Network Auth snd Security Ch 1-22

What command will prevent all unencrypted passwords from displaying in plain text in a configuration file? -(config)# service password-encryption -(config)# enable secret Secret_Password -(config)# enable password-secret -(config)# password secret -(config)# secret-encrypt all 0 15

(config)# service password-encryption

What is the default privilege level of user accounts created on Cisco routers? - 0 - 15 - 1 - 16

- 1

Which range of custom privilege levels can be configured on Cisco routers? - 0 through 15 - 2 through 14 - 1 through 15 - 2 through 15 - 1 through 16

- 2 through 14

Which three statements describe limitations in using privilege levels for assigning command authorization? (Choose three.) - Creating a user account that needs access to most but not all commands can be a tedious process. - Commands set on a higher privilege level are not available for lower privilege users. - The root user must be assigned to each privilege level that is defined. - It is required that all 16 privilege levels be defined, whether they are used or not. - There is no access control to specific interfaces on a router. - Views are required to define the CLI commands that each user can access.

- Creating a user account that needs access to most but not all commands can be a tedious process. - Commands set on a higher privilege level are not available for lower privilege users. - There is no access control to specific interfaces on a router.

What must be done before any role-based CLI views can be created? - Assign multiple privilege levels. - Configure usernames and passwords. - Issue the aaa new-model command. - Create the secret password for the root user.

- Issue the aaa new-model command.

What does level 5 in the following enable secret global configuration mode command indicate? Router(config)# enable secret level 5 csc5io - The enable secret password can only be set by individuals with privileges for EXEC level 5. - The enable secret password is hashed using SHA. - The enable secret password is hashed using MD5. - The enable secret password grants access to privileged EXEC level 5.

- The enable secret password grants access to privileged EXEC level 5.

An administrator assigned a level of router access to the user ADMIN using the commands below. Router(config)# privilege exec level 14 show ip route Router(config)# enable algorithm-type scrypt secret level 14 cisco-level-10 Router(config)# username ADMIN privilege 14 algorithm-type scrypt secret cisco-level-10 - The user can issue the show version command. - The user can only execute the subcommands under the show ip route command. - The user can issue the ip route command. - The user can issue all commands because this privilege level can execute all Cisco IOS commands. - The user can execute all subcommands under the show ip interfaces command.

- The user can issue the show version command. - The user can execute all subcommands under the show ip interfaces command.

Which two router commands can a user issue when granted privilege level 0? (Choose two.) - ping - disable - help - configure - show

- disable - help

What are three network enhancements achieved by implementing the Cisco IOS software role-based CLI access feature? (Choose three.) - fault tolerance - cost reduction - operational efficiency - scalability - security - availability

- operational efficiency - security - availability

A network administrator wants to create a new view so that a user only has access to certain configuration commands. In role-based CLI, which view should the administrator use to create the new view? - superview - admin view - CLI view - root view

- root view

Which command will move the show interface command to privilege level 10? - router(config-if)# privilege exec level 10 show interface - router(config)# show interface level 10 - router(config-if)# show interface level 10 - router(config)# privilege exec level 10 show interface - router(config)# privilege level 10 show interface - router(config-if)# privilege level 10 show interface

- router(config)# privilege exec level 10 show interface

A network administrator enters the command R1# enable view adminview. What is the purpose of this command? - to enter a superview named adminview - to enter a CLI view named adminview - to create a CLI view named adminview - to enter the root view

- to enter a CLI view named adminview

What three configuration steps must be performed to implement SSH access to a router? (Choose three.) -A user account. -A unique hostname. -An IP domain name. -A password on the console line. -An encrypted password. -An enable mode password. Standard ACLs can filter on source and destination TCP and UDP ports.

-A user account. -A unique hostname. -An IP domain name.

Which two statements describe access attacks? (Choose two.) -Port rediretction attacks use a network adapter card in promiscuous mode to capture all network packets that are being sent across a LAN. -To detect listening services, port scanning attacks scan a range of TCP or UDP port numbers on a host. -Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code. -Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers. -Trust exploitation attacks often involve the use of a laptop to act as a rogue access point to capture and copy all network traffic in a public location, such as a wireless hotspot.

-Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code. -Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers.

Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.) -Physical Security. -Zone Isolation. -Router Hardening. -Opertaing System Security. -Flash Security. -Remote Access Security.

-Physical Security. -Router Hardening. -Opertaing System Security.

