Blocking Endpoint Attacks
Review Questions
You can find the solutions to these questions in Appendix A, "Answers to Review Questions."
1. |
What could be of interest to a hacker planning to attack an IP phone?
- The attacker can learn about the IP telephony environment.
- The attacker can start attacks from the IP phone.
- With a modified image and configuration file, the attacker can bring down the Cisco CallManager.
- The attacker can sabotage a special user.
|
2. |
Which IP phone does not support configuration file authentication?
- Cisco IP Phone 7920
- Cisco IP Phone 7940
- Cisco IP Phone 7960
- Cisco IP Phone 7970
|
3. |
In which window are IP phone security settings configured?
- Directory Number Configuration
- Phone Configuration
- Phone Security Configuration
- Product Specific Configuration
|
4. |
How do you browse to the built-in web server of an IP phone?
- http://IP-Phone's-IP-address
- https://IP-Phone's-IP-address
- https://IP-Phone's-IP-address/CCMAdmin
- https://IP-Phone's-IP-address/Admin
|
|
|
5. |
Which statement is not true about gratuitous ARP attacks?
- Gratuitous ARP is a man-in-the-middle attack.
- Gratuitous ARP attackers usually operate from the Internet.
- Gratuitous ARP is normally used for HSRP.
- Ettercap is a tool used for gratuitous ARP attacks.
|
6. |
Which of the following statements about authentication and encryption is not true?
- It was introduced with Cisco CallManager Release 4.0.
- Media streams use SRTP.
- Signaling uses Secure SCCP.
- TLS was formerly known as SSL.
|
7. |
Which of the following network information cannot be found out from a Cisco IP Phone?
- DHCP server address
- DNS server address
- TFTP server address
- Intranet server address
- Cisco CallManager address
|
8. |
You want to prevent users from accessing the PC port of a 7912 IP Phone. What option is available to you?
- Use the Cisco CallManager Phone Configuration window to disable the PC port.
- Use the CallManager service parameters to disable all PC ports.
- Use the Bulk Administration Tool to disable the PC port for all 7912 IP Phones.
- Fill the PC port of the phone with glue.
|
9. |
Which of the following was the predecessor of Transport Layer Security?
- IPsec
- SSL
- DES
- AES
|
|
|
10. |
What must you do to implement signed firmware validation on the Cisco IP Phones?
- Nothing; the feature is already enabled since CCM 3.3(3).
- Change the signed firmware setting from the Phone Configuration window.
- Change the signed firmware setting from the CallManager service parameters.
- Change the signed firmware setting from the IP phone itself.
|