CCNA EXPLORATION ACCESSING THE WAN Study Guide

Chapter 4: Network Security

4.0.1 What is the most important step that an organization can take to protect its network? 4.1.1 What balance must an organization find? As the types of threats, attacks, and exploits have evolved, various terms have been coined to describe the individuals involved. List some of the most common terms. Describe the seven-step process Hackers often use to gain information and start an attack. What are some of the most commonly reported acts of computer crime that have network security implications? Describe Open, Restrictive, & Closed Networks. What is the first step any organization should take to protect its data and itself from a liability challenge? What is a security policy? A security policy should meet what goals? 4.1.2 When discussing network security, what are the three common factors? What are the three primary vulnerabilities or weaknesses? What are the four classes of physical threats? How might you mitigate Hardware threats? How might you mitigate Environmental threats? How might you mitigate Electrical threats? How might you mitigate Maintenance threats? Describe Unstructured Threats. Describe Structured Threats. Describe External Threats. Describe Internal Threats. Describe Social Engineering. Describe Phishing. 4.1.3 Describe the four primary classes of network attacks. What are some possible reconnaissance attacks? What are some of the utilities external hackers can use to easily determine the IP address space assigned to a given CCNA EXP 4

CH.4 Network Security

REVISED FEB 2009

corporation or entity? What is a ping sweep? How does the intruder use port scans? What are some common terms for eavesdropping? Describe Two common uses of eavesdropping. Why is SNMP version 1 community strings susceptible to eavesdropping? What are three of the most effective methods for counteracting eavesdropping? Why is encryption a valuable option? Describe password attacks. What are some of the tools intruders can use to implement password attacks? Describe Port Redirection. Describe Man-in-the-Middle Attack. Describe transparent proxy. Describe DoS attacks. Describe Ping of Death. Describe SYN flood attack. Describe DDoS Attacks. What are some Examples of DDoS attacks? How might DoS and DDoS attacks be mitigated? Describe Malicious Code Attacks. Describe the anatomy of a worm attack. 4.1.4 Describe Device Hardening. Why use Antivirus software? Why use Personal Firewalls? Why use Operating System Patches? 4.1.5 Describe the Security Wheel. List the four steps of the Security Wheel.

What are the Functions of a Security Policy? What are the most recommended Components of a Security Policy? 4.2.1 What functions does a router provide? Why do intruders target routers? Router security should be thought of in terms of what category types? 4.2.2 What are the steps to safeguard a router? Describe the two Cisco IOS password protection schemes. What command is used to enable the type 5 encryption? Why is type 5 preferred over type 7? 4.2.4 What is the preferred way for an CCNA EXP 4

1.

CH.4 Network Security

REVISED FEB 2009

administrator to connect to a device to manage it? What are the two steps to secure administrative access to routers and switches? Remote access typically involves allowing what types of connections to the router from a computer on the same internetwork as the router? VTY lines should be configured to accept connections only with the protocols actually needed. What commands accomplish this? In limiting the risk of a DoS attack on VTY lines, what is a good practice? How is the answer to the above question accomplished? What port does Telnet use? What is the major difference between Telnet & SSH? What port does SSH use? When SSH is enabled, are Cisco routers clients or servers? To enable SSH on the router, what parameters must be configured? What are the steps to configure SSH on a router? To connect to a router configured with SSH, you have to use an SSH client application such as? 4.2.5 What is the purpose of logging router activity? What are the different levels of logging Routers support? Why is a syslog server a good option? What is the importance of time stamps? 4.3.1 What is the command(s) to disable Small services such as echo, discard, and chargen? What is the command(s) to disable BOOTP? What is the command(s) to disable Finger? What is the command(s) to disable HTTP? What is the command(s) to disable SNMP? What is the command(s) to disable Cisco Discovery Protocol (CDP)? What is the command(s) to disable remote configuration? What is the command(s) to disable source routing? What is the command(s) to disable classless routing? What is the command(s) to disable unused interfaces? CCNA EXP 4 CH.4 Network Security REVISED FEB 2009

4.3.2

4.3.3

4.4.1

4.4.4

4.5.2

4.5.3

4.5.4

4.5.5

What is the command(s) to disable SMURF attacks? What is the command(s) to disable ad hoc routing? How do you set the name server to be used on a router? What is the command(s) to disable DNS? What are the consequences of falsifying routing information? You can configure AutoSecure in privileged EXEC mode using the auto secure command in one of what two modes? What command is used to start the process of securing a router? What are some of the items Cisco AutoSecure will ask you for? What is Cisco SDM? Where can SDM be installed? What are the steps to configure Cisco SDM on a router already in use, without disrupting network traffic? On new routers where is Cisco SDM is stored by default? How do you launch the Cisco SDM? What are the differences in locking down a router with Cisco SDM vs. Cisco AutoSecure? What are some of the tools that require valid Cisco.com login accounts? Where is the file image of the IOS located? Describe the Cisco IOS File Naming Conventions use in the following example: C1841-ipbase-mz.123-14.T7.bin What is the benefit of using TFTP Servers to manage IOS Images? What tasks should be completed before changing a Cisco IOS image on the router? During the copy process what is the purpose of the exclamation points (!)? Describe the two most used troubleshooting commands. Which commands displays static information? By default, where does the network server send the output from debug commands and system error messages? Which commands displays dynamic data and events? In which mode is it issued? To list and see a brief description of all the debugging command options what do you enter on the router? What is the configuration register?

CCNA EXP 4

CH.4 Network Security

REVISED FEB 2009

4.5.6 What command will confirm that the router will use the configured config register setting on the next reboot?

CCNA EXP 4

CH.4 Network Security

REVISED FEB 2009