Chapters 25 - 26: Access Control and Infrastructure Security

¡Supera tus tareas y exámenes ahora con Quizwiz!

What protocol is used to encapsulate the EAP data between the authenticator and authentication server performing 802.1X authentication?

RADIUS

Which statement describes a difference between RADIUS and TACACS+?

RADIUS encrypts only the password, whereas TACACS+ encrypts all communication.

Which EAP method makes use of the Protected Extensible Authentication Protocol (PEAP)?

EAP tunneled TLS authentication method

What message is sent every 30 seconds by the 802.1x authenticator to an endpoint to initiate the MAB authentication process?

EAPoL identity request

What are two characteristics of the ZBFW default zone? (Choose two.)

Interfaces that are not members of other zones are placed in this zone by default./It is a system built zone.

Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet?

access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80access-list 103 deny tcp ​192.168.10.0 0.0.0.255 any eq 23

Refer to the exhibit. Which two ACLs, if applied to the G0/1 interface of R2, would permit only the two LAN networks attached to R1 to access the network that connects to R2 G0/1 interface? (Choose two.)

access-list 5 permit 192.168.10.0 0.0.0.63/access-list 5 permit 192.168.10.64 0.0.0.63/access-list 1 permit 192.168.10.0 0.0.0.127

Which vulnerability can be mitigated by disabling CDP and LLDP on a Cisco device?

advertising detailed information about a device

Which type of threat defense is provided by Cisco Umbrella?

blocking requests to malicious Internet destinations

Which place in the network (PIN) is considered to be the highest-risk, as it is the ingress and egress point for internet traffic?

edge

What threat protection actions are involved in the "before" phase of the attack continuum?

establishing policies and implementing prevention measures to reduce risks

What are the three phases of TrustSec configuration? (Choose three.)

ingress classification propagation/egress enforcement

Which security appliance passively monitors and analyzes network traffic for potential network intrusion attacks and logs the attacks for analysis?

intrusion detection system

Which command can be issued to protect a Cisco router from unauthorized automatic remote configuration?

no service config

What are two limitations of PACLs? (Choose two.)

no support of ACLs that filter IPv6 packets no filtering of outbound traffic

What is the Control Plane Policing (CoPP) feature designed to accomplish?

prevent unnecessary traffic from overwhelming the route processor

What security capability is provided by applying Cisco WSA web reputation filters before an attack?

prevents client devices from accessing dangerous websites containing malware or phishing links

Which command produces an encrypted password that is easily reversible?

service password-encryption

According to Gartner, Inc. what three capabilities must a next-generation firewall (NGFW) provide in addition to standard firewall features? (Choose three.)

the ability to perform application-level inspection/the ability to leverage external security intelligence/ an integrated IPS

Which secure access solution can be implemented to authenticate endpoints that do not support 802.1x or MAB?

web authentication

Question as presented: Match the Cisco Safe security concepts to the description. (Not all options are used.)

3120

Question as presented: Match the Cisco SAFE component with the description. (Not all options are used.)

2130

Question as presented: Match the security platform to the description. (Not all options are used.)

1302/

Which three statements describe ACL processing of packets? (Choose three.)

A packet can either be rejected or forwarded as directed by the ACE that is matched./Each statement is checked only until a match is detected or until the end of the ACE list./An implicit deny any rejects any packet that does not match any ACE.

What is a feature of a Cisco IOS Zone-Based Policy Firewall?

A router interface can belong to only one zone at a time.

Which is the preferred method for securing device terminal lines?

AAA authentication

Refer to the exhibit. An ACL was configured on R1 with the intention of denying traffic from subnet 172.16.4.0/24 into subnet 172.16.3.0/24. All other traffic into subnet 172.16.3.0/24 should be permitted. This standard ACL was then applied outbound on interface G0/0/0. Which conclusion can be drawn from this configuration?​

All traffic will be blocked, not just traffic from the 172.16.4.0/24 subnet

Which solution provides comprehensive network and data protection for organizations before, during, and after a malware attack?

Cisco AMP

Cisco AnyConnect

Cisco AnyConnect

Which Cisco solution is used by Cisco Web Security Appliance to detect and correlate threats in real time?

Cisco Talos

An administrator defined a local user account with a secret password on router R1 for use with SSH. Which three additional steps are required to configure R1 to accept only encrypted SSH connections? (Choose three.)

Configure the IP domain name on the router./ Configure a host name other than "Router"./Generate crypto keys.

Which statement describes Cisco IOS Zone-Based Policy Firewall operation?

The pass action works in only one direction.


Conjuntos de estudio relacionados

Peds Practice: Ch 45 (Integumentary), Peds Practice: CH 37, 38, & 39

View Set

Chapter 13 Special Phlebotomy Procedures

View Set

Astronomy II: Test II (practice questions, quiz questions, test questions)

View Set

Unit VIII GASTROINTESTINAL SYSTEM

View Set

Infants & Toddlers Ch 7: Supportive Communication w/ Fams and Colleagues

View Set

Chemistry Chapter 7 Ionic Bonding Test Review

View Set

Central Nervous System (Chapter 12)

View Set