SlideShare ist ein Scribd-Unternehmen logo

Iins practice questions

teknik komputer ui
teknik komputer ui
1 von 5
Downloaden Sie, um offline zu lesen
Cisco CCN A S e cu r it y P r a ct ice E x a m Q u e st ion s Implementing Cisco IOS Network Security (IINS) v1.0 Th e follow ing Cisco® CCNA S ecurity practice ex am q uestions are based on th e course I m p l e m e n t i n g C i s c o I O S N e t w o r k S e c u r i t y ( I I N S ) v 1 . 0 . Th e answ er k ey is on th e last pag e of th is d ocum ent. 1. W h at is th e g oal of an ov erall security ch alleng e w h en planning a security strateg y ? A ) to h ard en all ex terior-facing netw ork com ponents B ) to install firew alls at all critical points in th e netw ork C) to find a balance betw een th e need to open netw ork s to support ev olv ing business req uirem ents and th e need to inform D ) to ed ucate em ploy ees to be on th e look out for suspicious beh av ior 2. W h ich th reats are th e m ost serious? A ) insid e th reats B ) outsid e th reats C) unk now n th reats D ) reconnaissance th reats 3. Netw ork security aim s to prov id e w h ich th ree k ey serv ices? ( Ch oose th ree.) A ) d ata integ rity B ) d ata strateg y C) d ata and sy stem av ailability D ) d ata m ining E ) d ata storag e F ) d ata confid entiality 4. W h ich option is th e term for a w eak ness in a sy stem or its d esig n th at can be ex ploited by a th reat? A ) a v ulnerability B ) a risk C) an ex ploit D ) an attack 1 C is c o C C N A S e c u r it y P r a c t ic e E x a m Q u e s tio n s © 20 0 9 C i s c o S y s t e m s , I n c .
5. W h ich option is th e term for th e lik elih ood th at a particular th reat using a specific attack w ill ex ploit a particular v ulnerability of a sy stem th at results in an und esirable conseq uence? A ) a v ulnerability B ) a risk C) an ex ploit D ) an attack 6. W h ich option is th e term for w h at h appens w h en com puter cod e is d ev eloped to tak e ad v antag e of a v ulnerability ? F or ex am ple, suppose th at a v ulnerability ex ists in a piece of softw are, but nobod y k now s about th is v ulnerability . A ) a v ulnerability B ) a risk C) an ex ploit D ) an attack 7. W h at is th e first step y ou sh ould tak e w h en consid ering securing y our netw ork ? A ) I nstall a firew all. B ) I nstall an intrusion prev ention sy stem . C) U pd ate serv ers and user PCs w ith th e latest patch es. D ) D ev elop a security policy . 8. W h ich option is a k ey principle of th e Cisco S elf-D efend ing Netw ork strateg y ? A ) S ecurity is static and sh ould prev ent m ost k now n attack s on th e netw ork . B ) Th e self-d efend ing netw ork sh ould be th e k ey point of y our security policy . C) I nteg rate security th roug h out th e ex isting infrastructure. D ) U pper m anag em ent is ultim ately responsible for policy im plem entation. 9. W h ich th ree options are areas of router security ? ( Ch oose th ree.) A ) ph y sical security B ) access control list security C) zone-based firew all security D ) operating sy stem security E ) router h ard ening F ) Cisco I O S -I PS security 2 C is c o C C N A S e c u r it y P r a c t ic e E x a m Q u e s tio n s © 20 0 9 C i s c o S y s t e m s , I n c .
10 . Y ou h av e sev eral operating g roups in y our enterprise th at req uire d iffering access restrictions to th e routers to perform th eir j ob roles. Th ese g roups rang e from H elp D esk personnel to ad v anced troublesh ooters. W h at is one m eth od olog y for controlling access rig h ts to th e routers in th ese situations? A ) config ure A CL s to control access for th e d ifferent g roups B ) config ure m ultiple priv ileg e lev el access C) im plem ent sy slog g ing to m onitor th e activ ities of th e g roups D ) config ure TA CA CS + to perform scalable auth entication 11. W h ich of th ese options is a G U I tool for perform ing security config urations on Cisco routers? A ) S ecurity A ppliance D ev ice M anag er B ) Cisco CL I Config uration M anag em ent Tool C) Cisco S ecurity D ev ice M anag er D ) Cisco S ecurity M anag er 12. W h en im plem enting netw ork security , w h at is an im portant config uration task th at y ou sh ould perform to assist in correlating netw ork and security ev ents? A ) Config ure Netw ork Tim e Protocol. B ) Config ure sy nch ronized sy slog reporting . C) Config ure a com m on repository of all netw ork ev ents for ease of m onitoring . D ) Config ure an autom ated netw ork m onitoring sy stem for ev ent correlation. 13. W h ich of th ese options is a Cisco I O S feature th at lets y ou m ore easily config ure security features on y our router? A ) Cisco S elf-D efend ing Netw ork B ) im plem enting A A A com m and auth orization C) th e a u t o s e c u r e CL I com m and D ) perform ing a security aud it v ia S D M 14. W h ich th ree of th ese options are som e of th e best practices w h en y ou im plem ent an effectiv e firew all security policy ? ( Ch oose th ree.) A ) Position firew alls at strateg ic insid e locations to h elp m itig ate insid e nontech nical attack s. B ) Config ure log g ing to capture all ev ents for forensic purposes. C) U se firew alls as a prim ary security d efense; oth er security m easures and d ev ices sh ould be im plem ented to enh ance y our netw ork security . D ) Position firew alls at k ey security bound aries. E ) D eny all traffic by d efault and perm it only necessary serv ices. 3 C is c o C C N A S e c u r it y P r a c t ic e E x a m Q u e s tio n s © 20 0 9 C i s c o S y s t e m s , I n c .
15. W h ich statem ent is true w h en config uring access control lists ( A CL s) on a Cisco router? A ) A CL s filter all traffic th roug h and sourced from th e router. B ) A pply th e A CL to th e interface prior to config uring access control entries to ensure th at controls are applied im m ed iately upon config uration. C) A n “ im plicit d eny ” is applied to th e start of th e A CL entry by d efault. D ) O nly one A CL per protocol, per d irection, and per interface is allow ed . 16. W h ich option correctly d efines asy m m etric encry ption? A ) uses th e sam e k ey s to encry pt and d ecry pt d ata B ) uses M D 5 h ash ing alg orith m s for d ig ital sig nag e encry ption C) uses d ifferent k ey s to encry pt and d ecry pt d ata D ) uses S H A -1 h ash ing alg orith m s for d ig ital sig nag e encry ption 17. W h ich option is a d esirable feature of using sy m m etric encry ption alg orith m s? A ) Th ey are often used for w ire-speed encry ption in d ata netw ork s. B ) Th ey are based on com plex m ath em atical operations and can easily be accelerated by h ard w are. C) Th ey offer sim ple k ey m anag em ent properties. D ) Th ey are best used for one-tim e encry ption need s. 18. W h ich option is true of using cry ptog raph ic h ash es? A ) Th ey are easily rev ersed to d eciph er th e m essag e contex t. B ) Th ey conv ert arbitrary d ata into a fix ed -leng th d ig est. C) Th ey are based on a tw o-w ay m ath em atical function. D ) Th ey are used for encry pting bulk d ata com m unications. 19. W h ich option is true of intrusion prev ention sy stem s? A ) Th ey operate in prom iscuous m od e. B ) Th ey operate in inline m od e. C) Th ey h av e no potential im pact on th e d ata seg m ent being m onitored . D ) Th ey are m ore v ulnerable to ev asion tech niq ues th an I D S . 20 . W h ich statem ent is true w h en using zone-based firew alls on a Cisco router? A ) Policies are applied to traffic m ov ing betw een zones, not betw een interfaces. B ) Th e firew alls can be config ured sim ultaneously on th e sam e interface as classic CB A C using th e i p i n s p e c t CL I com m and . C) I nterface A CL s are applied before zone-based policy firew alls w h en th ey are applied outbound . D ) W h en config ured w ith th e “ PA S S ” action, stateful inspection is applied to all traffic passing betw een th e config ured zones. 4 C is c o C C N A S e c u r it y P r a c t ic e E x a m Q u e s tio n s © 20 0 9 C i s c o S y s t e m s , I n c .
C C N A S e c u r ity P r a c tic e Q u e s tio n s A n s w e r K e y 1. C 2. A 3. A , C, F 4. A 5. B 6. C 7. D 8. C 9. A , D , E 10 . B 11. C 12. A 13. C 14. C, D , E 15. D 16. C 17. A 18. B 19. B 20 . A 5 C is c o C C N A S e c u r it y P r a c t ic e E x a m Q u e s tio n s © 20 0 9 C i s c o S y s t e m s , I n c .

