NWS

Which Cisco platform supports Cisco Snort IPS? 4000 series ISR 3900 series ISR 800 series ISR 2900 series ISR

4000 series ISR

Which two statements correctly describe certificate classes used in the PKI? (Choose two.) A class 0 certificate is for testing purposes. A class 4 certificate is for online business transactions between companies. A class 0 certificate is more trusted than a class 1 certificate. The lower the class number, the more trusted the certificate. A class 5 certificate is for users with a focus on verification of email.

A class 0 certificate is for testing purposes. A class 4 certificate is for online business transactions between companies.

Which statement describes the characteristics of packet-filtering and stateful firewalls as they relate to the OSI model? Both stateful and packet-filtering firewalls can filter at the application layer. A stateful firewall can filter application layer information, whereas a packet-filtering firewall cannot filter beyond the network layer. A packet-filtering firewall typically can filter up to the transport layer, whereas a stateful firewall can filter up to the session layer. A packet-filtering firewall uses session layer information to track the state of a connection, whereas a stateful firewall uses application layer information to track the state of a connection

A packet-filtering firewall typically can filter up to the transport layer, whereas a stateful firewall can filter up to the session layer.

What is an example of a local exploit? Port scanning is used to determine if the Telnet service is running on a remote server. A buffer overflow attack is launched against an online shopping website and causes the server crash. A threat actor tries to gain the user password of a remote host by using a keyboard capture software installed on it by a Trojan. A threat actor performs a brute force attack on an enterprise edge router to gain illegal access.

A threat actor tries to gain the user password of a remote host by using a keyboard capture software installed on it by a Trojan.

Which two statements are characteristics of a virus? (Choose two.) A virus can be dormant and then activate at a specific time or date. A virus has an enabling vulnerability, a propagation mechanism, and a payload. A virus replicates itself by independently exploiting vulnerabilities in networks. A virus typically requires end-user activation. A virus provides the attacker with sensitive data, such as passwords.

A virus typically requires end-user activation. A virus can be dormant and then activate at a specific time or date.

In the implementation of network security, how does the deployment of a Cisco ASA firewall differ from a Cisco IOS router? ASA devices use ACLs that are always numbered. ASA devices support interface security levels. ASA devices do not support an implicit deny within ACLs. ASA devices use ACLs configured with a wildcard mask.

ASA devices support interface security levels.

Which special hardware module, when integrated into ASA, provides advanced IPS features? Advanced Inspection and Prevention (AIP) Content Security and Control (CSC) Advanced Inspection and Prevention Security Services Module (AIP-SSM) Advanced Inspection and Prevention Security Services Card (AIP-SSC)

Advanced Inspection and Prevention (AIP)

Why is it important to protect endpoints? A breached endpoint gives a threat actor access to system configuration that can modify security policy. Endpoints are the starting point for VLAN attacks. After an endpoint is breached, an attacker can gain access to other devices. Endpoints are susceptible to STP manipulation attacks that can disrupt the rest of the LAN.

After an endpoint is breached, an attacker can gain access to other devices.

A company is concerned about data theft if any of the corporate laptops are stolen. Which Windows tool would the company use to protect the data on the laptops? 802.1X AMP RADIUS BitLocker

BitLocker

What are two shared characteristics of the IDS and the IPS? (Choose two.) Both use signatures to detect malicious traffic. Both analyze copies of network traffic. Both rely on an additional network device to respond to malicious traffic. Both are deployed as sensors. Both have minimal impact on network performance.​

Both use signatures to detect malicious traffic. Both are deployed as sensors.

Which two statements describe access attacks? (Choose two.) Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code. Trust exploitation attacks often involve the use of a laptop to act as a rogue access point to capture and copy all network traffic in a public location, such as a wireless hotspot. Port redirection attacks use a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN. To detect listening services, port scanning attacks scan a range of TCP or UDP port numbers on a host. Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers.

Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code. Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers.

A security intern is reviewing the corporate network topology diagrams before participating in a security review. Which network topology would commonly have a large number of wired desktop computers? cloud SOHO CAN data center

CAN

Which device supports the use of SPAN to enable monitoring of malicious activity? Cisco NAC Cisco IronPort Cisco Security Agent Cisco Catalyst switch

Cisco Catalyst switch

Which intrusion prevention service was available on first-generation ISR routers and is no longer supported by Cisco? External Snort IPS Server Cisco IOS IPS Cisco Firepower Next-Generation Cisco Snort IPS

Cisco IOS IPS

Which two statements describe remote access VPNs? (Choose two.) Client software is usually required to be able to access the network. Remote access VPNs are used to connect entire networks, such as a branch office to headquarters. End users are not aware that VPNs exists. A leased line is required to implement remote access VPNs. Remote access VPNs support the needs of telecommuters and mobile users.

Client software is usually required to be able to access the network. Remote access VPNs support the needs of telecommuters and mobile users.

In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services? DoS address spoofing session hijacking MITM

DoS

A company requires the use of 802.1X security. What type of traffic can be sent if the authentication port-control auto command is configured, but the client has not yet been authenticated? SNMP EAPOL any data encrypted with 3DES or AES broadcasts such as ARP

EAPOL

What are three techniques for mitigating VLAN hopping attacks? (Choose three.) Enable trunking manually. Disable DTP. Enable Source Guard. Set the native VLAN to an unused VLAN. Enable BPDU guard. Use private VLANs.

Enable trunking manually. Disable DTP. Set the native VLAN to an unused VLAN.

Which cipher played a significant role in World War II? Caesar RC4 Enigma One-time pad

Enigma

When a Cisco IOS Zone-Based Policy Firewall is being configured via CLI, which step must be taken after zones have been created? Assign interfaces to zones. Establish policies between zones. Identify subsets within zones. Design the physical infrastructure.

Establish policies between zones.

Which network monitoring technology passively monitors network traffic to detect attacks? TAP RSPAN IPS IDS

IDS

Which statement accurately characterizes the evolution of threats to network security? Threats have become less sophisticated while the technical knowledge needed by an attacker has grown. Early Internet users often engaged in activities that would harm other users. Internet architects planned for network security from the beginning. Internal threats can cause even greater damage than external threats.

Internal threats can cause even greater damage than external threats.

What is a feature of an IPS? It has no impact on latency. It can stop malicious packets. It is primarily focused on identifying possible incidents. It is deployed in offline mode.

It can stop malicious packets.

What is a characteristic of an IPS operating in inline-mode? It can stop malicious traffic from reaching the intended target. It requires the assistance of another network device to respond to an attack. It can only send alerts and does not drop any packets. It does not affect the flow of packets in forwarded traffic.

It can stop malicious traffic from reaching the intended target.

What is a host-based intrusion detection system (HIDS)? It combines the functionalities of antimalware applications with firewall protection. It is an agentless system that scans files on a host for potential malware. It detects and stops potential direct attacks but does not scan for malware. It identifies potential attacks and sends alerts but does not stop the traffic.

It combines the functionalities of antimalware applications with firewall protection.

How does the service password-encryption command enhance password security on Cisco routers and switches? It requires encrypted passwords to be used when connecting remotely to a router or switch with Telnet. It encrypts passwords that are stored in router or switch configuration files. It requires that a user type encrypted passwords to gain console access to a router or switch. It encrypts passwords as they are sent across the network.

It encrypts passwords that are stored in router or switch configuration files.

A switch has the following command issued as part of an 802.1X deployment. address ipv4 10.1.1.50 auth-port 1812 acct-port 1813 What is the purpose of this command? It identifies the address of the RADIUS server and the ports used for EAPOL messages. It identifies the address of the RADIUS server and ports on the server used for RADIUS traffic. It identifies the address of the default gateway and the ports used for traffic destined for remote networks. It identifies the address of the switch to which the client connects and the ports used for the EAPOL messages.

It identifies the address of the RADIUS server and ports on the server used for RADIUS traffic.

