CCNA Security v2.0 Chapter 4 Exam 2015-2016

1. Refer to the exhibit. If a hacker on the outside network sends an IP packet with source address 172.30.1.50, destination address 10.0.0.3, source port 23, and destination port 2447, what does the Cisco IOS firewall do with the packet?

The initial packet is dropped, but subsequent packets are forwarded.

The packet is forwarded, and an alert is generated.

The packet is forwarded, and no alert is generated.

The packet is dropped.*

 

2. To facilitate the troubleshooting process, which inbound ICMP message should be permitted on an outside interface?

echo request

time-stamp request

echo reply*

time-stamp reply

router advertisement

 

3. Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table?

ipv6 access-class ENG_ACL in

ipv6 traffic-filter ENG_ACL out

ipv6 traffic-filter ENG_ACL in*

ipv6 access-class ENG_ACL out

 

4. Which statement describes a typical security policy for a DMZ firewall configuration?

Traffic that originates from the inside interface is generally blocked entirely or very selectively permitted to the outside interface.

Traffic that originates from the DMZ interface is selectively permitted to the outside interface.*

Traffic that originates from the outside interface is permitted to traverse the firewall to the inside interface with few or no restrictions.

Return traffic from the inside that is associated with traffic originating from the outside is permitted to traverse from the inside interface to the outside interface.

Return traffic from the outside that is associated with traffic originating from the inside is permitted to traverse from the outside interface to the DMZ interface.

 

5. Refer to the exhibit. Which statement describes the function of the ACEs?

These ACEs allow for IPv6 neighbor discovery traffic.*

These ACEs automatically appear at the end of every IPv6 ACL to allow IPv6 routing to occur.

These are optional ACEs that can be added to the end of an IPv6 ACL to allow ICMP messages that are defined in object groups named nd-na and nd-ns.

These ACEs must be manually added to the end of every IPv6 ACL to allow IPv6 routing to occur.

 

6. When an inbound Internet-traffic ACL is being implemented, what should be included to prevent the spoofing of internal networks?

ACEs to prevent traffic from private address spaces*

ACEs to prevent broadcast address traffic

ACEs to prevent ICMP traffic

ACEs to prevent HTTP traffic

ACEs to prevent SNMP traffic

 

7. In addition to the criteria used by extended ACLs, what conditions are used by a classic firewall to filter traffic?

TCP/UDP source and destination port numbers

TCP/IP protocol numbers

IP source and destination addresses

application layer protocol session information*

 

8. A router has been configured as a classic firewall and an inbound ACL applied to the external interface. Which action does the router take after inbound-to-outbound traffic is inspected and a new entry is created in the state table?

When traffic returns from its destination, it is reinspected, and a new entry is added to the state table.

The internal interface ACL is reconfigured to allow the host IP address access to the Internet.

The entry remains in the state table after the session is terminated so that it can be reused by the host.

A dynamic ACL entry is added to the external interface in the inbound direction.*

 

9. If the provided ACEs are in the same ACL, which ACE should be listed first in the ACL according to best practice?

permit udp 172.16.0.0 0.0.255.255 host 172.16.1.5 eq snmptrap*

deny udp any host 172.16.1.5 eq snmptrap

deny tcp any any eq telnet

permit ip any any

permit udp any any range 10000 20000

permit tcp 172.16.0.0 0.0.3.255 any established

 

10. A company is deploying a new network design in which the border router has three interfaces. Interface Serial0/0/0 connects to the ISP, GigabitEthernet0/0 connects to the DMZ, and GigabitEthernet/01 connects to the internal private network. Which type of traffic would receive the least amount of inspection (have the most freedom of travel)?

traffic that is going from the private network to the DMZ*

traffic that is returning from the DMZ after originating from the private network

traffic that originates from the public network and that is destined for the DMZ

traffic that is returning from the public network after originating from the private network

 

11. Refer to the exhibit. The ACL statement is the only one explicitly configured on the router. Based on this information, which two conclusions can be drawn regarding remote access network connections? (Choose two.)

SSH connections from the 192.168.2.0/24 network to the 192.168.1.0/24 network are allowed.

Telnet connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are allowed.

Telnet connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are blocked.*

SSH connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are allowed.*

SSH connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are blocked.

Telnet connections from the 192.168.2.0/24 network to the 192.168.1.0/24 network are allowed.

