CCNA Security

Card Set Information

CCNA Security
2013-12-18 13:48:48
CCNA Security
CCNA Security exam prep
Show Answers:

  1. 802.1d
  2. 802.1q
    Vlan trunking
  3. 802.1w
    RSTP (Rapid spanning tree protocol)
  4. 3DES
    Triple DES, a 168-bit (3 x 56-bit encryption process). DES, or Data Encryption Standard, is a symmetric key encryption algorithm using a block-cipher method.
  5. AAA
    Authentication, authorization, and accounting.
  6. AAA server
    The server/host responsible for running RADIUS or TACACS services.
  7. ACS
    Access Control Server, the RADIUS and TACACS system sold by Cisco.
  8. AES
    Advanced Encryption Standard, is a symmetric key encryption algorithm using a block-cipher method developed by Joan Daemen and Vincent Rijmen. Available in key sizes of 128-bit, 192-bit, or 256-bit.
  9. amplification attack
    A method of attack that starts with relatively few packets and amplifies its responses (like Smurf or Fraggle attacks).
  10. AnyConnect
    Cisco’s secure mobility client solution, supporting full-tunnel VPN. Require sa small client on the workstation, but then tunnels all traffic through the SSL or IPsec tunnel, allowing other nonsecure protocols to be transported and secured.
  11. ASA
    Adaptive Security Appliance firewall, such as the ASA 5510 Firewall.
  12. asset
    Property (tangible or intangible) that has value to a company, something worth protecting.
  13. asymmetrical
    Meaning both sides are not the same (not symmetrical). An asymmetrical encryption algorithm uses one key to encrypt data and a second (and different) key to decrypt the data.
  14. attack severity rating
    The amount of damage an attack can cause. It is used as one property of a signature inside of an IPS/IDS system.
  15. audit
    A detailed review of a network, system or collection of processes. Accounting is another word that has a similar function: collecting information about the network.
  16. authentication method list
    The list of methods to be used for authentication (RADIUS, TACACS, enable password, Kerberos, vty line, or local database).
  17. authorization method list
    The list of methods to be used for authorization (RADIUS,TACACS, Kerberos, local database, or to pass if already authenticated).

    Used to specify what the authenticated user is authorized to do
  18. C3PL
    Cisco Common Classification Policy Language. This promotes the concept of using class maps and policy maps to identify and provide specific treatment for traffic
  19. CA
    Certificate authority. A system that generates and issues digital certificates. This is usually a device that is trusted by both parties using certificates.
  20. CCP
    Cisco Configuration Professional. A web-based router administration tool with a GUI.
  21. CCP communities
    Groups of routers presented together in CCP as a community of devices. A way to organize the devices being managed within CCP.
  22. CCP templates
    Sections of configurations that can be reapplied to multiple devices in CCP, substituting variables (such as a hostname) that are unique to each router.
  23. CCP user profiles
    Method to restrict what CCP displays to the administrator, thus limiting what the administrator can see and change through CCP.
  24. Cisco public key
    The Cisco public key is needed for the IOS-based IPS to verify Cisco’s digital signature of the IPS signature package provided by Cisco.
  25. Cisco SIO
    Security Intelligence Operations. Early warning intelligence, threat and vulnerabilityanalysis, and proven Cisco mitigation solutions to help protect networks.
  26. class map
    The portion of modular policy framework (MPF) in the ASA, or C3PL on routers and switches, that defines what types of traffic belong to a certain class. Policy maps rely on class maps for the classification of traffic.
  27. class map type inspect
    This special type of class map defines specific classes and types of traffic to be used for further inspection in Zone-Based Firewalls on IOS routers.
  28. clientless SSL VPN
    Allows for limited VPN resource access within some protocols that can natively support TLS, such as HTTPS and CIFS shared over HTTPS.
  29. context-aware security
    Security enforcement that involves the observation of users and roles in addition to things like interface-based controls. An example is an ACS server providing full access to an administrator who is logged in from his local computer, but restricted access when that same user is logged in through a remote device or through a smart phone.
  30. control plane
    The logic systems in a device that are responsible for the routing or switching decisions (control). Routing protocols are a prime example.
  31. CRL
    Certificate revocation list. Used in a PKI environment to inform clients about certificates that have been revoked by the CA.
  32. custom privilege level
    Level 0 (user) and level 15 (enable) are predefined; anything in between (1–14) would be custom privilege level.
  33. data plane
    The logic systems in a device that are responsible for the actual movement (post-decision) of information. End users sending traffic to their servers is one example of traffic on the data plane.
  34. DH group
    The Diffie-Hellman exchange, refers to the security algorithm used to exchange keys securely, even over an unsecured network connection. Groups refer to the lengths of the keys involved in the exchange. Group 1 is a 768-bit key exchange, Group 2 is a 1024-bitkey exchange, and Group 5 is a 1536-bit key exchange. The purpose of this algorithm is toestablish shared symmetrical secret keys on both peers. The symmetric keys are used by symmetric algorithms such as AES.

    DH itself is an asymmetrical algorithm.