NWS
Which Cisco platform supports Cisco Snort IPS? 4000 series ISR 3900 series ISR 800 series ISR 2900 series ISR
4000 series ISR
Which two statements correctly describe certificate classes used in the PKI? (Choose two.) A class 0 certificate is for testing purposes. A class 4 certificate is for online business transactions between companies. A class 0 certificate is more trusted than a class 1 certificate. The lower the class number, the more trusted the certificate. A class 5 certificate is for users with a focus on verification of email.
A class 0 certificate is for testing purposes. A class 4 certificate is for online business transactions between companies.
Which statement describes the characteristics of packet-filtering and stateful firewalls as they relate to the OSI model? Both stateful and packet-filtering firewalls can filter at the application layer. A stateful firewall can filter application layer information, whereas a packet-filtering firewall cannot filter beyond the network layer. A packet-filtering firewall typically can filter up to the transport layer, whereas a stateful firewall can filter up to the session layer. A packet-filtering firewall uses session layer information to track the state of a connection, whereas a stateful firewall uses application layer information to track the state of a connection
A packet-filtering firewall typically can filter up to the transport layer, whereas a stateful firewall can filter up to the session layer.
What is an example of a local exploit? Port scanning is used to determine if the Telnet service is running on a remote server. A buffer overflow attack is launched against an online shopping website and causes the server crash. A threat actor tries to gain the user password of a remote host by using a keyboard capture software installed on it by a Trojan. A threat actor performs a brute force attack on an enterprise edge router to gain illegal access.
A threat actor tries to gain the user password of a remote host by using a keyboard capture software installed on it by a Trojan.
Which two statements are characteristics of a virus? (Choose two.) A virus can be dormant and then activate at a specific time or date. A virus has an enabling vulnerability, a propagation mechanism, and a payload. A virus replicates itself by independently exploiting vulnerabilities in networks. A virus typically requires end-user activation. A virus provides the attacker with sensitive data, such as passwords.
A virus typically requires end-user activation. A virus can be dormant and then activate at a specific time or date.
In the implementation of network security, how does the deployment of a Cisco ASA firewall differ from a Cisco IOS router? ASA devices use ACLs that are always numbered. ASA devices support interface security levels. ASA devices do not support an implicit deny within ACLs. ASA devices use ACLs configured with a wildcard mask.
ASA devices support interface security levels.
Which special hardware module, when integrated into ASA, provides advanced IPS features? Advanced Inspection and Prevention (AIP) Content Security and Control (CSC) Advanced Inspection and Prevention Security Services Module (AIP-SSM) Advanced Inspection and Prevention Security Services Card (AIP-SSC)
Advanced Inspection and Prevention (AIP)
Why is it important to protect endpoints? A breached endpoint gives a threat actor access to system configuration that can modify security policy. Endpoints are the starting point for VLAN attacks. After an endpoint is breached, an attacker can gain access to other devices. Endpoints are susceptible to STP manipulation attacks that can disrupt the rest of the LAN.
After an endpoint is breached, an attacker can gain access to other devices.
A company is concerned about data theft if any of the corporate laptops are stolen. Which Windows tool would the company use to protect the data on the laptops? 802.1X AMP RADIUS BitLocker
BitLocker
What are two shared characteristics of the IDS and the IPS? (Choose two.) Both use signatures to detect malicious traffic. Both analyze copies of network traffic. Both rely on an additional network device to respond to malicious traffic. Both are deployed as sensors. Both have minimal impact on network performance.
Both use signatures to detect malicious traffic. Both are deployed as sensors.
Which two statements describe access attacks? (Choose two.) Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code. Trust exploitation attacks often involve the use of a laptop to act as a rogue access point to capture and copy all network traffic in a public location, such as a wireless hotspot. Port redirection attacks use a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN. To detect listening services, port scanning attacks scan a range of TCP or UDP port numbers on a host. Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers.
Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code. Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers.
A security intern is reviewing the corporate network topology diagrams before participating in a security review. Which network topology would commonly have a large number of wired desktop computers? cloud SOHO CAN data center
CAN
Which device supports the use of SPAN to enable monitoring of malicious activity? Cisco NAC Cisco IronPort Cisco Security Agent Cisco Catalyst switch
Cisco Catalyst switch
Which intrusion prevention service was available on first-generation ISR routers and is no longer supported by Cisco? External Snort IPS Server Cisco IOS IPS Cisco Firepower Next-Generation Cisco Snort IPS
Cisco IOS IPS
Which two statements describe remote access VPNs? (Choose two.) Client software is usually required to be able to access the network. Remote access VPNs are used to connect entire networks, such as a branch office to headquarters. End users are not aware that VPNs exists. A leased line is required to implement remote access VPNs. Remote access VPNs support the needs of telecommuters and mobile users.
Client software is usually required to be able to access the network. Remote access VPNs support the needs of telecommuters and mobile users.
In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services? DoS address spoofing session hijacking MITM
DoS
A company requires the use of 802.1X security. What type of traffic can be sent if the authentication port-control auto command is configured, but the client has not yet been authenticated? SNMP EAPOL any data encrypted with 3DES or AES broadcasts such as ARP
EAPOL
What are three techniques for mitigating VLAN hopping attacks? (Choose three.) Enable trunking manually. Disable DTP. Enable Source Guard. Set the native VLAN to an unused VLAN. Enable BPDU guard. Use private VLANs.
Enable trunking manually. Disable DTP. Set the native VLAN to an unused VLAN.
Which cipher played a significant role in World War II? Caesar RC4 Enigma One-time pad
Enigma
When a Cisco IOS Zone-Based Policy Firewall is being configured via CLI, which step must be taken after zones have been created? Assign interfaces to zones. Establish policies between zones. Identify subsets within zones. Design the physical infrastructure.
Establish policies between zones.
Which network monitoring technology passively monitors network traffic to detect attacks? TAP RSPAN IPS IDS
IDS
Which statement accurately characterizes the evolution of threats to network security? Threats have become less sophisticated while the technical knowledge needed by an attacker has grown. Early Internet users often engaged in activities that would harm other users. Internet architects planned for network security from the beginning. Internal threats can cause even greater damage than external threats.
Internal threats can cause even greater damage than external threats.
What is a feature of an IPS? It has no impact on latency. It can stop malicious packets. It is primarily focused on identifying possible incidents. It is deployed in offline mode.
It can stop malicious packets.
What is a characteristic of an IPS operating in inline-mode? It can stop malicious traffic from reaching the intended target. It requires the assistance of another network device to respond to an attack. It can only send alerts and does not drop any packets. It does not affect the flow of packets in forwarded traffic.
It can stop malicious traffic from reaching the intended target.
What is a host-based intrusion detection system (HIDS)? It combines the functionalities of antimalware applications with firewall protection. It is an agentless system that scans files on a host for potential malware. It detects and stops potential direct attacks but does not scan for malware. It identifies potential attacks and sends alerts but does not stop the traffic.
It combines the functionalities of antimalware applications with firewall protection.
How does the service password-encryption command enhance password security on Cisco routers and switches? It requires encrypted passwords to be used when connecting remotely to a router or switch with Telnet. It encrypts passwords that are stored in router or switch configuration files. It requires that a user type encrypted passwords to gain console access to a router or switch. It encrypts passwords as they are sent across the network.
It encrypts passwords that are stored in router or switch configuration files.
A switch has the following command issued as part of an 802.1X deployment. address ipv4 10.1.1.50 auth-port 1812 acct-port 1813 What is the purpose of this command? It identifies the address of the RADIUS server and the ports used for EAPOL messages. It identifies the address of the RADIUS server and ports on the server used for RADIUS traffic. It identifies the address of the default gateway and the ports used for traffic destined for remote networks. It identifies the address of the switch to which the client connects and the ports used for the EAPOL messages.
It identifies the address of the RADIUS server and ports on the server used for RADIUS traffic.
What is a zero-day attack? It is an attack that has no impact on the network because the software vendor has mitigated the vulnerability. It is an attack that results in no hosts able to connect to a network. It is a computer attack that occurs on the first day of the month. It is a computer attack that exploits unreported software vulnerabilities.
It is a computer attack that exploits unreported software vulnerabilities.
What is an IPS signature? It is the authorization that is required to implement a security policy. It is the timestamp that is applied to logged security events and alarms. It is a set of rules used to detect typical intrusive activity. It is a security script that is used to detect unknown threats.
It is a set of rules used to detect typical intrusive activity.
What is a characteristic of the Snort subscriber rule set term-based subscription? It is available for a fee. It does not provide access to Cisco support. It provides 30-day delayed access to updated signatures. It focuses on reactive responses to security threats.
It is available for a fee.
Which statement describes the term attack surface? It is the group of hosts that experiences the same attack. It is the network interface where attacks originate. It is the total sum of vulnerabilities in a system that is accessible to an attacker. It is the total number of attacks toward an organization within a day.
It is the total sum of vulnerabilities in a system that is accessible to an attacker.
Which technology is used to secure, monitor, and manage mobile devices? MDM VPN ASA firewall rootkit
MDM
Refer to the exhibit. A network administrator is configuring the security level for the ASA. What is a best practice for assigning the security level on the three interfaces? Outside 40, Inside 100, DMZ 0 Outside 0, Inside 35, DMZ 90 Outside 0, Inside 100, DMZ 50 Outside 100, Inside 10, DMZ 40
Outside 0, Inside 100, DMZ 50
What is an advantage in using a packet filtering firewall versus a high-end firewall appliance? Packet filters perform almost all the tasks of a high-end firewall at a fraction of the cost. Packet filters represent a complete firewall solution. Packet filters are not susceptible to IP spoofing. Packet filters provide an initial degree of security at the data-link and network layer.
Packet filters perform almost all the tasks of a high-end firewall at a fraction of the cost.
Which IPS signature trigger category uses the simplest triggering mechanism and searches for a specific and pre-defined atomic or composite pattern? Anomaly-Based Detection Pattern-Based Detection Policy-Based Detection Honey Pot-Based Detection
Pattern-Based Detection
What are two benefits offered by a zone-based policy firewall on a Cisco router? (Choose two.) Policies are applied to unidirectional traffic between zones. Any interface can be configured with both a ZPF and an IOS Classic Firewall. Policies are defined exclusively with ACLs. Policies provide scalability because they are easy to read and troubleshoot. Virtual and physical interfaces are put in different zones to enhance security.
Policies are applied to unidirectional traffic between zones. Policies provide scalability because they are easy to read and troubleshoot.
What protocol is used to encapsulate the EAP data between the authenticator and authentication server performing 802.1X authentication? RADIUS TACACS+ SSH MD5
RADIUS
Which device is used as the authentication server in an 802.1X implementation? access point wireless router RADIUS server Ethernet switch
RADIUS server
What are two hashing algorithms used with IPsec AH to guarantee authenticity? (Choose two.) AES DH RSA SHA MD5
SHA MD5
What network monitoring tool can be used to copy packets moving through one port, and send those copies to another port for analysis? NAC syslog SNMP SPAN
SPAN
What protocol is used by SCP for secure transport? Telnet SSH HTTPS IPSec TFTP
SSH
What is the IPS detection engine that is included in the SEC license for 4000 Series ISRs? Security Onion ASDM Snort AMP
Snort
Which open source network monitoring technology performs real-time traffic analysis and generates alerts when threats are detected on IP networks? SPAN RSPAN Snort IPS IOS IPS
Snort IPS
What is a difference between symmetric and asymmetric encryption algorithms? Symmetric algorithms are typically hundreds to thousands of times slower than asymmetric algorithms. Symmetric encryption algorithms are used to authenticate secure communications. Asymmetric encryption algorithms are used to repudiate messages. Symmetric encryption algorithms are used to encrypt data. Asymmetric encryption algorithms are used to decrypt data. Symmetric encryption algorithms use pre-shared keys. Asymmetric encryption algorithms use different keys to encrypt and decrypt data.
Symmetric encryption algorithms use pre-shared keys. Asymmetric encryption algorithms use different keys to encrypt and decrypt data.
Which statement correctly describes the configuration of a Snort VPG interface? The VPG1 interface must use a routable static IP address. The VPG1 interface must receive an address from DHCP. The VPG0 interface must have a routable address with access to the internet. The VPG1 interface must be configured with a public IP address.
The VPG0 interface must have a routable address with access to the internet.
In what way are zombies used in security attacks? They probe a group of machines for open ports to learn which services are running. They are infected machines that carry out a DDoS attack. They target specific individuals to gain corporate or personal information. They are maliciously formed code segments used to replace legitimate applications.
They are infected machines that carry out a DDoS attack.
Why are DES keys considered weak keys? DES weak keys use very long key sizes. DES weak keys are difficult to manage. They are more resource intensive. They produce identical subkeys.
They produce identical subkeys.
Which network monitoring capability is provided by using SPAN? Traffic exiting and entering a switch is copied to a network monitoring device. Statistics on packets flowing through Cisco routers and multilayer switches can be captured. Real-time reporting and long-term analysis of security events are enabled. Network analysts are able to access network device log files and to monitor network behavior.
Traffic exiting and entering a switch is copied to a network monitoring device.
Which security technology is commonly used by a teleworker when accessing resources on the main corporate office network? SecureX VPN IPS biometric access
VPN
Which Cisco appliance can be used to filter network traffic contents to report and deny traffic based on the web server reputation? ASA ESA AVC WSA
WSA
What is the purpose of configuring multiple crypto ACLs when building a VPN connection between remote sites? By applying the ACL on a public interface, multiple crypto ACLs can be built to prevent public users from connecting to the VPN-enabled router. Multiple crypto ACLs can define multiple remote peers for connecting with a VPN-enabled router across the Internet or network. Multiple crypto ACLs can be configured to deny specific network traffic from crossing a VPN. When multiple combinations of IPsec protection are being chosen, multiple crypto ACLs can define different traffic types.
When multiple combinations of IPsec protection are being chosen, multiple crypto ACLs can define different traffic types.
During a recent pandemic, employees from ABC company were allowed to work from home. What security technology should be implemented to ensure that data communications between the employees and the ABC Head Office network remain confidential? a hash message authentication code such as HMAC a hash-generating algorithm such as SHA a symmetric or asymmetric encryption algorithm such as AES or PKI a hashing algorithm such as MD5
a symmetric or asymmetric encryption algorithm such as AES or PKI
Which command is used to enable AAA as part of the 802.1X configuration process on a Cisco device? aaa authentication dot1x dot1x pae authenticator aaa new-model dot1x system-auth-control
aaa new-model
A server log includes this entry: User student accessed host server ABC using Telnet yesterday for 10 minutes. What type of log entry is this? accessing authentication authorization accounting
accounting
Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs? an implicit permit of neighbor discovery packets the use of named ACL statements an implicit deny any any statement the use of wildcard masks
an implicit permit of neighbor discovery packets
The switch port to which a client attaches is configured for the 802.1X protocol. The client must authenticate before being allowed to pass data onto the network. Between which two 802.1X roles is EAP data encapsulated using RADIUS? (Choose two.) data nonrepudiation server authenticator encrypter authentication server supplicant
authenticator authentication server
A port has been configured for the 802.1X protocol and the client has successfully authenticated. Which 802.1X state is associated with this PC? up enabled forwarding authorized
authorized
Which resource is affected due to weak security settings for a device owned by the company, but housed in another location? removable media cloud storage device social networking hard copy
cloud storage device
Which security measure is typically found both inside and outside a data center facility? biometrics access exit sensors continuous video surveillance a gate security traps
continuous video surveillance
When considering network security, what is the most valuable asset of an organization? personnel data financial resources customers
data
Which type of network commonly makes use of redundant air conditioning and a security trap? CAN WAN data center cloud
data center
Websites are rated based on the latest website reputation intelligence. Which endpoint security measure prevents endpoints from connecting to websites that have a bad rating? spam filtering denylisting DLP antimalware software host-based IPS
denylisting
What technology allows users to verify the identity of a website and to trust code that is downloaded from the Internet? encryption hash algorithm digital signature asymmetric key algorithm
digital signature
When a Cisco IOS Zone-Based Policy Firewall is being configured, which two actions can be applied to a traffic class? (Choose two.) hold log forward copy drop inspect
drop inspect
Which benefit does SSH offer over Telnet for remotely managing a router? connections via multiple VTY lines encryption TCP usage authorization
encryption
Which type of alert is generated when an IPS incorrectly identifies normal network user traffic as attack traffic? false negative true positive false positive true negative
false positive
What are two security features commonly found in a WAN design? (Choose two.) outside perimeter security including continuous video surveillance port security on all user-facing ports WPA2 for data encryption of all data between sites firewalls protecting the main and remote sites VPNs used by mobile workers between sites
firewalls protecting the main and remote sites VPNs used by mobile workers between sites
One method used by Cryptanalysts to crack codes is based on the fact that some letters of the English language are used more often than others. Which term is used to describe this method? frequency analysis known-plaintext meet-in-the-middle cybertext
frequency analysis
Which host-based security measure is used to restrict incoming and outgoing connections? rootkit host-based firewall antivirus/antimalware software host-based IPS
host-based firewall
A network administrator is explaining to a junior colleague the use of the lt and gt keywords when filtering packets using an extended ACL. Where would the lt or gt keywords be used? in an IPv6 named ACL that permits FTP traffic from one particular LAN getting to another LAN in an IPv6 extended ACL that stops packets going to one specific destination VLAN in an IPv4 named standard ACL that has specific UDP protocols that are allowed to be used on a specific server in an IPv4 extended ACL that allows packets from a range of TCP ports destined for a specific network device
in an IPv4 extended ACL that allows packets from a range of TCP ports destined for a specific network device
What are two main capabilities of a NAC system? (Choose two.) route filtering incident response security posture check DMZ protection administrative role assignment
incident response security posture check
Which two characteristics describe a worm? (Choose two.) executes when software is run on a computer is self-replicating infects computers by attaching to software code travels to new computers without any intervention or knowledge of the user hides in a dormant state until needed by an attacker
is self-replicating travels to new computers without any intervention or knowledge of the user
What is a characteristic of an IPS atomic signature? it requires several pieces of data to match an attack it is the simplest type of signature it is a stateful signature it can be slow and inefficient to analyze traffic
it is the simplest type of signature
Which two means can be used to try to bypass the management of mobile devices? (Choose two.) packet sniffing using a fuzzer using a Trojan Horse jailbreaking rooting
jailbreaking rooting
Which network technology uses a passive splitting device that forwards all traffic, including Layer 1 errors, to an analysis device? network tap IDS NetFlow SNMP
network tap
What command must be issued on a Cisco router that will serve as an authoritative NTP server? ntp server 172.16.0.1 ntp master 1 clock set 11:00:00 DEC 20 2010 ntp broadcast client
ntp master 1
What three tasks can a network administrator accomplish with the Nmap and Zenmap security testing tools? (Choose three.) open UDP and TCP port detection operating system fingerprinting password recovery security event analysis and reporting assessment of Layer 3 protocol support on hosts development of IDS signatures
open UDP and TCP port detection operating system fingerprinting assessment of Layer 3 protocol support on hosts
What are three actions that can be performed by Snort in IDS mode? (Choose three.) drop reject pass alert log sdrop
pass alert log
What type of network security test uses simulated attacks to determine the feasibility of an attack as well as the possible consequences if the attack occurs? penetration testing network scanning vulnerability scanning integrity checking
penetration testing
What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source? backdoor vishing Trojan phishing
phishing
Which evasion method describes the situation that after gaining access to the administrator password on a compromised host, a threat actor is attempting to login to another host using the same credentials? protocol-level misinterpretation pivoting resource exhaustion traffic substitution
pivoting
Which two security features can cause a switch port to become error-disabled? (Choose two.) root guard protected ports port security with the shutdown violation mode PortFast with BPDU guard enabled storm control with the trap option
port security with the shutdown violation mode PortFast with BPDU guard enabled
Which security service is provided by 802.1x? malware analysis and protection across the full attack continuum protection against emerging threats for Cisco products malware analysis of files port-based network access control
port-based network access control
Which risk management plan involves discontinuing an activity that creates a risk? risk reduction risk sharing risk retention risk avoidance
risk avoidance
What is a benefit of having users or remote employees use a VPN to connect to the existing network rather than growing the network infrastructure? security compatibility cost savings scalability
scalability
What name is given to an amateur hacker? script kiddie red hat blue team black hat
script kiddie
What term describes a set of rules used by an IDS or IPS to detect typical intrusion activity? event file signature trigger definition
signature
A network administrator is configuring an AAA server to manage RADIUS authentication. Which two features are included in RADIUS authentication? (Choose two.) hidden passwords during transmission single process for authentication and authorization separate processes for authentication and authorization encryption for all communication encryption for only the data
single process for authentication and authorization hidden passwords during transmission
A user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent? spam DDoS anonymous keylogging social engineering
social engineering
Which type of firewall is commonly part of a router firewall and allows or blocks traffic based on Layer 3 and Layer 4 information? proxy firewall stateless firewall application gateway firewall stateful firewall
stateless firewall
Which three types of views are available when configuring the role-based CLI access feature? (Choose three.) config view CLI view root view superuser view superview admin view
superview root view CLI view
What is hyperjacking? adding outdated security software to a virtual machine to gain access to a data center server overclocking the mesh network which connects the data center servers using processors from multiple computers to increase data processing power taking over a virtual machine hypervisor as part of a data center attack
taking over a virtual machine hypervisor as part of a data center attack
What is indicated by the use of the local-case keyword in a local AAA authentication configuration command sequence? that passwords and usernames are case-sensitive that a default local database AAA authentication is applied to all lines that AAA is enabled globally on the router that user access is limited to vty terminal lines
that passwords and usernames are case-sensitive
When using 802.1X authentication, what device controls physical access to the network, based on the authentication status of the client? the router that is serving as the default gateway the authentication server the switch that the client is connected to the supplicant
the switch that the client is connected to
What is the purpose of using the ip ospf message-digest-key key md5 password command and the area area-id authentication message-digest command on a router? to enable OSPF MD5 authentication on a per-interface basis to facilitate the establishment of neighbor adjacencies to configure OSPF MD5 authentication globally on the router to encrypt OSPF routing updates
to configure OSPF MD5 authentication globally on the router
Why would a rootkit be used by a hacker? to try to guess a password to do reconnaissance to reverse engineer binary files to gain access to a device without being detected
to gain access to a device without being detected
A company is deploying a new network design in which the border router has three interfaces. Interface Serial0/0/0 connects to the ISP, GigabitEthernet0/0 connects to the DMZ, and GigabitEthernet/01 connects to the internal private network. Which type of traffic would receive the least amount of inspection (have the most freedom of travel)? traffic that is returning from the public network after originating from the private network traffic that is going from the private network to the DMZ traffic that originates from the public network and that is destined for the DMZ traffic that is returning from the DMZ after originating from the private network
traffic that is going from the private network to the DMZ
Which classification indicates that an alert is verified as an actual security incident? false positive true negative true positive false negative
true positive
When would the authentication port-control command be used during an 802.1X implementation? when the authentication server is located at another location and cannot be reached when the authentication server is located in the cloud when an organization needs to control the port authorization state on a switch when a client has sent an EAPOL-logoff message
when an organization needs to control the port authorization state on a switch
What is the standard for a public key infrastructure to manage digital certificates? PKI x.509 x.503 NIST-SP800
x.509