Hit the Stacks hard
Quiz yourself by thinking what should be in
each of the black spaces below before clicking
on it to display the answer.
Help!
|
|
||||
|---|---|---|---|---|---|
| hacker on the outside network sends an IP packet with source address 172.30.1.50, des address 10.0.0.3, source port 23, and destination port 2447, what does the Cisco IOS fir with the packet? | show 🗑
|
||||
| To facilitate the troubleshooting process, which inbound ICMP message should be permitted on an outside interface? | show 🗑
|
||||
| Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table? | show 🗑
|
||||
| show | Traffic that originates from the DMZ interface is selectively
permitted to the outside interface.
🗑
|
||||
| Refer to the exhibit. Which statement describes the function of the ACEs? | show 🗑
|
||||
| When an inbound Internet-traffic ACL is being implemented, what should be included to prevent the spoofing of internal networks? | show 🗑
|
||||
| show | application layer protocol session information
🗑
|
||||
| A router has been configured as a classic firewall and an inbound ACL applied to the external interface. Which action does the router take after inbound-to-outbound traffic is inspected and a new entry is created in the state table? | show 🗑
|
||||
| show | permit udp 172.16.0.0 0.0.255.255 host 172.16.1.5 eq snmptrap
🗑
|
||||
| Interface Serial0/0/0 connects to the ISP, GigabitEthernet0/0 connects to the DMZ, and GigabitEthernet/01 connects to the internal private network. Which type of traffic would receive the least amount of inspection (have the most freedom of travel)? | show 🗑
|
||||
| Refer to the exhibit. The ACL statement is the only one explicitly configured on the router. Based on this information, which two conclusions can be drawn regarding remote access network connections? (Choose two.) | show 🗑
|
||||
| show | A Telnet or SSH session is allowed from any
device on the 192.168.10.0 into the router with this
access list assigned.
Devices on the 192.168.10.0/24 network are not
allowed to ping other devices on the 192.168.11.0
network.
🗑
|
||||
| What is one benefit of using a stateful firewall instead of a proxy server? | show 🗑
|
||||
| show | not as effective with UDP- or ICMP-based traffic
🗑
|
||||
| When a Cisco IOS Zone-Based Policy Firewall is being configured via CLI, which step must be taken after zones have been created? | show 🗑
|
||||
| A network administrator is implementing a Classic Firewall and a Zone-Based Firewall concurrently on a router. Which statement best describes this implementation? | show 🗑
|
||||
| Which two rules about interfaces are valid when implementing a Zone-Based Policy Firewall? (Choose two.) | show 🗑
|
||||
| show | show running-config
🗑
|
||||
| Refer to the exhibit. The network "A" contains multiple corporate servers that are accessed by hosts from the Internet for information about the corporation. What term is used to describe the network marked as "A"? | show 🗑
|
||||
| Which type of packet is unable to be filtered by an outbound ACL? | show 🗑
|
||||
| show | drop
inspect
🗑
|
||||
| show | A stateful firewall tracks packets as they leave the organization, inspecting and
allowing return packets as they return to the originating device.
🗑
|
||||
| show | pass
🗑
|
||||
| What is a disadvantage of a pattern-based detection mechanism? | show 🗑
|
||||
| show | Enable an HTTP or HTTPS service on the router.
🗑
|
||||
| show | Retire or unretire an individual signature
🗑
|
||||
| show | All traffic that is permitted by the ACL is subject to inspection by the IPS.
🗑
|
||||
| What information must an IPS track in order to detect attacks matching a composite signature? | show 🗑
|
||||
| show | no traffic will be inspected
🗑
|
||||
| show | honeypot-based detection
🗑
|
||||
| show | A crypto key is created for IOS IPS to verify the master signature file.
🗑
|
||||
| show | The IDS does not stop malicious traffic.
The IDS requires other devices to respond to attacks.
🗑
|
||||
| What are two drawbacks to using HIPS? (Choose two.) | show 🗑
|
||||
| A system analyst is configuring and tuning a recently deployed IPS appliance. By exam the IPS alarm log, the analyst notices that the IPS does not generate alarms for a few k attack packets. Which term describes the lack of alarms by the IPS? | show 🗑
|
||||
| What are two shared characteristics of the IDS and the IPS? (Choose two.) | show 🗑
|
||||
| What is a disadvantage of network-based IPS as compared to host-based IPS? | show 🗑
|
||||
| Refer to the exhibit. A network administrator enters the command on a Cisco IOS IPS route What is the effect? | show 🗑
|
||||
| show | addition of a signature risk rating
support for encrypted signature parameters
🗑
|
||||
| show | to verify the digital signature for the master signature file
🗑
|
||||
| will generate an alert when an attack is detected. Alerts for the subsequent detection of the same attack are suppressed for a p defined period of time. Another alert will be generated at the end of the period indicating number of the attack detected. | show 🗑
|
||||
| show | true
🗑
|
||||
| Refer to the exhibit. Which statement best describes how incoming traffic on serial 0/0 is handled? | show 🗑
|
||||
| Refer to the exhibit. Based on the IPS configuration provided, which conclusion can be drawn? | show 🗑
|
||||
| of the ip ips notify sdee command caused performance degradation on the Cisco IOS IPS router. The network administrato enters the ip sdee events 50 command in an attempt to remedy the performance issue What is the immediate effect of this command? | show 🗑
|
||||
| show | It is an alert that is generated every time a specific signature has been found.
🗑
|
||||
| An IPS sensor has detected the string confidential across multiple packets in a TCP session. Which type of signature trigger and signature type does this describe? | show 🗑
|
||||
| show | root guard
🗑
|
||||
| show | file retrospection
🗑
|
||||
| Which two functions are provided by Network Admission Control? (Choose two.) | show 🗑
|
||||
| show | ARP ACLs
MAC-address-to-IP-address bindings
🗑
|
||||
| show | remediation for noncompliant devices
AAA services
scanning for policy compliance
🗑
|
||||
| What additional security measure must be enabled along with IP Source Guard to prote against address spoofing? | show 🗑
|
||||
| show | Disable DTP.
Set the native VLAN to an unused VLAN.
Enable trunking manually.
🗑
|
||||
| What is the role of the Cisco NAC Server within the Cisco Secure Borderless Network Architecture? | show 🗑
|
||||
| show | DTP
🗑
|
||||
| Two devices that are connected to the same switch need to be totally isolated from one another. Which Cisco switch security feature will provide this isolation? | show 🗑
|
||||
| show | The switch will forward all received frames to all other ports.
🗑
|
||||
| What network attack seeks to create a DoS for clients by preventing them from being ab obtain a DHCP lease? | show 🗑
|
||||
| What is the role of the Cisco NAC Guest Server within the Cisco Borderless Network architecture? | show 🗑
|
||||
| show | on all switch ports that connect to another switch that is not the root bridge
🗑
|
||||
| show | snooping
🗑
|
||||
| show | root guard
🗑
|
||||
| show | a promiscuous port
🗑
|
||||
| switchport port-security mac-address 0023.189d.6456 command and a workstation been connected. What could be the reason that the Fa0/2 interface is shutdown? | show 🗑
|
||||
| show | by using a proxy autoconfiguration file in the end device
🗑
|
||||
| What is the role of the Cisco NAC Manager in implementing a secure networking infrastructure? | show 🗑
|
||||
| Which security feature should be enabled in order to prevent an attacker from overflowin the MAC address table of a switch? | show 🗑
|
||||
| What security countermeasure is effective for preventing CAM table overflow attacks? | show 🗑
|
||||
| show | Cisco NAC Agent
🗑
|
||||
| show | preventing rogue switches from being added to the network
🗑
|
||||
| show | breaking encrypted codes
🗑
|
||||
| show | 56 bits
🗑
|
||||
| Which statement describes the Software-Optimized Encryption Algorithm (SEAL)? | show 🗑
|
||||
| Which encryption algorithm is an asymmetric algorithm? | show 🗑
|
||||
| An online retailer needs a service to support the nonrepudiation of the transaction. Which component is used for this service? | show 🗑
|
||||
| show | A network administrator connects to a Cisco router with SSH.
🗑
|
||||
| What is the purpose of a nonrepudiation service in secure communications? | show 🗑
|
||||
| Which objective of secure communications is achieved by encrypting data? | show 🗑
|
||||
| show | 3DES is more trusted because it has been proven secure for a
longer period than AES.
🗑
|
||||
| show | to secure the exchange of keys used to encrypt data
🗑
|
||||
| show | asymmetric
🗑
|
||||
| show | Use a keyspace large enough that it takes too much
money and too much time to conduct a successful attack.
🗑
|
||||
| show | IPsec protocol suite
🗑
|
||||
| show | 3DES
🗑
|
||||
| show | They are relatively slow because they are based on difficult
computational algorithms.
🗑
|
||||
| show | generator
prime modulus
🗑
|
||||
| show | making an online purchase
🗑
|
||||
| show | One of the keys can be made public.
🗑
|
||||
| show | integrity of source .EXE files
🗑
|
||||
| show | AES
🗑
|
||||
| show | It authenticates a website and establishes a secure connection to
🗑
|
||||
| A shared secret is a key used in a encryption algorithm. | show 🗑
|
||||
| Refer to the exhib will traffic that does not match that defined by access list 101 be treated by the router? | show 🗑
|
||||
| What three protocols must be permitted through the company firewall for establishment IPsec site-to-site VPNs? (Choose three.) | show 🗑
|
||||
| show | The longer the key, the more key possibilities exist.
🗑
|
||||
| show | When multiple combinations of IPsec protection are being chosen,
multiple crypto ACLs can define different traffic types.
🗑
|
||||
| Consider the following configuration on a Cisco ASA: crypto ipsec transform-set ESP-DES-SHA espdes esp-sha-hmac What is the purpose of this command? | show 🗑
|
||||
| Which transform set provides the best protection? | show 🗑
|
||||
| Which three ports must be open to verify that an IPsec VPN tunnel is operating properly? (Choose three.) | show 🗑
|
||||
| show | during both Phase 1 and 2
🗑
|
||||
| show | when a PC with Cisco IP Communicator installed connects to a
Cisco switch
🗑
|
||||
| show | IPsec works at the network layer and operates over all
IPsec is a framework of open standards that relies on
🗑
|
||||
| Which action do IPsec peers take during the IKE Phase 2 exchange? | show 🗑
|
||||
| show | ESP provides encryption, authentication, and integrity.
AH provides integrity and authentication.
AH uses IP protocol 51
🗑
|
||||
| show | IPsec is a framework of open standards that relies on existing
algorithms.
🗑
|
||||
| show | SHA
MD5
🗑
|
||||
| show | allows peers to exchange shared keys
🗑
|
||||
| Refer to the exhibit. What HMAC algorithm is being used to provide data integrity? | show 🗑
|
||||
| show | access list
🗑
|
||||
| show | AES
🗑
|
||||
| Which technique is necessary to ensure a private transfer of data using a VPN? | show 🗑
|
||||
| show | VPNs use virtual connections to create a private network through a
public network.
🗑
|
||||
| Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN? | show 🗑
|
||||
| show | permits VPN to work when NAT is being used on one or both ends
of the VPN
🗑
|
||||
| Which term describes a situation where VPN traffic that is is received by an interface is routed back out that same interface? | show 🗑
|
||||
| show | The VPN connection is initiated by the remote user.
🗑
|
||||
| show | GETVPN
🗑
|
||||
| Refer to the exhibit. Which pair of crypto isakmp key commands would correctly configure PSK on the two routers? | show 🗑
|
||||
| show | A – DMZ, B – Outside, C – Inside
🗑
|
||||
| show | no support for QoS
🗑
|
||||
| show | An ACL needs to be configured to explicitly permit traffic from an interface with a lower security level to an interface with a
higher security level.
🗑
|
||||
| show | The administrator must enter the no forward interface vlan command before the nameif command on the third interface.
🗑
|
||||
| show | CCNAS-ASA(config)# dhcpd address 192.168.1.25-192.168.1.56 inside
🗑
|
||||
| show | They are typically only used for OSPF routes.
.
They identify only the destination IP address.
🗑
|
||||
| show | Outside 0, Inside 100, DMZ 50
🗑
|
||||
| Refer to the exhibit. A network administrator is configuring the security level for the ASA. Which statement describes the default result if the administrator tries to assign the Inside interface with the same security level as the DMZ interface? | show 🗑
|
||||
| show | ASA ACLs use the subnet mask in defining a network, whereas IOS ACLs use the wildcard mask.
