CCNA2 Ch8
Why would a business choose an IPS (Intrusion Prevention System) instead of an IDS (Intrusion Detection System)? (Choose two.)
An IPS identifies and blocks malicious activity. & An IDS cannot stop some malicious traffic from getting through.
What is the term for the public network between the boundary router and the firewall?
DMZ
What is the term used to describe the area of a network which stores servers that areaccessible to any users from the Internet?
DMZ
What are two potential problems with using tape media to back up server data?
Data tapes are prone to failure and must be replaced often. & Tape drives require regular cleaning to maintain reliability.
Which three items are normally included when a log message is generated by a syslog client and forwarded to a syslog server?
Date and time of message & ID of sending device & Message ID
Which benefit does SSH offer over Telnet when remotely managing a router?
Encryption
Before a technician upgrades a server, it is necessary to back up all data. Which type of backup is necessary to ensure that all data is backed up?
Full
The CEO of a company decides that the company's backup process needs to allow for a very quick restoration of lost data. He is willing to accept a lengthier time for the backup process and wants to be able to access all the data available for a backup on any given day. Which type of backup should be implemented.
Full backup, even though it takes longer, because it has more information.
Which term describes the ability of a web server to keep a log of the users who access the service as well as how long they use it?
Accounting
What is the main reason that magnetic tape is used to back up data
Cost
Which three applications/protocols can be used for in-band management?
HTTP & SNMP & Telnet
Which of the following terms is not directly related to SNMP?
IDS
What network layer security protocol can secure any application layer protocol used for communication?
IPSEC
Which three protocols describe methods that can be used to secure user data for transmission across the internet?
IPSEC & SSL & HTTPS
What does the command copy flash tftp accomplish?
It copies the IOS in flash to a TFTP server.
Why is risk assessment critical to disaster recovery planning?
It identifies the likely disasters that could occur and their effect on the business.
Which two statements describe out-of-band network management?
It is used for initial device configuration & It uses a direct console or dial-in connection.
What two are duties of an SNMP management agent?
It reports to the management station by responding to polls. & It sends an alert message to the management station if a threshold is exceeded.
Refer to the exhibit. While the user on router A is connected to router B through telnet, the CTRL-SHIFT-6 x keystroke is entered. What effect does this have?
It suspends the connection to router B. (hops back to original device).
What is the advantage of using WPA to secure a wireless network?
It uses an advanced encryption key that is never transmitted between host and access point.
Which of the following does SNMP use to hold information collected about the network?
Management Information Base (MIB)
Where is the safest place to store backups?
Offsite secure facility
Which of the following are methods of wireless authentication? (Choose three.)
Open & PSK & EAP
List two protocols that typically are used for in-band network management.
Telnet & HTTP
The IT manager performs a full backup on Monday and a differential backups on Tuesday Wednesday, and Thursday. On Friday morning , the server crashes, and the data must be restored. In which sequence should the backup tapes be restored?
The full backup tape from Monday, and then the differential tap brom Thursday
Authentication
Username and password
Which wireless security protocol provides the strongest data encryption?
WPA2
What type of standard server is frequently used to record informational and error messages, sent by various networking devices, for analysis by a network technician?
syslog server
A server log includes this entry: User student accessed host server ABC using Telnet yesterday for 10 minutes. What type of log entry is this?
Accounting
Which AAA service provides detailed reporting and monitoring of network user behavior, and also keeps a record of every access connection and device configuration change across the network?
Accounting
What AAA component assigns varying levels of rights to users of network resources?
Authorization
What is the principle of least privilege?
Give each user access to only those resources needed to do his or her job.
Authorization
Permissions to a specific network resource
A network administrator configures a server to allow access to the web service but deny access to all other services. What type of security measure is this?
Port filtering
Which two characteristics of network traffic are being monitored if a network technician configures the company firewall to operate as a packet filter?
Ports & Protocols
A network administrator is assigning network permissions to new groups of users and employing the principle of least privilege. Which two actions should the administrator take?
Provide users with only the access to resources required to do their jobs. & Provide the minimum level of permissions required for users to do their jobs.
When the IOS image file is missing or corrupted, and the router will not boot to the IOS, what tools can be used to clear the flash memory and load a new IOS image?
ROMmon & tftpdnld
What two measures help to verify that server backups have been reliably completed?
Reviewing backup logs & Performing trial backups/restore
Which of the following protocols provide for encrypted data transfer? (Choose three.)
SSL & HTTPS & IPsec
Which firewall filtering technology keeps track of the actual communication process occurring between the source and destination devices and stores it in a table?
Stateful filtering
A company wants to configure a firewall to monitor all channels of communication and allow only traffic that is part of a known connection. Which firewall configuration should be deployed?
Stateful packet inspection (intelligent inspection to drop or block)
What type of server can help a network administrator backup, recover, and update Cisco configuration and IOS images files?
TFTP server
A hacker has gained access, and the only security measure is MAC Address Filtering. How is it likely that the hacker gained access to the network?
The hacker obtained the MAC address of a permitted host, and cloned it on his wireless laptop NIC. (MAC spoofing)
While downloading an IOS image from a TFTP server, an administrator sees long strings of exclamation marks (!) output to the console. What does this mean?
The transfer is working.
Which means of communication does an SNMP network agent use to provide a network management station with important but unsolicited information?
Trap
When is the use of out-of-band network management necessary?
When the management interface of a device is not reachable across the network.
Accounting
Who used what network resource