Module 12 - Network Security Infrastructure

Question 1

What is the purpose of a personal firewall on a computer?

To increase the speed of the Internet connection
To protect the computer from viruses and malware
To filter the traffic that is moving in and out of the PC
To protect the hardware against fire hazard

Answer 1

To filter the traffic that is moving in and out of the PC

Question 2

What is the main difference between the implementation of IDS and IPS devices?

An IDS can negatively impact the packet flow, whereas an IPS can not.
An IDS needs to be deployed together with a firewall device, whereas an IPS can replace a firewall.
An IDS uses signature-based technology to detect malicious packets, whereas an IPS uses profile-based technology.
An IDS would allow malicious traffic to pass before it is addressed, whereas an IPS stops it immediately

Answer 2

An IDS would allow malicious traffic to pass before it is addressed, whereas an IPS stops it immediately

Question 3

Which two pieces of information should be included in a logical topology diagram of a network? (Choose two.)

Device Type
Cable Specification
Interface Identifier
Cable Type and Identifier
OS/IOS Version
Connection Type

Answer 3

Interface identifier
Connection Type

Question 4

What is a characteristic of a WAN?

It is typically owned and managed by a single home or business.
It requires a wireless access point to connect users to the network.
It spans across a campus or city to enable sharing of regional resources.
It connects multiple networks that are geographically separated.

Answer 4

It spans across a campus or city to enable sharing of regional resources.

It is called a WAN (wide-area network) because it spans beyond a single building or large campus to include multiple locations spread across a specific geographic area, or even the world.

For example, businesses with many international branch offices use a WAN to connect office networks together.

Question 5

What network monitoring technology enables a switch to copy and forward traffic sent and received on multiple interfaces out another interface toward a network analysis device?

NetFlow
Network tap
Port Mirroring
SNMP

Answer 5

Port Mirroring

When enabled on a switch, port mirroring copies frames sent and received by the switch and forwards them to another port, which has a analysis device attached.

Question 6

What is a function of a proxy firewall?

Drops or forwards traffic based on packet header information
Connects to remote servers on behalf of clients
Filters IP traffic between bridged interfaces
Uses signatures to detect patterns in network traffic

Answer 6

Connects to remote servers on behalf of clients

Question 7

Which technology is used by Cisco Advanced Malware Protection (AMP) in defending and protecting against known and emerging threats?

Threat Intelligence
Network Admission Control
Website Filtering and Block Listing
Network Profiling

Answer 7

Threat Intelligence

Question 8

How is a source IP address used in a standard ACL?

It is the criterion that is used to filter traffic.

It is the address that is unknown, so the ACL must be placed on the interface closest to the source address.

It is the address to be used by a router to determine the best path to forward packets.

It is used to determine the default gateway of the router that has the ACL applied.

Answer 8

It is the criterion that is used to filter traffic.

The only filter that can be applied with a standard ACL is the source IP address. An extended ACL is used to filter on such traffic as the source IP address, destination IP address, type of traffic, and type of message.

Question 9

Refer to the exhibit. The network “A” contains multiple corporate servers that are accessed by hosts from the Internet for information about the corporation. What term is used to describe the network marked as “A”?

Untrusted Network
Perimeter Security Boundary
Internal Network
DMZ

Answer 9

A demilitarized zone or DMZ is a network area protected by one or more firewalls. The DMZ typically contains servers that are commonly accessed by external users. A web server is commonly contained in a DMZ.

Question 10

Which statement describes the Cisco Cloud Web Security?

It is a security appliance that provides an all-in-one solution for securing and controlling web traffic.
It is an advanced firewall solution to guard web servers against security threats.
It is a cloud-based security service to scan traffic for malware and policy enforcement.
It is a secure web server specifically designed for cloud computing.

Answer 10

It is a cloud-based security service to scan traffic for malware and policy enforcement.

Question 11

Which network service allows administrators to monitor and manage network devices?

SNMP
Syslog
NTP
NetFlow

Answer 11

SNMP

Question 12

What is a feature of the TACACS+ protocol?

It hides passwords during transmission using PAP and sends the rest of the packet in plaintext.
It utilizes UDP to provide more efficient packet transfer.
It combines authentication and authorization as one process.
It encrypts the entire body of the packet for more secure communications.

Answer 12

It encrypts the entire body of the packet for more secure communications.

Question 13

Which layer of the hierarchical design model is a control boundary between the other layers?

Core
Access
Distribution
Network

Answer 13

Distribution

The three design layers from lowest to highest are access, distribution, and core. The distribution layer commonly provides policy-based connectivity which permits or denies traffic based on predefined parameters.

The distribution layer also acts as a control boundary between the access and core layers.

Question 14

Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?

MD5
ESP
AES
IPsec

Answer 14

IPsec

Question 15

Which statement describes a difference between RADIUS and TACACS+?

RADIUS separates authentication and authorization whereas TACACS+ combines them as one process.

RADIUS encrypts only the password whereas TACACS+ encrypts all communication.

RADIUS is supported by the Cisco Secure ACS software whereas TACACS+ is not.

RADIUS uses TCP whereas TACACS+ uses UDP.

Answer 15

RADIUS encrypts only the password whereas TACACS+ encrypts all communication.*

Question 16

What are two disadvantages of using an IDS? (Choose two.)

The IDS requires other devices to respond to attacks.
The IDS works offline using copies of network traffic.
The IDS has no impact on traffic.
The IDS does not stop malicious traffic.
The IDS analyzes actual forwarded packets.

Answer 16

The IDS does not stop malicious traffic

The IDS requires other devices to respond to attacks.*

Question 17

What two components of traditional web security appliances are examples of functions integrated into a Cisco Web Security Appliance? (Choose two.)

URL filtering
Email virus and spam filtering
VPN connection
Web reporting
Firewall

Answer 17

Web reporting
URL filtering

Question 18

What’s a characteristic of a hub?

Operates at Layer 2

Subdivides the network into collision domains

It regenerates the signal and retransmits on all ports

Uses CSMA/CA to avoid collisions

Answer 18

It regenerates the signal and retransmits on all ports

Question 19

Which AAA Component Can Be Established Using Token Cards?

Authentication

Accounting

Authorization

Auditing

Answer 19

Authentication

Question 20

What is a host-based intrusion detection system (HIDS)?

It detects and stops potential direct attacks but does not scan for malware.

It combines the functionalities of antimalware applications with firewall protection.

It is an agentless system that scans files on a host for potential malware.

It identifies potential attacks and sends alerts but does not stop the traffic.

Answer 20

It combines the functionalities of antimalware applications with firewall protection

Question 21

What is an advantage of HIPS that is not provided by IDS?

HIPS deploys sensors at network entry points and protects critical network segments.

HIPS protects critical system resources and monitors operating system processes.

HIPS monitors network processes and protects critical files.

HIPS provides quick analysis of events through detailed logging.

Answer 21

HIPS protects critical system resources and monitors operating system processes.

Question 22

Which Technique Is Necessary To Ensure A Private Transfer Of Data Using A VPN?

Scalability

Virtualization

Encryption

Authorization

Answer 22

Encryption

Question 23

Match the network security device type with the description.

Answer 23

Packet Filter Firewall > Enforces access control policy based on packet content

Intrusion Prevention System (IPS) > Uses signatures to detect patterns in network traffic.

Application Gateway > Filters traffic on Layer 7 information.

Stateful Firewall > Filters traffic based on defined rules as well as connection context.