🗑
|
||||
| What is the purpose of the webtype ACLs in an ASA? | show 🗑
|
||||
| Refer to the exhibit. A network administrator has configured NAT on an ASA device. What type of NAT is used? | show 🗑
|
||||
| Refer to the exhibit. A network administrator is configuring an object group on an ASA device. Which configuration keyword should be used after the object group name SERVICE1? | show 🗑
|
||||
| show | a range of private addresses that will be translated
the pool of public global addresses
🗑
|
||||
| What function is performed by the class maps configuration object in the Cisco modular policy framework? | show 🗑
|
||||
| show | Traffic from the LAN and DMZ can access the Internet.
🗑
|
||||
| What are three characteristics of the ASA routed mode? (Choose three.) | show 🗑
|
||||
| show | The no shutdown command should be entered on interface Ethernet 0/1.
🗑
|
||||
| show | The dhcpd enable inside command was issued to enable the DHCP server.
The dhcpd address [start-of-pool]-[end-of-pool] inside command was issued to enable the DHCP server.
The dhcpd auto-config outside command was issued to enable the DHCP client.
🗑
|
||||
| Refer to the exhibit. What will be displayed in the output of the show running-config object command after the exhibited configuration commands are entered on an ASA 5505? | show 🗑
|
||||
| show | AAA
🗑
|
||||
| show | To use a show command in a general configuration mode, ASA can use the command directly whereas a router will need to
enter the do command before issuing the show command.
🗑
|
||||
| What are two factory default configurations on an ASA 5505? (Choose two.) | show 🗑
|
||||
| Which type of NAT would be used on an ASA where 10.0.1.0/24 inside addresses are to be translated only if traffic from these addresses is destined for the 198.133.219.0/24 network? | show 🗑
|
||||
| show | Accounting can be used alone.
🗑
|
||||
| show | All service policy statistics data are removed.
🗑
|
||||
| show | ACL
🗑
|
||||
| show | The administrator can connect to and manage a single ASA.
🗑
|
||||
| What is one benefit of using ASDM compared to using the CLI to configure the Cisco ASA? | show 🗑
|
||||
| Which type of security is required for initial access to the Cisco ASDM by using the local application option? | show 🗑
|
||||
| Which minimum configuration is required on most ASAs before ASDM can be used? | show 🗑
|
||||
| What must be configured on an ASA before it can be accessed by ASDM? | show 🗑
|
||||
| show | Enter the name "outside" in the Interface Name text box
🗑
|
||||
| Refer to the exhibit. Which Device Management menu item would be used to access the ASA command line from within Cisco ASDM? | show 🗑
|
||||
| Which ASDM configuration option is used to configure the ASA enable secret password? | show 🗑
|
||||
| Refer to the exhibit. Which Device Setup ASDM menu option would be used to configure the ASA for an NTP server? | show 🗑
|
||||
| True or False? The ASA can be configured through ASDM as a DHCP server. | show 🗑
|
||||
| Which ASDM interface option would be used to configure an ASA as a DHCP server for local corporate devices? | show 🗑
|
||||
| Which ASDM configuration option re-encrypts all shared keys and passwords on an ASA? | show 🗑
|
||||
| Which type of encryption is applied to shared keys and passwords when the master passphrase option is enabled through ASDM for an ASA? | show 🗑
|
||||
| show | the peer
a valid access list
🗑
|
||||
| What is the purpose of the ACL in the configuration of an ISR site-to-site VPN connection? | show 🗑
|
||||
| When ASDM is used to configure an ASA site-to-site VPN, what can be customized to secure traffic? | show 🗑
|
||||
| show | clientless SSL
🗑
|
||||
| Which remote-access VPN connection allows the user to connect by using a web browser? | show 🗑
|
||||
| Which remote-access VPN connection allows the user to connect using Cisco AnyConnect? | show 🗑
|
||||
| show | The ASA 5505 can use either a AAA server or a local database.
🗑
|
||||
| show | clientless SSL VPN
🗑
|
||||
| show | The user no longer has access to the VPN.
🗑
|
||||
| If an outside host does not have the Cisco AnyConnect client preinstalled, how would the host gain access to the client image? | show 🗑
|
||||
| What is an optional feature that is performed during the Cisco AnyConnect Secure Mobility Client VPN establishment phase? | show 🗑
|
||||
| Which item describes secure protocol support provided by Cisco AnyConnect? | show 🗑
|
||||
| show | to assign IP addresses to clients when they connect
🗑
|
Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Created by:
fluffyhuffy
Popular Engineering sets