A user complains about being locked out of a device after too many unsuccessful AAA login attempts. What could be used by the network administrator to provide a secure authentication…
Refer to the exhibit. A network administrator configures AAA authentication on R1. Which statement describes the effect of the keyword single-connection in the configuration? R1 will open a separate connection…
What are three characteristics of the RADIUS protocol? (Choose three.) uses UDP ports for authentication and accounting encrypts the entire body of the packet is an open RFC standard AAA…
When describing malware, what is a difference between a virus and a worm? A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently. A…
Refer to the exhibit. The ip verify source command is applied on untrusted interfaces. Which type of attack is mitigated by using this configuration? DHCP starvation DHCP spoofing STP manipulation…
What ports can receive forwarded traffic from an isolated port that is part of a PVLAN? other isolated ports and community ports all other ports within the same community only…
Which attack is defined as an attempt to exploit software vulnerabilities that are unknown or undisclosed by the vendor? man-in-the-middle brute-force Trojan horse zero-day
What are three attributes of IPS signatures? (Choose three.) length type depth action trigger function Answers Explanation & Hints: IPS signatures have three distinctive attributes: type trigger (alarm) action
Which rule action will cause Snort IPS to block and log a packet? log drop alert Sdrop Answers Explanation & Hints: Snort IPS mode can perform all the IDS actions…
What will be the result of failed login attempts if the following command is entered into a router? login block-for 150 attempts 4 within 90 All login attempts will be…
A network analyst is configuring a site-to-site IPsec VPN. The analyst has configured both the ISAKMP and IPsec policies. What is the next step? Configure the hash as SHA and…
When the CLI is used to configure an ISR for a site-to-site VPN connection, which two items must be specified to enable a crypto map policy? (Choose two.) a valid…
Which method is used to identify interesting traffic needed to create an IKE phase 1 tunnel? transform sets a permit access list entry hashing algorithms a security association
Place the steps for configuring zone-based policy (ZPF) firewalls in order from first to last. (Not all options are used.)
What are two benefits of using a ZPF rather than a Classic Firewall? (Choose two.) Multiple inspection actions are used with ZPF. ZPF allows interfaces to be placed into zones…
Which zone-based policy firewall zone is system-defined and applies to traffic destined for the router or originating from the router? system zone outside zone self zone local zone inside zone
What security countermeasure is effective for preventing CAM table overflow attacks? port security IP source guard DHCP snooping Dynamic ARP Inspection Answers Explanation & Hints: Port security is the most…
Match the security technology with the description.
Which measure can a security analyst take to perform effective security monitoring against network traffic encrypted by SSL technology? Require remote access connections through IPsec VPN. Deploy a Cisco SSL…
What are three characteristics of ASA transparent mode? (Choose three.) The interfaces of the ASA separate Layer 3 networks and require IP addresses in different subnets. This mode is referred…