CCNA Security Practice Test

A private contractor for the military is archiving medical records. Which classification level should be applied to these?

A. Secret

B. Unclassified

C. Top Secret

D. Sensitive

Which statement is true about application layer firewalls?

A. Authenticate devices, not users

B. Authenticate individuals, not devices

C. Logging provides minimal details

D. Recommended for the monitoring of several applications simultaneously

Cisco SecureX is an access control strategy that allows for more effective, higher-level policy creation and enforcement for mobile users. Which of the following describes the Cisco TrustSec function component?

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

Which two statements are true regarding zones? (Choose two)

A. A collection of networks reachable over a specific set of router interfaces

B. Zones are grouped into source/destination pairs

C. Zones are grouped into source/source pairs

D. A collection of networks reachable over all router interfaces

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

Which statement best describes an inside local address?

A. The IPv4 address that is assigned to a host on the outside network by the host owner.

B. The IPv4 address of an outside host as it appears to the inside network.

C. The IPv4 address that is assigned to a host on the inside network.

D. The Valid IPv4 address that is assigned by the network information center or service provider.

Attacks may take a variety of forms. Which of the following describes the Man-in-the-middle attack?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

Which option is the term for a weakness in a system or its design that can be exploited by a threat?

A. a vulnerability

B. a risk

C. an exploit

D. an attack

Which types of attacks can be mitigated by implementing port security? (Choose two)

A. CAM table overflow

B. Port scanning

C. DHCP spoofing

D. MAC address spoofing

E. ARP spoofing

F. VLAN hopping

Which threats are the most serious?

A. inside threats

B. outside threats

C. unknown threats

D. reconnaissance threats

Select the statements that represent threats to network infrastructure. (Choose four)

A. Trust exploitation attacks

B. Spoofing

C. Route flaps and major network transitions

D. Exposed management credentials

E. Denial-of-service attacks

F. Login, authentication, and password attacks

Select one of the following statements that describes the trust exploitation threats.

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

Cisco SecureX is an access control strategy that allows for more effective, higher-level policy creation and enforcement for mobile users. Which of the following describes the Cisco SIO component?

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

What mode will allow the Cisco ASA to act as an additional hop in the network?

A. Proxy

B. Spanned EtherChannel

C. Transparent

D. Routed

Attacks may take a variety of forms. Which of the following describes the Spoofing as a threat category?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

You are reviewing syslog messages from multiple routers in your network. You have noticed irregularities with multiple syslog message timestamps for each router. Which technology can you configure to resolve this?

A. ASDM

B. SNMP

C. NTP

D. RADIUS

Which failover configuration is only available on units that are running in multiple context mode when implementing high availability on the ASA?

A. Active/Active

B. Active/Standby

C. Cisco ASA AIP-SSM

D. Cisco Secure ACS

Which of the following describes the Hacktivists as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

Which of the following describes the Hackers as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

Which command is used to display established IPsec tunnels?

A. show crypto ipsec sa

B. show crypto ipsec transform-set

C. show crypto ipsec

How is called the point in time, prior to a disruption or system outage, to which business process data can be recovered?

A. Recovery Point Objective

B. Recovery Time Objective

C. Maximum Tolerable Downtime

Which of the following describes the function of Cisco ISR?

A. Includes a firewall and real-time threat defense capability

B. Uses hardware- and software-integrated security functions to provide a zone-based policy firewall and intrusion prevention

C. Uses sensors to accomplish intrusion prevention

D. Provides an on-premise solution to prevent data loss

E. Analyzes web requests to determine if the content is malicious or inappropriate based on the defined security policy

Which technology requires that SSH and AAA are configured before it can work?

A. TLS

B. SCP

C. TFTP

D. NTP

You are asked to configure SNMPv3 inside your network. An ACL named snmpacl, which specifies the IP addresses, has already been created, and will be able to perform SNMP queries. Which command would you enter to create a group named SNMPgroup which can send encrypted SNMP queries?

A. Router(config)# snmp-server group SNMPgroup v3 priv access snmpacl

B. Router(config)#snmp-server user admin SNMPgroup v3 auth md5 Password12 priv des56 Password12 access snmpacl

C. Router(config)# snmp-server group SNMPgroup v3 auth access snmpacl

D. Router(config)#snmp-server user admin SNMPgroup v3 auth md5 Password12 access snmpacl

Which of the following examples of security controls matches the Administrative category of security controls? (Choose two)

A. Security awareness training

B. Background checks of employees and contractors

C. Firewalls

D. Positive air flow systems

E. Fire suppression systems

A client e-mails their broker telling them to invest $100,000 in a new startup company. The company performs poorly and the client loses the bulk of the money. They take the broker to court, stating they did not issue the purchase order. What could the broker have done to protect themselves?

A. Make use of digital signatures

B. Only accept purchase orders in person

C. Encrypt any emails sent and received

D. Create a blacklist of startup domains

What is considered the number one criterion when classifying data for either the private or public sector?

A. Age

B. Personal association

C. Useful life

D. Value

Which option correctly defines asymmetric encryption?

A. uses the same keys to encrypt and decrypt data

B. uses MD5 hashing algorithms for digital signage encryption

C. uses different keys to encrypt and decrypt data

D. uses SHA-1 hashing algorithms for digital signage encryption

Which three of these options are some of the best practices when you implement an effective firewall security policy? (Choose three)

A. Position firewalls at strategic inside locations to help mitigate inside nontechnical attacks.

B. Configure logging to capture all events for forensic purposes.

C. Use firewalls as a primary security defense; other security measures and devices should be implemented to enhance your network security.

D. Position firewalls at key security boundaries.

E. Deny all traffic by default and permit only necessary services.

Which options are security services provided by digital signatures? (Choose three)

A. Authenticity of transmitted data

B. Authentication of end points

C. Nonrepudiation of the transaction

D. Confidentiality of transmitted data

E. Integrity of transmitted data

Which networking technology returns a message to the same direction it was received in, in order to reach the proper destination endpoint?

A. Split tunneling

B. NAT traversal

C. Always-on

D. Hairpinning

What can be used to offload the processing of encrypted data? (Choose two)

A. AIM

B. Cisco PIX VPN Accelerator Card+ (VAC+)

C. AnyConnect

D. Cisco VPN 3002 Hardware Client

Which type of IPS sensor offers the best protection against zero-day attacks?

A. Anomaly-based

B. Reputation-based

C. Signature-based

D. Policy-based

What is the purpose of Sarbanes-Oxley information security compliance regulation?

A. Responds to loss of public trust in publicly-traded companies after several corporate and accounting scandals

B. Provides assurance that the electronic transfer of confidential patient information is at least as safe as paper-based records

C. Increases computer and network security within the US government by requiring yearly audits

D. Enables financial organizations to acquire other companies or form alliances with each other

What are reasons that prevent the use of SEAL? (Choose two)

A. Slower that AES

B. Software based IPsec

C. Supported devices

D. K8 subsystem

Which of the following describes the Security posture assessment analysis and documentation?

A. Provides a snapshot of the security state of the network

B. Identifies the steps that are needed to thwart intentional attacks or unintentional mistakes from trusted insiders

C. Quantifies the security risk that is associated with Internet-connected systems

D. Identifies any network traffic leakage from outside the customer's buildings

E. Uses metrics and graphs

You need to implement port security on an access switch. Each switch port must be able to dynamically learn the MAC addresses of the connected devices. If an unauthorized device is detected on an interface, that interface should be placed into an err-disabled state. Which commands should you enter? (Choose two)

A. switchport port-security violation protect
switchport port-security mac-address sticky

B. switchport port-security violation shutdown
switchport port-security mac-address sticky

C. switchport port-security maximum 1
switchport port-security mac-address sticky

D. switchport port-security violation restrict
switchport port-security mac-address sticky

An intruder sends messages to a computer with an IP address that indicates that the message is coming from a trusted host. The hacker learns the IP address of a trusted host and modifies the packet headers so that apparently the packets are coming from that trusted host. How would you categorize this attack?

A. Confidentiality and integrity violation

B. Password attack

C. Spoofing

D. Blended threat

Which features are most important for securing interactive and management access to an infrastructure device? (Choose four)

A. It is recommended to restrict device accessibility

B. Only use out-of-band management systems

C. Use management protocols with strong authentication to ensure the confidentiality of your data

D. Perform network management using Telnet or HTTP

E. Authenticate access to your systems

F. Log and account for all access

How is called the most time that a system resource can remain unavailable before there is an unacceptable effect?

A. Recovery Point Objective

B. Recovery Time Objective

C. Maximum Tolerable Downtime

You have learned that a Trojan was propagated to several servers in your network. However, no preventative action was taken by an IPS. What is this an example of?

A. False negative

B. True positive

C. True negative

D. False positive

What is the purpose of HIPAA information security compliance regulation?

A. Responds to loss of public trust in publicly-traded companies after several corporate and accounting scandals

B. Provides assurance that the electronic transfer of confidential patient information is at least as safe as paper-based records

C. Increases computer and network security within the US government by requiring yearly audits

D. Enables financial organizations to acquire other companies or form alliances with each other

A tunnel has been created and established with a branch office. You need to verify that traffic is traversing the connection. Which command will provide this information?

A. show crypto ipsec sa

B. show crypto ipsec transform-set

C. show crypto map

D. show crypto isakmp policy

Suppose you want to change the minimum password length using the CLI from Cisco Configuration Professional. What should you do first?

A. Navigate to the Security Audit Wizard

B. Navigate to the Configuration Editor option in the Utilities panel

C. Use the Manage Community dialog box

What technology allows for a device to have multiple virtual firewalls?

A. Cisco Secure ACS

B. Class maps

C. Security contexts

D. Compartmentalization principal

What is true regarding application layer proxy firewalls? (Choose two)

A. Authenticates devices

B. Increases network performance

C. Authenticates users

D. Reduces spoofing attacks

Which security features rely on DHCP snooping? (Choose two)

A. Loop guard

B. DAI

C. IP source guard

D. CoPP

What is defined as a collection of networks, reachable by specific interfaces on the router?

A. Zone

B. Subnet

C. Demilitarized zone

D. Virtual LAN

What are the appropriate actions during a Detection and analysis incident response phase? (Choose three)

A. Prepare the facilities and communication mechanisms

B. Define the incident analysis hardware and software

C. Define the prevention procedures

D. Define a threat vector classification scheme

E. Analyze and implement tools for log and event correlation

F. Provide notification of incidents

Which of the following actions belong to the Disposition phase of the secure network life cycle? (Choose two)

A. Security categorization

B. Preliminary risk assessment

C. Configuration management and control

D. Continuous monitoring

E. Information preservation

F. Media sanitization

Which of the following describes the Phreakers as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

Which statement is true regarding zone based firewalls in which traffic passes between zones?

A. Default policy is to allow all

B. Dependent on ACLs

C. They are not compatible with the Cisco Common Classification Policy Language

D. Default policy is to deny all

What are requirements when integrating Cisco ISE and Active Directory? (Choose two)

A. Create identity rewrite rules

B. Configure authentication domains

C. Configure NTP to synchronize between Cisco ISE and Active Directory

D. Cisco ISE must be able to access a global catalog server

E. Create a scope through Cisco ISE

Select one of the following statements that describes the overt and covert channels.

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

A transform-set must be created with the name 'test'. It should also support data confidentiality using strong DES encryption. Enter the command that would accomplish this task.

A. crypto ipsec transform-set test esp-des

B. crypto ipsec transform-set test esp-3des

C. crypto ipsec transform-set test ah-md5-hmac

Cisco test CCNA 210-260

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?

Why?

Cisco test CCNA 210-260

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?