CCNA Security Practice Test

A client e-mails their broker telling them to invest $100,000 in a new startup company. The company performs poorly and the client loses the bulk of the money. They take the broker to court, stating they did not issue the purchase order. What could the broker have done to protect themselves?

A. Make use of digital signatures

B. Only accept purchase orders in person

C. Encrypt any emails sent and received

D. Create a blacklist of startup domains

During which attack phase would an attacker use a provision such as registry edits to keep the malware on the system?

A. Paralyze

B. Persist

C. Propagate

D. Probe

Suppose you want to change the minimum password length using the CLI from Cisco Configuration Professional. What should you do first?

A. Navigate to the Security Audit Wizard

B. Navigate to the Configuration Editor option in the Utilities panel

C. Use the Manage Community dialog box

Which features can you enable to mitigate STP attacks? (Choose two)

A. Root guard

B. IP source guard

C. BPDU guard

D. DAI

Which of the following describes the function of Cisco ScanSafe?

A. Includes a firewall and real-time threat defense capability

B. Uses hardware- and software-integrated security functions to provide a zone-based policy firewall and intrusion prevention

C. Uses sensors to accomplish intrusion prevention

D. Provides an on-premise solution to prevent data loss

E. Analyzes web requests to determine if the content is malicious or inappropriate based on the defined security policy

To verify the clientless SSL VPN, a compliant browser has been opened. Which prefix is the path changed to if the object requires authentication?

A. /+CSCOU+/

B. http://

C. https://

D. /+CSCOE+/

A private contractor for the military is archiving medical records. Which classification level should be applied to these?

A. Secret

B. Unclassified

C. Top Secret

D. Sensitive

How is called the most time that a system resource can remain unavailable before there is an unacceptable effect?

A. Recovery Point Objective

B. Recovery Time Objective

C. Maximum Tolerable Downtime

You are planning a security policy for your network. Using the least amount of administrative effort, what should be included to help limit traffic from inside the network to outside of it?

A. Configure an ACL

B. Implement AAA

C. Implement HTTP filtering

D. Apply static NAT

Which option is the term for the likelihood that a particular threat using a specific attack will exploit a particular vulnerability of a system that results in an undesirable consequence?

A. a vulnerability

B. a risk

C. an exploit

D. an attack

Which statements about routing update authentication are true? (Choose two)

A. EIGRP supports both plain text and MD5 authentication

B. OSPF supports both plain text and MD5 authentication

C. It can help prevent rouge default gateways from entering your network

D. When MD5 authentication is used, the authentication key is encrypted before being transmitted.

Which hash algorithm is vulnerable to collision attacks?

A. MD5

B. SHA-1

C. SHA-2

D. RC5

Select the statements that represent threats to network infrastructure. (Choose four)

A. Trust exploitation attacks

B. Spoofing

C. Route flaps and major network transitions

D. Exposed management credentials

E. Denial-of-service attacks

F. Login, authentication, and password attacks

RADIUS and TACACS+ are both commonly used to control network access. Which of the following describes the function of RADIUS? (Choose three)

A. Uses UDP

B. Uses TCP

C. Only encrypts the password for access-request packets

D. Encrypts the entire body of access-request packets

E. Cannot be used to prevent users from performing specific commands on a router

F. Can be used to specify which commands users can perform on a router

What is the first step you should take when considering securing your network?

A. Install a firewall.

B. Install an intrusion prevention system.

C. Update servers and user PCs with the latest patches.

D. Develop a security policy.

Recently a bookmark was created but was misconfigured. The bookmark should allow access to a shared folder located on the Intranet. Which protocol would need to be configured to allow this type of connection?

A. RDP

B. SSH

C. FTP

D. CIFS

E. HTTPS

Which one of the following statements describes the Botnets?

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

Attacks may take a variety of forms. Which of the following describes the Man-in-the-middle attack?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

Which traffic properties can be configured to bypass content scanning? (Choose two)

A. License key

B. HTTP-based header fields

C. Port number

D. IP address

Which statements accurately describe characteristics of the Cisco borderless networks architecture? (Choose two)

A. The borderless end zone detects threats and mitigates them before users connect to the network

B. The policy management layer leverages existing infrastructure components and switching components, and then layers virtualized components on top to provide security solutions

C. The borderless datacenters enforce the security policy throughout the network

D. The borderless Internet component relies on cloud-based services for security intelligence, real-time updates, and scanning support for mobile users

Which of the following examples of security controls matches the Administrative category of security controls? (Choose two)

A. Security awareness training

B. Background checks of employees and contractors

C. Firewalls

D. Positive air flow systems

E. Fire suppression systems

Which STP attack mitigation features causes an interface to be placed in an errdisabled state if a BPDU is received on that port?

A. Root guard

B. Loop guard

C. BPDU guard

D. BPDU filtering

Which of the following describes the function of Cisco ISR?

A. Includes a firewall and real-time threat defense capability

B. Uses hardware- and software-integrated security functions to provide a zone-based policy firewall and intrusion prevention

C. Uses sensors to accomplish intrusion prevention

D. Provides an on-premise solution to prevent data loss

E. Analyzes web requests to determine if the content is malicious or inappropriate based on the defined security policy

In what ways can ACLs protect the data plane? (Choose five)

A. ACLs can block unwanted traffic or users

B. ACLs can prevent spoofed packets

C. ACLs can reduce the chance of DoS attacks

D. ACLs can provide port security to prevent MAC flooding attacks

E. ACLs can provide bandwidth control

F. ACLs can be used to restrict user access based on the role of the user

G. ACLs can be used to classify network traffic in order to protect other planes

Cisco SecureX is an access control strategy that allows for more effective, higher-level policy creation and enforcement for mobile users. Which of the following describes the Context awareness component?

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

A client needs to telecommute from home to the office, and requires a VPN connection. Only work related traffic should traverse the tunnel, Internet traffic should not. Which technology would allow for this operation?

A. Always-on

B. Hairpinning

C. NAT traversal

D. Split tunneling

Which command could you use to determine the number TACACS+ authentication attempts that have recently timed out?

A. Router# debug aaa authentication

B. Router# debug tacacs

C. Router# show authentication sessions

D. Router# show aaa servers

To verify the clientless SSL VPN, a compliant browser has been opened. Which prefix is the path changed to if the object does not require authentication?

A. http://

B. /+CSCOE+/

C. /+CSCOU+/

D. https://

What is the purpose of HIPAA information security compliance regulation?

A. Responds to loss of public trust in publicly-traded companies after several corporate and accounting scandals

B. Provides assurance that the electronic transfer of confidential patient information is at least as safe as paper-based records

C. Increases computer and network security within the US government by requiring yearly audits

D. Enables financial organizations to acquire other companies or form alliances with each other

Which command is used to display established IPsec tunnels?

A. show crypto ipsec sa

B. show crypto ipsec transform-set

C. show crypto ipsec

Security threats have evolved over time. Identity the latest generation of security threats. (Choose four)

A. Virtualization exploits

B. Memory scraping

C. Hardware hacking

D. IPv6-based attacks

E. E-mail

F. Infrastructure hacking

Which of the following describes the Wireless assessment?

A. Provides a snapshot of the security state of the network

B. Identifies the steps that are needed to thwart intentional attacks or unintentional mistakes from trusted insiders

C. Quantifies the security risk that is associated with Internet-connected systems

D. Identifies any network traffic leakage from outside the customer's buildings

E. Uses metrics and graphs

When configuring firewall access rules, there are several things that need to be avoided, such as completeness issues, consistency issues, and compactness issues. Which of the following are two examples of consistency issues? (Choose two)

A. Data entry errors

B. Shadowed rules

C. Orphaned rules

D. Errors in rule specification

Select one of the following statements that describes the overt and covert channels.

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

When configuring high availability on the ASA, what two failover configurations are supported? (Choose two)

A. DAI

B. AAA

C. Active/Active

D. Active/Standby

Which threats are the most serious?

A. inside threats

B. outside threats

C. unknown threats

D. reconnaissance threats

You need to implement a high availability solution on the ASA. The solution must be able to work with units running in either single or multiple context mode. Which failover configuration should be used?

A. Cisco Secure ACS

B. Active/Standby

C. Cisco ASDM

D. Active/Active

Which of the following control plane security features extends policing functionality by allowing finer policing granularity?

A. Control Plane Policing – CoPP

B. Control Plane Protection – CPP

C. Control Plane Logging

Which of the following are Symmetric encryption algorithms? (Choose three)

A. 3DES

B. IDEA

C. SHA-2

D. AES

E. RSA

F. ECDSA

You need to be able to prevent users from entering global configuration mode unless they have the necessary privilege level. Which actions can you take to accomplish this? (Choose two)

A. Configure command authorization

B. Enable Cisco AutoSecure

C. Deploy a TACACS+ server

D. Deploy a RADIUS server

Which two statements describe features of the state table? (Choose two)

A. Tracks all sessions and inspects all packets passing through the firewall

B. Changes dynamically according to traffic flow

C. Receives copies of packets, processes them, and can then respond to threats

D. Provides a secure and encrypted management connection for managing network devices

Which of the following describes the Script kiddies as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

A transform-set must be created with the name 'test'. It should also support data confidentiality using strong DES encryption. Enter the command that would accomplish this task.

A. crypto ipsec transform-set test esp-des

B. crypto ipsec transform-set test esp-3des

C. crypto ipsec transform-set test ah-md5-hmac

Which statement about IPS deployments is true?

A. IPS deployments operate in promiscuous mode

B. IPS deployments generally utilize SPAN ports

C. IPS deployments are generally placed in front of a perimeter firewall

D. IPS deployments operate in inline mode

Network security aims to provide which three key services? (Choose three)

A. data integrity

B. data strategy

C. data and system availability

D. data mining

E. data storage

F. data confidentiality

RADIUS and TACACS+ are both commonly used to control network access. Which of the following describes the function of TACACS+? (Choose three)

A. Uses UDP

B. Uses TCP

C. Only encrypts the password for access-request packets

D. Encrypts the entire body of access-request packets

E. Cannot be used to prevent users from performing specific commands on a router

F. Can be used to specify which commands users can perform on a router

Which statement about role-based CLI access is true?

A. Commands can be added and removed on superviews from the root view

B. Deleting a superview also deletes any associated CLI views

C. Role-based CLI access can be configured with or without an AAA infrastructure

D. CLI views can be shared with more than one superview

Select one of the following statements that describes the trust exploitation threats.

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

A client on your network is seeking advice from you in regards to the type of host-based security for their home network. They state that they have three devices, which share an Internet connection through a single home server. The home server is directly connected to the ISP router. Their main concern is primarily on traffic going through the home server to and from the other three devices. What should you recommend that would require the least amount of administrative overhead and associated set up cost?

A. Proxy firewall

B. Dynamic NAT

C. Personal firewall

D. Static NAT

An organization requires a system that will meet the following requirements:
- Aggregate data from any compatible network node
- Produce compliance reports

Which system would fulfill these requirements?

A. ISE

B. SIEM

C. SNMP

D. IDS/IPS

Which of the following describes the Internal assessment?

A. Provides a snapshot of the security state of the network

B. Identifies the steps that are needed to thwart intentional attacks or unintentional mistakes from trusted insiders

C. Quantifies the security risk that is associated with Internet-connected systems

D. Identifies any network traffic leakage from outside the customer's buildings

E. Uses metrics and graphs

Which of these options is a GUI tool for performing security configurations on Cisco routers?

A. Security Appliance Device Manager

B. Cisco CLI Configuration Management Tool

C. Cisco Security Device Manager

D. Cisco Security Manager

Which tasks could you perform by deploying a third party MDM solution with Cisco ISE? (Choose two)

A. Require mobile devices to have pin locks configured before being allowed to access a wireless endpoint

B. Require that remote computers have up-to-date antivirus definitions before allowing VPN connections

C. Provide a self-service portal which users can use to manage their mobile device status

D. Provide web proxy services for network devices

Which types of attacks can be mitigated by implementing port security? (Choose two)

A. CAM table overflow

B. Port scanning

C. DHCP spoofing

D. MAC address spoofing

E. ARP spoofing

F. VLAN hopping

Which of the following actions belong to the Disposition phase of the secure network life cycle? (Choose two)

A. Security categorization

B. Preliminary risk assessment

C. Configuration management and control

D. Continuous monitoring

E. Information preservation

F. Media sanitization

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?

Why?

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?