Módulos 16-17
Módulos 16-17
Módulos 16-17
Explanation:
After an intruder gains access to a network, common network threats are as follows:
Information theft
Identity theft
Data loss or manipulation
Disruption of service
Cracking the password for a known username is a type of access attack.
7. Which example of malicious code would be classified as a Trojan horse?
malware that was written to look like a video game
malware that requires manual user intervention to spread between systems
malware that attaches itself to a legitimate program and spreads to other programs when
launched
malware that can automatically spread from one system to another by exploiting a
vulnerability in the target
8. What is the difference between a virus and a worm?
Viruses self-replicate but worms do not.
Worms self-replicate but viruses do not.
Worms require a host file but viruses do not.
Viruses hide in legitimate programs but worms do not.
Explanation: Worms are able to self-replicate and exploit vulnerabilities on computer
networks without user participation.
9. Which attack involves a compromise of data that occurs between two end points?
denial-of-service
man-in-the-middle attack
extraction of security parameters
username enumeration
Explanation: Threat actors frequently attempt to access devices over the internet through
communication protocols. Some of the most popular remote exploits are as follows:
Man-In-the-middle attack (MITM) – The threat actor gets between devices in the system
and intercepts all of the data being transmitted. This information could simply be
collected or modified for a specific purpose and delivered to its original destination.
Eavesdropping attack – When devices are being installed, the threat actor can intercept
data such as security keys that are used by constrained devices to establish
communications once they are up and running.
SQL injection (SQLi) – Threat actors uses a flaw in the Structured Query Language
(SQL) application that allows them to have access to modify the data or gain
administrative privileges.
Routing attack – A threat actor could either place a rogue routing device on the network
or modify routing packets to manipulate routers to send all packets to the chosen
destination of the threat actor. The threat actor could then drop specific packets, known
as selective forwarding, or drop all packets, known as a sinkhole attack.
10. Which type of attack involves an adversary attempting to gather information about a
network to identify vulnerabilities?
reconnaissance
DoS
dictionary
man-in-the-middle
11. Match the description to the type of firewall filtering. (Not all options are used.)
Explanation: The login and password cisco commands are used with Telnet switch
configuration, not SSH configuration.
16. What feature of SSH makes it more secure than Telnet for a device management
connection?
confidentiality with IPsec
stronger password requirement
random one-time port connection
login information and data encryption
Explanation: Secure Shell (SSH) is a protocol that provides a secure management
connection to a remote device. SSH provides security by providing encryption for both
authentication (username and password) and the transmitted data. Telnet is a protocol that
uses unsecure plaintext transmission. SSH is assigned to TCP port 22 by default. Although
this port can be changed in the SSH server configuration, the port is not dynamically
changed. SSH does not use IPsec.
17. What is the advantage of using SSH over Telnet?
SSH is easier to use.
SSH operates faster than Telnet.
SSH provides secure communications to access hosts.
SSH supports authentication for a connection request.
Explanation: SSH provides a secure method for remote access to hosts by encrypting
network traffic between the SSH client and remote hosts. Although both Telnet and SSH
request authentication before a connection is established, Telnet does not support
encryption of login credentials.
18. What is the role of an IPS?
detecting and blocking of attacks in real time
connecting global threat information to Cisco network security devices
authenticating and validating traffic
filtering of nefarious websites
Explanation: An intrusion prevention system (IPS) provides real-time detection and
blocking of attacks.
19. A user is redesigning a network for a small company and wants to ensure security at a
reasonable price. The user deploys a new application-aware firewall with intrusion detection
capabilities on the ISP connection. The user installs a second firewall to separate the company
network from the public network. Additionally, the user installs an IPS on the internal
network of the company. What approach is the user implementing?
attack based
risk based
structured
layered
Explanation: Using different defenses at various points of the network creates a layered
approach.
20. What is an accurate description of redundancy?
configuring a router with a complete MAC address database to ensure that all frames
can be forwarded to the correct destination
configuring a switch with proper security to ensure that all traffic forwarded through an
interface is filtered
designing a network to use multiple virtual devices to ensure that all traffic uses the best
path through the internetwork
designing a network to use multiple paths between switches to ensure there is no single point
of failure
Explanation: Redundancy attempts to remove any single point of failure in a network by
using multiple physically cabled paths between switches in the network.
21. A network administrator is upgrading a small business network to give high priority to
real-time applications traffic. What two types of network services is the network
administrator trying to accommodate? (Choose two.)
voice
video
instant messaging
FTP
SNMP
22. What is the purpose of a small company using a protocol analyzer utility to capture
network traffic on the network segments where the company is considering a network
upgrade?
to identify the source and destination of local network traffic
to capture the Internet connection bandwidth requirement
to document and analyze network traffic requirements on each network segment
to establish a baseline for security analysis after the network is upgraded
Explanation: An important prerequisite for considering network growth is to understand the
type and amount of traffic that is crossing the network as well as the current traffic flow. By
using a protocol analyzer in each network segment, the network administrator can
document and analyze the network traffic pattern for each segment, which becomes the
base in determining the needs and means of the network growth.
23. Refer to the exhibit. An administrator is testing connectivity to a remote device with the IP
address 10.1.1.1. What does the output of this command indicate?
traceroute
show cdp neighbors
Telnet
an extended ping
39. Refer to the exhibit. Baseline documentation for a small company had ping round trip time
statistics of 36/97/132 between hosts H1 and H3. Today the network administrator checked
connectivity by pinging between hosts H1 and H3 that resulted in a round trip time of
1458/2390/6066. What does this indicate to the network administrator?