Network Authentic & Security Test 1
Which statement describes the characteristics of packet-filtering and stateful firewalls as they relate to the OSI model? Question options: Both stateful and packet-filtering firewalls can filter at the application layer. A stateful firewall can filter application layer information, while a packet-filtering firewall cannot filter beyond the network layer. A packet-filtering firewall typically can filter up to the transport layer, while a stateful firewall can filter up to the session layer. A packet-filtering firewall uses session layer information to track the state of a connection, while a stateful firewall uses application layer information to track the state of a connection.
A packet-filtering firewall uses session layer information to track the state of a connection, while a stateful firewall uses application layer information to track the state of a connection.
Users report to the helpdesk that icons usually seen on the menu bar are randomly appearing on their computer screens. What could be a reason that computers are displaying these random graphics? An access attack has occurred. A virus has infected the computers. A DoS attack has been launched against the network. The computers are subject to a reconnaissance attack. The user purchased an over the counter virus control product
A virus has infected the computers.
If AAA is already enabled, which three CLI steps are required to configure a router with a specific view (Choose three.) Question options: Assign a secret password to the view. Assign commands to the view. Assign users who can use the view. Associate the view with the root view. Create a superview using the parser view view-name command. Create a view using the parser view view-name command.
Assign a secret password to the view. Assign commands to the view. Create a view using the parser view view-name command.
Which task is necessary to encrypt the transfer of data between the ACS server and the AAA-enabled router? Question options: Specify the single-connection keyword. Create a VPN tunnel between the server and the router. Configure the key exactly the same way on the server and the router. Use identical reserved ports on the server and the router. Nothing, ACS servers automatically encrypts data.
Configure the key exactly the same way on the server and the router.
Which statement accurately characterizes the evolution of network security? Question options: Internal threats can cause even greater damage than external threats. Internet architects planned for network security from the beginning. Early Internet users often engaged in activities that would harm other users. Threats have become less sophisticated while the technical knowledge needed by an attacker has grown.
Internal threats can cause even greater damage than external threats.
Which OSPF authentication should be used wherever possible, because MD5 authentication is considered vulnerable to attacks? Question options: SHA The MC5 WEP SSH There is no authentication is OSPF
SHA
Which element of an SNMP implementation can be configured to respond to requests as well as to forward notifications? Question options: MIB SNMP manager SNMP agent OID O-SNMP
SNMP agent
Which Cisco network security tool is a cloud-based service that provides alerts to network professionals about current network attacks? IPS Snort IDS Security Intelligence Operations zone-based policy firewall
Security Intelligence Operations
The inspect action in a Cisco IOS Zone-Based Policy Firewall configures Cisco IOS _____________ packet inspection.
Stateful
What is a characteristic of TACACS+? Question options: TACACS+ is an open IETF standard. TACACS+ is backward compatible with TACACS and XTACACS. TACACS+ provides authorization of router commands on a per-user or per-group basis. TACACS+ uses UDP port 1645 or 1812 for authentication, and UDP port 1646 or 1813 for accounting.
TACACS+ provides authorization of router commands on a per-user or per-group basis.
Which statement identifies an important difference between TACACS+ and RADIUS? Question options: TACACS+ provides extensive accounting capabilities when compared to RADIUS. The RADIUS protocol encrypts the entire packet transmission. The TACACS+ protocol allows for separation of authentication from authorization. RADIUS can cause delays by establishing a new TCP session for each authorization request.
The TACACS+ protocol allows for separation of authentication from authorization.
Which statement is a characteristic of a packet filtering firewall? Question options: They are susceptible to IP spoofing.? They have a high impact on network performance. They filter fragmented packets. They examine each packet in the context of the state of a connection.
They are susceptible to IP spoofing.
Which two are characteristics of DoS attacks? (Choose two.) Question options: They always precede access attacks. They attempt to compromise the availability of a network, host, or application. They are difficult to conduct and are initiated only by very skilled attackers. They are commonly launched with a tool called L0phtCrack. Examples include smurf attacks and ping of death attacks.
They attempt to compromise the availability of a network, host, or application. Examples include smurf attacks and ping of death attacks.
Which statement describes a typical security policy for a DMZ firewall configuration? Question options: Traffic that originates from the outside interface is permitted to traverse the firewall to the inside interface with little or no restrictions. Traffic that originates from the DMZ interface is selectively permitted to the outside interface. Traffic that originates from the inside interface is generally blocked entirely or very selectively permitted to the outside interface. Return traffic from the outside that is associated with traffic originating from the inside is permitted to traverse from the outside interface to the DMZ interface. Return traffic from the inside that is associated with traffic originating from the outside is permitted to traverse from the inside interface to the outside interface.
Traffic that originates from the DMZ interface is selectively permitted to the outside interface.
What is a drawback of the local database method of securing device access that can be solved by using AAA with centralized servers? Question options: There is no ability to provide accountability. It is very susceptible to brute-force attacks because there is no username. The passwords can only be stored in plain text in the running configuration. User accounts must be configured locally on each device, which is an unscalable authentication solution. It is useless in a global economy. AAA provides free road-side assitance
User accounts must be configured locally on each device, which is an unscalable authentication solution.
What is a significant characteristic of virus malware? Question options: A virus is triggered by an event on the host system. Once installed on a host system, a virus will automatically propagate itself to other systems. A virus can execute independently of the host system. Virus malware is only distributed over the Internet. Malware does not really exist
A virus is triggered by an event on the host system.
Which two statements are characteristics of a virus? (Choose two.) Question options: A virus typically requires end-user activation. A virus has an enabling vulnerability, a propagation mechanism, and a payload. A virus replicates itself by independently exploiting vulnerabilities in networks. A virus provides the attacker with sensitive data, such as passwords. A virus can be dormant and then activate at a specific time or date.
A virus typically requires end-user activation. A virus can be dormant and then activate at a specific time or date.
When implementing an inbound Internet traffic ACL, what should be included to prevent the spoofing of internal networks? Question options: ACEs to prevent HTTP traffic ACEs to prevent ICMP traffic ACEs to prevent SNMP traffic ACEs to prevent broadcast address traffic ACEs to prevent traffic from private address spaces
ACEs to prevent traffic from private address spaces
What is the result in the self zone if a router is the source or destination of traffic? Question options: No traffic is permitted. All traffic is permitted. Only traffic that originates in the router is permitted. Only traffic that is destined for the router is permitted. source and destination IP addresses, and port numbers and sequencing information associated with a particular session are used to prevent unwanted traffic
All traffic is permitted.
Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack? Question options: HTTP CDP FTP LLDP LMNOP
CDP
What tool is available through the Cisco IOS CLI to initiate security audits and to make recommended configuration changes with or without administrator input? Question options: Cisco ACS Control Plane Policing Cisco AutoSecure Simple Network Management Protocol Cisco CLI Secure Plus
Cisco AutoSecure
What is the meaning of the principle of minimum trust when used to design network security? Question options: All network and internetwork data communications should be encrypted. Accounts should be disabled after a specific number of unsuccessful logins. Devices in networks should not access and use one another unnecessarily and unconditionally. Encrypted and one-time passwords should be used at all times. Network access should be controlled by multifactor authentication.
Devices in networks should not access and use one another unnecessarily and unconditionally.
What is the first required task when configuring server-based AAA authentication? Question options: Configure the type of AAA authentication. Enable AAA globally. Specify the type of server providing the authentication. Configure the IP address of the server. aaa accounting network start-stop group radius aaa accounting network start-stop group tacacs+
Enable AAA globally.
Antivirus software can prevent viruses from entering the network. Question options: True False
False
Which two options provide secure remote access to a router? (Choose two.) Question options: CHAP HTTP HTTPS SSH Telnet
HTTPS SSH
When configuring a method list for AAA authentication, what is the effect of the keyword local? Question options: It accepts a locally configured username, regardless of case. It defaults to the vty line password for authentication. The login succeeds, even if all methods return an error. It uses the enable password for authentication.
It accepts a locally configured username, regardless of case.
