Network Security (Version 1) – Network Security 1.0 Final Exam Answers 2021

  1. Which type of packet is unable to be filtered by an outbound ACL?

    • ICMP packet
    • multicast packet
    • broadcast packet
    • router-generated packet
      Answers Explanation & Hints:

      Traffic that originates within a router such as pings from a command prompt, remote access from a router to another device, or routing updates are not affected by outbound access lists. The traffic must flow through the router in order for the router to apply the ACEs.

  2. Refer to the exhibit. A network administrator configures a named ACL on the router. Why is there no output displayed when the show command is issued?

    Network Security (Version 1) - Network Security 1.0 Final Exam Answers 01
    Network Security (Version 1) – Network Security 1.0 Final Exam Answers 01
    • The ACL name is case sensitive.
    • The ACL has not been applied to an interface.
    • No packets have matched the ACL statements yet.
    • The ACL is not activated.
  3. ACLs are used primarily to filter traffic. What are two additional uses of ACLs? (Choose two.)

    • specifying source addresses for authentication
    • reorganizing traffic into VLANs
    • specifying internal hosts for NAT
    • identifying traffic for QoS
    • filtering VTP packets
      Answers Explanation & Hints:

      ACLs are used to filter traffic to determine which packets will be permitted or denied through the router and which packets will be subject to policy-based routing. ACLs can also be used to identify traffic that requires NAT and QoS services. Prefix lists are used to control which routes will be redistributed or advertised to other routers.

  4. What is typically used to create a security trap in the data center facility?

    • IDs, biometrics, and two access doors
    • high resolution monitors
    • redundant authentication servers
    • a server without all security patches applied
      Answers Explanation & Hints:

      Security traps provide access to the data halls where data center data is stored. As shown in the figure below, a security trap is similar to an air lock. A person must first enter the security trap using their badge ID proximity card. After the person is inside the security trap, facial recognition, fingerprints, or other biometric verifications are used to open the second door. The user must repeat the process to exit the data hall.

  5. A company is concerned with leaked and stolen corporate data on hard copies. Which data loss mitigation technique could help with this situation?

    • strong PC security settings
    • strong passwords
    • shredding
    • encryption
      Answers Explanation & Hints:

      Confidential data should be shredded when no longer required. Otherwise, a thief could retrieve discarded reports and gain valuable information.

  6. Upon completion of a network security course, a student decides to pursue a career in cryptanalysis. What job would the student be doing as a cryptanalyst?

    • cracking code without access to the shared secret key
    • creating hashing codes to authenticate data
    • making and breaking secret codes
    • creating transposition and substitution ciphers
  7. How does a Caesar cipher work on a message?

    • Letters of the message are rearranged based on a predetermined pattern.
    • Letters of the message are rearranged randomly.
    • Words of the message are substituted based on a predetermined pattern.
    • Letters of the message are replaced by another letter that is a set number of places away in the alphabet.
  8. What command is used on a switch to set the port access entity type so the interface acts only as an authenticator and will not respond to any messages meant for a supplicant?

    • dot1x pae authenticator
    • authentication port-control auto
    • aaa authentication dot1x default group radius
    • dot1x system-auth-control
      Answers Explanation & Hints:

      Sets the Port Access Entity (PAE) type.
      dot1x pae [supplicant | authenticator | both]

      • supplicant—The interface acts only as a supplicant and does not respond to messages that are meant for an authenticator.
      • authenticator-—The interface acts only as an authenticator and does not respond to any messages meant for a supplicant.
      • both—The interface behaves both as a supplicant and as an authenticator and thus does respond to all dot1x messages.
  9. Which three types of traffic are allowed when the authentication port-control auto command has been issued and the client has not yet been authenticated? (Choose three.)

    • EAPOL
    • CDP
    • STP
    • TACACS+
    • 802.1Q
    • IPsec
      Answers Explanation & Hints:

      Until the workstation is authenticated, 802.1X access control enables only Extensible Authentication Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP) traffic through the port to which the workstation is connected. After authentication succeeds, normal traffic can pass through the port.

  10. Which threat protection capability is provided by Cisco ESA?

    • Layer 4 traffic monitoring
    • web filtering
    • spam protection
    • cloud access security
      Answers Explanation & Hints:

      Email is a top attack vector for security breaches. Cisco ESA includes many threat protection capabilities for email such as spam protection, forged email detection, and Cisco advanced phishing protection.

  11. If AAA is already enabled, which three CLI steps are required to configure a router with a specific view? (Choose three.)

    • Create a view using the parser view view-name command.
    • Assign commands to the view.
    • Create a superview using the parser view view-name command.
    • Assign users who can use the view.
    • Associate the view with the root view.
    • Assign a secret password to the view.
      Answers Explanation & Hints:

      There are five steps involved to create a view on a Cisco router.
      1) AAA must be enabled.
      2) the view must be created.
      3) a secret password must be assigned to the view.
      4) commands must be assigned to the view.
      5) view configuration mode must be exited.

  12. What is a characteristic of a role-based CLI view of router configuration?

    • A single CLI view can be shared within multiple superviews.
    • When a superview is deleted, the associated CLI views are deleted.​
    • A CLI view has a command hierarchy, with higher and lower views.
    • Only a superview user can configure a new view and add or remove commands from the existing views.​
      Answers Explanation & Hints:

      A CLI view has no command hierarchy, and therefore, no higher or lower views. Deleting a superview does not delete the associated CLI views. Only a root view user can configure a new view and add or remove commands from the existing views.​

  13. What type of network security test can detect and report changes made to network systems?

    • integrity checking
    • penetration testing
    • vulnerability scanning
    • network scanning
      Answers Explanation & Hints:

      Integrity checking is used to detect and report changes made to systems. Vulnerability scanning is used to find weaknesses and misconfigurations on network systems. Network scanning is used to discover available resources on the network.

  14. What network testing tool would an administrator use to assess and validate system configurations against security policies and compliance standards?

    • L0phtcrack
    • Nessus
    • Metasploit
    • Tripwire
      Answers Explanation & Hints:

      Tripwire – This tool assesses and validates IT configurations against internal policies, compliance standards, and security best practices.

  15. What network testing tool is used for password auditing and recovery?

    • Nessus
    • Metasploit
    • L0phtcrack
    • SuperScan
  16. What is a limitation to using OOB management on a large enterprise network?

    • All devices appear to be attached to a single management network.
    • OOB management requires the creation of VPNs.
    • Production traffic shares the network with management traffic.
    • Terminal servers can have direct console connections to user devices needing management.
      Answers Explanation & Hints:

      OOB management provides a dedicated management network without production traffic. Devices within that network, such as terminal servers, have direct console access for management purposes. Because in-band management runs over the production network, secure tunnels or VPNs may be needed. Failures on the production network may not be communicated to the OOB network administrator because the OOB management network may not be affected.​

  17. What two features are added in SNMPv3 to address the weaknesses of previous versions of SNMP? (Choose two.)

    • authentication
    • authorization with community string priority
    • bulk MIB objects retrieval
    • ACL management filtering
    • encryption
  18. Refer to the exhibit. Which two conclusions can be drawn from the syslog message that was generated by the router? (Choose two.)

