Network Security Quiz 2

What is a characteristic of an IDS? It can affect network performance by introducing latency and jitter. It often requires assistance from other network devices to respond to an attack. It is installed inline with the network traffic flow. It can be configured to drop trigger packets that are associated with a connection

It often requires assistance from other network devices to respond to an attack. Explanation: An IDS often requires assistance from other networking devices, such as routers and firewalls, to respond to an attack.

What are two characteristics of an IPS operating in promiscuous mode? (Choose two.) It can stop malicious traffic from reaching the intended target for all types of attacks. It sits directly in the path of the traffic flow. It requires the assistance of another network device to respond to an attack. It does not impact the flow of packets in forwarded traffic. It sends alerts and drops any malicious packets.

It requires the assistance of another network device to respond to an attack. It does not impact the flow of packets in forwarded traffic. Explanation: An advantage of an IPS operating in promiscuous mode is that the sensor does not affect the packet flow with the forwarded traffic. A disadvantage is that the sensor cannot stop malicious traffic from reaching its intended target for certain types of attacks, such as atomic attacks (single-packet attacks).

What is a minimum system requirement to activate Snort IPS functionality on a Cisco router? at least 4 GB RAM at least 4 GB flash ISR 2900 or higher K9 license

K9 license Explanation: The requirements to run Snort IPS include ISR 4300 or higher, K9 license, 8 GB RAM, and 8 GB flash.

At which layer of the OSI model does Spanning Tree Protocol operate? Layer 1 Layer 2 Layer 3 Layer 4

Layer 2 Explanation: Spanning Tree Protocol (STP) is a Layer 2 technology for preventing Layer 2 loops between redundant switch paths.

What is the result of a DHCP starvation attack? Legitimate clients are unable to lease IP addresses. Clients receive IP address assignments from a rogue DHCP server. The attacker provides incorrect DNS and default gateway information to clients. The IP addresses assigned to legitimate clients are hijacked.

Legitimate clients are unable to lease IP addresses. Explanation: DCHP starvation attacks are launched by an attacker with the intent to create a DoS for DHCP clients. To accomplish this goal, the attacker uses a tool that sends many DHCPDISCOVER messages to lease the entire pool of available IP addresses, thus denying them to legitimate hosts.

Which algorithm can ensure data integrity? RSA AES MD5 PKI

MD5 Explanation: Data integrity guarantees that the message was not altered in transit. Integrity is ensured by implementing either of the Secure Hash Algorithms (SHA-2 or SHA-3). The MD5 message digest algorithm is still widely in use.

What technology has a function of using trusted third-party protocols to issue credentials that are accepted as an authoritative identity? digital signatures hashing algorithms PKI certificates symmetric keys

PKI certificates Explanation: Digital certificates are used to prove the authenticity and integrity of PKI certificates, but a PKI Certificate Authority is a trusted third-party entity that issues PKI certificates. PKI certificates are public information and are used to provide authenticity, confidentiality, integrity, and nonrepudiation services that can scale to large requirements.

Two devices that are connected to the same switch need to be totally isolated from one another. Which Cisco switch security feature will provide this isolation? PVLAN Edge DTP SPAN BPDU guard

PVLAN Edge Explanation: The PVLAN Edge feature does not allow one device to see traffic that is generated by another device. Ports configured with the PVLAN Edge feature are also known as protected ports. BPDU guard prevents unauthorized connectivity to a wired Layer 2 switch. SPAN is port mirroring to capture data from one port or VLAN and send that data to another port. DTP (Dynamic Trunking Protocol) is automatically enabled on some switch models to create a trunk if the attached device is configured for trunking. Cisco recommends disabling DTP as a best practice.

What is an example of the one-time pad cipher? RC4 rail fence Caesar Vigenère​

RC4 Explanation: RC4 is an example of the one-time pad cipher, and it is widely used on the Internet. The Caesar cipher is a simple substitution cipher, and the Vigenère cipher is based on the Caesar cipher. An example of a transposition cipher is the rail fence cipher.​

Which protocol should be used to mitigate the vulnerability of using Telnet to remotely manage network devices? SNMP TFTP SSH SCP

SSH Explanation: Telnet uses plain text to communicate in a network. The username and password can be captured if the data transmission is intercepted. SSH encrypts data communications between two network devices. TFTP and SCP are used for file transfer over the network. SNMP is used in network management solutions.

