Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Networking Security > 1.3 > Flashcards

1.3 Flashcards

1
Q
  1. An administrator assigned a level of router access to the user ADMIN using the commands below.
    Router(config)# privilege exec level 14 show ip route
    Router(config)# enable algorithm-type scrypt secret level 14 cisco-level-10
    Router(config)# username ADMIN privilege 14 algorithm-type scrypt secret cisco-level-10

Which two actions are permitted to the user ADMIN? (Choose two.)
The user can execute all subcommands under the show ip interfaces command.
The user can issue the show version command.
The user can only execute the subcommands under the show ip route command.
The user can issue all commands because this privilege level can execute all Cisco IOS commands.
The user can issue the ip route command.

A

The user can execute all subcommands under the show ip interfaces command.
The user can issue the show version command.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q 
42.	What mechanism is used by an ASA 5505 device to allow inspected outbound traffic to return to the originating sender who is on an inside network?
Network Address Translation
access control lists
security zones
stateful packet inspection
A

stateful packet inspection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q 
43.	Which two end points can be on the other side of an ASA site-to-site VPN configured using ASDM? (Choose two.)
DSL switch
Frame Relay switch
ISR router
another ASA
multilayer switch
A

ISR router

another ASA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
44.	What Layer 2 attack is mitigated by disabling Dynamic Trunking Protocol?
DHCP spoofing
ARP spoofing
VLAN hopping
ARP poisoning
A

VLAN hopping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q 
45.	In an AAA-enabled network, a user issues the configure terminal command from the privileged executive mode of operation. What AAA function is at work if this command is rejected?
authorization
authentication
auditing
accounting
A

authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. An organization has configured an IPS solution to use atomic alerts. What type of response will occur when a signature is detected?
    A counter starts and a summary alert is issued when the count reaches a preconfigured number.
    The TCP connection is reset.
    An alert is triggered each time a signature is detected.
    The interface that triggered the alert is shutdown.
A

An alert is triggered each time a signature is detected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q 
47.	What two algorithms can be part of an IPsec policy to provide encryption and hashing to protect interesting traffic? (Choose two.)
PSK
DH
RSA
AES
SHA
A

AES

SHA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Fill in the blank.

A stateful signature is also known as a ________signature.

A

Composite

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Why is hashing cryptographically stronger compared to a cyclical redundancy check (CRC)?
    Hashes are never sent in plain text.
    It is easy to generate data with the same CRC.
    It is virtually impossible for two different sets of data to calculate the same hash output.
    Hashing always uses a 128-bit digest, whereas a CRC can be variable length.
A

It is virtually impossible for two different sets of data to calculate the same hash output.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q 
50.	A network analyst wants to monitor the activity of all new interns. Which type of security testing would track when the interns sign on and sign off the network?
vulnerability scanning
password cracking
network scanning
integrity checker
A

integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Refer to the exhibit. What two pieces of information can be gathered from the generated message? (Choose two.)
This message is a level five notification message.
This message indicates that service timestamps have been globally enabled.
This message indicates that enhanced security was configured on the vty ports.
This message appeared because a major error occurred that requires immediate action.
This message appeared because a minor error occurred that requires further investigation.

A

This message is a level five notification message.

This message indicates that service timestamps have been globally enabled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. What is required for auto detection and negotiation of NAT when establishing a VPN link?
    Both VPN end devices must be configured for NAT.
    No ACLs can be applied on either VPN end device.
    Both VPN end devices must be NAT-T capable.
    Both VPN end devices must be using IPv6.
A

Both VPN end devices must be NAT-T capable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Refer to the exhibit. The network administrator is configuring the port security feature on switch SWC. The administrator issued the command show port-security interface fa 0/2 to verify the configuration. What can be concluded from the output that is shown? (Choose three.)
Three security violations have been detected on this interface.
This port is currently up.
The port is configured as a trunk link.
Security violations will cause this port to shut down immediately.
There is no device currently connected to this port.
The switch port mode for this interface is access mode.

A

This port is currently up.
Security violations will cause this port to shut down immediately.
The switch port mode for this interface is access mode.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. In which two instances will traffic be denied as it crosses the ASA 5505 device? (Choose two.)
    traffic originating from the inside network going to the DMZ network
    traffic originating from the inside network going to the outside network
    traffic originating from the outside network going to the DMZ network
    traffic originating from the DMZ network going to the inside network
    traffic originating from the outside network going to the inside network
A

traffic originating from the DMZ network going to the inside network
traffic originating from the outside network going to the inside network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Refer to the exhibit. Based on the configuration that is shown, which statement is true about the IPS signature category?
    Only signatures in the ios_ips advanced category will be compiled into memory for scanning.
    All signatures categories will be compiled into memory for scanning, but only those signatures within the ios ips advanced category will be used for scanning purposes.
    All signature categories will be compiled into memory for scanning, but only those signatures in the ios_ips basic category will be used for scanning purposes.
    Only signatures in the ios_ips basic category will be compiled into memory for scanning.
A

Only signatures in the ios_ips basic category will be compiled into memory for scanning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Which two ports can send and receive Layer 2 traffic from a community port on a PVLAN? (Choose two.)
    community ports belonging to other communities
    promiscuous ports
    isolated ports within the same community
    PVLAN edge protected ports
    community ports belonging to the same community
A

promiscuous ports

community ports belonging to the same community

17
Q
  1. What is a feature of the TACACS+ protocol?
    It utilizes UDP to provide more efficient packet transfer.
    It combines authentication and authorization as one process.
    It encrypts the entire body of the packet for more secure communications.
    It hides passwords during transmission using PAP and sends the rest of the packet in plaintext.
A

It encrypts the entire body of the packet for more secure communications.

18
Q
  1. Which security measure is best used to limit the success of a reconnaissance attack from within a campus area network?
    Implement restrictions on the use of ICMP echo-reply messages.
    Implement a firewall at the edge of the network.
    Implement access lists on the border router.
    Implement encryption for sensitive traffic.
A

Implement encryption for sensitive traffic.

19
Q
  1. What is the benefit of the network-based IPS (NIPS) over host-based IPS (HIPS) deployment models?
    NIPS provides individual host protection.
    NIPS relies on centrally managed software agents.
    NIPS monitors all operations within an operating system.
    NIPS monitors network segments.
A

NIPS monitors network segments.

20
Q
  1. What represents a best practice concerning discovery protocols such as CDP and LLDP on network devices?
    LLDP on network devices?
    Enable CDP on edge devices, and enable LLDP on interior devices.
    Use the default router settings for CDP and LLDP.
    Use the open standard LLDP rather than CDP.
    Disable both protocols on all interfaces where they are not required.
A

Disable

Networking Security (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions