SEC 150 - CCNA Security 210-260 Official Cert Guide - Chapters - 11 - 19
Which of the following describes a rule on the firewall which will never be matched because of where the firewall is in the network? a. Orphaned rule b. Redundant rule c. Shadowed rule d. Promiscuous rule
Orphaned rule
Which of the following describes a rule on the firewall which will never be matched because of where the firewall is in the network? a. Orphaned rule b. Redundant rule c. Shadowed rule d. Promiscuous rule
Orphaned rule
If a rogue IPv6 router is allowed on the network, which information could be incorrectly delivered to the clients on that network? (Choose all that apply.) a. IPv6 default gateway b. IPv6 DNS server c. IPv6 network address d. IPv6 ARP mappings
• IPv6 default gateway • IPv6 DNS server • IPv6 network address
What term refers to the internal IP address of a client using NAT as seen from other devices on the same internal network as the client? a. Inside local b. Inside global c. Outside local d. Outside global
Inside local
What term refers to the internal IP address of a client using NAT as seen from other devices on the same internal network as the client? a. Inside local b. Inside global c. Outside local d. Outside global
Inside local
Why is tunneling any protocol (including IPV6) through another protocol a security risk? (Choose all that Apply.) a. The innermost contents of the original packets may be hidden from normal security filters. b. The tunnels, if they extend beyond the network perimeter, may allow undesired traffic through the tunnel. c. Functionality might need to be sacrificed when going through a tunnel. d. Quality of service, for the underlying protocol, might be compromised.
• The innermost contents of the original packets may be hidden from normal security filters. • The tunnels, if they extend beyond the network perimeter, may allow undesired traffic through the tunnel.
What are the two primary benefits of using NTP (Network Time Protocol) along with a syslog server? (Choose all that apply.) a. Correlation of syslog messages from multiple different devices b. Grouping of syslog messages into summary messages c. Synchronization in the sending of syslog messages to avoid congestion d. Accurate accounting of when a syslog message occurred
- Correlation of syslog messages from multiple different devices - Accurate accounting of when a syslog message occurred
Which best practices apply to networks that run both IPv4 and IPv6? (Choose all that apply.) a. Physical security b. Routing protocol authentication c. Authorization of administrators d. Written security policy
- Physical security - Routing protocol authentication - Authorization of administrators - Written security policy
Which of the following routing protocols have both an IPv4 and IPv6 version? (Choose all that apply.) a. Routing Information Protocol b. Enhanced Interior Gateway Routing Protocol c. Open Shortest Path First d. Interior Gateway Routing Protocol
- Routing Information Protocol - Enhanced Interior Gateway Routing Protocol - Open Shortest Path First
Which of the following are the valid first four characters of a globally routable IPv6 address? (Choose all that apply.) a. 1234 b. 2345 c. 3456 d. 4567
2345 3456
Which of the following commands result in a secure bootset? (Choose all that apply.) a. secure boot-set b. secure boot-config c. secure boot-files d. secure boot-image
- secure boot-config - secure boot-image
When you connect for the first time to the console port on a new router, which privilege level are you using initially when presented with the command-line interface? a. 0 b. 1 c. 15 d. 16
1
How many groups of four hexadecimal characters does an IPv6 address contain? a. 4 b. 8 c. 16 d. 32
8 Length: IPv6 addresses are 128 bits (16 bytes) long. Groupings: IPv6 addresses are segmented into 8 groups of four hex characters.
What is a difference between a default and named method list? a. A default method list can contain up to four methods. b. A named method list can contain up to four methods. c. A default method list must be assigned to an interface or line. d. A named method list must be assigned to an interface or line.
A named method list must be assigned to an interface or line.
In legacy Cisco IPS, when does a signature consume memory? A. When it is unretired and enabled B. When it is retired and disabled C. When it is simply enabled D. When it is retired and enabled
A. When it is unretired and enabled A signature will consume the most resources of memory and CPU when it is both enabled and unretired.
What is the difference between a Trojan horse and a worm? A. A worm "wakes up" only when it knows it has infected the right machine. B. A Trojan horse depends on open, vulnerable ports to exploit a machine. C. A Trojan horse deletes itself after it propagates in the network. D. A worm replicates itself over the network.
A worm replicates itself over the network Response Feedback: Trojan horses typically use a form of social engineering to fool victims to install such software in their computers or mobile devices. Worms: viruses that replicate themselves over the network infecting numerous vulnerable systems.
DHCP snooping protects which component of NFP? A. Data plane B. Executive plane C. Management plane D. Control plane
A. Data plane
Which two configuration changes prevent users from jumping onto any VLAN they choose to join? A. Disabling negotiation of trunk ports B. Using something else other than VLAN 1 as the "native" VLAN C. Configuring the port connecting to the client as an access port D. Configuring the port connecting to the client as a trunk
A. Disabling negotiation of trunk ports C. Configuring the port connecting to the client as an access port
What allows a firewall to be a DHCP client and a NAT/PAT device at the same time? A. Dynamic PAT B. Static PAT C. Dynamic NAT D. Static NAT
A. Dynamic PAT Acting as a DHCP client on the outside interface, the firewall could provide PAT services to the inside hosts using dynamic PAT using the global address assigned to the firewall through DHCP.
Which of the following is true about signature-based IPS detection? A. It is the primary method used on both the appliance and an IOS router. B. It is the primary method used on an IOS router, but not on the appliance. C. Anomaly-based detection is the primary method used on both IOS and appliance-based IPS. D. It is the primary method used on the appliance, but not on an IOS router.
A. It is the primary method used on both the appliance and an IOS router.
Which of the secure management and reporting guidelines is important for correlating events across multiple network devices? A. Keeping clocks synchronized on network devices using NTPv B. Using Telnet only when working on an out-of-band network or within the protection of a VPN tunnel C. Authenticating before access is allowed, using a AAA server D. Using only SSH for remote CLI management
A. Keeping clocks synchronized on network devices using NTPv Because time is such an important factor, you should use Network Time Protocol (NTP) to synchronize the time in the network so that events that generate messages and time stamps can be correlated.
R1 (config) #enable secret level 5 $1$zVi7$UAAzKrgf R1 (config )#enable secret 5 $1$zVi7$UAAzKrgf Consider the router output shown here. Which of the following is true about these secrets? A. The MD5 hash that is now stored for privilege level 15 is $1$zVi7$UAAzKrgf. B. The password that is now functional for privilege level 5 is $1$zVi7$UAAzKrgf. C. The MD5 hash that is now stored for privilege level 5 is $1$zVi7$UAAzKrgf. D. The password that is now functional for privilege level 15 is $1$zVi7$UAAzKrgf.
A. The MD5 hash that is now stored for privilege level 15 is $1$zVi7$UAAzKrgf. B. The password that is now functional for privilege level 5 is $1$zVi7$UAAzKrgf. The secret key word causes an MD5 hash to be stored in the configuration. The 5 after the word secret implies the hash to use is being provided. The level 5 indicates that a password for privilege level 5 access is being configured.
R1(config)#username Bob privilege 15 secret cisco R1(config)#username Lois privilege 15 password cisco R1(config)#username Jennifer privilege 15 secret 0 cisco Refer to the output of the router shown here. Which of the following is true? (Choose two.) A. The password for Bob is stored the same way as the password for Jennifer. B. The password for Bob is stored more securely than the password for Jennifer. C. The use of the password keyword is preferred over secret. D. The password for Jennifer is stored more securely than the password for Lois.
A. The password for Bob is stored the same way as the password for Jennifer. D. The password for Jennifer is stored more securely than the password for Lois. All the passwords that are set using the keyword of secret are stored as an MD5 hash in the config. The default is to type in the actual password the user should use, and the system will create the MD5 hash. The level of 0 indicates this default.
R1(config)#ip http secure-server R1(config)#% Generating 1024 bit RSA keys, keys will be non-exportable...[OK] %SSH-5-ENABLED: SSH 1.99 has been enabled R1(config)#line vty 0 4 R1(config-line)#login local R1(config-line)#exit R1(config)#username admin privilege 15 secret cisco R1(config)#do show ip int brief Interface IP-Address OK? Method Status Protocol GigabitEthernet1/0 23.0.0.1 YES NVRAM up up GigabitEthernet2/0 10.0.0.1 YES NVRAM up up Consider the output shown here. Without any other username or HTTP or vty-related commands configured on the router, the administrator attempts to connect to this router using CCP. Pings to the router work correctly from the administrator's workstation, but the CCP will not connect. Why not? A. The web authentication method is not specified. B. The router does not have a route back to the administrator's workstation. C. The username admin needs to be configured with a password. D. The command ip http server needs to be configured.
A. The web authentication method is not specified. Pings are verifying IP connectivity. The missing component is the authentication. HTTPS can be used without plaintext HTTP enabled.
Which of the following commands enable you to create a snapshot of the running configuration and store it in persistent storage? A. secure boot-config B. secure boot-image C. secure NVRAM:startup-config D. secure bootset
A. secure boot-config The Cisco Resilient Configuration feature is intended to improve the recovery time by making a secure working copy of the IOS image and startup configuration files (which are referred to as the primary bootset) that cannot be deleted by a remote user.
Which of the following commands shows the current NAT translations on the router? A. show ip nat translations B. show ip nat translations * C. show translations D. show nat translations
A. show ip nat translations
Which method of IPS uses a baseline of normal network behavior and looks for deviations from that baseline? a. Reputation-based IPS b. Policy-based IPS c. Signature-based IPS d. Anomaly-based IPS
Anomaly-based IPS (Intrusion Prevention System)
Which is a protection provided by the Cisco ESA? A. URL filtering B. Antispam C. TCP SYN cookies D. Policing
Antispam Response Feedback: The Cisco ESA is an email security appliance that can protect from spam and email threats. URL filtering is provided by Cisco WSa, CWS and other Cisco products. Policing is provided by IOS, ASAs and other Cisco products. TCP SYN cookies are an ASA and IOS feature.
Which of the following is NOT a best practice? a. Assign aggressive IPS responses to specific signatures b. Assign aggressive IPS responses based on the resulting risk rating generated by the attack c. Tune the IPS and revisit the tuning process periodically d. Use correlation within the enterprise and globally for an improved security posture
Assign aggressive IPS (Intrusion Prevention System) responses to specific signatures
Which of the micro-engines contains signatures that can only match on a single packet, as opposed to a flow of packets? a. Atomic b. String c. Flood d. Other
Atomic
What platforms is AMP NOT available for? A. Windows B. Apple iOS C. Android D. MAC OS X
B. Apple iOS The AMP software is available for Windows, OSX and Android. There is no iOS version available.
R1(config)#enable secret level 10 cisco What does this command accomplish? A. Creates a hashed password in the config and specifies 10 as the maximum number of login attempts B. Assigns a password for a custom privilege level C. Creates a password for the user cisco D. Creates a plaintext password for privilege level 10
B. Assigns a password for a custom privilege level The keyword secret means the password will be stored as an MD5 hash in the configuration. The level keyword indicates this will be a password for access to the custom privilege level 10.
Which of the following is considered to be an enterprise-level management system? A. Cisco Configuration Professional B. Cisco Security Manager C. ASA Device Manager D. IPS Manager Express
B. Cisco Security Manager In an enterprise environment, you can purchase a separate single-console management tool for most of these security and network devices. An example is Cisco Security Manager (CSM). CSM is also a GUI tool that enables you to configure, manage, and monitor IOS routers, ASA firewall appliances, IPS sensors, and Catalyst series switches.
Which of the following is the correct syntax to apply root guard to an interface? A. Root guard is applied globally, not to an interface. B. spanning-tree guard root C. no spanning-tree root D. spanning-tree root guard
B. spanning-tree guard root If you want to prevent your local switch from learning about a new root switch through one of its local ports, you can configure root guard on that port. This can help in preventing tampering with of your existing STP topology.
You want to correlate the legacy Cisco IPS events from several sensors and want to do it securely. Which solution offers this? A. Syslog B. IME C. CCP D. CLI
B. IME (IPS Manager Express) - which can run on a workstation and be a central point of event viewing that can support up to 10 sensors simultaneously. IME opens up an SDEE secure subscription to the IPS device and allows management and correlation of events across multiple sensors.
What is the most efficient method for logging system messages from Cisco routers and switches? A. Console B. Internal buffer C. Syslog server D. Vty
B. Internal buffer The most efficient way to log system messages is to use the internal buffer of the router or switch.
What is the default policy between an administratively created zone and the self zone? A. Deny B. Permit C. Inspect D. Log
B. Permit
Which two of the following are some common e-mail-based threats? A. SQL injection B. Phishing C. IPv6 Extension Header manipulation D. DoS E. Malware attachments
B. Phishing E. Malware attachments
Consider an ASA with three interfaces with the associated security levels: inside 100 outside 0 DMZ 50 With this configuration, which traffic, by default, would be allowed to be routed through the firewall? A. Initial traffic from the outside to the inside B. Reply traffic from the DMZ to the outside C. Initial traffic from the DMZ to the inside D. Initial traffic from the DMZ to the outside
B. Reply traffic from the DMZ to the outside D. Initial traffic from the DMZ to the outside Stateful inspection of initial traffic from the inside to the outside happens by default on the ASA, and the return traffic will be dynamically allowed through the firewall from the outside to the inside. All the other flows listed would not be allowed by default on the ASA.
Which element can be used as a trigger mechanism for an IPS to implement a countermeasure in legacy Cisco IPS? A. Signature fidelity rating B. Risk rating C. Target value rating D. Attack severity rating
B. Risk rating By using event action overrides, you can use the overall risk rating to trigger countermeasures, instead of linking those responses to individual signatures.
Key firewall features include which of the following? A. Data export, filtering, logging B. Stateful inspection and filtering, NAT, application awareness C. Logging, routing, load balancing, stateful inspection D. Routing protocols, voice recognition, NAT
B. Stateful inspection and filtering, NAT, application awareness Modern firewalls traditionally offer stateful inspection and filtering, NAT, application awareness and more. They do not traditionally offer data export which could be a security concern, voice recognition or load balancing.
What is the primary user benefit from Zone-Based Firewalls? A. Static packet filtering B. Stateful packet inspection C. Proxy services D. Priority queuing
B. Stateful packet inspection Stateful packet inspection is the primary feature provided by the IOS Zone-Based Firewall. Priority queuing, although a service provided by the router, is not the primary feature of the Zone-Based Firewall.
What is a configuration difference between ACLs on the ASA and ACLs on IOS? A. ACLs are applied to interfaces on the IOS, and on the ASA they are applied only to the global policy B. The ASA uses standard masks in ACL entries. C. The IOS supports both standard and extended ACLs. D. The ASA supports only extended ACLs.
B. The ASA uses standard masks in ACL entries. The ASA does not use wildcard mask in any of its configuration of ACLs, unlike the IOS router, which does use wildcard masks.
Which of the following benefit of the ASA might a basic stateful firewall NOT contain? A. The ability to provide packet filtering B. The ability to perform application aware inspection of traffic C. The ability to provide logging capabilities D. The ability to perform network address translation
B. The ability to perform application aware inspection of traffic Application-aware inspection allows the ASA to analyze application layer data for filtering and monitoring purposes.
What is an application layer gateway (ALG) in the context of Cisco ASA firewalls? A. The feature of blocking applications that do not conform to the defined policies B. The function of application proxying to enforce security controls C. The feature of checking whether installed applications are signed by a trusted source D. The function of recognizing and collecting statistics about OSI Layer 7 applications
B. The function of application proxying to enforce security controls The ALG does not collect L7 statistics, block applications or check the signature of apps. It proxies certain applications and ensures the protocol correctness and re-writes certain fields when needed. For example, the ALG would rewrite field in SIP packets between endpoints that their addresses get translated.
Which of the following is a problem for most legacy IPS systems? A. IPS systems cannot stop the initial trigger packet from entering the network. B. Traffic that is encrypted cannot be fully inspected. C. Analyzing traffic in promiscuous mode may cause latency on the network. D. Traffic that is encrypted takes much more CPU to process than plain text.
B. Traffic that is encrypted cannot be fully inspected. Unless the IPS device is the endpoint of a VPN tunnel, the encrypted traffic flowing through the router, whether it be IPsec or SSL,will be unavailable as clear text for analysis.
Which two items normally have a one-to-one correlation? A. Classful IP networks B. VLANs C. Number of routers D. Number of switches E. IP subnetworks
B. VLANs E. IP subnetworks
Which of the following is the correct syntax to apply BPDU guard to a single interface? A. spanning-tree portfast bpduguard B. spanning-tree bpduguard enable C. spanning-tree bpduguard D. bpduguard
B. spanning-tree bpduguard enable
R1(config)#ip access-list ex Packet_Filter R1(config-ext-nacl)#deny tcp 172.16.1.0 0.0.0.255 host 1.2.3.4 eq 23 R1(config-ext-nacl)#permit ip 172.16.0.0 0.0.255.255 any R1(config-ext-nacl)#permit tcp host 172.16.1.50 host 1.2.3.4 R1(config-ext-nacl)#int fa 0/1 R1(config-if)#ip access-group Packet_Filter in Consider the configuration shown here. Based on this output, which of the following is true about packets entering Fa0/1? A. A host at 172.16.1.50 cannot connect to a server at 1.2.3.4 using HTTP. B. A host at 172.16.2.50 cannot telnet to a server at 1.2.3.4. C. A host at 172.16.1.50 cannot telnet to a server at 1.2.3.4. D. A host at 172.16.2.50 cannot connect to a server at 1.2.3.4 using HTTP.
C. A host at 172.16.1.50 cannot telnet to a server at 1.2.3.4. If each line of the answers are compared, port by port, protocol by protocol, and IP by IP, the only accurate entry is the one provided.
Which of the following is true about anomaly-based IPS detection in legacy Cisco IPS? A. It is the primary method used on an IOS router, but not on the appliance. B. It is the primary method used on both the appliance and an IOS router. C. Anomaly-based detection is supported on the appliance-based IPS, but not on the IOS. D. It is the primary method used on the appliance, but not on an IOS router.
C. Anomaly-based detection is supported on the appliance-based IPS, but not on the IOS. The IOS IPS implementation does not support the anomaly based IPS functions, but the IPS appliance does.
Why should CDP be disabled on ports that face untrusted networks? A. CDP can be used as a DDoS vector B. CDP can conflict with LLDP on ports facing untrusted networks C. CDP can used as a reconnaissance tool to determine information about the device D. Disabling CDP will prevent the device from participating in spanning tree with untrusted devices
C. CDP can used as a reconnaissance tool to determine information about the device
What is a significant difference between CoPP and CPPr? A. One works at Layer 3, and the other works at Layer 2. B. One protects the data plane and the other protects the management plane. C. CPPr can classify and act on more-specific traffic than CoPP. D. CoPP can classify and act on more-specific traffic than CPPr.
C. CPPr can classify and act on more-specific traffic than CoPP.
Which of the following password methods features the strongest encryption? A. Enable password B. Service password-encryption C. Enable secret password D. Line password
C. Enable secret password The enable secret password features MD5 hashing. This is a stronger encryption approach than the service password-encryption command, which uses a Cisco proprietary encryption.
Which of the following is NOT a core component of the Network Foundation Protection architecture? A. Data plane B. Management plane C. Executive plane D. Control plane
C. Executive plane For Cisco IOS routers and switches, the NFP framework is broken down into three basic planes (also called sections/areas): Management plane: This includes the protocols and traffic that an administrator uses between his workstation and the router or switch itself. Control plane: This includes protocols and traffic that the network devices use on their own without direct interaction from an administrator. An example is a routing protocol. Data plane: This includes traffic that is being forwarded through the network (sometimes called transit traffic).
What is the easiest way for an attacker to perform VLAN hopping? A. Use multiple virtual machines on the same access port B. Implement MAC flooding C. Negotiate a trunk using the connection to the access switch D. Perform DHCP starvation
C. Negotiate a trunk using the connection to the access switch A best practice at Layer 2 is to administratively configure access ports as access ports so that users cannot negotiate a trunk and to disable the negotiation of trunking (no Dynamic Trunking Protocol [DTP]).
SNMPv3 provides advantages over its previous versions. Which of the following is a feature in SNMPv3 whose function is not available in SNMPv1? A. Allowing both get and set messages B. Sending alert messages from an SNMP managed device to a network management station C. Scrambling of the content of the SNMP packets D. Sending configuration changes from a management station to an SNMP managed device
C. Scrambling of the content of the SNMP packets The encryption (or scrambling) of the SNMP traffic is a feature in SNMPv3 that does not exist in SNMPv1.
Why is it that the return traffic, from previously inspected sessions, is allowed back to the user, in spite of not having a zone pair explicitly configured that matches on the return traffic? A. A zone pair in the opposite direction of the initial zone pair (including an applied policy) must be applied for return traffic to be allowed. B. Return traffic is not allowed because it is a firewall. C. Stateful entries (from the initial flow) are matched, which dynamically allows return traffic. D. Explicit ACL rules need to be placed on the return path to allow the return traffic.
C. Stateful entries (from the initial flow) are matched, which dynamically allows return traffic.
How does a switch react when an attacker has flooded the CAM table on the device and the switch receives a unicast frame? A. The switch drops the frame. B. The switch buffers the frame until the CAM is no longer full. C. The switch floods the frame. D. The switch redirects the frame out the port it was received.
C. The switch floods the frame. Switches respond to a full CAM by flooding unicast packets that are received.
R2(config)#enable secret kjfd73j3h01! R1(config)#aaa new-model R1(config)#exit R1# Consider the configuration shown here. What would be the next command to use in creating a custom parser view? A. view enable B. configure terminal C. enable view D. parser view
C. enable view Response Feedback: To create a view, an enable secret password must first be configured on the router. AAA must also be enabled on the router (aaa new-model command).
Which of the following elements, which are part of the Modular Policy Framework on the ASA, are used to classify traffic? a. Class maps b. Policy maps c. Service policies d. Stateful filtering
Class maps
Control plane packets are handled by which of the following? a. Ingress Interface b. CPU c. Management Interface d. SNMP Interface
CPU
Which of the following is the operating system used by the Cisco WSA (Web Security Appliance)? a. Cisco AsyncOS operating system b. Cisco IOS-XR Software c. Cisco IOS-XE Software d. Cisco IOS Software e. Cisco ASA Software
Cisco AsyncOS operating system
Which element of a Zone-Based Firewall has the responsibility for identifying the traffic? A. Service policy, type inspect B. Policy map, type inspect C. Zone pair D. Class map, type inspect
D. Class map, type inspect The class map's job is to categorize or classify/identify traffic.
What is one of the added configuration elements that the Advanced security setting has in the ZBF (Zone-Based Firewalls) Wizard that is not included in the Low security setting? A. Generic UDP inspection B. Generic TCP inspection C. NAT D. Filtering of peer-to-peer networking applications
D. Filtering of peer-to-peer networking applications
If you configure a Zoned-Based Firewall that includes a policy for traffic directed to and from the self zone, which of the following could create a denial of service? A. Not allowing telnet traffic B. Not allowing ICMP traffic C. Not allowing FTP traffic D. Not allowing specific routing protocol traffic
D. Not allowing specific routing protocol traffic By default, traffic to the self zone (the router itself) is allowed. If a policy is created to manage traffic to and or from the self zone, the policy will be followed, and by if you don't specifically allow routing protocol updates to be permitted by the policy applied to the self zone. In this light, care must be taken to allow routing protocols (the ones that are used by the router on your network) to be allowed by your custom policy that is applied to traffic that involves the self zone.
What does the keyword overload imply in a NAT configuration? A. Static NAT is being used. B. NAT will provide "best effort" but not guaranteed service, due to an overload. C. NAT is willing to take up to 100 percent of available CPU. D. PAT is being used.
D. PAT is being used. Port Address Translation. This is a subset of NAT, with multiple devices being mapped to a single address. It is also referred to as a many-to-one translation
What is a spear phishing attack? a. Unsolicited e-mails sent to an attacker. b. A denial-of-service (DoS) attack against an e-mail server. c. E-mails that are directed to specific individuals or organizations. An attacker may obtain information about the targeted individual or organization from social media sites and other sources. d. Spam e-mails sent to numerous victims with the purpose of making money.
E-mails that are directed to specific individuals or organizations. An attacker may obtain information about the targeted individual or organization from social media sites and other sources.
What is the default method for determining the interface ID for a link-local address on Ethernet? a. EUI-64 Extended Unique Identifiers b. MAC address with FFFE at the end c. MAC address with FFFE at the beginning d. Depends on the network address being connected to
EUI-64 Extended Unique Identifiers
What does application layer inspection provide? a. Packet filtering at Layer 5 and higher b. Enables a firewall to listen in on a client/server communication, looking for information regarding communication channels c. Proxy server functionality d. Application layer gateway functionality
Enables a firewall to listen in on a client/server communication, looking for information regarding communication channels
What does application layer inspection provide? a. Packet filtering at Layer 5 and higher b. Enables a firewall to listen in on a client/server communication, looking for information regarding communication channels c. Proxy server functionality d. Application layer gateway functionality
Enables a firewall to listen in on a client/server communication, looking for information regarding communication channels
Which of the following are the valid first four characters of a link-local address? a. FE80 b. FF02 c. 2000 d. 3000
FE80
Control plane policing helps to protect the CPU by doing what? a. Diverting all control plane traffic to the data and management planes b. Filtering and rate-limiting traffic destined to the control plane c. Rate-limiting SNMP traffic to reduce the impact on the CPU d. Throttling all traffic ingressing the device during heavy traffic periods until the CPU performance has improved
Filtering and rate-limiting traffic destined to the control plane
Which of the following is NOT a subinterface that can be leveraged as part of control plane protection? a. Host subinterface b. Frame Relay subinterface c. CEF-Exception subinterface d. Transit subinterface
Frame Relay subinterface
Which of the following is NOT impacted by a default login authentication method list? a. AUX line b. HDLC (High-Level Data Link Control) Interface c. Vty line d. Console line
HDLC (High-Level Data Link Control) Interface
A company has hired you to determine whether attacks are happening against the server farm, and it does not want any additional delay added to the network. Which deployment method should be used? a. Appliance-based inline b. IOS software-based inline c. Appliance-based IPS d. IDS - Intrusion Detection System
IDS - Intrusion Detection System
Which method should you implement when it is NOT acceptable for an attack to reach its intended victim? a. IDS b. IPS - Intrusion Prevention System c. Out of band d. Hardware appliance
IPS - Intrusion Prevention System
Which one of the following is true about a transparent firewall? a. Implemented at Layer 1 b. Implemented at Layer 2 c. Implemented at Layer 3 d. Implemented at Layer 4 and higher
Implemented at Layer 2
Which one of the following is true about a transparent firewall? a. Implemented at Layer 1 b. Implemented at Layer 2 c. Implemented at Layer 3 d. Implemented at Layer 4 and higher
Implemented at Layer 2
R1# show ipv6 int fa 0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, xxxxxxxx is FE80::218:B9FF:FE21:9278 No Virtual link-local address(es): xxxxxxxxxx address(es): Review the output shown here. What is the address of FE80::218:B9FF:FE21:9278?
Local Link Address: Explanation: IPv6 automatically configures for itself a second IPv6 address known as a link local address that begins with FE80. A link local address is an IPv6 address that you can use to communicate with other IPv6 devices on the same local network (local broadcast domain). If an IPv6 device wants to communicate with a device that is remote, it needs to use its global and routable IPv6 address for that (not the link local one). To reach remote devices, you also need to have a route to that remote network or a default gateway to use to reach the remote network.
When used in an access policy, which component could identify multiple servers? a. Stateful filtering b. Application awareness c. Object groups d. DHCP services
Object groups
Which firewall methodology requires the administrator to know and configure all the specific ports, IPs, and protocols required for the firewall? a. AGL b. Packet filtering c. Stateful filtering d. Proxy server
Packet filtering
Which firewall methodology requires the administrator to know and configure all the specific ports, IPs, and protocols required for the firewall? a. AGL b. Packet filtering c. Stateful filtering d. Proxy server
Packet filtering
Which type of implementation requires custom signatures to be created by the administrator? a. Reputation-based IPS b. Policy-based IPS c. Engine-based IPS d. Anomaly-based IPS
Policy-based IPS (Intrusion Prevention System)
What is the specific term for performing Network Address Translation for multiple inside devices but optimizing the number of global addresses required? a. NAT-T b. NAT c. PAT d. PAT-T
Port Address Translation (PAT)
What is the specific term for performing Network Address Translation for multiple inside devices but optimizing the number of global addresses required? a. NAT-T b. NAT c. PAT d. PAT-T
Port Address Translation (PAT)
What is one method to protect against a rogue IPv6 router? a. Port security b. Static ARP entries c. DHCPv6 d. RA guard
RA guard (Router Announcement)
Which IPv6 extension header may allow an attacker to control the path of an IPv6 packet through your network? Authentication Header ESP Header Fragment Header RH Type 0
RH Type 0
Which of the following statements is true? a. RIPv1 supports cleartext authentication, and RIPv2 supports MD5 authentication. b. RIPv2 and OSPF make use of a key chain for authentication. c. RIPv2 and EIGRP both require router process configuration for authentication. d. RIPv2 and EIGRP both make use of a key chain for authentication.
RIPv2 and EIGRP both make use of a key chain for authentication.
Which method requires participation in global correlation involving groups outside your own enterprise? a. Reputation-Based IPS b. Policy-based IPS c. Signature-based IPS d. Anomaly-based IPS
Reputation-Based IPS (Intrusion Prevention System)
What is needed to implement MD5 authentication for BGP? a. Interface and router process configuration b. Interface and key chain configuration c. Router process configuration d. Router process and key chain configuration
Router process configuration
Which of the following pairs of statements is true in terms of configuring MD authentication? a. Interface statements (OSPF, EIGRP) must be configured; use of key chain in OSPF b. Router process (OSPF, EIGRP) must be configured; key chain in EIGRP c. Router process or interface statement for OSPF must be configured; key chain in EIGRP d. Router process (only for OSPF) must be configured; key chain in OSPF
Router process or interface statement for OSPF must be configured; key chain in EIGRP
What is the name of Cisco cloud-based services for IPS correlation? a. SIO - Security Intelligence Operations b. EBAY c. ISO d. OSI
SIO - Security Intelligence Operations
Which of the following is NOT a Next-Generation IPS (NGIPS) solution? a. NGIPSv b. ASA with FirePOWER c. SIO IPS - Security Intelligence Operations IPS d. FirePOWER 8000 series appliances
SIO IPS - Security Intelligence Operations IPS (Intrusion Prevention System)
Which of the following functions is NOT handled by the control plane? a. BGP - Border Gateway Protocol b. RSVP - Resource Reservation Protocol c. SSH d. ICMP - Internet Control Message Protocol
SSH
Which of the following indirectly requires the administrator to configure a hostname? a. Telnet b. HTTP c. HTTPS d. SSH
SSH
Which of the following represents a cloud-based service, provided by Cisco, that baselines the current state of threats worldwide? A. IPS B. SecureX C. AnyConnect D. SIO
Security Intelligence Operations (SIO) Response Feedback: Security Intelligence Operations (SIO) is a cloud-based service that Cisco manages. This service identifies and correlates real-time threats so that customers can leverage this information to better protect their networks.
Which one of the following follows best practices for a secure password? a. ABC123! b. SlE3peR1# c. tough-passfraze d. InterEstIng-PaSsWoRd
SlE3peR1#
Which technology dynamically builds a table for the purpose of permitting the return traffic from an outside server, back to the client, in spite of a default security policy that says no traffic is allowed to initiate from the outside networks? a. Proxy b. NAT c. Packet filtering d. Stateful Filtering
Stateful Filtering
Which technology dynamically builds a table for the purpose of permitting the return traffic from an outside server, back to the client, in spite of a default security policy that says no traffic is allowed to initiate from the outside networks? a. Proxy b. NAT c. Packet filtering d. Stateful filtering
Stateful filtering
In the following CoPP example, which traffic is being prevented from reaching the control plane? Extended IP access list 123 10 deny tcp 192.168.1.0 0.0.0.25 any eq telent 20 deny udp 192.168.1.0 0.0.0.255 any eq domain
Telnet and DNS traffic from outside the 192.168.1.0./24 subnet
When you configure the ASA as a DHCP server for a small office, what default gateway will be assigned for the DHCP clients to use? a. The service provider's next-hop IP address. b. The ASA's outside IP address. c. The ASA's inside IP address. d. Clients need to locally configure a default gateway value.
The ASA's inside IP address
Why does IPS (Intrusion Prevention System) have the ability to prevent an ICMP-based attack from reaching the intended victim? a. Policy-based routing. b. TCP resets are used. c. The IPS is inline with the traffic. d. The IPS is in promiscuous mode.
The IPS (Intrusion Prevention System) is inline with the traffic
Which of the following is a loopback address in IPv6? ::1 IPv6 has no loopback address. ::127:0:0:1 ::
The loopback address in IPv6 is ::1.
When you configure network address translation for a small office, devices on the Internet will see the ASA inside users as coming from which IP address? a. The inside address of the ASA. b. The outside address of the ASA. c. The DMZ address of the ASA. d. Clients will each be assigned a unique global address, one for each user.
The outside address of the ASA
What is the long-term impact of providing a promiscuous rule as a short-term test in an attempt to get a network application working? a. The promiscuous rule may be left in place, leaving a security hole. b. The rule cannot be changed later to more accurately filter based on the business requirement. c. It should be a shadowed rule. d. Change control documentation may not be completed for this test.
The promiscuous rule may be left in place, leaving a security hole.
What is the long-term impact of providing a promiscuous rule as a short-term test in an attempt to get a network application working? a. The promiscuous rule may be left in place, leaving a security hole. b. The rule cannot be changed later to more accurately filter based on the business requirement. c. It should be a shadowed rule. d. Change control documentation may not be completed for this test.
The promiscuous rule may be left in place, leaving a security hole.
Which is not a type of malware? A. Back doors B. Trojan horses C. Unsigned executables D. Logic bombs
Unsigned executables Response Feedback: Logic bombs, Trojans and back doors are common types of malware. Unsigned executables do not necessarily mean they are malware. They could be legitimate executables files.
You are interested in verifying whether the security policy you implemented is having the desired effect. How can you verify this policy without involving end users or their computers? a. Run the policy check tool, which is built in to the ASA. b. The ASA automatically verifies that policy matches intended rules. c. Use the Packet Tracer tool. d. You must manually generate the traffic from an end-user device to verify that the firewall will forward it or deny it based on policy.
Use the Packet Tracer tool
Cisco recommends which version of Simple Network Management Protocol (SNMP) on your network if you need it? a. Version 1 b. Version 2 c. Version 3 d. Version 4
Version 3
Which of the following Cisco ASA models are designed for small and branch offices? (Choose all that apply.) a. 5505 b. 5512-X c. 5555-X d. 5585-X with SSP10
a. 5505 b. 5512-X
Which of the following are properties directly associated with a signature? (Choose all that apply.) a. ASR - Attack Severity Rating b. SFR - Signature Fidelity Rating c. TVR - Target Value Rating d. RR - Risk Rating
a. ASR - Attack Severity Rating b. SFR - Signature Fidelity Rating
Which of the following Cisco ESA models are designed for mid-sized organizations? (Choose all that apply.) a. Cisco C380 b. Cisco C670 c. Cisco C680 d. Cisco X1070
a. Cisco C380 b. Cisco C670
Which of the following tools could be used to configure or manage an ASA? (Choose all that apply.) - Adaptive Security Appliance a. Cisco Security Manager (CSM) b. ASA Security Device Manager (ASDM) c. Cisco Configuration Professional (CCP) d. The command-line interface (CLI)
a. Cisco Security Manager (CSM) b. ASA Security Device Manager (ASDM) d. The command-line interface (CLI)
Which of the following are open source antivirus software? (Choose all that apply.) a. ClamAV b. Immunet c. ImuniSec d. ClamSoft
a. ClamAV b. Immunet
Which of the following features are supported by the Cisco WSA (Web Security Appliance)? (Choose all that apply.) a. File reputation b. File sandboxing c. Layer 4 traffic monitor d. Real-time e-mail scanning e. Third-party DLP integration
a. File reputation b. File sandboxing c. Layer 4 traffic monitor e. Third-party DLP integration
Which of the following are examples of full disk encryption legitimate software? (Choose all that apply.) a. FileVault b. Cisco FileEncryptor c. BitLocker d. CryptoWall e. CryptoLocker
a. FileVault c. BitLocker Much commercial and free software enables you to encrypt files in an end-user workstation or mobile device. MAC OS X FileVault: Supports full disk encryption on Mac OS X systems. BitLocker: Full disk encryption feature included in several Windows operating systems.
You are trying to configure a method list, and your syntax is correct, but the command is not being accepted. Which of the following might cause this failure? (Choose all that apply.) a. Incorrect Privilege Level b. AAA not enabled c. Wrong mode d. Not allowed by the view
a. Incorrect Privilege Level b. AAA not enabled c. Wrong mode d. Not allowed by the view
Which of the following features does the Cisco ESA (Email Security Appliance) provide? (Choose all that apply.) a. Network antivirus capabilities b. E-mail encryption c. Threat outbreak prevention d. Support for remote access SSL VPN connections
a. Network antivirus capabilities b. E-mail encryption c. Threat outbreak prevention
Which of the following file types are supported by Cisco AMP (Advanced Malware Protection) for Endpoints? (Choose all that apply.) a. PDF b. ASC c. MSCAB d. ZIP e. MACHO
a. PDF c. MSCAB d. ZIP e. MACHO
How can you implement role-based access control (RBAC)? (Choose all that apply.) a. Provide the password for a custom privilege level to users in a given role b. Associate user accounts with specific views c. Use access lists to specify which devices can connect remotely d. Use AAA to authorize specific users for specific sets of permissions
a. Provide the password for a custom privilege level to users in a given role b. Associate user accounts with specific views d. Use AAA to authorize specific users for specific sets of permissions
Which of the following are examples of e-mail encryption solutions? (Choose all that apply.) a. Secure/Multipurpose Internet Mail Extensions (S/MIME ) b. VPNs c. Pretty Good Privacy (PGP) d. GNU Privacy Guard (GnuPG) e. Web-based encryption e-mail service like Sendinc or JumbleMe
a. Secure/Multipurpose Internet Mail Extensions (S/MIME ) c. Pretty Good Privacy (PGP) d. GNU Privacy Guard (GnuPG) e. Web-based encryption e-mail service like Sendinc or JumbleMe
Which of the following e-mail authentication mechanisms are supported by the Cisco ESA (Email Security Appliance)? (Choose all that apply.) a. Sender Policy Framework (SPF) b. Sender ID Framework (SIDF) c. DomainKeys Identified Mail (DKIM) d. DomainKeys Mail Protection (DMP)
a. Sender Policy Framework (SPF) b. Sender ID Framework (SIDF) c. DomainKeys Identified Mail (DKIM)
Which of the following features does the Cisco ASA provide? (Choose all that apply.) Cisco Adaptive Security Appliance a. Simple packet filtering using standard or extended access lists b. Layer 2 transparent implementation c. Support for remote-access SSL VPN connections d. Support for site-to-site SSL VPN connections
a. Simple packet filtering using standard or extended access lists b. Layer 2 transparent implementation c. Support for remote-access SSL VPN connections
VPN implementations can be categorized into which of the following two distinct groups? a. Site-to-site VPNs b. Free VPNs c. Commercial VPNs d. Remote-access VPNs
a. Site-to-site VPNs d. Remote-access VPNs
Cisco AMP for Endpoints provides advanced malware protection for which of the following operating systems? (Choose all that apply.) a. Windows b. MAC OS X c. Android d. Solaris e. HP-UX
a. Windows b. MAC OS X c. Android
Which of the following are examples of the most common types of malware? (Choose all that apply.) a. viruses b. worms c. file encryption software d. Trojan horses
a. viruses b. worms d. Trojan horses
Which line in the following OSPF configuration will NOT be required for MD5 authentication to work? interface GigabitEthernet0/1 ip address 192.168.10.1 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 CCNA ! router ospf 65000 router-id 192.168.10.1 area 20 authentication message-digest
area 20 authentication message-digest
Which of the following statements is correct about back doors? a. Back doors are created when a buffer overflow is exploited. b. Back doors can open a network port on the affected system so that the attacker can connect and control such system. c. Back doors can open a network firewall port in the network. d. Back doors are used to legitimately configure system configurations.
b. Back doors can open a network port on the affected system so that the attacker can connect and control such system.
Which of the following connectors are supported by the Cisco CWS (Cloud Web Security) service? (Choose all that apply.) a. Cisco Security Manager (CSM) b. Cisco ASA c. Cisco ISR G2 routers d. Cisco AnyConnect Secure Mobility Client e. Cisco WSA (Web Security Appliance)
b. Cisco ASA c. Cisco ISR G2 routers d. Cisco AnyConnect Secure Mobility Client e. Cisco WSA (Web Security Appliance)
Cisco WSA (Web Security Appliance) can be deployed using the Web Cache Communication Protocol (WCCP) configured in which of the following modes? (Choose all that apply.) a. Multiple context mode b. Explicit proxy mode c. Transparent proxy mode d. Virtualized mode
b. Explicit proxy mode c. Transparent proxy mode
When is traffic allowed to be routed and forwarded if the source of the traffic is from a device located off of a low-security interface if the destination device is located off of a high-security interface? (Choose all that apply.) a. This traffic is never allowed. b. This traffic is allowed if the initial traffic was inspected and this traffic is the return traffic. c. If there is an access list that is permitting this traffic. d. This traffic is always allowed by default.
b. This traffic is allowed if the initial traffic was inspected and this traffic is the return traffic. c. If there is an access list that is permitting this traffic.
Which of the following is an accurate description of the word "inbound" as it relates to an ASA? (Choose all that apply.) a. Traffic from a device that is located on a high-security interface b. Traffic from a device that is located on a low-security interface c. Traffic that is entering any interface d. Traffic that is exiting any interface
b. Traffic from a device that is located on a low-security interface c. Traffic that is entering any interface The Cisco Adaptive Security Appliances (ASA) is a unified threat management device, combining several network security functions in one box.
Which command provides information on receive adjacency traffic? a. show ip bgp b. show processes cpu c. show interfaces summary d. show ip cef
show ip cef
Which of protocols, if abused, could impair an IPv6 network, but not IPv4? (Choose all that apply.) a. ARP b. NDP c. Broadcast addresses d. Solicited node multicast addresses
• NDP - Neighbor Discovery Protocol • Solicited node multicast addresses