Bash, the Crucial Exams Chat Bot
AI Bot
Network Security Fundamentals (CCNACBR) Flashcards
Cisco CCNA Cybersecurity 200-201 CCNACBR Flashcards
Study our Network Security Fundamentals (CCNACBR) flashcards for the Cisco CCNA Cybersecurity 200-201 CCNACBR exam with 50+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| Access port versus trunk port on a switch | Access port carries a single VLAN; trunk port carries multiple VLANs using VLAN tagging |
| Common port numbers HTTP HTTPS DNS and RDP | HTTP 80 HTTPS 443 DNS 53 RDP 3389 |
| Common protocol at the Transport layer beyond TCP and UDP | ICMP used for diagnostics and error messages |
| Common secure remote admin protocol and port | SSH uses TCP port 22 for secure encrypted administrative sessions |
| Defense in depth definition | Layered security controls across network endpoints and infrastructure to reduce risk of single point failures |
| Difference between broadcast and multicast | Broadcast goes to all devices in a domain; multicast goes only to subscribed group members |
| Difference between static and dynamic routing | Static routes are manually configured fixed paths; dynamic routes are learned and adjusted by routing protocols |
| Difference between static NAT and PAT | Static NAT maps one internal IP to one public IP; PAT maps multiple internal IPs to one public IP using port numbers |
| Difference between TCP and UDP | TCP is connection oriented reliable with flow control; UDP is connectionless low overhead and unreliable |
| Encapsulation order from application to wire | Application then Transport then Network then Data Link then Physical |
| Given IP 192.168.10.130 with mask 255.255.255.192 what is the network and broadcast | Network 192.168.10.128 Broadcast 192.168.10.191 |
| How does Dynamic ARP Inspection work | Validates ARP packets against DHCP snooping table to drop invalid ARP responses |
| How many usable hosts in a /24 network | 254 usable hosts |
| How many usable hosts in a /26 network | 62 usable hosts |
| How OSI layers map to TCP IP model | Application Presentation Session map to Application; Transport to Transport; Network to Internet; Data Link and Physical to Network Access |
| How to calculate hosts in a subnet from prefix length | Hosts = 2^(32 minus prefix) minus 2 for network and broadcast |
| Inter VLAN routing purpose | Enables communication between different VLANs using a router or layer 3 switch |
| Mitigation for MAC flooding | Enable port security and set MAC address limits and aging to protect the CAM table |
| Mitigations against VLAN hopping | Disable unused ports set correct native VLAN and use access ports and trunk pruning |
| Mitigations for ARP spoofing | DHCP snooping and Dynamic ARP Inspection block forged ARP entries and validate DHCP bindings |
| Native VLAN on a trunk | The VLAN that is untagged on a trunk link typically VLAN 1 by default unless changed |
| Order and implicit deny in ACL processing | ACLs are processed top to bottom first match applies and there is an implicit deny at the end |
| OSI layer responsible for end to end reliability | Transport layer - manages segmentation flow control and error recovery using TCP or UDP |
| OSI layer that handles logical addressing and routing | Network layer - provides IP addressing and routing between networks |
| OSI layer that hands physical transmission of bits | Physical layer - defines electrical optical and physical media specifications |
| OSI model top layer and function | Application layer - provides services to end user applications such as HTTP DNS and SMTP |
| Principle of least privilege | Grant users and services only the minimum access required to perform their tasks |
| Purpose of a DMZ | Demilitarized Zone isolates public facing services from internal network to reduce attack surface |
| Purpose of a VLAN | Virtual LAN segments switch ports to create separate broadcast domains for security and traffic control |
| Purpose of ARP | Address Resolution Protocol maps IPv4 addresses to MAC addresses on a local network |
| Purpose of BPDU guard on switches | BPDU guard disables ports that receive Bridge Protocol Data Units to prevent rogue switches and loops |
| Secure management plane best practice | Use out of band management SSH AAA and management ACLs to restrict admin access |
| Three way TCP handshake steps | SYN then SYN-ACK then ACK to establish a TCP connection |
| What defines a broadcast domain | All devices that receive broadcast frames - typically bounded by routers or layer 3 devices |
| What defines a collision domain | A segment where frames can collide - typically a single switch port or hub segment |
| What is a firewall stateful versus stateless | Stateful firewalls track connection state and make decisions based on state; stateless firewalls filter each packet independently |
| What is a MAC address | A hardware 48 bit address used for frame forwarding at the Data Link layer |
| What is an ACL on routers and basic types | Access Control List filters traffic by permit or deny rules; standard ACLs filter by source IP only; extended ACLs filter by protocol source and destination |
| What is ARP spoofing attack | An attacker sends forged ARP replies to associate their MAC with another IP causing man in the middle |
| What is default gateway role | The default gateway forwards traffic from a host to destinations outside the local network |
| What is DHCP snooping | Switch feature that tracks trusted DHCP servers and prevents rogue DHCP servers on untrusted ports |
| What is MAC flooding attack | Attacker overwhelms switch CAM table causing it to broadcast frames to all ports enabling sniffing |
| What is NAT | Network Address Translation modifies IP addresses and ports for traffic crossing a boundary to conserve addresses and hide internal IPs |
| What is NAT overload | NAT overload is PAT where many private hosts share a single public IP via different source ports |
| What is route summarization | Aggregating contiguous routes into a single advertisement to reduce routing table size and improve efficiency |
| What is STP and why important | Spanning Tree Protocol prevents switching loops by blocking redundant paths until needed |
| What is SYN flood attack and basic mitigation | SYN flood exhausts server resources with half open connections; mitigations include SYN cookies rate limiting and firewalls |
| What is VLAN hopping attack | An attacker sends double tagged frames or uses a trunk to access VLANs they should not reach |
| When to use NAT over no NAT | Use NAT when private addressing must be translated to public addresses for internet access |
| Why implement port security on switches | To limit MAC addresses per port and prevent unauthorized devices and MAC flooding attacks |
About the Flashcards
Flashcards for the Cisco CCNA Cybersecurity exam strengthen your grasp of essential networking theory and terminology. The deck walks you through the OSI and TCP/IP layers, dives into protocol behavior and port numbers, and clarifies the flow of data from application to physical media-key knowledge areas the exam loves to probe.
You'll also practice calculating subnets, configuring VLANs and trunking, distinguishing static versus dynamic routing, and applying NAT. Security flashcards highlight ACL logic, port security, STP safeguards, DHCP snooping, and defense-in-depth principles, ensuring you can recognize threats and choose the right mitigation. Frequent review sharpens recall and builds the troubleshooting mindset demanded on test day.
Topics covered in this flashcard deck:
- OSI & TCP/IP models
- Switching & VLANs
- Routing & NAT
- Subnetting calculations
- Network security controls
- Protocols & port numbers