Network Security - Final
Which two statements correctly describe certificate classes used in the PKI? (Choose two.)
A class 0 certificate is for testing purposes, A class 4 certificate is for online business transactions between companies
A company is concerned about data theft if any of the corporate laptops are stolen. Which Windows tool would the company use to protect the data on the laptops?
BitLocker
Match the type of cyberattackers to the description - vulnerability brokers
Discover exploits and report them to vendors
What type of network security test uses simulated attacks to determine the feasibility of an attack as well as the possible consequences if the attack occurs?
Penetration testing
What is a difference between symmetric and asymmetric encryption algorithms?
Symmetric encryption algorithms use pre-shared keys. Asymmetric encryption algorithms use different keys to encrypt and decrypt data.
Why are DES keys considered weak keys?
They produce identical subkeys
What is a characteristic of an IPS atomic signature?
it is the simplest type of signature
Refer to the exhibit. An administrator creates three zones (A, B, and C) in an ASA that filters traffic. Traffic originating from Zone A going to Zone C is denied, and traffic originating from Zone B going to Zone C is denied. What is a possible scenario for Zones A, B, and C?
A - DMZ, B - Outside, C - Inside
Which two statements are characteristics of a virus? (Choose two.)
A virus typically requires end-user activation, A virus can be dormant and then activate at a specific time or date
In the implementation of network security, how does the deployment of a Cisco ASA firewall differ from a Cisco IOS router?
ASA devices support interface security levels.
A server log includes this entry: User student accessed host server ABC using Telnet yesterday for 10 minutes. What type of log entry is this?
Accounting
Which special hardware module, when integrated into ASA, provides advanced IPS features?
Advanced Inspection and Prevention (AIP)
What are two shared characteristics of the IDS and the IPS? (Choose two.)
Both are deployed as sensors, Both use signatures to detect malicious traffic
Which two statements describe remote access VPNs? (Choose two.)
Client software is usually required to be able to access the network, Remote access VPNs support the needs of telecommuters and mobile users
Refer to the exhibit. A network administrator is configuring DAI on switch SW1. What is the result of entering the exhibited commands?
DAI will validate only the destination MAC addresses.
Match the information security component with the description - integrity
Data is protected from unauthorized alteration
What are three techniques for mitigating VLAN hopping attacks? (Choose three.)
Disable DTP, Enable Trunking Manually, Set the native VLAN to an unused VLAN
When a Cisco IOS Zone-Based Policy Firewall is being configured, which two actions can be applied to a traffic class? (Choose two.)
Drop, inspect
A company requires the use of 802.1X security. What type of traffic can be sent if the authentication port-control auto command is configured, but the client has not yet been authenticated?
EAPOL
Which benefit does SSH offer over Telnet for remotely managing a router?
Encryption
Match the network security device type with the description - packet filter firewall
Enforces an access control policy based on packet content
Which cipher played a significant role in World War II?
Enigma
When a Cisco IOS Zone-Based Policy Firewall is being configured via CLI, which step must be taken after zones have been created?
Establish policies between zones
Match the network security device type with the description - application gateway
Filters traffic on layer 7 information
Match the security policy with the description - remote access policy
Identifies how remote users can access a network and what is accessible via remote connectivity
Match each IPS signature trigger category with the description - anomaly-based detection
Involves first defining a profile of what is considered normal network or host activity
How does the service password-encryption command enhance password security on Cisco routers and switches?
It encrypts passwords that are stored in router or switch configuration files
Refer to the exhibit. Which statement about the JR-Admin account is true?
JR-Admin can issue ping and reload commands
What are two hashing algorithms used with IPsec AH to guarantee authenticity? (Choose two.)
MD5, SHA
Match the type of cyberattackers to the description - hacktivists
Make political statements in order to create an awareness of issues that are important to them
Match the information security component with the description - confidentiality
Only authorized individuals, entities, or processes can access sensitive information
What three tasks can a network administrator accomplish with the Nmap and Zenmap security testing tools? (Choose three.)
Operating system fingerprinting, assessment of layer 3 protocol support on hosts, open UDP and TCP port detection
Refer to the exhibit. A network administrator is configuring the security level for the ASA. What is a best practice for assigning the security level on the three interfaces?
Outside 0, Inside 100, DMZ 50
What is an advantage in using a packet filtering firewall versus a high-end firewall appliance?
Packet filters perform almost all the tasks of a high-end firewall at a fraction of the cost.
What are two benefits offered by a zone-based policy firewall on a Cisco router? (Choose two.)
Policies are applied to unidirectional traffic between zones, Policies provide scalability because they are easy to read and troubleshoot
Which two security features can cause a switch port to become error-disabled? (Choose two.)
PortFast with BPDU guard enabled, port security with the shutdown violation mode
What protocol is used to encapsulate the EAP data between the authenticator and authentication server performing 802.1X authentication?
RADIUS
Which three types of views are available when configuring the role-based CLI access feature? (Choose three.)
Root view, superview, CLI view
Which two means can be used to try to bypass the management of mobile devices? (Choose two.)
Rooting, jailbreaking
What protocol is used by SCP for secure transport?
