CCNA Security Practice Test

Cisco SecureX is an access control strategy that allows for more effective, higher-level policy creation and enforcement for mobile users. Which of the following describes the Context awareness component?

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

A client needs to telecommute from home to the office, and requires a VPN connection. Only work related traffic should traverse the tunnel, Internet traffic should not. Which technology would allow for this operation?

A. Always-on

B. Hairpinning

C. NAT traversal

D. Split tunneling

Select the statements that represent threats to network infrastructure. (Choose four)

A. Trust exploitation attacks

B. Spoofing

C. Route flaps and major network transitions

D. Exposed management credentials

E. Denial-of-service attacks

F. Login, authentication, and password attacks

Which option is the term for the likelihood that a particular threat using a specific attack will exploit a particular vulnerability of a system that results in an undesirable consequence?

A. a vulnerability

B. a risk

C. an exploit

D. an attack

Which of the following describes the Crackers as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

What can be used to offload the processing of encrypted data? (Choose two)

A. AIM

B. Cisco PIX VPN Accelerator Card+ (VAC+)

C. AnyConnect

D. Cisco VPN 3002 Hardware Client

Which of the following describes the function of Cisco ASA?

A. Includes a firewall and real-time threat defense capability

B. Uses hardware- and software-integrated security functions to provide a zone-based policy firewall and intrusion prevention

C. Uses sensors to accomplish intrusion prevention

D. Provides an on-premise solution to prevent data loss

E. Analyzes web requests to determine if the content is malicious or inappropriate based on the defined security policy

Which of the following describes the function of Cisco ISR?

A. Includes a firewall and real-time threat defense capability

B. Uses hardware- and software-integrated security functions to provide a zone-based policy firewall and intrusion prevention

C. Uses sensors to accomplish intrusion prevention

D. Provides an on-premise solution to prevent data loss

E. Analyzes web requests to determine if the content is malicious or inappropriate based on the defined security policy

A company opens a new mid-sized branch office. Which Cisco ESA models would ideally be deployed to this office? (Choose three)

A. C670

B. X1070

C. C170

D. C380

E. C370

F. C680

Which of the following actions belong to the Operations and maintenance phase of the secure network life cycle? (Choose two)

A. Security categorization

B. Preliminary risk assessment

C. Configuration management and control

D. Continuous monitoring

E. Information preservation

F. Media sanitization

Cisco SecureX is an access control strategy that allows for more effective, higher-level policy creation and enforcement for mobile users. Which of the following describes the Cisco SIO component?

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

Which failover configuration is only available on units that are running in multiple context mode when implementing high availability on the ASA?

A. Active/Active

B. Active/Standby

C. Cisco ASA AIP-SSM

D. Cisco Secure ACS

Which statements accurately describe characteristics of the Cisco borderless networks architecture? (Choose two)

A. The borderless end zone detects threats and mitigates them before users connect to the network

B. The policy management layer leverages existing infrastructure components and switching components, and then layers virtualized components on top to provide security solutions

C. The borderless datacenters enforce the security policy throughout the network

D. The borderless Internet component relies on cloud-based services for security intelligence, real-time updates, and scanning support for mobile users

How is called the most time that a system resource can remain unavailable before there is an unacceptable effect?

A. Recovery Point Objective

B. Recovery Time Objective

C. Maximum Tolerable Downtime

Which of the following actions belong to the Disposition phase of the secure network life cycle? (Choose two)

A. Security categorization

B. Preliminary risk assessment

C. Configuration management and control

D. Continuous monitoring

E. Information preservation

F. Media sanitization

You have noticed that an access switch is forwarding traffic out of all interfaces. Which type of attack is likely occurring?

A. STP attack

B. DHCP spoofing

C. VLAN hopping

D. CAM table overflow attack

Which of the following methods describes Network mapping attack?

A. ARP spoofing

B. DHCP spoofing

C. STP attack

D. CAM table overflow

E. CDP reconnaissance

A transform-set must be created with the name 'test'. It should also support data confidentiality using strong DES encryption. Enter the command that would accomplish this task.