What is a zero-day attack? It is an attack that has no impact on the network because the software vendor has mitigated the vulnerability. It is an attack that results in no hosts able to connect to a network. It is a computer attack that occurs on the first day of the month. It is a computer attack that exploits unreported software vulnerabilities.

It is a computer attack that exploits unreported software vulnerabilities.

What is an IPS signature? It is the authorization that is required to implement a security policy. It is the timestamp that is applied to logged security events and alarms. It is a set of rules used to detect typical intrusive activity. It is a security script that is used to detect unknown threats.

It is a set of rules used to detect typical intrusive activity.

What is a characteristic of the Snort subscriber rule set term-based subscription? It is available for a fee. It does not provide access to Cisco support. It provides 30-day delayed access to updated signatures. It focuses on reactive responses to security threats.

It is available for a fee.

Which statement describes the term attack surface? It is the group of hosts that experiences the same attack. It is the network interface where attacks originate. It is the total sum of vulnerabilities in a system that is accessible to an attacker. It is the total number of attacks toward an organization within a day.

It is the total sum of vulnerabilities in a system that is accessible to an attacker.

Which technology is used to secure, monitor, and manage mobile devices? MDM VPN ASA firewall rootkit

MDM

Refer to the exhibit. A network administrator is configuring the security level for the ASA. What is a best practice for assigning the security level on the three interfaces? Outside 40, Inside 100, DMZ 0 Outside 0, Inside 35, DMZ 90 Outside 0, Inside 100, DMZ 50 Outside 100, Inside 10, DMZ 40

Outside 0, Inside 100, DMZ 50

What is an advantage in using a packet filtering firewall versus a high-end firewall appliance? Packet filters perform almost all the tasks of a high-end firewall at a fraction of the cost. Packet filters represent a complete firewall solution. Packet filters are not susceptible to IP spoofing. Packet filters provide an initial degree of security at the data-link and network layer.

Packet filters perform almost all the tasks of a high-end firewall at a fraction of the cost.

Which IPS signature trigger category uses the simplest triggering mechanism and searches for a specific and pre-defined atomic or composite pattern? Anomaly-Based Detection Pattern-Based Detection Policy-Based Detection Honey Pot-Based Detection

Pattern-Based Detection

What are two benefits offered by a zone-based policy firewall on a Cisco router? (Choose two.) Policies are applied to unidirectional traffic between zones. Any interface can be configured with both a ZPF and an IOS Classic Firewall. Policies are defined exclusively with ACLs. Policies provide scalability because they are easy to read and troubleshoot. Virtual and physical interfaces are put in different zones to enhance security.

Policies are applied to unidirectional traffic between zones. Policies provide scalability because they are easy to read and troubleshoot.

What protocol is used to encapsulate the EAP data between the authenticator and authentication server performing 802.1X authentication? RADIUS TACACS+ SSH MD5

RADIUS

Which device is used as the authentication server in an 802.1X implementation? access point wireless router RADIUS server Ethernet switch

RADIUS server

What are two hashing algorithms used with IPsec AH to guarantee authenticity? (Choose two.) AES DH RSA SHA MD5

SHA MD5

What network monitoring tool can be used to copy packets moving through one port, and send those copies to another port for analysis? NAC syslog SNMP SPAN

SPAN

What protocol is used by SCP for secure transport? Telnet SSH HTTPS IPSec TFTP

SSH

What is the IPS detection engine that is included in the SEC license for 4000 Series ISRs? Security Onion ASDM Snort AMP

Snort

Which open source network monitoring technology performs real-time traffic analysis and generates alerts when threats are detected on IP networks? SPAN RSPAN Snort IPS IOS IPS

Snort IPS

What is a difference between symmetric and asymmetric encryption algorithms? Symmetric algorithms are typically hundreds to thousands of times slower than asymmetric algorithms. Symmetric encryption algorithms are used to authenticate secure communications. Asymmetric encryption algorithms are used to repudiate messages. Symmetric encryption algorithms are used to encrypt data. Asymmetric encryption algorithms are used to decrypt data. Symmetric encryption algorithms use pre-shared keys. Asymmetric encryption algorithms use different keys to encrypt and decrypt data.