Which tool can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks? SIEM Nmap Snort Netflow

Snort Snort is an open source intrusion protection system (IPS) that is capable of performing real-time traffic and port analysis, packet logging, content searching and matching, as well as detecting probes, attacks, port scans, fingerprinting, and buffer overflow attacks.

Which Snort IPS feature enables a router to download rule sets directly from cisco.com or snort.org? Snort rule set pull Signature allowed listing Snort rule set push Snort rule set updates

Snort rule set pull Explanation: With the Snort rule set pull feature, a router can download rule sets directly from cisco.com or snort.org to a local server. The download can occur using one-time commands or periodic automated updates.

What are two properties of a cryptographic hash function? (Choose two.) Complex inputs will produce complex hashes. Hash functions can be duplicated for authentication purposes. The hash function is one way and irreversible. The input for a particular hash algorithm has to have a fixed size. The output is a fixed length.

The hash function is one way and irreversible. The output is a fixed length. Explanation: A cryptographic hash function should have the following properties:The input can be any length.The output has a fixed length.The hash value is relatively easy to compute for any given input.The hash is one way and not reversible.The hash is collision free, meaning that two different input values will result in different hash values

What is the behavior of a switch as a result of a successful CAM table attack? The switch will drop all received frames. The switch interfaces will transition to the error-disabled state. The switch will forward all received frames to all other ports. The switch will shut down.

The switch will forward all received frames to all other ports. Explanation: As a result of a CAM table attack, a switch can run out of memory resources to store MAC addresses. When this happens, no new MAC addresses can be added to the CAM table and the switch will forward all received frames to all other ports. This would allow an attacker to capture all traffic that is flooded by the switch.

Two users must authenticate each other using digital certificates and a CA. Which option describes the CA authentication procedure? The users must obtain the certificate of the CA and then their own certificate. The CA is always required, even after user verification is complete. CA certificates are retrieved out-of-band using the PSTN, and the authentication is done in-band over a network. After user verification is complete, the CA is no longer required, even if one of the involved certificates expires.

The users must obtain the certificate of the CA and then their own certificate. Explanation: When two users must authenticate each other using digital certificates and CA, both users must obtain their own digital certificate from a CA. They submit a certificate request to a CA, and the CA will perform a technical verification by calling the end user (out-of-band). Once the request is approved, the end user retrieves the certificate over the network (in-band) and installs the certificate on the system. After both users have installed their certificate, they can perform authentication by sending their certificate to each other. Each site will use the public key of the CA to verify the validity of the certificate; no CA is involved at this point. If both certificates are verified, both users can now authenticate each other.

Why are traditional network security perimeters not suitable for the latest consumer-based network endpoint devices? These devices are not managed by the corporate IT department. These devices pose no risk to security as they are not directly connected to the corporate network. These devices connect to the corporate network through public wireless networks. These devices are more varied in type and are portable

These devices are more varied in type and are portable. Explanation: Traditional network security has two major focuses: (1) end point protection using antivirus software and enabling the personal firewall, and (2) network border protection with firewalls, proxy servers, and network packet scanning devices or software. This type of protection is not suited for the new network devices that are mobile, frequently access cloud storage, and may be a personal device.

Which statement describes asymmetric encryption algorithms? They have key lengths ranging from 80 to 256 bits. They include DES, 3DES, and AES. They are also called shared-secret key algorithms. They are relatively slow because they are based on difficult computational algorithms.

They are relatively slow because they are based on difficult computational algorithms. Explanation: DES, 3DES, and AES are examples of symmetric encryption algorithms (also known as shared secret key algorithms). The usual key length for symmetric algorithms is 80-256 bits. Asymmetric algorithms are relatively slow because they are based on difficult computational algorithms.

Refer to the exhibit. The network administrator is configuring the port security feature on switch SWC. The administrator issued the command show port-security interface fa 0/2 to verify the configuration. What can be concluded from the output that is shown? (Choose three.) Three security violations have been detected on this interface. This port is currently up. The port is configured as a trunk link. Security violations will cause this port to shut down immediately. There is no device currently connected to this port. The switch port mode for this interface is access mode.

