FedVTE Cisco CCNA Security Self-Study Prep
All Cisco ACLs end with which implicit statement?
"B. deny all "
Cisco Port Security action options include all the following EXCEPT:
A.
Symmetric encryption has all the following advantages EXCEPT:
A. Simplified key distribution
PKI is a framework that supports:
A. Symmetric key distribution
A Virtual Private Network provides the same network connectivity for remote users over a public infrastructure as they would have over a private network.
A. True
Modular Policy Framework (MPF), defines a set of rules for applying firewall features and allows granular classification of traffic flows.
A. True
Once a user has authenticated, authorization services:
A. determine which resources the user can access
ACLs have a policy of which of the following?
A. first match
The ACL is processed top-down based on the sequence numbers of the statements
A. lowest to highest
Cisco AAA is:
B. Able to connect to many RADIUS servers, but not always on Cisco UDP ports 1812 and 1813
Granting a user access to a requested service only if the information in the user profile allows it, is an example of what?
B. Authorization
Enabling PortFast on a switchport:
B. Disables Spanning Tree on the switchport
It is a best practice to place general ACL statements higher in the ACL and more specific statements near the end.
B. False
When using Cisco IOS global command to enforce minimum password length, it applies to all new and existing router passwords.
B. False
The Cisco autosecure feature is used to:
B. Lock down routers
Which form of risk analysis uses a mathematical model that assigns a monetary figure?
B. Quantitative
IPSec VPNs are the preferred method for:
B. Site-to-Site VPN connections
A packet-filtering firewall typically can filter up to which layer, while a stateful firewall can filter up to:
B. transport, session
IOS 12.3 and later, passwords can be:
C. 0 to 16 characters in length
A standard ACL:
C. Identifies the source network to be blocked
A stateful firewall:
C. Monitors outbound traffic and permits only reply traffic that properly matches the outbound traffic
Ensuring that several individuals are able to perform a specific function in order to have oversight and eliminate single points of failure, is which of the following Operations Security principles?
C. Rotation of duties
Cisco ACS is a single solution that offers AAA services using:
C. TACACS+ or RADIUS
In comparing RADIUS servers and TACACS+ servers,
C. TACACS+ servers can list authorized router commands per user or per group
All of the following are best practices when configuring router login banner messages EXCEPT:
C. Use the word "welcome"
Which of the following Cisco IOS commands would be utilized to enforce minimum password length?
C. security passwords min-length
Which VPN listed below DOES NOT encrypt traffic:
D.
Signatures attributes have all the following attributes EXCEPT:
D. Exceptions
Enabling SSH on a router requires all of the following except
D. Installing a PuTTY client
Enabling SSH on a router requires all of the following except:
D. Installing a PuTTY client
Which VPN listed below DOES NOT encrypt traffic:
D. MPLS VPNs
The RADIUS protocol hides passwords during transmission but the rest of the packet is sent in plaintext.
TRUE
