CCIE Security FAQ Operating Systems and Cisco Security Applications

ccie-security-faq-operating-systems-and-cisco-security-applications

CCIE Security FAQ Operating Systems and Cisco Security Applications

Q1. What UNIX command implements a trace route to the remote network www.guitar.com?
a. trace www.guitar.com if DNS is enabled with the IOS command dns server
ip-address.

b. traceroute www.guitar.com

c. trace guitar.com

d. UNIX does not support the traceroute command.

Answer: b

Q2. What UNIX command copies a file?
a. copy
b. cpy
c. cp
d. pc

Answer: c

Q3. A Cisco router network manager wants to copy the configuration in RAM to a UNIX server. What needs to be accomplished before this can occur?
a. Issue copy run tftp.
b. Modify the .rhosts file.
c. Modify the rcmd.allow file.
d. Erase the .rhosts.allow file.
e. Enable TFTP on the UNIX server.

Answer: b

Q4. Which of the following is not a UNIX file flag parameter?
a. Execute
b. Write
c. Read
d. Read/Write
e. Authenticate

Answer: e

Q5. Which of the following is not a UNIX file type?
a. Normal
b. Directories
c. Special
d. Link
e. Medium

Answer: e

Q6. NetBIOS over TCP/IP operates at what layer of the OSI model?
a. 1
b. 2
c. 3
d. 4
e. 5
f. 6
g. 7

Answer: e

Q7. In Windows NT, what is a domain that is trusted by all remote domains called?
a. Local
b. Remote
c. Single
d. Global
e. Master
f. Slave

Answer: e

Q8. In Windows NT, what is a domain that is trusted automatically called?
a. Local
b. Remote
c. Single
d. Global
e. Master
f. Slave

Answer: d

Q9. Which of the following is not an NTFS permission type?
a. R
b. W
c. D
d. P
e. O
f. M

Answer: f

Q10. In Windows NT, when in a DOS command window, what command displays the local IP ARP entries?
a. arp
b. rarp
c. rarp –b
d. arp –n
e. arp –a

Answer: e

Q11. What devices can the Cisco Secure Policy Manager remotely manage? (Select the best three answers.)
a. Routers
b. Switches
c. NMS workstations
d. PIX Firewalls

Answer: a, b, and d

Q12. NetRanger LAN interface supports all but which one of the following?
a. Ethernet
b. Fast Ethernet
c. Token Ring
d. Serial WAN interfaces
e. FDDI

Answer: d

Q13. Which of the following is not a component of the security wheel?
a. Develop
b. Secure
c. Monitor
d. Manage
e. Increase

Answer: e

Q14. Which of the following is false in regards to NetRanger?
a. NetRanger examines the IP header.
b. NetRanger examines the TCP header.
c. NetRanger examines the entire IP frame.
d. NetRanger monitors TCP or UDP port scans.

Answer: c

Q15. How many phases are completed with NetSonar?
a. 1
b. 2
c. 3
d. 4
e. 5
f. 6

Answer: f

Q16. What UNIX command displays the files in the current directory?

Answer: ls

Q17. What UNIX command changes a directory from etc/ to bin/?

Answer:

Q18. What does the following UNIX command accomplish?

Answer: This command makes a copy of the files simon.doc and henry.doc. You must specify the name of the file to be copied and the name of the new file to be created. The -i flag tells the computer to ask before it overwrites any files in this process. The -r flag copies any files in subdirectories if you are copying directories.

Q19. To define a permission for a UNIX file, what command line interface is required?

Answer: chmod flag filename

Q20. The chmod UNIX command can define what levels of access or permissions on a UNIX host?

Answer: The chmod flag is always three numbers. The first number affects the owner permissions, the second number affects the group permissions, and the third number affects all other permissions. Each number can be a number between 0 and 7.

Q21. In a Windows NT environment, what is a domain, primary domain controller, and backup domain controller?

Answer: A domain is typically a large group of devices under a common administration. A domain is managed by a primary domain controller (PDC), which is a Windowsbased server that stores and controls security and user account information for an entire domain. Each domain must have at least one PDC. A backup domain controller (BDC) maintains a copy of the database in the event the PDC is unavailable.

Q22. What functions does the protocol NetBIOS provide in a Window NT environment?

Answer: NetBIOS is a session layer protocol that is used to allow communication between PCs. NetBIOS provides the following functions:

Authentication

Connection management

Error control

File sharing

Flow control

Full-duplex transmissions

Name resolution

Print sharing

Session management

Q23. What is the function of the lmhosts file on a Windows platform device?

