Network Security Tutorial 2 – Syslog, NTP, SSH and basic security 1. What are the three primary goals of network security? (Choose three.) a. Confidentiality b. Redundancy c. Integrity d. Availability 2. Which of the following is a weakness in an information system that an attacker might leverage to gain unauthorized access to the system or data on the system? a. Trojan Horse b. Virus c. Mitigation d. Vulnerability 3. Which of the following best describes a Smurf attack? a. It sends ping requests to a subnet, requesting that devices on that subnet send ping replies to a target system. b. It sends ping requests in segments of an invalid size. c. It intercepts the third step in a TCP three-way handshake to hijack a session. d. It uses Trojan horse applications to create a distributed collection of “zombie” computers, which can be used to launch a coordinated DDoS attack. 4. Which of the following are best-practice recommendations for securing a network? (Choose three.) a. Deploy Adobe flash software on all end-user workstations. b. Routinely apply patches to operating systems and applications. c. Disable unneeded services and ports on hosts. d. Require strong passwords, and enable password expiration. 5. What do you call an attack in which the attacker sends a continuous stream of packets from different sources toward the same destination? a. Denial-of-service attack b. Classification attack c. Distributed denial-of-service attack d. Ping of death 6. Why is local database authentication preferred over a password-only login? a. It specifies a different password for each line or port. b. It provides for authentication and accountability. c. It requires a login and password combination on console, vty lines, and aux ports. Page 1 of 5 Network Security d. It is more efficient for users who only need to enter a password to gain entry to a device. 7. Refer to the exhibit. Router R1 is configured as shown. An administrative user attempts to use Telnet from router R2 to router R1 using the interface IP address 10.10.10.1. However, Telnet access is denied. Which option corrects this problem? a. b. c. d. The R1 10.10.10.1 router interface must be enabled. The vty lines must be configured with the login authentication default command. The aaa local authentication attempts max-fail command must be set to 2 or higher. The administrative user should use the username Admin and password Str0ngPa55w0rd. 8. What command is used to enable AAA on a router? a. b. c. d. aaa enable aaa authentication new-model aaa tacacs+ aaa new-model 9. Syslog was configured with a level 3 trap. Which 3 types of logs would be generated a. Emergencies b. Alerts c. Notification Page 2 of 5 Network Security d. Warnings 10. What is the default severity level on a device? a. b. c. d. Level 0 Level 2 Level 6 Level 7 11. A student purposely logs on to his classmate’s Student Portal account to view the classmate’s particulars (e.g. NRIC, Contact Number, Address, Email etc), and changes the password of the account. State TWO security objectives that have been violated in this incident. Confidentiality & Availability 12. A hacker gains unauthorised access to a company’s website, changes the index page and deletes some contents. State TWO security objectives that have been violated in this incident. Integrity & Availability 13. Given the following configuration, answer the questions. R1(config)# ip ssh authentication-retries 4 R1(config)# login block-for 300 attempts 5 within 60 a. What is the purpose of the first command? Set the authentication retries to 4. User is disconnected from SSH connection after 4 authentication failures b. What is the purpose of the second command? The router is configured to block login connection for 300 seconds if more than 5 login requests fail within 60 seconds. Page 3 of 5 Network Security c. When both commands are configured, does the SSH terminates the connection after 4 or 5 unsuccessful attempts? Why? The SSH terminates the connection after 4 unsuccessful attempts. However, the user is still able to SSH to the router to have the last attempt of the authentication. If the authentication fails again, the connection will be terminated and user is not able to SSH to the router for 300 For example: - Connect to host Username/password fail Username/password fail Username/password fail Username/password fail Router terminates connection as per the ip ssh authentication-retries 4 Connect to host Username/password fail Router terminates and block connection as per the login block-for 300 attempts 5 within 60 14. Given the Diagram below, Configure R1 as the master with stratum 2 and logging to NTP server at 10.1.1.1. R1 and R2 will exchange secure NTP authentication with md5 key as NYPSIT. R1: Stratum 2 NTP Server 10.1.1.1 Stratum 1 Page 4 of 5 R2 Network Security R1# ntp logging R1# ntp server 10.1.1.1 R1# ntp master 2 R1# authenticate R1# authentication-key 1 md5 NYPSIT R1# trusted-key 1 R2# ntp logging R2# ntp server 10.1.1.1 R2# ntp authenticate R2# ntp authentication-key 1 md5 NYPSIT R2# ntp trsuted-key 1 Page 5 of 5