    Network Security (Version 1) - Network Security 1.0 Final Exam Answers 02
    Network Security (Version 1) – Network Security 1.0 Final Exam Answers 02
    • This message indicates that the interface changed state five times.
    • This message resulted from an unusual error requiring reconfiguration of the interface.
    • This message indicates that the interface should be replaced.
    • This message indicates that service timestamps have been configured.
    • This message is a level 5 notification message.
      Answers Explanation & Hints:

      The message is a level 5 notification message as shown in the %LINEPROTO-5 section of the output. Messages reporting the link status are common and do not require replacing the interface or reconfiguring the interface. The date and time displayed at the beginning of the message indicates that service timestamps have been configured on the router.

  19. How does a firewall handle traffic when it is originating from the public network and traveling to the DMZ network?

    • Traffic that is originating from the public network is inspected and selectively permitted when traveling to the DMZ network.
    • Traffic that is originating from the public network is usually permitted with little or no restriction when traveling to the DMZ network.
    • Traffic that is originating from the public network is usually forwarded without inspection when traveling to the DMZ network.
    • Traffic that is originating from the public network is usually blocked when traveling to the DMZ network.
  20. Which type of firewall makes use of a server to connect to destination devices on behalf of clients?

    • packet filtering firewall
    • proxy firewall
    • stateless firewall
    • stateful firewall
      Answers Explanation & Hints:

      An application gateway firewall, also called a proxy firewall, filters information at Layers 3, 4, 5, and 7 of the OSI model. It uses a proxy server to connect to remote servers on behalf of clients. Remote servers will see only a connection from the proxy server, not from the individual clients.

  21. A client connects to a Web server. Which component of this HTTP connection is not examined by a stateful firewall?

    • the source IP address of the client traffic
    • the destination port number of the client traffic
    • the actual contents of the HTTP connection
    • the source port number of the client traffic
      Answers Explanation & Hints:

      Stateful firewalls cannot prevent application layer attacks because they do not examine the actual contents of the HTTP connection.

  22. Which statement describes a difference between the Cisco ASA IOS CLI feature and the router IOS CLI feature?

    • To indicate the CLI EXEC mode, ASA uses the % symbol whereas a router uses the # symbol.
    • ASA uses the ? command whereas a router uses the help command to receive help on a brief description and the syntax of a command.
    • To complete a partially typed command, ASA uses the Ctrl+Tab key combination whereas a router uses the Tab key.
    • To use a show command in a general configuration mode, ASA can use the command directly whereas a router will need to enter the do command before issuing the show command.
      Answers Explanation & Hints:

      The ASA CLI is a proprietary OS which has a similar look and feel to the Cisco router IOS. Although it shares some common features with the router IOS, it has its unique features. For example, an ASA CLI command can be executed regardless of the current configuration mode prompt. The IOS do command is not required or recognized. Both the ASA CLI and the router CLI use the # symbol to indicate the EXEC mode. Both CLIs use the Tab key to complete a partially typed command. Different from the router IOS, the ASA provides a help command that provides a brief command description and syntax for certain commands.

  23. Refer to the exhibit. What will be displayed in the output of the show running-config object command after the exhibited configuration commands are entered on an ASA 5506-X?

    Network Security (Version 1) - Network Security 1.0 Final Exam Answers 05
    Network Security (Version 1) – Network Security 1.0 Final Exam Answers 05
    • host 192.168.1.4
    • range 192.168.1.10 192.168.1.20
    • host 192.168.1.3, host 192.168.1.4, and range 192.168.1.10 192.168.1.20
    • host 192.168.1.3
    • host 192.168.1.3 and host 192.168.1.4
    • host 192.168.1.4 and range 192.168.1.10 192.168.1.20
      Answers Explanation & Hints:

      The show running-config object command is used to display or verify the IP address/mask pair within the object. There can only be one statement in the network object. Entering a second IP address/mask pair will replace the existing configuration.

  24. Refer to the exhibit. According to the command output, which three statements are true about the DHCP options entered on the ASA? (Choose three.)

    Network Security (Version 1) - Network Security 1.0 Final Exam Answers 04
    Network Security (Version 1) – Network Security 1.0 Final Exam Answers 04
    • The dhcpd address [ start-of-pool ]-[ end-of-pool ] inside command was issued to enable the DHCP server.
    • The dhcpd address [ start-of-pool ]-[ end-of-pool ] inside command was issued to enable the DHCP client.
    • The dhcpd enable inside command was issued to enable the DHCP server.
    • The dhcpd auto-config outside command was issued to enable the DHCP client.
    • The dhcpd auto-config outside command was issued to enable the DHCP server.
    • The dhcpd enable inside command was issued to enable the DHCP client.
      Answers Explanation & Hints:

      Symmetric encryption algorithms use the same key (also called shared secret) to encrypt and decrypt the data. In contrast, asymmetric encryption algorithms use a pair of keys, one for encryption and another for decryption.

  25. Which two statements describe the characteristics of symmetric algorithms? (Choose two.)

    • They provide confidentiality, integrity, and availability.
    • They are commonly implemented in the SSL and SSH protocols.
    • They are referred to as a pre-shared key or secret key.
    • They are commonly used with VPN traffic.
    • They use a pair of a public key and a private key.
      Answers Explanation & Hints:

      Symmetric encryption algorithms use the same key (also called shared secret) to encrypt and decrypt the data. In contrast, asymmetric encryption algorithms use a pair of keys, one for encryption and another for decryption.

  26. A network technician has been asked to design a virtual private network between two branch routers. Which type of cryptographic key should be used in this scenario?

    • symmetric key
    • digital signature
    • asymmetric key
    • hash key
      Answers Explanation & Hints:

      A symmetric key requires that both routers have access to the secret key that is used to encrypt and decrypt exchanged data.

  27. Which algorithm can ensure data integrity?

    • MD5
    • AES
    • PKI
    • RSA
      Answers Explanation & Hints:

      Data integrity guarantees that the message was not altered in transit. Integrity is ensured by implementing either of the Secure Hash Algorithms (SHA-2 or SHA-3). The MD5 message digest algorithm is still widely in use.

  28. An administrator discovers that a user is accessing a newly established website that may be detrimental to company security. What action should the administrator take first in terms of the security policy?

    • Ask the user to stop immediately and inform the user that this constitutes grounds for dismissal.
    • Revise the AUP immediately and get all users to sign the updated AUP.
    • Create a firewall rule blocking the respective website.
    • Immediately suspend the network privileges of the user.
  29. A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?

    • integrity
    • scalability
    • availability
    • confidentiality
      Answers Explanation & Hints:

      Confidentiality ensures that data is accessed only by authorized individuals. Authentication will help verify the identity of the individuals.