 

12. Consider the following

access list.access-list 100 permit ip host 192.168.10.1 any

access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo

access-list 100 permit ip any any

Which two actions are taken if the access list is placed inbound on a router Gigabit Ethernet port that has the IP address 192.168.10.254 assigned? (Choose two.)

Only the network device assigned the IP address 192.168.10.1 is allowed to access the router.

Devices on the 192.168.10.0/24 network are not allowed to reply to any ping requests.

Only Layer 3 connections are allowed to be made from the router to any other network device.

Devices on the 192.168.10.0/24 network are not allowed to ping other devices on the 192.168.11.0 network.*

A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this access list assigned.*

 

13. What is one benefit of using a stateful firewall instead of a proxy server?

ability to perform user authentication

better performance*

ability to perform packet filtering

prevention of Layer 7 attacks

 

14. What is one limitation of a stateful firewall?

weak user authentication

cannot filter unnecessary traffic

not as effective with UDP- or ICMP-based traffic*

poor log information

 

15. When a Cisco IOS Zone-Based Policy Firewall is being configured via CLI, which step must be taken after zones have been created?

Assign interfaces to zones.

Establish policies between zones.*

Identify subsets within zones.

Design the physical infrastructure.

 

16. A network administrator is implementing a Classic Firewall and a Zone-Based Firewall concurrently on a router. Which statement best describes this implementation?

An interface must be assigned to a security zone before IP inspection can occur.

Both models must be implemented on all interfaces.

The two models cannot be implemented on a single interface.*

A Classic Firewall and Zone-Based Firewall cannot be used concurrently.

 

17. Which two rules about interfaces are valid when implementing a Zone-Based Policy Firewall? (Choose two.)

If one interface is a zone member, but the other is not, all traffic will be passed.

If neither interface is a zone member, then the action is to pass traffic.*

If both interfaces are members of the same zone, all traffic will be passed.*

If one interface is a zone member and a zone-pair exists, all traffic will be passed.

If both interfaces belong to the same zone-pair and a policy exists, all traffic will be passed.

 

18. Which command will verify a Zone-Based Policy Firewall configuration?

show interfaces

show zones

show running-config*

show protocols

19. Refer to the exhibit. The network “A” contains multiple corporate servers that are accessed by hosts from the Internet for information about the corporation. What term is used to describe the network marked as “A”?

internal network

untrusted network

perimeter security boundary

DMZ*

 

20. Which type of packet is unable to be filtered by an outbound ACL?

multicast packet

ICMP packet

broadcast packet

router-generated packet*

 

21. When a Cisco IOS Zone-Based Policy Firewall is being configured, which two actions can be applied to a traffic class? (Choose two.)

drop*

log

forward

hold

inspect*

copy

 

22. Fill in the blank.

A __stateful__ firewall monitors the state of connections as network traffic flows into and out of the organization.

 

23. Fill in the blank.

The __pass__ action in a Cisco IOS Zone-Based Policy Firewall is similar to a permit statement in an ACL.

from http://www.ccna5.net/

Read more ...

CCNA Security v2.0 Chapter 3 Exam 2015-2016

1. Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this?

accounting

accessibility

auditing

authorization*

authentication

 

2. Why is authentication with AAA preferred over a local database method?

It provides a fallback authentication method if the administrator forgets the username or password.*

It uses less network bandwidth.

It specifies a different password for each line or port.

It requires a login and password combination on the console, vty lines, and aux ports.

 

3. Which authentication method stores usernames and passwords in ther router and is ideal for small networks.

local AAA over TACACS+

server-based AAA over TACACS+

local AAA*

local AAA over RADIUS

server-based AAA over RADIUS

server-based AAA

 

4. Which component of AAA allows an administrator to track individuals who access network resources and any changes that are made to those resources?

accounting*

accessibility

authentication

authorization

 

5. Refer to the exhibit. Router R1 has been configured as shown, with the resulting log message. On the basis of the information that is presented, which two statements describe the result of AAA authentication operation? (Choose two.)

The locked-out user stays locked out until the clear aaa local user lockout username Admin command is issued.*

The locked-out user stays locked out until the interface is shut down then re-enabled.

The locked-out user is locked out for 10 minutes by default.

The locked-out user should have used the username admin and password Str0ngPa55w0rd.

The locked-out user failed authentication.*

 

6. A user complains about being locked out of a device after too many unsuccessful AAA login attempts. What could be used by the network administrator to provide a secure authentication access method without locking a user out of a device?

Use the login delay command for authentication attempts.*

Use the login local command for authenticating user access.

