Network Security Final (Version 1.0)

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What is a characteristic of a role-based CLI view of router configuration

A single CLI view can be shared within multiple superviews

When escribing malware, what is a difference between a virus and a worm

A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently

What is a limitation to using OOB management on a large enterprise network

All devices appear to be attached to a single management network

What characteristics of the Snort term-based subscriptions is true for both the community and the subscriber rule sets?

Both offer threat protection against security threats

What network testing tool is used for password auditing and recovery

L0phtacrack

A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?

confidentiality

The use of 3DES within the IPsec framework is an example of which of the five IPsec building blocks?

confidentiality

Which two tasks are associated with router hardening? (Choose two) placing the router in a secure room Disabling unused ports and interfaces Installing the maximum amount of memory possible Securing administrative access using uninterruptible power supplies

disabling unused ports and interfaces Securing administrative access

Used to specify source and destination addresses and protocols, ports, or the ICMP type

extended access list

. Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table?

ipv6 traffic-filter ENG_ACL in

What are the three signature levels provided by Snort IPS on the 4000 Series ISR (Choose three) Security Drop Reject Connectivity Inspect Balanced

security Connectivity balanced

How does a firewall handle traffic when it is originating from the public network and traveling to the DMZ network?

traffic that is originated from the public network is inspected and selectively permitted wen traveling to the DMA network

What are three characteristics of the RADIUS protocol? (Choose three.) utilizes TCP port 49 uses UDP ports for authentication and accounting supports 802.1X and SIP separates the authentication and authorization processes encrypts the entire body of the packet is an open RFC standard AAA protocol

uses UDP ports for authentication and accounting supports 802.1X and SIP is an open RFC standard AAA protocol

What is the function of the pass action on a Cisco IOS Zone-Based Policy Firewall

forwarding traffic from one zone to another

What will be the result of failed login attempts if the following command is entered into a router: login block-for 150 attempts 4 within 90

All login attempts will be blocked for 150 seconds if there are 4 failed attempts within 90 seconds

If AAA is already enabled, which three CLI steps are required to configure a router with a specific view? (Choose three.) Create a superview using the parser view view-name command. Associate the view with the root view. Assign users who can use the view. Create a view using the parser view view-name command. Assign a secret password to the view. Assign commands to the view.

Create a view using the parser view view-name command. Assign a secret password to the view. Assign commands to the view.

How does a firewall handle traffic when it is originating from the private network and traveling to the DMZ network?

The traffic is usually permitted with little or no restrictions

Which network monitoring technology uses VLANs to monitor traffic on remote switche

RSPAN

What function is provided by the RADIUS protocol?

Radius provides separate ports for authorization and accounting

An administrator discovers that a user is accessing a newly established website that may be detrimental to company security. What action should the administrator take first in terms of the security policy?

Revie the AUP immediately and get all users to sign the updated AUP

What are two disadvantages of using IDS (Choose two) The IDS does not stop malicious traffic. The IDS works offline using copies of network traffic. The IDS has no impact on traffic. The IDS analyzes actual forwarded packets. The IDS requires other devices to respond to attacks.

The IDS does not stop malicious traffic The IDS requires other devices to respond to attacks

which zone-based policy firewall zone is system-defined and applies to traffic destined for the router or originated from the router?

self zone

RSPAN

uses CLANS to monitor traffic on remote switches

What is the main difference between the implementation of IDS and IPS devices?

A IDS would allow malicious traffic to pass before it is addressed whereas an IPS stops it immediately

A company implements a security policy that ensures that a file sent from the headquarters office to the branch office can only be opened with a predetermined code. This code is changed every day. Which two algorithms can be used to achieve this task? (Choose two.) HMAC MD5 3DES SHA-1 AES

3DES AES

Which measure can a security analyst take to perform effective security monitoring against network traffic encrypted by SSL technology

Deploy a Cisco SSL Appliance

An administrator is trying to develop a BYOD security policy for employees that are bringing a wide range of devices to connect to the company network. Which three objectives must the BYOD security policy address? (Choose three.) All devices must be insured against liability if used to compromise the corporate network. All devices must have open authentication with the corporate network. Rights and activities permitted on the corporate network must be defined. Safeguards must be put in place for any personal device being compromised. The level of access of employees when connecting to the corporate network must be defined. All devices should be allowed to attach to the corporate network flawlessly.