This port is currently up. Security violations will cause this port to shut down immediately. The switch port mode for this interface is access mode. Explanation: Because the security violation count is at 0, no violation has occurred. The system shows that 3 MAC addresses are allowed on port fa0/2, but only one has been configured and no sticky MAC addresses have been learned. The port is up because of the port status of secure-up. The violation mode is what happens when an unauthorized device is attached to the port. A port must be in access mode in order to activate and use port security.

What Layer 2 attack is mitigated by disabling Dynamic Trunking Protocol? VLAN hopping DHCP spoofing ARP poisoning ARP spoofing

VLAN hopping Explanation: Mitigating a VLAN hopping attack can be done by disabling Dynamic Trunking Protocol (DTP) and by setting the native VLAN of trunk links to VLANs not in use.

What is a network tap? a Cisco technology that provides statistics on packets flowing through a router or multilayer switch a technology used to provide real-time reporting and long-term analysis of security events a feature supported on Cisco switches that enables the switch to copy frames and forward them to an analysis device a passive device that forwards all traffic and physical layer errors to an analysis device

a passive device that forwards all traffic and physical layer errors to an analysis device Explanation: A network tap is used to capture traffic for monitoring the network. The tap is typically a passive splitting device implemented inline on the network and forwards all traffic, including physical layer errors, to an analysis device.

Which two items are used in asymmetric encryption? (Choose two.) a token a TPM a private key a DES key a public key

a private key a public key Explanation: A token is something that is used to provide two-factor authentication. DES is using an identical key to encrypt and decrypt. Asymmetric encryption uses a private key associated with a public key.

What is PulledPork? an open source network IPS that performs real-time traffic analysis and generates alerts when threats are detected on IP networks a centralized management tool to push the rule sets based on preconfigured policy, to Cisco routers a virtual service container that runs on the Cisco ISR router operating system a rule management application that can be used to automatically download Snort rule updates

a rule management application that can be used to automatically download Snort rule updates Explanation: PulledPork is a rule management application that can be used to automatically download Snort rule updates. Using PulledPork requires an authorization code, called an oinkcode, obtained from a snort.org account.

Which command is used as part of the 802.1X configuration to designate the authentication method that will be used? dot1x system-auth-control aaa authentication dot1x aaa new-model dot1x pae authenticator

aaa authentication dot1x Explanation: The aaa authentication dot1x default group radius command specifies that RADIUS is used as the method for 802.1X port-based authentication.

What is contained in an OVA file? a current compilation of known threats and prevention mechanisms an installable version of a virtual machine a list of atomic and composite signatures a set of rules for an IDS or IPS to detect intrusion activity

an installable version of a virtual machine Explanation: Step 1 of the configuration of Snort IPS is to download an Open Virtualization Archive (OVA) file. This file contains a compressed, installable version of a virtual machine.

Which term describes the role of a Cisco switch in the 802.1X port-based access control? agent supplicant authenticator authentication server

authenticator Explanation: 802.1X port-based authentication defines specific roles for the devices in the network:Client (Supplicant) - The device that requests access to LAN and switch servicesSwitch (Authenticator) - Controls physical access to the network based on the authentication status of the clientAuthentication server - Performs the actual authentication of the client

What is provided by the fail open and close functionality of Snort IPS? provides the ability to automatically disable problematic signatures that routinely cause false positives and pass traffic blocks the traffic flow or bypasses IPS checking in the event of an IPS engine failure keeps Snort current with the latest threat protection and term-based subscriptions keeps track of the health of the Snort engine that is running in the service container

blocks the traffic flow or bypasses IPS checking in the event of an IPS engine failure Explanation: The Snort IPS fail open and close functionality can be configured to block the traffic flow or to bypass IPS checking in the event of IPS engine failure.

What are two characteristics of both IPS and IDS sensors? (Choose two.) neither introduce latency or jitter both use signatures to detect patterns both are deployed inline in the data stream both can stop trigger packets both can detect atomic patterns

both use signatures to detect patterns both can detect atomic patterns Explanation: IDS sensors work off line and are passive. They add very little latency, however they cannot stop trigger packets. An IPS can stop trigger packets but because they are installed inline they add some latency and jitter to the traffic.

