Chapters 16 - 17 Mock Flashcards
An administrator decides to use “password” as the password on a newly installed router. Which statement applies to the password choice?
It is strong because it uses a passphrase.
It is strong because it uses a minimum of 10 numbers, letters and special characters.
It is weak since it is a word that is easily found in the dictionary.
It is weak because it is a commonly used password.
It is weak because it is a commonly used password.
Refer to the exhibit. Baseline documentation for a small company had ping round trip time statistics of 36/97/132 between hosts H1 and H3. Today the network administrator checked connectivity by pinging between hosts H1 and H3 that resulted in a round trip time of 1458/2390/6066. What does this indicate to the network administrator?
Performance between the networks is within expected parameters.
Something is causing interference between H1 and R1.
H3 is not connected properly to the network.
Something is causing a time delay between the networks.
Connectivity between H1 and H3 is fine.
Something is causing a time delay between the networks.
Which network service automatically assigns IP addresses to devices on the network?
DNS
Telnet
traceroute
DHCP
DHCP
A network administrator is upgrading a small business network to give high priority to real-time applications traffic. What two types of network services is the network administrator trying to accommodate? (Choose two.)
FTP
voice
SNMP
instant messaging
video
Voice
video
By following a structured troubleshooting approach, a network administrator identified a network issue after a conversation with the user. What is the next step that the administrator should take?
Verify full system functionality.
Test the theory to determine cause.
Establish a plan of action to resolve the issue.
Establish a theory of probable causes.
Establish a theory of probable causes.
A network technician issues the C:> tracert -6 www.cisco.com command on a Windows PC. What is the purpose of the -6 command option?
It sends 6 probes within each TTL time period.
It limits the trace to only 6 hops.
It sets a 6 milliseconds timeout for each replay.
It forces the trace to use IPv6.
It forces the trace to use IPv6.
Users are complaining that they are unable to browse certain websites on the Internet. An administrator can successfully ping a web server via its IP address, but cannot browse to the domain name of the website. Which troubleshooting tool would be most useful in determining where the problem is?
tracert
netstat
nslookup
ipconfig
nslookup
Which command can an administrator issue on a Cisco router to send debug messages to the vty lines?
logging console
terminal monitor
logging synchronous
logging buffered
terminal monitor
A user reports a lack of network connectivity. The technician takes control of the user machine and attempts to ping other computers on the network and these pings fail. The technician pings the default gateway and that also fails. What can be determined for sure by the results of these tests?
Nothing can be determined for sure at this point.
The NIC in the PC is bad.
The router that is attached to the same network as the workstation is down.
The TCP/IP protocol is not enabled.
Nothing can be determined for sure at this point.
An employee complains that a Windows PC cannot connect to the Internet. A network technician issues the ipconfig command on the PC and is shown an IP address of 169.254.10.3. Which two conclusions can be drawn? (Choose two.)
The PC cannot contact a DHCP server.
The enterprise network is misconfigured for dynamic routing.
The PC is configured to obtain an IP address automatically.
The default gateway address is not configured.
The DNS server address is misconfigured.
The PC cannot contact a DHCP server.
The PC is configured to obtain an IP address automatically.
Which statement is true about Cisco IOS ping indicators?
’!’ indicates that the ping was unsuccessful and that the device may have issues finding a DNS server.
’ . ‘ indicates that the ping was successful but the response time was longer than normal.
A combination of ‘.’ and ‘!’ indicates that a router along the path did not have a route to the destination address and responded with an ICMP unreachable message.
‘U’ may indicate that a router along the path did not contain a route to the destination address and that the ping was unsuccessful.
‘U’ may indicate that a router along the path did not contain a route to the destination address and that the ping was unsuccessful.
What is the purpose of a small company using a protocol analyser utility to capture network traffic on the network segments where the company is considering a network upgrade?
to document and analyse network traffic requirements on each network segment
to capture the Internet connection bandwidth requirement
to identify the source and destination of local network traffic
to establish a baseline for security analysis after the network is upgraded
to document and analyse network traffic requirements on each network segment
What is an accurate description of redundancy?
designing a network to use multiple virtual devices to ensure that all traffic uses the best path through the internetwork
configuring a switch with proper security to ensure that all traffic forwarded through an interface is filtered
designing a network to use multiple paths between switches to ensure there is no single point of failure
configuring a router with a complete MAC address database to ensure that all frames can be forwarded to the correct destination
designing a network to use multiple paths between switches to ensure there is no single point of failure
What information about a Cisco router can be verified using the show version command?
the routing protocol version that is enabled
the value of the configuration register
the administrative distance used to reach networks
the operational status of serial interfaces
the value of the configuration register
A network engineer is troubleshooting connectivity issues among interconnected Cisco routers and switches. Which command should the engineer use to find the IP address information, host name, and IOS version of neighboring network devices?
show interfaces
show version
show ip route
show cdp neighbors detail
show cdp neighbors detail
Which command should be used on a Cisco router or switch to allow log messages to be displayed on remotely connected sessions using Telnet or SSH?
terminal monitor
show running-config
logging synchronous
debug all
terminal monitor
A ping fails when performed from router R1 to directly connected router R2. The network administrator then proceeds to issue the show cdp neighbors command. Why would the network administrator issue this command if the ping failed between the two routers?
The network administrator suspects a virus because the ping command did not work.
The network administrator wants to determine if connectivity can be established from a non-directly connected network.
The network administrator wants to verify Layer 2 connectivity.
The network administrator wants to verify the IP address configured on router R2.
