Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cisco CCNA > Security Fundamentals > Flashcards

Security Fundamentals Flashcards

1
Q

In a spoofing attack, which of the following parameters are commonly spoofed? (Choose two answers)

(A) Source IP address
(B) MAC address
(C) ARP address
(D) Routing table
(E) Destination IP address
(F) ARP table

A

In a spoofing attack, which of the following parameters are commonly spoofed? (Choose two answers)

**(A) Source IP address
(B) MAC address **
(C) ARP address
(D) Routing table
(E) Destination IP address
(F) ARP table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

AAA servers usually support the protocol TACACS+ and ____________________ to communicate with enterprise resources.

(A) DHCP
(B) ARP
(C) RADIUS
(D) HTTP

A

AAA servers usually support the protocol TACACS+ and ____________________ to communicate with enterprise resources.

(A) DHCP
(B) ARP
(C) RADIUS
(D) HTTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The senior network engineer assigns you a task related to port security. He needs your help to configure the fa0/1 from the SW-examsD to accept frames only from the MAC 0200.1111.2222. Type the commands that need to be configured on the SW-examsD following the requirements below:
1. configure the FastEthernet0/1 to be an access port
2. enable port security on that interface
3. define the allowed MAC address

(A) SW-examsD#configure terminal
SW-examsD(config)#interface FastEthernet0/2
SW-examsD(config-if)#switchport mode access
SW-examsD(config-if)#switchport port-security
SW-examsD(config-if)#switchport port-security macaddress 0200.1111.2222

(B) SW-examsD#configure terminal
SW-examsD(config)#interface FastEthernet0/1
SW-examsD(config-if)#switchport mode access
SW-examsD(config-if)#switchport port-security

(C) SW-examsD#configure terminal
SW-examsD(config)#interface FastEthernet0/1
SW-examsD(config-if)#switchport mode access
SW-examsD(config-if)#switchport port-security
SW-examsD(config-if)#switchport port-security macaddress 0200.2222.2222

(D) SW-examsD#configure terminal
SW-examsD(config)#interface FastEthernet0/1
SW-examsD(config-if)#switchport mode access
SW-examsD(config-if)#switchport port-security
SW-examsD(config-if)#switchport port-security macaddress 0200.1111.2222

A

The senior network engineer assigns you a task related to port security. He needs your help to configure the fa0/1 from the SW-examsD to accept frames only from the MAC 0200.1111.2222. Type the commands that need to be configured on the SW-examsD following the requirements below:
1. configure the FastEthernet0/1 to be an access port
2. enable port security on that interface
3. define the allowed MAC address

(A) SW-examsD#configure terminal
SW-examsD(config)#interface FastEthernet0/2
SW-examsD(config-if)#switchport mode access
SW-examsD(config-if)#switchport port-security
SW-examsD(config-if)#switchport port-security macaddress 0200.1111.2222

(B) SW-examsD#configure terminal
SW-examsD(config)#interface FastEthernet0/1
SW-examsD(config-if)#switchport mode access
SW-examsD(config-if)#switchport port-security

(C) SW-examsD#configure terminal
SW-examsD(config)#interface FastEthernet0/1
SW-examsD(config-if)#switchport mode access
SW-examsD(config-if)#switchport port-security
SW-examsD(config-if)#switchport port-security macaddress 0200.2222.2222

(D) SW-examsD#configure terminal
SW-examsD(config)#interface FastEthernet0/1
SW-examsD(config-if)#switchport mode access
SW-examsD(config-if)#switchport port-security
SW-examsD(config-if)#switchport port-security macaddress 0200.1111.2222

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

_____________________ attacks typically function by overwhelming or flooding a targeted machine with requests until normal traffic is unable to be processed, resulting in denial-of-service to additional users.

(A) Spoofing
(B) Phishing
(C) DoS
(D) SQL injection

A

_____________________ attacks typically function by overwhelming or flooding a targeted machine with requests until normal traffic is unable to be processed, resulting in denial-of-service to additional users.

(A) Spoofing
(B) Phishing
(C) DoS
(D) SQL injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A _________________ is malicious software that is hidden and packaged inside other software that looks normal and legitimate.

(A) Worm
(B) Virus
(C) Spyware
(D) Trojan

A

A _________________ is malicious software that is hidden and packaged inside other software that looks normal and legitimate.

(A) Worm
(B) Virus
(C) Spyware
(D) Trojan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What devices can be used to implement DHCP Snooping? (Choose two answers)

(A) Hub
(B) Layer 2 switches
(C) Routers
(D) Layer 3 switches
(E) Access Points
(F) End users

A

What devices can be used to implement DHCP Snooping? (Choose two answers)

(A) Hub
(B) Layer 2 switches
(C) Routers
(D) Layer 3 switches
(E) Access Points
(F) End users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following Cisco Firepower NGIPS’s features provides more insights into and control over the users, applications, devices, threats, and vulnerabilities in your network with real-time visibility?

(A) Security automation
(B) Granular application visibility and control
(C) Contextual awareness
(D) Superior effectiveness

A

Which of the following Cisco Firepower NGIPS’s features provides more insights into and control over the users, applications, devices, threats, and vulnerabilities in your network with real-time visibility?

(A) Security automation
(B) Granular application visibility and control
(C) Contextual awareness
(D) Superior effectiveness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What can be accomplished with a brute-force attack?

(A) Guess a user’s password
(B) Make a server unavailable
(C) Spoof every possible IP address
(D) Alter a routing table

A

What can be accomplished with a brute-force attack?

(A) Guess a user’s password
(B) Make a server unavailable
(C) Spoof every possible IP address
(D) Alter a routing table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Social engineering attack is accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

(A) TRUE
(B) FALSE

A

Social engineering attack is accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

(A) TRUE
(B) FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following human security vulnerabilities attacks is a type of attack that targets high-profile employees, such as the CEO or CFO, in order to steal sensitive information from a company?

(A) Social engineering
(B) Phishing
(C) Whaling
(D) Pharming

A

Which of the following human security vulnerabilities attacks is a type of attack that targets high-profile employees, such as the CEO or CFO, in order to steal sensitive information from a company?

(A) Social engineering
(B) Phishing
(C) Whaling
(D) Pharming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following human security vulnerabilities attacks is the attempt to obtain sensitive information such as passwords and credit card details by disguising oneself as a trustworthy entity?

(A) Social engineering
(B) Phishing
(C) Whaling
(D) Pharming

A

Which of the following human security vulnerabilities attacks is the attempt to obtain sensitive information such as passwords and credit card details by disguising oneself as a trustworthy entity?

(A) Social engineering
(B) Phishing
(C) Whaling
(D) Pharming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You are responsible to enable DHCP snooping on the SW1. The R1 is a DHCP relay agent that needs to be trusted. SW1 places all the ports on VLAN 8. Which commands will you type in order to configure DHCP snooping on the SW1 based on the diagram below?
(A) SW1# configure terminal SW1(config)# ip dhcp snooping SW1(config)# ip dhcp snooping vlan 3 SW1(config)# interface GigabitEthernet1/0/2 SW1(config-if)# ip dhcp snooping trust (B) SW1# configure terminal
SW1(config)# ip dhcp snooping SW1(config)# ip dhcp snooping vlan 8 SW1(config)# interface GigabitEthernet1/1/2 SW1(config-if)# ip dhcp snooping trust (C) SW1# configure terminal SW1(config)# ip dhcp snooping SW1(config)# ip dhcp snooping vlan 8 SW1(config)# interface GigabitEthernet1/0/2 SW1(config-if)# ip dhcp snooping trust (D) SW1# configure terminal SW1(config)# ip dhcp snooping SW1(config)# ip dhcp snooping vlan 8 SW1(config)# interface GigabitEthernet1/0/2

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following security features rejects invalid and malicious ARP packets and prevents a class of man-in-the-middle attacks?

(A) DoS
(B) DAI
(C) Packet secure
(D) ARP protect

A

Which of the following security features rejects invalid and malicious ARP packets and prevents a class of man-in-the-middle attacks?

(A) DoS
(B) DAI
(C) Packet secure
(D) ARP protect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In a reflection attack, the source IP address in
the attack packets is spoofed so that it contains the address of the victim.

(A) TRUE
(B) FALSE

A

In a reflection attack, the source IP address in
the attack packets is spoofed so that it contains the address of the victim.

**(A) TRUE **
(B) FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Type the command that needs to be configured on a switch to automatically recover from the err-disabled state, when caused by port security.

(A) recovery cause psecure-violation
(B) errdisable recovery psecure-violation
(C) errdisable recovery
(D) errdisable recovery cause psecure-violation

A

Type the command that needs to be configured on a switch to automatically recover from the err-disabled state, when caused by port security.

(A) recovery cause psecure-violation
(B) errdisable recovery psecure-violation
(C) errdisable recovery
(D) errdisable recovery cause psecure-violation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A next-generation firewall sits at the edge of a company’s connection to the Internet. A network engineer has been configured to prevent Telnet clients residing on the Internet from accessing Telnet servers inside the company. Which of the following might a next-generation firewall use that a traditional firewall would not?

(A) Match message destination well-known port 23
(B) Match message application data
(C) Match message IP protocol 23
(D) Match message source TCP ports lower than 5400

A

A next-generation firewall sits at the edge of a company’s connection to the Internet. A network engineer has been configured to prevent Telnet clients residing on the Internet from accessing Telnet servers inside the company. Which of the following might a next-generation firewall use that a traditional firewall would not?

(A) Match message destination well-known port 23
(B) Match message application data
(C) Match message IP protocol 23
(D) Match message source TCP ports lower than 5400

next-generation firewalls are being able to also check application data beyond the Transport layer header.

17
Q

Your PC connects to a LAN and uses DHCP to
lease an IP address for the first time. Of the usual four DHCP messages that flow between the PC (DHCP client) and the DHCP server, which ones do the server send? (Choose two answers)

(A) Acknowledgment
(B) Request
(C) Offer
(D) Discover

A

Your PC connects to a LAN and uses DHCP to
lease an IP address for the first time. Of the usual four DHCP messages that flow between the PC (DHCP client) and the DHCP server, which ones do the server send? (Choose two answers)

**(A) Acknowledgment **
(B) Request
(C) Offer
(D) Discover

Cisco CCNA (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions