SEC 450 Entire Course – Advanced Network Security with Lab

SEC 450 Entire Course – Advanced Network Security with Lab

Copy and Pate below link into your Browser to buy tutorial
http://hwpool.com/product/sec-450-entire-course-advanced-network-security-lab/http://hwpool.com/product/sec-450-entire-course-advanced-network-security-lab/

SEC 450 Entire Course – Advanced Network Security with Lab

Devry SEC450 Week 1 Discussion DQ 1 & DQ 2 Latest 2016

DQ 1


Security Policy issues (graded) (graded)
What are the key components of a good security policy? What are some of the most common attacks and how can a network be protected against these attacks?

DQ 2


iLab Experiences (graded)

Discuss your experiences with the Skillsoft Lab 1. What parts of the iLab did you find difficult or unclear? What did you learn about security in completing the assigned iLab?


Devry SEC450 Week 2 Discussion DQ 1 & DQ 2 Latest 2016

DQ 1
Router Security (graded)
Discuss the methods that can be used on standard IOS router that will prevent unauthorized access to the router. Also, discuss how privilege levels and role-based CLI can improve the security on the router.

DQ 2

iLab Experiences (graded)
Read the Week 2 iLab instructions and discuss the expectations you have regarding this lab. Do you think it is important to prevent access to unused ports and services on the routers within your network? How did your actual lab experiences meet your expectations? Are there specific insights or challenges you encountered you would like to share with the class.


Devry SEC450 Week 3 Discussion DQ 1 & DQ 2 Latest 2016

DQ 1
Layer 2 (Switch) Security (graded)
Discuss the attacks that can occur on a layer 2 switch and how the network can be impacted by these attacks. Also, discuss the methods that can be used to mitigate the effects of these attacks on the network.


DQ 2

iLab Experiences (graded)

Read the Week 3 iLab instructions and discuss the expectations you have regarding this lab. Do you think it is important to prevent access to unused ports and services on the routers within your network? How did your actual lab experiences meet your expectations? Are there specific insights or challenges you encountered that you would like to share with the class?
What did you learn about security ACLs in completing this lab?



Devry SEC450 Week 4 Discussion DQ 1 & DQ 2 Latest 2016

DQ 1
Security ACLs and Firewall (graded)
Discuss the security ACLs, we covered this week in the text reading and the lecture. Describe different scenarios where a specific type of ACL can enhance network security. Compare CBAC firewalls versus zone-based firewalls. What are the advantages and disadvantages of each?

DQ 2

iLab Experiences and WLAN Security (graded)

Read the Week 4 iLab instructions and discuss the expectations you have regarding this lab. Do you think the wireless LAN is secure on your network? What wireless security measures can you take to secure the WLAN? How did your actual lab experiences meet your expectations? Are there specific insights or challenges you encountered that you would like to share with the class?
What did you learn about wireless access points and roaming in completing this lab?


Devry SEC450 Week 5 Discussion DQ 1 & DQ 2 Latest 2016

DQ 1

AAA Servers (graded)

Compare the relative merits of TACACS+ and RADIUS AAA servers. What advantages and disadvantages does each type of AAA server have?


DQ 2

iLab Experiences and Analyzing Bandwidth Needs (graded)
·          
·          
·         Read the Week 5 iLab instructions and discuss the expectations you have regarding this lab. Do you think the overhead involved in securing communication links can affect the bandwidth requirements of a network? How did your actual lab experiences meet your expectations? Are there specific insights or challenges you encountered that you would like to share with the class?
·         What did you learn about analyzing bandwidth requirements for serial links in completing this lab?



Devry SEC450 Week 6 Discussion DQ 1 & DQ 2 Latest 2016

DQ 1

Virtual Private Networks (graded)

Discuss what you learned about the configuration and operation of virtual private networks.


DQ 2


iLab Experiences (graded)

Read the Week 6 iLab instructions and discuss the expectations you have regarding this lab. Periodic security audits are necessary to ensure continued protection of a company network. Why is it important to use and run a scheduled security audit on your network? How did your actual lab experiences meet your expectations? Are there specific insights or challenges you encountered that you would like to share with the class? What did you learn about security audits in completing this lab?


Devry SEC450 Week 7 Discussion DQ 1 & DQ 2 Latest 2016

DQ 1

Intrusion Detection/Prevention Systems (IDS/IPS) (graded)

Intrusion detection systems can be implemented on IOS firewall routers and security appliances. They can also be dedicated in in-line hardware devices. Why is intrusion detection important in networks with connections to the Internet, and what are the functions of IDS? What are the differences between intrusion detection systems (IDS) and intrusion prevention systems (IPS)?