What is the purpose of the none keyword in an AAA authentication configuration? Question options: It completely disables AAA authentication on the device. It prevents users from logging in to the device remotely. It only allows users with privilege level 15 to log in to the device. It allows users to log into the device without credentials if all other authentication methods fail. It allows nothing to happen.
It allows users to log into the device without credentials if all other authentication methods fail.
What is the biggest issue with local implementation of AAA? Question options: Local implementation cannot provide secure authentication. Local implementation supports only RADIUS servers. Local implementation supports only TACACS+ servers. Local implementation does not scale well.
Local implementation does not scale well.
Consider the access list command applied outbound on a router serial interface. access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo reply What is the effect of applying this access list command? Question options: The only traffic denied is ICMP-based traffic. All other traffic is allowed. The only traffic denied is echo-replies sourced from the 192.168.10.0/24 network. All other traffic is allowed. Users on the 192.168.10.0/24 network are not allowed to transmit traffic to any other destination. No traffic will be allowed outbound on the serial interface.
No traffic will be allowed outbound on the serial interface.
Which two statements describe access attacks? (Choose two.) Question options: Port redirection attacks use a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN. Password attacks can be implemented using brute-force attack methods, Trojan Horses, or packet sniffers. Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or exploit systems to execute malicious code. Port scanning attacks scan a range of TCP or UDP port numbers on a host to detect listening services. Trust exploitation attacks can use a laptop acting as a rogue access point to capture and copy all network traffic in a public location on a wireless hotspot.
Password attacks can be implemented using brute-force attack methods, Trojan Horses, or packet sniffers. Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or exploit systems to execute malicious code.
Which statement describes a difference between RADIUS and TACACS+? Question options: RADIUS uses TCP whereas TACACS+ uses UDP. RADIUS is supported by the Cisco Secure ACS software whereas TACACS+ is not. RADIUS encrypts only the password whereas TACACS+ encrypts all communication. RADIUS separates authentication and authorization whereas TACACS+ combines them as one process.
RADIUS encrypts only the password whereas TACACS+ encrypts all communication.
Which of the following can be used to falsify routing information, cause DoS attacks, or cause traffic to be redirected? Question options: Spooing Routing Protocol (SRP) Routing Protocol Flooding Spoofing Protocol Routing (SPR) Routing Protocol Spoofing Routing Protocol Detour
Routing Protocol Spoofing
What is the result if an administrator configures the aaa authorization command prior to creating a user with full access rights? Question options: The administrator is immediately locked out of the system. The administrator is denied all access except to aaa authorization commands. The administrator is allowed full access using the enable secret password. The administrator is allowed full access until a router reboot, which is required to apply changes.
The administrator is immediately locked out of the system.
Which three options describe the phases of worm mitigation? (Choose three.) Question options: The containment phase requires the use of incoming and outgoing ACLs on routers and firewalls. The containment phase tracks down and identifies the infected machines within the contained areas. The inoculation phase disconnects, blocks, or removes infected machines. The inoculation phase patches uninfected systems with the appropriate vendor patch for the vulnerability. The quarantine phase terminates the worm process, removes modified files or system settings, and patches the vulnerability the worm used to exploit the system. The treatment phase disinfects actively infected systems.
The containment phase requires the use of incoming and outgoing ACLs on routers and firewalls. The inoculation phase disconnects, blocks, or removes infected machines. The treatment phase disinfects actively infected systems.
After accounting is enabled on an IOS device, how is a default accounting method list applied? Question options: Accounting method lists are applied only to the VTY interfaces. A named accounting method list must be explicitly defined and applied to desired interfaces. Accounting method lists are not applied to any interfaces until an interface is added to the server group. The default accounting method list is automatically applied to all interfaces, except those with named accounting method lists.
The default accounting method list is automatically applied to all interfaces, except those with named accounting method lists.
