Documente Academic
Documente Profesional
Documente Cultură
Furthermore, below table enumerates the difference between Firewall and
IPS in detail –
Ques 2. What is meant by Annual Loss expectancy? How is ALE
calculated?
Annualized loss expectancy (ALE) is loss expectancy from single threat in a
given year in dollars. The formula for calculation of ALE = SLE * ARO,
where
SLE = Single Loss expectancy
ARO = Annualized rate of occurrence
Ques 3. What do we call a computer virus that combines several different
technologies?
Blended Threat
Ques 4. Which global configuration mode command is used to encrypt
any plaintext passwords in a Cisco configuration?
The correct answer is “service password-encryption”
Ques 5. What is difference between Tacacs and Tacacs+?
Below table enumerates the difference between both TACACS and
TACACS+
Ques 6. When an IPsec VPN tunnel is configured, how does the router
determine what traffic is to traverse the VPN tunnel?
VPN uses the concept of Interesting traffic. An access list is used to define
interesting traffic, which is the traffic that is allowed to traverse the VPN
tunnel.
Ques 7. Which IPsec protocol does both encryption and authentication?
ESP (Encapsulating Security Payload) does both encryption and
authentication.
Note - AH does only the authenticating and no encryption.
Ques 8. If you were working in the IOS command - line interface and
needed to check on the status of a VPN tunnel, what command would you
enter?
The command you would enter is “show crypto ipsec sa”. The command
is used to display IPsec security associations. Further, error conditions can
also be shown via this command.
Ques 9. After configuring VPN tunnel, a security administrator issues
“show crypto isakmp sa” and notices the message MM_NO_STATE.
What might be the problem?
The most common reasons for MM_NO_STATE output is either one -
Preshared keys don't match at both ends
Access list that defines interesting traffic doesn't match
Both of those don't match.
Ques 10. What is the “peer address “when discussing a VPN tunnel?
The peer address is the remote endpoint of the VPN device to which you
are connecting .
Ques 11. What is split tunneling?
Split tunneling is the ability for a remote VPN client to be able to access
resources across the VPN tunnel and also those on the local network.
Ques 18. What is the most widely used standard for digital certificates?
X.509 is the most widely used standard. It originated in the X.500 class
but is not considered part of the class anymore.
Ques 19. What is the main use for asymmetric encryption?
Because of its speed, asymmetric encryption is used for small amounts of
data for short periods of time. Generating a shared secret key for
symmetric encryption is the main use.
Ques 20. What is IP Spoofing?
An attack where a system attempts to illicitly impersonate another system
by using its IP network address is called IP Spoofing. In technical terms,
IP address spoofing refers to the creation of Internet Protocol (IP) packets
with a forged source IP address, called spoofing, with the purpose of
concealing the identity of the sender or impersonating another computing
system.
Ques 21. What is Defense in Depth?
The security approach whereby each system on the network is
secured to the greatest possible degree. This term may be used in
conjunction with firewalls.
Ques 22. What is the Public Key Encryption?
Public key encryption uses public and private key for encryption and
decryption. In this mechanism, public key is used to encrypt messages and
only the corresponding private key can be used to decrypt them. To
encrypt a message, a sender has to know recipient’s public key.
Ques 23. What is Worm?
Worm is a standalone program that, when run, copies itself from one host
to another, and then runs itself on each newly infected host. The widely
reported 'Internet Virus' of 1988 was not a virus at all, but actually a
worm.
Ques 24. Define the term DMZ as it pertains to network security and name
3-4 different common network devices that are typically found there?
DMZ is abbreviation for Demilitarized Zone. DMZ Zone refers to part of
network that is exposed to outside networks. Following devices can be
found in a DMZ Zone -
Email server
DNS servers
Web servers
Proxy Server
Ques 29. Which is the port used in NTP?
NTP uses UDP port 123 to communicate.
Ques 30. Which CLI command is similar to the SDM One-Step Lockdown
wizard?
Autosecure is a CLI command executed in privilege exec mode
Ques 31. What is difference between networks based Firewall and host
based firewall?
Below table enumerates difference between networks based Firewall and
host based firewall -
Ques 32. What is difference between Internet and Intranet?
Below table shares how Internet and Extranet differ in terms of various
parameters -
Ques 33. What is difference between VPN and proxy?
Both Proxy and VPN connect to remote system for communication and
also both forward traffic on behalf of a client.
Below table enlists the dissimilarities between both VPN and Proxy as
below –
Ques 41. From point of view of the corporate network you are securing,
ICMP echos should be permitted in what direction on the untrusted
interface?
Outbound direction.
Ques 42. What software utility stealthily scans and sweeps to identify
services running on systems in a specified range of IP addresses?
NMAP stealthily scan snd sweeps to identify services running on systems
in specified range of ip addresses.
Ques 43. What IOS command shows real-time detailed information about
IKE Phase 1 and IKE Phase 2 negotiations?
Debug crypto isakmp
Ques 44. How do you check the status of the tunnel’s phase 1 & 2?
Use following commands to check the status of tunnel phases:
Phase 1 : show crypto isakmp and State: MM_ACTIVE
Phase 2 : show crypto ipsec sa
Ques 45. What product can be considered to be part of the threat
containment architecture?
Cisco Security Agent is the closest device because it is a host intrusion
prevention system and is built so it can contain a threat, even if
encountered.
Ques 46. What is the difference between encryption and hashing?
1) Encryption is reversible whereas hashing is irreversible. Hashing
can be cracked using rainbow tables and collision attacks but is not
reversible.
2) Encryption ensures confidentiality whereas hashing ensures
Integrity.
Ques 47. What is difference between Site to Site and remote access VPN?
A Site-to-Site VPN allows offices in multiple locations to establish secure
connections with each other over a public network such as the Internet.
Site-to-site VPN is different from remote-access VPN as it eliminates the
need for each computer to run VPN client software as if it were on a
remote-access VPN. Further, below table differentiates between both Site
to Site VPN and Remote Access VPN -
Ques 48. How is traditional firewall different from Next generation
Firewall?
While Standard firewall features had features like packet filtering,
network address translation and VPN, NGFW has been made
“Application Aware” i.e. capable of identifying applications and applying
controls at the application layer.NGFW has also gone step ahead by
improved decision making like using reputation services or identity
services such as Active Directory. Another major driver for the adoption
of NGFW is the benefit of reducing the complexity of managing disparate
security products.
Below table shares the difference between Traditional firewall and Next
generation firewall -
Ques 49. Which are examples of asymmetric encryption algorithms?
Diffie - Hellman (DH) and RSA are two examples of asymmetric
encryption.
Ques 50. Where can SDM be installed?
An SDM can be installed on administrators PC or routers flash memory.