30 Questions
What type of attack involves overwhelming a target host with half-open TCP connections?
SYN flood attack
Which type of attack involves providing an invalid gateway to create a man-in-the-middle scenario?
DHCP attack
What error might a network administrator receive when attempting to overwrite existing Manager ACL commands?
ACL already exists
In which direction was the standard ACL applied on interface serial 0/0/0 in the exhibit?
Outbound direction
What type of response does the target host send during a TCP SYN flood attack?
TCP-SYN-ACK
Which component can a cybercriminal manipulate to intercept data in a man-in-the-middle attack?
Gateway settings
What type of security threat does the scenario of a person calling to confirm a username and password for auditing purposes represent?
Social engineering
Why are DDoS attacks, spam, and keylogging not examples of social engineering?
They rely on exploiting human psychology
In security attacks, how are zombies typically utilized?
Carrying out distributed denial of service (DDoS) attacks
Which security attack technique involves threat actors intercepting and controlling communication between a source and destination?
Man-in-the-middle (MitM) attack
What distinguishes social engineering from DDoS attacks and spam?
Relies on manipulating human behavior
Which of the following is an example of social engineering?
Gaining passwords through personal interaction
What is the term used to describe the same pre-shared key or secret key, known by both the sender and receiver to encrypt and decrypt data?
Symmetric encryption
Inbound ACLs must be __________ before they are processed.
Routed
When applying an extended ACL to an interface on a router, why would the 'ip access-group 101 in' configuration option be used?
To secure management traffic into the router
When would a technician use the 'access-class 20' command in configuration?
To secure administrative access to the router
In which type of attack is falsified information used to redirect users to malicious Internet sites?
DNS cache poisoning
What is the best ACL type and placement to use when an employee's internet privileges are revoked but still needs access to company resources?
Standard ACL inbound on R1 G0/0
What is a primary feature of an Intrusion Prevention System (IPS)?
It can stop malicious packets
What is the implicit action of both named and numbered ACLs?
Deny all traffic
What term is used to describe a potential danger to a company's assets, data, or network functionality?
Threat
Which statement about ACLs is true?
Numbered ACLs permit or deny based on source IPv4 address only
In what direction would an extended ACL typically be applied on a router interface if it needs to filter incoming traffic?
Inbound
What is the main purpose of using ARP cache poisoning in a network attack?
Redirecting users to malicious sites
What does a standard access list filter on?
Source IP address
In the second scenario, which command is used to deny traffic from the 172.16.0.0/16 network?
Router(config)# access-list 95 deny 172.16.0.0 255.255.0.0
Which ACL command should be used to permit all other traffic in the second scenario?
Router(config)# access-list 95 permit any
What was the intention of the ACL configured on R1 in the third scenario?
Deny all traffic from subnet 172.16.4.0/24 into subnet 172.16.3.0/24
On which interface was the standard ACL applied in the third scenario?
FastEthernet interface Fa0/0
Which of the following commands is NOT used to specify a range of IP addresses in an ACL?
Router(config)# access-list 95 deny 172.16.0.0 255.255.0.0
Study Notes
Standard Access Lists (ACLs)
- Standard ACLs only filter on the source IP address.
- To deny traffic from a specific network, use the
access-list
command with thedeny
keyword followed by the network address and subnet mask. - To permit all other traffic, use the
access-list
command with thepermit
keyword and theany
keyword.
Access List Configuration
- When applying an ACL to an interface, the direction of the ACL is important (inbound or outbound).
- The ACL is applied to the interface using the
ip access-group
command.
Security Threats
- TCP SYN flood attack: a cybercriminal sends a continuous flood of TCP SYN session requests to a target host, overwhelming it with half-open TCP connections.
- Man-in-the-middle attack: a cybercriminal provides an invalid gateway to intercept data.
- Social engineering: an attacker tries to gain the confidence of an employee to obtain sensitive information.
- Zombies: infected machines that carry out a DDoS attack.
ACL Types and Placement
- Standard ACLs: permit or deny packets based on the source IPv4 address.
- Extended ACLs: permit or deny packets based on source and destination IP addresses, ports, and protocols.
- Placement of ACLs depends on the desired traffic control (inbound or outbound).
Network Security
- IPS (Intrusion Prevention System): identifies and stops malicious packets.
- Threat: a potential danger to a company's assets, data, or network functionality.
- Vulnerability: a weakness in a system that can be exploited by an attacker.
- Exploit: a piece of code or a program that takes advantage of a vulnerability.
ACL Commands
-
access-list
: used to create a new ACL or add to an existing one. -
access-class
: used to secure administrative access to the router. -
ip access-group
: used to apply an ACL to an interface. -
ip access-group in
: used to apply an ACL to an interface in the inbound direction.
Test your knowledge on security threats and identify the type of threat represented by a phone call requesting username and password verification for auditing purposes. Learn about social engineering tactics used to gain confidential information. Explore the dangers of divulging sensitive information over the phone.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free