Symmetric encryption algorithms use pre-shared keys. Asymmetric encryption algorithms use different keys to encrypt and decrypt data.

Which statement correctly describes the configuration of a Snort VPG interface? The VPG1 interface must use a routable static IP address. The VPG1 interface must receive an address from DHCP. The VPG0 interface must have a routable address with access to the internet. The VPG1 interface must be configured with a public IP address.

The VPG0 interface must have a routable address with access to the internet.

In what way are zombies used in security attacks? They probe a group of machines for open ports to learn which services are running. They are infected machines that carry out a DDoS attack. They target specific individuals to gain corporate or personal information. They are maliciously formed code segments used to replace legitimate applications.

They are infected machines that carry out a DDoS attack.

Why are DES keys considered weak keys? DES weak keys use very long key sizes. DES weak keys are difficult to manage. They are more resource intensive. They produce identical subkeys.

They produce identical subkeys.

Which network monitoring capability is provided by using SPAN? Traffic exiting and entering a switch is copied to a network monitoring device. Statistics on packets flowing through Cisco routers and multilayer switches can be captured. Real-time reporting and long-term analysis of security events are enabled. Network analysts are able to access network device log files and to monitor network behavior.

Traffic exiting and entering a switch is copied to a network monitoring device.

Which security technology is commonly used by a teleworker when accessing resources on the main corporate office network? SecureX VPN IPS biometric access

VPN

Which Cisco appliance can be used to filter network traffic contents to report and deny traffic based on the web server reputation? ASA ESA AVC WSA

WSA

What is the purpose of configuring multiple crypto ACLs when building a VPN connection between remote sites? By applying the ACL on a public interface, multiple crypto ACLs can be built to prevent public users from connecting to the VPN-enabled router. Multiple crypto ACLs can define multiple remote peers for connecting with a VPN-enabled router across the Internet or network. Multiple crypto ACLs can be configured to deny specific network traffic from crossing a VPN. When multiple combinations of IPsec protection are being chosen, multiple crypto ACLs can define different traffic types.

When multiple combinations of IPsec protection are being chosen, multiple crypto ACLs can define different traffic types.

During a recent pandemic, employees from ABC company were allowed to work from home. What security technology should be implemented to ensure that data communications between the employees and the ABC Head Office network remain confidential? a hash message authentication code such as HMAC a hash-generating algorithm such as SHA a symmetric or asymmetric encryption algorithm such as AES or PKI a hashing algorithm such as MD5

a symmetric or asymmetric encryption algorithm such as AES or PKI

Which command is used to enable AAA as part of the 802.1X configuration process on a Cisco device? aaa authentication dot1x dot1x pae authenticator aaa new-model dot1x system-auth-control

aaa new-model

A server log includes this entry: User student accessed host server ABC using Telnet yesterday for 10 minutes. What type of log entry is this? accessing authentication authorization accounting

accounting

Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs? an implicit permit of neighbor discovery packets the use of named ACL statements an implicit deny any any statement the use of wildcard masks

an implicit permit of neighbor discovery packets

The switch port to which a client attaches is configured for the 802.1X protocol. The client must authenticate before being allowed to pass data onto the network. Between which two 802.1X roles is EAP data encapsulated using RADIUS? (Choose two.) data nonrepudiation server authenticator encrypter authentication server supplicant

authenticator authentication server

A port has been configured for the 802.1X protocol and the client has successfully authenticated. Which 802.1X state is associated with this PC? up enabled forwarding authorized

authorized

Which resource is affected due to weak security settings for a device owned by the company, but housed in another location? removable media cloud storage device social networking hard copy

cloud storage device

Which security measure is typically found both inside and outside a data center facility? biometrics access exit sensors continuous video surveillance a gate security traps

continuous video surveillance

When considering network security, what is the most valuable asset of an organization? personnel data financial resources customers

data

Which type of network commonly makes use of redundant air conditioning and a security trap? CAN WAN data center cloud