  30. Which statement describes a characteristic of the IKE protocol?

    • It uses UDP port 500 to exchange IKE information between the security gateways.
    • IKE Phase 1 can be implemented in three different modes: main, aggressive, or quick.
    • The purpose of IKE Phase 2 is to negotiate a security association between two IKE peers.
    • It allows for the transmission of keys directly across a network.
  31. Which action do IPsec peers take during the IKE Phase 2 exchange?

    • negotiation of IPsec policy
    • negotiation of IKE policy sets
    • verification of peer identity
    • exchange of DH keys
      Answers Explanation & Hints:

      The IKE protocol executes in two phases. During Phase 1 the two sides negotiate IKE policy sets, authenticate each other, and set up a secure channel. During the second phase IKE negotiates security associations between the peers.

  32. The use of 3DES within the IPsec framework is an example of which of the five IPsec building blocks?

    • authentication
    • nonrepudiation
    • integrity
    • Diffie-Hellman
    • confidentiality
      Answers Explanation & Hints:

      he IPsec framework consists of five building blocks. Each building block performs a specific securty function via specific protocols. The function of providing confidentiality is provided by protocols such as DES, 3DES, and AES.

  33. What function is provided by Snort as part of the Security Onion?

    • to generate network intrusion alerts by the use of rules and signatures
    • to normalize logs from various NSM data logs so they can be represented, stored, and accessed through a common schema
    • to display full-packet captures for analysis
    • to view pcap transcripts generated by intrusion detection tools
      Answers Explanation & Hints:

      Snort is an open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) developed by Sourcefire. It has the ability to perform real time traffic analysis and packet logging on Internet Protocol (IP) networks and can also be used to detect probes or attacks.

  34. What are two drawbacks to using HIPS? (Choose two.)

    • HIPS has difficulty constructing an accurate network picture or coordinating events that occur across the entire network.
    • With HIPS, the network administrator must verify support for all the different operating systems used in the network.
    • With HIPS, the success or failure of an attack cannot be readily determined.
    • HIPS installations are vulnerable to fragmentation attacks or variable TTL attacks.
    • If the network traffic stream is encrypted, HIPS is unable to access unencrypted forms of the traffic.
  35. Which network monitoring technology uses VLANs to monitor traffic on remote switches?

    • IPS
    • IDS
    • TAP
    • RSPAN
      Answers Explanation & Hints:

      Remote SPAN (RSPAN) enables a network administrator to use the flexibility of VLANs to monitor traffic on remote switches

  36. In an AAA-enabled network, a user issues the configure terminal command from the privileged executive mode of operation. What AAA function is at work if this command is rejected?

    • authentication
    • auditing
    • authorization
    • accounting
      Answers Explanation & Hints:

      Authentication must ensure that devices or end users are legitimate. Authorization is concerned with allowing and disallowing authenticated users access to certain areas and programs on the network. The configure terminal command is rejected because the user is not authorized to execute the command.

  37. A company has a file server that shares a folder named Public. The network security policy specifies that the Public folder is assigned Read-Only rights to anyone who can log into the server while the Edit rights are assigned only to the network admin group. Which component is addressed in the AAA network service framework?

    • accounting
    • automation
    • authentication
    • authorization
      Answers Explanation & Hints:

      After a user is successfully authenticated (logged into the server), the authorization is the process of determining what network resources the user can access and what operations (such as read or edit) the user can perform.

  38. Which two features are included by both TACACS+ and RADIUS protocols? (Choose two.)

    • password encryption
    • separate authentication and authorization processes
    • SIP support
    • 802.1X support
    • utilization of transport layer protocols
      Answers Explanation & Hints:

      Both TACACS+ and RADIUS support password encryption (TACACS+ encrypts all communication) and use Layer 4 protocol (TACACS+ uses TCP and RADIUS uses UDP). TACACS+ supports separation of authentication and authorization processes, while RADIUS combines authentication and authorization as one process. RADIUS supports remote access technology, such as 802.1x and SIP; TACACS+ does not.

  39. What is a characteristic of a DMZ zone?

    • Traffic originating from the inside network going to the DMZ network is not permitted.
    • Traffic originating from the DMZ network going to the inside network is permitted.
    • Traffic originating from the inside network going to the DMZ network is selectively permitted.
    • Traffic originating from the outside network going to the DMZ network is selectively permitted.
      Answers Explanation & Hints:

      The characteristics of a DMZ zone are as follows:
      ​Traffic originating from the inside network going to the DMZ network is permitted.
      ​Traffic originating from the outside network going to the DMZ network is selectively permitted.
      Traffic originating from the DMZ network going to the inside network is denied.

  40. What are three characteristics of ASA transparent mode? (Choose three.)

    • The interfaces of the ASA separate Layer 3 networks and require IP addresses in different subnets.
    • This mode is referred to as a “bump in the wire.”
    • This mode does not support VPNs, QoS, or DHCP Relay.
    • It is the traditional firewall deployment mode.
    • In this mode the ASA is invisible to an attacker.
    • NAT can be implemented between connected networks.
  41. What technology has a function of using trusted third-party protocols to issue credentials that are accepted as an authoritative identity?

    • digital signatures
    • symmetric keys
    • PKI certificates
    • hashing algorithms
      Answers Explanation & Hints:

      Digital certificates are used to prove the authenticity and integrity of PKI certificates, but a PKI Certificate Authority is a trusted third-party entity that issues PKI certificates. PKI certificates are public information and are used to provide authenticity, confidentiality, integrity, and nonrepudiation services that can scale to large requirements.

  42. Which measure can a security analyst take to perform effective security monitoring against network traffic encrypted by SSL technology?

    • Deploy a Cisco ASA.
    • Require remote access connections through IPsec VPN.
    • Use a Syslog server to capture network traffic.
    • Deploy a Cisco SSL Appliance.
      Explanation & Hint:

      To effectively monitor network traffic that is encrypted by SSL (Secure Sockets Layer) or its successor TLS (Transport Layer Security), a security analyst would need to be able to decrypt the traffic for inspection before it is re-encrypted and sent to its destination. This is typically achieved using an SSL decryption appliance or service, which acts as an intermediary for SSL/TLS communications. Here’s how the measure aligns with the options provided:

      Deploy a Cisco SSL Appliance: This would be the correct approach. A Cisco SSL appliance, often referred to as a decryption appliance, can be used to intercept, decrypt, and inspect encrypted SSL/TLS network traffic. After inspection, the traffic is re-encrypted and sent to its final destination. This allows a security analyst to monitor for potential threats and data leakage within encrypted traffic.

      The other options have different primary security functions that do not directly address the monitoring of SSL/TLS encrypted traffic:

      • Require remote access connections through IPsec VPN: While this would secure remote connections, it does not facilitate the monitoring of SSL/TLS encrypted traffic within the network itself.
      • Deploy a Cisco ASA: Cisco Adaptive Security Appliance (ASA) is a security device that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities. While it can inspect some encrypted traffic with the proper configuration, its main function is not SSL/TLS decryption.
      • Use a Syslog server to capture network traffic: Syslog servers are used to collect logs from various network devices for monitoring and analysis. However, they do not decrypt SSL/TLS traffic; they are used for logging and do not handle the actual network traffic itself.

      Therefore, deploying an SSL decryption appliance is the best option among those listed for monitoring encrypted network traffic.

  43. Match the security technology with the description.

  44. Refer to the exhibit. Port security has been configured on the Fa 0/12 interface of switch S1. What action will occur when PC1 is attached to switch S1 with the applied configuration?

    Network Security (Version 1) - Network Security 1.0 Final Exam Answers 03
    Network Security (Version 1) – Network Security 1.0 Final Exam Answers 03
    • Frames from PC1 will be dropped, and there will be no log of the violation.
    • Frames from PC1 will be forwarded since the switchport port-security violation command is missing.
    • Frames from PC1 will be dropped, and a log message will be created.
    • Frames from PC1 will cause the interface to shut down immediately, and a log entry will be made.
    • Frames from PC1 will be forwarded to its destination, but a log entry will not be created.
    • Frames from PC1 will be forwarded to its destination, and a log entry will be created.
      Answers Explanation & Hints:

      Manual configuration of the single allowed MAC address has been entered for port fa0/12. PC1 has a different MAC address and when attached will cause the port to shut down (the default action), a log message to be automatically created, and the violation counter to increment. The default action of shutdown is recommended because the restrict option might fail if an attack is underway.

  45. What would be the primary reason an attacker would launch a MAC address overflow attack?

    • so that the attacker can see frames that are destined for other hosts
    • so that the attacker can execute arbitrary code on the switch
    • so that the switch stops forwarding traffic
    • so that legitimate hosts cannot obtain a MAC address
  46. What security countermeasure is effective for preventing CAM table overflow attacks?

    • port security
    • IP source guard
    • DHCP snooping
    • Dynamic ARP Inspection
      Answers Explanation & Hints:

      Port security is the most effective method for preventing CAM table overflow attacks. Port security gives an administrator the ability to manually specify what MAC addresses should be seen on given switch ports. It provides a method for limiting the number of MAC addresses that can be dynamically learned over a switch port.

  47. Which two types of hackers are typically classified as grey hat hackers? (Choose two.)

    • vulnerability brokers
    • state-sponsored hackers
    • script kiddies
    • hacktivists
    • cyber criminals
      Answers Explanation & Hints:

      Grey hat hackers may do unethical or illegal things, but not for personal gain or to cause damage. Hacktivists use their hacking as a form of political or social protest, and vulnerability brokers hack to uncover weaknesses and report them to vendors. Depending on the perspective one possesses, state-sponsored hackers are either white hat or black hat operators. Script kiddies create hacking scripts to cause damage or disruption. Cyber criminals use hacking to obtain financial gain by illegal means.

  48. What are two examples of DoS attacks? (Choose two.)

    • buffer overflow
    • SQL injection
    • ping of death
    • port scanning
    • phishing
      Answers Explanation & Hints:

      The buffer overflow and ping of death DoS attacks exploit system memory-related flaws on a server by sending an unexpected amount of data or malformed data to the server.

  49. Which zone-based policy firewall zone is system-defined and applies to traffic destined for the router or originating from the router?

    • system zone
    • outside zone
    • self zone
    • local zone
    • inside zone
  50. What are two benefits of using a ZPF rather than a Classic Firewall? (Choose two.)

    • Multiple inspection actions are used with ZPF.
    • ZPF allows interfaces to be placed into zones for IP inspection.
    • ZPF policies are easy to read and troubleshoot.
    • The ZPF is not dependent on ACLs.
    • With ZPF, the router will allow packets unless they are explicitly blocked.
      Answers Explanation & Hints:

      There are several benefits of a ZPF:
      – It is not dependent on ACLs.
      – The router security posture is to block unless explicitly allowed.
      – Policies are easy to read and troubleshoot with C3PL.
      – One policy affects any given traffic, instead of needing multiple ACLs and inspection actions.

  51. Place the steps for configuring zone-based policy (ZPF) firewalls in order from first to last. (Not all options are used.)

  52. Which method is used to identify interesting traffic needed to create an IKE phase 1 tunnel?

    • transform sets
    • a permit access list entry
    • hashing algorithms
    • a security association
  53. When the CLI is used to configure an ISR for a site-to-site VPN connection, which two items must be specified to enable a crypto map policy? (Choose two.)

    • a valid access list
    • encryption
    • the default ISAKMP policy number
    • IP addresses on all active interfaces
    • the peer
    • the IKE Phase 1 policy
      Answers Explanation & Hints:

      After the crypto map command in global configuration mode has been issued, the new crypto map will remain disabled until a peer and a valid access list have been configured.

  54. A network analyst is configuring a site-to-site IPsec VPN. The analyst has configured both the ISAKMP and IPsec policies. What is the next step?

    • Configure the hash as SHA and the authentication as pre-shared.
    • Apply the crypto map to the appropriate outbound interfaces.
    • Issue the show crypto ipsec sa command to verify the tunnel.
    • Verify that the security feature is enabled in the IOS.
  55. What will be the result of failed login attempts if the following command is entered into a router?

    login block-for 150 attempts 4 within 90

    • All login attempts will be blocked for 90 seconds if there are 4 failed attempts within 150 seconds.
    • All login attempts will be blocked for 150 seconds if there are 4 failed attempts within 90 seconds.
    • All login attempts will be blocked for 4 hours if there are 90 failed attempts within 150 seconds.
    • All login attempts will be blocked for 1.5 hours if there are 4 failed attempts within 150 seconds.
      Answers Explanation & Hints:

      The components of the login block-for 150 attempts 4 within 90 command are as follows:
      The expression block-for 150 is the time in seconds that logins will be blocked.
      The expression attempts 4 is the number of failed attempts that will trigger the blocking of login requests.
      The expression within 90 is the time in seconds in which the 4 failed attempts must occur.

  56. Which two tasks are associated with router hardening? (Choose two.)

    • disabling unused ports and interfaces
    • using uninterruptible power supplies
    • installing the maximum amount of memory possible
    • securing administrative access
    • placing the router in a secure room
  57. Match each IPS signature trigger category with the description.

    Network Security (Version 1) - Network Security 1.0 Final Exam Answers 003
    Network Security (Version 1) – Network Security 1.0 Final Exam Answers 003
  58. Which rule action will cause Snort IPS to block and log a packet?

    • log
    • drop
    • alert
    • Sdrop
      Answers Explanation & Hints:

      Snort IPS mode can perform all the IDS actions plus the following:
      – Drop – Block and log the packet.
      – Reject – Block the packet, log it, and then send a TCP reset if the protocol is TCP or an ICMP port unreachable message if the protocol is UDP.
      – Sdrop – Block the packet but do not log it.

  59. What are three attributes of IPS signatures? (Choose three.)

    • length
    • type
    • depth
    • action
    • trigger
    • function
      Answers Explanation & Hints:

      IPS signatures have three distinctive attributes:

      • type
      • trigger (alarm)
      • action
  60. Which attack is defined as an attempt to exploit software vulnerabilities that are unknown or undisclosed by the vendor?

    • man-in-the-middle
    • brute-force
    • Trojan horse
    • zero-day
  61. What are two disadvantages of using an IDS? (Choose two.)

    • The IDS does not stop malicious traffic.
    • The IDS has no impact on traffic.
    • The IDS requires other devices to respond to attacks.
    • The IDS works offline using copies of network traffic.
    • The IDS analyzes actual forwarded packets.
      Answers Explanation & Hints:

      The disadvantage of operating with mirrored traffic is that the IDS cannot stop malicious single-packet attacks from reaching the target before responding to the attack. Also, an IDS often requires assistance from other networking devices, such as routers and firewalls, to respond to an attack. An advantage of an IDS is that by working offline using mirrored traffic, it has no impact on traffic flow.

  62. Refer to the exhibit. The ip verify source command is applied on untrusted interfaces. Which type of attack is mitigated by using this configuration?​

    Network Security (Version 1) - Network Security 1.0 Final Exam Answers 06
    Network Security (Version 1) – Network Security 1.0 Final Exam Answers 06
    • DHCP starvation​
    • DHCP spoofing​
    • STP manipulation
    • MAC and IP address spoofing
      Answers Explanation & Hints:

      To protect against MAC and IP address spoofing, apply the IP Source Guard security feature, using the ip verify source command, on untrusted ports.

  63. What ports can receive forwarded traffic from an isolated port that is part of a PVLAN?

    • other isolated ports and community ports
    • all other ports within the same community
    • only promiscuous ports
    • only isolated ports
      Answers Explanation & Hints:

      PVLANs are used to provide Layer 2 isolation between ports within the same broadcast domain. The level of isolation can be specified
      with three types of PVLAN ports:
      – Promiscuous ports that can forward traffic to all other ports
      – Isolated ports that can only forward traffic to promiscuous ports
      – Community ports that can forward traffic to other community ports and promiscuous ports

  64. What is the best way to prevent a VLAN hopping attack?

    • Disable STP on all nontrunk ports.
    • Use ISL encapsulation on all trunk links.
    • Use VLAN 1 as the native VLAN on trunk ports.
    • Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports.
  65. When describing malware, what is a difference between a virus and a worm?

    Network Security (Version 1) - Network Security 1.0 Final Exam Answers 07
    Network Security (Version 1) – Network Security 1.0 Final Exam Answers 07
    • A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently.
    • A virus can be used to launch a DoS attack (but not a DDoS), but a worm can be used to launch both DoS and DDoS attacks.
    • A virus focuses on gaining privileged access to a device, whereas a worm does not.
    • A virus can be used to deliver advertisements without user consent, whereas a worm cannot.
      Answers Explanation & Hints:

      Malware can be classified as follows:
      Virus (self-replicates by attaching to another program or file)
      Worm (replicates independently of another program)
      Trojan horse (masquerades as a legitimate file or program)
      Rootkit (gains privileged access to a machine while concealing itself)
      Spyware (collects information from a target system)
      Adware (delivers advertisements with or without consent)
      Bot (waits for commands from the hacker)
      Ransomware (holds a computer system or data captive until payment isreceived)

  66. What are three characteristics of the RADIUS protocol? (Choose three.)

    • uses UDP ports for authentication and accounting
    • encrypts the entire body of the packet
    • is an open RFC standard AAA protocol
    • separates the authentication and authorization processes
    • supports 802.1X and SIP
    • utilizes TCP port 49
      Answers Explanation & Hints:

      RADIUS is an open-standard AAA protocol using UDP port 1645 or 1812 for authentication and UDP port 1646 or 1813 for accounting. It combines authentication and authorization into one process; thus, a password is encrypted for transmission while the rest of the packet will be sent in plain text. RADIUS offers the expedited service and more comprehensive accounting desired by remote-access providers but provides lower security and less potential for customization than TACACS+.

  67. Refer to the exhibit. A network administrator configures AAA authentication on R1. Which statement describes the effect of the keyword single-connection in the configuration?

    Network Security (Version 1) - Network Security 1.0 Final Exam Answers 08
    Network Security (Version 1) – Network Security 1.0 Final Exam Answers 08
    • R1 will open a separate connection to the TACACS+ server for each user authentication session.
    • The authentication performance is enhanced by keeping the connection to the TACACS+ server open.
    • The TACACS+ server only accepts one successful try for a user to authenticate with it.
    • R1 will open a separate connection to the TACACS server on a per source IP address basis for each authentication session.
      Answers Explanation & Hints:

      The single-connection keyword enhances TCP performance with TACACS+ by maintaining a single TCP connection for the life of the session. Without the single-connection keyword, a TCP connection is opened and closed per session.

  68. A user complains about being locked out of a device after too many unsuccessful AAA login attempts. What could be used by the network administrator to provide a secure authentication access method without locking a user out of a device?

    • Use the aaa local authentication attempts max-fail global configuration mode command with a higher number of acceptable failures.
    • Use the login delay command for authentication attempts.
    • Use the none keyword when configuring the authentication method list.
    • Use the login local command for authenticating user access.
      Answers Explanation & Hints:

      The login delay command introduces a delay between failed login attempts without locking the account​. This provides a user with unlimited attempts at accessing a device without causing the user account to become locked and thus requiring administrator intervention.

  69. Refer to the exhibit. A network administrator has configured NAT on an ASA device. What type of NAT is used?

    Network Security (Version 1) - Network Security 1.0 Final Exam Answers 09
    Network Security (Version 1) – Network Security 1.0 Final Exam Answers 09
    • bidirectional NAT
    • inside NAT
    • outside NAT
    • static NAT
      Answers Explanation & Hints:

      NAT can be deployed on an ASA using one of these methods:
      inside NAT – when a host from a higher-security interface has traffic destined for a lower-security interface and the ASA translates the internal host address to a global address
      outside NAT – when traffic from a lower-security interface destined for a host on the higher-security interface is translated
      bidirectional NAT – when both inside NAT and outside NAT are used together
      Because the nat command is applied so that the inside interface is mapped to the outside interface, the NAT type is inside. Also, the dynamic keyword in the nat command indicates that it is a dynamic mapping.