A. crypto ipsec transform-set test esp-des

B. crypto ipsec transform-set test esp-3des

C. crypto ipsec transform-set test ah-md5-hmac

What are the appropriate actions during a Preparation incident response phase? (Choose three)

A. Prepare the facilities and communication mechanisms

B. Define the incident analysis hardware and software

C. Define the prevention procedures

D. Define a threat vector classification scheme

E. Analyze and implement tools for log and event correlation

F. Provide notification of incidents

Which of the following describes the function of Cisco ScanSafe?

A. Includes a firewall and real-time threat defense capability

B. Uses hardware- and software-integrated security functions to provide a zone-based policy firewall and intrusion prevention

C. Uses sensors to accomplish intrusion prevention

D. Provides an on-premise solution to prevent data loss

E. Analyzes web requests to determine if the content is malicious or inappropriate based on the defined security policy

When configuring firewall access rules, there are several things that need to be avoided, such as completeness issues, consistency issues, and compactness issues. What are two examples of completeness issues? (Choose two)

A. Errors in rule specification

B. Data entry errors

C. Redundant rules

D. Promiscuous rules

What is considered the number one criterion when classifying data for either the private or public sector?

A. Age

B. Personal association

C. Useful life

D. Value

You have learned that a Trojan was propagated to several servers in your network. However, no preventative action was taken by an IPS. What is this an example of?

A. False negative

B. True positive

C. True negative

D. False positive

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

Which of the following describes the Hacktivists as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

What are the easiest methods for blocking access to a specific site? (Choose two)

A. URL filtering

B. URL categorizing

C. Web application filtering

D. Blacklisting

Recently a bookmark was created but was misconfigured. The bookmark should allow access to a shared folder located on the Intranet. Which protocol would need to be configured to allow this type of connection?

A. RDP

B. SSH

C. FTP

D. CIFS

E. HTTPS

Which of the following describes the Script kiddies as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

Which of the following describes the function of Cisco IPS?

A. Includes a firewall and real-time threat defense capability

B. Uses hardware- and software-integrated security functions to provide a zone-based policy firewall and intrusion prevention

C. Uses sensors to accomplish intrusion prevention

D. Provides an on-premise solution to prevent data loss

E. Analyzes web requests to determine if the content is malicious or inappropriate based on the defined security policy

Which of the following describes the Internal assessment?

A. Provides a snapshot of the security state of the network

B. Identifies the steps that are needed to thwart intentional attacks or unintentional mistakes from trusted insiders

C. Quantifies the security risk that is associated with Internet-connected systems

D. Identifies any network traffic leakage from outside the customer's buildings

E. Uses metrics and graphs

In what ways can ACLs protect the data plane? (Choose five)

A. ACLs can block unwanted traffic or users

B. ACLs can prevent spoofed packets

C. ACLs can reduce the chance of DoS attacks

D. ACLs can provide port security to prevent MAC flooding attacks

E. ACLs can provide bandwidth control

F. ACLs can be used to restrict user access based on the role of the user

G. ACLs can be used to classify network traffic in order to protect other planes

Which security features rely on DHCP snooping? (Choose two)

A. Loop guard

B. DAI

C. IP source guard

D. CoPP

Which one of the following statements describes the DoS and DDoS Attacks?

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

Which three options are areas of router security? (Choose three)

A. physical security

B. access control list security

C. zone-based firewall security

D. operating system security

E. router hardening

F. Cisco IOS-IPS security

Which statement about private VLANs is true?

A. Isolated ports can only communicate with other isolated ports in the same VLAN

B. Community ports can communicate with other community ports on another switch in the same community VLAN

C. Community VLANs can communicate with other community VLANs as long as they are part of the same primary VLAN

D. Promiscuous ports can communicate with all other ports except isolated ports

There is currently an issue with some clients establishing an AnyConnect SSL VPN. The affected users differ from time to time. What could help explain this problem?

A. Certify the proper VPN protocol is selected

B. Determine the Internet browser version

C. Check the configured authentication type

D. Verify the address pool

A sensitive document was recently accessed by an unauthorized user. Specifications about a new product were changed to erroneous data. Which security principle violations have occurred in this scenario? (Choose two)

A. Authenticity

B. Availability

C. Confidentiality

D. Integrity

You are planning a security policy for your network. Using the least amount of administrative effort, what should be included to help limit traffic from inside the network to outside of it?

A. Configure an ACL

B. Implement AAA

C. Implement HTTP filtering

D. Apply static NAT

Which statements about DHCP snooping are true? (Choose two)

A. The DHCP snooping database is used by root guard

B. The DHCP snooping database agent allows you to retain the DHCP snooping database bindings when the device is reloaded

C. Client devices should be connected to trusted ports, and all unused ports should be configured as untrusted ports

D. DHCP snooping is enabled by configuring Cisco AutoSecure

E. DHCP snooping can mitigate DHCP spoofing attacks

Attacks may take a variety of forms. Which of the following describes the Enumeration and fingerprinting as a threat category?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

Which option is the term for what happens when computer code is developed to take advantage of a vulnerability? For example, suppose that a vulnerability exists in a piece of software, but nobody knows about this vulnerability.

A. a vulnerability

B. a risk

C. an exploit

D. an attack

Which statement is true regarding zone based firewalls in which traffic passes between zones?

A. Default policy is to allow all

B. Dependent on ACLs

C. They are not compatible with the Cisco Common Classification Policy Language

D. Default policy is to deny all

Which actions belong to the operations and maintenance phase of the secure network life cycle? (Choose two)

A. Configuration management and control

B. Continuous monitoring

C. Cost considerations and reporting

D. System integration

E. Security accreditation

F. Hardware and software disposal

What is defined as a collection of networks, reachable by specific interfaces on the router?

A. Zone

B. Subnet

C. Demilitarized zone

D. Virtual LAN

Which statements about routing update authentication are true? (Choose two)

A. EIGRP supports both plain text and MD5 authentication

B. OSPF supports both plain text and MD5 authentication

C. It can help prevent rouge default gateways from entering your network

D. When MD5 authentication is used, the authentication key is encrypted before being transmitted.

You need to implement port security on an access switch. Each switch port must be able to dynamically learn the MAC addresses of the connected devices. If an unauthorized device is detected on an interface, that interface should be placed into an err-disabled state. Which commands should you enter? (Choose two)

A. switchport port-security violation protect
switchport port-security mac-address sticky

B. switchport port-security violation shutdown
switchport port-security mac-address sticky

C. switchport port-security maximum 1
switchport port-security mac-address sticky

D. switchport port-security violation restrict
switchport port-security mac-address sticky

Which of the actions are possible using Cisco Configuration Professional Express?

A. NAT, QoS, and NAC configurations

B. One-click router lockdown

C. Command line interface

D. WAN and VPN connectivity troubleshooting

Threats to network security have become more sophisticated over the years. Identify the next generation threats facing organizations today. (Choose four)

A. Cognitive threats via social networks

B. PDA and consumer electronics exploits

C. Widespread website compromises

D. Disruption of critical infrastructure

E. Massive worm drives

F. Macro viruses

A technician is setting up a SOHO for a client. The client will be using a VPN to connect to their office. Which routers are recommended for this topology? (Choose two)

A. Cisco 2900 Series

B. Cisco 90 Series

C. Cisco 1900 Series

D. Cisco 800 Series

Which of the following are Symmetric encryption algorithms? (Choose three)

A. 3DES

B. IDEA

C. SHA-2

D. AES

E. RSA

F. ECDSA

Which statements describe the functions of the Security Audit feature? (Choose four)

A. Sends alerts when changes to the device's configuration would cause a security concern

B. Checks a routers running configuration against a list of predefined security configuration settings

C. Lists identified problems and provides recommendations for fixing them

D. Automatically performs a one-step lockdown after the audit is complete

E. Allows the user to choose which identified problems to fix and displays appropriate user interface for fixing them

F. Configures the router with the user's chosen security configuration

Which of the following control plane security features allows users to configure a QoS filter to restrict the flow of control plane packets?

A. Control Plane Policing – CoPP

B. Control Plane Protection – CPP

C. Control Plane Logging

Which two statements are true regarding zones? (Choose two)

A. A collection of networks reachable over a specific set of router interfaces

B. Zones are grouped into source/destination pairs

C. Zones are grouped into source/source pairs

D. A collection of networks reachable over all router interfaces

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?

Why?

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?