Network Security modules 20-22 exam
What can be configured as part of a network object?
IP address and mask
How does network scanning help assess operations security?
It can detect open TCP ports on network systems.
A network analyst is testing the security of the systems and networks of a corporation. What tool could be used to audit and recover passwords?
L0phtCrack
Refer to the exhibit. A network administrator is configuring the security level for the ASA. Which statement describes the default result if the administrator tries to assign the Inside interface with the same security level as the DMZ interface?
The ASA will not allow traffic in either direction between the Inside interface and the DMZ.
What are three characteristics of the ASA routed mode? (Choose three.)
The interfaces of the ASA separate Layer 3 networks and require different IP addresses in different subnets. It is the traditional firewall deployment mode. NAT can be implemented between connected networks.
Refer to the exhibit. Based on the security levels of the interfaces on the ASA, what statement correctly describes the flow of traffic allowed on the interfaces?
Traffic that is sent from the DMZ and the LAN to the Internet is considered outbound.
What testing tool is available for network administrators who need a GUI version of Nmap?
Zenmap
Which license provides up to 50 IPsec VPN users on an ASA 5506-X device?
a purchased Security Plus upgrade license
What is the function of a policy map configuration when an ASA firewall is being configured?
binding class maps with actions
What are three characteristics of SIEM? (Choose three.)
can be implemented as software or as a service examines logs and events from systems and applications to detect security threats consolidates duplicate event data to minimize the volume of gathered data
What is the goal of network penetration testing?
determining the feasibility and the potential consequences of a successful attack
Refer to the exhibit. What kind of NAT is configured on the ASA device?
dynamic PAT
A network analyst wants to monitor the activity of all new interns. Which type of security testing would track when the interns sign on and sign off the network?
integrity checker
What interface configuration command is used on an ASA to request an IP address from an upstream DSL device?
ip address pppoe
What is the purpose of configuring an IP address on an ASA device in transparent mode?
management
When configuring interfaces on an ASA, which two pieces of information must be included? (Choose two.)
security level name
Refer to the exhibit. A network administrator is verifying the security configuration of an ASA. Which command produces the exhibited output? [shows a list of interfaces with their IP, and status]
show interface ip brief
What mechanism is used by an ASA device to allow inspected outbound traffic to return to the originating sender who is on an inside network?
stateful packet inspection
What is the purpose of the Tripwire network testing tool?
to assess configuration against established policies, recommended best practices, and compliance standards
In which two instances will traffic be denied as it crosses the ASA 5505 device? (Choose two.)
traffic originating from the DMZ network going to the inside network traffic originating from the outside network going to the inside network
In which two instances will traffic be denied as it crosses the ASA 5506-X device? (Choose two.)
traffic originating from the outside network going to the inside network traffic originating from the DMZ network going to the inside network
