CCNA Security Practice Test

Which are ways to combat social based attacks? (Choose two)

A. Mantrap

B. Identity validation

C. Training

D. Network access policies

What is defined as a collection of networks, reachable by specific interfaces on the router?

A. Zone

B. Subnet

C. Demilitarized zone

D. Virtual LAN

Which of the following actions belong to the Disposition phase of the secure network life cycle? (Choose two)

A. Security categorization

B. Preliminary risk assessment

C. Configuration management and control

D. Continuous monitoring

E. Information preservation

F. Media sanitization

Which three options are areas of router security? (Choose three)

A. physical security

B. access control list security

C. zone-based firewall security

D. operating system security

E. router hardening

F. Cisco IOS-IPS security

Which statements about routing update authentication are true? (Choose two)

A. EIGRP supports both plain text and MD5 authentication

B. OSPF supports both plain text and MD5 authentication

C. It can help prevent rouge default gateways from entering your network

D. When MD5 authentication is used, the authentication key is encrypted before being transmitted.

What are requirements when integrating Cisco ISE and Active Directory? (Choose two)

A. Create identity rewrite rules

B. Configure authentication domains

C. Configure NTP to synchronize between Cisco ISE and Active Directory

D. Cisco ISE must be able to access a global catalog server

E. Create a scope through Cisco ISE

Which recommendations follow defense-in-depth principles? (Choose two)

A. Defend in one place

B. Build one layer of defense

C. Employ robust key management

D. Deploy IPS

Which of the following describes the Script kiddies as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

Which of the following describes the Phreakers as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

You are reviewing syslog messages from multiple routers in your network. You have noticed irregularities with multiple syslog message timestamps for each router. Which technology can you configure to resolve this?

A. ASDM

B. SNMP

C. NTP

D. RADIUS

You need to ensure that CDP is only enabled on interfaces that are connected to a trusted network. CDP must be disabled on all other interfaces. What should you do?

A. Run the no cdp run command

B. Run the no cdp enable command

C. Deploy Cisco AutoSecure in noninteractive mode

D. Deploy Cisco AutoSecure in interactive mode

You have noticed several workstations have been configured with an incorrect default gateway. Which type of attack is likely occurring?

A. STP attack

B. CAM table overflow attack

C. Switch spoofing

D. DHCP spoofing

You need to implement port security on an access switch. Each switch port must be able to dynamically learn the MAC addresses of the connected devices. If an unauthorized device is detected on an interface, that interface should be placed into an err-disabled state. Which commands should you enter? (Choose two)

A. switchport port-security violation protect
switchport port-security mac-address sticky

B. switchport port-security violation shutdown
switchport port-security mac-address sticky

C. switchport port-security maximum 1
switchport port-security mac-address sticky

D. switchport port-security violation restrict
switchport port-security mac-address sticky

Which of the following examples of security controls matches the Physical category of security controls? (Choose two)

A. Security awareness training

B. Background checks of employees and contractors

C. Firewalls

D. Positive air flow systems

E. Fire suppression systems

What are the steps associated with the Containment, eradication, and recovery incident response phase? (Choose three)

A. Define the tools to identify the attacker and the time required to use them

B. Define methods for collecting and using data

C. Identify the steps to eradicate or mitigate the threat and vulnerabilities

D. Document the symptoms of the attack

E. Define the steps to recover operating systems, hardware components, and productive time

F. Define the options for pursuing an attacker

Which Cisco Borderless Networks Security Architecture specifically protects end devices from malware?

A. Borderless end zone

B. Borderless data center

C. Policy management layer

D. Borderless Internet

In an attempt to lower the number of malware outbreaks, a company creates an e-mail filter that blocks all e-mail with attachments. Which strategy are they attempting to use?

A. Risk avoidance

B. Risk acceptance

C. Risk transference

D. Risk reduction

Which statements describe in-band management? (Choose two)

A. Management data traffic and production traffic are on the same path

B. This model is generally best suited for large-scale enterprise networks

C. Management data traffic and production traffic are on separate paths

D. IPsec tunnels or encryption should be utilized whenever possible

Attacks may take a variety of forms. Which of the following describes the Phishing, pharming, and identify theft?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

Why would an organization choose to implement a stateful packet inspection?

A. Support user authentication for connections

B. For use with all transport protocols

C. Improves routing performance

D. Protection against upper layer attacks

Which of the following describes the Hacktivists as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

Which ESA listener would need to be configured to accept mail from a POP/IMAP system?

A. Public

B. Private

C. External

D. Internal

Which IDS sensor action will send an ARC response to completely block the attacker's IP address?

A. Deny attacker inline

B. Reset TCP connection

C. Request block host

D. Deny packet inline

Which of the following methods describes Man-in-the-middle attack? (Choose two)

A. ARP spoofing

B. DHCP spoofing

C. STP attack

D. CAM table overflow

E. CDP reconnaissance

Which traffic properties can be configured to bypass content scanning? (Choose two)

A. License key

B. HTTP-based header fields

C. Port number

D. IP address

A company opens a new mid-sized branch office. Which Cisco ESA models would ideally be deployed to this office? (Choose three)

A. C670

B. X1070

C. C170

D. C380

E. C370

F. C680

Which NAT solution uses ACLs to perform address translation?

A. Static NAT

B. Dynamic PAT

C. Dynamic NAT

D. Policy NAT

Which option is the term for a weakness in a system or its design that can be exploited by a threat?

A. a vulnerability

B. a risk

C. an exploit

D. an attack

Which actions can you take on a router to secure NTP in your network? (Choose two)

A. Run the ntp refclock command

B. Run the ntp authenticate command

C. Run the ntp access-group command

D. Run the ntp max-associations command

Threats to network security have become more sophisticated over the years. Identify the next generation threats facing organizations today. (Choose four)

A. Cognitive threats via social networks

B. PDA and consumer electronics exploits

C. Widespread website compromises

D. Disruption of critical infrastructure

E. Massive worm drives

F. Macro viruses

Which statement is true regarding zone based firewalls in which traffic passes between zones?

A. Default policy is to allow all

B. Dependent on ACLs

C. They are not compatible with the Cisco Common Classification Policy Language

D. Default policy is to deny all

Which statement about IPS deployments is true?

A. IPS deployments operate in promiscuous mode

B. IPS deployments generally utilize SPAN ports

C. IPS deployments are generally placed in front of a perimeter firewall

D. IPS deployments operate in inline mode

Which tasks could you perform by deploying a third party MDM solution with Cisco ISE? (Choose two)

A. Require mobile devices to have pin locks configured before being allowed to access a wireless endpoint

B. Require that remote computers have up-to-date antivirus definitions before allowing VPN connections

C. Provide a self-service portal which users can use to manage their mobile device status

D. Provide web proxy services for network devices

Which statements describe the functions of the Security Audit feature? (Choose four)

A. Sends alerts when changes to the device's configuration would cause a security concern

B. Checks a routers running configuration against a list of predefined security configuration settings

C. Lists identified problems and provides recommendations for fixing them

D. Automatically performs a one-step lockdown after the audit is complete

E. Allows the user to choose which identified problems to fix and displays appropriate user interface for fixing them

F. Configures the router with the user's chosen security configuration

Select the statements that define the unique components of Cisco Configuration Professional used for security policy deployment. (Choose three)

A. Cisco AutoSecure configures security-related features of the router based on a set of Cisco defaults

B. Communities can be used to group devices based on shared components

C. Templates parameterize configuration files to apply same configuration to multiple devices

D. User profiles are GUI views that allow RBAC

E. Cisco NFP can be used to provide infrastructure protection

How is called the total amount of time the system owner will accept for a business process outage?