  70. What are two drawbacks in assigning user privilege levels on a Cisco router? (Choose two.)

    • Commands from a lower level are always executable at a higher level.
    • Assigning a command with multiple keywords allows access to all commands using those keywords.
    • Only a root user can add or remove commands.
    • Privilege levels must be set to permit access control to specific device interfaces, ports, or slots.
    • AAA must be enabled.
      Answers Explanation & Hints:

      Privilege levels may not provide desired flexibility and specificity because higher levels always inherit commands from lower levels, and commands with multiple keywords give the user access to all commands available for each keyword. Privilege levels cannot specify access control to interfaces, ports, or slots. AAA is not required to set privilege levels, but is required in order to create role-based views. The role of root user does not exist in privilege levels.

  71. What are two hashing algorithms used with IPsec AH to guarantee authenticity? (Choose two.)

    • RSA
    • AES
    • MD5
    • DH
    • SHA
      Answers Explanation & Hints:

      The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. Two popular algorithms used to ensure that data is not intercepted and modified (data integrity and authenticity) are MD5 and SHA.

  72. Refer to the exhibit. Which conclusion can be made from the show crypto map command output that is shown on R1?

    Network Security (Version 1) - Network Security 1.0 Final Exam Answers 10
    Network Security (Version 1) – Network Security 1.0 Final Exam Answers 10
    • The crypto map has not yet been applied to an interface.
    • There is a mismatch between the transform sets.
    • The tunnel configuration was established and can be tested with extended pings.
    • The current peer IP address should be 172.30.2.1.
      Answers Explanation & Hints:

      According to the show crypto map command output, all required SAs are in place, but no interface is currently using the crypto map. To complete the tunnel configuration, the crypto map has to be applied to the outbound interface of each router.

  73. What are two reasons to enable OSPF routing protocol authentication on a network? (Choose two.)​

    • to ensure more efficient routing
    • to ensure faster network convergence
    • to prevent data traffic from being redirected and then discarded
    • to prevent redirection of data traffic to an insecure link
    • to provide data security through encryption
      Answers Explanation & Hints:

      The reason to configure OSPF authentication is to mitigate against routing protocol attacks like redirection of data traffic to an insecure link, and redirection of data traffic to discard it. OSPF authentication does not provide faster network convergence, more efficient routing, or encryption of data traffic.

  74. Which three functions are provided by the syslog logging service? (Choose three.)

    • gathering logging information
    • setting the size of the logging buffer
    • distinguishing between information to be captured and information to be ignored
    • retaining captured messages on the router when a router is rebooted
    • specifying where captured information is stored
    • authenticating and encrypting data sent over the network
      Answers Explanation & Hints:

      Syslog operations include gathering information, selecting which type of information to capture, and directing the captured information to a storage location. The logging service stores messages in a logging buffer that is time-limited, and cannot retain the information when a router is rebooted. Syslog does not authenticate or encrypt messages.

  75. A recently created ACL is not working as expected. The admin determined that the ACL had been applied inbound on the interface and that was the incorrect direction. How should the admin fix this issue?

    • Delete the original ACL and create a new ACL, applying it outbound on the interface.
    • Add an association of the ACL outbound on the same interface.
    • Fix the ACE statements so that it works as desired inbound on the interface.
    • Remove the inbound association of the ACL on the interface and reapply it outbound.
  76. What two ICMPv6 message types must be permitted through IPv6 access control lists to allow resolution of Layer 3 addresses to Layer 2 MAC addresses? (Choose two.)

    • neighbor solicitations
    • router solicitations
    • router advertisements
    • neighbor advertisements
    • echo requests
    • echo replies
  77. A company implements a security policy that ensures that a file sent from the headquarters office to the branch office can only be opened with a predetermined code. This code is changed every day. Which two algorithms can be used to achieve this task? (Choose two.)

    • HMAC
    • AES
    • 3DES
    • SHA-1
    • MD5
      Answers Explanation & Hints:

      The task to ensure that only authorized personnel can open a file is data confidentiality, which can be implemented with encryption. AES and 3DES are two encryption algorithms. HMAC can be used for ensuring origin authentication. MD5 and SHA-1 can be used to ensure data integrity.

  78. Which three services are provided through digital signatures? (Choose three.)

    • authenticity
    • integrity
    • encryption
    • nonrepudiation
    • compression
    • accounting
      Answers Explanation & Hints:

      Digital signatures use a mathematical technique to provide three basic security services: Integrity; Authenticity; Nonrepudiation

  79. What are two methods to maintain certificate revocation status? (Choose two.)

    • DNS
    • LDAP
    • OCSP
    • subordinate CA
    • CRL
      Answers Explanation & Hints:

      A digital certificate might need to be revoked if its key is compromised or it is no longer needed. The certificate revocation list (CRL) and Online Certificate Status Protocol (OCSP), are two common methods to check a certificate revocation status.

  80. A technician is to document the current configurations of all network devices in a college, including those in off-site buildings. Which protocol would be best to use to securely access the network devices?

    • HTTP
    • FTP
    • Telnet
    • SSH
      Answers Explanation & Hints:

      Telnet sends passwords and other information in clear text, while SSH encrypts its data. FTP and HTTP do not provide remote device access for configuration purposes.

  81. How does a firewall handle traffic when it is originating from the private network and traveling to the DMZ network?

    • The traffic is usually permitted with little or no restrictions.
    • The traffic is usually blocked.
    • The traffic is selectively permitted and inspected.
    • The traffic is selectively denied based on service requirements.
      Answers Explanation & Hints:

      With a three interface firewall design that has internal, external, and DMZ connections, typical configurations include the following:
      – Traffic originating from DMZ destined for the internal network is normally blocked.
      – Traffic originating from the DMZ destined for external networks is typically permitted based on what services are being used in the DMZ.
      – Traffic originating from the internal network destined from the DMZ is normally inspected and allowed to return.
      – Traffic originating from external networks (the public network) is typically allowed in the DMZ only for specific services.

  82. Which two protocols generate connection information within a state table and are supported for stateful filtering? (Choose two.)

    • UDP
    • DHCP
    • TCP
    • HTTP
    • ICMP
  83. What are two security measures used to protect endpoints in the borderless network? (Choose two.)

    • denylisting
    • Snort IPS
    • DLP
    • DMZ
    • rootkit
      Answers Explanation & Hints:

      Measure Purpose
      antimalware software Protect endpoints from malware.
      spam filtering Prevent spam emails from reaching endpoints.
      blocklisting Prevent endpoints from connecting to websites with bad reputations by immediately blocking connections based on the latest reputation intelligence.
      data loss prevention (DLP) Prevent sensitive information from being lost or stolen.

       

  84. An administrator is trying to develop a BYOD security policy for employees that are bringing a wide range of devices to connect to the company network. Which three objectives must the BYOD security policy address? (Choose three.)

    • Rights and activities permitted on the corporate network must be defined.
    • The level of access of employees when connecting to the corporate network must be defined.
    • All devices should be allowed to attach to the corporate network flawlessly.
    • All devices must be insured against liability if used to compromise the corporate network.
    • All devices must have open authentication with the corporate network.
    • Safeguards must be put in place for any personal device being compromised.
  85. How do modern cryptographers defend against brute-force attacks?

    • Use an algorithm that requires the attacker to have both ciphertext and plaintext to conduct a successful attack.
    • Use a keyspace large enough that it takes too much money and too much time to conduct a successful attack.
    • Use frequency analysis to ensure that the most popular letters used in the language are not used in the cipher message.
    • Use statistical analysis to eliminate the most common encryption keys.
      Answers Explanation & Hints:

      In a brute-force attack, an attacker tries every possible key with the decryption algorithm knowing that eventually one of them will work. To defend against the brute-force attacks, modern cryptographers have as an objective to have a keyspace (a set of all possible keys) large enough so that it takes too much money and too much time to accomplish a brute-force attack. A security policy requiring passwords to be changed in a predefined interval further defend against the brute-force attacks. The idea is that passwords will have been changed before an attacker exhausts the keyspace.

  86. What is the main factor that ensures the security of encryption of modern algorithms?

    • secrecy of the keys
    • the use of 3DES over AES
    • secrecy of the algorithm
    • complexity of the hashing algorithm
      Answers Explanation & Hints:

      With most modern algorithms, successful decryption requires knowledge of the appropriate cryptographic keys. This means that the security of encryption lies in the secrecy of the keys, not the algorithm.

  87. What are the three core components of the Cisco Secure Data Center solution? (Choose three.)

    • threat defense
    • servers
    • visibility
    • mesh network
    • infrastructure
    • secure segmentation
      Answers Explanation & Hints:

      Secure segmentation is used when managing and organizing data in a data center. Threat defense includes a firewall and intrusion prevention system (IPS). Data center visibility is designed to simplify operations and compliance reporting by providing consistent security policy enforcement.

  88. What is the function of the pass action on a Cisco IOS Zone-Based Policy Firewall?

    • inspecting traffic between zones for traffic control
    • forwarding traffic from one zone to another
    • logging of rejected or dropped packets
    • tracking the state of connections between zones
      Answers Explanation & Hints:

      The pass action performed by Cisco IOS ZPF permits forwarding of traffic in a manner similar to the permit statement in an access control list.

  89. Refer to the exhibit. Based on the security levels of the interfaces on ASA1, what traffic will be allowed on the interfaces?

    Network Security (Version 1) - Network Security 1.0 Final Exam Answers 11
    Network Security (Version 1) – Network Security 1.0 Final Exam Answers 11
    • Traffic from the Internet and LAN can access the DMZ.
    • Traffic from the Internet can access both the DMZ and the LAN.
    • Traffic from the Internet and DMZ can access the LAN.
    • Traffic from the LAN and DMZ can access the Internet.
      Answers Explanation & Hints:

      ASA devices have security levels assigned to each interface that are not part of a configured ACL. These security levels allow traffic from more secure interfaces, such as security level 100, to access less secure interfaces, such as level 0. By default, they allow traffic from more secure interfaces (higher security level) to access less secure interfaces (lower security level). Traffic from the less secure interfaces is blocked from accessing more secure interfaces.

  90. What network testing tool can be used to identify network layer protocols running on a host?

    • SIEM
    • Tripwire
    • L0phtcrack
    • Nmap
  91. What characteristic of the Snort term-based subscriptions is true for both the community and the subscriber rule sets?

    • Both have a 30-day delayed access to updated signatures.
    • Both use Cisco Talos to provide coverage in advance of exploits.
    • Both are fully supported by Cisco and include Cisco customer support.
    • Both offer threat protection against security threats.
      Answers Explanation & Hints:

      There are two types of term-based subscriptions:

      – Community Rule Set – Available for free, this subscription offers limited coverage against threats. The community rule set focuses on reactive response to security threats versus proactive research work. There is also a 30-day delayed access to updated signatures meaning that newest rule will be a minimum of 30 days old. In addition, there is no Cisco customer support available.
      – Subscriber Rule Set – Available for a fee, this service provides the best protection against threats. It includes coverage of advance exploits by using the research work of the Cisco Talos security experts. The Subscriber Rule Set also provides the fastest access to updated signatures in response to a security incident or the proactive discovery of a new threat. This subscription is fully supported by Cisco.

  92. Match the IPS alarm type to the description.

  93. What are the three signature levels provided by Snort IPS on the 4000 Series ISR? (Choose three.)

    • inspect
    • balanced
    • security
    • reject
    • connectivity
    • drop
  94. A network administrator is configuring DAI on a switch. Which command should be used on the uplink interface that connects to a router?

    • ip dhcp snooping
    • ip arp inspection trust
    • ip arp inspection vlan
    • spanning-tree portfast
      Answers Explanation & Hints:

      In general, a router serves as the default gateway for the LAN or VLAN on the switch. Therefore, the uplink interface that connects to a router should be a trusted port for forwarding ARP requests

  95. A security analyst is configuring Snort IPS. The analyst has just downloaded and installed the Snort OVA file. What is the next step?

    • Verify Snort IPS.
    • Configure Virtual Port Group interfaces.
    • Enable IPS globally or on desired interfaces.
    • Activate the virtual services.
      Answers Explanation & Hints:

      To deploy Snort IPS on supported devices, perform the following steps:
      – Step 1. Download the Snort OVA file.
      – Step 2. Install the OVA file.
      – Step 3. Configure Virtual Port Group interfaces.
      – Step 4. Activate the virtual services.
      – Step 5. Configure Snort specifics.
      – Step 6. Enable IPS globally or on desired interfaces.
      – Step 7. Verify Snort IPS.

  96. In the implementation of security on multiple devices, how do ASA ACLs differ from Cisco IOS ACLs?

    • Cisco IOS ACLs are configured with a wildcard mask and Cisco ASA ACLs are configured with a subnet mask.
    • Cisco IOS routers utilize both named and numbered ACLs and Cisco ASA devices utilize only numbered ACLs.
    • Cisco IOS ACLs utilize an implicit deny all and Cisco ASA ACLs end with an implicit permit all.
    • Cisco IOS ACLs are processed sequentially from the top down and Cisco ASA ACLs are not processed sequentially.
      Answers Explanation & Hints:

      The Cisco IOS ACLs are configured with a wildcard mask and the Cisco ASA ACLs are configured with a subnet mask. Both devices use an implicit deny, top down sequential processing, and named or numbered ACLs.

  97. The security policy in a company specifies that employee workstations can initiate HTTP and HTTPS connections to outside websites and the return traffic is allowed. However, connections initiated from outside hosts are not allowed. Which parameter can be used in extended ACLs to meet this requirement?

    • dscp
    • precedence
    • eq
    • established
  98. What network security testing tool has the ability to provide details on the source of suspicious network activity?

    • Zenmap
    • Tripwire
    • SIEM
    • SuperScan
  99. A researcher is comparing the differences between a stateless firewall and a proxy firewall. Which two additional layers of the OSI model are inspected by a proxy firewall? (Choose two.)

