Which two security features can be configured to prevent unauthorized access into the network through a
networking device? (Choose two.)
A.
Anti-Replay
B.
Traffic filtering
C.
Authentication
D.
IPSec network security
Explanation:
Traffic filtering and authentication security can be configured to prevent unauthorized access into the network
through a networking device. Unauthorized access to the company’s network should be blocked because
unauthorized access can damage a company’s network. Attackers may access confidential data, plant a virus
in the network, or flood the network with illegitimate packets. Therefore, preventive measures should be taken
to block any unauthorized access.
The traffic filtering security feature uses two measures to prevent unauthorized access into the network: access
lists and Cisco IOS firewalls.
Access lists are configured to determine which traffic to block and which traffic should be forwarded at the
router interfaces. The following types of access lists are available when using Cisco devices:
Basic access lists: Allow only specific traffic through the device; other traffic is dropped.
Extended access lists: Used to filter the traffic based on source IP address, destination IP address, port
numbers, or protocols.
Cisco IOS firewalls provide various security features according to your needs. Following are the key
components of Cisco IOS firewall:
Context-based Access Control (CBAC): Filters TCP and UDP packets on the basis of application layer
protocol session information.
Cisco IOS firewall Intrusion Detection System (IDS): Used to detect suspicious activity. IDS are used to
watch packets and sessions as they flow through the router and scan then to match IDS signatures. If the
packet is detected as suspicious, the packet is dropped.
Authentication Proxy: Used to apply specific security policies on a per-user basis.
Authentication security can be used to prevent unauthorized access to the network. When a user attempts to
access a service or host within the network, they must enter credentials such as their user name and password.
If the credentials are correct, then access is provided; otherwise, the user is not allowed to access the service.
Anti-replay and IPSec network security cannot prevent unauthorized access through a networking device into
the network. Anti-replay prevents the capture and replay of packets on a network. Although a good security
feature to deploy it does not specifically address access to the network through a device. IPSec is used to
encrypt and protect the integrity of data that travels through the network, not control access through a device.
Objective:
Infrastructure Security
Sub-Objective:
Configure, verify, and troubleshoot basic device hardeningReferences:
Cisco > Tech Notes > Cisco Guide to Harden Cisco IOS Devices > Document ID: 13608