Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Networking Security > 1.4 > Flashcards

1.4 Flashcards

1
Q 
61.	What function is provided by the Tripwire network security tool?
password recovery
security policy compliance
IDS signature development
logging of security events
A

policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q 
62.	What is the function of a policy map configuration when an ASA firewall is being configured?
binding class maps with actions
identifying interesting traffic
binding a service policy to an interface
using ACLs to match traffic
A

binding class maps with actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q 
63.	If a network administrator wants to track the usage of FTP services, which keyword or keywords should be added to the aaa accounting command?
exec default
connection
exec
network
A

exec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is indicated by the use of the local-case keyword in a local AAA authentication configuration command sequence?
That AAA is enabled globally on the router.
That passwords and usernames are case-sensitive.
That a default local database AAA authentication is applied to all lines.
That user access is limited to vty terminal lines.

A

That passwords and usernames are case-sensitive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. What is the purpose of a local username database if multiple ACS servers are configured to provide authentication services?
    Clients using internet services are authenticated by ACS servers, whereas local clients are authenticated through a local username database.
    Each ACS server must be configured with a local username database in order to provide authentication services.
    A local username database is required when creating a method list for the default login.
    A local username database provides redundancy if ACS servers become unreachable.
A

unreachable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Refer to the exhibit. Based on the security levels of the interfaces on ASA1, what traffic will be allowed on the interfaces?
Traffic from the Internet and LAN can access the DMZ.
Traffic from the Internet and DMZ can access the LAN.
Traffic from the Internet can access both the DMZ and the LAN.
Traffic from the LAN and DMZ can access the Internet.

A

Traffic from the LAN and DMZ can access the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. What are two reasons to enable OSPF routing protocol authentication on a network? (Choose two.)
    to ensure more efficient routing
    to prevent data traffic from being redirected and then discarded
    to ensure faster network convergence
    to prevent redirection of data traffic to an insecure link
    to provide data security through encryption
A

to prevent data traffic from being redirected and then discarded
to prevent redirection of data traffic to an insecure link

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. A security awareness session is best suited for which topic?
    required steps when reporting a breach of security
    the primary purpose and use of password policies
    steps used to configure automatic Windows updates
    how to install and maintain virus protection
A

when

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
69.	What provides both secure segmentation and threat defense in a Secure Data Center solution?
Cisco Security Manager software
AAA server
Adaptive Security Appliance
intrusion prevention system
A

Adaptive Security Appliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q 
70.	Which two features should be configured on end-user ports in order to prevent STP manipulation attacks? ( Choose two.)
root guard
UDLD
BPDU guard
loop guard
PortFast
A

BPDU guard

PortFast

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. What is a characteristic of most modern viruses?
    They are usually found attached to online games.
    Email viruses are the most common type of them.
    They replicate themselves and locate new targets.
    They are responsible for some of the most destructive internet attacks.
A

Email viruses are the most common type of them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. Which statement describes a characteristic of the Security Device Event Exchange (SDEE) feature supported by the Cisco IOS IPS?
    SDEE notification is disabled by default. It does not receive and process events from the Cisco IOS IPS unless SDEE notification is enabled.
    SDEE notification is enabled by default. It receives and processes events from the Cisco IOS IPS and sends them to a syslog server.
    SDEE notification is enabled by default. It receives and processes events from the Cisco IOS IPS and stores them in a buffer.
    SDEE notification is disabled by default. It starts receiving and processing events from the Cisco IOS IPS as soon as an attack signature is detected.
A

SDEE notification is disabled by default. It does not receive and process events from the Cisco IOS IPS unless SDEE notification is enabled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q 
73.	Which network security tool allows an administrator to test and detect weak passwords?
L0phtcrack
Tripwire
Nessus
Metasploit
A

L0phtcrack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. What is an advantage of logging packets that are seen by an IPS device?
    Packets from the IP address that triggered the logging are denied once logging begins.
    Administrators can decide what actions can be taken in the future.
    Administrators can use the brief summary that is generated to quickly determine how to handle the packets.
    Attacker packets can be stopped immediately.
A

Administrators can decide what actions can be taken in the future.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q 
75.	Which procedure is recommended to mitigate the chances of ARP spoofing?
Enable DHCP snooping on selected VLANs.
Enable IP Source Guard on trusted ports.
Enable DAI on the management VLAN.
Enable port security globally.
A

DAI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q 
76.	In a server-based AAA implementation, which protocol will allow the router to successfully communicate with the AAA server?
RADIUS
802.1x
SSH
TACACS
A

RADIUS

17
Q 
77.	A network technician is attempting to resolve problems with the NAT configuration on anASA. The technician generates a ping from an inside host to an outside host. Whichcommand verifies that addresses are being translated on the ASA?
show ip nat translation
show running-config
show xlate
show ip address
A

show xlate

18
Q 
78.	What are three components of a technical security policy? (Choose three.)
human resource policy
acceptable use policy
remote access policy
identity policy
network access policy
end user policy
A

acceptable use policy
remote access policy
network access policy

19
Q 
79.	Which security policy outlines the overall security goals for managers and technical personnel within an organization and includes the consequences of noncompliance with the policy?
end-user policy
application policy
governing policy
technical policy
A

governing policy

20
Q
  1. What is a secure configuration option for remote access to a network device?

Configure 802.1x.
Configure Telnet.
Configure SSH.
Configure an ACL and apply it to the VTY lines.

A

Configure SSH.

Networking Security (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions