Securing Networks Flashcards Preview

Cisco CCNA 200-125 > Securing Networks > Flashcards

Flashcards in Securing Networks Deck (18)
Loading flashcards...
1

What's the difference between standard ACL and Extended ACL

Standard ACL 1-99 only looks at source address for traffic filtering, while Extended ACL looks at both source address and destination address for traffic filtering

2

What's the implicit condition of an ACL

there is an implicit deny any at the bottom of any ACL

3

What protocol is HTTP under

TCP

4

What protocol is HTTP under

TCP

5

What's the max number of ACLs on an interface

one inward max one outward max

6

How is an ACL executed

Lower number to higher number, more specific should be placed at the top

7

Place a range of ports in an unused VLAN

create vlan 999
int range fa 0/1 - 24
switchport access?

8

What is the IEEE standard for a VLAN

IEEE 802.1q

9

What is a native VLAN

A VLAN on a IEEE 802.1q trunk whose frames are not tagged

10

What is a typical VLAN port

Port 1

11

What does AAA stand for

Authentication, Authorization, Accounting

12

What are the three components of 802.1x

Supplicant: asks permission for network access
Authenticator
Authentication Server
1. Authenticator sends challenge
2. Supplicant sends Username/Password
3. Authentication Server sends Authorization

13

What is the difference between TACACS+ vs RADIUS

TACACS+ is a Cisco proprietary protocol, Separates A's into separate tasks, 2 way challenge, encrypts whole packet, uses TCP
RADIUS uses UDP, all A's in one function, one way challenge, only encrypts password

14

What is DHCP Snooping

When we allow a switch port to reject packets if that port is set to an untrusted state

15

What is an ip helper-address for?

If the DHCP server is in a different VLAN compared to where the router or host is, it can set the helper-address to the address of the DHCP server

16

What are the 4 stages of a DHCP exchange

DORA where Discover Offer Request Acknowledgement

17

Configure DHCP snooping

ip dhcp snooping
ip dhcp snooping (vlan)
ip dhcp snooping limit
interface:
ip dhcp snooping trust

18

What's the difference between interface down and line protocol down

interface = layer 1, line protocol = layer 2
Interface down = cable faulty or not connected on one or both ends
Line Protocol down = port must be shut down from other side or connection issue