data center

Websites are rated based on the latest website reputation intelligence. Which endpoint security measure prevents endpoints from connecting to websites that have a bad rating? spam filtering denylisting DLP antimalware software host-based IPS

denylisting

What technology allows users to verify the identity of a website and to trust code that is downloaded from the Internet? encryption hash algorithm digital signature asymmetric key algorithm

digital signature

When a Cisco IOS Zone-Based Policy Firewall is being configured, which two actions can be applied to a traffic class? (Choose two.) hold log forward copy drop inspect

drop inspect

Which benefit does SSH offer over Telnet for remotely managing a router? connections via multiple VTY lines encryption TCP usage authorization

encryption

Which type of alert is generated when an IPS incorrectly identifies normal network user traffic as attack traffic? false negative true positive false positive true negative

false positive

What are two security features commonly found in a WAN design? (Choose two.) outside perimeter security including continuous video surveillance port security on all user-facing ports WPA2 for data encryption of all data between sites firewalls protecting the main and remote sites VPNs used by mobile workers between sites

firewalls protecting the main and remote sites VPNs used by mobile workers between sites

One method used by Cryptanalysts to crack codes is based on the fact that some letters of the English language are used more often than others. Which term is used to describe this method? frequency analysis known-plaintext meet-in-the-middle cybertext

frequency analysis

Which host-based security measure is used to restrict incoming and outgoing connections? rootkit host-based firewall antivirus/antimalware software host-based IPS

host-based firewall

A network administrator is explaining to a junior colleague the use of the lt and gt keywords when filtering packets using an extended ACL. Where would the lt or gt keywords be used? in an IPv6 named ACL that permits FTP traffic from one particular LAN getting to another LAN in an IPv6 extended ACL that stops packets going to one specific destination VLAN in an IPv4 named standard ACL that has specific UDP protocols that are allowed to be used on a specific server in an IPv4 extended ACL that allows packets from a range of TCP ports destined for a specific network device

in an IPv4 extended ACL that allows packets from a range of TCP ports destined for a specific network device

What are two main capabilities of a NAC system? (Choose two.) route filtering incident response security posture check DMZ protection administrative role assignment

incident response security posture check

Which two characteristics describe a worm? (Choose two.) executes when software is run on a computer is self-replicating infects computers by attaching to software code travels to new computers without any intervention or knowledge of the user hides in a dormant state until needed by an attacker

is self-replicating travels to new computers without any intervention or knowledge of the user

What is a characteristic of an IPS atomic signature? it requires several pieces of data to match an attack it is the simplest type of signature it is a stateful signature it can be slow and inefficient to analyze traffic

it is the simplest type of signature

Which two means can be used to try to bypass the management of mobile devices? (Choose two.) packet sniffing using a fuzzer using a Trojan Horse jailbreaking rooting

jailbreaking rooting

Which network technology uses a passive splitting device that forwards all traffic, including Layer 1 errors, to an analysis device? network tap IDS NetFlow SNMP

network tap

What command must be issued on a Cisco router that will serve as an authoritative NTP server? ntp server 172.16.0.1 ntp master 1 clock set 11:00:00 DEC 20 2010 ntp broadcast client

ntp master 1

What three tasks can a network administrator accomplish with the Nmap and Zenmap security testing tools? (Choose three.) open UDP and TCP port detection operating system fingerprinting password recovery security event analysis and reporting assessment of Layer 3 protocol support on hosts development of IDS signatures

open UDP and TCP port detection operating system fingerprinting assessment of Layer 3 protocol support on hosts

What are three actions that can be performed by Snort in IDS mode? (Choose three.) drop reject pass alert log sdrop

pass alert log

What type of network security test uses simulated attacks to determine the feasibility of an attack as well as the possible consequences if the attack occurs? penetration testing network scanning vulnerability scanning integrity checking

penetration testing

What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source? backdoor vishing Trojan phishing

phishing

Which evasion method describes the situation that after gaining access to the administrator password on a compromised host, a threat actor is attempting to login to another host using the same credentials? protocol-level misinterpretation pivoting resource exhaustion traffic substitution

pivoting

Which two security features can cause a switch port to become error-disabled? (Choose two.) root guard protected ports port security with the shutdown violation mode PortFast with BPDU guard enabled storm control with the trap option

port security with the shutdown violation mode PortFast with BPDU guard enabled

Which security service is provided by 802.1x? malware analysis and protection across the full attack continuum protection against emerging threats for Cisco products malware analysis of files port-based network access control

port-based network access control

Which risk management plan involves discontinuing an activity that creates a risk? risk reduction risk sharing risk retention risk avoidance

risk avoidance

What is a benefit of having users or remote employees use a VPN to connect to the existing network rather than growing the network infrastructure? security compatibility cost savings scalability

scalability

What name is given to an amateur hacker? script kiddie red hat blue team black hat

script kiddie

What term describes a set of rules used by an IDS or IPS to detect typical intrusion activity? event file signature trigger definition

signature

A network administrator is configuring an AAA server to manage RADIUS authentication. Which two features are included in RADIUS authentication? (Choose two.) hidden passwords during transmission single process for authentication and authorization separate processes for authentication and authorization encryption for all communication encryption for only the data

single process for authentication and authorization hidden passwords during transmission

A user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent? spam DDoS anonymous keylogging social engineering

social engineering

Which type of firewall is commonly part of a router firewall and allows or blocks traffic based on Layer 3 and Layer 4 information? proxy firewall stateless firewall application gateway firewall stateful firewall

stateless firewall

Which three types of views are available when configuring the role-based CLI access feature? (Choose three.) config view CLI view root view superuser view superview admin view

superview root view CLI view

What is hyperjacking? adding outdated security software to a virtual machine to gain access to a data center server overclocking the mesh network which connects the data center servers using processors from multiple computers to increase data processing power taking over a virtual machine hypervisor as part of a data center attack

taking over a virtual machine hypervisor as part of a data center attack

What is indicated by the use of the local-case keyword in a local AAA authentication configuration command sequence? that passwords and usernames are case-sensitive that a default local database AAA authentication is applied to all lines that AAA is enabled globally on the router that user access is limited to vty terminal lines

that passwords and usernames are case-sensitive

When using 802.1X authentication, what device controls physical access to the network, based on the authentication status of the client? the router that is serving as the default gateway the authentication server the switch that the client is connected to the supplicant

the switch that the client is connected to

What is the purpose of using the ip ospf message-digest-key key md5 password command and the area area-id authentication message-digest command on a router?​ to enable OSPF MD5 authentication on a per-interface basis​ to facilitate the establishment of neighbor adjacencies to configure OSPF MD5 authentication globally on the router​ to encrypt OSPF routing updates​

to configure OSPF MD5 authentication globally on the router​

Why would a rootkit be used by a hacker? to try to guess a password to do reconnaissance to reverse engineer binary files to gain access to a device without being detected

to gain access to a device without being detected

A company is deploying a new network design in which the border router has three interfaces. Interface Serial0/0/0 connects to the ISP, GigabitEthernet0/0 connects to the DMZ, and GigabitEthernet/01 connects to the internal private network. Which type of traffic would receive the least amount of inspection (have the most freedom of travel)? traffic that is returning from the public network after originating from the private network traffic that is going from the private network to the DMZ traffic that originates from the public network and that is destined for the DMZ traffic that is returning from the DMZ after originating from the private network

traffic that is going from the private network to the DMZ

Which classification indicates that an alert is verified as an actual security incident? false positive true negative true positive false negative

true positive

When would the authentication port-control command be used during an 802.1X implementation? when the authentication server is located at another location and cannot be reached when the authentication server is located in the cloud when an organization needs to control the port authorization state on a switch when a client has sent an EAPOL-logoff message

when an organization needs to control the port authorization state on a switch

What is the standard for a public key infrastructure to manage digital certificates? PKI x.509 x.503 NIST-SP800

x.509