Cram Deck

Question 1

A Type __ password is a cleartext password

Answer 1

Type 0

Question 2

A Type 7 password is one that uses the algorithm from what cipher?

Answer 2

the Vigenere cipher

Question 3

The Enhanced Password Security feature can be used to configure ____ hashing of passwords for the username command

Answer 3

MD5

Question 4

ISE aims to deliver what?

Answer 4

ISE aims to deliver consistent access control across multivendor networks (wired & wireless) and remote connections. It also aims to provide superior visibility into who is accessing your valuable network resources

Question 5

What TCP areas other than TTL are often targeted by hackers?

Answer 5

Window Size, Don’t Fragment (DF) bit, Type of Service (TOS)

Question 6

Managed devices serve what purpose?

Answer 6

Managed devices are those devices that are installed on different network segments for monitoring traffic

Question 7

Memory Threshold Notification can mitigate what conditions?

Answer 7

low-memory conditions on a router

Question 8

How are managed devices deployed?

Answer 8

Managed devices can be deployed passively to gather detailed information about the various network issues. They can also be deployed inline in order to affect the flow of traffic via access control.

Question 9

After a network address is subnetted the last subnet obtained is being referred to as:

Answer 9

all-ones subnet

Question 10

What tool can you use to manage virtual managed devices?

Answer 10

Virtual managed devices do not have web interfaces - you need to use the CLI

Question 11

You may use _________ to identify the type and rate of traffic that reaches the control plane of the router.

Answer 11

Control Plane Policing

Question 12

To enable dynamic NAT on an interface, what must you define first (and what command would need to be used)?

Answer 12

standard IP access-list, using the access-list command.

Question 13

In the context of FireSIGHT System, Network-based objects can represent:

Answer 13

IP addresses and networks, port/protocol pairs, VLAN tags, security zones, and geolocation …etc.

Question 14

What tool can you use to manage ASA FirePOWER devices?

Answer 14

The ASA FirePOWER devices rely on their own management applications such as the ASDM and the CSM for configuration.

Question 15

You may prevent the router from sending ICMP redirects via what command?

Answer 15

no IP redirects

Question 16

Control Plane Policing may be performed through the use of what?

Answer 16

Control Plane Policing may be performed through the use of granular classification ACLs, logging, as well as the use of the show policy-map control-plane command.

Question 17

What is GTSM and what does it do?

Answer 17

Generalized TTL-based Security Mechanism is a TTL-based security protection method that uses the TTL value of IP packets for ensuring that the BGP packets received are from a directly connected peer which is real and legitimate.

Question 18

Peer authentication via MD5 is desirable or not, and why?

Answer 18

Peer authentication via MD5 is desirable as it creates an MD5 digest of each packet that is sent as part of a BGP session.

Question 19

What command can you use to determine if IPS is currently configured?

Answer 19

show subsys name ips

Question 20

Device stacking can be used to increase what?

Answer 20

Device stacking can be used to increase what?

Question 21

What command can you use to look into the contents of the ARP cache and sort out all IP entries?

Answer 21

show ip arp

Question 22

To allow hosts with no knowledge of routing to determine the MAC addresses of hosts on other networks, you need to use:

Answer 22

ip proxy-arp

Question 23

You may use __________ to create an IPS rule.

Answer 23

You may use __________ to create an IPS rule.

Question 24

You may create a mobility area with a router via what command?

Answer 24

ip mobile arp

Question 25

What is TVR and what is it for?

Answer 25

Target Value Rating TVR is what is used for developing security policies that can be stricter for some resources than others.

Question 26

What refers to feedback that can be used for controlling the level in which a user chooses to take actions for minimizing false positives?

Answer 26

Event Risk Rating ERR

Question 27

The default behavior for IP directed broadcasts can be changed via what command?

Answer 27

ip directed-broadcast

Question 28

You can use what command to specify a broadcast address which is different from the default one?

Answer 28

ip broadcast-address

Question 29

The FireSIGHT System can accommodate named objects. What are these objects?

Answer 29

They are a form of reusable configuration.

Question 30

LEAP was eventually replaced by what?

Answer 30

PEAP

Question 31

LCP is responsible for:

Answer 31

establishing, setting-up, and terminating point-to-point links

Question 32

With ___________ there is a dedicated VLAN created to trunk mirrored packets between two switches.

Answer 32

RSPAN

Question 33

With Local SPAN, where are the destination and source ports located?

Answer 33

on the same local switch

Question 34

Configuration revision number is carried by what advertisement?

Answer 34

VTP advertisement

Question 35

You use __________ to enable authentication proxy for AAA.

Answer 35

aaa authorization auth-proxy default

Question 36

A VLAN is identified with an ID number from 1 to _________ with the enhanced software image.

Answer 36

4094

Question 37

Your switch must be in _________mode in order to implement VLAN IDs from 1006 to 4094.

Answer 37

VTP transparent mode

Question 38

The IronPort ___-Series targets email security.

Answer 38

The IronPort C-Series

Question 39

You may want to statically assign which ports will become the member of your VLAN via the _____________ command.

Answer 39

vlan-membership

Question 40

LUN Masking is a process of what nature?

Answer 40

LUN Masking is an authorization process.

Question 41

With ISE, the possible personas include:

Answer 41

Administration, Policy Service, and Monitoring.

Question 42

To come up with a list of all VLAN IDs on a switch you need to use what command?

Answer 42

show running-config vlan

Question 43

What will happen when you have a VLAN deleted?

Answer 43

When you have a VLAN deleted, the ports assigned to that VLAN will become inactive but will remain associated with the VLAN until you manually assign them to another VLAN.

Question 44

In the context of ISE, a node refers to:

Answer 44

the individual instance that runs the Cisco ISE software.

Question 45

STP is intended for providing:

Answer 45

path redundancy (and preventing network loops)

Question 46

__________ can be constructed and applied to specific infrastructure related connections from hosts that need to access specific network infrastructure devices.

Answer 46

Infrastructure access control lists iACLs

Question 47

What feature is for protecting the Cisco 12000 routers’ gigabit route processor (GRP) from unnecessary and potentially dangerous traffics?

Answer 47

Receive ACLs

Question 48

Which firewall feature allows a packet to avoid redundant ACL checks?

Answer 48

Firewall ACL Bypass

Question 49

In order to define a reflexive access list, you need to create an entry in an extended named IP access list with the __________ keyword.

Answer 49

reflect

Question 50

You may use _____________ to enable TCP intercept.

Answer 50

ip tcp intercept list

Question 51

To enable Turbo ACL, you need to run the ___________ command in global configuration mode.

Answer 51

access-list compiled

Question 52

You can use _____________ to show issues that are preventing the routers from forming adjacency.

Answer 52

debug ip ospf adj

Question 53

_____________ is a definite course of action considered to be expedient, prudent or advantageous in guiding security.

Answer 53

policy

Question 54

___________ is a Cisco model that defines a structure of security objectives and supporting security actions for organizing security controls.

Answer 54

Cisco Security Control Framework SCF

Question 55

____________ describes a point in time measure of the security state of the concerned IT infrastructure.

Answer 55

Security Posture

Question 56

____________ aims to provide best practice information on designing and implementing secure networks.

Answer 56

Cisco’s secure blueprint for enterprise networks SAFE

Question 57

_____________ is for subdividing the infrastructure along different functional boundaries.

Answer 57

Functional Blocks

Question 58

What feature allows you to apply access control policies across multiple object groups?

Answer 58

PBACL

Question 59

VACL works at which layer (choose all that apply):

Answer 59

Filtering can be done either through a Layer 2 port or through a Layer 3 port after getting routed.

Question 60

PBACL works at which layer?

Answer 60

layer 3 only

Question 61

What is Security Intelligence feed?

Answer 61

A Security Intelligence feed is simply a dynamic collection of IP addresses downloaded at an interval you specify.

Question 62

Lock-and-key has to be configured via what kinds of access lists?

Answer 62

IP dynamic extended access lists

Question 63

Are Reflexive ACLs session filtering ACLs?

Answer 63

Yes.

Question 64

For the initial configuration of an ASA FirePOWER module, you should use what tool?

Answer 64

the CLI

Question 65

CAM table overflow can be mitigated via what measures?

Answer 65

One can flood the switch with invalid-source MAC addresses until the CAM table is full. Port security can be deployed against this attack.

Question 66

DHCP snooping aims to protect against what attack?

Answer 66

DHCP snooping aims to protect against rogue DHCP Servers.

Question 67

What command can you use to set a rate limit for DHCP snooping?

Answer 67

ip dhcp snooping rate

Question 68

What measures can be used against ARP Cache Poisoning and ARP Spoofing?

Answer 68

Dynamic ARP Inspection DAI

Question 69

What technique limits the ports within a VLAN that can communicate with other ports on the same VLAN?

Answer 69

Private VLAN

Question 70

STP root bridge attack can be defended against via what measures?

Answer 70

Configuring Rootguard and BPDUGuard on the switch port.

Question 71

With _____________, one configures a system to spoof as a switch by emulating either ISL or 802.1q signaling along with Dynamic Trunk Protocol DTP signaling.

Answer 71

switch spoofing