How can DHCP spoofing attacks be mitigated? by disabling DTP negotiations on nontrunking ports by implementing port security by the application of the ip verify source command to untrusted ports​ by implementing DHCP snooping on trusted ports

by implementing DHCP snooping on trusted ports Explanation: One of the procedures to prevent a VLAN hopping attack is to disable DTP (auto trunking) negotiations on nontrunking ports​. DHCP spoofing attacks can be mitigated by using DHCP snooping on trusted ports. The ip verify source interface configuration command is used to enable IP Source Guard on untrusted ports to protect against MAC and IP address spoofing.

As data is being stored on a local hard disk, which method would secure the data from unauthorized access? a duplicate hard drive copy deletion of sensitive files two factor authentication data encryption

data encryption Explanation: Data encryption is the process of converting data into a form where only a trusted, authorized person with a secret key or password can decrypt the data and access the original form.

The following message was encrypted using a Caesar cipher with a key of 2: fghgpf vjg ecuvng What is the plaintext message? invade the castle defend the castle defend the region invade the region

defend the castle Explanation: The Caesar cipher was a simple substitution cipher. In this example, if the key is 2, the letter d was moved two spaces to the right, resulting in an encoded message that used the letter f in place of the letter d. The letter g would be the substitute for the letter e, and so on. So, the resulting plaintext is f=d, g=e, h=f, g=e, p=n, f=d, v=t, j=h, g=e, e=c, c=a, u=s, v=t, n=l, g=e.​

What are two actions that an IPS can perform whenever a signature detects the activity for which it is configured? (Choose two.) disable the link reconverge the network drop or prevent the activity allow the activity restart the infected device

drop or prevent the activity allow the activity Explanation: Depending on the signature type and the platform, whenever a signature detects the activity for which it is configured the IPS may:log the activitydrop or prevent the activityreset a TCP connectionblock future activityallow the activity

In an 802.1x deployment, which device is a supplicant? RADIUS server access point switch end-user station

end-user station Explanation: In 802.1x, a supplicant is the end-user device (such as a laptop) that is attempting to attach to the WLAN.

A network administrator is trying to download a valid file from an internal server. However, the process triggers an alert on a NMS tool. What condition describes this alert? false negative false positive true negative true positive

false positive Explanation: Alerts can be classified as follows: True Positive: The alert has been verified to be an actual security incident.False Positive: The alert does not indicate an actual security incident. Benign activity that results in a false positive is sometimes referred to as a benign trigger.An alternative situation is that an alert was not generated. The absence of an alert can be classified as: True Negative: No security incident has occurred. The activity is benign.False Negative: An undetected incident has occurred.

In a hierarchical CA topology, where can a subordinate CA obtain a certificate for itself? from the root CA or another subordinate CA at a higher level from the root CA or another subordinate CA at the same level from the root CA or from self-generation from the root CA only from the root CA or another subordinate CA anywhere in the tree

from the root CA or another subordinate CA at a higher level Explanation: In a hierarchical CA topology, CAs can issue certificates to end users and to subordinate CAs, which in turn issue their certificates to end users, other lower level CAs, or both. In this way, a tree of CAs and end users is built in which every CA can issue certificates to lower level CAs and end users. Only the root CA can issue a self-signing certificate in a hierarchical CA topology.

Which three security services are provided by digital signatures? (Choose three.) provides nonrepudiation using HMAC functions guarantees data has not changed in transit provides data encryption authenticates the source provides confidentiality of digitally signed data authenticates the destination

guarantees data has not changed in transit provides data encryption authenticates the source Explanation: Digital signatures are a mathematical technique used to provide three basic security services. Digital signatures have specific properties that enable entity authentication and data integrity. In addition, digital signatures provide nonrepudiation of the transaction. In other words, the digital signature serves as legal proof that the data exchange did take place.

Which IPS signature trigger category uses a decoy server to divert attacks away from production devices? honey pot-based detection policy-based detection pattern-based detection anomaly-based detection

honey pot-based detection Explanation: Honey pot-based detection uses a decoy server to attract attacks and to divert attacks away from production devices. Use of a honey pot can give administrators time to analyze incoming attacks and malicious traffic patterns to tune sensor signatures.

What are two examples of traditional host-based security measures? (Choose two.) host-based IPS NAS 802.1X antimalware software host-based NAC

host-based IPS antimalware software Explanation: Traditional host-based security measures include antivirus/antimalware software, host-based IPS, and host-based firewall. Antivirus and antimalware software detects and mitigates viruses and malware. A host-based IPS is used to monitor and report on the system configuration and application activity, security events, policy enforcement, alerting, and rootkit detection. A host-based firewall restricts incoming and outgoing connections for a particular host.

Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?​ nonrepudiation authentication integrity confidentiality

integrity Explanation: Integrity is ensured by implementing either MD5 or SHA hash generating algorithms. Many modern networks ensure authentication with protocols, such as HMAC. Data confidentiality is ensured through symmetric encryption algorithms, including DES, 3DES, and AES. Data confidentiality can also be ensured using asymmetric algorithms, including RSA and PKI.​

What is a characteristic of the Community Rule Set type of Snort term-based subscriptions? it has 60-day delayed access to updated signatures it uses Cisco Talos to provide coverage in advance of exploits it is fully supported by Cisco it is available for free

it is available for free Explanation: There are two types of Snort term-based subscriptions: Community Rule Set - Available for free and provides limited coverage against threats. There is also a 30-day delayed access to updated signatures and there is no Cisco customer support available.Subscriber Rule Set - Available for a fee and provides the best protection against threats. It includes coverage in advance of exploits by using the research work of the Cisco Talos security experts. This subscription is fully supported by Cisco.

What is a characteristic of the connectivity policy setting when configuring Snort threat protection? it attempts to balance network security with network performance it prioritizes security over connectivity it provides the lowest level of protection it enables the highest number of signatures to be verified

it provides the lowest level of protection Explanation: One of the functionalities of Snort IPS is that it provides three levels of signature protection.Connectivity - The least secure option.Balanced - The mid-range option of security.Security - The most secure option.

In which method used in cryptanalysis does the attacker know a portion of the plaintext and the corresponding ciphertext?​ meet-in-the-middle brute-force chosen-plaintext​ ciphertext

meet-in-the-middle Explanation: There are several methods used in cryptanalysis:Brute-force - The attacker tries every possible key knowing that eventually one of them will work.Ciphertext - The attacker has the ciphertext of several messages encrypted but no knowledge of the underlying plaintext.Known-Plaintext - The attacker has access to the ciphertext of several messages and knows something about the plaintext underlying that ciphertext.Chosen-Plaintext - The attacker chooses which data the encryption device encrypts and observes the ciphertext output.Chosen-Ciphertext - The attacker can choose different ciphertext to be decrypted and has access to the decrypted plaintext.Meet-in-the-Middle - The attacker knows a portion of the plaintext and the corresponding ciphertext.​

What situation will generate a true negative IPS alarm type? normal traffic that generates a false alarm a verified security incident that is detected a known attack that is not detected normal traffic that is correctly being ignored and forwarded

normal traffic that is correctly being ignored and forwarded Explanation: The true negative alarm type is used when normal network traffic flows through an interface. Normal traffic should not, and does not generate an actual alarm. A true negative indicates that benign normal traffic is correctly being ignored and forwarded without generating an alert.

A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed? data integrity non-repudiation data confidentiality origin authentication

origin authentication Explanation: Secure communications consists of four elements: Data confidentiality - guarantees that only authorized users can read the messageData integrity - guarantees that the message was not alteredOrigin authentication - guarantees that the message is not a forgery and does actually come from whom it statesData nonrepudiation - guarantees that the sender cannot repudiate, or refute, the validity of a message sent

What type of data does the DLP feature of Cisco Email Security Appliance scan in order to prevent customer data from being leaked outside of the company? inbound messages outbound messages messages stored on a client device messages stored on the email server

outbound messages Explanation: Cisco ESAs control outbound messages through data-loss prevention (DLP), email encryption, and optional integration with the RSA Enterprise Manager. This control helps ensure that the outbound messages comply with industry standards and are protected in transit.

