Hit the Stacks hard
Quiz yourself by thinking what should be in
each of the black spaces below before clicking
on it to display the answer.
Help!
|
|
||||
|---|---|---|---|---|---|
| show | The packet is dropped.
🗑
|
||||
| To facilitate the troubleshooting process, which inbound ICMP message should be permitted on an outside interface? | show 🗑
|
||||
| show | ipv6 traffic-filter ENG_ACL in
🗑
|
||||
| show | Traffic that originates from the DMZ interface is selectively
permitted to the outside interface.
🗑
|
||||
| Refer to the exhibit. Which statement describes the function of the ACEs? | show 🗑
|
||||
| show | ACEs to prevent traffic from private address spaces
🗑
|
||||
| show | application layer protocol session information
🗑
|
||||
| show | A dynamic ACL entry is added to the external interface in the
inbound direction.
🗑
|
||||
| If the provided ACEs are in the same ACL, which ACE should be listed first in the ACL according to best practice? | show 🗑
|
||||
| Interface Serial0/0/0 connects to the ISP, GigabitEthernet0/0 connects to the DMZ, and GigabitEthernet/01 connects to the internal private network. Which type of traffic would receive the least amount of inspection (have the most freedom of travel)? | show 🗑
|
||||
| show | SSH connections from the 192.168.1.0/24 network to the
192.168.2.0/24 network are allowed.
Telnet connections from the 192.168.1.0/24 network to the
192.168.2.0/24 network are blocked.
🗑
|
||||
| show | A Telnet or SSH session is allowed from any
device on the 192.168.10.0 into the router with this
access list assigned.
Devices on the 192.168.10.0/24 network are not
allowed to ping other devices on the 192.168.11.0
network.
🗑
|
||||
| What is one benefit of using a stateful firewall instead of a proxy server? | show 🗑
|
||||
| What is one limitation of a stateful firewall? | show 🗑
|
||||
| When a Cisco IOS Zone-Based Policy Firewall is being configured via CLI, which step must be taken after zones have been created? | show 🗑
|
||||
| show | The two models cannot be implemented on a single interface.
🗑
|
||||
| show | If both interfaces are members of the same zone, all traffic will be
passed.
If neither interface is a zone member, then the action is to pass
traffic.
🗑
|
||||
| Which command will verify a Zone-Based Policy Firewall configuration? | show 🗑
|
||||
| show | DMZ
🗑
|
||||
| Which type of packet is unable to be filtered by an outbound ACL? | show 🗑
|
||||
| When a Cisco IOS Zone-Based Policy Firewall is being configured, which two actions can be applied to a traffic class? (Choose two.) | show 🗑
|
||||
| A firewall monitors the state of connections as network traffic flows into and out of the organization. | show 🗑
|
||||
| The action in a Cisco IOS Zone- Based Policy Firewall is similar to a permit statement in an ACL. | show 🗑
|
||||
| show | It cannot detect unknown attacks.
🗑
|
||||
| show | Enable an HTTP or HTTPS service on the router.
🗑
|
||||
| A network administrator is configuring an IOS IPS with the command R1(config)# ip ips signature-definition Which configuration task can be achieved with this command? | show 🗑
|
||||
| Refer to the exhibit. What is the result of issuing the Cisco IOS IPS commands on route | show 🗑
|
||||
| What information must an IPS track in order to detect attacks matching a composite signature? | show 🗑
|
||||
| show | no traffic will be inspected
🗑
|
||||
| Which type of IPS signature detection is used to distract and confuse attackers? | show 🗑
|
||||
| to prepare for IPS and VPN features, a network administra opens the file realm-cisco.pub.key.txt, and copies and pastes the contents to the router the global configuration prompt. What is the result after this configuration step? | show 🗑
|
||||
| show | The IDS does not stop malicious traffic.
The IDS requires other devices to respond to attacks.
🗑
|
||||
| show | HIPS has difficulty constructing an accurate network picture or coordinating events that occur across the entire network.
With HIPS, the network administrator must verify support for all the different operating systems used in the network.
🗑
|
||||
| show | false negative
🗑
|
||||
| show | Both use signatures to detect malicious traffic.
Both are deployed as sensors.
🗑
|
||||
| What is a disadvantage of network-based IPS as compared to host-based IPS? | show 🗑
|
||||
| Refer to the exhibit. A network administrator enters the command on a Cisco IOS IPS route What is the effect? | show 🗑
|
||||
| show | addition of a signature risk rating
support for encrypted signature parameters
🗑
|
||||
| What is the purpose in configuring an IOS IPS crypto key when enabling IOS IPS on a C router? | show 🗑
|
||||
| show | summary alert
🗑
|
||||
| show | true
🗑
|
||||
| show | Traffic matching ACL 100 will be scanned and reported.
🗑
|
||||
| Refer to the exhibit. Based on the IPS configuration provided, which conclusion can be drawn? | show 🗑
|
||||
| show | All events that were stored in the previous buffer are lost.
🗑
|
||||
| Which statement is true about an atomic alert that is generated by an IPS? | show 🗑
|
||||
| show | Type: Atomic signature
Trigger: Pattern-based detection
Type: Composite signature
🗑
|
||||
| show | root guard
🗑
|
||||
| Which feature is part of the Antimalware Protection security solution? | show 🗑
|
||||
| Which two functions are provided by Network Admission Control? (Choose two.) | show 🗑
|
||||
| What two mechanisms are used by Dynamic ARP inspection to validate ARP packets fo addresses that are dynamically assigned or IP addresses that are static? (Choose two.) | show 🗑
|
||||
| show | remediation for noncompliant devices
AAA services
scanning for policy compliance
🗑
|
||||
| show | DHCP snooping
🗑
|
||||
| show | Disable DTP.
Set the native VLAN to an unused VLAN.
Enable trunking manually.
🗑
|
||||
| What is the role of the Cisco NAC Server within the Cisco Secure Borderless Network Architecture? | show 🗑
|
||||
| What protocol should be disabled to help mitigate VLAN hopping attacks? | show 🗑
|
||||
| Two devices that are connected to the same switch need to be totally isolated from one another. Which Cisco switch security feature will provide this isolation? | show 🗑
|
||||
| show | The switch will forward all received frames to all other ports.
🗑
|
||||
| What network attack seeks to create a DoS for clients by preventing them from being ab obtain a DHCP lease? | show 🗑
|
||||
| What is the role of the Cisco NAC Guest Server within the Cisco Borderless Network architecture? | show 🗑
|
||||
| show | on all switch ports that connect to another switch that is not the root bridge
🗑
|
||||
| is a mitigation technique to prevent rogue DHCP servers from providing fa configuration parameters. | show 🗑
|
||||
| Which spanning-tree enhancement prevents the spanning-tree topology from changing blocking a port that receives a superior BPDU? | show 🗑
|
||||
| What is the only type of port that an isolated port can forward traffic to on a private VLAN | show 🗑
|
||||
| switchport port-security mac-address 0023.189d.6456 command and a workstation been connected. What could be the reason that the Fa0/2 interface is shutdown? | show 🗑
|
||||
| How can a user connect to the Cisco Cloud Web Security service directly? | show 🗑
|
||||
| show | to define role-based user access and endpoint security policies
🗑
|
||||
| show | port security
🗑
|
||||
| What security countermeasure is effective for preventing CAM table overflow attacks? | show 🗑
|
||||
| show | Cisco NAC Agent
🗑
|
||||
| What security benefit is gained from enabling BPDU guard on PortFast enabled interfac | show 🗑
|
||||
| What is the focus of cryptanalysis? | show 🗑
|
||||
| show | 56 bits
🗑
|
||||
| show | SEAL is a stream cipher.
🗑
|
||||
| Which encryption algorithm is an asymmetric algorithm? | show 🗑
|
||||
| An online retailer needs a service to support the nonrepudiation of the transaction. Which component is used for this service? | show 🗑
|
||||
| In which situation is an asymmetric key algorithm used? | show 🗑
|
||||
| What is the purpose of a nonrepudiation service in secure communications? | show 🗑
|
||||
| Which objective of secure communications is achieved by encrypting data? | show 🗑
|
||||
| show | 3DES is more trusted because it has been proven secure for a
longer period than AES.
🗑
|
||||
| show | to secure the exchange of keys used to encrypt data
🗑
|
||||
| Which type of encryption algorithm uses public and private keys to provide authentication, integrity, and confidentiality? | show 🗑
|
||||
| show | Use a keyspace large enough that it takes too much
money and too much time to conduct a successful attack.
🗑
|
||||
| show | IPsec protocol suite
🗑
|
||||
| Refer to the exhibit. Which encryption algorithm is described in the exhibit? | show 🗑
|
||||
| show | They are relatively slow because they are based on difficult
computational algorithms.
🗑
|
||||
| Which two non-secret numbers are initially agreed upon when the Diffie-Hellman algorithm is used? (Choose two.) | show 🗑
|
||||
| In what situation would an asymmetric algorithm most likely be used? | show 🗑
|
||||
| show | One of the keys can be made public.
🗑
|
||||
| What is the purpose of code signing? | show 🗑
|
||||
| show | AES
🗑
|
||||
| What is the purpose of a digital certificate? | show 🗑
|
||||
| show | symmetric
🗑
|
||||
| show | It will be sent unencrypted.
🗑
|
||||
| show | AH
ISAKMP
ESP
🗑
|
||||
| Which statement describes the effect of key length in deterring an attacker from hacking through an encryption key? | show 🗑
|
||||
| show | When multiple combinations of IPsec protection are being chosen,
multiple crypto ACLs can define different traffic types.
🗑
|
||||
| Consider the following configuration on a Cisco ASA: crypto ipsec transform-set ESP-DES-SHA espdes esp-sha-hmac What is the purpose of this command? | show 🗑
|
||||
| Which transform set provides the best protection? | show 🗑
|
||||
| show | 51
50
500
🗑
|
||||
| When is a security association (SA) created if an IPsec VPN tunnel is used to connect between two sites? | show 🗑
|
||||
| show | when a PC with Cisco IP Communicator installed connects to a
Cisco switch
🗑
|
||||
| Which two statements accurately describe characteristics of IPsec? (Choose two.) | show 🗑
|
||||
| Which action do IPsec peers take during the IKE Phase 2 exchange? | show 🗑
|
||||
| show | ESP provides encryption, authentication, and integrity.
AH provides integrity and authentication.
AH uses IP protocol 51
🗑
|
||||
| Which statement accurately describes a characteristic of IPsec? | show 🗑
|
||||
| Which two IPsec protocols are used to provide data integrity? | show 🗑
|
||||
| show | allows peers to exchange shared keys
🗑
|
||||
| show | SHA
🗑
|
||||
| show | access list
🗑
|
||||
| Refer to the exhibit. What algorithm will be used for providing confidentiality? | show 🗑
|
||||
| Which technique is necessary to ensure a private transfer of data using a VPN? | show 🗑
|
||||
| Which statement describes a VPN? | show 🗑
|
||||
| Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN? | show 🗑
|
||||
| show | permits VPN to work when NAT is being used on one or both ends
of the VPN
🗑
|
||||
| Which term describes a situation where VPN traffic that is is received by an interface is routed back out that same interface? | show 🗑
|
||||
| What is an important characteristic of remote-access VPNs? | show 🗑
|
||||
| Which type of site-to-site VPN uses trusted group members to eliminate point-to-point IPsec tunnels between the members of a group? | show 🗑
|
||||
| Refer to the exhibit. Which pair of crypto isakmp key commands would correctly configure PSK on the two routers? | show 🗑
|
||||
| show | A – DMZ, B – Outside, C – Inside
🗑
|
||||
| What is one of the drawbacks to using transparent mode operation on an ASA device? | show 🗑
|
||||
| show | An ACL needs to be configured to explicitly permit traffic from an interface with a lower security level to an interface with a
higher security level.
🗑
|
||||
| Two types of VLAN interfaces were configured on an ASA 5505 with a Base license. The administrator wants to configure a third VLAN interface with limited functionality. Which action should be taken by the administrator to configure the third interface? | show 🗑
|
||||
| What command defines a DHCP pool that uses the maximum number of DHCP client addresses available on an ASA 5505 that is using the Base license? | show 🗑
|
||||
| show | They are typically only used for OSPF routes.
.
They identify only the destination IP address.
🗑
|
||||
| Refer to the exhibit. A network administrator is configuring the security level for the ASA. What is a best practice for assigning the security level on the three interfaces? | show 🗑
|
||||
| show | The ASA will not allow traffic in either direction between the Inside interface and the DMZ.
🗑
|
||||
| show | ASA ACLs use the subnet mask in defining a network, whereas IOS ACLs use the wildcard mask.
🗑
|
||||
| show | to filter traffic for clientless SSL VPN users
🗑
|
||||
| show | inside NAT
🗑
|
||||
| Refer to the exhibit. A network administrator is configuring an object group on an ASA device. Which configuration keyword should be used after the object group name SERVICE1? | show 🗑
|
||||
| When dynamic NAT on an ASA is being configured, what two parameters must be specified by network objects? (Choose two.) | show 🗑
|
||||
| What function is performed by the class maps configuration object in the Cisco modular policy framework? | show 🗑
|
||||
| Refer to the exhibit. Based on the security levels of the interfaces on ASA1, what traffic will be allowed on the interfaces? | show 🗑
|
||||
| What are three characteristics of the ASA routed mode? (Choose three.) | show 🗑
|
||||
| show | The no shutdown command should be entered on interface Ethernet 0/1.
🗑
|
||||
| Refer to the exhibit. According to the command output, which three statements are true about the DHCP options entered on the ASA 5505? (Choose three.) | show 🗑
|
||||
| Refer to the exhibit. What will be displayed in the output of the show running-config object command after the exhibited configuration commands are entered on an ASA 5505? | show 🗑
|
||||
| What must be configured on a Cisco ASA device to support local authentication? | show 🗑
|
||||
| show | To use a show command in a general configuration mode, ASA can use the command directly whereas a router will need to
enter the do command before issuing the show command.
🗑
|
||||
| show | PAT is configured to allow internal hosts to access remote networks through an Ethernet interface.
.
VLAN 1 is assigned a security level of 100.
🗑
|
||||
| show | policy NAT
🗑
|
||||
| show | Accounting can be used alone.
🗑
|
||||
| A network administrator is working on the implementation of the Cisco Modular Policy Framework on an ASA device. The administrator issues a clear service-policy command. What is the effect after this command is entered? | show 🗑
|
||||
| show | ACL
🗑
|
||||
| show | The administrator can connect to and manage a single ASA.
🗑
|
||||
| What is one benefit of using ASDM compared to using the CLI to configure the Cisco ASA? | show 🗑
|
||||
| show | SSL
🗑
|
||||
| show | a dedicated Layer 3 management interface
🗑
|
||||
| What must be configured on an ASA before it can be accessed by ASDM? | show 🗑
|
||||
| How is an ASA interface configured as an outside interface when using ASDM? | show 🗑
|
||||
| Refer to the exhibit. Which Device Management menu item would be used to access the ASA command line from within Cisco ASDM? | show 🗑
|
||||
| Which ASDM configuration option is used to configure the ASA enable secret password? | show 🗑
|
||||
| show | System Time
🗑
|
||||
| show | true
🗑
|
||||
| Which ASDM interface option would be used to configure an ASA as a DHCP server for local corporate devices? | show 🗑
|
||||
| Which ASDM configuration option re-encrypts all shared keys and passwords on an ASA? | show 🗑
|
||||
| show | AES
🗑
|
||||
| show | the peer
a valid access list
🗑
|
||||
| What is the purpose of the ACL in the configuration of an ISR site-to-site VPN connection? | show 🗑
|
||||
| When ASDM is used to configure an ASA site-to-site VPN, what can be customized to secure traffic? | show 🗑
|
||||
| Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA? | show 🗑
|
||||
| show | clientless SSL VPN
🗑
|
||||
| show | IPsec (IKEv2) VPN
🗑
|
||||
| Which statement describes available user authentication methods when using an ASA 5505 device? | show 🗑
|
||||
| Which remote-access VPN connection needs a bookmark list? | show 🗑
|
||||
| show | The user no longer has access to the VPN.
🗑
|
||||
| If an outside host does not have the Cisco AnyConnect client preinstalled, how would the host gain access to the client image? | show 🗑
|
||||
| What is an optional feature that is performed during the Cisco AnyConnect Secure Mobility Client VPN establishment phase? | show 🗑
|
||||
| show | both SSL and IPsec
🗑
|
||||
| show | to assign IP addresses to clients when they connect
🗑
|
Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Created by:
fluffyhuffy
Popular Engineering sets