CCNA Security v2.0 Final Exam

¡Supera tus tareas y exámenes ahora con Quizwiz!

What is the default preconfigured security level for the outside network interface on a Cisco ASA 5505?

0

What service or protocol does the Secure Copy Protocol rely on to ensure that secure copy transfers area from authorized users?

AAA

What algorithm is used with IPsec to provide data confidentiality

AES

What is a limitation to using OOB management on a large enterprise network?

All devices appear to be attached to a single management network

On what switch port s should PortFast be enabled to enhance STP stability?

All end-user ports

A company deploys a network-based IPS. Which statement describes a false negative alarm that is issued by the IPS sensor?

An attack packet passes an no alarm is generated

hich two end points can be on the other side of an ASA site-to-site VPN configured using ASDM?

Another ASA ISR Router

Which type of ASDM connection would provide secure remote access for remote users into corporate networks?

AnyConnect SSL VPN

What are two drawbacks in assigning user privilege levels on a Cisco router?

Assigning a command with multiple keywords allows access to all commands using those keywords Commands from a lower level are always executable at a higher level

What does the keyword default specify when used with the aaa authentication login command?

Authentication is automatically applied to the con 0, aux, and the vty lines

Which router component determines the number of signatures and engines that can be support

Available memory

How can DHCP spoofing attacks be mitigated?

By implementing DHCP snooping on trusted ports

Which three forwarding plane services and functions are enabled by the Cisco AutoSecure feature?

Cisco IOS firewall inspection Cisco Express Forwarding (CEF) Traffic filtering with ACLs

Which feature of the Cisco Network Foundation Protection framework prevents a route processor from being overwhelmed by unnecessary traffic?

Control Plane Policing

When configuring SSH on a router to implement secure network management, a network engineer has issued the login local and transport input ssh line vty commands. What three additional configuration actions have to be performed to complete the SSH configuration?

Create a valid local username and password database Generate the asymmetric RSA keys Configure the correct IP domain name

What can be used as an alternative to HMAC

Digital Signatures

A network administrator is configuring an AAA server to manage TACACS+ authentication. What are two attributes of TACACS+ authentication?

Encryption for all communication Separate processes for Authentication and Authorization

What type of ACL offers greater flexibility and control over network access?

Extended

What is the function of the Hashed Message Authentication Code (HMAC) algorithm in setting up an IPsec VPN?

Guarantees message integrity

What is the advantage of HIPS that is not provided by IDS

HIPS protects critical system resources and monitors operating system processes

Which two types of hackers are typically classified as grey hat hackers?

Hacktivists Vulnerability Brokers

A company deploys a hub-and-spoke VPN topology where the security appliance is the hub and the remote VPN networks are the spokes. Which VPN method should be used in order for one spoke to communicate with another spoke through the single public interface of the security appliance?

Hairpinning

What can be configured as part of a network object?

IP address and mask

Which two statements describe the use of asymmetric algorithms?

If a private key is used to encrypt the data, a public key must be used to decrypt the data If a public key is used to encrypt the data, a private key must be used to decrypt the data

What are three characteristics of the RADIUS protocol?

Is an open IETF standard AAA protocol Uses UDP ports for Authentication and Accounting Is widely used in VOIP and 802.1X implementations

Which statement describes the Cisco Cloud Web Security?

It is a cloud-based security service to scan traffic for malware and policy enforcement

What is the result of a DHCP starvation attack?

Legitimate clients are unable to lease IP addresses

What is the next step in the establishment of an IPsec VPN after IKE Phase 1 is complete?

Negotiation of the IPsec SA Policy

A security technician is evaluating a new operations security proposal designed to limit access to all servers. What is an advantage of using network security testing to evaluate the new proposal?

Network security testing proactively evaluates the effectiveness of the proposal before any real threat occurs

What ports can receive forwarded traffic from an isolated port that is part of a PVLAN

Only promiscuous ports

What three tasks can a network administrator accomplish with the Nmap and Zenmap secuirty testing tools?

Open UDP and TCP port detection Operating System Fingerprinting Assessment of Layer 3 protocol support on hosts

Which three areas of router security must be maintained to secure an edge router at the network perimeter?

Physical Security Operating System Security Router Hardening

Which security document includes implementation details, usually with step-by-step instructions and graphics?

Procedure Document

Which service should be disabled on a router to prevent a malicious host from falsely responding to ARP requests with the intent to redirect the Ethernet frames?

Proxy ARP

What are the two protocols that are used by AAA to authenticate users against a central database of usernames and password?

RADIUS TACACS+

What information does the SIEM network security management tool provide to network administrators?

Real time reporting and analysis of security events

Which features is specific to the Security Plus upgrade license of an ASA 5505 and provides increased availability?

Redundant ISP connections

Which security implementation will provide management plane protection for a network device?

Role-Based Access Control

Which interface setting can be configured in ASDM through the Device Setup tab?

Security Level

What term describes a set of rules used by an IDS or IPS to detect typical intrusion activity?

Signature

A network administrator is configuring an AAA server to manage RADIUS authentication. Which two features are included in RADIUS authentication?

Single process for authentication and authorization Hidden passwords during transmission

How are Intrusion Prevention System (IPS) and Intrusion Detection System (IDS) components used conjunctive?

The IDS will send alert messages about "gray area" traffic while the IPS will block malicious traffic

What is a characteristic of an ASA Site-to-Site VPN

The IPsec protocol protects the data transmitted through the site-to-site tunnel

What is a result of enabling the Cisco IOS image resilience feature?

The feature can only be disabled through a console session

Why is Diffie-Hellman algorithm typically avoided for encyption

The large number used by DH makes it too slow for bulk data transfer

A syslog server has received the message shown. *Mar 1 00:07:18.787: %SYS-5-CONFIG_I: Configured from console by vty0 (172.16.45.1) What can be determined from the syslog message?

The message informs the administrator that a user with an IP address of 172.16.45.1 configured this device remotely

Which statement accurately describes Cisco IOS Zone-Based Policy Firewall operation?

The pass action works in only one direction

A security technician uses an asymmetric algorithm to encrypt messages with a private key and then forwards that data to another technician. What key must be used to decrypt this data?

The public key of the sender

What is the purpose of AAA Accounting

To collect and report data usage

What is a characteristic of a DMZ zone?

Traffic originating from the outside network going to the DMZ network is selectively permitted

hich type of VLAN-hopping attack may be prevented by designating an unused VLAN as the native VLAN?

VLAN double-tagging

What is a characteristic of asymmetric algorithms?

Very long key lengths are used

What technology is used to separate physical interfaces on the ASA 5505 device into different security zones?

Virtual local-area networks

A user complains about not being able to gain access to the network. What command would be used by the network administrator to determine which AAA method list is being used for this particular user as the user logs on?

debug aaa authentication


Conjuntos de estudio relacionados

Physical Science Chapter 6? Quiz & Assessment

View Set

Ch. 13 Corporations: Organization, Stock Transactions, and Dividends Part 4 Quiz

View Set

Nutrition Lesson 4/Chapter 4 The Carbohydrates: Sugar, Starch, Glycogen, and Fiber

View Set

Role Playing- Retailing & Omnichannel Marketing: Fit Life

View Set

Microeconomics - Chapter 19 : Profit Maximization

View Set

the cardiovascular system: heart

View Set

True/False, Chamberlain's Political Theory: Multiple choice

View Set

Gmetrix certification practice test 2

View Set

Chapter 6 and 7 review questions

View Set

IM EOR - GI conditions Part 4: IBD, Diverticular Dz, Gastritis, Hemorroids

View Set