CCNA Security Practice Test

Security threats have evolved over time. Identity the latest generation of security threats. (Choose four)

A. Virtualization exploits

B. Memory scraping

C. Hardware hacking

D. IPv6-based attacks

E. E-mail

F. Infrastructure hacking

Which of the following control plane security features provides a necessary mechanism for deploying, monitoring, and troubleshooting CPP efficiently?

A. Control Plane Policing – CoPP

B. Control Plane Protection – CPP

C. Control Plane Logging

Which risk rating attribute allows you to rate how critical network components are in your infrastructure?

A. ARR

B. ASR

C. SFR

D. TVR

Which of the following are Symmetric encryption algorithms? (Choose three)

A. 3DES

B. IDEA

C. SHA-2

D. AES

E. RSA

F. ECDSA

Which of the following describes the Security posture assessment analysis and documentation?

A. Provides a snapshot of the security state of the network

B. Identifies the steps that are needed to thwart intentional attacks or unintentional mistakes from trusted insiders

C. Quantifies the security risk that is associated with Internet-connected systems

D. Identifies any network traffic leakage from outside the customer's buildings

E. Uses metrics and graphs

How is called the point in time, prior to a disruption or system outage, to which business process data can be recovered?

A. Recovery Point Objective

B. Recovery Time Objective

C. Maximum Tolerable Downtime

What is the purpose of GLBA information security compliance regulation?

A. Responds to loss of public trust in publicly-traded companies after several corporate and accounting scandals

B. Provides assurance that the electronic transfer of confidential patient information is at least as safe as paper-based records

C. Increases computer and network security within the US government by requiring yearly audits

D. Enables financial organizations to acquire other companies or form alliances with each other

An intruder sends messages to a computer with an IP address that indicates that the message is coming from a trusted host. The hacker learns the IP address of a trusted host and modifies the packet headers so that apparently the packets are coming from that trusted host. How would you categorize this attack?

A. Confidentiality and integrity violation

B. Password attack

C. Spoofing

D. Blended threat

A client e-mails their broker telling them to invest $100,000 in a new startup company. The company performs poorly and the client loses the bulk of the money. They take the broker to court, stating they did not issue the purchase order. What could the broker have done to protect themselves?

A. Make use of digital signatures

B. Only accept purchase orders in person

C. Encrypt any emails sent and received

D. Create a blacklist of startup domains

Which of the following methods describes DoS attack? (Choose two)

A. ARP spoofing

B. DHCP spoofing

C. STP attack

D. CAM table overflow

E. CDP reconnaissance

Which of these options is a GUI tool for performing security configurations on Cisco routers?

A. Security Appliance Device Manager

B. Cisco CLI Configuration Management Tool

C. Cisco Security Device Manager

D. Cisco Security Manager

Which statements accurately describe characteristics of the Cisco borderless networks architecture? (Choose two)

A. The borderless end zone detects threats and mitigates them before users connect to the network

B. The policy management layer leverages existing infrastructure components and switching components, and then layers virtualized components on top to provide security solutions

C. The borderless datacenters enforce the security policy throughout the network

D. The borderless Internet component relies on cloud-based services for security intelligence, real-time updates, and scanning support for mobile users

During which attack phase would an attacker use a provision such as registry edits to keep the malware on the system?

A. Paralyze

B. Persist

C. Propagate

D. Probe

A tunnel has been created and established with a branch office. You need to verify that traffic is traversing the connection. Which command will provide this information?

A. show crypto ipsec sa

B. show crypto ipsec transform-set

C. show crypto map

D. show crypto isakmp policy

Why would an organization choose to implement a stateful packet inspection?

A. Support user authentication for connections

B. For use with all transport protocols

C. Improves routing performance

D. Protection against upper layer attacks

Attacks may take a variety of forms. Which of the following describes the Blended threats as a threat category?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

When configuring firewall access rules, there are several things that need to be avoided, such as completeness issues, consistency issues, and compactness issues. What are two examples of completeness issues? (Choose two)

A. Errors in rule specification

B. Data entry errors

C. Redundant rules

D. Promiscuous rules

Which of the actions are possible using Cisco Configuration Professional Express?

A. NAT, QoS, and NAC configurations

B. One-click router lockdown

C. Command line interface

D. WAN and VPN connectivity troubleshooting

Which of the following describes the Hackers as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

Which threats are the most serious?

A. inside threats

B. outside threats

C. unknown threats

D. reconnaissance threats

Which of the following describes the function of Cisco ASA?

A. Includes a firewall and real-time threat defense capability

B. Uses hardware- and software-integrated security functions to provide a zone-based policy firewall and intrusion prevention

C. Uses sensors to accomplish intrusion prevention

D. Provides an on-premise solution to prevent data loss

E. Analyzes web requests to determine if the content is malicious or inappropriate based on the defined security policy

Attacks may take a variety of forms. Which of the following describes the Man-in-the-middle attack?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

Which technologies can perform RADIUS and TACACS+ authentication? (Choose two)

A. ISE

B. ASDM

C. ACS

D. ASA

Select one of the following statements that describes the trust exploitation threats.

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

What mode will allow the Cisco ASA to act as an additional hop in the network?

A. Proxy

B. Spanned EtherChannel

C. Transparent

D. Routed

Which types of attacks can be mitigated by implementing port security? (Choose two)

A. CAM table overflow

B. Port scanning

C. DHCP spoofing

D. MAC address spoofing

E. ARP spoofing

F. VLAN hopping

Which of the options are primary reasons for an attacker to perform an IP spoofing attack? (Choose two)

A. Divert traffic streams

B. Gain root access to a system

C. Corrupt transmitted data

D. Logging information

Which of the following describes the function of Cisco ScanSafe?

A. Includes a firewall and real-time threat defense capability

B. Uses hardware- and software-integrated security functions to provide a zone-based policy firewall and intrusion prevention

C. Uses sensors to accomplish intrusion prevention

D. Provides an on-premise solution to prevent data loss

E. Analyzes web requests to determine if the content is malicious or inappropriate based on the defined security policy

You have several operating groups in your enterprise that require differing access restrictions to the routers to perform their job roles. These groups range from Help Desk personnel to advanced troubleshooters. What is one methodology for controlling access rights to the routers in these situations?

A. configure ACLs to control access for the different groups

B. configure multiple privilege level access

C. implement syslogging to monitor the activities of the groups

D. configure TACACS+ to perform scalable authentication

Which hash algorithm is vulnerable to collision attacks?

A. MD5

B. SHA-1

C. SHA-2

D. RC5

Which recommendations follow defense-in-depth principles? (Choose two)

A. Defend in one place

B. Build one layer of defense

C. Employ robust key management

D. Deploy IPS

Which of the following are Asymmetric encryption algorithms? (Choose two)

A. 3DES

B. DH

C. SHA-2

D. AES

E. RSA

Which of the following control plane security features is a Cisco IOS feature designed to allow users to manage the flow of traffic that is managed by the route processor of their network devices?

A. Control Plane Policing – CoPP

B. Control Plane Protection – CPP

C. Control Plane Logging

Which of the following examples of security controls matches the Technical category of security controls?

A. Security awareness training

B. Background checks of employees and contractors

C. Firewalls

D. Positive air flow systems

E. Fire suppression systems

Attacks may take a variety of forms. Which of the following describes the Spoofing as a threat category?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

What is the purpose of FISMA information security compliance regulation?

A. Responds to loss of public trust in publicly-traded companies after several corporate and accounting scandals

B. Provides assurance that the electronic transfer of confidential patient information is at least as safe as paper-based records

C. Increases computer and network security within the US government by requiring yearly audits

D. Enables financial organizations to acquire other companies or form alliances with each other

What are some of the security functions that can be managed using Cisco Configuration Professional? (Choose five)

A. Device hardening

B. Firewall support

C. Antispoofing

D. IPS support

E. VPN support

F. MAC security

G. Management, monitoring, and troubleshooting

A client needs to telecommute from home to the office, and requires a VPN connection. Only work related traffic should traverse the tunnel, Internet traffic should not. Which technology would allow for this operation?

A. Always-on

B. Hairpinning

C. NAT traversal

D. Split tunneling

Select the statements that define the unique components of Cisco Configuration Professional used for security policy deployment. (Choose three)

A. Cisco AutoSecure configures security-related features of the router based on a set of Cisco defaults

B. Communities can be used to group devices based on shared components

C. Templates parameterize configuration files to apply same configuration to multiple devices

D. User profiles are GUI views that allow RBAC

E. Cisco NFP can be used to provide infrastructure protection

You are asked to configure SNMPv3 inside your network. An ACL named snmpacl, which specifies the IP addresses, has already been created, and will be able to perform SNMP queries. Which command would you enter to create a group named SNMPgroup which can send encrypted SNMP queries?

