CCNP SCOR Book Terms

Question 1

______________ is a security technology that actively monitors network or system activities to detect and prevent unauthorized access, attacks, or malicious activities. It works by analyzing traffic patterns and taking action to block or mitigate threats in real-time.

Answer 1

Intrusion Prevention (IPS)

Question 2

______________ are devices or systems that monitor network traffic and system behavior to detect potential security threats or intrusions. These sensors are part of Intrusion Detection and Prevention Systems (IDPS).

Answer 2

Intrusion Sensors

Question 3

______________ refers to how and where intrusion sensors are positioned within a network. Common deployment modes include inline (in the data path), passive (monitoring only), and TAP (Test Access Point) mode.

Answer 3

Sensors Deployment Mode

Question 4

______________ are intrusion sensors placed at various points within a network to monitor and analyze network traffic for signs of intrusions or threats.

Answer 4

Network-Based Sensors

Question 5

______________ are installed on individual host systems (such as servers or endpoints) to monitor the behavior and security of those hosts.

Answer 5

Host-Based Sensors

Question 6

______________ are methods and techniques used to identify and classify security threats and attacks, such as signature-based detection, anomaly-based detection, and behavior-based detection.

Answer 6

Attack Detection Strategies

Question 7

______________ refers to the protection of data and information from threats and vulnerabilities, including measures to prevent unauthorized access, data leakage, and content-based attacks.

Answer 7

Content Security

Question 8

______________ focuses on securing individual devices (endpoints) such as computers, mobile devices, and servers from various threats, including malware, unauthorized access, and data breaches.

Answer 8

Endpoint Security

Question 9

______________ is any software designed to harm, exploit, or compromise the security of a computer system. Common types of malware include viruses, worms, Trojans, and spyware.

Answer 9

Malware (Malicious Software)

Question 10

______________ is an IEEE standard for port-based network access control. It provides authentication and authorization mechanisms for controlling access to network resources.

Answer 10

802.1x

Question 11

______________ refers to the flow of email messages within an email system, including sending, receiving, routing, and processing emails.

Answer 11

Email Pipeline

Question 12

A ______________ is a visual representation of ideas, concepts, or information arranged in a hierarchical and interconnected manner. It is often used for brainstorming, organizing thoughts, or summarizing complex topics.

Answer 12

Mind-Map

Question 13

______________ is a security appliance used for email security, including features like spam filtering, malware detection, email encryption, and email content filtering.

Answer 13

Cisco ESA (Email Security Appliance)

Question 14

______________ refers to techniques and tactics used by attackers to bypass or evade email security measures, such as spam filters or antivirus scanners.

Answer 14

Email Security Evasion

Question 15

______________ is the process of encoding email messages to protect their contents from unauthorized access. It ensures that only the intended recipient can read the email.

Answer 15

Email Encryption

Question 16

______________ are security threats that originate from web-based sources, including malicious websites, phishing sites, and web-based malware distribution.

Answer 16

Web-Based Threats

Question 17

______________ refer to the capabilities and functions of a Web Security Appliance, which is used to enforce web security policies, filter web content, and protect against web-based threats.

Answer 17

WSA Features (Web Security Appliance)

Question 18

______________ is a protocol used to redirect web traffic for caching and security purposes. It allows network devices to intercept and redirect web traffic to a caching or security appliance.

Answer 18

Web Cache Communications Protocol (WCCP)

Question 19

______________ is a cloud-based web security solution that provides web content filtering, threat protection, and visibility for web traffic.

Answer 19

Cisco Cloud Web Security

Question 20

______________ are components that facilitate the integration of Cisco Cloud Web Security with on-premises network infrastructure.

Answer 20

Cisco CWS Connectors

Question 21

______________ are a type of malware that attaches itself to a legitimate program or file and spreads when the infected program is executed. Viruses can cause various forms of damage to a computer system.

Answer 21

Viruses

Question 22

______________ are self-replicating malware that spread across networks and systems without the need for user intervention. They can propagate rapidly and cause widespread disruptions.

Answer 22

Worms

Question 23

In a security context, a “______________” typically refers to a malicious or harmful piece of code or script that triggers a destructive action when activated.

Answer 23

Bomb

Question 24

A ______________ is a type of malware that disguises itself as a legitimate or benign program but, when executed, performs malicious actions without the user’s knowledge.

Answer 24

Horses (Trojan Horses), or simply “Trojan”

Question 25

______________ are hidden or unauthorized access points in a computer system or software that allow attackers to gain entry and control the system.

Answer 25

Backdoors

Question 26

______________ are software or techniques used to take advantage of vulnerabilities or weaknesses in computer systems, applications, or networks for malicious purposes.

Answer 26

Exploits

Question 27

______________ are software or hardware devices that record keystrokes on a computer or mobile device, often used to capture sensitive information like passwords.

Answer 27

Key Loggers

Question 28

______________ are stealthy malware that provide unauthorized access to a computer or network while concealing their presence. They often tamper with system functions and are difficult to detect.

Answer 28

Rootkits

Question 29

______________ is a type of malware that encrypts a victim’s files and demands a ransom payment in exchange for a decryption key to restore access to the files.

Answer 29

Ransomware

Question 30

______________ refers to software or tools designed to detect, prevent, and remove various forms of malware from computer systems.

Answer 30

Antimalware

Question 31

______________ software is a subset of antimalware that specifically focuses on detecting and preventing computer viruses.

Answer 31

Antivirus

Question 32

______________ is a security system or software that monitors and analyzes the behavior of applications and processes running on a host (such as an endpoint) to detect and prevent unauthorized or malicious activities.

Answer 32

HIPS (Host Intrusion Prevention System)

Question 33

______________ is the process of converting plaintext data into ciphertext to protect it from unauthorized access. It ensures that only authorized parties can decrypt and access the data.

Answer 33

Data Encryption

Question 34

______________ are secure communication tunnels that allow users to access a private network over a public network (typically the internet). They provide encryption and privacy for data transmission.

Answer 34

VPNs (Virtual Private Networks)

Question 35

______________ is the science of securing communication and data through mathematical techniques, including encryption and decryption.

Answer 35

Cryptography

Question 36

______________ is a process of converting data (such as passwords) into a fixed-length string of characters, which is often used for data verification and security.

Answer 36

Hashing

Question 37

______________ is a type of encryption where the same key is used for both encryption and decryption. It is often faster but requires secure key distribution.

Answer 37

Symmetric Encryption

Question 38

______________ (or Public-Key Cryptography) uses a pair of public and private keys for encryption and decryption. It provides secure key exchange and digital signatures.

Answer 38

Asymmetric Encryption

Question 39

______________ are cryptographic techniques that provide authentication, integrity, and non-repudiation for digital documents or messages.

Answer 39

Digital Signatures

Question 40

______________ refers to advanced encryption techniques and standards that aim to enhance security and address emerging threats in modern computing environments.

Answer 40

Next Generation Encryption

Question 41

______________ is a framework that manages digital keys and certificates for secure communication. It includes processes, policies, and technologies for issuing, managing, and revoking digital certificates.

Answer 41

Public Key Infrastructure (PKI)

Question 42

______________ are electronic credentials used to verify the identity of entities in a network. They contain a public key, identity information, and are signed by a Certificate Authority (CA).

Answer 42

Digital Certificate

Question 43

______________ are trusted entities that issue digital certificates and verify the authenticity of certificate holders.

Answer 43

Certificate Authorities

Question 44

______________ is the process of verifying the identity of a user or system by validating their digital certificate.

Answer 44

Digital Certificate Authentication

Question 45

______________ refers to the process of obtaining a digital certificate, while ______________ is the process of invalidating or revoking a certificate before its expiration.

Answer 45

Enrollment & Revocation

Question 46

______________ is the act of requesting and obtaining a digital certificate from a Certificate Authority.

Answer 46

Certificate Enrollment

Question 47

______________ is the process of declaring a digital certificate as no longer valid before its expiration date.

Answer 47

Certificate Revocation

Question 48

______________ refer to the design and structure of a Public Key Infrastructure, including the hierarchy of CAs, certificate policies, and trust models.

Answer 48

PKI Architectures

Question 49

______________ is the process of allowing or blocking network packets based on predefined rules or criteria.

Answer 49

Packet Filtering

Question 50

______________ are rules or policies that specify which network traffic is allowed or denied based on source, destination, and protocol.

Answer 50

Access Control List (ACL)

Question 51

______________ is a firewall technique that keeps track of the state of active connections and allows related packets to pass through.

Answer 51

Stateful Filtering

Question 52

______________ is a Cisco firewall feature that uses zones to define security policies and controls traffic flow between zones.

Answer 52

Zone-Based Firewall

Question 53

______________ is a security device that combines firewall, VPN, and other security features to protect network resources.

Answer 53

Cisco ASA (Adaptive Security Appliance)

Question 54

______________ is the process of controlling and managing network traffic to prevent unauthorized access or malicious activities.

Answer 54

Traffic Filtering

Question 55

The ______________ is the part of a network device responsible for managing and controlling device operations and protocols.

Answer 55

Control Plane

Question 56

______________ refers to the design and structure of network devices, including hardware and software components.

Answer 56

Network Device Architecture

Question 57

______________ is a security mechanism that ensures the authenticity and integrity of routing protocol messages.

Answer 57

Routing Protocol Authentication

Question 58

______________ is the process of selectively allowing or denying specific routes in a routing table.

Answer 58

Route Filtering

Question 59

______________ is a security feature that restricts the rate of traffic directed at a device’s control plane to protect it from resource exhaustion or attacks.

Answer 59

Control Plane Policing (CoPP)

Question 60

______________ includes mechanisms and strategies to secure a device’s control plane from unauthorized access and attacks.

Answer 60

Control Plane Protection

Question 61

______________ safeguard a device’s central processing unit (CPU) from excessive loads and resource depletion.

Answer 61

CPU Protection Mechanisms

Question 62

______________ mechanisms ensure the security and integrity of a device’s memory, preventing unauthorized access or tampering.

Answer 62

Memory Protection

Question 63

The ______________ is responsible for managing and configuring network devices, including tasks such as device administration and monitoring.

Answer 63

Management Plane

Question 64

______________ is a protocol used for network management and monitoring, allowing devices to exchange information about their status and performance.

Answer 64

SNMP (Simple Network Management Protocol)

Question 65

______________ is a protocol used to synchronize the time of network devices, ensuring accurate timestamps for events and logs.

Answer 65

NTP (Network Time Protocol)

Question 66

______________ involves recording events, activities, and system messages for analysis, troubleshooting, and security monitoring.

Answer 66

Logging

Question 67

______________ is a network protocol that automates the assignment of IP addresses and network configuration to devices on a network.

Answer 67

Dynamic Host Configuration Protocol (DHCP)

Question 68

______________ is an extension of DHCP used for assigning IPv6 addresses and configuration parameters to devices on an IPv6 network.

Answer 68

DHCPv6

Question 69

______________ is a protocol used for translating human-readable domain names into IP addresses, facilitating network communication.

Answer 69

Domain Network System (DNS) Protocol

Question 70

______________ is a technique used by attackers to impersonate another IP address to conceal their identity or gain unauthorized access.

Answer 70

IP Spoofing

Question 71

______________ are used as mitigation tools to control network traffic and restrict access to specific resources.

Answer 71

ACLs (Access Control Lists)

Question 72

______________ is a mitigation tool that verifies the source IP address of incoming packets to prevent IP spoofing.

Answer 72

URPF (Unicast Reverse Path Forwarding)

Question 73

A ______________ is an attack that overwhelms a network or system with excessive traffic, rendering it unavailable to legitimate users.

Answer 73

DoS-Attack (Denial-of-Service Attack)

Question 74

______________ is a security feature that protects against TCP SYN flooding attacks by managing incomplete connection requests.

Answer 74

TCP Intercept

Question 75

______________ is a traffic control mechanism that enforces bandwidth limits and controls the rate of traffic.

Answer 75

Policing

Question 76

______________ is a security technique used to mitigate DDoS attacks by redirecting attack traffic to a null route.

Answer 76

RTBH (Remote Triggered Black Hole)

Question 77

______________ are additional fields in an IP packet header used for specific purposes, and they can introduce security risks if misused.

Answer 77

IP Options

Question 78

______________ refers to strategies and technologies used to detect, prevent, and respond to security attacks.

Answer 78

Attack Mitigation

Question 79

______________ is the process of breaking large IP packets into smaller fragments for transmission, which can be a security concern.

Answer 79

IP Fragmentation

Question 80

______________ is a Cisco technology that identifies and classifies network applications and services for traffic analysis and control.

Answer 80

NBAR (Network-Based Application Recognition)

Question 81

______________ are part of IPv6 packets and provide additional information for packet processing. ______________ involves handling and securing these headers to prevent attacks and ensure proper packet processing.

Answer 81

Extension Headers / Extension Headers Processing & Security

Question 82

______________ refers to the examination and handling of IPv6 extension headers, including header insertion, inspection, and processing as packets traverse the network.

Answer 82

Extension Header Processing

Question 83

______________ is a process of dividing large IPv6 packets into smaller fragments to accommodate networks with smaller Maximum Transmission Unit (MTU) sizes.

Answer 83

IPv6 Fragmentation

Question 84

______________ involves strategies and measures to protect against security threats related to IPv6 fragmentation, such as fragmentation-based attacks.

Answer 84

IPv6 Fragmentation Attacks Mitigation

Question 85

______________ is a key component of IPv6 networking that allows devices to discover and communicate with neighboring devices on the same network segment.

Answer 85

Neighbor Discovery

Question 86

______________ are ICMPv6 messages used for various purposes, including router discovery, neighbor discovery, and address resolution in IPv6 networks.

Answer 86

Neighbor Discovery Messages

Question 87

______________ is a security extension for Neighbor Discovery that provides mechanisms for securing neighbor and router discovery processes in IPv6 networks.

Answer 87

Secure Neighbor Discovery (SEND)

Question 88

______________ is a proprietary Cisco protocol used for discovering and sharing information about directly connected Cisco devices on a network.

Answer 88

Cisco Discovery Protocol (CDP)

Question 89

______________ is a network protocol used to prevent loops in Ethernet networks by dynamically disabling redundant links while keeping a loop-free path.

Answer 89

Spanning Tree Protocol (STP)

Question 90

______________ include mechanisms to protect Spanning Tree Protocol implementations from misuse and attacks.

Answer 90

Spanning Tree Protocol (STP) Security Features

Question 91

______________ are used to partition a VLAN into sub-VLANs, allowing network segmentation while sharing the same IP subnet.

Answer 91

Private VLANs

Question 92

______________ is a feature that isolates specific ports on a switch to prevent direct communication between devices on those ports.

Answer 92

Protected Ports (or Port Isolation)

Question 93

______________ is a feature that monitors and limits the rate of broadcast, multicast, or unicast storms to prevent network congestion and disruptions.

Answer 93

Storm Control

Question 94

______________ involves securing network devices by implementing security best practices and configuring security features to reduce vulnerabilities.

Answer 94

Device Hardening

Question 95

______________ is a comprehensive framework and methodology for designing and implementing secure network architectures.

Answer 95

Cisco SAFE (Security Architecture for Enterprise)

Question 96

______________ refers to strategies and techniques used to protect against Layer 2 (data link layer) attacks in a network.

Answer 96

L2 Attacks Mitigation

Question 97

______________ are security threats targeting the Spanning Tree Protocol, aiming to disrupt network operations by exploiting vulnerabilities in STP implementations.

Answer 97

STP Attacks

Question 98

______________ are malicious activities that manipulate or poison ARP tables to redirect network traffic or conduct man-in-the-middle attacks.

Answer 98

ARP Attacks (Address Resolution Protocol Attacks)

Question 99

______________ is a protocol used to map IP addresses to MAC addresses in Ethernet networks, facilitating communication between devices on the same local network.

Answer 99

Address Resolution Protocol (ARP)

Question 100

______________ is a security feature that restricts access to command-line interface (CLI) commands based on user roles and privileges.

Answer 100

Role-Based CLI Access

Question 101

______________ involves establishing secure and encrypted communication tunnels over public networks, allowing remote access and private data transfer.

Answer 101

VPN (Virtual Private Network) Working

Question 102

______________ is the process of encapsulating one network protocol within another for secure and efficient data transmission over an untrusted network.

Answer 102

Tunneling

Question 103

______________ encompasses measures and protocols used to secure Virtual Private Network connections and protect data confidentiality and integrity.

Answer 103

VPN Security

Question 104

______________ involves setting up GRE tunnels for encapsulating a wide range of network protocols within point-to-point connections.

Answer 104

GRE (Generic Routing Encapsulation) Configuration

Question 105

______________ is a key management protocol used in IPsec VPNs to establish security associations and exchange encryption keys.

Answer 105

IKEv1 (Internet Key Exchange version 1)

Question 106

______________ is the process of establishing secure IPsec tunnels for encrypted communication between network devices or sites.

Answer 106

IPsec Tunneling

Question 107

______________ involves configuring IPsec VPNs on Cisco ASA devices for secure remote access and site-to-site connectivity.

Answer 107

IPsec on the ASA (Adaptive Security Appliance)

Question 108

______________ is a technology that simplifies and enhances WAN management by centralizing control and dynamically routing traffic over multiple network connections.

Answer 108

Software Defined WAN (SD-WAN)

Question 109

______________ is a Cisco solution that uses software-defined networking (SDN) principles to automate network provisioning, policy enforcement, and segmentation.

Answer 109

Software Defined Access (SD-Access)

Question 110

______________ is Cisco’s approach to data center networking that focuses on automation, policy-based management, and application-aware networking.

Answer 110

Application Centric Infrastructure (ACI)

Question 111

______________ encompasses the design and components of Cisco’s Application Centric Infrastructure solution for data centers.

Answer 111

Cisco ACI Architecture

Question 112

______________ are software-based network switches used in virtualized environments to connect virtual machines (VMs) and manage traffic.

Answer 112

Virtual Switches

Question 113

An ______________ is a physical location where different Internet service providers (ISPs) connect their networks to exchange traffic.

Answer 113

Internet Exchange Point (IXP)

Question 114

A ______________ is a wide area network that connects geographically dispersed locations using private network infrastructure, such as leased lines or MPLS.

Answer 114

Private WAN

Question 115

______________ is an open-source cloud computing platform that provides infrastructure-as-a-service (IaaS) capabilities for building and managing private and public clouds.

Answer 115

OpenStack

Question 116

______________ refers to the design and framework of Software-Defined Networking, which separates network control and data planes for greater flexibility and automation.

Answer 116

SDN Architecture

Question 117

______________ is the protocol used for transmitting and receiving web page data and other resources on the World Wide Web.

Answer 117

HTTP (Hypertext Transfer Protocol)

Question 118

______________ are three-digit numeric codes used in HTTP responses to indicate the status of a web request, such as 200 (OK) or 404 (Not Found).

Answer 118

HTTP Message Codes

Question 119

______________ is a secure version of HTTP that uses encryption (TLS/SSL) to protect the confidentiality and integrity of data exchanged between a web server and a client.

Answer 119

HTTP Secure (HTTPS)

Question 120

______________ is a central management console used to configure, monitor, and manage Cisco security products and services.

Answer 120

SMC (Security Management Center)

Question 121

A ______________ is a network security device or software solution that provides web content filtering, threat protection, and policy enforcement to protect users and networks from web-based threats.

Answer 121

Web Security Appliance

Question 122

______________ is a specific Cisco appliance designed for web security. It offers features like web filtering, antivirus scanning, and URL categorization to protect against web threats.

Answer 122

Cisco Web Security Appliance (WSA)

Question 123

______________ is a protocol used for sending email messages between servers. It is a fundamental component of email communication.

Answer 123

Simple Mail Transfer Protocol (SMTP)

Question 124

______________ is an appliance that provides email security services, including spam filtering, malware detection, and content filtering to protect against email-based threats.

Answer 124

Cisco Email Security Appliance (ESA)

Question 125

______________ refers to the command-line interface (CLI) used for configuring and managing Cisco Email Security Appliances.

Answer 125

ESA Command Line

Question 126

An ______________ is a component of the Email Security Appliance that receives incoming email messages and processes them through various security filters.

Answer 126

ESA Listener

Question 127

______________ involve the configuration, monitoring, and management tasks related to the Cisco Email Security Appliance.

Answer 127

ESA Operations

Question 128

An ______________ is a dedicated device or software solution designed to protect email communication by filtering out spam, viruses, and other email threats.

Answer 128

Email Security Appliance (ESA)

Question 129

______________ are sets of rules and configurations that define how email security is enforced, including spam policies, content filtering, and encryption policies.

Answer 129

ESA Policies

Question 130

______________ is a distributed system used for translating domain names (e.g., www.example.com) into IP addresses, facilitating internet communication.