DQ 2

iLab Experiences (graded)

Read the Week 7 iLab instructions and discuss the expectations you have regarding this lab. Periodic security audits are necessary to ensure continued protection of a company network. Why is it important to use and run a scheduled security audit on your network? How did your actual lab experiences meet your expectations? Are there specific insights or challenges you encountered that you would like to share with the class?
What did you learn about security audits in completing this lab?

i labs

iLab 2 of 7: Security Demands

Note!
Submit your assignment to the Dropbox, located at the top of this page.
(See the Syllabus section “Due Dates for Assignments & Exams” for due dates.)

iLAB OVERVIEW
Scenario and Summary
In this lab, the students will examine the following objectives.
·         Create ACL to meet the requirements of the security demands.
·         Modify existing ACL to meet additional security requirements.
Deliverables
Students will complete all tasks specified in the iLab Instructions document. As the iLab tasks are completed, students will enter CLI commands, and answer questions in the iLab Report document. This iLab Report document will be submitted to the iLab Dropbox for Week 2.
Supporting Documentation
·         SEC450 ACL Tutorial
·         Textbook (Chapter 3)
·         Webliography links on Access Control List
Required Software
·         Access the software at Skillsoft
iLAB STEPS
STEP 1: Access Skillsoft iLab
Access Skillsoft Labs at the provided iLab link, and select Catalog. Click to Launch the course and then select Lab2. Then, download the PDF instructions. Ensure that you open and read the iLab instructions before you begin the lab.
PLEASE NOTE: Lab instr
STEP 2: Perform iLab 2
Download and open SEC450_W2_Security_Demands_Lab2_Report.docx. Follow the instructions to perform all procedures in this week lab. Instructions in red indicate tasks that you need to answer and include in the lab report.
STEP 3: Complete Your Lab Report
When you are satisfied with your documentation, submit your completed report to the Dropbox.
Submit your lab to the Dropbox, located at the top of this page. For instructions on how to use the Dropbox, read these step-by-step instructionsor watch thisDropbox Tutorial.
See the Syllabus section “Due Dates for Assignments & Exams” for due date information.

Student

Security Demands Lab
SEC450 Week 2 iLab2 Report
Copy below each of the tasks that appears inred in the pdf lab Instructions from Skillsoft. Then, write the answer following each of the tasks. Submit this document to the iLab Dropbox in Week 2.



week 3



Lab 3 of 7: Database Security Demands
Note!
Submit your assignment to the Dropbox, located at the top of this page.
(See the Syllabus section “Due Dates for Assignments & Exams” for due dates.)
iLAB OVERVIEW

SEC450 ACL Tutorial

This document highlights the most important concepts on Access Control List (ACL) that you need to learn in order to configure ACL in CLI. This tutorial does not intend by any mean to cover all ACL applications, but only those scenarios used in the SEC450 iLabs.
Introduction to Access Control List
·         A host-based firewall essentially works closing and/or opening ports in a computer. The engine behind firewalls is built with Access Control Lists (ACL).

·         Network-based firewalls are implemented in device-specific appliances and routers. Basically, firewalls in routers filter packets through interfaces to permit or deny them.

·         Ports are layer-4 address specified in TCP/IP protocol suit that identify networking processes running in clients and servers.

·         ACLs are configured using shell-specific commands. In Cisco IOS, CLI commands access-list and access-group are used to create and apply ACL on an interface.

·         ACL can be named by number ID or a name. Naming ACL is useful to identify ACL’s purpose.

·         ACL are classified in Standard ACL and Extended ACL.

·         Standard ACL’s number IDs are assigned from 1 to 99. Extended ACL’s number IDs are from 100 to 199.

·         Standard ACL only uses source IP address in an IP packet to filter through an interface. Hence, standard ACL denies or permits all packets (IP) with the same source IP regardless upper protocols, destination IP address, etc. Example 1: Router(config)#access-list 8 deny host 172.12.3.5

·         Extended ACL does filtering packets based on protocol, source IP address, source port number, destination IP address, and destination port number. Example 2: Router(config)#access-list 102 deny tcp host 10.0.3.2 host 172.129.4.1. Deny tcp packets with source IP address 10.0.3.2 and destination IP address 172.129.4.1.

·         Since, Standard ACLs only have source IP address; the rule is to apply them in an interface as closer as possible to the destination IP address.

·         For the contrary, the rule for Extended ACLs is to apply them in an interface as closer as possible to the source IP address.

