Network Authentic & Security Exam 2
At which layer of the OSI model does Spanning Tree Protocol operate? Layer 1 Layer 2 Layer 3 Layer 4
Layer 2
What is the default configuration of the PVLAN Edge feature on a Cisco switch? All active ports are defined as protected. All ports are defined as protected. No ports are defined as protected. EtherChannel groups are defined as protected ports.
No ports are defined as protected.
Which security solution provides continuous visibility and control before, during, and after an attack to defeat malware across the extended network of an organization? AMP ESA WSA NAC AMP
AMP
What is involved in an IP address spoofing attack? A legitimate network IP address is hijacked by a rogue node. A rogue node replies to an ARP request with its own MAC address indicated for the target IP address. A rogue DHCP server provides false IP configuration parameters to legitimate DHCP clients. Bogus DHCPDISCOVER�messages are sent to consume all the available IP addresses on a DHCP server. Michael Carbonaro makes the system admin think that there is a legitimate IP address on the machine in question.
A legitimate network IP address is hijacked by a rogue node.
Which statement is true about a characteristic of the PVLAN Edge feature on a Cisco switch? All data traffic that passes between protected ports must be forwarded through a Layer 2 device. All data traffic that passes between protected ports must be forwarded through a Layer�3 device. Only broadcast traffic is forwarded between protected ports. Only unicast traffic is forwarded between protected ports.
All data traffic that passes between protected ports must be forwarded through a Layer�3 device.
What is a zero-day attack? It is a computer attack that occurs on the first day of the month. It is an attack that results in no hosts able to connect to a network. It is a computer attack that exploits unreported software vulnerabilities. It is an attack that has no impact on the network because the software vendor has mitigated the vulnerability. It is a computer attack that resets the system clock to EPOCH.
It is a computer attack that exploits unreported software vulnerabilities.
What is an IPS signature? It is the timestamp that is applied to logged security events and alarms. It is the authorization that is required to implement a security policy It is a rule that states: only this packet will be dropped, and an alert will be generated. It is a set of rules used to detect typical intrusive activity. It is a security script that is used to detect unknown threats.
It is a set of rules used to detect typical intrusive activity.
Under which circumstance is it safe to connect to an open wireless network? The connection utilizes the 802.11n standard. The device has been updated with the latest virus protection software. The connection is followed by a VPN connection to a trusted network. The user does not plan on accessing the corporate network when attached to the open wireless network.
The connection is followed by a VPN connection to a trusted network.
Refer to the exhibit. As an administrator is configuring an IPS, the error message that is shown appears. What does this error message indicate? The signature definition file is invalid or outdated. The public crypto key is invalid or entered incorrectly. The flash directory where the IPS signatures should be stored is corrupt or nonexistent. SDEE notification is disabled and must be explicitly enabled.
The public crypto key is invalid or entered incorrectly.
Why are traditional network security perimeters not suitable for the latest consumer-based network endpoint devices? These devices are not managed by the corporate IT department. These devices are more varied in type and are portable. These devices connect to the corporate network through public wireless networks. These devices pose no risk to security as they are not directly connected to the corporate network.
These devices are more varied in type and are portable.
Refer to the exhibit. A network administrator is configuring an IOS IPS. Which statement describes the IPS signatures that are enabled? These signatures detect attacks within a single packet. These signatures detect attacks that target a single host. These signatures detect attacks that are from the same source. These signatures detect attacks with a sequence of operations.
These signatures detect attacks within a single packet.
What is a disadvantage of network-based IPS devices? They use signature-based detection only. They cannot detect attacks that are launched using encrypted packets. They are implemented in expensive dedicated appliances. They cannot take immediate actions when an attack is detected. I don't know what IPS means, I was day dreaming
They cannot detect attacks that are launched using encrypted packets.
Which two measures are recommended to mitigate VLAN hopping attacks? (Choose two.) Use a dedicated native VLAN for all trunk ports. Place all unused ports in a separate guest VLAN. Disable trunk negotiation on all ports connecting to workstations. Enable DTP on all trunk ports. Ensure that the native VLAN is used for management traffic.
Use a dedicated native VLAN for all trunk ports. Disable trunk negotiation on all ports connecting to workstations.
What are two actions that an IPS can perform whenever a signature detects the activity for which it is configured? (Choose two.) allow the activity disable the link reconverge the network restart the infected device drop or prevent the activity
allow the activity drop or prevent the activity
What is the only type of traffic that is forwarded by a PVLAN protected port to other protected ports? control management broadcast user
control
A network administrator was testing an IPS device by releasing multiple packets into the network. The administrator examined the log and noticed that a group of alarms were generated by the IPS that identified normal user traffic. Which term describes this group of alarms? true negative true positive false positive false negative
false positive
A network administrator is configuring the triggering mechanism for the network-based IPS by defining a pattern of web surfing activities. The signature is applied across the corporate campus regardless of the type of web browser used. What type of triggering mechanism is being implemented? deny-based policy-based anomaly-based signature-based honeypot-based
policy-based
When the Cisco NAC appliance evaluates an incoming connection from a remote device against the defined network policies, what feature is being used? authentication and authorization posture assessment quarantining of noncompliant systems remediation of noncompliant systems
posture assessment
What is a recommended best practice when dealing with the native VLAN? Turn off DTP. Use port security. Assign it to an unused VLAN. Assign the same VLAN number as the management VLAN.