Use the aaa local authentication attempts max-fail global configuration mode command with a higher number of acceptable failures.

Use the none keyword when configuring the authentication method list.

 

7. A user complains about not being able to gain access to a network device configured with AAA. How would the network administrator determine if login access for the user account is disabled?

Use the show aaa local user lockout command.*

Use the show running-configuration command.

Use the show aaa sessions command.

Use the show aaa user command.

 

8. When a method list for AAA authentication is being configured, what is the effect of the keywordlocal?

The login succeeds, even if all methods return an error.

It uses the enable password for authentication.

It accepts a locally configured username, regardless of case.*

It defaults to the vty line password for authentication.

 

9. Which solution supports AAA for both RADIUS and TACACS+ servers?

Implement Cisco Secure Access Control System (ACS) only.*

RADIUS and TACACS+ servers cannot be supported by a single solution.

Implement a local database.

Implement both a local database and Cisco Secure

Access Control System (ACS).

 

10. What difference exists when using Windows Server as an AAA server, rather than Cisco Secure ACS?

Windows Server requires more Cisco IOS commands to configure.

Windows Server only supports AAA using TACACS.

Windows Server uses its own Active Directory (AD) controller for authentication and authorization.*

Windows Server cannot be used as an AAA server.

 

11. What is a characteristic of TACACS+?

TACACS+ uses UDP port 1645 or 1812 for authentication, and UDP port 1646 or 1813 for accounting.

TACACS+ is backward compatible with TACACS and XTACACS.

TACACS+ is an open IETF standard.

TACACS+ provides authorization of router commands on a per-user or per-group basis.*

 

12. Which two features are included by both TACACS+ and RADIUS protocols? (Choose two.)

802.1X support

separate authentication and authorization processes

SIP support

password encryption*

utilization of transport layer protocols*

 

13. Which server-based authentication protocol would be best for an organization that wants to apply authorization policies on a per-group basis?

SSH

RADIUS

ACS

TACACS+*

 

14. Refer to the exhibit. Which statement describes the configuration of the ports for Server1?

The configuration using the default ports for a Cisco router.

The configuration of the ports requires 1812 be used for the authentication and the authorization ports.

The configuration will not be active until it is saved and Rtr1 is rebooted.

The ports configured for Server1 on the router must be identical to those configured on the RADIUS server.*

 

15. True or False?

The single-connection keyword prevents the configuration of multiple TACACS+ servers on a AAA-enabled router.

false*

true

 

16. Why would a network administrator include a local username configuration, when the AAA-enabled router is also configured to authenticate using several ACS servers?

Because ACS servers only support remote user access, local users can only authenticate using a local username database.

A local username database is required when configuring authentication using ACS servers.

The local username database will provide a backup for authentication in the event the ACS servers become unreachable.*

Without a local username database, the router will require successful authentication with each ACS server.

 

17. Which debug command is used to focus on the status of a TCP connection when using TACACS+ for authentication?

debug tacacs events*

debug tacacs

debug tacacs accounting

debug aaa authentication

 

18. Which characteristic is an important aspect of authorization in an AAA-enabled network device?

The authorization feature enhances network performance.

User access is restricted to certain services.*

User actions are recorded for use in audits and troubleshooting events.

A user must be identified before network access is granted.

 

19. What is the result of entering the aaa accounting network command on a router?

The router collects and reports usage data related to network-related service requests.*

The router outputs accounting data for all EXEC shell sessions.

The router provides data for only internal service requests.

The router outputs accounting data for all outbound connections such as SSH and Telnet.

 

20. What is a characteristic of AAA accounting?

Possible triggers for the aaa accounting exec default command include start-stop and stop-only.*

Accounting can only be enabled for network connections.

Accounting is concerned with allowing and disallowing authenticated users access to certain areas and programs on the network.

Users are not required to be authenticated before AAA accounting logs their activities on the network.

 

21. When using 802.1X authentication, what device controls physical access to the network, based on the authentication status of the client?

the router that is serving as the default gateway

the authentication server

the switch that the client is connected to*

the supplicant

 

22. What device is considered a supplicant during the 802.1X authentication process?

the client that is requesting authentication*

the switch that is controlling network access

the router that is serving as the default gateway

the authentication server that is performing client authentication

 

23. What protocol is used to encapsulate the EAP data between the authenticator and authentication server performing 802.1X authentication?

SSH

MD5

TACACS+

RADIUS*

from http://www.ccna5.net/

Read more ...

CCNA Security v2.0 Chapter 2 Exam 2015-2016

1. An administrator defined a local user account with a secret password on router R1 for use with SSH. Which three additional steps are required to configure R1 to accept only encrypted SSH connections? (Choose three.)

Enable inbound vty SSH sessions.*

Generate two-way pre-shared keys.

Configure DNS on the router.

Configure the IP domain name on the router.*

Enable inbound vty Telnet sessions.

Generate the SSH keys.*

 

2. Which set of commands are required to create a username of admin, hash the password using MD5, and force the router to access the internal username database when a user attempts to access the console?

R1(config)# username admin password Admin01pa55
R1(config)# line con 0
R1(config-line)# login local

R1(config)# username admin secret Admin01pa55
R1(config)# line con 0
R1(config-line)# login local*

R1(config)# username admin Admin01pa55 encr md5
R1(config)# line con 0
R1(config-line)# login local

R1(config)# username admin password Admin01pa55
R1(config)# line con 0
R1(config-line)# login

R1(config)# username admin secret Admin01pa55
R1(config)# line con 0
R1(config-line)# login

 

3. Refer to the exhibit. Which statement about the JR-Admin account is true?

JR-Admin can issue only ping commands.

JR-Admin can issue show, ping, and reload commands.

JR-Admin cannot issue any command because the privilege level does not match one of those defined.

JR-Admin can issue debug and reload commands.

JR-Admin can issue ping and reload commands*

 

4. Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.)

remote access security

zone isolation

router hardening*

operating system security*

flash security

physical security*

 

5. Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode?

Locate the router in a secure locked room that is accessible only to authorized personnel.*

Configure secure administrative control to ensure that only authorized personnel can access the router.

Keep a secure copy of the router Cisco IOS image and router configuration file as a backup.

Provision the router with the maximum amount of memory possible.

Disable all unused ports and interfaces to reduce the number of ways that the router can be accessed.

 

6. Refer to the exhibit. Based on the output of the show running-config command, which type of view is SUPPORT?

CLI view, containing SHOWVIEW and VERIFYVIEW commands

superview, containing SHOWVIEW and VERIFYVIEW views*

secret view, with a level 5 encrypted password

root view, with a level 5 encrypted secret password

 

7. Which two characteristics apply to role-based CLI access superviews? (Choose two.)

A specific superview cannot have commands added to it directly.*

CLI views have passwords, but superviews do not have passwords.

A single superview can be shared among multiple CLI views.

Deleting a superview deletes all associated CLI views.

Users logged in to a superview can access all commands specified within the associated CLI views.*

 

8. Which three types of views are available when configuring the role-based CLI access feature? (Choose three.)

superview*

admin view

root view*

superuser view

CLI view*

config view

 

9. If AAA is already enabled, which three CLI steps are required to configure a router with a specific view? (Choose three.)

Create a superview using the parser view view-name command.

Associate the view with the root view.

Assign users who can use the view.

Create a view using the parser view view-name command.*

Assign a secret password to the view.*

Assign commands to the view.*

 

10. What occurs after RSA keys are generated on a Cisco router to prepare for secure device management?

The keys must be zeroized to reset Secure Shell before configuring other parameters.

All vty ports are automatically configured for SSH to provide secure management.

The general-purpose key size must be specified for authentication with the crypto key generate rsa general-keys moduluscommand.

The generated keys can be used by SSH.*

11. Which three statements describe limitations in using privilege levels for assigning command authorization? (Choose three.)

Creating a user account that needs access to most but not all commands can be a tedious process.*

Views are required to define the CLI commands that each user can access.

Commands set on a higher privilege level are not available for lower privilege users.*

It is required that all 16 privilege levels be defined, whether they are used or not.

There is no access control to specific interfaces on a router.*

The root user must be assigned to each privilege level that is defined.

 

12. What command must be issued to enable login enhancements on a Cisco router?

privilege exec level

login delay

login block-for*

banner motd

 

13. What is the default privilege level of user accounts created on Cisco routers?

0

1

15*

16

 

14. A network administrator notices that unsuccessful login attempts have caused a router to enter quiet mode. How can the administrator maintain remote access to the networks even during quiet mode?

Quiet mode behavior can be enabled via an ip access-group command on a physical interface.

Quiet mode behavior will only prevent specific user accounts from attempting to authenticate.