Rights and activities permitted on the corporate network must be defined Safeguards must be put in place for any personal device being compromised the level of access of employees when connecting to the corporate network must be defined

What are three characteristics of ASA transparent mode? (Choose three): This mode does not support VPNs, QoS, or DHCP Relay It is the traditional firewall deployment mode This mode is referred to as a "bump in the wire" Nat can be implemented between connected networks In this mode the ASA is invisible to an attacker The interfaces of the ASA separate Layer 3 networks and require IP addresses in different subnets

This mode does not support VPNs, QoS, or DHCP Relay. This mode is referred to as a "bump in the wire." In this mode the ASA is invisible to an attacker.

A user complains about being locked out of a device after too many unsuccessful AAA login attempts. What could be used by the network administrator to provide a secure authentication access method without locking a user out of a device?

Use the login delay command for authentication attempts

What are three attributes of IPS signatures? (Choose three.) action length trigger type depth function

action trigger type

What command is used on a switch to set the port access entity type so the interface acts only as an authenticator and will not respond to any messages meant for a supplicant?

dot1x pae authenticator

Which three functions are provided by the syslog logging service? (Choose three.) gathering logging information authenticating and encrypting data sent over the network retaining captured messages on the router when a router is rebooted specifying where captured information is stored distinguishing between information to be captured and information to be ignored setting the size of the logging buffer

gathering logging information specifying where captured information is stored distinguishing between information to be captured and information to be ignored

Which two options are security best practices that help mitigate BYOD risks? (Choose two.)

keep the device OS and software updated only turn on Wi-Fi when using the wireless network

What security countermeasure is effective for preventing CAM table overflow attacks?

port security

Which command raises the privilege level of the ping command to 7

privilege exec level ping

A company is concerned with leaked and stolen corporate data on hard copies. Which data loss mitigation technique could help with this situation?

shredding

What are two reasons to enable OSPF routing protocol authentication on a network(choose two) to prevent data traffic from being redirected and then discarded to ensure faster network convergence to provide data security through encryption to prevent redirection of data traffic to an insecure link to ensure more efficient routing

to prevent data traffic from being redirected and then discarded to prevent redirection of data traffic to an insecure link

what is typically used to create a security trap in the data center facility?S

IDs, biometrics, and two access doors

What is needed to allow specific traffic that is sourced on the outside network of an ASA firewall to reach an internal network ACL NAT Dynamic routing protocols Outside security zone level 0

ACL

What provides both secure segmentation and threat defense in a secure Data Center solution

Adaptive Security Appliance

Which three types of traffic are allowed when the authentication port-control auto command has been issued and the client has not yet been authenticated (Choose three) CDP 802.1Q IPsec TACACS+ STP EAPOL

CDP STP EAPOL

In the implementation of security on multiple devices, how do ASA ACLs differ from Cisco IOS ACLs?

Cisco IOS ACLs are configured with a wildcard mask and Cisco ASA ACLs are configured with a subnet mask

A security analyst is configuring Snort IPS. The analyst has just downloaded and installed the Snort OVA file. What is the next step?

Configure Virtual Port Group interfaces

A recently created ACL is not working as expected. The admin determined that the ACL had been applied inbound on the interface and that was the incorrect direction. How should the admin fix this issue?

Delete the original ACL and create a new ACL, applying it outbound on the interface.

What is the best way to prevent a VLAN hopping attack?

Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports

Used only if the security appliance is running in transparent mode

EtherType access list

Which statement describes an important characteristic of a site-to-site VPN?

It must statically set up

Which statement describes a characteristic of the IKE protocol

It uses UDP port 500 to exchange IKE information between the security gateways

How does a Caesar cipher work on a message?