·         Use Extended ACL in all iLabs as they are more granular on packet filtering.
Create Extended ACL in global configuration
·         You can use access-list command options lt, gt, eq, neq, and range (less than, greater than, equal, not equal, range of ports) to do operation with port numbers.
Example 3: access-list 102 deny tcp any host 11.23.45.7 gt 20 denies all packets with any source IP address to destination IP address 11.23.45.7 and destination tcp port greater than 20.
Example 4: access-list 107 permit udp any any permits all packets with udp protocol with any source IP address to any destination IP address.

·         Extended ACL can do packet filtering based on source port number and destination port number.
·         Extended ACL Syntax can be as follows.
access-list <#,name> <protocol> host <source_ip> <port_qualifier> <source_port_number> host <dest_ip> <port_qualifier> <dest_port_number>
where:
<#,name> is a number between 100 to 199 or a one-word name
<protocol> is any protocol in the TCP/IP suite
<source_ip> and <dest_ip> are the source and destination IP addresses
<port_qualifier> is optional, and can be eq, gt, lt, neq, and range
<source_port_number> and <dest_port_number> follow <port_qualifier> to specify the port number(s). <port_qualifier> and <port_number> can be replaced by the application protocol. Example, http instead of eq 80.

·         Creation of ACL follows the three Ps rule. One ACL per protocol, per interface, per traffic direction. Per protocol means ones protocol such as IP, TCP, IPX, UDP, or ICMP can be specified. Per interface means the ACL is applied to an interface to make it active. Per direction means the ACL needs to specify which direction at the interface, packet in or out, filtering applies.

·         Steps for configuring a new ACL are: First, create the ACL in CLI global configuration using access-list command(s). Then, apply the ACL using access-group command in CLI interface configuration. The ACL is activated unless it is applied to an interface.

·         An ACL consists of one or more access-list commands. Routers process the ACL commands in order; top first to bottom last likewise a scripting or computer program. That is why the order of access-list commands makes a difference.

·         The effectiveness of an access-list command depends upon previous access-list commands. Therefore, always write the commands following the order; more-specific-traffic commands first and, then more-generic-traffic commands last. Example 5: It makes sense to write an ACL as
Router(config)#access-list 101 deny tcp host 10.0.3.2 any
Router(config)#access-list 101 permit tcp any any
But never follows the order below, because the second command is more specific, and therefore, “deny” is worthless because the first command already lets packets passing through.
Router(config)#access-list 101 permit tcp any any
Router(config)#access-list 101 deny tcp host 10.0.3.2 any

·         All ACL have a hidden access-list command at the end that denies all packets (i.e., deny ip any any). Hence, packets that are not specifically permitted in a command will always be denied by the ACL.
Example 6: Use command Router(config)#access-list 105 permit ip any any at the end of ACL if it requires to permit all other traffic after denying packets with Router(config)#access-list 105 deny icmp any host 192.168.10.244

·         Wildcard option is used in access-list commands filtering packets from a subnet of source and/or destination IP addresses instead of single hosts. IP addresses in each of those subnets must be continuous. Filtering on port numbers is also applicable, but it have been omitted for the sake of simplicity. Here is the syntax.
access-list <#,name> <protocol> <source_ip> <source_wildcard> < <dest_ip> <dest_wildcard>
where:
<#,name> is a number between 100 to 199 or a one-word name
<protocol> is any protocol in the TCP/IP suite
<source_ip> and <dest_ip> are the source and destination IP addresses
<source_wildcard> and <dest_wildcard> specify the subnet ranges of source and destination IP addresses

·         Wildcard in ACL has the same meaning as in routing protocols such as EIGRP and OSPF. Wildcard bit 0 means the bit in the IP address must be the same as the corresponding bit in the subnet IP addresses. Wildcard bit 1 means the bit in the IP address can be any value (0 or 1).
Example 7: access-list 105 deny udp 172.16.7.3 0.0.0.3 any means to deny all packets with udp protocol with source IP addresses from 172.16.7.0 to 172.16.7.3 to any destination IP address. Note that .3 is in binary .00000011 and .000000xx for wildcard, where x means any (0 or 1).
Example 8: access-list 109 permit tcp host 192.168.6.3 eq 80 10.0.0.0 0.0.0.255 means to permit all tcp packets from source IP address 192.168.6.3 and source port tcp 80 (e.g., http server) to destination IP addresses in range 10.0.0.0 to 10.0.0.255. The fact that 10.0.0.0 would not qualify for host IP in classful networks is irrelevant to the ACL.

·         Using wildcard with all 0s is the same as using the option host in access-list commands. Example 9: access-list 110 permit ip host 10.23.4.3 host 10.30.2.1 and access-list 110 permit ip 10.23.4.3 0.0.0.0 10.30.2.1 0.0.0.0 are equivalent commands. Both permit filtering packets with source IP address 10.23.4.3 and destination IP address 10.30.2.1.

·         Only use wildcard in access-list commands when the ACL requires filtering packets on subnet of IP addresses; either at source, destination, or both.
Applying ACL to an Interface to activation
·         Example 10: Assume you need to create an ACL in router that permits filtering any traffic excepting udp packets with source IP address 10.23.4.3 and destination IP address 10.30.2.1 as shown in the network diagram below.
·         First, you need to create an extended ACL in CLI global configuration.
Router#config t
Router(config)#access-list 103 deny udp host 10.23.4.3 host 10.30.2.1
Router(config)#access-list 103 permit ip any any

·         Second, you need to apply ACL 103 in an interface closer to the source (e.g., extended ACL rule of thumb). The closer interface is S0/1 in Router for traffic coming from IP 10.23.4.3. Thus, you go to interface configuration in CLI to activate the ACL.
Router(config)#interface s0/1
Router(config-if)#ip access-group 103 in

·         If you need to make any correction after creating an ACL, then erase first the ACL from global and interface configurations. To erase ACL 103 from the previous example execute the following commands.
Router(config)#interface s0/1
Router(config-if)#no ip access-group 103
Router(config)#no ip access-list 103

Now, you can start over creating ACL 103. If you do not erase the ACL, then new access-list commands will be compounding in the configuration file producing unexpected behavior. Use command show run to verify the ACL is erased and created again correctly.
Verify ACL Configuration
·         Example 11: Let’s say you have been asked to create an ACL in a router R to deny TCP traffic coming through interface Serial 0/2 from source IP address 10.16.2.1 to destination IP address172.16.5.3 with destination port number greater than 200. Also, the ACL should permit filtering any other traffic.

·         There are two configuration tasks you need to do in CLI. First, create the ACL. Second, apply the ACL to interface Serial 0/2.

·         So, in CLI,
R> enable
R# config t
R(config)# access-list 101 deny tcp host 10.16.2.1 host 172.16.5.3 gt 200
R(config)# access-list 101 permit ip any any this command is needed to permit any other traffic after denying the selecting packets from the first command.
R(config)# interface serial0/2
R(config-if)# ip access-group 101 in this command is to apply the ACL to serial0/2 for traffic coming in.
R(config-if)# exit
R# show run this is to verify the ACL configuration is correct in running-config.file



R#show running-config
version 12.3
!
hostname R
!
interface FastEthernet0/0
ip address 192.168.200.1 255.255.255.0
!
interface FastEthernet0/1
ip address 192.168.20.1 255.255.255.0
shutdown
!
interface Serial0/0
ip address 200.100.20.2 255.255.255.0
!
interface Serial0/1
ip address 192.168.30.2 255.255.255.0
shutdown
!
interface Serial0/2
ip address 192.168.40.1 255.255.255.0
ip access-group 101 in
!

router rip
network 192.168.200.0
network 200.100.20.0
!
ip default-network 200.100.20.0
ip route 0.0.0.0 0.0.0.0 serial0/0
!
!
access-list 101 permit tcp host 10.16.2.1 host 172.16.5.3 gt 200
access-list 101 permit ip any any
!
!
line con 0
line aux 0
line vty 0 4
password cisco
line vty 5 15
password cisco
!
end

·         If the ACL is not correct, then delete it with the command below and start over again
R# config t
R(config)# no access-list 101
R(config)# interface serial0/2
R(config-if)#no ip access-group 10


week 4


AAA Server Authentication Lab
SEC450 Week 4 iLab4 Report
Copy below each of the tasks that appears inred in the pdf lab instructions from Skillsoft. Then, write the answer following each of the tasks. Submit this documment to the iLab Dropbox in Week 4.



iLab 5 of 7: VPN – Virtual Private Networks
Note!
Submit your assignment to the Dropbox, located at the top of this page.
(See the Syllabus section “Due Dates for Assignments & Exams” for due dates.)

Student Name: Date:
IPSec Site-to-Site VPN Lab
SEC450 Week 5 iLab5 Report
Copy below each of the tasks that appears inred in the pdf lab Instructions from Skillsoft. Then, write the answer following each of the tasks. Submit this documment to the iLab Dropbox in Week 5.


week 6
iLab 6 of 7: IDS/IPS – Intrusion Detection/Prevention Systems
Note!
Submit your assignment to the Dropbox, located at the top of this page.
(See the Syllabus section “Due Dates for Assignments & Exams” for due dates.)

Student Name: Date:
Intrusion Detention System (IDS/IPS) Lab
SEC450 Week 6 iLab6 Report
Copy below each of the tasks that appears inred in the pdf Lab Instructions from Skillsoft. Then, write the answer following each of the tasks. Submit this documment to the iLab DropBox in Week 6.


week 7


iLab 7 of 7: Network Vulnerability Case Study
Note!
Submit your assignment to the Dropbox, located at the top of this page.
(See the Syllabus section “Due Dates for Assignments & Exams” for due dates.)

Student Name _________________________________ Date _____________

SEC450 Network Vulnerability Case Study—iLab7
Objectives
In this lab, students will examine the following objectives.
·         Differentiate the use of IDS and IPS to detect network attacks.
·         Design a network with IDS/IPS.
·         Justify the use of IDS/IPS for a given network solution.
Scenario
A small company is using the topology shown below to secure its intranet while providing a less-secured environment to its eCommerce DMZ server. The company is concerned that firewalls are not enough to detect and prevent network attacks. Hence, deployment of sensors to intrusion detection systems (IDS) and/or intrusion prevention systems (IPS) are needed in the network. Your job is to provide recommendations, including a network design with IDS/IPS, that meet the company’s requirements.
Initial Topology
Company’s Requirements
1.     Detect any malicious traffic entering the e-commerce server without performance penalty to traffic getting in the server from revenue-generating customers.
2.     Stop any malicious traffic entering the human resources LAN (HR LAN).
3.     Detect any malicious traffic entering the computer terminal in the marketing LAN (MKT LAN).
4.     Stop any traffic entering the File Server in MKT LAN.
5.     Deploy a centralized database and analysis console in the intranet to managing and monitoring both IDS and IPS sensors.
Note: RED text indicates the required questions to answer
Task 1—Layout the New Network Design
Click on the Initial Network Topology link on the iLab page in Week 7, and save in your computer the MS Powerpoint fileInitial_Network_Topology_iLab7.ppt. This file contains a diagram for the initial network topology and pictures of all components needed to create the new network design.
Review the documentation provided in the references at the end of these instructions to get more familiar with the implementation of IDS and IPS in network design. You need to find a network solution that meets the company’s requirements.
#1. Paste below your new network design diagram.
Task 2—IDS/IPS Recommendations
#2. Write an engineering specification document of at least 250 words (e.g., 1 page of full text, double space, and size 12) describing why your network’s design meets each of the company’s requirements. Justify how each recommendation addresses the company’s needs.

Task 3—Conclusions

#3. Describe in two paragraphs your learning experience in this lab.
References:
1.SANS Institute. “Network IDS & IPS Deployment Strategies“—Webliography
2.Paquet, C. (2012). Implementing Cisco IOS network security (IINS) foundation learning guide (2nd ed.). Indianapolis, IN: Cisco Press.
3.NIST. “Guide to Intrusion Detection and Prevention Systems (IDPS)”—Webliography


quizes

week 2
1.(TCO 2) Which of the following prompts indicates that you have booted into the IOS stored in Bootstrap ROM (possibly due to a Ctrl-Break entered during power-up)? (Points : 3)
Router>
> or ROMMON>
(Boot)>
ROM>

Question 2.2.(TCO 2) Which is the command sequence used to configure a console terminal password on a Cisco router? Note: <CR> represents a carriage return or Enter key. (Points : 3)
line con 0 <CR>
password {password} <CR>
line con 0 <CR> password {password] <CR> login <CR>
line con 0 <CR> login {password} <CR>
line {password} con 0 <CR>

Question 3.3.(TCO 2) To enter privileged EXEC mode, you can type the command _____ at the user EXEC prompt. (Points : 3)
enter
enable
activate
open

Question 4.4.(TCO 2) Which of the following IOS commands will set the minimum length for all router passwords to eight characters? (Points : 3)
(config)# service passwords min-length 8
(config)# passwords min-length 8
(config)# security passwords min-length 8
(config)# passwords security min-length 8

Question 5.5.(TCO 2) Which of the following commands will prevent password recovery using ROM monitor mode? (Points : 3)
(config)# no rom monitor
(config)# no password-recovery
(config)# no service password-recovery
(config)# no password-recovery service

Question 6.6.(TCO 2) To configure role-based CLI on a Cisco router, the first command to enter in privileged mode is _____. (Points : 3)
parser view
view enable
enable view
config view

Question 7.7.(TCO 2) Which of the following commands is required before you can begin configuring SSH configuration on a Cisco router? (Points : 3)
Crypto key generate rsa
IP domain-name
Crypto key zeroize
Transport input ssh

Question 8.8.(TCO 2) Which of the following cannot be used to enhance access security on a router? (Points : 3)
MD5 encrypted enable passwords
SHA encrypted usernames
Privilege levels
MD5 encrypted username

week 4

Question 1. 1.(TCO 4) Which type of access list entry is dynamic and becomes active only when a Telnet session is authenticated? It can be used for inbound or outbound traffic. (Points : 3)
Established
Lock and key
Reflexive
CBAC

Question 2. 2.(TCO 4) What function CBAC does on a Cisco IOS firewall? (Points : 3)
Creates specific security policies for each user.
Provides secure, per-application access control across network perimeters.
Provides additional visibility at intranet, extranet, and Internet perimeters.
Protects the network from internal attacks and threats.

Question 3. 3.(TCO 4) Given the configuration shown below, the idle timeout for TCP and UDP sessions is _____.
ip inspect audit-trail
ip inspect name FWRULE tcp timeout 180
ip inspect name FWRULE udp timeout 180
!
interface FastEthernet0/0
ip access-group 100 in
ip inspect FWRULE in
!
interface FastEthernet0/1
ip access-group 101 in
!
logging on
logging 192.168.100.100
!
access-list 100 permit ip any any
!
access-list 101 deny ip any any log (Points : 3)
180 minutes
180 seconds
180 days
180 milliseconds
Question 4. 4.(TCO 4) Given the configuration shown below, the host at IP address 192.168.100.100 is a _____.
ip inspect audit-trail
ip inspect name FWRULE tcp timeout 180
ip inspect name FWRULE udp timeout 180
!
interface FastEthernet0/0
ip access-group 100 in
ip inspect FWRULE in
!
interface FastEthernet0/1
ip access-group 101 in
!
logging on
logging 192.168.100.100
!
access-list 100 permit ip any any
!
access-list 101 deny ip any any log (Points : 3)
TACACS+ server
syslog server
Radius server
TACACS server


Question 5. 5.(TCO 4) Which of the following is not a policy action that can be specified for zone-based firewall traffic? (Points : 3)
Pass
Drop
Hold
Inspect


Question 6. 6.(TCO 4) With zone-based firewalls, which of the following is used to define interfaces on routers that have the same security level? (Points : 3)
Zones
Class maps
Policy maps
Zone pairs


Question 7. 7.(TCO 4) What is the range of ACL numbers for a standard access list?(Points : 3)
100–199 and 1700–1999
1–99 and 1300–1999
0–99
100–199


Question 8. 8.(TCO 4) In CLI, the zone-pair command is used to associate together which of the following?(Points : 3)
Zones and service-policy
Class maps and interface
Policy maps and interface
Class-type and interface


week 6


Question 1.1. (TCO 6) When you are configuring a Cisco IOS firewall router for IPSec using RSA signatures, you need to generate a local RSA key. Before you generate the RSA key, you must _____. (Points : 3)
generate general purpose keys
configure a domain name for the router
contact a third-party certificate authority (CA)
enable the key management protocol in global configuration mode


Question 2.2. (TCO 6) IPSec VPNs use ACLs to specify VPN tunnel traffic. Any traffic not permitted in the ACL will be _____. (Points : 3)
dropped before it exits the VPN outbound interface
passed through the VPN outbound interface with no IPSec protection
encrypted and sent out through the VPN outbound interface because the ACL specifies traffic to be restricted
sent back to the sender with a message indicating invalid IPSec format


Question 3.3. (TCO 6) The Cisco IOS firewall crypto isakmp policy mode command that will set the isakmp security association lifetime is _____. (Points : 3)
lifetime {days}
lifetime {seconds}
set lifetime {days}
set lifetime {seconds}


Question 4.4. (TCO 6) _____ encryption algorithms use one key to encrypt the data and another key to decrypt the data between the sender and recipient. (Points : 3)
Symmetric
Asymmetric
Balanced
Bidirectional


Question 5.5. (TCO 6) The _____ encryption algorithm uses a key size of 168 bits. (Points : 3)
DES
3DES
AES
WEP


Question 6.6. (TCO 6) Which of the following encryption algorithms is considered the most secure? (Points : 3)
DES
3DES
AES
WEP


Question 7.7. (TCO 6) Which of the following commands will delete all of the IOS firewall router’s RSA keys? (Points : 3)
crypto key remove rsa
crypto key delete rsa
crypto key zeroize rsa
crypto key remove rsa all


Question 8.8. (TCO 6) What is the size of the keys in an DES algorithm? (Points : 3)
32 bits
96 bits
112 bits
56 bits


week 7


Question 1.1. (TCO 7) The type of IDS signature that triggers on a multiple packet stream is called _____. (Points : 3)
atomic
dynamic
cyclical
compound or composite


Question 2.2. (TCO 7) Which device responds immediately and does not allow malicious traffic to pass? (Points : 3)
Intrusion detections system (IDS)
Intrusion prevention system (IPS)
All of the above
Neither of the above


Question 3.3. (TCO 7) An IPS sensor that receives a copy of data for analysis while the original data continues toward the destination is running in _____ mode. (Points : 3)
passive
active
promiscuous
inline


Question 4.4. (TCO 7) Most IOS commands used to configure an intrusion prevention system (IPS) begin with the prefix _____. (Points : 3)
ids ips
ips ip
ip ips
ios ips


Question 5.5. (TCO 7) Which is an IDS or IPS signature? (Points : 3)
A message digest encrypted with the sender’s private key
A set of rules used to detect typical intrusive activity
A binary pattern specific to a virus
An appliance that provides anti-intrusion services


Question 6.6. (TCO 7) Which of the following ip actions will drop the packet and all future packets from this TCP flow? (Points : 3)
Deny attacker inline
Deny connection inline
Deny ip host inline
Deny packet inline


Question 7.7. (TCO 7) Which of the following are signature types that IOS firewall IDS can detect as requiring the storage of state information? (Points : 3)
Atomic
Dynamic
Cyclical
Compound (composite)


Question 8.8. (TCO 7) Why is a network using IDS only more vulnerable to atomic attacks? (Points : 3)
IDS must track three-way handshakes of established TCP connections.
IDS cannot track UDP sessions.
IDS permits malicious single packets into a network.
IDS is not stateful and therefore cannot track multiple-packet attack streams.




SEC 450 Final Answers



Question 1. 1. (TCO 1) The component of network security that ensures that authorized users have access to data and network resources is _____. (Points : 6)
data integrity
data confidentiality
data and system availability
data and user authentication


Question 2. 2. (TCO 1) The type of security control that makes use of firewalls is called _____. (Points : 6)
administrative
physical
technical
clerical


Question 3. 3. (TCO 2) To configure a role-based CLI on a Cisco router, the first command to enter in privileged mode is _____. (Points : 6)
parser view
view enable
enable view
config view
super view


Question 4. 4. (TCO 2) The show running-config output can be modified using all of the following pipes except for _____. (Points : 6)
| begin
| end
| include
| exclude


Question 5. 5. (TCO 3) Which of the following is the default number of MAC addresses allowed when you execute the switchport port-security command on a switch port? (Points : 6)
Zero
One
Two
Three


Question 6. 6. (TCO 3) Which switch feature causes a port to skip the listening and learning states, causing the port to enter the forwarding state very quickly? (Points : 6)
fastport
portfast
enablefast
portforward


Question 7. 7. (TCO 4) With zone-based firewalls, which of the following is used to specify actions to be taken when traffic matches a criterion? (Points : 6)
Zones
Class maps
Policy maps
Zone pairs


Question 8. 8. (TCO 4) Which type of access list uses rules placed on the interface where allowed traffic initiates and permits return traffic for TCP, UDP, SMTP, and other protocols? (Points : 6)

Established
Lock and key
Reflexive
CBAC


Question 9. 9. (TCO 5) Which AAA server protocol offers support for ARAP and NETBEUI protocols as well as IP? (Points : 6)
CSACS
RADIUS
OpenACS
TACACS+


Question 10. 10. (TCO 5) Which of the following is not considered a component of AAA? (Points : 6)
Authentication
Authorization
Accounting
Administration


Question 11. 11. (TCO 6) The Cisco IOS command that will display all current IKE security associations (SAs) is _____. (Points : 6)
show crypto ipsec
show crypto isakmp
show crypto ipsec sa
show crypto isakmp sa
show crypto ike sa


Question 12. 12. (TCO 6) The Cisco IOS firewall crypto isakmp policy mode command that will set the isakmp security association lifetime is _____. (Points : 6)
lifetime {days}
lifetime {seconds}
set lifetime {days}
set lifetime {seconds}


Question 13. 13. (TCO 7) Cisco routers implementing IPS can save IPS events in a Syslog server by executing which of the following commands? (Points : 6)
ip ips log {IP Address}
ip ips notify syslog
ip ips notify log
ip ips notify sdee


Question 14. 14. (TCO 7) Which of the following is not an action that can be performed by the IOS firewall IDS router when a packet or packet stream matches a signature? (Points : 6)
Drop the packet immediately.
Send an alarm to the Cisco IOS designated Syslog server.
Set the packet reset flag and forward the packet through.
Block all future data from the source of the attack for a specified time.