Quiet mode behavior can be overridden for specific networks by using an ACL.*

Quiet mode behavior can be disabled by an administrator by using SSH to connect.

 

15. What is a characteristic of the Cisco IOS Resilient Configuration feature?

It maintains a secure working copy of the bootstrap startup program.

Once issued, the secure boot-config command automatically upgrades the configuration archive to a newer version after new configuration commands have been entered.

A snapshot of the router running configuration can be taken and securely archived in persistent storage.*

The secure boot-image command works properly when the system is configured to run an image from a TFTP server.

 

16. What is a requirement to use the Secure Copy Protocol feature?

At least one user with privilege level 1 has to be configured for local authentication.

A command must be issued to enable the SCP server side functionality.*

A transfer can only originate from SCP clients that are routers.

The Telnet protocol has to be configured on the SCP server side.

 

17. What is a characteristic of the MIB?

The OIDs are organized in a hierarchical structure.*

Information in the MIB cannot be changed.

A separate MIB tree exists for any given device in the network.

Information is organized in a flat manner so that SNMP can access it quickly.

 

18. Which three items are prompted for a user response during interactive AutoSecure setup? (Choose three.)

IP addresses of interfaces

content of a security banner*

enable secret password*

services to disable

enable password*

interfaces to enable

 

19. A network engineer is implementing security on all company routers. Which two commands must be issued to force authentication via the password 1A2b3C for all OSPF-enabled interfaces in the backbone area of the company network? (Choose two.)

area 0 authentication message-digest*

ip ospf message-digest-key 1 md5 1A2b3C*

username OSPF password 1A2b3C

enable password 1A2b3C

area 1 authentication message-digest

 

20. What is the purpose of using the ip ospf message-digest-key key md5 password command and the area area-id authentication message-digest command on a router?

to configure OSPF MD5 authentication globally on the router*

to enable OSPF MD5 authentication on a per-interface basis

to facilitate the establishment of neighbor adjacencies

to encrypt OSPF routing updates

 

21. What are two reasons to enable OSPF routing protocol authentication on a network? (Choose two.)

to provide data security through encryption

to ensure faster network convergence

to ensure more efficient routing

to prevent data traffic from being redirected and then discarded*

to prevent redirection of data traffic to an insecure link*

 

22. Which two options can be configured by Cisco AutoSecure? (Choose two.)

enable secret password*

interface IP address

SNMP

security banner*

syslog

 

23. Which three functions are provided by the syslog logging service? (Choose three.)

setting the size of the logging buffer

specifying where captured information is stored*

gathering logging information*

authenticating and encrypting data sent over the network

distinguishing between information to be captured and information to be ignored*

retaining captured messages on the router when a router is rebooted

 

24. What is the Control Plane Policing (CoPP) feature designed to accomplish?

disable control plane services to reduce overall traffic

prevent unnecessary traffic from overwhelming the route processor*

direct all excess traffic away from the route process

manage services provided by the control plane

 

25. Which three actions are produced by adding Cisco IOS login enhancements to the router login process? (Choose three.)

permit only secure console access

create password authentication

automatically provide AAA authentication

create syslog messages*

slow down an active attack*

disable logins from specified hosts*

from http://www.ccna5.net/

Read more ...

CCNA Security v2.0 Chapter 1 Exam 2015-2016

1. What method can be used to mitigate ping sweeps?

using encrypted or hashed authentication protocols

installing antivirus software on hosts

deploying antisniffer software on all network devices

blocking ICMP echo and echo-replies at the network edge*

 

2. What are the three major components of a worm attack? (Choose three.)

a penetration mechanism

an infecting vulnerability

a payload*

an enabling vulnerability*

a probing mechanism

a propagation mechanism*

 

3. Which statement accurately characterizes the evolution of threats to network security?

Internal threats can cause even greater damage than external threats.*

Threats have become less sophisticated while the technical knowledge needed by an attacker has grown.

Early Internet users often engaged in activities that would harm other users.

Internet architects planned for network security from the beginning.