Letters of the message are replaced y another letter that is a set number of places away in the alphabet

Which algorithm can ensure data integrity

MD5

Which action do IPsec peers take during theIKE Phase 2 exchange

Negotiation of IPsec policy

What is the next step in the establishment of an IPsec VPN after IKE phase 1 is complete

Negotiation of the IPsec SA policy

What network testing tool can be used to identify network layer protocols running on a host?

Nmap

What are two methods to maintain certificate revocation status? (Choose two.) subordinate CA OCSP DNS LDAP CRL

OCSP CRL

What technology has a function of using trusted third-party protocols to issue credentials that are accepted as an authoritative identity?

PKI certificates

IDS

Passively monitors network traffic

What are two hashing algorithms used with IPsec AH to guarantee authenticity (choose two) SHA RSA DH MD5 AES

SHA MD5

What network security testing tool has the ability to provide details on the source of suspicious network activity

SIEM

A technician is to document the current configurations of all network devices in a college, including those in off-site buildings. Which protocol would be best to use to securely access the network devices?

SSH

What are the three core components of the Cisco Secure Data Center solution (Choose three): mesh network secure segmentation visibility threat defense servers infrastructure

Secure segmentation Visibility Threat defense

What are two benefits of using a ZPF rather than a Classic Firewall? (choose two) ZPF allows interfaces to be placed into zones for IP inspection. The ZPF is not dependent on ACLs. Multiple inspection actions are used with ZPF. ZPF policies are easy to read and troubleshoot. With ZPF, the router will allow packets unless they are explicitly blocked

The ZPF is not dependent on ACLs. ZPF policies are easy to read and troubleshoot.

Which statement describes a difference between the Cisco ASA IOS CLI feature and the router IOS CLI feature?

To use a show command in general configuration mode, ASA can use the command directly whereas a router will need to enter the do command before issuing the show command

What is a characteristic of a DMZ zone

Traffic originating from the outside network going to the DMZ network is selectively permitted.

What network testing tool would an administrator use to assess and validate system configurations against security policies and compliance standard

Tripwire

how do modern cryptographers defend against brute-force attacks?

Use a keyspace large enough that it takes too much money and too much time to conduct a successful attacks

Used to support filtering for clientless SSL VPN

Webtype access list

What are two drawbacks to using HIPS? (Choose two.) With HIPS, the success or failure of an attack cannot be readily determined. With HIPS, the network administrator must verify support for all the different operating systems used in the network. HIPS has difficulty constructing an accurate network picture or coordinating events that occur across the entire network. If the network traffic stream is encrypted, HIPS is unable to access unencrypted forms of the traffic. HIPS installations are vulnerable to fragmentation attacks or variable TTL attacks.

With HIPS, the network administrator must verify support for all the different operating systems used in the network. HIPS has difficulty constructing an accurate network picture or coordinating events that occur across the entire network.

Which protocol is an IETF standard that defines the PKI digital certificate format?

X.509

Which attack is defined as an attempt to exploit software vulnerabilities that are unknown or undisclosed by the vendor?

Zero day

TAP

a passive traffic splitting device implemented inline between a device of interest and the network

which method is used to identify interesting traffic needed to create an IKE phase 1 tunnel

a permit access list entry

What are two drawbacks in assigning user privilege levels on a Cisco router? (Choose two.) Only a root user can add or remove commands. Privilege levels must be set to permit access control to specific device interfaces, ports, or slots. Assigning a command with multiple keywords allows access to all commands using those keywords. Commands from a lower level are always executable at a higher level. AAA must be enabled.

assigning a command with multiple keywords allow access to all commands using those keywords. Commands from a lower level are always executable at a higher level

What two features are added in SNMPv3 to address the weaknesses of previous versions of SNMP? (Choose two.) authentication authorization with community string priority bulk MIB objects retrieval ACL management filtering encryption

authentication encryption

Which three series are provided through digital signatures? (Choose three) accounting authenticity compression nonrepudiation integrity encryption

authenticity nonrepudiation integrity

A company has a file server that shares a folder named Public. The network security policy specifies that the Public folder is assigned Read-Only rights to anyone who can log into the server while the Edit rights are assigned only to the network admin group. Which component is addressed in the AAA network service framework?