Answer: The lmhosts file enables local PCs to maintain a static list of all computers available in the network. The file typically contains the name and protocol addresses of all servers available in the domain. For large networks, the file might become too large and unusable, so a service called Windows Internet Naming Services (WINS) was developed to help network administrators who had to previously modify every Windows PC on the network via the lmhosts files. WINS allows NetBIOS Windowsbased systems running TCP/IP to perform a name lookup for Windows resources, such as remote servers. An excellent white paper on WINS is available at www.lucent.com/livelink/09009403800049fc_White_paper.pdf.

Q24. Name and define the six NTFS permission types.

Answer: The six NTFS permissions are as follows:
R—Read only. The data or object can only be viewed.
W—Write access. The data can be changed.
X—Execute. The data can be executed; for example, a directory can be viewed or program executed.
D—Delete. The data can be deleted.
P—Change permissions. The data access permissions can be altered.
O—Take ownership. The ownership can be altered.

Q25. In Windows NT 4.0, what DOS command displays any local ARP entries?

Answer: arp -a

Q26. Define the terms NetRanger Sensor and Director and their uses?

Answer: NetRanger has two components:
NetRanger Sensor—High speed device that analyzes the content of data being transported across a network and determines whether that traffic is authorized or unauthorized. Unauthorized traffic includes ping requests from intruders. Traffic that is detected from unauthorized sources is sent directly to the NetRanger Director, and the intruder is removed from the network (optional and set by network administrator).NetRanger Director—Provides real-time response to intruders in the network by blocking access to the network and terminating any active data sessions.

Q27. What LAN interfaces can be supported on a NetRanger Sensor?

Answer: NetRanger supports Ethernet (10 or 100 MB), Token Ring, and FDDI LAN interfaces.

Q28. What are the six phases completed by Cisco NetSonar?

Answer: The six phases completed by NetSonar are as follows:
Phase I—NetSonar sends out ICMP echo requests (ping) to query hosts.
Phase II—All live hosts are collected and stored on particular port numbers.

Phase III—NetSonar identifies the hardware devices that might be vulnerable, such as routers, switches, firewalls, printers, desktops, and hosts that responded to ping requests. Operating systems and network services are documented and labeled as potential vulnerabilities.

Phase IV—Vulnerabilities are confirmed. This phase is intrusive.

Phase V—The data is charted for presentation. The data can also be charted graphically as line or 3D bar graphs.

Phase VI—The data is reported in a number of different formats, including a summary report, a short and detailed report, or a full technical report.

Q29. What is the meaning of the term Security Wheel?

Answer: Cisco defines a Security Wheel concept that outlines the critical steps to ensuring that data and networks are secured correctly. The Security Wheel revolves around a strong, well-defined corporate policy. The Security Wheel consists of the following:

Secure—After defining a strong corporate policy, you should secure your network by deploying the products necessary in the appropriate places to achieve your corporate security policy.

Monitor and respond—Continuously monitor using NetRanger tools at strategic points in the network to discover new vulnerabilities.

Test—On a regular and formal basis, test all network components.

Manage and improve—Analyze all the reports and metrics supplied by NetSonar, and cycle through the Security Wheel by going through all these steps continuously.

Q30. A group of users in a Windows NT environment are members of the domain CISCO_CCIE. You are supplied the following details regarding file permissions:

  • PC1 and PC2 are authenticated in domain CISCO.
  • The CISCO domain is trusted by the CISCO_CCIE domain.
  • The directory d:\data has a file named ccielab35.doc and has access for users in the CISCO domain set to read only access.
  • A user named hbenjamin in the CISCO domain owns the Word document ccielab3.doc.

With these details, can PC1 open and read the file named ccielab35.doc?

Answer: The CISCO domain is part of the large domain CISCO_CCIE. Because the directory d:\data is set to read only, users from the CISCO domain are permitted to open the document in read-only mode. User hbenjamin is permitted to open and write to the document because Windows NT sets the privilege for the owner as read/write by default.

Q31. A newly created program file is on a UNIX server in the etc/bin named simon.exe directory. The root user creates the file simon.exe after compiling some UNIX C-based code. The root user password is set to guitar. How can you allow all users who are authenticated and authorized to view the etc/bin directory access to the file named simon.exe?

Answer: If the users know the root password, they can enter the root mode by typing root and then the password guitar. This allows the user access. If the root password is not known, the file permissions can be modified with the command chmod 777 simon.exe, and because users can already view the directory etc/bin, access to the file named simon.exe is now permitted.

More Resources

About the author

Scott

Leave a Comment