 

4. What causes a buffer overflow?

launching a security countermeasure to mitigate a Trojan horse

sending repeated connections such as Telnet to a particular device, thus denying other data sources.

downloading and installing too many software updates at one time

attempting to write more data to a memory location than that location can hold*

sending too much information to two or more interfaces of the same device, thereby causing dropped packets

 

5. What commonly motivates cybercriminals to attack networks as compared to hactivists or state-sponsored hackers?

status among peers

fame seeking

financial gain*

political reasons

 

6. Which two network security solutions can be used to mitigate DoS attacks? (Choose two.)

virus scanning

intrusion protection systems*

applying user authentication

antispoofing technologies*

data encryption

 

7. Which two statements characterize DoS attacks? (Choose two.)

 

They are difficult to conduct and are initiated only by very skilled attackers.
They are commonly launched with a tool called L0phtCrack.
Examples include smurf attacks and ping of death attacks.*
They attempt to compromise the availability of a network, host, or application.*
They always precede access attacks.

 

8. An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this?

trust exploitation

buffer overflow

man in the middle*

port redirection

 

9. What functional area of the Cisco Network Foundation Protection framework is responsible for device-generated packets required for network operation, such as ARP message exchanges and routing advertisements?

data plane

control plane*

management plane

forwarding plane

 

10. What are the three components of information security ensured by cryptography? (Choose three.)

threat prevention

authorization

confidentiality*

countermeasures

integrity*

availability*

 

11. What is the primary method for mitigating malware?

using encrypted or hashed authentication protocols

installing antivirus software on all hosts*

blocking ICMP echo and echo-replies at the network edge

deploying intrusion prevention systems throughout the network

 

12. What is an objective of a state-sponsored attack?

to gain financial prosperity

to sell operation system vulnerabilities to other hackers

to gain attention

to right a perceived wrong*

 

13. What role does the Security Intelligence Operations (SIO) play in the Cisco SecureX architecture?

identifying and stopping malicious traffic*

authenticating users

enforcing policy

identifying applications

 

14. What worm mitigation phase involves actively disinfecting infected systems?

Treatment*

containment

inoculation

quarantine

 

15. How is a smurf attack conducted?

by sending a large number of packets to overflow the allocated buffer memory of the target device

by sending a large number of ICMP requests to directed broadcast addresses from a spoofed source address on the same network*

by sending a large number of TCP SYN packets to a target device from a spoofed source address

by sending an echo request in an IP packet larger than the maximum packet size of 65,535 bytes

 

16. What is a characteristic of a Trojan horse as it relates to network security?

Malware is contained in a seemingly legitimate executable program.*

Extreme quantities of data are sent to a particular network device interface.

An electronic dictionary is used to obtain a password to be used to infiltrate a key network device.

Too much information is destined for a particular memory block causing additional memory areas to be affected.

 

17. What is the first step in the risk management process specified by the ISO/IEC?

Create a security policy.

Conduct a risk assessment.*

Inventory and classify IT assets.

Create a security governance model.

 

18. What is the significant characteristic of worm malware?

A worm can execute independently*

A worm must be triggered by an event on the host system.

Worm malware disguises itself as legitimate software

Once installed on a host system, a worm does not replicate itself.

 

19. Which condition describes the potential threat created by Instant On in a data center?

when the primary firewall in the data center crashes

when an attacker hijacks a VM hypervisor and then launches attacks against other devices in the data center

when the primary IPS appliance is malfunctioning

when a VM that may have outdated security policies is brought online after a long period of inactivity.*

 

20. What are the three core components of the Cisco Secure Data Center solution? (Choose three.)

mesh network

secure segmentation*

visibility*

threat defense*

servers

infrastructure

 

21. A disgruntled employee is using Wireshark to discover administrative Telnet usernames and passwords. What type of network attack does this describe?

trust exploitation

denial of service

reconnaissance*

port redirection

 

22. Which two statements describe access attacks? (Choose two.)

Trust exploitation attacks often involve the use of a laptop to act as a rogue access point to capture and copy all network traffic in a public location, such as a wireless hotspot.

To detect listening services, port scanning attacks scan a range of TCP or UDP port numbers on a host

Buffer overflow attacks write data beyond the hallocated buffer memory to overwrite valid data or to exploit systems to execute malicious code.*

Password attacks can be implemented by the use os brute-force attack methods, Trojan horse, or packet sniffers.*

Port redirection attacks use a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN.

 

23. What is a ping sweep?

a scanning technique that examines a range of TCP or UDP port numbers on a host to detect listening services.

a software application that enables the capture of all network packets that are sent across a LAN.

a query and response protocol that identifies information about a domain, including the addresses that are assigned to that domain

a network scanning technique that indicates the live hosts in a range of IP addresses.*

 

24. As a dedicated network security tool, an intrusion __Protection__ system can provide detection and blocking of attacks in real time.

from http://www.ccna5.net/

Read more ...