    • Layer 3
    • Layer 4
    • Layer 5
    • Layer 6
    • Layer 7
      Answers Explanation & Hints:

      Packet filtering firewalls are usually part of a router firewall, which permits or denies traffic based on Layer 3 and Layer 4 information. They are stateless firewalls that use a simple policy table look-up that filters traffic based on specific criteria.

  100. What is the next step in the establishment of an IPsec VPN after IKE Phase 1 is complete?

    • authentication of peers
    • negotiation of the ISAKMP policy
    • detection of interesting traffic
    • negotiation of the IPsec SA policy
      Answers Explanation & Hints:

      Establishing an IPsec tunnel involves five steps:
      detection of interesting traffic defined by an ACL
      IKE Phase 1 in which peers negotiate ISAKMP SA policy
      IKE Phase 2 in which peers negotiate IPsec SA policy
      Creation of the IPsec tunnel
      Termination of the IPsec tunnel

  101. Refer to the exhibit. A network administrator is configuring a VPN between routers R1 and R2. Which commands would correctly configure a pre-shared key for the two routers?

    Network Security (Version 1) - Network Security 1.0 Final Exam Answers 12
    Network Security (Version 1) – Network Security 1.0 Final Exam Answers 12
    • R1(config)# username R2 password 5tayout!
      R2(config)# username R1 password 5tayout!
    • R1(config)# crypto isakmp key 5tayout! address 64.100.0.2
      R2(config)# crypto isakmp key 5tayout! address 64.100.0.1
    • R1(config)# crypto isakmp key 5tayout! hostname R1
      R2(config)# crypto isakmp key 5tayout! hostname R2
    • R1(config-if)# ppp pap sent-username R1 password 5tayout!
      R2(config-if)# ppp pap sent-username R2 password 5tayout!
  102. Which protocol is an IETF standard that defines the PKI digital certificate format?

    • X.509
    • LDAP
    • SSL/TLS
    • X.500
      Answers Explanation & Hints:

      To address the interoperability of different PKI vendors, IETF published the Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (RFC 2527). The standard defines the format of a digital certificate.

  103. Which two options are security best practices that help mitigate BYOD risks? (Choose two.)

    • Keep the device OS and software updated.
    • Only allow devices that have been approved by the corporate IT team.
    • Use paint that reflects wireless signals and glass that prevents the signals from going outside the building.
    • Use wireless MAC address filtering.
    • Only turn on Wi-Fi when using the wireless network.
    • Decrease the wireless antenna gain level.
      Answers Explanation & Hints:

      Many companies now support employees and visitors attaching and using wireless devices that connect to and use the corporate wireless network. This practice is known as a bring-your-own-device policy or BYOD. Commonly, BYOD security practices are included in the security policy. Some best practices that mitigate BYOD risks include the following:
      Use unique passwords for each device and account.
      Turn off Wi-Fi and Bluetooth connectivity when not being used. Only connect to trusted networks.
      Keep the device OS and other software updated.
      Backup any data stored on the device.
      Subscribe to a device locator service with a remote wipe feature.
      Provide antivirus software for approved BYODs.
      Use Mobile Device Management (MDM) software that allows IT teams to track the device and implement security settings and software controls.

  104. Which two options can limit the information discovered from port scanning? (Choose two.)

    • passwords
    • intrusion prevention system
    • firewall
    • authentication
    • encryption
      Answers Explanation & Hints:

      Using an intrusion prevention system (IPS) and firewall can limit the information that can be discovered with a port scanner. Authentication, encryption, and passwords provide no protection from loss of information from port scanning.

  105. Match the security term to the appropriate description. (Not all options are used.)

  106. Which statement describes an important characteristic of a site-to-site VPN?

    • It is ideally suited for use by mobile workers.
    • After the initial connection is established, it can dynamically change connection information.
    • It requires using a VPN client on the host PC.
    • It is commonly implemented over dialup and cable modem networks.
    • It must be statically set up.
      Answers Explanation & Hints:

      A site-to-site VPN is created between the network devices of two separate networks. The VPN is static and stays established. The internal hosts of the two networks have no knowledge of the VPN.

  107. Refer to the exhibit. Which statement is true about the effect of this Cisco IOS zone-based policy firewall configuration?

    Network Security (Version 1) - Network Security 1.0 Final Exam Answers 13
    Network Security (Version 1) – Network Security 1.0 Final Exam Answers 13
    • The firewall will automatically drop all HTTP, HTTPS, and FTP traffic.
    • The firewall will automatically allow HTTP, HTTPS, and FTP traffic from s0/0/0 to g0/0 and will track the connections. Tracking the connection allows only return traffic to be permitted through the firewall in the opposite direction.
    • The firewall will automatically allow HTTP, HTTPS, and FTP traffic from s0/0/0 to g0/0, but will not track the state of connections. A corresponding policy must be applied to allow return traffic to be permitted through the firewall in the opposite direction.
    • The firewall will automatically allow HTTP, HTTPS, and FTP traffic from g0/0 to s0/0/0 and will track the connections. Tracking the connection allows only
    • return traffic to be permitted through the firewall in the opposite direction.
      The firewall will automatically allow HTTP, HTTPS, and FTP traffic from g0/0 to s0/0/0, but will not track the state of connections. A corresponding policy must be applied to allow return traffic to be permitted through the firewall in the opposite direction.
  108. What provides both secure segmentation and threat defense in a Secure Data Center solution?

    • Cisco Security Manager software
    • Adaptive Security Appliance
    • intrusion prevention system
    • AAA server
  109. What function is provided by the RADIUS protocol?

    • RADIUS provides encryption of the complete packet during transfer.
    • RADIUS provides separate AAA services.
    • RADIUS provides secure communication using TCP port 49.
    • RADIUS provides separate ports for authorization and accounting.
      Answers Explanation & Hints:

      When an AAA user is authenticated, RADIUS uses UDP port 1645 or 1812 for authentication and UDP port 1646 or 1813 for accounting. TACACS provides separate authorization and accounting services. When a RADIUS client is authenticated, it is also authorized. TACACS provides secure connectivity using TCP port 49. RADIUS hides passwords during transmission and does not encrypt the complete packet.

  110. Which privilege level has the most access to the Cisco IOS?

    • level 0
    • level 15
    • level 7
    • level 16
    • level 1
  111. Refer to the exhibit. A corporate network is using NTP to synchronize the time across devices. What can be determined from the displayed output?

    Network Security (Version 1) - Network Security 1.0 Final Exam Answers 14
    Network Security (Version 1) – Network Security 1.0 Final Exam Answers 14
    • Router03 is a stratum 2 device that can provide NTP service to other devices in the network.
    • The interface on Router03 that connects to the time sever has the IPv4 address 209.165.200.225.
    • Router03 time is synchronized to a stratum 2 time server.
    • The time on Router03 may not be reliable because it is offset by more than 7 seconds to the time server.
Subscribe
Notify of
guest
3 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments