Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
CCNA Sec V2
| Question | Answer |
|---|---|
| 1. What are the basic phases of attack that can be used by a virus or worm in sequential order? | probe, penetrate, persist, propagate, and paralyze |
| Which two are characteristics of DoS attacks? (Choose | They attempt to compromise the availability of a network, host, or application.* Examples include smurf attacks and ping of death attacks.* |
| Users report to the helpdesk that icons usually seen on the menu bar are randomly appearing on their computer screens. What could be a reason that computers are displaying these random graphics? | A virus has infected the computers.* |
| What are three types of access attacks? (Choose three.) | buffer overflow* port redirection* trust exploitation* |
| 5. What occurs during a spoofing attack? | One device falsifies data to gain access to privileged information.* |
| What is a characteristic of a Trojan Horse? | A Trojan Horse can be carried in a virus or worm.* |
| Which phase of worm mitigation requires compartmentalization and segmentation of the network to slow down or stop the worm and prevent currently infected hosts from targeting and infecting other systems? | containment phase* |
| Which two statements are characteristics of a virus? (Choose two.) | A virus typically requires end-user activation.* A virus can be dormant and then activate at a specific time or date.* |
| What is a ping sweep? | A ping sweep is a network scanning technique that indicates the live hosts in a range of IP addresses.* |
| Which type of security threat can be described as software that attaches to another program to execute a specific unwanted function? | virus* |
| A disgruntled employee is using Wireshark to discover administrative Telnet usernames and passwords. What type of network attack does this describe? | reconnaissance* |
| What occurs during the persist phase of a worm attack? | modification of system files and registry settings to ensure that the attack code is running* |
| What are the three major components of a worm attack? (Choose three.) | enabling vulnerability* payload* propagation mechanism* |
| A network administrator detects unknown sessions involving port 21 on the network. What could be causing this security breach? | An FTP Trojan Horse is executing.* |
| What are three goals of a port scan attack? (Choose three.) | determine potential vulnerabilities* identify active services* identify operating systems* |
| How is a Smurf attack conducted? | by sending a large number of ICMP requests to directed broadcast addresses from a spoofed source address on the same network* |
| Which access attack method involves a software program attempting to discover a system password by using an electronic dictionary? | brute-force attack* |
| Which two network security solutions can be used to mitigate DoS attacks? (Choose two.) | anti-spoofing technologies* intrusion protection systems* |
| Which phase of worm mitigation involves terminating the worm process, removing modified files or system settings that the worm introduced, and patching the vulnerability that the worm used to exploit the system? | treatment* |
| Which characteristic best describes the network security Compliance domain as specified by the ISO/IEC? | the process of ensuring conformance with security information policies, standards, and regulations* |
| Which statement describes phone freaking? | A hacker mimics a tone using a whistle to make free long-distance calls on an analog telephone network.* |
| Which two statements describe access attacks? (Choose two.) | Password attacks can be implemented using brute-force attack methods, Trojan Horses, or packet sniffers.* Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or exploit systems to execute malicious code.* |
| Which statement accurately characterizes the evolution of network security? | Internal threats can cause even greater damage than external threats.* |
| Which three options describe the phases of worm mitigation? (Choose three.) | The containment phase requires the use of incoming and outgoing ACLs on routers and firewalls.* The inoculation phase patches uninfected systems with the appropriate vendor patch for the vulnerability.* The treatment phase disinfe |
| An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this? | man in the middle* |
| What is considered a valid method of securing the control plane in the Cisco NFP framework? | routing protocol authentication* |
| A port scan is classified as what type of attack? | reconnaissance attack* |
| Which type of software typically uses a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN? | packet sniffer* |
| What are two reasons for securing the data plane in the Cisco NFP framework? (Choose two.) | to protect against DoS attacks* to provide bandwidth control* |
| What are the three components of information security? (Choose three.) | availability* confidentiality* integrity* |