What are two reasons to enable OSPF routing protocol authentication on a network? (Choose two.) -To ensure faster network convergence. -To provide data security through encryption. -To prevent data traffic from being redirected and then discarded. -To ensure more efficient routing. -To prevent redirection of data traffic to an insecure link.

-To prevent data traffic from being redirected and then discarded -To prevent redirection of data traffic to an insecure link.

What are three functions provided by the syslog service? (Choose three.) -To specify the destinations of captured messages. -To periodically poll agents for data. -To gather logging information for monitoring and troubleshooting. -Enable DTP on all trunk ports. -To select the type of logging information that is captured.

-To specify the destinations of captured messages. -To gather logging information for monitoring and troubleshooting. -To select the type of logging information that is captured.

Which two characteristics describe a worm? (Choose two.) -executes when software is run on a computer -infects computers by attaching software code -travels to new computers without any intervention or knowledge of the user -hides in a dormant state until needed by an attacker -is self-replicating -despite being hermaphroditic, it needs a partner to reproduce

-travels to new computers without any intervention or knowledge of the user -is self-replicating

What wild card mask will match networks 172.16.0.0 through 172.19.0.0? -0.252.255.255 -0.0.3.255 -0.3.255.255 -0.0.255.255 -0.0.0.255

0.3.255.255

Which statement describes SNMP operation? -An SNMP agent that resides on a managed device collects information about the device and stores that information remotely in the MIB that is located on the NMS. -A get request is used by the SNMP agent to query the device for data. -A set request is used by the NMS to change configuration variables in the agent device. -An NMS periodically polls the SNMP agents that are residing on managed devices by using traps to query the devices for data.

A set request is used by the NMS to change configuration variables in the agent device.

What is a characteristic of the Cisco IOS Resilient Configuration feature? -It maintains a secure working copy of the bootstrap startup program. -Once issued, the secure boot-configcommand automatically upgrades the configuration archive to a newer version after new configuration commands have been entered. -A snapshot of the router running configuration can be taken and securely archived in persistent storage. -The secure boot-image command works properly when the system is configured to run an image from a TFTP server.

A snapshot of the router running configuration can be taken and securely archived in persistent storage.

What is an example of a local exploit? -A threat actor performs a brute force attack on an enterprise edge router to gain illegal access. -A buffer overflow attack is launched against an online shopping website and causes a server crash. -Port scanning is used to determine if the Telnet service is running. -The threat actor is within a 5 kilometer radius of the target. -A threat actor tries to gain the user password of a remote host by using a keyboard capture installed by a Trojan.

A threat actor tries to gain the user password of a remote host by using a keyboard capture installed by a Trojan.

A network administrator is issuing the login block-for 180 attempts 2 within 30 command on a router. Which threat is the network administrator trying to prevent? -A device that is trying to inspect the traffic on a link. -An unidentified individual who is trying to access the network equipment room. -A worm that is attempting to propagate the network. -A user who is trying to guess a password to access the router or a brute force attack.

A user who is trying to guess a password to access the router or a brute force attack.

What service or protocol does the Secure Copy Protocol rely on to ensure that secure copy transfers are from authorized users? -SNMP -AAA -IpSec -Radius

AAA

Which term describes the ability of a web server to keep a log of the users who access the server, as well as the length of time they use it? -Authentication. -Assigning permissions. -Accounting. -Authorization.

Accounting.

What is the primary means for mitigating virus and Trojan horse attacks? -Antivirus Software. -Encryption. -Blocking ICMP echo and echo replies. -Antisniffer Software.

Antivirus Software

Which scenario would cause an ACL misconfiguration and deny all traffic? -Apply a standard ACL using the ip access-group out command. -Apply a named ACL to a VTY line. -Apply a standard ACL in the inbound direction. -Apply an ACL that has all deny ACE statements.

Apply an ACL that has all deny ACE statements.

With the evolution of borderless networks, which vegetable is now used to describe a defense-in-depth approach? -Security Onion. -Cabbage. -Artichoke. -Carrots. -Mushrooms.

Artichoke

What does the TACACS+ protocol provide in a AAA deployment? -Authorization on a per-user or per-group basis. -AAA connectivity via UDP. -Password encryption without encrypting the packet. -Compatibility with previous TACACS protocols.

Authorization on a per-user or per-group basis.

Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform? -Authentication. -Authorization. -Accounting. -Auditing

Authorization.

How does BYOD change the way in which businesses implement networks? -BYOD users are responsible for their own network security, thus reducing the need for organizational security policies. -BYOD devices are more expensive than devices purchased by the organizations. -BYOD devices changed nohting. -BYOD devices provide flexibility in where and how users can access network resources. -BYOD users are better at securing their devices than the IT Department.