What is another name for confidentiality of information? consistency trustworthiness accuracy privacy

privacy Explanation: Privacy is another name for confidentiality. Accuracy, consistency, and trustworthiness describe integrity of data.

Alice and Bob are using a digital signature to sign a document. What key should Alice use to sign the document so that Bob can make sure that the document came from Alice? private key from Bob private key from Alice public key from Bob username and password from Alice

private key from Alice Explanation: Alice and Bob are used to explain asymmetric cryptography used in digital signatures. Alice uses a private key to encrypt the message digest. The message, encrypted message digest, and the public key are used to create the signed document and prepare it for transmission.

Which two ports can send and receive Layer 2 traffic from a community port on a PVLAN? (Choose two.) community ports belonging to other communities promiscuous ports isolated ports within the same community PVLAN edge protected ports community ports belonging to the same community

promiscuous ports community ports belonging to the same community Explanation: Community ports can send and receive information with ports within the same community, or with a promiscuous port. Isolated ports can only communicate with promiscuous ports. Promiscuous ports can talk to all interfaces. PVLAN edge protected ports only forward traffic through a Layer 3 device to other protected ports.

An 802.1X client must authenticate before being allowed to pass data traffic onto the network. During the authentication process, between which two devices is the EAP data encapsulated into EAPOL frames? (Choose two.) data nonrepudiation server authentication server (TACACS) supplicant (client) authenticator (switch) ASA Firewall

supplicant (client) authenticator (switch) Explanation: When a client supplicant is starting the 802.1X message exchange, an EAPOL-Start message is sent between the supplicant and the authenticator, which is the switch. EAP data between the supplicant and the authenticator is encapsulated in EAPOL frames.

What device is considered a supplicant during the 802.1X authentication process? the router that is serving as the default gateway the authentication server that is performing client authentication the client that is requesting authentication the switch that is controlling network access

the client that is requesting authentication Explanation: The devices involved in the 802.1X authentication process are as follows: The supplicant, which is the client that is requesting network access The authenticator, which is the switch that the client is connecting to and that is actually controlling physical network access The authentication server, which performs the actual authentication

What is the keyspace of an encryption algorithm? the set of all possible values used to generate a key the set of procedures used to calculate asymmetric keys the set of hash functions used to generate a key the mathematical equation that is used to create a key

the set of all possible values used to generate a key Explanation: The keyspace of an encryption algorithm is the set of all possible key values. Keys with n bits produce a keyspace with 2^ n possible key values.​

What information must an IPS track in order to detect attacks matching a composite signature? the total number of packets in the attack the state of packets related to the attack the attacking period used by the attacker the network bandwidth consumed by all packets

the state of packets related to the attack Explanation: A composite signature is called a stateful signature. It identifies a sequence of operations distributed across multiple hosts over an arbitrary period of time. Because this type of attack involves multiple packets, an IPS sensor must maintain the state information. However, an IPS sensor cannot maintain the state information indefinitely. A composite signature is configured with a time period to maintain the state for the specific attack when it is first detected. Thus, an IPS may not be able to maintain all the information related to an attack such as total number of packets, total length of attack time, and the amount of bandwidth consumed by the attack.

A network administrator is configuring DAI on a switch with the command ip arp inspection validate dst-mac . What is the purpose of this configuration command? to check the destination MAC address in the Ethernet header against the MAC address table to check the destination MAC address in the Ethernet header against the user-configured ARP ACLs to check the destination MAC address in the Ethernet header against the target MAC address in the ARP body to check the destination MAC address in the Ethernet header against the source MAC address in the ARP body

to check the destination MAC address in the Ethernet header against the target MAC address in the ARP body Explanation: DAI can be configured to check for both destination or source MAC and IP addresses:Destination MAC - Checks the destination MAC address in the Ethernet header against the target MAC address in the ARP body.Source MAC - Checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.IP address - Checks the ARP body for invalid and unexpected IP addresses including addresses 0.0.0.0, 255.255.255.255, and all IP multicast addresses.