| . Which domain of network security would contain a document that specifies the level of access that college staff have to the student records server? | security policy* |
| Which security organization would most likely coordinate communication between security experts in various US agencies when a security attack has been launched? | CERT* |
| How would limiting the type and number of input characters on a web page help with network security? | It deters hacking.* |
| What is a characteristic of a Trojan horse as it relates to network security? | Malware is contained in a seemingly legitimate executable program.* |
| What causes a buffer overflow? | What causes a buffer overflow? |
| Refer to the exhibit. What two pieces of information can be gathered from the generated message? (Choose two. ) | This message is a level five notification message.* This message indicates that service timestamps have been globally enabled.* |
| By default, how many seconds of delay between virtual login attempts is invoked when the login block-for command is configured? | one* |
| Routers R1 and R2 are connected via a serial link. One router is configured as the NTP master, and the other is an NTP client. Which two pieces of information can be obtained from the partial output of the show ntp associations detail command on R2? | Router R1 is the master, and R2 is the client.* The IP address of R2 is 192. 168. 1. 2.* |
| . What are two characteristics of the SDM Security Audit wizard? (Choose two. ) | It displays a screen with Fix-it check boxes to let you choose which potential security-related configuration changes to implement.* |
| . What are two characteristics of the SDM Security Audit wizard? (Choose two. ) | It requires users to first identify which router interfaces connect to the inside network and which connect to the outside network.* |
| If AAA is already enabled, which three CLI steps are required to configure a router with a specific view? (Choose three. ) | assign a secret password to the view* assign commands to the view* create a view using the parser viewview-name command* |
| Refer to the exhibit. Which statement regarding the JR-Admin account is true? | JR-Admin can issue ping and reload commands.* |
| Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode? | Locate the router in a secure locked room that is accessible only to authorized personnel.* |
| Which three options can be configured by Cisco AutoSecure? (Choose three.) | CBAC* security banner* enable secret password* |
| Refer to the exhibit. Based on the output of the show running-config command, which type of view is SUPPORT? | superview, containing SHOWVIEW and VERIFYVIEW views* |
| Which three services on a router does Cisco SDM One-Step Lockdown enable? (Choose three. ) | SSH access to the router* password encryption service* firewall on all outside interfaces* |
| An administrator defined a local user account with a secret password on router R1 for use with SSH. Which three additional steps are required to configure R1 to accept only encrypted SSH connections? (Choose three. ) | configure the IP domain name on the router* generate the SSH keys* enable inbound vty SSH sessions* |
| Which statement describes the operation of the Cisco SDM Security Audit wizard? | The wizard compares a router configuration against recommended settings.* |
| An administrator needs to create a user account with custom access to most privileged EXEC commands. Which privilege command is used to create this custom account? | privilege exec level 2* |
| Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.) | physical security* operating system security* router hardening* |
| Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack? | CDP* |
| Which two operations are required to implement Cisco SDM One-Step Lockdown? (Choose two. ) | Choose the One-Step Lockdown feature.* Deliver the configuration changes to the router.* |
| Which statement matches the CLI commands to the SDM wizard that performs similar configuration functions? | auto secure privileged EXEC command and the SDM One-Step Lockdown wizard* |
| Refer to the exhibit. What is the significance of secret 5 in the generated output? | The ADMIN password is hashed using MD5.* |
| Which three commands are required to restore a primary bootset from a secure archive on a router on which Cisco IOS resilience is enabled? (Choose three. ) | Restart the router in ROM monitor mode and display the secure bootset Cisco IOS image name using the dir command.* Boot the secure bootset Cisco IOS image using the boot command with the filename.* |
| . Which set of commands are required to create a username of admin, hash the password using MD5, and force the router to access the internal username database when a user attempts to access the console? | R1(config)# username admin secret Admin01pa55 R1(config)# line con 0 R1(config-line)# login local*********** |
| Refer to the exhibit. Which two statements describe the current SDM logging setup? (Choose two. ) | All messages with a trap level of 4 and lower (more critical) will be logged.* The syslog server IP address is 192. 168. 1. 3.* |
| What are two characteristics of SNMP community strings? (Choose two. ) | SNMP read-only community strings can be used to get information from an SNMP-enabled device.* SNMP read-write community strings can be used to set information on an SNMP-enabled device.* |
| What is the minimum recommended modulus key length for keys generated to use with SSH? | 1024* |
| Which two characteristics apply to Role-Based CLI Access superviews? (Choose two. ) | Users logged in to a superview can access all commands specified within the associated CLI views.* . Commands cannot be configured for a specific superview.* |
| Refer to the exhibit. What two facts can be determined from the output? (Choose two.) | The Cisco IOS image and configuration files have been properly secured.* The Cisco IOS Resilient Configuration feature is enabled.* |
| What are three requirements that must be met if an administrator wants to maintain device configurations via secure in-band management? (Choose three. ) | network devices configured to accommodate SSH* encryption of all remote access management traffic* connection to network devices through a production network or the Internet* |
| Why is the usernamenamesecretpassword command preferred over the usernamenamepasswordpassword command? | It uses the MD5 algorithm for encrypting passwords.* |
| Which two statements describe the initial deployed services of Cisco routers and recommended security configuration changes? (Choose two.) | ICMP unreachable notifications are enabled by default but should be disabled on untrusted interfaces.* TCP keepalives are disabled by default but should be enabled globally to prevent certain DoS attacks.* |
| Which command is used to verify the existence of a secure Cisco IOS image file? | show secure bootset* |
| Which three types of views are available when configuring the Role-Based CLI Access feature? (Choose three.) | root view* superview* CLI view* |
| Why is the username name secret password command preferred over the username name password password command? | It uses the MD5 algorithm for encrypting passwords.* |
| Which statement describes the operation of the CCP Security Audit wizard? | The wizard compares a router configuration against recommended settings.* |
| Which three services does CCP One-Step Lockdown enable? (Choose three.) | SSH access to the router* password encryption* firewall on all outside interfaces* |
| Refer to the exhibit. Which three things occur if a user attempts to log in four times within 10 seconds and uses an incorrect password? (Choose three). | Subsequent virtual login attempts from the user are blocked for 60 seconds.* A message is generated that indicates the username and source IP address of the user.* During the quiet mode, an administrator can log in from host 172.16.1.2.* |
| Which three options can be configured by Cisco AutoSecure? (Choose three.) | BAC* Security banner* Enable secret password* |
| Which statement describes the CCP Security Audit wizard? | The wizard is based on the Cisco IOS AutoSecure feature.* |
| What command must be issued on a Cisco router that will serve as an authoritative NTP server? | Ntp master 1* |
| Why is local database authentication preferred over a password-only login? | It provides for authentication and accountability.* |
| Which authentication method stores usernames and passwords in the router and is ideal for small networks? | local AAA* |
| In regards to Cisco Secure ACS, what is a client device? | a router, switch, firewall, or VPN concentrator* |
| When configuring a Cisco Secure ACS, how is the configuration interface accessed? | A Web browser is used to configure a Cisco Secure ACS.* |
| What is a difference between using the login local command and using local AAA authentication for authenticating administrator access? | Local AAA provides a way to configure backup methods of authentication; login local does not.* |
| Due to implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this? | authorization* |
| Which two AAA access method statements are true? (Choose two.) | Character mode provides users with administrative privilege EXEC access and requires use of the console, vty, or tty ports.* Packet mode provides remote users with access to network resources and requires use of dialup or VPN.* |
| 8. What is a characteristic of TACACS+? | TACACS+ provides authorization of router commands on a per-user or per-group basis.* |
| . Refer to the exhibit. Router R1 is configured as shown. An administrative user attempts to use Telnet from router R2 to router R1 using the interface IP address 10.10.10.1. However, Telnet access is denied. Which option corrects this problem? | The administrative user should use the username Admin and password Str0ngPa55w0rd.* |
| efer to the exhibit. In the network shown, which AAA command logs the use of EXEC session commands? | aaa accounting exec start-stop group tacacs+* |
