Network Security (Version1.0) - Final Exam
Zone Policy Configuration Steps
1 - create zones 2 - define traffic classes 3 - create policies 4 - apply policies 5 - assign zone to interfaces
What is a characteristic of a role-based CLI view of router configuration?
A single CLI view can be shared within multiple superviews.
When describing malware, what is a difference between a virus and a worm?
A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently.
What will be the result of failed login attempts if the following command is entered into a router?
All login attempts will be blocked for 150 seconds if there are 4 failed attempts within 90 seconds.
Which two protocols generate connection information within a state table and are supported for stateful filtering? (Choose two.)
DHCP TCP
What network testing tool is used for password auditing and recovery?
L0phtcrack
What function is provided by the RADIUS protocol?
RADIUS provides separate ports for authorization and accounting.
What are two disadvantages of using an IDS? (Choose two.)
The IDS does not stop malicious traffic. The IDS requires other devices to respond to attacks.
Which two statements describe the characteristics of symmetric algorithms? (Choose two.)
They are commonly used with VPN traffic. They are referred to as a pre-shared key or secret key.
Refer to the exhibit. Which two conclusions can be drawn from the syslog message that was generated by the router? (Choose two.)
This message indicates that service timestamps have been configured. This message is a level 5 notification message.
What are three characteristics of ASA transparent mode? (Choose three.)
This mode does not support VPNs, QoS, or DHCP Relay. This mode is referred to as a "bump in the wire." In this mode the ASA is invisible to an attacker.
A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?
confidentiality
The use of 3DES within the IPsec framework is an example of which of the five IPsec building blocks?
confidentiality
What command is used on a switch to set the port access entity type so the interface acts only as an authenticator and will not respond to any messages meant for a supplicant?
dot1x pae authenticator
Which rule action will cause Snort IPS to block and log a packet?
drop
Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table?
ipv6 traffic-filter ENG_ACL in
Which action do IPsec peers take during the IKE Phase 2 exchange?
negotiation of IPsec policy
What are two examples of DoS attacks? (Choose two.)
ping of death buffer overflow
What security countermeasure is effective for preventing CAM table overflow attacks?
port security
Which two tasks are associated with router hardening? (Choose two.)
securing administrative access disabling unused ports and interfaces
What are the three signature levels provided by Snort IPS on the 4000 Series ISR? (Choose three.)
security connectivity balanced
Which zone-based policy firewall zone is system-defined and applies to traffic destined for the router or originating from the router?
self zone
A company is concerned with leaked and stolen corporate data on hard copies. Which data loss mitigation technique could help with this situation?
shredding
pattern-based detection
simplest triggering mechanism which searches for a specific and pre-defined atomic or composite pattern
EtherType Access List
used only if the security appliance is running in transparent mode
Standard Access List
used to identify the destination ip addresses only
WebType Access List
used to support filtering for clientless SSL VPN
What are three characteristics of the RADIUS protocol? (Choose three.)
uses UDP ports for authentication and accounting supports 802.1X and SIP is an open RFC standard AAA protocol
RSPAN
uses VLANs to monitor traffic on remote switches
honey pot-based detection
uses a decoy server to divert attacks away from production devices
A company implements a security policy that ensures that a file sent from the headquarters office to the branch office can only be opened with a predetermined code. This code is changed every day. Which two algorithms can be used to achieve this task? (Choose two.)
3DES AES
What is a limitation to using OOB management on a large enterprise network?
All devices appear to be attached to a single management network
Refer to the exhibit. Port security has been configured on the Fa 0/12 interface of switch S1. What action will occur when PC1 is attached to switch S1 with the applied configuration?
Frames from PC1 will cause the interface to shut down immediately, and a log entry will be made.
What is typically used to create a security trap in the data center facility?
IDs, biometrics, and two access doors
Which network monitoring technology uses VLANs to monitor traffic on remote switches?
RSPAN
An administrator discovers that a user is accessing a newly established website that may be detrimental to company security. What action should the administrator take first in terms of the security policy?
