chapter 4 Flashcards
Which two statements are true regarding network security? (Choose two.)
Both experienced hackers who are capable of writing their own exploit code and inexperienced individuals who download exploits from the Internet pose a serious threat to network security.
Protecting network devices from physical damage caused by water or electricity is a necessary part of the security policy.
Which two statements are true about network attacks? (Choose two.)
A brute-force attack searches to try every possible password from a combination of characters.
Devices in the DMZ should not be fully trusted by internal devices, and communication between the DMZ and internal devices should be authenticated to prevent attacks such as port redirection.
Users are unable to access a company server. The system logs show that the server is operating slowly because it is receiving a high level of fake requests for service. Which type of attack is occurring?
DoS
Refer to the exhibit. What is the purpose of the “ip ospf message-digest-key 1 md5 cisco” statement in the configuration?
to specify a key that is used to authenticate routing updates
What are three characteristics of a good security policy? (Choose three.)
It defines acceptable and unacceptable use of network resources.
It communicates consensus and defines roles.
It defines how to handle security incidents
Intrusion detection occurs at which stage of the Security Wheel?
monitoring
Which two objectives must a security policy accomplish? (Choose two.)
document the resources to be protected
identify the security objectives of the organization
Which two statements define the security risk when DNS services are enabled on the network? (Choose two.)
By default, name queries are sent to the broadcast address 255.255.255.255.
The basic DNS protocol does not provide authentication or integrity assurance.
Refer to the exhibit. Security Device Manager (SDM) has been used to configure a required level of security on the router. What would be accomplished when the SDM applies the next step on the security problems that are identified on the router?
SDM will reconfigure the services that are marked in the exhibit as “fix it” to apply the suggested security changes.
An IT director has begun a campaign to remind users to avoid opening e-mail messages from suspicious sources. Which type of attack is the IT director trying to protect users from?
virus
What are two benefits of using Cisco AutoSecure? (Choose two.)
It offers the ability to instantly disable non-essential system processes and services.
It allows the administrator to configure security policies without having to understand all of the Cisco IOS software features.
Which statement is true about Cisco Security Device Manager (SDM)?
SDM can be run from router memory or from a PC.
The Cisco IOS image naming convention allows identification of different versions and capabilities of the IOS. What information can be gained from the filename c2600-d-mz.121-4? (Choose two.)
The software is version 12.1, 4th revision.
The IOS is for the Cisco 2600 series hardware platform.
Refer to the exhibit. The network administrator is trying to back up the Cisco IOS router software and receives the output shown. What are two possible reasons for this output? (Choose two.)
The router cannot connect to the TFTP server.
The TFTP server software has not been started.
The password recovery process begins in which operating mode and using what type of connection? (Choose two.)
ROM monitor
direct connection through the console port