authoriation

In an AAA-enabled network, a user issues the configure terminal command from the privileged executive mode of operation. What AAA function is at work if this command is rejected

authorization

Upon completion of a network security course, a student decides to pursue a career in cryptanalysis. What job would the student be doing as a cryptanalyst?

cracking code without access to the shared secret key

What are two security measures used to protect endpoints in the borderless network? (Choose two.) denylisting Snort IPS DLP DMZ Rootkit

denylisting DLP

Which rule action will cause Snort IPS to block and log a packet

drop

Which two types of hackers are typically classified as grey hat hackers(choose two) hacktivist cyber criminals Vulnerability brokers script kiddies state-sponsored hackers

hacktivists vulnerability brokers

What type of network security test can detect and repot change made to network systems

integrity checking

Which two options can limit the information discovered from port scanning? (Choose two.) intrusion prevention system firewall authentication passwords encryption

intrusion prevention system Firewall

. A network administrator is configuring DAI on a switch. Which command should be used on the uplink interface that connects to a router?

ip arp inspection trust

What two ICMPv6 message types must be permitted through IPv6 access control lists to allow resolution of Layer 3 addresses to Layer 2 MAC addresses? (Choose two.) neighbor solicitations echo requests neighbor advertisements echo replies router solicitations router advertisements

neighbor solicitations neighbor advertisements

What ports can receive forwarded traffic from an isolated port that is part of a PVLAN

only promiscuous ports

Which two features are included by both TACACS+ and RADIUS protocols (Choose two) SIP support Password encryption 802.1X support separate authentication and authorization processes utilization of transport layer protocols

password encryption utilization of transport layer protocols

What are two examples of DoS attack? (Choose two) port scanning SQL injection ping of death phishing buffer overflow

ping of death buffer overflow

Which type of firewall makes use of a server to connect to destination devices on behalf of clients

proxy firewall

Which type of packet is unable to be filtered by an outbound ACL?

router-generated packet

What is the main factor that ensures the security of encryption of modern algorithms?

secrecy of the keys

What would be the primary reason an attacker would launch a MAC address overflow attack?

so that the attacker can see frames that are destined for other hosts

Which threat protection capability is provided by Cisco ESA web filtering cloud access security span protection Layer 4 traffic monitoring

spam protection

ACLs are used primarily to filter traffic. What are two additional uses of ACLs? (Choose two.): specifying internal hosts for NAT identifying traffic for QoS specifying source addresses for authentication reorganizing traffic into VLANs filtering VTP packets

specifying internal hosts for NAT identifying traffic for QoS

Used to identify the destination IP addresses only

standard access list

Which type of firewall is supported by omst routers and is the easiest to implement

stateless firewall

A network technician has been asked to design a virtual private network between two branch routers. Which type of cryptographic key should be used in this scenario?

symmetric key

A client connect to a WEB server. Which component of this HTTP connection is not examined by a stateful firewall

the actual contents of the HTTP connection

When the CLI is used to configure an ISR for a site-to-site VPN connection, which two items must be specified to enable a crypto map policy? (Choose two.) the hash the peer encryption the ISAKMP policy a valid access list IP addresses on all active interfaces the IKE Phase 1 policy

the peer A valid access list

what function is provided by Snort as part of the Security Onion

to generate network intrusion alerts by the use of rules and signatures


Kaugnay na mga set ng pag-aaral

Lesson 9: Futures and Derivatives

View Set

COPY OF FOUND- HESI PREP QUESTIONS

View Set

Biology Ch. 42 Transport Cardiovas (MB)

View Set

Organizational Behavior Chapter 4, 5 and 6

View Set

French: Le Retour de Martin Guerre Vocabulary

View Set

Ionic / Covalent Bonding Vocabulary

View Set