|[ LiB ]|
|Question 1|| |
A network security policy provides the following benefits. (Choose four.)
Answers A, B, D, and E are all valid functions of the security policy and are therefore correct. Answer C is incorrect because the security policy is continuously evolving rather than constant.
|Question 2|| |
The four steps of the Cisco Security Wheel are
Answer C is correct. The four steps of the Cisco Security Wheel are Secure, Monitor, Test, and Improve. Answers A, B, and D do not describe the four steps of the Cisco Security Wheel and are therefore incorrect.
|Question 3|| |
The use of a login sequence that mimics a legitimate application to gain backdoor access into a host is called
Answer C is correct. Applications that mimic legitimate applications to allow future backdoor access to a host are called Trojan horses. A reconnaissance attack occurs when an unauthorized person observes and maps network systems, services, and vulnerabilities; Answer A is therefore incorrect. Exploitation of management protocols occurs when an attacker takes advantage of weaknesses in protocols such as Telnet, NTP, or SNMP or logging to perform an attack; Answer B is therefore incorrect. An access attack occurs when someone achieves privilege escalation or access to restricted resources to perform an attack. Answer D is therefore incorrect.
|Question 4|| |
RFC 2827 filtering specifies that
Answer C is correct. RFC 2827 filtering blocks outbound traffic that has a source address that doesn't fall within the organization's valid range of internal addresses. Answers A, B, and D describe policies that may be enforced by ACLs but do not describe RFC 2827 and are therefore incorrect.
|Question 5|| |
A shared folder on a public drive can result in which kind of attack?
Answer C is correct. An attacker can easily gain access to highly confidential internal company data by finding a shared folder with public read access and use this information to perform an access attack. A reconnaissance attack occurs when an attacker maps and observes network services and vulnerabilities; Answer A is therefore incorrect. A password attack occurs when a hacker uses a dictionary tool, Trojan horse, or brute force to acquire password information. Answer B is therefore incorrect. A man-in-the-middle attack describes the use of a sniffer to intercept traffic as it traverses the network. Answer D is therefore incorrect. A DoS attack occurs when network services are disrupted or compromised. Answer E is therefore incorrect.
|Question 6|| |
You can use the following to describe application layer attacks. (Choose two.)
Answers C and D are correct. The capture of login and password information using a Trojan horse is an example of an application layer attack. Therefore, Answer C is correct. Application layer attacks often used well-known ports such as TCP port 23 to traverse a firewall, so Answer D is correct. Answers A and E describe attacks that are not application layer attacks, so those answers are incorrect. Answer F describes a way to mitigate the risks of an application layer attack and is therefore incorrect.
|Question 7|| |
Logging with syslog can introduce the following vulnerabilities. (Choose two.)
Answers D and E are correct. A hacker can use false syslog data to distract a network administrator during an attack, so Answer D is correct. Syslog also lacks packet-level integrity checking, making syslog data subject to alteration. Answer E is therefore correct. Intercepting syslog data will only give hackers access to log files and not allow them to directly reconfigure a device; therefore, Answer A is incorrect. Although syslog data is sent as cleartext, TFTP would be far more likely to expose backup configuration files than syslog. Answer B is therefore incorrect. Finally, syslog uses UDP port 514 and not TCP port 514. Answer C is therefore incorrect.
|Question 8|| |
The Cisco Secure Posture Assessment group (SPA) can be described as
Answer B is correct. The Cisco Secure Posture Assessment group is a third-party network security testing group whose services ensure that your technical security implementation supports your security policy. The SPA does not provide implementation and integration services for network security; therefore, Answer A is incorrect. The SPA does not conduct research into new signature updates, nor does it define a framework for security over integrated audio, voice, and data networks; therefore, Answers C and D are also incorrect.
|Question 9|| |
Which of the following is NOT a way to prevent against DoS attacks? (Choose one.)
Answer D is correct. Answer D describes a technique to limit the effects of access and password attacks, rather than direct prevention of a DoS attack. Answers A and E both describe anti-IP spoofing techniques that can help to protect against DoS attacks. Answers B and C describe measures that you can take to limit the volume of traffic that might result in a DoS attack and are therefore incorrect.
|Question 10|| |
Management protocols such as FTP, Telnet, SNMP, and HTTP transfer data in cleartext. What encryption techniques can you use to mitigate the risk of cleartext data transfer? (Choose three.)
Answers A, C, and D are correct. SSL, SSH, and IPSec are all encryption techniques that provide a more secure means of data transfer than those that use cleartext. Answer B, OTP, refers to the use of one-time-passwords. Answer E, CSACS, is the Cisco Secure Access Control Server. Although both provide more secure means of authentication, they are not encryption techniques and are therefore incorrect.
|[ LiB ]|