What is the goal of the Cisco NAC framework and the Cisco NAC appliance? to ensure that only hosts that are authenticated and have had their security posture examined and approved are permitted onto the network to monitor data from the company to the ISP in order to build a real-time database of current spam threats from both internal and external sources to provide anti-malware scanning at the network perimeter for both authenticated and non-authenticated devices to provide protection against a wide variety of web-based threats, including adware, phishing attacks, Trojan horses, and worms

to ensure that only hosts that are authenticated and have had their security posture examined and approved are permitted onto the network Explanation: The NAC framework uses the Cisco network infrastructure and third-party software to ensure the wired and wireless endpoints that want to gain access to the network adheres to the requirements defined by the security policy. The Cisco NAC Appliance is the device that enforces security policy compliance.

What is the purpose for using digital signatures for code signing? to establish an encrypted connection to exchange confidential data with a vendor website to verify the integrity of executable files downloaded from a vendor website to authenticate the identity of the system with a vendor website to generate a virtual ID

to verify the integrity of executable files downloaded from a vendor website Explanation: Code signing is used to verify the integrity of executable files downloaded from a vendor website. Code signing uses digital certificates to authenticate and verify the identity of a website.

A company implements 802.1X security on the corporate network. A PC is attached to the network but has not authenticated yet. Which 802.1X state is associated with this PC? err-disabled disabled unauthorized forwarding

unauthorized Explanation: When a port is configured for 802.1X, the port starts in the unauthorized state and stays that way until the client has successfully authenticated.

What are two symmetric encryption algorithms? (Choose two.) 3DES MD5 AES HMAC SHA

3DES AES Explanation: MD5, HMAC, and SHA are hashing algorithms.

Which protocol defines port-based authentication to restrict unauthorized hosts from connecting to the LAN through publicly accessible switch ports? RADIUS TACACS+ 802.1x SSH

802.1x Explanation: 802.1x is an IEEE standard that defines port-based access control. By authenticating each client that attempts to connect to the LAN, 802.1x provides protection from unauthorized clients.

What is involved in an IP address spoofing attack? A rogue node replies to an ARP request with its own MAC address indicated for the target IP address. Bogus DHCPDISCOVER messages are sent to consume all the available IP addresses on a DHCP server. A rogue DHCP server provides false IP configuration parameters to legitimate DHCP clients. A legitimate network IP address is hijacked by a rogue node.

A legitimate network IP address is hijacked by a rogue node. Explanation: In an IP address spoofing attack, the IP address of a legitimate network host is hijacked and used by a rogue node. This allows the rogue node to pose as a valid node on the network.

What popular encryption algorithm requires that both the sender and receiver know a pre-shared key? PKI MD5 AES HMAC

AES Explanation: MD5 is a hashing algorithm that guarantees that no one intercepted the message and altered it. Advanced Encryption Standard (AES) is a popular symmetric encryption algorithm where each communicating party needs to know the pre-shared key. Public key infrastructure (PKI) is an asymmetric encryption algorithm based on the assumption that the two communicating parties have not previously shared a secret key. HMAC is a hash message authentication code that guarantees that the message is not a forgery and actually comes from the authentic source.

A network administrator uses the spanning-tree loopguard default global configuration command to enable Loop Guard on switches. What components in a LAN are protected with Loop Guard? All Root Guard enabled ports. All PortFast enabled ports. All point-to-point links between switches. All BPDU Guard enabled ports.

All point-to-point links between switches. Explanation: Loop Guard can be enabled globally using the spanning-tree loopguard default global configuration command. This enables Loop Guard on all point-to-point links.

Which procedure is recommended to mitigate the chances of ARP spoofing? Enable DHCP snooping on selected VLANs. Enable IP Source Guard on trusted ports. Enable DAI on the management VLAN. Enable port security globally.

Enable DHCP snooping on selected VLANs. Explanation: To mitigate the chances of ARP spoofing, these procedures are recommended:- Implement protection against DHCP spoofing by enabling DHCP snooping globally.- Enable DHCP snooping on selected VLANs.- Enable DAI on selected VLANs.- Configure trusted interfaces for DHCP snooping and ARP inspection. Untrusted ports are configured by default.​

What is an advantage of HIPS that is not provided by IDS? HIPS provides quick analysis of events through detailed logging. HIPS deploys sensors at network entry points and protects critical network segments. HIPS monitors network processes and protects critical files. HIPS protects critical system resources and monitors operating system processes.

