Question 1. Define the features of the following wireless network types.
Question 2. Compare the important attributes and relative security offered by the IPSec VPN AES and DES encryption algorithms.
Question 3. 3. (TCO B) Study the configuration shown below. Analyze when the timed ACL will become active, how long it will remain active, and what kind of traffic will be allowed.
access-list 101 permit tcp any any eq telnet
access-list 101 permit tcp any any eq ftp
access-list 101 permit tcp any any eq www time-range WEEKDAYS
periodic Monday Tuesday Wednesday Thursday Friday 10:00 to 15:00
periodic Saturday Sunday 6:00 to 12:00
absolute start 02:00 22 December 2011 end 05:00 22 December 2011 (Points : 25)
(a) Describe what the network access server (NAS) would do when receiving a REJECT message when there are two authentication servers consisting of TACACS+ and RADIUS. Both servers are contained in the method authentication list.
(b) Describe what the network access server (NAS) would do when receiving an ACCEPT message when there are two authentication servers consisting of TACACS+ and RADIUS. Both servers are contained in the method authentication list.
(c) Describe what the authentication server (security server) process would be when receiving an ERROR message when there are four authentication servers consisting of two TACACS+ servers and two RADIUS servers. The four security servers are contained in the method authentication list.
Question 5. Describe the similarities and differences between host intrusion detection systems (HIDS) and network intrusion detection systems (NIDS).
Question 6. Describe the environment requiring a DMZ; describe the vulnerabilities that exist with a network that lacks a DMZ.
Question 7. Enter the global configuration mode and line configuration mode commands that are required to secure the VTY Lines 0 through 15 to use the local username admin with the encrypted password adminpass for remote telnet or SSH log-ins to the Cisco router.
Question 8. Answer the following questions.
(a) How does a man-in-the-middle attack objective differ from a distributed denial-of-service (DDoS) attack objective?
(b) What are the similarities?
(c) How are each of the attacks mitigated?