Uploaded by Joshua Quek

Tutorial 2-Syslog NTP BasicSec(1)

advertisement
Network Security
Tutorial 2 – Syslog, NTP, SSH and basic security
1. What are the three primary goals of network security? (Choose three.)
a. Confidentiality
b. Redundancy
c. Integrity
d. Availability
2. Which of the following is a weakness in an information system that an attacker might
leverage to gain unauthorized access to the system or data on the system?
a. Trojan Horse
b. Virus
c. Mitigation
d. Vulnerability
3. Which of the following best describes a Smurf attack?
a. It sends ping requests to a subnet, requesting that devices on that subnet send ping
replies to a target system.
b. It sends ping requests in segments of an invalid size.
c. It intercepts the third step in a TCP three-way handshake to hijack a session.
d. It uses Trojan horse applications to create a distributed collection of “zombie”
computers, which can be used to launch a coordinated DDoS attack.
4. Which of the following are best-practice recommendations for securing a network?
(Choose three.)
a. Deploy Adobe flash software on all end-user workstations.
b. Routinely apply patches to operating systems and applications.
c. Disable unneeded services and ports on hosts.
d. Require strong passwords, and enable password expiration.
5. What do you call an attack in which the attacker sends a continuous stream of packets
from different sources toward the same destination?
a. Denial-of-service attack
b. Classification attack
c. Distributed denial-of-service attack
d. Ping of death
6. Why is local database authentication preferred over a password-only login?
a. It specifies a different password for each line or port.
b. It provides for authentication and accountability.
c. It requires a login and password combination on console, vty lines, and aux ports.
Page 1 of 5
Network Security
d. It is more efficient for users who only need to enter a password to gain entry to a
device.
7. Refer to the exhibit. Router R1 is configured as shown. An administrative user attempts
to use Telnet from router R2 to router R1 using the interface IP address 10.10.10.1.
However, Telnet access is denied. Which option corrects this problem?
a.
b.
c.
d.
The R1 10.10.10.1 router interface must be enabled.
The vty lines must be configured with the login authentication default command.
The aaa local authentication attempts max-fail command must be set to 2 or higher.
The administrative user should use the username Admin and password
Str0ngPa55w0rd.
8. What command is used to enable AAA on a router?
a.
b.
c.
d.
aaa enable
aaa authentication new-model
aaa tacacs+
aaa new-model
9. Syslog was configured with a level 3 trap. Which 3 types of logs would be generated
a. Emergencies
b. Alerts
c. Notification
Page 2 of 5
Network Security
d. Warnings
10. What is the default severity level on a device?
a.
b.
c.
d.
Level 0
Level 2
Level 6
Level 7
11. A student purposely logs on to his classmate’s Student Portal account to view the
classmate’s particulars (e.g. NRIC, Contact Number, Address, Email etc), and changes
the password of the account. State TWO security objectives that have been violated in
this incident.
Confidentiality & Availability
12. A hacker gains unauthorised access to a company’s website, changes the index page
and deletes some contents. State TWO security objectives that have been violated in this
incident.
Integrity & Availability
13. Given the following configuration, answer the questions.
R1(config)# ip ssh authentication-retries 4
R1(config)# login block-for 300 attempts 5 within 60
a. What is the purpose of the first command?
Set the authentication retries to 4. User is disconnected from SSH connection
after 4 authentication failures
b. What is the purpose of the second command?
The router is configured to block login connection for 300 seconds if more
than 5 login requests fail within 60 seconds.
Page 3 of 5
Network Security
c. When both commands are configured, does the SSH terminates the connection after
4 or 5 unsuccessful attempts? Why?
The SSH terminates the connection after 4 unsuccessful attempts.
However, the user is still able to SSH to the router to have the last attempt of
the authentication. If the authentication fails again, the connection will be
terminated and user is not able to SSH to the router for 300
For example:
-
Connect to host
Username/password fail
Username/password fail
Username/password fail
Username/password fail
Router terminates connection as per the ip ssh
authentication-retries 4
Connect to host
Username/password fail
Router terminates and block connection as per
the login block-for 300 attempts 5 within 60
14. Given the Diagram below, Configure R1 as the master with stratum 2 and logging to
NTP server at 10.1.1.1. R1 and R2 will exchange secure NTP authentication with md5
key as NYPSIT.
R1: Stratum 2
NTP Server 10.1.1.1
Stratum 1
Page 4 of 5
R2
Network Security
R1# ntp logging
R1# ntp server 10.1.1.1
R1# ntp master 2
R1# authenticate
R1# authentication-key 1 md5 NYPSIT
R1# trusted-key 1
R2# ntp logging
R2# ntp server 10.1.1.1
R2# ntp authenticate
R2# ntp authentication-key 1 md5 NYPSIT
R2# ntp trsuted-key 1
Page 5 of 5
Download