HIPS protects critical system resources and monitors operating system processes. Explanation: Network-based IDS (NIDS) sensors are typically deployed in offline mode. They do not protect individual hosts. Host-based IPS (HIPS) is software installed on a single host to monitor and analyze suspicious activity. It can monitor and protect operating system and critical system processes that are specific to that host. HIPS can be thought of as a combination of antivirus software, antimalware software, and a firewall.

An IT enterprise is recommending the use of PKI applications to securely exchange information between the employees. In which two cases might an organization use PKI applications to securely exchange information between users? (Choose two.) HTTPS web service 802.1x authentication local NTP server FTP transfers file and directory access permission

HTTPS web service 802.1x authentication Explanation: The Public Key Infrastructure (PKI) is a third party-system referred to as a certificate authority or CA. The PKI is the framework used to securely exchange information between parties. Common PKI applications are as follows: SSL/TLS certificate-based peer authenticationSecure network traffic using IPsec VPNsHTTPS Web trafficControl access to the network using 802.1x authenticationSecure email using the S/MIME protocolSecure instant messagingApprove and authorize applications with Code SigningProtect user data with the Encryption File System (EFS)Implement two-factor authentication with smart cardsSecuring USB storage devices

What technology supports asymmetric key encryption used in IPsec VPNs? 3DES IKE SEAL AES

IKE Explanation: IKE, or Internet Key Exchange, is a protocol to support asymmetric encryption algorithms. It is used to securely exchange encryption keys in the setup of IPsec VPNs.

Which Cisco solution helps prevent MAC and IP address spoofing attacks? Port Security DHCP Snooping IP Source Guard Dynamic ARP Inspection

IP Source Guard Explanation: Cisco provides solutions to help mitigate Layer 2 attacks including: IP Source Guard (IPSG) - prevents MAC and IP address spoofing attacks Dynamic ARP Inspection (DAI) - prevents ARP spoofing and ARP poisoning attacks DHCP Snooping - prevents DHCP starvation and SHCP spoofing attacks Port Security - prevents many types of attacks including MAC table overflow attacks and DHCP starvation attacks

What two internal LAN elements need to be secured? (Choose two.) edge routers IP phones fiber connections switches cloud-based hosts

IP phones switches Explanation: Internal network protection is just as important as securing the network perimeter. Internal LAN elements can be broken up into endpoints and network infrastructure devices. Common endpoints include laptops, desktops, servers, and IP phones. LAN infrastructure devices include switches and access points.

What is the purpose of a digital certificate? It guarantees that a website has not been hacked. It provides proof that data has a traditional signature attached. It ensures that the person who is gaining access to a network device is authorized. It authenticates a website and establishes a secure connection to exchange confidential data.

It authenticates a website and establishes a secure connection to exchange confidential data. Explanation: Digital signatures commonly use digital certificates that are used to verify the identity of the originator in order to authenticate a vendor website and establish an encrypted connection to exchange confidential data. One such example is when a person logs into a financial institution from a web browser.

What is an advantage of using an IPS? It is installed outside of the data traffic flow. It does not impact network traffic if there is a sensor overload. It can stop trigger packets. It has no impact on network latency.

It can stop trigger packets. Explanation: An IPS can stop trigger packets but because they are installed inline they add some latency and jitter to the traffic. IDS sensors work off line and are passive. They add very little latency. However they cannot stop trigger packets.

Which statement describes the function of the SPAN tool used in a Cisco switch? It is a secure channel for a switch to send logging to a syslog server. It provides interconnection between VLANs over multiple switches. It supports the SNMP trap operation on a switch. It copies the traffic from one switch port and sends it to another switch port that is connected to a monitoring device.

It copies the traffic from one switch port and sends it to another switch port that is connected to a monitoring device. Explanation: To analyze network traffic passing through a switch, switched port analyzer (SPAN) can be used. SPAN can send a copy of traffic from one port to another port on the same switch where a network analyzer or monitoring device is connected. SPAN is not required for syslog or SNMP. SPAN is used to mirror traffic, while syslog and SNMP are configured to send data directly to the appropriate server.