Cisco Network and Security Q&A

 

In this blog, some of the set of questionnaires regarding the cisco network and network security are answered in brief.

Question

What are the three areas that Cisco Network Foundation Protection (NPF) logically divides devices like routers and switches? List any four management protection mechanisms.

Answer

The three areas that Cisco Network Foundation Protection (NPF) logically divides devices like routers and switches are mentioned below: 

• Control Plane

• Management Plane 

• Data Plane

Any four management protection mechanisms are listed below: 

➢ Enable login and password policy

In order to restrict device accessibility, proper implementation of login and password policy can be done by disabling insecure network protocols like telnet and limiting the accessible ports.

 

➢ Present legal notification

Notification can be presented by developing the legal counsel of a corporation. 

➢ Authorize actions. Authorization can be done by restricting the actions and views which are permitted by any particular user, service, or group. 

➢ Enable role-based access control

In order to grant access to any particular user, group, or service role-based access control can be enabled.

Question

What are the three security benefits that SNMP v3 provides over SNMP v1 and v2?

Answer

Three security benefits that SNMP v3 provides over SNMP v1 and v2 are listed down: 

❖ Access control

Each principal is restricted to certain actions on specific portions of data. 

❖ Encryption

It helps in scrambling the contents of a packet to prevent it from being seen by an unauthorized/unknown source. 

❖ Message integrity and authentication

It makes sure that a packet has not been tampered with in transit and is from a valid/legal source. 

Question

What is a reconnaissance attack? Please do Internet Information Queries and list DNS servers and Mail server IP address of cisco.com.

Answer

A reconnaissance attack is the type of attack which performs unauthorized discovery and mapping of systems, services, or vulnerabilities. 

They are general knowledge-gathering attacks and can occur in both logical and physical approaches. 

They are used for gathering information in network systems and services. 

Reconnaissance attack consists of internet information queries, port scanning, ping sweeping, packet sniffing, etc. 

Below is the list of DNS server and Mail server IP addresses of cisco.com:

DNS Server IP address

DNS Server 1

DNS Server 2

DNS Server 3

Mail Servers IP address

Figure 4: Mail Server IP