A. Router(config)# snmp-server group SNMPgroup v3 priv access snmpacl

B. Router(config)#snmp-server user admin SNMPgroup v3 auth md5 Password12 priv des56 Password12 access snmpacl

C. Router(config)# snmp-server group SNMPgroup v3 auth access snmpacl

D. Router(config)#snmp-server user admin SNMPgroup v3 auth md5 Password12 access snmpacl

Which of the following describes the Management plane packets classification? (Choose two)

A. End-station, user-generated packets

B. Examples include protocols such as ARP, BGP, and OSPF

C. Always have a receive destination IP address and are managed by the CPU in the network device route processor

D. Examples include SSH, TFTP, SNMP, and FTP

Which of the following actions belong to the Operations and maintenance phase of the secure network life cycle? (Choose two)

A. Security categorization

B. Preliminary risk assessment

C. Configuration management and control

D. Continuous monitoring

E. Information preservation

F. Media sanitization

A client auto-downloaded the Cisco AnyConnect SSL VPN Client and a connection has been established. How can the connection mode be determined?

A. Using the ASDM navigate to Monitoring. Choose VPN, VPN Statistics, and then Sessions. Locate the client session.

B. Double-click the AnyConnect system tray icon. Choose statistics tab. Click details.

C. Using the ASDM navigate to Monitoring. Choose VPN, VPN Statistics, and then Sessions. Locate the client session, and then click the Details button.

D. Double-click the AnyConnect system tray icon. Choose statistics tab.

Which actions can you take to prevent VLAN hopping? (Choose two)

A. Prevent dynamic trunk port negotiation

B. Enable port security

C. Ensure all trunk ports use VLAN 1 as their native VLAN

D. Change the native VLAN on all trunk ports to an unused VLAN

Which services does an IronPort C-Series provide? (Choose two)

A. Antivirus

B. URL filtering

C. Spam filtering

D. Antimalware

Which of the following describes the Script kiddies as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

Which statement about private VLANs is true?

A. Isolated ports can only communicate with other isolated ports in the same VLAN

B. Community ports can communicate with other community ports on another switch in the same community VLAN

C. Community VLANs can communicate with other community VLANs as long as they are part of the same primary VLAN

D. Promiscuous ports can communicate with all other ports except isolated ports

Cisco SecureX is an access control strategy that allows for more effective, higher-level policy creation and enforcement for mobile users. Which of the following describes the Cisco SIO component?

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

You have learned that a Trojan was propagated to several servers in your network. However, no preventative action was taken by an IPS. What is this an example of?

A. False negative

B. True positive

C. True negative

D. False positive

Which actions occur during the implementation phase of the secure network life cycle? (Choose three)

A. Inspection and acceptance

B. System integration

C. Security certification

D. Developmental security test and evaluation

E. Security planning

A technician is setting up a SOHO for a client. The client will be using a VPN to connect to their office. Which routers are recommended for this topology? (Choose two)

A. Cisco 2900 Series

B. Cisco 90 Series

C. Cisco 1900 Series

D. Cisco 800 Series

Which option is a desirable feature of using symmetric encryption algorithms?

A. They are often used for wire-speed encryption in data networks.

B. They are based on complex mathematical operations and can easily be accelerated by hardware.

C. They offer simple key management properties.

D. They are best used for one-time encryption needs.

Which of the following control plane security features allows users to configure a QoS filter to restrict the flow of control plane packets?

A. Control Plane Policing – CoPP

B. Control Plane Protection – CPP

C. Control Plane Logging

You need to ensure that CDP is only enabled on interfaces that are connected to a trusted network. CDP must be disabled on all other interfaces. What should you do?

A. Run the no cdp run command

B. Run the no cdp enable command

C. Deploy Cisco AutoSecure in noninteractive mode

D. Deploy Cisco AutoSecure in interactive mode

What are requirements when integrating Cisco ISE and Active Directory? (Choose two)

A. Create identity rewrite rules

B. Configure authentication domains

C. Configure NTP to synchronize between Cisco ISE and Active Directory

D. Cisco ISE must be able to access a global catalog server

E. Create a scope through Cisco ISE

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?

Why?

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?