Revise the AUP immediately and get all users to sign the updated AUP.
How does a firewall handle traffic when it is originating from the private network and traveling to the DMZ network?
The traffic is usually permitted with little or no restrictions.
Which command raises the privilege level of the ping command to 7?
privilege exec level 7 ping
Extended Access List
used to identify source and destination addresses and protocols, ports or ICMP type
Which attack is defined as an attempt to exploit software vulnerabilities that are unknown or undisclosed by the vendor?
zero-day
What is needed to allow specific traffic that is sourced on the outside network of an ASA firewall to reach an internal network?
ACL
Refer to the exhibit. What algorithm will be used for providing confidentiality?
AES
What provides both secure segmentation and threat defense in a Secure Data Center solution?
Adaptive Security Appliance
What is the main difference between the implementation of IDS and IPS devices?
An IDS would allow malicious traffic to pass before it is addressed, whereas an IPS stops it immediately.
Which three types of traffic are allowed when the authentication port-control auto command has been issued and the client has not yet been authenticated? (Choose three.
CDP STP EAPOL
If AAA is already enabled, which three CLI steps are required to configure a router with a specific view? (Choose three.)
Create a view using the parser view view-name command. Assign a secret password to the view. Assign commands to the view.
Which measure can a security analyst take to perform effective security monitoring against network traffic encrypted by SSL technology?
Deploy a Cisco SSL Appliance.
What is the best way to prevent a VLAN hopping attack?
Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports.
After issuing a show run command, an analyst notices the following command; what is the purpose?
It establishes the set of encryption and hashing algorithms used to secure the data sent through an IPsec tunnel.
Which statement describes a characteristic of the IKE protocol?
It uses UDP port 500 to exchange IKE information between the security gateways.
How does a Caesar cipher work on a message?
Letters of the message are replaced by another letter that is a set number of places away in the alphabet.
Refer to the exhibit. The ip verify source command is applied on untrusted interfaces. Which type of attack is mitigated by using this configuration?
MAC and IP address spoofing
Which algorithm can ensure data integrity?
MD5
Consider the access list command applied outbound on a router serial interface.
No traffic will be allowed outbound on the serial interface.
What are two methods to maintain certificate revocation status? (Choose two.)
OCSP CRL
What technology has a function of using trusted third-party protocols to issue credentials that are accepted as an authoritative identity?
PKI certificates
Refer to the exhibit. A corporate network is using NTP to synchronize the time across devices. What can be determined from the displayed output?
Router03 is a stratum 2 device that can provide NTP service to other devices in the network.
What are two hashing algorithms used with IPsec AH to guarantee authenticity? (Choose two.)
SHA MD5
What network security testing tool has the ability to provide details on the source of suspicious network activity?
SIEM
Refer to the exhibit. A network administrator configures a named ACL on the router. Why is there no output displayed when the show command is issued?
The ACL name is case sensitive.
What are two benefits of using a ZPF rather than a Classic Firewall? (Choose two.)
The ZPF is not dependent on ACLs. ZPF policies are easy to read and troubleshoot
Refer to the exhibit. According to the command output, which three statements are true about the DHCP options entered on the ASA? (Choose three.)
The dhcpd address [ start-of-pool ]-[ end-of-pool ] inside command was issued to enable the DHCP server. The dhcpd enable inside command was issued to enable the DHCP server. The dhcpd auto-config outside command was issued to enable the DHCP client.
Which statement describes a difference between the Cisco ASA IOS CLI feature and the router IOS CLI feature?
To use a show command in a general configuration mode, ASA can use the command directly whereas a router will need to enter the do command before issuing the show command.
What is a characteristic of a DMZ zone?
Traffic originating from the outside network going to the DMZ network is selectively permitted.
How does a firewall handle traffic when it is originating from the public network and traveling to the DMZ network?
Traffic that is originating from the public network is inspected and selectively permitted when traveling to the DMZ network.