The network administrator wants to verify Layer 2 connectivity.
A user is redesigning a network for a small company and wants to ensure security at a reasonable price. The user deploys a new application-aware firewall with intrusion detection capabilities on the ISP connection. The user installs a second firewall to separate the company network from the public network. Additionally, the user installs an IPS on the internal network of the company. What approach is the user implementing?
risk based
structured
layered
attack based
layered
Which firewall feature is used to ensure that packets coming into a network are legitimate responses to requests initiated from internal hosts?
packet filtering
stateful packet inspection
application filtering
URL filtering
stateful packet inspection
Match each weakness with an example. (Not all options are used.)
configuration weakness
security policy weakness
technological weakness
When implementing an access list on a router, a network engineer did not filter a type of malicious traffic.
A network engineer is examining the operating system of a network device for vulnerabilities.
The network administrator did not fully consider the implications of unauthorized users accessing the network.
When implementing an access list on a router, a network engineer did not filter a type of malicious traffic.
- configuration weakness
A network engineer is examining the operating system of a network device for vulnerabilities.
-technological weakness
The network administrator did not fully consider the implications of unauthorized users accessing the network.
-security policy weakness
Identify the steps needed to configure a switch for SSH.
1.Create a local User
2.Generate RSA Keys
3.Configure a domain name
4.Use the login local command
5.use the transport input SSH command
hat feature of SSH makes it more secure than Telnet for a device management connection?
login information and data encryption
confidentiality with IPsec
stronger password requirement
random one-time port connection
login information and data encryption
When applied to a router, which command would help mitigate brute-force password attacks against the router?
banner motd $Max failed logins = 5$
service password-encryption
login block-for 60 attempts 5 within 60
exec-timeout 30
login block-for 60 attempts 5 within 60
What is the purpose of the network security authentication function?
to require users to prove who they are
to determine which resources a user can access
to keep track of the actions of a user
to provide challenge and response questions
to require users to prove who they are
What is the role of an IPS?
authenticating and validating traffic
filtering of nefarious websites
detecting and blocking of attacks in real time
connecting global threat information to Cisco network security devices
detecting and blocking of attacks in real time
Match the type of information security threat to the scenario. (Not all options are used.)
Information theft
data loss
identity theft
disruption of service
installing virus code to destroy surveillance recordings for certain days
pretending to be someone else by using stolen personal information to apply for a credit card
preventing users from accessing a website by sending a large number of link requests in a short period
obtaining trade secret documents illegally
installing virus code to destroy surveillance recordings for certain days
-data loss
pretending to be someone else by using stolen personal information to apply for a credit card
-identity theft
preventing users from accessing a website by sending a large number of link requests in a short period
-disruption of service
obtaining trade secret documents illegally
-Information theft
Match the description to the type of firewall filtering.
Packet Filtering
Application filtering
Stateful packet inspection
URL filtering
prevents or allows access based on the port numbers used in the request
prevents or allows access based on whether the traffic is in response to requests from internal hosts
prevents or allows access based on web addresses or keywords
prevents or allows access based on the IP or MAC addresses of the source and destination
prevents or allows access based on the port numbers used in the request
-Application filtering
prevents or allows access based on whether the traffic is in response to requests from internal hosts
-Stateful packet inspection
prevents or allows access based on web addresses or keywords
-URL filtering
prevents or allows access based on the IP or MAC addresses of the source and destination
-Packet Filtering
What is the difference between a virus and a worm?
Viruses hide in legitimate programs but worms do not.
Worms require a host file but viruses do not.
Viruses self-replicate but worms do not.
Worms self-replicate but viruses do not.
Worms self-replicate but viruses do not.
Only employees connected to IPv6 interfaces are having difficulty connecting to remote networks. The analyst wants to verify that IPv6 routing has been enabled. What is the best command to use to accomplish the task?
show ipv6 route
show ipv6 interface
copy startup-config running-config
show running-config
show running-config
Which statement describes the ping and tracert commands?
Both ping and tracert can show results in a graphical display.
Tracert uses IP addresses; ping does not.
Ping shows whether the transmission is successful; tracert does not.
Tracert shows each hop, while ping shows a destination reply only.
Tracert shows each hop, while ping shows a destination reply only.
A technician is to document the current configurations of all network devices in a college, including those in off-site buildings. Which protocol would be best to use to securely access the network devices?
SSH
FTP
Telnet
HTTP
SSH
When configuring SSH on a router to implement secure network management, a network engineer has issued the login local and transport input ssh line vty commands. What three additional configuration actions have to be performed to complete the SSH configuration? (Choose three.)
Configure role-based CLI access.
Create a valid local username and password database.
Configure the correct IP domain name.
Manually enable SSH after the RSA keys are generated.
Set the user privilege levels.
Generate the asymmetric RSA keys.
Create a valid local username and password database.
Configure the correct IP domain name.
Generate the asymmetric RSA keys.
What is considered the most effective way to mitigate a worm attack?
Ensure that all systems have the most current virus definitions.
Ensure that AAA is configured in the network.
Change system passwords every 30 days.
Download security updates from the operating system vendor and patch all vulnerable systems.
Download security updates from the operating system vendor and patch all vulnerable systems.
On which two interfaces or ports can security be improved by configuring executive timeouts? (Choose two.)
loopback interfaces
serial interfaces
vty ports
console ports
Fast Ethernet interfaces
vty ports
console ports
Which command has to be configured on the router to complete the SSH configuration?
transport input ssh
service password-encryption
enable secret class
ip domain-name cisco.com
transport input ssh