| When configuring a method list for AAA authentication, what is the effect of the keyword local? | It accepts a locally configured username, regardless of case.* |
| What is the result if an administrator configures the aaa authorization command prior to creating a user with full access rights? | The administrator is immediately locked out of the system.* |
| Which statement identifies an important difference between TACACS+ and RADIUS? | The TACACS+ protocol allows for separation of authentication from authorization.* |
| Which two statements describe Cisco Secure ACS? (Choose two.) | Cisco Secure ACS supports LDAP.* Cisco Secure ACS supports both TACACS+ and RADIUS protocols.* |
| How does a Cisco Secure ACS improve performance of the TACACS+ authorization process? | reduces delays in the authorization queries by using persistent TCP sessions* |
| How does a Cisco Secure ACS improve performance of the TACACS+ authorization process? | reduces delays in the authorization queries by using persistent TCP sessions* |
| What is an effect if AAA authorization on a device is not configured? | Authenticated users are granted full access rights.* |
| Refer to the exhibit. Router R1 has been configured as shown, with the resulting log message. On the basis of the information presented, which two AAA authentication statements are true? (Choose two.) | The locked-out user failed authentication.* The locked-out user stays locked out until the clear aaa local user lockout username Admin command is issued.* |
| Which technology provides the framework to enable scalable access security? | authentication, authorization, and accounting* |
| Which two modes are supported by AAA to authenticate users for accessing the network and devices? (Choose two.) | character mode* packet mode* |
| Which two features are included by both TACACS+ and RADIUS protocols? (Choose two.) | password encryption* utilization of transport layer protocols* |
| After accounting is enabled on an IOS device, how is a default accounting method list applied? | The default accounting method list is automatically applied to all interfaces, except those with named accounting method lists.* |
| A company is deploying user device access control through a NAC appliance as part of the Cisco TrustSec solution. Which device is needed to serve as the central management for the access control? | Cisco NAC Manager* |
| A global company is deploying Cisco Secure ACS to manage user access to its headquarters campus. The network administrator configures the ACS to use multiple external databases for users from different geographical regions. The administrator creates user | to accommodate any difference in the authorization process between the ACS and an external database.* |
| Refer to the exhibit. A network administrator configures AAA authentication on R1. When the administrator tests the configuration by telneting to R1 and no ACS servers can be contacted, which password should the administrator use in order to login success | Pa$$w0rD* |
| Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform? | authorization* |
| . Refer to the exhibit. A network administrator configures AAA authentication on R1. Which statement describes the effect of the keyword single-connection in the configuration? | The authentication performance is enhanced by keeping the connection to the TACACS+ server open.* |
| Which Cisco network security tool is a cloud-based service that provides alerts to network professionals about current network attacks? | Security Intelligence Operations |
| The Cisco Network Foundation Protection framework has three functional areas. The data plane of a router is responsible for routing packets correctly. | data |
| What is hyperjacking? | taking over a virtual machine hypervisor as part of a data center attack |
| What is the primary means for mitigating virus and Trojan horse attacks? | antivirus software |
| What type of malware has the primary objective of spreading across the network? | worm |
| How does a DoS attack take advantage of the stateful condition of target systems? | by continuously sending packets of unexpected size or unexpected data |
| What is the meaning of the principle of minimum trust when used to design network security? | Devices in networks should not access and use one another unnecessarily and unconditionally. |
| Which statement describes phone freaking? | A hacker mimics a tone using a whistle to make free long-distance calls on an analog telephone network. |
| Antivirus software can prevent viruses from entering the network. | false |
| Users report to the helpdesk that icons usually seen on the menu bar are randomly appearing on their computer screens. What could be a reason that computers are displaying these random graphics? | A virus has infected the computers. |
| What is a significant characteristic of virus malware? | A virus is triggered by an event on the host system. |
| What are two purposes of launching a reconnaissance attack on a network? (Choose two.) | to scan for accessibility to gather information about the network and devices |
