CCNA Security 210-260 (Santos & Stuppi): Ch01 Questions

I have been away from study as well as blogging for sometime due to my on-going health issues. This year alone, I’ve had three operations and have been off the tangent on my study. Actually, two but the last one was a spin-off of the second. The first was in May, embarrassing to say this but the operation was for hemorrhoidectomy and colonoscopy, it brought me down for about 3 weeks. Then 3 weeks ago, I’ve had a Tonsillectomy, I was so glad that I was finally saying good bye to my beloved 40 year old tonsillitis. Post operation, I was almost over the hill, then on the 14th day, a scab came off the operated part and started bleeding crazy. Last Sunday, I went into Emergency and after almost bleeding to death for 8 hours, the ENT specicialist decided to operate on me again under full anesthetics. I was out for another week and looking forward to going back to work tomorrow. Sadly, I felt the pain up the bumb as well as in the mouth this year. Hopefully, I can keep my promise to completed the CCNA Security 210-260 before the year end. ;).

For anyone who is also struggling with their study, keep your forcus and keep going until you see the end of the tunnel. Yes, there are many tunnels to crosss in our industry, if you stop, you might get run over by the traffic behind you, so keep moving. 🙂

To help the exam prep and also make some go to points, I will simply refer the questions from the books. Yes, I did purchased a hard copy to study for this exam, the videos are also also available from safaribooks.com (Santos & Stuppi videos). Older Barker version is available off torrent sites as form of cbtnugget videos. Love watching Keith Barker’s cbtnuggets, he is a true  legend!

1. Which security term refers to a person, property, or data of value to a company?
a. Risk
b. Asset
c. Threat prevention
d. Mitigation technique
B

2. Which asset characteristic refers to risk that results from a threat and lack of a countermeasure?
a. High availability
b. Liability
c. Threat prevention
d. Vulnerability
D

3. Which three items are the primary network security objectives for a company?
a. Revenue generation
b. Confidentiality
c. Integrity
d. Availability
B C D

4. Which data classification label is usually not found in a government organisation?
a. Unclassified
b. Classified but not important
c. Sensitive but unclassified
d. For official use only e. Secret
B
5. Which of the following represents a physical control?
a. Change control policy
b. Background checks
c. Electronic lock
d. Access lists
C

6. What is the primary motivation for most attacks against networks today?
a. Political
b. Financial
c. Theological
d. Curiosity
B

7. Which type of an attack involves lying about the source address of a frame or packet?
a. Man-in-the-middle attack
b. Denial-of-service attack
c. Reconnaissance attack
d. Spoofing attack
D

8. Which two approaches to security provide the most secure results on day one?
a. Role based
b. Defense in depth
c. Authentication
d. Least privilege
B D

9. Which of the following might you find in a network that is based on a defense-in-depth security implementation? (Choose all that apply.)
a. Firewall
b. IPS
c. Access lists
d. Current patches on servers
A B C D

10. In relation to production networks, which of the following are viable options when dealing with risk? (Choose all that apply.)
a. Ignore it
b. Transfer it
c. Mitigate it
d. Remove it
B C D

Notes on Cisco QoS: Clearing the fog – Part 2. Quality issues

Quality of Service

QOS = Method of giving priority to some specific traffic as moving over the network.

The basic aim of QoS is to have a consistent and predictable performance on your network.

 

1 qos intro

General characteristics of today’s Converged Network:

  • Small voice packet compete with bursty data packets, many different applications are using network as services
  • Critical traffic must get priority over less critical traffic, without QoS, default behavior is First In First Out (FIFO)
  • Voice and video traffics are time-sensitive
  • Outages are not acceptable

 

Converged Network Quality issues:

  • Lack of Bandwidth
  • Packet Loss
  • Delay
  • Jitter

 

Bandwidth

2 Bandwidth Measure.png

  • Maximum available bandwidth is the slowest link on the traffic paths
  • On the same physical links (traffic paths), multiple flows compete for the same bandwidth, multiple applications sharing the same bandwidth
  • Lack of bandwidth causes performance degradation on network applications

 

 

Packet Loss

3 Tail Drop due to Queue Congestion

Packet loss due to Tail Drop: Queue only can so much packets and once it is full and more packets arrive at the tail end of the queue before the queue is emptied (due to link congestion etc.), the packets will be dropped, and this behavior is called ‘Tail Drop’. If the tail drop occurs to the time sensitive traffics such as voice and video, the effects are immediately felt by the users on the flow. If this happens to data traffic, it may interrupt file transfer and corrupt the file.

 

 

Delay

4 Types of Delay

  • Processing Delay – time taken by router to process packets from an input interface and put them into the output queue of output interface
  • Queuing Delay – time a packet resides in the output queue of a router
  • Serialization Delay – time taken to place bits on the wire
  • Propagation Delay – time taken for packets to cross links from one end to the other end

 

 

Jitter

5 Jitter

  • Packets from a source will reach a destination with different delay times
  • Congestion on the network will cause jitter
  • Congestion can occur at a router interface/Service Provider network if the circuits are not properly provisioned

 

GNS3 1.4.2 and IOU VM.ova Installation Tips

Assumption 1: You’ve already have a VMware Workstation or Virtual Box installed and running on your PC/Laptop
Assumption 2: You’ve already downloaded GNS3 1.4.2 and GNS3 VM.ova files from “https://github.com/GNS3/gns3-gui/releases”.
Now Let’s get started:

Step1: Import “GNS3 VM.ova” file on your VMWare Workstation or Virtual Box

Step 1a: Upload IOU L2 and L3 image files on “http://192.168.56.101:8000/upload”, under IOU
Step 1b: Upload CiscoIOUKeygen.py file on “http://192.168.56.101:8000/upload”, under IOU

Step2: Install GNS3 1.4.2
Step 2a: complete basic GNS3 setup following YouTube videos.
One of the videos is as below: https://www.youtube.com/watch?v=1j4VHW-vvR8

Step3: SSH into your IOU VM machine, and go to “/etc” folder and run the following commands under respective folder.
(Video Reference: https://www.youtube.com/watch?v=V0SdjK5tEcA)

Tip: Default IOU VM UID = gns3
Default IOU VM PWD = gns3

Required commands:
echo -ne \\x1\\x0\\x0\\x0 > /etc/hostid
echo -ne \\x1\\x0\\x0\\x0 > /etc/ioukey
echo hostid = 0000001 ; echo hostname = gns3-iouvm ; echo ioukey = 3d9

Step 4: Go to http://192.168.56.101:8000/upload and upload CiscoIOUKeygen.py file

Step 5: Go to /opt/gns3/images/IOU directory and take ownership of the unloaded keygen file

Step 6: use python or python3 command to generate your 16 character long IOU key

root@gns3vm:/opt/gns3/images/IOU# python CiscoIOUKeygen.py
hostid=00000001, hostname=gns3vm, ioukey=25f

Add the following text to ~/.iourc:
[license]
gns3vm = acf51841caabfb0f;

You can disable the phone home feature with something like:
echo ‘127.0.0.127 xml.cisco.com’ >> /etc/hosts

============================================
***Notice that my VM machine works with python command but not python3 command!!!

root@gns3vm:/opt/gns3/images/IOU# chmod +x CiscoIOUKeygen.py

## Notice that python3 command does not work here!!!!
root@gns3vm:/opt/gns3/images/IOU# python3 CiscoIOUKeygen.py
File “CiscoIOUKeygen.py”, line 11
print “hostid=” + hostid +”, hostname=”+ hostname + “, ioukey=” + hex(ioukey)[2:]
^
SyntaxError: invalid syntax
==============================================

Step 7: Using the “gns3vm’ value, create a txt file containg the license information. Save the file as IOURC.txt and point your GNS3 remote server to this txt file.

[license]
gns3vm = acf51841caabfb0f;

CCNA Data Center 640-911 DCICN – Note 18, IPv6 Introduction

This is my first blog in 2016, I have been on holiday mode as I have been on one the longest annual leave in my life. Hope you understand the family commitment when you and your kids are on summer holiday (here in Sydney, Dec/Jan/Feb is blazing summer).

 

IPv6, the history and does it really matter to you or anyone?

The simple answer is YES, then why? The single biggest driver behind the development and introduction of IPv6 is  a long prediction of lack of usable IPv4 IP addresses since the explosion of World Wide Web (www) in 1995. The www development goes back to 1991 and then the introduction of grandfather web browser, Mosaic was first introduced in 1993. By year 1995, one third of IPv4 addresses were consumed, by year 2000, half of all IPv4 addresses were use.

As reviewed in previous notes, IPv4 consists of 32 bit address structure and theoretically that should give us 2 to the power of 32 IP addresses, that is 4294967296 IP addresses or roughly, 4.3 billion IP addresses . But not all IP addresses are usable such as the reserved IP addresses for private network use as well as the Class E addresses reserved for development and testing purposes. In other words, only around 2.5 billion IP addresses are true usable addresses. If you just check out our world’s population today ( http://www.worldometers.info/world-population/, China = 1.407 billion and India = 1.2912 billion people,), just looking at top two countries’ population figures, you can feel the IPv4 address shortage on your skin. The trend is that the world’s network has been doubling in size every year for the past 15 years. (https://en.wikipedia.org/wiki/IPv4_address_exhaustion)

With the advancement of new technologies comes the rapid deletion of available IPv4 IP addresses. Anything that’s related to mobile communications and entertainment as well as all other areas seems to be needing more and more IP addresses for everyday use. In the past, it was expected that all the IPv4 addresses would be depleted by 2011 but it is 2016 and we are still using IPv4 address without much thought, all thanks to the counter measures put into place to slow down the IPv4 IP address deletion. e.g.) The fine art of sub-netting, a practical use of DHCP and IP Natting.

 

 Quick note on history of IPv6:

1990 – IETF had predicted that all class B IPv4 IP addresses will be deleted by 1994
1991 Nov – IETF formed  ROAD (ROuting and ADress) Group in Santa Fe, US.
1995 – IPNG (IP Next Generation) Workgroup had written and submitted ‘RFC 1883’, this RFC has become the foundation of current IPv6.
1996 – 6Bone was introduced. 6Bone was a test-bed for IPv6 vulnerabilities connecting 57 countries across 1100 sites.
1999 – IPv6 Forum was launched to standardize the use of IPv6
2006 Jul 06 – 6Bone was decommissioned after 10 years of testing.
Current – Majority of IP products are manufactured with IPv6 capabilities and compatibility. IPv6 is slowly phasing out IPv4 around the world.

Source: https://en.wikipedia.org/wiki/IPv6

 

Quick note on 10 Advantages (Characteristics) of IPv6:
1. Larger IP address space than IPv4, 32 bits based IPv4 vs 128 bits based IPv6
2. Better end-to-end connectivity than IPv4
– peer-to-peer application connections such as games, video conferencing, file sharing and VoIP
– No need to use NAT as the shortage of addresses is thing of IPv4
3. Plug-n-Play feature of IPv6
– plug-and-play auto-configuration, e.g.) DHCPv6
4. Simplified Header structures leading to faster routing
5. Better security features
– use of IPSec (a built-in feature)
6. Improved QoS features
7. Improved Multicast and Anycast abilities
8. Better mobility features
9. Ease of administration over IPv4
10. IPv6 follows the key design principles of IPv4

Source: http://www.ipv6.com/articles/general/Top-10-Features-that-make-IPv6-greater-than-IPv4.htm

In the next section, we will look at some characteristics of IPv6 and then in the final section of IPv6, I will demonstrate IPv6 in a simple lab. Happy blogging, reading and all the best with your learning and career in 2016.