Module 16 Test
On which two interfaces or ports can security be improved by configuring executive timeouts? Fast Ethernet interfaces Console ports Serial interfaces VTY ports loopback interfaces
Console ports, VTY ports (pg. 38)
What are the 5 steps required to configure a switch for SSH (order does not matter)? Create a local user Generate RSA keys Use the login command Configure a domain name Use the login local command Use the password cisco command Use the transport input ssh command
Create a local user Generate RSA keys Configure a domain name Use the login local command Use the transport input ssh command (pg. 41)
What type of security threat is installing virus code to destroy surveillance recordings for certain days? Information theft Identity theft Data loss Disruption of service
Data loss (pg. 5)
What type of security threat is preventing users from accessing a website by sending a large number of link requests in a short period? Information theft Identity theft Data loss Disruption of service
Disruption of service (pg. 5)
When configuring SSH on a router to implement secure network management, a network engineer has issued the login local and transport input ssh line vty commands. What three additional configuration actions have to be performed to complete the SSH configuration? Set the user privilege levels Generate the asymmetric RSA keys Configure the correct IP domain name Configure role-based CLI access Create a valid local username and password database Manually enable SSH after the RSA keys are generated
Generate the asymmetric RSA keys Configure the correct IP domain name Create a valid local username and password database (pg. 42)
What type of security threat is pretending to be someone else by using stolen personal information to apply for a credit card? Information theft Identity theft Data loss Disruption of service
Identity theft (pg. 5)
What type of security threat is obtaining trade secret documents illegally? Information theft Identity theft Data loss Disruption of service
Information theft (pg. 5)
An administrator decides to use "pR3s!d7n&0" as the password on a newly installed router. Which statement applies to the password choice? It is weak because it is often the default password on new devices It is strong because it uses a minimum of 10 numbers, letters, and special characters It is weak since it uses easily found personal information It is weak since it is a word that is easily found in the dictionary
It is strong because it uses a minimum of 10 numbers, letters, and special characters. (pg. 33)
An administrator decides to use "admin" as the password on a newly installed router. Which statement applies to the password choice? It is strong because it uses passphrase It is strong because it uses a minimum of 10 numbers, letters, and special characters It is strong because it contains 10 numbers and special characters It is weak because it is often the default password on new devices
It is weak because it is often the default password on new devices (pg. 35)
An administrator decides to us "12345678!" as the password on a newly installed router. Which statement applies to the password choice? It is strong because it uses passphrase It is weak since it is a word that is easily found in the dictionary It is weak because it uses a series of numbers or letters It is strong because it uses a minimum of 10 numbers, letters, and special characters
It is weak because it uses a series of numbers or letters. (pg. 34)
An administrator decides to use "Feb121978" as the password on a newly installed router. Which statement applies to the password choice? It is weak because it uses easily found personal information It is strong because it uses passphrase It is weak since it is a word that is easily found in the dictionary It is strong because it uses a minimum of 10 numbers, letters, and special characters
It is weak because it uses easily found personal information (pg. 36)
What feature of SSH makes it more secure than Telnet for a device management connection? Confidentiality with IPsec Stronger password requirement Random one-time port connection Login information and data encryption
Login information and data encryption (pg. 40)
Which example of malicious code would be classified as a Trojan horse? Malware that was written to look like a video game Malware that requires manual user intervention to spread between systems Malware that attaches itself to a legitimate program and spreads to other programs when launched Malware that can automatically spread from one system to another by exploiting a vulnerability in the target
Malware that was written to look like a video game. (pg. 11)
Which attack involves a compromise of data that occurs between two end points? Denial-of-service Man-in-the-middle attack Extraction of security parameters Username enumeration
Man-in-the-middle attack (pg. 15)
Which type of attack involves an adversary attempting to gather information about network to identify vulnerabilities? Reconnaissance DoS Dictionary Man-in-the-middle
Reconnaissance (pg. 14)
A technician is to document the current configurations of all network devices in a college, including those in off-site buildings. Which protocol would be best to use to securely access the network devices? FTP HTTP SSH Telnet
SSH (pg. 43)
Which firewall feature is used to ensure that packets coming into a network are legitimate responses to requests initiated from internal hosts? Stateful packet inspection URL filtering Application filtering Packet filtering
Stateful Packet Inspection (SPI) (pg. 28)
Which example is a security policy weakness? An employee is trying to guess the password of another user. When implementing an access list on a router, a network engineer did not filter a type of malicious traffic. A network engineer is examining the operating system of a network device for vulnerabilities. The network administrator did not fully consider the implications of unauthorized users accessing the network.
The network administrator did not fully consider the implications of unauthorized users accessing the network. (pg. 7)
What is the purpose of the network security authentication function? To determine which resources a user can access To keep track of the actions of a user To require users to prove who they are To provide challenge and response questions
To require users to prove who they are. (pg. 25)
Which example is a configuration weakness? An employee is trying to guess the password of another user. When implementing an access list on a router, a network engineer did not filter a type of malicious traffic. A network engineer is examining the operating system of a network device for vulnerabilities. The network administrator did not fully consider the implications of unauthorized users accessing the network.
When implementing an access list on a router, a network engineer did not filter a type of malicious traffic. (pg. 7)
What is the difference between a virus and a worm? Viruses self-replicate but worms do not Worms self-replicate but viruses do not Worms require a host file but viruses do not Viruses hide in legitimate programs but worms do not
Worms self-replicate but viruses do not. (pg. 12)
Which commands must be used to configure SSH on a router? service password-encryption transport input ssh enable secret class ip domain-name cisco.com
transport input ssh ip domain-name cisco.com (pg. 44)
Which example is a technological weakness? An employee is trying to guess the password of another user. When implementing an access list on a router, a network engineer did not filter a type of malicious traffic. A network engineer is examining the operating system of a network device for vulnerabilities. The network administrator did not fully consider the implications of unauthorized users accessing the network.
A network engineer is examining the operating system of a network device for vulnerabilities. (pg. 7)
What is the most effective way to mitigate a worm attack?
Download security updates from the operating system vendor and patch all vulnerable systems. (pg. 23)
What are the 4 different types of firewalls?
Packet filtering, Application filtering, URL filtering, and Stateful packet inspection (SPI). (pg. 27)