| What functional area of the Cisco Network Foundation Protection framework uses protocols such as Telnet and SSH to manage network devices? | management plane |
| Which security measure is typically found both inside and outside a data center facility? | continuous video surveillance |
| What is a main purpose of launching an access attack on network systems? | to retrieve data |
| Which element of an SNMP implementation can be configured to respond to requests as well as to forward notifications? | SNMP agent |
| A network administrator needs to protect a router against brute force login attempts. What is the correct login-block-for command syntax to disable login for 3 minutes if more than 3 failed attempts are made within a 2 minute period? | login block-for 180 attempts 3 within 120 |
| What three configuration steps must be performed to implement SSH access to a router? (Choose three.) | a user account an IP domain name a unique hostname |
| The is a Layer 2 open standard network discovery protocol. | LLDP |
| Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack? | CDP |
| What tool is available through the Cisco IOS CLI to initiate security audits and to make recommended configuration changes with or without administrator input? | Cisco AutoSecure |
| Which packet type is user-generated and forwarded by a router? | data plane packet |
| Which two options provide secure remote access to a router? (Choose two.) | HTTPS SSH |
| Why is the username name algorithm-type scrypt secret password command preferred over the username name secret password command? | It uses the SCRYPT algorithm for encrypting passwords. |
| What IOS privilege levels are available to assign for custom user-level privileges? | levels 2 through 14 |
| Which two tasks are associated with router hardening? (Choose two.) | securing administrative access disabling unused ports and interfaces |
| Routing protocol can be used to falsify routing information, cause DoS attacks, or cause traffic to be redirected. | spoofing |
| If AAA is already enabled, which three CLI steps are required to configure a router with a specific view? (Choose three.) | Assign a secret password to the view. Assign commands to the view. Create a view using the parser view view-name command. |
| When role-based CLI is used, only the root view has the ability to add or remove commands from existing views. | Root |
| What is the first required task when configuring server-based AAA authentication? | Enable AAA globally. |
| Which task is necessary to encrypt the transfer of data between the ACS server and the AAA-enabled router? | Configure the key exactly the same way on the server and the router. |
| Match each functional component of AAA with its description. (Not all options are used.) | authentication who are u Authorzizatiion What u can do accounting What has happened |
| What is the purpose of the none keyword in an AAA authentication configuration? | It allows users to log into the device without credentials if all other authentication methods fail. |
| When 802.1X port-based authentication is enabled, only eap traffic will be allowed through the switch port that a workstation is connected to until the workstation is authenticated. | EAP |
| What port state is used by 802.1X if a workstation fails authorization? | unauthorized |
| Which statement describes a difference between RADIUS and TACACS+? | RADIUS encrypts only the password whereas TACACS+ encrypts all communication. |
| Cisco is an identity and access control policy​ technology that protects assets such as data applications and mobile devices from unauthorized access. | ISE |
| Refer to the exhibit. What part of the AAA status message helps a network administrator determine which method list is being referenced? | GETUSER |
| What is a drawback of the local database method of securing device access that can be solved by using AAA with centralized servers? | User accounts must be configured locally on each device, which is an unscalable authentication solution. |
| Which statement describes a characteristic of authorization in an AAA solution? | It works similarly to privilege levels and role-based CLI. |
| Refer to the exhibit. What configuration would need to be applied to the vty lines in order to use this AAA policy? | No configuration is necessary. |
| hat is the biggest issue with local implementation of AAA? | Local implementation does not scale well. |
| Refer to the exhibit. Which statement describes the output of the debug? | A user was successfully authenticated. |
| Refer to the exhibit. Router R1 is configured as shown. An administrative user attempts to use Telnet from router R2 to router R1 using the interface IP address 10.10.10.1. However, Telnet access is denied. Which option corrects this problem? | the administrative user should use the username Admin and password Str0ngPa55w0rd. |
Created by:
fluffyhuffy
Popular Engineering sets