AAA
Router security includes physical security, operating system security, and ________________________.
Router Hardening
When security is a concern, which OSI Layer is considered to be the weakest link in a network system?
Layer 2
What is the default port security violation setting?
shutdown
A client needs to telecommute from home to the office and requires a VPN connection. Only work-related traffic should traverse the tunnel, Internet traffic should not. Which technology would allow for this operation?
Split tunneling (allows the VPN to carry only specific traffic)
An organization is noticing that tailgating is becoming a problem. What should be implemented by the administration of the organization?
Security awareness campaign
What is a characteristic of a role-based access control (RBAC)?
A single CLI view can be shared within multiple superviews.
A cybersecurity analyst is using the macof tool to evaluate configurations of switches deployed in the backbone network of an organization. Which type of LAN attack is the analyst targeting during this evaluation?
Mac Address Overflow
The ip verify source command is applied on untrusted interfaces. Which type of attack is mitigated by using this configuration?
MAC and IP spoofing
What are the source and destination addresses used for an encrypted IPsec packet?
Sending and receiving IP addresses of the VPN gateways
A security technician is evaluating a new operations security proposal designed to limit access to all servers. What is the advantage of using network security testing to evaluate the new proposal?
It proactively evaluates the effectiveness of the proposal before any real threat occurs.
After performing password recovery, which global configuration command must be entered to enable the router to load the Startup configuration on bootup?
configregister 0x2102
What should be done to protect against losing data in case a laptop is stolen?
Encrypt local hard drives
What is the benefit of using ASDM instead of using the CLI to configure the Cisco ASA?
It hides the complexity of security commands.
What is the first step in establishing an IPsec VPN?
detection of interesting traffic
What network scanning tool has advanced features that allow it to use decoy hosts to mask the source of the scan?
Nmap
A network administrator wants to view all the current views and superviews and issues the show parser view all command. However, no output is generated. What must the administrator do to see the output?
enable view
What is the result of a DHCP starvation attack?
The DHCP server runs out of IP addresses to assign (It's a form of Denial of Service (DoS) attack).
When configuring the ASA as a DHCP server, what default gateway will be assigned for the DHCP clients to use?
The ASA's inside IP address
What three protocols must be permitted through the company firewall for the establishment of IPsec site-to-site VPNs?
ESP, ISAKMP, AH
What is the purpose of a security awareness campaign?
to focus the attention of employees on security issues
Which privileged EXEC command would initiate a security audit and make recommended configuration changes with or without administrator input?
auto secure
What is the behavior of a switch as a result of a successful MAC address table attack?
The switch will forward all received frames to all other ports within the VLAN.
Which ASA configuration option encrypts all shared keys and passwords on an ASA?
Master passphrase
What is the transform set’s role in the VPN crypto map?
It defines the encryption and hashing algorithms and the VPN tunnel or transport mode.
Which type of attack allows an attacker to use a brute force approach?
password cracking