Which two types of addresses should be denied inbound on a router interface that attaches to the Internet? (Choose two.) Question options: private IP addresses public IP addresses NAT translated IP addresses any IP address that starts with the number 127 any IP address that starts with the number 1 1600 Pennsylvania Avenue
any IP address that starts with the number 127 private IP addresses
Which technology provides the framework to enable scalable access security? Question options: role-based CLI access Simple Network Management Protocol AutoSecure Cisco Configuration Professional communities authentication, authorization, and accounting
authentication, authorization, and accounting
How does a DoS attack take advantage of the stateful condition of target systems? by executing code that corrupts or deletes system files by continuously sending packets of unexpected size or unexpected data by using a dictionary of passwords to attempt to access the system by intercepting and analyzing or manipulating data as it is sent across the network by using IP spoofing attacks through mobile devices by using a reverse packet sniffer attack
by continuously sending packets of unexpected size or unexpected data
Which security measure is typically found both inside and outside a data center facility? Question options: a gate exit sensors security traps biometrics access continuous video surveillance
continuous video surveillance
The Cisco Network Foundation Protection framework has three functional areas. The ________ plane of a router is responsible for routing packets correctly.
data
Which packet type is user-generated and forwarded by a router? Question options: data plane packet control plane packet management plane packet routing protocol update packet HTTPS packet
data plane packet
Which two tasks are associated with router hardening? (Choose two.) Question options: installing the maximum amount of memory possible placing the router in a secure room using uninterruptible power supplies disabling unused ports and interfaces securing administrative access Installing the Cisco Steel Router protocol
disabling unused ports and interfaces securing administrative access
The _____________ action in a Cisco IOS Zone-Based Policy Firewall is similar to a deny statement in an ACL.
drop
Which ICMP message type should be stopped inbound? Question options: echo echo-reply unreachable source quench
echo
Where is the firewall policy applied when using Classic Firewall? Question options: security zones self zone multiple zones interfaces smart device
interfaces
What functional area of the Cisco Network Foundation Protection framework uses protocols such as Telnet and SSH to manage network devices? Question options: data plane management plane control plane forwarding plane secure data plane
management plane
Where would the following ACE be placed? permit icmp any any nd-na Question options: on an IPv6-enabled router interface that connects to another router on an IPv4-enabled router so that the ping of death is thwarted on an IPv6-enabled router interface that connects to the Internet on an IPv4-enabled router that is not accepting any ping requests, but allows echo-replie
on an IPv6-enabled router interface that connects to another router
Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.) Question options: physical security flash security operating system security remote access security router hardening zone isolation
physical security operating system security router hardening
What is one advantage of using a next-generation firewall rather than a stateful firewall? Question options: proactive rather than reactive protection from Internet threats ability to filter unwanted traffic better log information defense against spoofing
proactive rather than reactive protection from Internet threats
How does a Cisco Secure ACS improve performance of the TACACS+ authorization process? Question options: reduces overhead by using UDP for authorization queries reduces delays in the authorization queries by using persistent TCP sessions reduces bandwidth utilization of the authorization queries by allowing cached credentials reduces number of authorization queries by combining the authorization process with authentication
reduces delays in the authorization queries by using persistent TCP sessions
When role-based CLI is used, which view is the only view that has the ability to add or remove commands from existing views? Question options: admin super user root sudo commander Cisco
root
What is considered a valid method of securing the control plane in the Cisco NFP framework? Question options: authorization of actions DHCP snooping dynamic ARP inspection login and password policy routing protocol authentication role-based access control
routing protocol authentication
What is hyperjacking? Question options: taking over a virtual machine hypervisor as part of a data center attack overclocking the mesh network which connects the data center servers adding outdated security software to a virtual machine to gain access to a data center server using processors from multiple computers to increase data processing power
taking over a virtual machine hypervisor as part of a data center attack
What are two reasons for securing the data plane in the Cisco NFP framework? (Choose two.) Question options: to protect against DoS attacks to provide bandwidth control to force technicians to use SSH and HTTPS when managing devices to provide a record of who accessed the device, what occurred, and when it occurred to allow users to control the flow of traffic that is managed by the route processor of their network devices
to protect against DoS attacks to provide bandwidth control
What are two purposes of launching a reconnaissance attack on a network? (Choose two.) Question options: to retrieve and modify data to scan for accessibility to escalate access privileges to gather information about the network and devices to prevent other users from accessing the system propagation mechanism
to scan for accessibility to gather information about the network and devices
What port state is used by 802.1X if a workstation fails authorization? Question options: unauthorized down disabled blocking lock down
unauthorized
Which statement describes phone freaking? Question options: A hacker uses password-cracking programs to gain access to a computer via a dialup account. A hacker gains unauthorized access to networks via wireless access points. A hacker mimics a tone using a whistle to make free long-distance calls on an analog telephone network. A hacker uses a program that automatically scans telephone numbers within a local area, dialing each one in search of computers, bulletin board systems, and fax machines. You must be 21 years or older to answer this question
A hacker mimics a tone using a whistle to make free long-distance calls on an analog telephone network.
What is an effect if AAA authorization on a device is not configured? Question options: Authenticated users are granted full access rights. User access to specific services is determined by the authentication process. Character mode authorization is limited, and packet mode denies all requests. All authorization requests to the TACACS server receive a REJECT response.
Authenticated users are granted full access rights.
What are two characteristics of ACLs? (Choose two.) Question options: Extended ACLs can filter on destination TCP and UDP ports. Standard ACLs can filter on source TCP and UDP ports. Extended ACLs can filter on source and destination IP addresses. Standard ACLs can filter on source and destination IP addresses. Standard ACLs can filter on source and destination TCP and UDP ports.
Extended ACLs can filter on destination TCP and UDP ports. Extended ACLs can filter on source and destination IP addresses.
Which statement describes a stateful firewall? Question options: It can only filter packets based on limited Layer 3 and 4 information. It can filter packets based on information at Layers 3, 4, 5 and 7 of the OSI reference model. It can expand the number of IP addresses available and can hide network addressing design. It can determine if the connection is in the initiation, data transfer, or termination phase.
It can determine if the connection is in the initiation, data transfer, or termination phase.
Why is the username name algorithm-type scrypt secret password command preferred over the username name secret password command? Question options: It uses the MD5 algorithm for encrypting passwords. It uses the standard type 7 algorithm for encrypting passwords. It uses the SCRYPT algorithm for encrypting passwords. It does not require the login local command to enable the local database for authentication. It requires an already encrypted password to be accepted.
It uses the SCRYPT algorithm for encrypting passwords.
Which statement describes a characteristic of authorization in an AAA solution? Question options: It works similarly to privilege levels and role-based CLI. It only applies to packet mode AAA and not character mode AAA. It requires users to perform an additional step after authentication. It accepts usernames and passwords to determine if users are who they say they are.
It works similarly to privilege levels and role-based CLI.
What three configuration steps must be performed to implement SSH access to a router? (Choose three.) Question options: a password on the console line an IP domain name a user account an enable mode password a unique hostname an encrypted password
an IP domain name a user account a unique hostname
Which two network security solutions can be used to mitigate DoS attacks? (Choose two.) Question options: virus scanning data encryption anti-spoofing technologies intrusion protection systems applying user authentication
anti-spoofing technologies intrusion protection systems
What is the primary means for mitigating virus and Trojan horse attacks? Question options: antivirus software encryption antisniffer software blocking ICMP echo and echo-replies Helen of Troy anti-Trojan software package
antivirus software
What IOS privilege levels are available to assign for custom user-level privileges? Question options: levels 1 through 15 levels 0, 1, and 15 levels 2 through 14 levels 0 and 1 five
levels 2 through 14
A network administrator needs to protect a router against brute force login attempts. What is the correct login-block-for command syntax to disable login for 3 minutes if more than 3 failed attempts are made within a 2 minute period? Question options: Login block-for 3 min 3 att 2 min login block-for within 180 attempts 3, 120 login block-for within 120 attempts 3, 180 login block-for 180 attempts 3 within 120 login block-for attempts 180 3 120
login block-for 180 attempts 3 within 120
What is a main purpose of launching an access attack on network systems? Question options: to prevent other users from accessing the system to gather information about the network to scan for accessible networks to retrieve data to give access to legitimate users
to retrieve data
Which type of security threat can be described as software that attaches to another program to execute a specific unwanted function? Question options: virus worm proxy Trojan Horse Denial of Service Trojan Horse
virus
What type of malware has the primary objective of spreading across the network? Question options: worm virus Trojan horse botnet shape shifter
worm