CCNA security Chapter 1

What is the role of an IPS? -filtering of nefarious websites -authenticating and validating traffic -connecting global threat information to Cisco network security devices -detecting and blocking attacks in real-time

detecting and blocking of attacks in real time

What are the three core components of the Cisco Secure Data Center solution? (Choose three.) -secure segmentation -servers -visibility -threat defense -infrastructure -mesh network

-secure segmentation -visibility -threat defense

Which condition describes the potential threat created by Instant On in a data center? -when a VM that may have outdated security policies is brought online after a long period of inactivity -when the primary IPS appliance is malfunctioning -when an attacker hijacks a VM hypervisor and then launches attacks against other devices in the data center -when the primary firewall in the data center crashes

-when a VM that may have outdated security policies is brought online after a long period of inactivity

What is the significant characteristic of worm malware? 1)A worm can execute independently of the host system. 2)Once installed on a host system, a worm does not replicate itself. 3)A worm must be triggered by an event on the host system. 4)Worm malware disguises itself as legitimate software.

1)A worm can execute independently of the host system.

What is the first step in the risk management process specified by the ISO/IEC? 1)Conduct a risk assessment. 2)Inventory and classify IT assets. 3)Create a security policy. 4)Create a security governance model.

1)Conduct a risk assessment.

What are the three major components of a worm attack? (Choose three.) 1)a penetration mechanism 2)an enabling vulnerability 3)a propagation mechanism 4)a probing mechanism 5)a payload 6)an infecting vulnerability

1)a penetration mechanism 2)an enabling vulnerability 5)a payload

What functional area of the Cisco Network Foundation Protection framework is responsible for device-generated packets required for network operation, such as ARP message exchanges and routing advertisements? 1)control plane 2)data plane 3)management plane 4)forwarding plane

1)control plane

An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this? 1)man in the middle 2)buffer overflow 3)trust exploitation 4)port redirection

1)man in the middle

Which two statements describe access attacks? (Choose two.) 1)Port redirection attacks use a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN. 2)Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code. 3)To detect listening services, port scanning attacks scan a range of TCP or UDP port numbers on a host. 4)Trust exploitation attacks often involve the use of a laptop to act as a rogue access point to capture and copy all network traffic in a public location, such as a wireless hotspot. 5)Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers.

2)Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code. 5)Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers.

What is a characteristic of a Trojan horse as it relates to network security? 1)Extreme quantities of data are sent to a particular network device interface. 2)Malware is contained in a seemingly legitimate executable program. 3)An electronic dictionary is used to obtain a password to be used to infiltrate a key network device. 4)Too much information is destined for a particular memory block, causing additional memory areas to be affected.

2)Malware is contained in a seemingly legitimate executable program.

What role does the Security Intelligence Operations (SIO) play in the Cisco SecureX architecture? 1)identifying applications 2)identifying and stopping malicious traffic 3)enforcing policy 4)authenticating users

2)identifying and stopping malicious traffic

A disgruntled employee is using Wireshark to discover administrative Telnet usernames and passwords. What type of network attack does this describe? 1)denial of service 2)reconnaissance 3)port redirection 4)trust exploitation

2)reconnaissance

What is an objective of a state-sponsored attack? 1)to gain financial prosperity 2)to right a perceived wrong 3)to gain attention 4)to sell operating system vulnerabilities to other hackers

2)to right a perceived wrong

Which two statements characterize DoS attacks? (Choose two.) 1)They are commonly launched with a tool called L0phtCrack. 2)They are difficult to conduct and are initiated only by very skilled attackers. 3)They attempt to compromise the availability of a network, host, or application. 4)Examples include smurf attacks and ping of death attacks. 5)They always precede access attacks.

3)They attempt to compromise the availability of a network, host, or application. 4)Examples include smurf attacks and ping of death attacks.

What causes a buffer overflow? 1)downloading and installing too many software updates at one time 2)sending repeated connections such as Telnet to a particular device, thus denying other data sources 3)attempting to write more data to a memory location than that location can hold 4)launching a security countermeasure to mitigate a Trojan horse 5)sending too much information to two or more interfaces of the same device, thereby causing dropped packets

3)attempting to write more data to a memory location than that location can hold

Which statement accurately characterizes the evolution of threats to network security? 1)Internet architects planned for network security from the beginning. 2)Early Internet users often engaged in activities that would harm other users. 3)Internal threats can cause even greater damage than external threats. 4)Threats have become less sophisticated while the technical knowledge needed by an attacker has grown.

Internal threats can cause even greater damage than external threats.

What is a ping sweep? -a query and response protocol that identifies information about a domain, including the addresses that are assigned to that domain. -a software application that enables the capture of all network packets that are sent across a LAN. -a scanning technique that examines a range of TCP or UDP port numbers on a host to detect listening services. -a network scanning technique that indicates the live hosts in a range of IP addresses.

a network scanning technique that indicates the live hosts in a range of IP addresses.

What method can be used to mitigate ping sweeps? -using encrypted or hashed authentication protocols -deploying antisniffer software on all network devices -blocking ICMP echo and echo-replies at the network edge -installing antivirus software on hosts

blocking ICMP echo and echo-replies at the network edge

What are the three components of information security ensured by cryptography? (Choose three.) authorization confidentiality integrity threat prevention countermeasures availability

confidentiality integrity availability

What worm mitigation phase involves actively disinfecting infected systems? quarantine inoculation containment treatment

treatment