Blocking Endpoint Attacks

Review Questions

You can find the solutions to these questions in Appendix A, "Answers to Review Questions."

1.

What could be of interest to a hacker planning to attack an IP phone?

  1. The attacker can learn about the IP telephony environment.
  2. The attacker can start attacks from the IP phone.
  3. With a modified image and configuration file, the attacker can bring down the Cisco CallManager.
  4. The attacker can sabotage a special user.

2.

Which IP phone does not support configuration file authentication?

  1. Cisco IP Phone 7920
  2. Cisco IP Phone 7940
  3. Cisco IP Phone 7960
  4. Cisco IP Phone 7970

3.

In which window are IP phone security settings configured?

  1. Directory Number Configuration
  2. Phone Configuration
  3. Phone Security Configuration
  4. Product Specific Configuration

4.

How do you browse to the built-in web server of an IP phone?

  1. http://IP-Phone's-IP-address
  2. https://IP-Phone's-IP-address
  3. https://IP-Phone's-IP-address/CCMAdmin
  4. https://IP-Phone's-IP-address/Admin

   
5.

Which statement is not true about gratuitous ARP attacks?

  1. Gratuitous ARP is a man-in-the-middle attack.
  2. Gratuitous ARP attackers usually operate from the Internet.
  3. Gratuitous ARP is normally used for HSRP.
  4. Ettercap is a tool used for gratuitous ARP attacks.

6.

Which of the following statements about authentication and encryption is not true?

  1. It was introduced with Cisco CallManager Release 4.0.
  2. Media streams use SRTP.
  3. Signaling uses Secure SCCP.
  4. TLS was formerly known as SSL.

7.

Which of the following network information cannot be found out from a Cisco IP Phone?

  1. DHCP server address
  2. DNS server address
  3. TFTP server address
  4. Intranet server address
  5. Cisco CallManager address

8.

You want to prevent users from accessing the PC port of a 7912 IP Phone. What option is available to you?

  1. Use the Cisco CallManager Phone Configuration window to disable the PC port.
  2. Use the CallManager service parameters to disable all PC ports.
  3. Use the Bulk Administration Tool to disable the PC port for all 7912 IP Phones.
  4. Fill the PC port of the phone with glue.

9.

Which of the following was the predecessor of Transport Layer Security?

  1. IPsec
  2. SSL
  3. DES
  4. AES

   
10.

What must you do to implement signed firmware validation on the Cisco IP Phones?

  1. Nothing; the feature is already enabled since CCM 3.3(3).
  2. Change the signed firmware setting from the Phone Configuration window.
  3. Change the signed firmware setting from the CallManager service parameters.
  4. Change the signed firmware setting from the IP phone itself.

Категории