Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
network def 1-6
| Question | Answer |
|---|---|
| Which device is usually the first line of defense in a layered defense-in-depth approach? Group of answer choices edge router internal router firewall access layer switch | edge router |
| Which tool can be used to gather information about the different types of traffic that exist in a network? Group of answer choices RTP application server protocol analyzer QoS | protocol analyzer |
| An administrator discovers that a user is accessing a newly established website that may be detrimental to company security. What action should the administrator take first in terms of the security policy | Revise the AUP immediately and get all users to sign the updated AUP. |
| Which section of a security policy is used to specify that only authorized individuals should have access to enterprise data? acceptable use policy statement of scope statement of authority identification and authentication policy | identification and authentication policy |
| With the evolution of borderless networks, which vegetable is now used to describe a defense-in-depth approach? Group of answer choices artichoke lettuce cabbage onion | artichoke |
| What is the benefit of a defense-in-depth approach? All network vulnerabilities are mitigated. The effectiveness of other security measures is not impacted when a security mechanism fails. The need for firewalls is eliminated. | The effectiveness of other security measures is not impacted when a security mechanism fails. |
| What component of a security policy explicitly defines the type of traffic allowed on a network and what users are allowed and not allowed to do? remote access policies acceptable use policies identification and authentication policies | acceptable use policies |
| device in a layered defense-in-depth approach denies connections initiated from untrusted networks to internal networks, but allows internal users within an organization to connect to untrusted networks? access layer switch firewall IPS | firewall |
| What three goals does a BYOD security policy accomplish? (Choose three.) | identify safeguards to put in place if a device is compromised describe the rights to access and activities permitted to security personnel on the device identify which employees can bring their own devices |
| In a defense-in-depth approach, which three options must be identified to effectively defend a network against attacks? (Choose three.) | vulnerabilities in the system assets that need protection threats to assets |
| f2 | f2 |
| An administrator of a small data center wants a flexible, secure method of remotely connecting to servers.Which protocol would be best to use? Group of answer choices Secure Copy Telnet Secure Shell Remote Desktop | Secure Shell |
| Why is WPA2 better than WPA? Group of answer choices mandatory use of AES algorithms reduced keyspace supports TKIP reduced processing time | mandatory use of AES algorithms |
| Which service will resolve a specific web address into an IP address of the destination web server? Group of answer choices NTP ICMP DNS DHCP | DNS |
| What is the purpose of a DMZ? Group of answer choices | It allows external hosts to access specific company servers while maintaining the security restrictions for the internal network. |
| A user has created a new program and wants to distribute it to everyone in the company. The user wants to ensure that when the program is downloaded that the program is not changed while in transit. | Create a hash of the program file that can be used to verify the integrity of the file after it is downloaded. |
| Mutual authentication can prevent which type of attack? Group of answer choices wireless poisoning man-in-the-middle wireless IP spoofing wireless sniffing | man-in-the-middle |
| What two steps should be taken before connecting any IoT device to a home or business network? | Update the device firmware with all relevant security patches. Change all default administrator credentials. |
| A user was hired by a company to provide a highly available network infrastructure. The user wants to build redundancy into the network in case of a switch failure, but wants to prevent Layer 2 looping. What would the user implement in the network? | Spanning Tree Protocol |
| Which utility uses the Internet Control Messaging Protocol (ICMP)? | ping |
| routine audit of the server hardware in the company data center. Several servers are using single drives to host operating systems and multiple types of attached storage solutions for storing data. FAULT TOLERANCE HOW | RAID |
| A company wants to implement biometric access to its data center. The company is concerned with people being able to circumvent the system by being falsely accepted as legitimate users. What type of error is false acceptance | TYPE II |
| Which technology can be used to protect VoIP against eavesdropping? | encrypted voice messages |
| F3 | F3 |
| Which three processes are examples of logical access controls? (Choose three. | firewalls to monitor traffic intrusion detection system (IDS) to watch for suspicious network activity biometrics to validate physical characteristics |
| What is the purpose of the network security accounting function? | to keep track of the actions of a user |
| Which component is a pillar of the zero trust security approach that focuses on the secure access of devices, such as servers, printers, and other endpoints, including devices attached to IoT? workforce workflows workplace workloads | workplace |
| A user has been asked to implement IPsec for inbound external connections. The user plans to use SHA-1 as part of the implementation. The user wants to ensure the integrity and authenticity of the connection. What security tool can the user use? | HMAC |
| Which type of access control applies the strictest access control and is commonly used in military or mission critical applications? Non-discretionary access control mandatory access control (MAC) attribute-based access control (ABAC) | mandatory access control (MAC) |
| Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this? Group of answer choices auditing accessibility authorization authentication | authorization |
| Which AAA component can be established using token cards? Group of answer choices auditing authorization accounting authentication | authentication |
| An organization plans to implement security training to educate employees about security policies. What type of access control is the organization trying to implement? | administrative |
| Which access control model assigns security privileges based on the position, responsibilities, or job classification of an individual or group within an organization? Group of answer choices discretionary mandatory role-based rule-based | role-based |
| What is used to scan a BYOD device to verify that it is compliant with company security policies before the device is permitted to access the network? Group of answer choices proxy server NAC ACL reconnaissance | NAC |
| What Windows utility should be used to configure password rules and account lockout policies on a system that is not part of a domain Local Security Policy tool Computer Management Active Directory Security tool Event Viewer security log | Local Security Policy tool |
| After a security audit for an organization, multiple accounts were found to have privileged access to systems and devices. Which three best practices for securing privileged accounts should be included in the audit report? (Choose three.) | Enforce the principle of least privilege. Secure password storage. Reduce the number of privileged accounts. |
| When a security audit is performed at a company, the auditor reports that new users have access to network resources beyond their normal job roles. Additionally, users who move to different positions retain their prior permissions. WHAT VIOLATION | least privilege |
| f5 | f5 |
| Which three layers of the OSI model include information that is commonly inspected by a stateful firewall? (Choose three.) Group of answer choices Layer 3 Layer 7 Layer 5 Layer 4 Layer 1 Layer 2 | 3 4 5 |
| Which two protocols are stateless and do not generate connection information needed to build a state table? (Choose two.) Group of answer choices UDP ICMP FTP HTTP | UDP ICMP |
| Which type of firewall is supported by most routers and is the easiest to implement? Group of answer choices stateful firewall next generation firewall application gateway firewall packet filtering firewall | packet filtering firewall |
| How does a firewall handle traffic that is originating from the DMZ network and traveling to a private network? | Traffic is usually blocked when it is originating from the DMZ network and traveling to a private network. |
| 12. When implementing a ZPF, which statement describes a zone? | A zone is a group of one or more interfaces that have similar functions or features. |
| What are two characteristics of an application gateway firewall? (Choose two.) | Analyzes traffic at Layers 3, 4, 5 and 7 of the OSI model. Performs most filtering and firewall control in software. |
| Which statement is a characteristic of a packet filtering firewall? Group of answer choices They are susceptible to IP spoofing. They filter fragmented packets. They examine each packet in the context of the state of a connection. | They are susceptible to IP spoofing. |
| What is one benefit of using a next-generation firewall rather than a stateful firewall? support of TCP-based packet filtering support of logging integrated use of an intrusion prevention system (IPS) | integrated use of an intrusion prevention system (IPS) |
| Which type of firewall is commonly part of a router firewall and allows or blocks traffic based on Layer 3 or 4 information? Group of answer choices proxy firewall stateful firewall packet filtering firewall next generation firewall | packet filtering firewall |
| Which type of firewall generally has a low impact on network performance? Group of answer choices application gateway firewall next generation firewall stateful firewall stateless firewall | stateless firewall |
| What are two benefits of implementing a firewall in a network? A firewall will reduce security management complexity. A firewall will sanitize protocol flow. A firewall will provide accessibility of applications and sensitive resources. | A firewall will reduce security management complexity. A firewall will sanitize protocol flow. |
| Which type of traffic is usually blocked when implementing a demilitarized zone? | traffic originating from the DMZ network and traveling to the private network |
| f6 | f6 |
| Designing a ZPF requires several steps. Which step involves defining boundaries where traffic is subjected to policy restrictions as it crosses to another region of the network | determine the zones |
| Which statement describes a factor to be considered when configuring a zone-based policy firewall? | A zone must be configured with the zone security global command before it can be used in the zone-member security command. |
| When a Cisco IOS zone-based policy firewall is being configured, which two actions can be applied to a traffic class? (Choose two.) | drop inspect |
| Which three statements describe zone-based policy firewall rules that govern interface behavior and the traffic moving between zone member interfaces? (Choose three.) | If traffic is to flow between all interfaces in a router, each interface must be a member of a zone. Pass, inspect, and drop options can only be applied between two zones. |
| To permit traffic to and from a zone member interface, a policy allowing or inspecting traffic must be configured between that zone and any other zone. | |
| In what step of zone-based policy firewall configuration is traffic identified for policy application? Group of answer choices creating policy maps configuring class maps defining zones assigning policy maps to zones | configuring class maps |
| When configuring a class map for a zone-based policy firewall, how is the match criteria applied when using the match-all parameter? | Traffic must match all of the match criteria specified in the statement. |
| How does ZPF handle traffic between an interface that is a zone member and another interface that does not belong to any zone? Group of answer choices pass allow drop inspect | drop |
| Which statement describes one of the rules that govern interface behavior in the context of implementing a zone-based policy firewall configuration? | By default, traffic is allowed to flow among interfaces that are members of the same zone. |
| Which statement accurately describes Cisco IOS zone-based policy firewall operation? | The pass action works in only one direction. |
| Which statement describes a feature of a zone-based policy firewall? | It does not depend on ACLs. |
| Which statement describes a zone when implementing ZPF on a Cisco router? | A zone establishes a security border of a network. |
| In ZPF design, what is described as the self zone? | the router itself, including all interfaces with assigned IP addresses |
Created by:
f3xo