What network testing tool would an administrator use to assess and validate system configurations against security policies and compliance standards?
Tripwire
How do modern cryptographers defend against brute-force attacks?
Use a keyspace large enough that it takes too much money and too much time to conduct a successful attack.
What are two drawbacks to using HIPS? (Choose two.)
With HIPS, the network administrator must verify support for all the different operating systems used in the network. HIPS has difficulty constructing an accurate network picture or coordinating events that occur across the entire network.
Which protocol is an IETF standard that defines the PKI digital certificate format?
X.509
Which method is used to identify interesting traffic needed to create an IKE phase 1 tunnel?
a permit access list entry
What are three attributes of IPS signatures? (Choose three.)
action trigger type
What two features are added in SNMPv3 to address the weaknesses of previous versions of SNMP? (Choose two.)
authentication encryption
A company has a file server that shares a folder named Public. The network security policy specifies that the Public folder is assigned Read-Only rights to anyone who can log into the server while the Edit rights are assigned only to the network admin group. Which component is addressed in the AAA network service framework?
authorization
In an AAA-enabled network, a user issues the configure terminal command from the privileged executive mode of operation. What AAA function is at work if this command is rejected?
authorization
IPS
can perform a packet drop to stop the trigger packets
Upon completion of a network security course, a student decides to pursue a career in cryptanalysis. What job would the student be doing as a cryptanalyst?
cracking code without access to the shared secret key
What are two security measures used to protect endpoints in the borderless network? (Choose two.)
denylisting DLP
Which two types of hackers are typically classified as grey hat hackers? (Choose two.)
hacktivists vulnerability brokers
What type of network security test can detect and report changes made to network systems?
integrity checking
Which two options can limit the information discovered from port scanning? (Choose two.)
intrusion prevention system firewall
anomaly-based detection
involves first defining a profile of what is considered normal network or host activity
A network administrator is configuring DAI on a switch. Which command should be used on the uplink interface that connects to a router?
ip arp inspection trust
What is the next step in the establishment of an IPsec VPN after IKE Phase 1 is complete?
negotiation of the IPsec SA policy
TAP
passive traffic splitting device implemented inline between a device of interest and the network
IDS
passively monitors network traffic
Which two features are included by both TACACS+ and RADIUS protocols? (Choose two.)
password encryption utilization of transport layer protocols
Which type of firewall makes use of a server to connect to destination devices on behalf of clients?
proxy firewall
Refer to the exhibit. What will be displayed in the output of the show running-config object command after the exhibited configuration commands are entered on an ASA 5506-X?
range 192.168.1.10 192.168.1.20
Which type of packet is unable to be filtered by an outbound ACL?
router-generated packet
What is the main factor that ensures the security of encryption of modern algorithms?
secrecy of the keys
What are the three core components of the Cisco Secure Data Center solution? (Choose three.)
secure segmentation visibility threat defense
What would be the primary reason an attacker would launch a MAC address overflow attack?
so that the attacker can see frames that are destined for other hosts
Which threat protection capability is provided by Cisco ESA?
spam protection
ACLs are used primarily to filter traffic. What are two additional uses of ACLs? (Choose two.):
specifying internal hosts for NAT identifying traffic for QoS
Which type of firewall is supported by most routers and is the easiest to implement?
stateless firewall
A network technician has been asked to design a virtual private network between two branch routers. Which type of cryptographic key should be used in this scenario?
symmetric key
A client connects to a Web server. Which component of this HTTP connection is not examined by a stateful firewall?
the actual contents of the HTTP connection
Refer to the exhibit. A network administrator is configuring AAA implementation on an ASA device. What does the option link3 indicate?
the interface name
When the CLI is used to configure an ISR for a site-to-site VPN connection, which two items must be specified to enable a crypto map policy? (Choose two.)
the peer a valid access list
What function is provided by Snort as part of the Security Onion?
to generate network intrusion alerts by the use of rules and signatures