Question 15. 15. (TCO 1) Explain how to mitigate a Smurf attack. (Points : 24)


Question 16. 16. (TCO 2) Type the global configuration mode and line configuration mode commands that are required to secure the VTY lines 0 through 15 to use the local username admin with the encrypted password adminpass for remote Telnet or SSH log-ins to the Cisco router. (Points : 24)


Question 17. 17. (TCO 3) What are at least two best practices that should be implemented for unused ports on a Layer 2 switch for switch security? (Points : 24)


Question 18. 18. (TCO 4) Given the commands shown below and assuming F0/0 is the inside interface of the network, explain what this ACL does.
access-list 100 permit tcp any any eq 80 time-range MWF
time-range MWF
periodic Monday Wednesday Friday 8:00 to 17:00
time-range
absolute start 00:00 30 Sept 2014 end 01:00 30 Sept 2014
int f0/0
ip access-group 100 in Correct Answer: (Points : 24)


Question 19. 19. (TCO 5) Type two global configuration mode commands that enable AAA authentication and configure a default log-in method list. Use a TACACS+ server first, then a local username and password, and finally the enable password. (Points : 24)


Question 20. 20. (TCO 6) Discuss the data encryption algorithms DES and 3DES. Discuss the key lengths, and rank the algorithms in order of best security. (Points : 24)


Question 21. 21. (TCO 7) Explain the two benefits of Cisco IPS version 5.x signature format over the Cisco IPS version 4.x signature format. (Points : 22)



Comments

Post a Comment

Popular posts from this blog

WRTG 391 Writing Assignment 2

WRTG 391 Writing Assignment 2 Copy and Pate below link into your Browser to buy tutorial http://hwpool.com/product/wrtg-391-writing-assignment-2/ WRTG 391 Writing Assignment 2 The Critical Annotated Bibliography Writing Assignment #2 will be a   critical annotated bibliography of 12 sources . In this assignment you will write   a list of at least 12 references in alphabetical order in APA format .  In addition, each reference will be followed by   a short analytical summary  of 150-200 words . At the end of the short summary, you will   include a sentence or two that critically analyzes the source and that mentions distinctive features about the article and why it may or may not be useful for you in writing a literature review. Please click   here   for a video that briefly describes and outlines this writing assignment. You may select a topic of your choice.  However, when selecting a topic, keep in mind that it sho...
Read more

BUS 224 Unit 3 Case assignment: Change in leadership (Google)

BUS 224 Unit 3 Case assignment: Change in leadership (Google) Copy and Pate below link into your Browser to buy tutorial http://hwpool.com/product/bus-224-unit-3-case-assignment-change-leadership-google/ BUS 224 Unit 3 Case assignment: Change in leadership (Google) Unit 3 Case Assignment: Change Leadership Case Instructions Using the same organization/industry that you used for the Unit 2 Case Assignment, prepare your report based on the following information: •Using a business perspective, define and give the characteristics of organizational leadership. •Describe the importance of strong leadership in change management. •Using the same company or organization as you did in the Unit 2 Case assignment, analyze the leadership in this organization. ◦ Who are the leader(s)? ◦ What are their strengths? ◦ What are their weaknesses? •Identify the organization’s vision. (If you cannot find this information through research, state what you think the vision might be...
Read more

STR 581 Full Course Strategic Planning & Implementation

STR 581 Full Course Strategic Planning & Implementation Copy and Pate below link into your Browser to buy tutorial http://hwpool.com/product/str-581-full-course-strategic-planning-implementation/ STR 581 Full Course Strategic Planning & Implementation Week 1 Ethics Reflection Paper Take  the Ethics Awareness Inventory and Ethical Choices in the Workplace assessments to assess your values. Write  a paper of no more than 700 words in which you do the following: ·          Explain the role of ethics and social responsibility in developing a strategic plan, considering stakeholder needs. ·          Explain how your ethical perspective has evolved throughout the program. Format  your paper consistent with APA guidelines. Click  the Assignment Files tab to submit your assignment. Knowledge Check 1.      For the past 28 years, AB...
Read more