Answer 130

Domain Name System (DNS)

Question 131

______________ includes the hierarchical organization of DNS servers and domains, starting with the root DNS servers at the top.

Answer 131

DNS Structure

Question 132

______________ include DNS servers (such as authoritative, recursive, and caching servers) and DNS clients that interact to resolve domain names.

Answer 132

DNS Components

Question 133

______________ are data entries in DNS databases that contain information about domain names, IP addresses, mail servers, and other DNS-related information.

Answer 133

DNS Records

Question 134

______________ is a cloud-based security service provided by Cisco (Cisco Umbrella) that offers DNS and web filtering to protect against threats and provide visibility into internet traffic.

Answer 134

Umbrella

Question 135

______________ are configurations that define how DNS traffic is inspected and protected against security threats like DNS-based attacks.

Answer 135

DNS Layer Security Policies

Question 136

______________ define rules for inspecting and controlling content and applications to ensure security and compliance.

Answer 136

Content & Application Inspection Policies

Question 137

______________ specify how files are inspected for malware and other threats, including rules for scanning, blocking, or allowing file transfers.

Answer 137

File Inspection Policies

Question 138

______________ determine which destinations (IP addresses, domains) are allowed or blocked for communication within a network.

Answer 138

Destination Lists Policies

Question 139

An ______________ is a proxy server that dynamically adjusts its behavior based on the type of traffic it handles, enhancing security and performance.

Answer 139

Intelligent Proxy

Question 140

______________ is the process of decrypting encrypted SSL/TLS traffic to inspect its contents for security purposes.

Answer 140

SSL Decryption

Question 141

______________ is a Cisco security product that provides identity-based access control and policy enforcement within a network.

Answer 141

ISE (Identity Services Engine)

Question 142

______________ involves integrating ISE with Microsoft Active Directory (AD) to leverage AD user and group information for access control decisions.

Answer 142

AD Integration

Question 143

______________ are rules and configurations that dictate how network access is granted or denied based on user identity and attributes.

Answer 143

ISE Policies

Question 144

______________ in ISE involves identifying and categorizing network devices and endpoints based on their characteristics and behavior.

Answer 144

Profiling

Question 145

______________ is a feature in ISE that allows for dynamic policy changes and actions after initial network access is granted, such as reauthentication or session termination.

Answer 145

Change of Authorization (CoA)

Question 146

______________ are mechanisms used by ISE to collect information about endpoints and devices on the network for profiling purposes.

Answer 146

Profiling Probes

Question 147

______________ refer to different configurations and methods for implementing 802.1x authentication, such as single-host or multi-host mode.

Answer 147

802.1x Deployment Modes

Question 148

______________ in ISE provide a secure and controlled onboarding process for guest users accessing the network.

Answer 148

Guest Services

Question 149

______________ is a method in ISE where users are redirected to a central web portal for authentication and access control.

Answer 149

Central Web Authentication

Question 150

______________ features and configurations go beyond basic identity and access control, offering more extensive policy options and integrations.

Answer 150

Advanced ISE

Question 151

______________ involves deploying multiple ISE nodes to provide high availability, scalability, and redundancy in a network.

Answer 151

Distributed ISE

Question 152

______________ are predefined roles that determine the function and capabilities of an ISE node, such as Policy Service Persona (PSP) or Monitoring Persona.

Answer 152

ISE Personas

Question 153

______________ in ISE are collections of ISE nodes that work together to provide services and redundancy in a distributed deployment.

Answer 153

Node Groups

Question 154

______________ allows an ISE node to operate in multiple personas simultaneously to provide a range of services.

Answer 154

ISE Multimode

Question 155

______________ involves collecting and analyzing data about network traffic, devices, and performance to improve security and visibility.

Answer 155

Network Telemetry

Question 156

______________ is a network visibility and security analytics solution that detects and mitigates threats by analyzing network traffic and behavior.

Answer 156

Cisco StealthWatch

Question 157

______________ is a network protocol used for collecting and monitoring network traffic flow data for analysis and security monitoring.

Answer 157

NetFlow

Question 158

______________ are logical groupings of network devices and hosts based on common characteristics, used for policy enforcement and management.

Answer 158

Hosts Groups