Answers to Chapter Review Questions - Implementing Cisco IOS Network Security (IINS) Foundation Learning Guide, Second Edition (2013)

Implementing Cisco IOS Network Security (IINS) Foundation Learning Guide, Second Edition (2013)

Appendix A. Answers to Chapter Review Questions

Chapter 1

1. a, b, and e

2. a, d, and e

3. a. Preventative = f. Lock

b. Deterrent = e. Video surveillance

c. Detective = d. Motion sensor

4. a. White hat = p. Breaks security for nonmalicious reasons

b. Black hat = k. Unethical hacker

c. Gray hat = m. Ethically questionable hacker

d. Blue hat = i. Bug tester

e. Cracker = o. Synonymous with black hat hacker

f. Phreaker = l. Hacker of telecommunication systems

g. Script kiddy = j. Hacker with little skill

h. Hacktivist = n. Hacker with a political agenda

5. a. Escalate privilege = Step 4

b. Leverage the compromised system = Step 7

c. Perform footprint analysis = Step 1

d. Install back doors = Step 6

e. Enumerate applications and operating systems = Step 2

f. Gather additional passwords and secrets = Step 5

g. Manipulate users to gain access = Step 3

6. d, e, and g

7. a. Confidential = 4

b. Private = 3

c. Public = 1

d. Sensitive = 2

8. d

9. a. Owner = f. Ultimately responsible for the data

b. Custodian = e. Responsible on a day-to-day basis for the classified data

c. User = d. Responsible for using the data

10. b

11. b

12. a. Searching a network host and open ports = j. Port scanning

b. Capturing electrical transmission = g. Emanation capturing

c. Hiding information within a transmission = h. Covert channel

d. Intercepting traffic that passes over a physical network = e. Packet sniffing

13. a. Operations and maintenance = Step 4

b. Initiation = Step 1

c. Disposition = Step 5

d. Acquisition and development = Step 2

e. Implementation = Step 3

14. b

Chapter 2

1. a. Context-aware enforcement = 4

b. Cisco TrustSec = 1

c. Cisco SIO = 2

d. Cisco AnyConnect = 3

2. a

3. b and d

4. c

5. b and e

Chapter 3

1. a

2. c

3. a and d

4. c and e

5. a. Management = f. Packets used to manage the network

b. Data = d. User-generated packets

c. Control = e. Packets used for the creation and operation of the network itself

6. d and f

7. b

8. a. Communities = g. Groups of devices that share common components

b. Templates = e. Parameterized configuration files

c. Profiles = f. GUI views that allow role-based access control over Cisco Configuration Professional menus and options

d. Wizards = h. GUI tools to hide the complexity of commands

9. a

10. c

Chapter 4

1. c

2. a and d

3. d

4. a

5. c

6. d

7. a

8. b

9. c

10. b

Chapter 5

1. d

2. b, c, and d

3. a and c

4. b

5. c

6. a. = Step 3

b. = Step 4

c. = Step 1

d. = Step 2

7. c

8. a

9. b

10. b

Chapter 6

1. c

2. a and c

3. a

4. c

5. e

6. b

7. d

8. a and c

9. d

10. c

Chapter 7

1. c

2. b

3. a and d

4. c

5. c

Chapter 8

1. a

2. b and c

3. d

4. d

5. d

6. a, b, and c

7. c

8. b, c, and d

9. a

10. a, b, and c

Chapter 9

1. a and c

2. c

3. a. Packet-filtering firewalls = 1 Work primarily at the network level of the OSI model

b. Application layer gateways = 4 Were the first application layer firewalls

c. Stateful packet filters = 2 Are the most common firewalls

d. Application inspection firewalls = 3 Monitor sessions to determine the port numbers for secondary channels

4. c and d

5. b

6. a. Static NAT = 3 Translation is one-to-one

b. Dynamic NAT = 2 Translation is many-to-many

c. Dynamic PAT = 4 Translation is many-to-one

d. Policy NAT = 1 Translation depends on both source and destination

7. a. Service control = 4 Allow HTTP, allow HTTPS, deny everything else

b. Direction control = 1 Allow HTTP outbound, but not inbound

c. User control = 2 Allow campus VLANs HTTP access, deny it for wireless VLANs

d. Behavior control = 3 Open negotiated FTP ports after learning them during connection setup

Chapter 10

1. b

2. b

3. d

4. c

5. a and d

6. b

7. b

8. b

9. d

10. b

11. d

12. a

13. c

14. a

15. b

Chapter 11

1. b and d

2. b

3. a and d

4. c

5. a, b, and d

6. a. Signature-based IPS = 3. Can produce false positives because certain normal network activity can be misinterpreted as malicious activity

b. Policy-based IPS = 4. Similar to implementing a restrictive firewall policy

c. Reputation-based IPS = 2. Typically implemented in the form of white lists or black lists

d. Anomaly-based IPS = 1. Normal behavior typically defined based on traffic patterns, traffic and protocol mix, traffic volumes, and other criteria

7. d

8. c

9. b

10. a

11. a and d

12. a

13. a

14. c

15. a

Chapter 12

1. a, d, and e

2. b

3. a, c, and d

4. b

5. c

6. d

7. a and e

8. b

9. d

10. b

11. a and c

12. d

13. d

14. a

15. b

16. c

17. a

18. d

19. c

20. c

21. c

22. d and e

Chapter 13

1. b

2. a, b, and c

3. a, d, and e

4. a. Group 5 = g. 4096

b. Group 2 = h. 163

c. Group 7 = i. 1024

d. Group 1 = j. 1536

e. Group 16 = k. 256

f. Group 19= l. 768

5. b

6. a. ESP = 4. Confidentiality

b. IKE = 3. Negotiation

c. EDCH = 1. Key Exchange

d. EDCSA = 2. Authentication

7. b

8. b

9. b

10. a, e, and f

Chapter 14

1. d

2. c

3. d

4. d

5. b

6. a

7. b

8. c

Chapter 15

1. a and c

2. b

3. c

4. d

5. b

6. c

7. a. Confidentiality = 1, 4, 7

b. Integrity = 3, 5

c. Authentication = 2

d. Key management = 6, 8