What ports can receive forwarded traffic from an isolated port that is part of a PVLAN? other isolated ports and community ports all other ports within the same community only…
Which attack is defined as an attempt to exploit software vulnerabilities that are unknown or undisclosed by the vendor? man-in-the-middle brute-force Trojan horse zero-day
What are three attributes of IPS signatures? (Choose three.) length type depth action trigger function Answers Explanation & Hints: IPS signatures have three distinctive attributes: type trigger (alarm) action
Which rule action will cause Snort IPS to block and log a packet? log drop alert Sdrop Answers Explanation & Hints: Snort IPS mode can perform all the IDS actions…
What will be the result of failed login attempts if the following command is entered into a router? login block-for 150 attempts 4 within 90 All login attempts will be…
A network analyst is configuring a site-to-site IPsec VPN. The analyst has configured both the ISAKMP and IPsec policies. What is the next step? Configure the hash as SHA and…
When the CLI is used to configure an ISR for a site-to-site VPN connection, which two items must be specified to enable a crypto map policy? (Choose two.) a valid…
Which method is used to identify interesting traffic needed to create an IKE phase 1 tunnel? transform sets a permit access list entry hashing algorithms a security association
Place the steps for configuring zone-based policy (ZPF) firewalls in order from first to last. (Not all options are used.)
What are two benefits of using a ZPF rather than a Classic Firewall? (Choose two.) Multiple inspection actions are used with ZPF. ZPF allows interfaces to be placed into zones…
Which zone-based policy firewall zone is system-defined and applies to traffic destined for the router or originating from the router? system zone outside zone self zone local zone inside zone
What security countermeasure is effective for preventing CAM table overflow attacks? port security IP source guard DHCP snooping Dynamic ARP Inspection Answers Explanation & Hints: Port security is the most…
Match the security technology with the description.
Which measure can a security analyst take to perform effective security monitoring against network traffic encrypted by SSL technology? Require remote access connections through IPsec VPN. Deploy a Cisco SSL…
What are three characteristics of ASA transparent mode? (Choose three.) The interfaces of the ASA separate Layer 3 networks and require IP addresses in different subnets. This mode is referred…
What is a characteristic of a DMZ zone? Traffic originating from the inside network going to the DMZ network is not permitted. Traffic originating from the DMZ network going to…
In an AAA-enabled network, a user issues the configure terminal command from the privileged executive mode of operation. What AAA function is at work if this command is rejected? authentication…
Which network monitoring technology uses VLANs to monitor traffic on remote switches? IPS IDS TAP RSPAN Answers Explanation & Hints: Remote SPAN (RSPAN) enables a network administrator to use the…
What function is provided by Snort as part of the Security Onion? to generate network intrusion alerts by the use of rules and signatures to normalize logs from various NSM…
The use of 3DES within the IPsec framework is an example of which of the five IPsec building blocks? authentication nonrepudiation integrity Diffie-Hellman confidentiality Answers Explanation & Hints: he IPsec…