A. Recovery Point Objective

B. Recovery Time Objective

C. Maximum Tolerable Downtime

Which options are examples of data loss prevention solutions? (Choose two)

A. Cisco Configuration Professional

B. Cisco ScanSafe Web Security

C. Cisco IronPort Email Security

D. Cisco ASA

Which option is a key principle of the Cisco Self-Defending Network strategy?

A. Security is static and should prevent most known attacks on the network.

B. The self-defending network should be the key point of your security policy.

C. Integrate security throughout the existing infrastructure.

D. Upper management is ultimately responsible for policy implementation.

Cisco SecureX is an access control strategy that allows for more effective, higher-level policy creation and enforcement for mobile users. Which of the following describes the Cisco TrustSec function component?

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

Which technologies can perform RADIUS and TACACS+ authentication? (Choose two)

A. ISE

B. ASDM

C. ACS

D. ASA

Which actions belong to the operations and maintenance phase of the secure network life cycle? (Choose two)

A. Configuration management and control

B. Continuous monitoring

C. Cost considerations and reporting

D. System integration

E. Security accreditation

F. Hardware and software disposal

What are reasons that prevent the use of SEAL? (Choose two)

A. Slower that AES

B. Software based IPsec

C. Supported devices

D. K8 subsystem

Which statement is true when configuring access control lists (ACLs) on a Cisco router?

A. ACLs filter all traffic through and sourced from the router.

B. Apply the ACL to the interface prior to configuring access control entries to ensure that controls are applied immediately upon configuration.

C. An "implicit deny" is applied to the start of the ACL entry by default.

D. Only one ACL per protocol, per direction, and per interface is allowed.

Which option is true of using cryptographic hashes?

A. They are easily reversed to decipher the message context.

B. They convert arbitrary data into a fixed-length digest.

C. They are based on a two-way mathematical function.

D. They are used for encrypting bulk data communications.

Which statement is true about application layer firewalls?

A. Authenticate devices, not users

B. Authenticate individuals, not devices

C. Logging provides minimal details

D. Recommended for the monitoring of several applications simultaneously

Which features can you enable to mitigate STP attacks? (Choose two)

A. Root guard

B. IP source guard

C. BPDU guard

D. DAI

Which of the following describes the function of Cisco ISR?

A. Includes a firewall and real-time threat defense capability

B. Uses hardware- and software-integrated security functions to provide a zone-based policy firewall and intrusion prevention

C. Uses sensors to accomplish intrusion prevention

D. Provides an on-premise solution to prevent data loss

E. Analyzes web requests to determine if the content is malicious or inappropriate based on the defined security policy

A private contractor for the military is archiving medical records. Which classification level should be applied to these?

A. Secret

B. Unclassified

C. Top Secret

D. Sensitive

Attacks may take a variety of forms. Which of the following describes the Blended threats as a threat category?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

Cisco SecureX is an access control strategy that allows for more effective, higher-level policy creation and enforcement for mobile users. Which of the following describes the Cisco SIO component?

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

Which three of these options are some of the best practices when you implement an effective firewall security policy? (Choose three)

A. Position firewalls at strategic inside locations to help mitigate inside nontechnical attacks.

B. Configure logging to capture all events for forensic purposes.

C. Use firewalls as a primary security defense; other security measures and devices should be implemented to enhance your network security.

D. Position firewalls at key security boundaries.

E. Deny all traffic by default and permit only necessary services.

Which option correctly defines asymmetric encryption?

A. uses the same keys to encrypt and decrypt data

B. uses MD5 hashing algorithms for digital signage encryption

C. uses different keys to encrypt and decrypt data

D. uses SHA-1 hashing algorithms for digital signage encryption

Which of the options are primary reasons for an attacker to perform an IP spoofing attack? (Choose two)

A. Divert traffic streams

B. Gain root access to a system

C. Corrupt transmitted data

D. Logging information

Which types of attacks can be mitigated by implementing port security? (Choose two)

A. CAM table overflow

B. Port scanning

C. DHCP spoofing

D. MAC address spoofing

E. ARP spoofing

F. VLAN hopping

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?

Why?

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?