CCNA Security Finals 3/3
What is a characteristic of most modern viruses?
Email viruses are the most common type of them.
Which procedure is recommended to mitigate the chances of ARP spoofing?
Enable DAI on the management VLAN.
A company deploys a hub-and-spoke VPN topology where the security appliance is the hub and the remote VPN networks are the spokes. Which VPN method should be used in order for one spoke to communicate with another spoke through the single public interface of the security appliance?
Hairpinning
Which network security tool allows an administrator to test and detect weak passwords?
L0phtcrack
What type of ACL is designed for use in the configuration of an ASA to support filtering for clientless SSL VPN's?
Webtype
What is the purpose of a local username database if multiple ACS servers are configured to provide authentication services?
A local username database provides redundancy if ACS servers become unreachable. [adef]
What provides both secure segmentation and threat defense in a Secure Data Center solution?
Adaptive Security Appliance
What is an advantage of logging packets that are seen by an IPS device?
Administrators can decide what actions can be taken in the future.
What are two drawbacks in assigning user privilege levels on a Cisco router? (Choose two.)
Assigning a command with multiple keywords allows access to all commands using those keywords Commands from a lower level are always executable at a higher level.
Which two features should be configured on end-user ports in order to prevent STP manipulation attacks( Choose two.)?
BPDU guard Portfast
What is a secure configuration option for remote access to a network device?
Configure SSH
What is algorithm-type to protect the data in transit?
Hashing algorithm
A security technician is evaluating a new operations security proposal designed to limit access to all servers. What is an advantage of using network security testing to evaluate the new proposal?
Network security testing proactively evaluates the effectiveness of the proposal before any real threat occurs.
In a server-based AAA implementation, which protocol will allow the router to successfully communicate with the AAA server?
RADIUS
Which statement describes a characteristic of the Security Device Event Exchange (SDEE) feature supported by the Cisco IOS IPS?
SDEE notification is disabled by default. It does not receive and process events from the Cisco IOS IPS unless SDEE notification is enabled.
What is indicated by the use of the local-case keyword in a local AAA authentication configuration command sequence?
That passwords and usernames are case-sensitive.?
Refer to the exhibit. Based on the security levels of the interfaces on ASA1, what traffic will be allowed on the interfaces?
Traffic from the LAN and DMZ can access the Internet.?
What is the default preconfigured interface for the outside network on a Cisco ASA 5505?
VLAN 2
Which security policy outlines the overall security goals for managers and technical personnel within an organization and includes the consequences of noncompliance with the policy?
Which security policy outlines the overall security goals for managers and technical personnel within an organization and includes the consequences of noncompliance with the policy?governing policy
What are three components of a technical security policy? (Choose three.)
acceptable use policy remote access policy network access policy
A user successfully logs in to a corporate network via a VPN connection. Which part of the AAA process records that a certain user performed a specific operation at a particular date and time?
accounting
On what switch ports should BPDU guard be enabled to enhance STP stability?
all PortFast-enabled ports
If a network administrator wants to track the usage of FTP services, which keyword or keywords should be added to the aaa accounting command?
exec
A security awareness session is best suited for which topic?
how to install and maintain virus protection?
The following authentication configuration is applied to a router. aaa authentication login default tacacs+ local enable none Several days later the TACACS+ server goes off-line. Which method will be used to authenticate users?
none
Which feature is specific to the Security Plus upgrade license of an ASA 5505 and provides increased availability?
redundant ISP connections
Which security implementation will provide management plane protection for a network device?
role-based access control
A network technician is attempting to resolve problems with the NAT configuration on anASA. The technician generates a ping from an inside host to an outside host. Whichcommand verifies that addresses are being translated on the ASA?
show xlate
What is used to determine the root bridge when the priority of the switches are the same?
the layer 2 address with the lowest hexadecimal value
What determines which switch becomes the STP root bridge for a given VLAN?
the lowest bridge ID
What is a function of the GRE protocol?
to encapsulate multiple OSI Layer 3 protocol packet types inside an IP tunnel
What are two reasons to enable OSPF routing protocol authentication on a network? (Choose two.)
to prevent data traffic from being redirected and then discarded? to prevent redirection of data traffic to an insecure link?
Which two types of hackers are typically classified as grey hat hackers? (Choose two.)
vulnerability brokers hacktivists