Assign it to an unused VLAN.
What is the best way to prevent a VLAN hopping attack? Disable STP on all nontrunk ports. Use ISL encapsulation on all trunk links. Use VLAN 1 as the native VLAN on trunk ports. Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports.
Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports.
What mitigation plan is best for thwarting a DoS attack that is creating a switch buffer overflow? Disable DTP. Disable STP. Enable port security. Place unused ports in an unused VLAN.
Enable port security.
Which three are SAN transport technologies? (Choose three.) Fibre Channel SATA iSCSI IP PBX FCIP IDE
Fibre Channel iSCSI FCIP
Which set of Cisco IOS commands instructs the IPS to compile a signature category named ios_ips into memory and use it to scan traffic? R1(config)# ip ips signature-category R1(config-ips-category)# category ios_ips basic R1(config-ips-category-action)# retired false R1(config)# ip ips signature-category R1(config-ips-category)# category all R1(config-ips-category-action)# retired false R1(config)# ip ips signature-category R1(config-ips-category)# category all R1(config-ips-category-action)# no retired false R1(config)# ip ips signature-category R1(config-ips-category)# category ios_ips basic R1(config-ips-category-action)# no retired false R1(config)# ip ips signature-category R1(config-ips-category)# category ios_ips
R1(config)# ip ips signature-category R1(config-ips-category)# category ios_ips basic R1(config-ips-category-action)# retired false
A network administrator is configuring the action type for a specific IPS signature that identifies an attack that contains a specific series of TCP packets. Once detected, the action to be taken is to terminate the current packet and future packets associated with the TCP flow. Which command should be used? R1(config-sigdef-sig)#�event-action�deny-packet-inline R1(config-sigdef-sig)#�event-action�deny-attacker-inline R1(config-sigdef-sig)#�event-action�reset-tcp-connection R1(config-sigdef-sig)#�event-action�deny-connection-inline
R1(config-sigdef-sig)#�event-action�deny-connection-inline
Which command releases the dynamic resources associated with the Cisco IOS IPS on a Cisco router? event correlation Router# clear ip ips configuration Router# clear ip ips statistics Router# clear ip sdee subscriptions Router# clear ip sdee events
Router# clear ip ips configuration
Which Cisco feature sends copies of frames entering one port to a different port on the same switch in order to perform traffic analysis? CSA HIPS SPAN VLAN VSPLAN v 2.3.8
SPAN
With IP voice systems on data networks, which two types of attacks target VoIP specifically? (Choose two.) CoWPAtty Kismet SPIT virus vishing
SPIT vishing
A network security administrator would like to check the number of packets that have been audited by the IPS. What command should the administrator use? show ip ips signatures show ip ips interfaces show ip ips statistics show ip ips configuration
show ip ips statistics
What would be the primary reason an attacker would launch a MAC address overflow attack? so that the switch stops forwarding traffic so that legitimate hosts cannot obtain a MAC address so that the attacker can see frames that are destined for other hosts so that the attacker can execute arbitrary code on the switch
so that the attacker can see frames that are destined for other hosts
A network administrator configures the alert generation of an IPS device in such a way that when multiple attack packets that match the same signature are detected, a single alert for the first packet is generated and the remaining duplicate alarms are counted, but not sent, for a specific time period. When the specified time period is reached, an alert is sent that indicates the number of alarms that occurred during the time interval. What kind of alert generation pattern is configured? composite alerts atomic alerts advanced alerts summary alerts
summary alerts
Which three switch security commands are required to enable port security on a port so that it will dynamically learn a single MAC address and disable the port if a host with any other MAC address is connected? (Choose three.) switchport mode access switchport mode trunk switchport port-security switchport port-security maximum 2 switchport port-security mac-address sticky switchport port-security mac-address mac-address
switchport mode access switchport port-security switchport port-security mac-address sticky
Which command is used to configure the PVLAN Edge feature? switchport block switchport nonnegotiate switchport protected switchport port-security violation protect switchport protected
switchport protected
What is the goal of the Cisco NAC framework and the Cisco NAC appliance? to ensure that only hosts that are authenticated and have had their security posture examined and approved are permitted onto the network to monitor data from the company to the ISP in order to build a real-time database of current spam threats from both internal and external sources to provide anti-malware scanning at the network perimeter for both authenticated and non-authenticated devices to provide protection against a wide variety of web-based threats, including adware, phishing attacks, Trojan horses, and worms
to ensure that only hosts that are authenticated and have had their security posture examined and approved are permitted onto the network
Which two methods are used to mitigate VLAN attacks? (Choose two.) enabling port security on all trunk ports using a dummy VLAN for the native VLAN implementing BPDU guard on all access ports disabling DTP autonegotiation on all trunk ports using ISL instead of 802.1q encapsulation on all trunk interfaces
using a dummy VLAN for the native VLAN disabling DTP autonegotiation on all trunk ports