SSH
What is a benefit of having users or remote employees use a VPN to connect to the existing network rather than growing the network infrastructure?
Scalability
Match each IPS signature trigger category with the description - pattern-based detection
Simplest triggering mechanism which searches for a specific and pre-defined atomic or composite pattern
What is the IPS detection engine that is included in the SEC license for 4000 Series ISRs?
Snort
Match the security policy with the description - network maintenance policy
Specifies network device operating systems and end user application update procedures
Which two statements are true about ASA standard ACLs? (Choose two.)
They identify only the destination IP address, They are typically only used for OSPF routes
Match the network security testing tool with the correct function - Nmap
Used for Layer 3 port scanning
Match the network security testing tool with the correct function - Tripwire
Used to assess if network devices are compliant with network security policies
Match the network security testing tool with the correct function - Nessus
Used to scan systems for software vulnerabilities
Match the network security device type with the description - IPS
Uses signatures to detect patterns in network traffic
During a recent pandemic, employees from ABC company were allowed to work from home. What security technology should be implemented to ensure that data communications between the employees and the ABC Head Office network remain confidential?
a symmetric or asymmetric encryption algorithm such as AES or PKI
Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs?
an implicit permit of neighbor discovery packets
What technology allows users to verify the identity of a website and to trust code that is downloaded from the Internet?
digital signature
A network administrator is configuring an AAA server to manage RADIUS authentication. Which two features are included in RADIUS authentication? (Choose two.)
hidden passwords during transmission, single process for authentication and authorization
What command must be issued on a Cisco router that will serve as an authoritative NTP server?
ntp master 1
Refer to the exhibit. An extended access list has been created to prevent human resource users from gaining access to the accounting server. All other network traffic is to be permitted. When following the ACL configuration guidelines, on which router, interface, and direction should the access list be applied?
router R1, interface Gi0/0/0, inbound
Which statement describes the characteristics of packet-filtering and stateful firewalls as they relate to the OSI model?
A packet-filtering firewall typically can filter up to the transport layer, whereas a stateful firewall can filter up to the session layer
Match the information security component with the description - availability
Authorized users must have uninterrupted access to important resources and data
Match the security policy with the description - acceptable use policy (AUP)
Identifies network applications and uses that are acceptable to the organization
Refer to the exhibit. What type of syslog message is displayed?
Notification
Match the security policy with the description - identification and authentication policy
Specifies authorized persons that can have access to network resources and identity verification procedures
What are two security features commonly found in a WAN design? (Choose two.)
firewalls protecting the main and remote sites, VPNs used by mobile workers between sites
What is an appropriate use for class 5 digital certificates?
used for private organizations or government security
What is the standard for a public key infrastructure to manage digital certificates?
x.509
Match the network security device type with the description - stateful firewall
Filters traffic based on defined rules as well as connection context
One method used by Cryptanalysts to crack codes is based on the fact that some letters of the English language are used more often than others. Which term is used to describe this method?
Frequency analysis
Match the type of cyberattackers to the description - state-sponsored attackers
Gather intelligence or commit sabotage on specific goals on behalf of their government
Match each IPS signature trigger category with the description - policy-based detection
Requires and administrator to manually define behaviors that are suspicious based on historical analysis
Which protocol uses X.509 certificates to support mail protection performed by mail agents?
S/MIME
What are two monitoring tools that capture network traffic and forward it to network monitoring devices? (Choose two.)
SPAN, network tap
A company is deploying a new network design in which the border router has three interfaces. Interface Serial0/0/0 connects to the ISP, GigabitEthernet0/0 connects to the DMZ, and GigabitEthernet/01 connects to the internal private network. Which type of traffic would receive the least amount of inspection (have the most freedom of travel)?
Traffic that is going from the private network to the DMZ
What is the purpose of configuring multiple crypto ACLs when building a VPN connection between remote sites?
When multiple combinations of IPsec protection are being chosen, multiple crypto ACLs can define different traffic types
When dynamic NAT on an ASA is being configured, what two parameters must be specified by network objects? (Choose two.)
a range of private addresses that will be translated, the pool of public global addresses
A network administrator is explaining to a junior colleague the use of the lt and gt keywords when filtering packets using an extended ACL. Where would the lt or gt keywords be used?
in an IPv4 extended ACL that allows packets from a range of TCP ports destined for a specific network device
Refer to the exhibit. A network administrator is configuring PAT on an ASA device to enable internal workstations to access the Internet. Which configuration command should be used next?
nat (inside,outside) dynamic interface
Which type of firewall is commonly part of a router firewall and allows or blocks traffic based on Layer 3 and Layer 4 information?
stateless firewall
Refer to the exhibit. A network administrator is configuring an object group on an ASA device. Which configuration keyword should be used after the object group name SERVICE1 ?
tcp
What is indicated by the use of the local-case keyword in a local AAA authentication configuration command sequence?
that passwords and usernames are case-sensitive
What is the purpose of using the ip ospf message-digest-key key md5 password command and the area area-id authentication message-digest command on a router?
to configure OSPF MD5 authentication globally on the router
