client, verify that information with the authentication server, and relay a response to the client.

21. Which 802.1X term is used to describe the device that is requesting authentication?

  • Authenticator
  • Authentication server
  • Client
  • Supplicant

Explanation: The supplicant is the client that is requesting network access.

22. Which mitigation technique prevents MAC address table overflow attacks?

  • DAI
  • Firewalls
  • Port security
  • VPNs

Explanation: Port security prevents many types of attacks, including MAC address table overflow.

23. Which mitigation technique prevents ARP spoofing and ARP poisoning attacks?

  • DAI
  • Firewalls
  • Port security
  • VPNs

Explanation: Dynamic ARP Inspection (DAI) prevents ARP spoofing and ARP poisoning attacks.

24. Which type of attack does IPSG mitigate?

  • It prevents ARP spoofing and ARP poisoning attacks.
  • It prevents DHCP starvation and DHCP spoofing attacks.
  • It prevents MAC address table overflow attacks.
  • It prevents MAC and IP address spoofing.

Explanation: IP Source Guard (IPSG) prevents MAC and IP address spoofing.

25. What happens to a compromised switch during a MAC address table attack?

  • The switch interfaces will transition to error-disabled state.
  • The switch will drop all received frames.
  • The switch will flood all incoming frames to all other ports in the VLAN.
  • The switch will shut down.

Explanation: A MAC address table attack will fill the MAC address table. When the MAC address table is full, the switch treats the frame as an unknown unicast and begins to flood all incoming traffic to all ports only within the local VLAN.

26. Why would a threat actor launch a MAC address overflow attack on a small network?

  • To capture frames destined for other LAN devices
  • To ensure legitimate hosts cannot forward traffic
  • To launch a DoS attack
  • To overwhelm the switch and drop frames

Explanation: MAC address table attacks are conducted to overwhelm a switch to disregard the MAC address table entries and instead forward incoming traffic out all ports. Threat actors connected to the LAN can then capture traffic using a protocol analyzer such as Wireshark.

27. Which is an example of a DHCP starvation attack?

  • A threat actor changes the MAC address of the threat actor’s device to the MAC address of the default gateway.
  • A threat actor configures a host with the 802.1Q protocol and forms a trunk with the connected switch.
  • A threat actor discovers the IOS version and IP addresses of the local switch.
  • A threat actor leases all the available IP addresses on a subnet to deny legitimate clients DHCP resources.
  • A threat actor sends a BPDU message with priority 0.
  • A threat actor sends a message that causes all other devices to believe the MAC address of the threat actor’s device is the default gateway.

Explanation: DHCP starvation attacks occur when a threat actor requests and receives all the available IP addresses for a subnet.

28. Which is an example of an STP attack?

  • A threat actor changes the MAC address of the threat actor’s device to the MAC address of the default gateway.
  • A threat actor configures a host with the 802.1Q protocol and forms a trunk with the connected switch.
  • A threat actor discovers the IOS version and IP addresses of the local switch.
  • A threat actor leases all the available IP addresses on a subnet to deny legitimate clients DHCP resources.
  • A threat actor sends a BPDU message with priority 0.
  • A threat actor sends a message that causes all other devices to believe the MAC address of the threat actor’s device is the default gateway.

Explanation: A threat actor sending BPDU messages with a priority of 0 is trying to become the root bridge in the STP topology.

29. Which is an example of an address spoofing attack?

  • A threat actor changes the MAC address of the threat actor’s device to the MAC address of the default gateway.
  • A threat actor configures a host with the 802.1Q protocol and forms a trunk with the connected switch.
  • A threat actor discovers the IOS version and IP addresses of the local switch.
  • A threat actor leases all the available IP addresses on a subnet to deny legitimate clients DHCP resources.
  • A threat actor sends a BPDU message with priority 0.
  • A threat actor sends a message that causes all other devices to believe the MAC address of the threat actor’s device is the default gateway.

Explanation: Address spoofing attacks occur when the threat actor changes the MAC and/or IP address of the threat actor’s device to pose as another legitimate device, such as the default gateway.

30. Which is an example of an ARP spoofing attack?

  • A threat actor changes the MAC address of the threat actor’s device to the MAC address of the default gateway.
  • A threat actor configures a host with the 802.1Q protocol and forms a trunk with the connected switch.
  • A threat actor discovers the IOS version and IP addresses of the local switch.
  • A threat actor leases all the available IP addresses on a subnet to deny legitimate clients DHCP resources.
  • A threat actor sends a BPDU message with priority 0.
  • A threat actor sends a message that causes all other devices to believe the MAC address of the threat actor’s device is the default gateway.

Explanation: A threat actor can send a gratuitous ARP reply causing all devices to believe that the threat actor’s device is a legitimate device, such as the default gateway.

31. Which is an example of a CDP reconnaissance attack?

  • A threat actor changes the MAC address of the threat actor’s device to the MAC address of the default gateway.
  • A threat actor configures a host with the 802.1Q protocol and forms a trunk with the connected switch.
  • A threat actor discovers the IOS version and IP addresses of the local switch.
  • A threat actor leases all the available IP addresses on a subnet to deny legitimate clients DHCP resources.
  • A threat actor sends a BPDU message with priority 0.
  • A threat actor sends a message that causes all other devices to believe the MAC address of the threat actor’s device is the default gateway

Explanation: A threat actor can use packet sniffing software, such as Wireshark, to view the contents of CDP messages, which are sent unencrypted and include a variety of device information, including the IOS version and IP addresses. CDP and LLDP should not be enabled on edge devices and should be disabled globally or on a per-interface basis if not required.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x