CCIE Theory Implement Security
Quiz yourself by thinking what should be in
each of the black spaces below before clicking
on it to display the answer.
Help!
|
|
||||
|---|---|---|---|---|---|
| What is a requirement to enable Cisco IOS IPS with 5.X signature? | Import the public RSA key from the Cisco IPS team that allows the router to verify that a signature update (which was signed by this key) comes from cisco
🗑
|
||||
| Class-map match-all telnet-allowed match input-interface fa0/0 match access-list telnet Class-map telnet-deny match access-list telnet Policy-map telnet class tenet-allowed bandwidth 64 class telnet-deny drop control-plane service-policy input | The user can use Telnet to any interface on the device as long a the input interface for telnet is fastethernet 0/0
🗑
|
||||
| What needs to be enabled for Unicast RPF? | CEF
🗑
|
||||
| Which protocol and port have been assigned by IANA for RADIUS authentication? | UDP/1812
🗑
|
||||
| Which two of these elements need to be configured prior to enabling SSH ? | 1 hostname
2 domain name
🗑
|
||||
| Show control-plane host open-ports Which statement is correct? | NTP is not configured on the router
🗑
|
||||
| Refer to the exhibit: Jun 5 12 :55:44.359: %sec-6-IPACCESSLOGP: list MYACL permitted tcp 192.168.16.1 (38402) - 192.168.16.2 (23), 1 packet [0x723E6E12] Which two statements are correct? | 1 The access list has logging enabled
2 The command ip access-list logging hash-generation is enabled
🗑
|
||||
| Unicast Reverse Path Forwarding can perform all of these actions except which one? | inspect IP packets encapsulated in tunnels, such as GRE
🗑
|
||||
| Which IOS feature is configured by the IP inspect inspection-name {in|out} command? | Cisco IOS firewall
🗑
|
||||
| What is the minimum key size to enable SSHv2? | 768 bits
🗑
|
||||
| What is true about IP Source Guard with port security? | The DHCP server must support option 82, or the client is not assigned an IP address
🗑
|
||||
| Why would a rogue host that is running DHCP server on a campus LAN network present a security risk? | A potential man-in-the-middle attack can be used againt the clients
🗑
|
||||
| Which three statements are true about TACACS+? | 1 It is a Cisco proprietary protocol
2 Authentication and authorization are done at different stages
3 TACACS+ encrypts the entire body of the packet, but leaves a standard TACACS+ header
🗑
|
||||
| You are the network administrator of a small layer2 network with 50 users. Lately, users have been complaining that the network is very slow. While troubleshooting, you notice that the CAM table of your switch is full, Solve and prevent in the future? | Configure port security
🗑
|
||||
| If you have overlapping IP address between two different networks or routing domains, which two commands are needed to globally configure NAT to get this to work? | ip nat outside static x.x.x.x y.y.y.y and ip nat inside static x.x.x.x y.y.y.y
🗑
|
||||
| Which of these statements accurately identifies how Unicast Reverse Path Forwarding can be employed to prevent the use of malformed or forged IP source addresses? | It is applied only on the input interface of a router
🗑
|
||||
| Which two statements are true about the inside Global address in NAT? | 1 an IP address of an inside host as it appears to the outside network
2 If the enterprise is connected to the global Internet, this address can be allocated from a globally unique address space.
🗑
|
||||
| Which two statements are true about Unicast Reverse Path Forwarding Loose Mode? | 1 It is used in multihome network scenarios
2 It can be used with BGP to mitigate DoS and DDoS
🗑
|
||||
| After applying a new ACL on a device. it's CPU utilization rose significantly and many messages starting with "%SEC-6-IPACCESSLOG" appeared on the syslog server. What can be done to resolve this situation? | Remove the log keyword from each ACL entry
🗑
|
||||
| Refer to the exhibit: class-map type inspect match-all c1 match access-group 101 match protocol http policy-map type inspect p1 class type inspect c1 drop What is true about the configuration in this exhibit? | it will create a class map that matches the content of ACL101 and the HTTP protocol, and will then create an inspection policy that will drop packets at the class map.
🗑
|
||||
| Which feature would prevent guest users from gaining network access by unplugging an IP phone and connecting a laptop computer? | port security with statically configured MAC addresses
🗑
|
||||
| What is also called Type o authentication in OSPF on Cisco routers? | Null
🗑
|
||||
| For a router connected to two ISPs for redundancy, using IPSLA and static routing, how would you configure uRPF on the uplink interface ? | ip verify unicast source reachable-via any
🗑
|
||||
| Which feature is used to translate several internal addresses to only on or a few external addresses(also referred as "overload")? | Port Address Translation
🗑
|
||||
| What does Cisco recommend when you are enabling Cisc IOS ips? | Do not enable all the signatures at the same time.
🗑
|
||||
| Ia a certificate authority trustpoint is not configured when enabling HTTPS and the remote HTTPS server requires client authentication, connections to the secure HTTP client will fail. Which command must be enabled for correct operation? | ip http client secure-trustpoint-name
🗑
|
||||
| Which is the result of enabled IP Source Guard on an untrusted switch port that does not have DHCP snooping enabled? | The DHCL server reply will be dropped and the client will not be able to otain an IP address
🗑
|
||||
| Which of these mandatory when configuring CISCO IOS firewall? | an inbound extended ACL applied to the untrusted interface.
🗑
|
||||
| Which three protocols should be explicitly managed by using Control Plane Policing on an Internet Border router? | 1 ICMP
2 BGP
3 SSH
🗑
|
||||
| Which three configuration items are required to enable SSH on a router? | 1 a domain name
2 an RSA key
3 a hostname
🗑
|
||||
| What is true about Unicast RPF in srict mode? | uRPF is performed with the CEF switching
🗑
|
||||
| Refer to the exhibit show run aaa authentication login default group tacacs+ none What would be the security risk when you are using the above configuration? | if the tacacs+ server failed, no authentication
would be required
🗑
|
||||
| What is the purpose of an explicit "deny any" statement at the end of an ACL? | to allow the log option to be used to log any matches
🗑
|
||||
| Which three protocols should be explicitly managed by using CoPP policy on a Internet border router? | 1 ICMP
2 BGP
3 SSH
🗑
|
Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Created by:
100000429226399
Popular Computers sets