[ LiB ] |
Question 1 | A network security policy provides the following benefits. (Choose four.)
|
A1: | Answers A, B, D, and E are all valid functions of the security policy and are therefore correct. Answer C is incorrect because the security policy is continuously evolving rather than constant. |
Question 2 | The four steps of the Cisco Security Wheel are
|
A2: | Answer C is correct. The four steps of the Cisco Security Wheel are Secure, Monitor, Test, and Improve. Answers A, B, and D do not describe the four steps of the Cisco Security Wheel and are therefore incorrect. |
Question 3 | The use of a login sequence that mimics a legitimate application to gain backdoor access into a host is called
|
A3: | Answer C is correct. Applications that mimic legitimate applications to allow future backdoor access to a host are called Trojan horses. A reconnaissance attack occurs when an unauthorized person observes and maps network systems, services, and vulnerabilities; Answer A is therefore incorrect. Exploitation of management protocols occurs when an attacker takes advantage of weaknesses in protocols such as Telnet, NTP, or SNMP or logging to perform an attack; Answer B is therefore incorrect. An access attack occurs when someone achieves privilege escalation or access to restricted resources to perform an attack. Answer D is therefore incorrect. |
Question 4 | RFC 2827 filtering specifies that
|
A4: | Answer C is correct. RFC 2827 filtering blocks outbound traffic that has a source address that doesn't fall within the organization's valid range of internal addresses. Answers A, B, and D describe policies that may be enforced by ACLs but do not describe RFC 2827 and are therefore incorrect. |
Question 5 | A shared folder on a public drive can result in which kind of attack?
|
A5: | Answer C is correct. An attacker can easily gain access to highly confidential internal company data by finding a shared folder with public read access and use this information to perform an access attack. A reconnaissance attack occurs when an attacker maps and observes network services and vulnerabilities; Answer A is therefore incorrect. A password attack occurs when a hacker uses a dictionary tool, Trojan horse, or brute force to acquire password information. Answer B is therefore incorrect. A man-in-the-middle attack describes the use of a sniffer to intercept traffic as it traverses the network. Answer D is therefore incorrect. A DoS attack occurs when network services are disrupted or compromised. Answer E is therefore incorrect. |
Question 6 | You can use the following to describe application layer attacks. (Choose two.)
|
A6: | Answers C and D are correct. The capture of login and password information using a Trojan horse is an example of an application layer attack. Therefore, Answer C is correct. Application layer attacks often used well-known ports such as TCP port 23 to traverse a firewall, so Answer D is correct. Answers A and E describe attacks that are not application layer attacks, so those answers are incorrect. Answer F describes a way to mitigate the risks of an application layer attack and is therefore incorrect. |
Question 7 | Logging with syslog can introduce the following vulnerabilities. (Choose two.)
|
A7: | Answers D and E are correct. A hacker can use false syslog data to distract a network administrator during an attack, so Answer D is correct. Syslog also lacks packet-level integrity checking, making syslog data subject to alteration. Answer E is therefore correct. Intercepting syslog data will only give hackers access to log files and not allow them to directly reconfigure a device; therefore, Answer A is incorrect. Although syslog data is sent as cleartext, TFTP would be far more likely to expose backup configuration files than syslog. Answer B is therefore incorrect. Finally, syslog uses UDP port 514 and not TCP port 514. Answer C is therefore incorrect. |
Question 8 | The Cisco Secure Posture Assessment group (SPA) can be described as
|
A8: | Answer B is correct. The Cisco Secure Posture Assessment group is a third-party network security testing group whose services ensure that your technical security implementation supports your security policy. The SPA does not provide implementation and integration services for network security; therefore, Answer A is incorrect. The SPA does not conduct research into new signature updates, nor does it define a framework for security over integrated audio, voice, and data networks; therefore, Answers C and D are also incorrect. |
Question 9 | Which of the following is NOT a way to prevent against DoS attacks? (Choose one.)
|
A9: | Answer D is correct. Answer D describes a technique to limit the effects of access and password attacks, rather than direct prevention of a DoS attack. Answers A and E both describe anti-IP spoofing techniques that can help to protect against DoS attacks. Answers B and C describe measures that you can take to limit the volume of traffic that might result in a DoS attack and are therefore incorrect. |
Question 10 | Management protocols such as FTP, Telnet, SNMP, and HTTP transfer data in cleartext. What encryption techniques can you use to mitigate the risk of cleartext data transfer? (Choose three.)
|
A10: | Answers A, C, and D are correct. SSL, SSH, and IPSec are all encryption techniques that provide a more secure means of data transfer than those that use cleartext. Answer B, OTP, refers to the use of one-time-passwords. Answer E, CSACS, is the Cisco Secure Access Control Server. Although both provide more secure means of authentication, they are not encryption techniques and are therefore incorrect. |
[ LiB ] |