BYOD devices provide flexibility in where and how users can access network resources

What method can be used to mitigate ping sweeps? -Blocking ICMP echo and echo-replies at the network edge. -Installing antivirus software on hosts. -Deploying antisniffer software on hosts. -It uses the enable password for authentication. -Blocking ICMP echo and echo-replies in the middle of the network.

Blocking ICMP echo and echo-replies at the network edge

A security intern is reviewing the corporate network topology diagrams before participating in a security review. Which network topology would commonly have a large number of wired desktop computers? -cloud -CAN -data center -SOHO

CAN

Refer to the exhibit. An IT security manager is planning security updates on this particular network. Which type of network is displayed in the exhibit and is being considered for updates? -WAN -CAN -data center -SOHO

CAN

Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack? -Telnet -CDP -LLDP -SSH

CDP

When SNMPv1 or SNMPv2 is being used, which feature provides secure access to MIB objects? -Community strings. -Message integrity. -Packet encryption. -Source validation. -Destination validation.

Community strings.

What three items are components of the CIA triad? (Choose three.) -NSA, DHS and FBI. -Confidentiality. -Availability. -Integrity. -Scalbility. -Intevention. -Access.

Confidentiality Availability Integrity

When password recovery on a router is being performed and the settings in NVRAM have been bypassed, which step should be taken next? -Reload the Router. -Reset the Router. -Copy the contents of the RAM to the NVRAM. -Copy the contents of the NVRAM to the RAM.

Copy the contents of the NVRAM to the RAM.

In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services? -MITM -DoS -Address Spoofing -Session Hijacking -Hyperjacking

DoS

Which ICMP message type should be stopped inbound? -Echo-reply. -Echo. -Source quench. -Echo-tango. -Unreachable.

Echo

What is the first required task when configuring server-based AAA authentication? -Configure the IP address of the server. -Specify the type of server providing the authentication. -Enable AAA globally. -Configure the type of AAA authentication.

Enable AAA globally.

Which functionality does the TACACS single-connection keyword provide to AAA services? -Allows the use of differing keys between the TACACS+ server and the AAA client. -Maintains a single UDP connection for the life of the session. -Encrypts the data transfer between the TACACS+ server and the AAA client. -Enhances the performance of the TCP connection

Enhances the performance of the TCP connection

A company is planning to use a DMZ for their servers and is concerned about securing the network infrastructure. Which device should the network security team use for the edge router? -Firewall. -VPN gateway. -Cisco Nexus Switch. -An intrusion prevention device (IPS).

Firewall.

Which section of a security policy is used to specify that only authorized individuals should have access to enterprise data? -Statement of Authority. -Acceptable use policy. -Identification and authentication policy. -Statement of Scope. -Internet access policy

Identification and authentication policy

Which statement accurately characterizes the evolution of threats to network security? -Threats have become less sophisticated while the technical knowledge needed by an attacker has grown. -Early Internet users often engaged in activities that would harm other users. -Internal threats can cause even greater damage than external threats. -Internet architects planned for network security from the beginning.

Internal threats can cause even greater damage than external threats.

When a method list for AAA authentication is being configured, what is the effect of the keyword local? -It uses the enable password for authentication. -It defaults to the vty line password for authentication. -It accepts a locally configured username, regardless of case. -The login succeeds, even if all methods return an error.

It accepts a locally configured username, regardless of case.

What is the purpose of using a banner message on a Cisco network device? -It will stop attackers dead in their tracks. -It can provide more security by slowing down attacks. -It can protect an organization from a legal perspective. -It can be used to create a quiet period where remote connections are refused.

It can protect an organization from a legal perspective.

What is a feature of the TACACS+ protocol? -It combines authentication and authorization as one process. -It encrypts the entire body of the packet for more secure communications. -It utilizes UDP to provide more efficient packet transfer. -It hides passwords during transmission using PAP and sends the rest of the packet in plaintext.

It encrypts the entire body of the packet for more secure communications.

Which statement describes the term attack surface? -It is the total sum of vulnerabilities in a system that is accessible to an attacker -It is the total number of attacks toward an organization within a day. -it is the group of hosts that expereiences the same attack. -It is the interface where the attacks originate. -The interface on the gateway router upon which the attack enters.

It is the total sum of vulnerabilities in a system that is accessible to an attacker

What security tool allows a threat actor to hack into a wireless network and detect security vulnerabilities? -SuperScan. -KisMac. -Click fuzzers. -Nmap. -Open VAS. -Wire Shark.

KisMac

Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode? -Provision the router with the maximum amount of RAM possible. -Keep a secure copy of the router Cisco IOS image and router configuration file as a backup. -Ensure that users on the 192.168.10.0/24 network are not allowed to transmit traffic to any other destination. -Locate the router in a secure locked room that is accessible only to authorized personel.

Locate the router in a secure locked room that is accessible only to authorized personel.

Which type of access is secured on a Cisco router or switch with the enable secret command? -Enable at least two ports for remote access. -Console Line. -Disable discovery protocols for all user-facing ports. -Block local access. -Log and account for all access.

Log and account for all access.

Which technology is used to secure, monitor, and manage mobile devices? -VPN -rootkit -ASA firewall -MDM

MDM

What functional area of the Cisco Network Foundation Protection framework uses protocols such as Telnet and SSH to manage network devices? -Management plane. -Control plane. -Data plane. -Fowarding plane.

Management plane

Which protocol or service is used to automatically synchronize the software clocks on Cisco routers? -NTP -DNS -SNMP -STP

NTP

At what point in the enterprise network are packets arriving from the internet examined prior to entering the network? -Network Edge. -WAN Edge. -Core Router. -On a third-party server one hop off-site

Network Edge.

A security technician is evaluating a new operations security proposal designed to limit access to all servers. What is an advantage of using network security testing to evaluate the new proposal? Network security testing is most effective when deploying new security proposals. Network security testing is simple because it requires just one test to evaluate the new proposal. Network security testing proactively evaluates the effectiveness of the proposal before any real threat occurs. Network security testing is specifically designed to evaluate administrative tasks involving server and workstation access.

Network security testing proactively evaluates the effectiveness of the proposal before any real threat occurs.

What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source? -Vishing -Trojan -Backdooring -Phreaking -Cat Phishing -Phishing

Phishing

Which evasion method describes the situation that after gaining access to the administrator password on a compromised host, a threat actor is attempting to login to another host using the same credentials? -Spinning -Pivoting -Traffic Substitution -Protocol-level misinterpretation -Duck and cover

Pivoting

What is a characteristic of AAA accounting? Question options: -Accounting can only be enabled for network connections. -Possible triggers for the aaa accounting exec default command include start-stop and stop-only. -Users are not required to be authenticated before AAA accounting logs their activities on the network. -Accounting is concerned with allowing and disallowing authenticated users access to certain areas and programs on the network.

Possible triggers for the aaa accounting exec default command include start-stop and stop-only.

Which type of access is secured on a Cisco router or switch with the enable secret command? -AUX port. -Console Line. -Virtual Terminal. -PuTTY. -Privleged EXEC.

Privleged EXEC.

Refer to the exhibit. A network administrator wants to create a standard ACL to prevent Network 1 traffic from being transmitted to the Research and Development network. On which router interface and in which direction should the standard ACL be applied? -R1 Gi0/0 outbound -R2 S0/0/0 inbound -R1 S0/0/0 outbound -R2 Gi0/0 outbound. -R2 Gi0/0 inbound -R1 Gi0/0 inbound

R2 Gi0/0 outbound

Which statement describes a difference between RADIUS and TACACS+? -RADIUS encrypts only the password whereas TACACS+ encrypts all communication. -RADIUS uses TCP whereas TACACS+ uses UDP. -RADIUS separates authentication and authorization whereas TACACS+ combines them as one process. -RADIUS is supported by the Cisco Secure ACS software whereas TACACS+ is not. -Neither RADIUS nor TACACS+ is supported by the Cisco Secure ACS software.

RADIUS encrypts only the password whereas TACACS+ encrypts all communication.

A network administrator establishes a connection to a switch via SSH. What characteristic uniquely describes the SSH connection? -Direct access to the switch through the use of a terminal emulation program. -Remote access to a switch where data is encrypted during the session. -Out-of-band access to a switch through the use of a terminal with password authentication. -Remote access to the switch through the use of a tlephone dialup connection. -On-site access toa switch through the use of a directly connected PC and a console cable.

Remote access to a switch where data is encrypted during the session.

Which risk management plan involves discontinuing an activity that creates a risk? -Risk Mitigation -Risk Avoidance -Risk Reduction -Risk Sharing -Risk Retention

Risk Avoidance

Which security implementation will provide control plane protection for a network device? -There is no ability to secure the control plane. -Routing Protocol Authentication. -Encryption for remote access connection. -NTP for consistent timestamps on logging messages. -AAA for authenticating management access. -AAA provides free road-side assitance.

Routing Protocol Authentication

What name is given to an amateur hacker? -Scriptie -Red Hat -Blue Team -Script Kiddie -Kid Script

Script Kiddie

A user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent? -Social Engineering -DDoS -SAAS -Anonymous key logging -SPAM

Social Engineering

Which network security tool can detect open TCP and UDP ports on most versions of Microsoft Windows? Nmap L0phtcrack SuperScan Zenmap

SuperScan

Which technology allows syslog messages to be filtered to different devices based on event importance? -Syslog service timestamps. -Syslog severity levels. -Syslog service identifiers. -Syslog facilities.

Syslog severity levels.

What threat intelligence group provides blogs and podcasts to help network security professionals remain effective and up-to-date? -Mitre -FireEye -CybOX -Talos

Talos

What is one difference between using Telnet or SSH to connect to a network device for management purposes? -Telnet sends data in plain text, where as SSH encrypts the data. -If you are consoled in to the router locally, there is no difference. -Telnet uses UDP and SSH uses HTTPS. -Telnet does not provide authentication whereas SSH provides authentication.

Telnet sends data in plain text, where as SSH encrypts the data.

Refer to the exhibit. A network administrator is configuring an IPv6 ACL to allow hosts on the 2001:DB8:CAFE:10::/64 network to access remote web servers, except for PC1. However, a user on PC1 can successfully access the web server PC2. Why is this possible? -The IPv6 ACL Deny_WEB is applied in the incorrect direction on router R1. -The IPv6 ACL Deny_WEB is permitting all web traffic before the specific host is blocked. -The IPv6 ACL Deny_WEB is applied to the wrong interface of router R1. -The IPv6 ACL Deny_WEB is spelled incorrectly when applied to the interface.

The IPv6 ACL Deny_WEB is permitting all web traffic before the specific host is blocked.

What method is used to apply an IPv6 ACL to a router interface? -The use of the ipv6 traffic-filter command. -The use of the access-class command. -The use of the ipv6 access-list command. -The use of the ip access-group command.

The use of the ipv6 traffic-filter command.

Refer to the exhibit. Which statement describes the function of the ACEs? -These are optional ACEs that can be added to the end of an IPv6 ACL to allow ICMP messages that are defined in object groups named nd-na and nd-ns. -These ACEs allow for IPv6 neighbor discovery traffic. -These ACEs must be manually added to the end of every IPv6 ACL to allow IPv6 routing to occur. -These ACEs automatically appear at the end of every IPv6 ACL to allow IPv6 routing to occur.

These ACEs allow for IPv6 neighbor discovery traffic.

In what way are zombies used in security attacks? -They probe a group of machine for open ports to learn which services are running. -They are malicioulsy formed code segments used to replace legitimate applications. -They are infected machines that carry out a DDoS attack. -They target specific individuals to gain corporate information. -They target specific individuals to gain personal information.

They are infected machines that carry out a DDoS attack.

What is the purpose of issuing the ip ospf message-digest-key key md5 password command and the area area-id authentication message-digest command on a router? -To enable OSPF MD5 authentication on a per-interface basis. -To facilitate the establichment of neighbor adjacencies. -To configure OSPF MD5 authentication globally on the router. -To encrypt OSPF routing updates.

To configure OSPF MD5 authentication globally on the router.

What is the purpose of the network security accounting function? -To keep track of the actions of a user. -To provide challenge and response questions. -To require users to prove who they are. -To determine which resources a user can access.

To keep track of the actions of a user.

What is the primary function of SANS? -To maintain the Internet Storm Center. -To maintain the Weather Channel -To foster cooperation and coordinationin information sharing, incident prevention and rapid reaction. -To provide vendor neutral education products and career services. -To maintain the list of common vulnerabilities

To maintain the Internet Storm Center

In applying an ACL to a router interface, which traffic is designated as outbound? -Traffic that is coming from the source IP address into the router. -Traffic that is going from the destination IP address into the router. -Traffic that is leaving the router and going toward the destination host. -The IP atraffic for which the router can find no routing table entryddresses of IPsec peers.

Traffic that is leaving the router and going toward the destination host.

Which statement describes a typical security policy for a DMZ firewall configuration? -Traffic that originates from the outside interface is permitted to traverse the firewall to the inside interface with little or no restrictions. -Traffic that originates from the DMZ interface is selectively permitted to the outside interface. -Traffic that originates from the inside interface is generally blocked entirely or very selectively permitted to the outside interface. -Return traffic from the outside that is associated with traffic originating from the inside is permitted to traverse from the outside interface to the DMZ interface. -Return traffic from the inside that is associated with traffic originating from the outside is permitted to traverse from the inside interface to the outside interface.

Traffic that originates from the DMZ interface is selectively permitted to the outside interface.

What worm mitigation phase involves actively disinfecting infected systems? -Innoculation. -Containment. -Treatment. -Quarantine. -De-worming.

Treatment

What are SNMP trap messages? -Unsolicited messages that are sent by the SNMP agent and alert the NMS to a condition on the network -Messages that are used by the NMS to change configuration variables in the agent device. -Messages that are used by the NMS to query the device for data. -Messages that are sent periodically by the NMS to the SNMP agents that reside on managed devices to query the device for data.

Unsolicited messages that are sent by the SNMP agent and alert the NMS to a condition on the network

What is a good password recommendation for a Cisco router? -Use the service password-encryption command to protect a password used to log into a remote device across the network. -Use a minimum of 7 characters. -Leave it blank, no one would guess that and the brute force attacks don't try that. -Use one or more spaces within a multiword passphrase. -Zeroize all passwords used (like they showed in the video).

Use one or more spaces within a multiword passphrase.

What is the quickest way to remove a single ACE from a named ACL? -Use the no access-list command to remove the entire ACL, then recreate it without the ACE. -Copy the ACL into a text editor, remove the ACE, then copy the ACL back into the router. -Use the no keyword and the sequence number of the ACE to be removed. -Create a new ACL with a different number and apply the new ACL to the router interface.

Use the no keyword and the sequence number of the ACE to be removed.

A user complains about not being able to gain access to a network device configured with AAA. How would the network administrator determine if login access for the user account is disabled? -Use the show aaa local user lockout command. -Use the show aaa user command. -Use the show running-configuration command. -Use the show aaa sessions command.

Use the show aaa local user lockout command.

Which security technology is commonly used by a teleworker when accessing resources on the main corporate office network? -SecureX -IPS -VPN -biometric access

VPN

In the video that describes the anatomy of an attack, a threat actor was able to gain access through a network device, download data, and destroy it. Which flaw allowed the threat actor to do this? -a flat network with no subnets or VLANs -improper physical security to gain access to the building -lack of a strong password policy -open ports on the firewall

a flat network with no subnets or VLANs

Which resource is affected due to weak security settings for a device owned by the company, but housed in another location? -cloud storage device -hard copy -removable media -social networking

cloud storage device

Which security measure is typically found both inside and outside a data center facility? -a gate -biometrics access -exit sensors -security traps -continuous video surveillance

continuous video surveillance

Each day, a security analyst spends time examining logs and events from different systems and applications to quickly detect security threats. What function of the Security Information Event Management (SIEM) technology does this action represent? aggregation correlation retention forensic analysis

correlation

When considering network security, what is the most valuable asset of an organization? -customers -financial resources -personnel -data

data

Which type of network commonly makes use of redundant air conditioning and a security trap? -cloud -WAN -data center -CAN

data center

Which operator is used in an ACL statement to match packets of a specific application? -eq -gt -lt -established -implicit deny -match

eq

What type of ACL offers greater flexibility and control over network access? -named standard -numbered standard -flexible -extended -detracted

extended

A network engineer wants to synchronize the time of a router with an NTP server at the IPv4 address 209.165.200.225. The exit interface of the router is configured with an IPv4 address of 192.168.212.11. Which global configuration command should be used to configure the NTP server as the time source for this router? -ntp server 209.165.200.225 -ntp server 209.165.200.0 -ntp server 192.168.212.11 -ntp server s0/0/0

ntp server 209.165.200.225

Which service should be disabled on a router to prevent a malicious host from falsely responding to ARP requests with the intent to redirect the Ethernet frames? -LLDP -CDP -proxy ARP -reverse ARP

proxy ARP

What is hyperjacking? -adding outdated security software to a virtual machine to gain access to a data center server -using processors from multiple computers to increase data processing power -overclocking the mesh network which connects the data center servers -taking over a virtual machine hypervisor as part of a data center attack

taking over a virtual machine hypervisor as part of a data center attack

Why would a rootkit be used by a hacker? -to do reconnaissance -to try to guess a password -to gain access to a device without being detected -to reverse engineer binary files -to root an Android device

to gain access to a device without being detected