Empfohlen

S1 intr ftui
S1 intr ftuiS1 intr ftui
S1 intr ftui
teknik komputer ui
 
Modul 5
Modul 5Modul 5
Modul 5
teknik komputer ui
 
Modul 1
Modul 1Modul 1
Modul 1
teknik komputer ui
 
1)Which of the following are Penetration testing methodology
1)Which of the following are Penetration testing methodology1)Which of the following are Penetration testing methodology
1)Which of the following are Penetration testing methodology
sandibabcock
 
1) Which of the following are Penetration testing methodology .docx
1) Which of the following are Penetration testing methodology .docx1) Which of the following are Penetration testing methodology .docx
1) Which of the following are Penetration testing methodology .docx
SONU61709
 
1. Which of the following is a Cisco IOS feature that can collect .docx
1. Which of the following is a Cisco IOS feature that can collect .docx1. Which of the following is a Cisco IOS feature that can collect .docx
1. Which of the following is a Cisco IOS feature that can collect .docx
jackiewalcutt
 
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
scoopnewsgroup
 
Security (FE)
Security (FE)Security (FE)
Security (FE)
Tanat Tonguthaisri
 

Empfohlen

S1 intr ftui
S1 intr ftuiS1 intr ftui
S1 intr ftui
teknik komputer ui
 
Modul 5
Modul 5Modul 5
Modul 5
teknik komputer ui
 
Modul 1
Modul 1Modul 1
Modul 1
teknik komputer ui
 
1)Which of the following are Penetration testing methodology
1)Which of the following are Penetration testing methodology1)Which of the following are Penetration testing methodology
1)Which of the following are Penetration testing methodology
sandibabcock
 
1) Which of the following are Penetration testing methodology .docx
1) Which of the following are Penetration testing methodology .docx1) Which of the following are Penetration testing methodology .docx
1) Which of the following are Penetration testing methodology .docx
SONU61709
 
1. Which of the following is a Cisco IOS feature that can collect .docx
1. Which of the following is a Cisco IOS feature that can collect .docx1. Which of the following is a Cisco IOS feature that can collect .docx
1. Which of the following is a Cisco IOS feature that can collect .docx
jackiewalcutt
 
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
scoopnewsgroup
 
Security (FE)
Security (FE)Security (FE)
Security (FE)
Tanat Tonguthaisri
 
Security (IP)
Security (IP)Security (IP)
Security (IP)
Tanat Tonguthaisri
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5
madunix
 
Dupressoir
DupressoirDupressoir
Dupressoir
anesah
 
Qualifying exam-2015-final
Qualifying exam-2015-finalQualifying exam-2015-final
Qualifying exam-2015-final
Open Networking Perú (Opennetsoft)
 
Iot m2m
Iot m2mIot m2m
Iot m2m
sundarag1
 
1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docx1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docx
ambersalomon88660
 
Scs.pptx repaired
Scs.pptx repairedScs.pptx repaired
Scs.pptx repaired
Saransh Garg
 
cloud security unit 2 notes (ppt) UNIT 2 PPT.pptx
cloud security unit 2 notes (ppt) UNIT 2 PPT.pptxcloud security unit 2 notes (ppt) UNIT 2 PPT.pptx
cloud security unit 2 notes (ppt) UNIT 2 PPT.pptx
PriyadharshiniMuruge10
 
Prevention of Vulnerable Virtual Machines against DDOS.pptx
Prevention of Vulnerable Virtual Machines against DDOS.pptxPrevention of Vulnerable Virtual Machines against DDOS.pptx
Prevention of Vulnerable Virtual Machines against DDOS.pptx
NoorFathima60
 
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...
Cristian Garcia G.
 
CCNA 200-120 Exam Questions
CCNA 200-120 Exam QuestionsCCNA 200-120 Exam Questions
CCNA 200-120 Exam Questions
Eng. Emad Al-Atoum
 
Session 3 Software Engineering UGC NET.pdf
Session 3 Software Engineering UGC NET.pdfSession 3 Software Engineering UGC NET.pdf
Session 3 Software Engineering UGC NET.pdf
sangeethachandran
 
Service mesh in Microservice World to Manage end to end service communications
Service mesh in Microservice World to Manage end to end service communicationsService mesh in Microservice World to Manage end to end service communications
Service mesh in Microservice World to Manage end to end service communications
Satya Syam
 
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
Open Networking Perú (Opennetsoft)
 
Plataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação CibernéticaPlataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação Cibernética
Hamilton Oliveira
 
mcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdfmcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdf
ANJUMOHANANU
 
Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)
Ameer Sameer
 
Cloud and the Future of Networked Systems
Cloud and the Future of Networked SystemsCloud and the Future of Networked Systems
Cloud and the Future of Networked Systems
James Urquhart
 
Istqb question-paper-dump-1
Istqb question-paper-dump-1Istqb question-paper-dump-1
Istqb question-paper-dump-1
TestingGeeks
 
H19-401_V1.0 HCSP-Presales-Campus Network Planning and Design V1.0 Exam Quest...
H19-401_V1.0 HCSP-Presales-Campus Network Planning and Design V1.0 Exam Quest...H19-401_V1.0 HCSP-Presales-Campus Network Planning and Design V1.0 Exam Quest...
H19-401_V1.0 HCSP-Presales-Campus Network Planning and Design V1.0 Exam Quest...
PassquestionExamTrai
 
Modul 4
Modul 4Modul 4
Modul 4
teknik komputer ui
 
Modul 3
Modul 3Modul 3
Modul 3
teknik komputer ui
 

Weitere ähnliche Inhalte

Ähnlich wie Iins practice questions

Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5
madunix
 
Dupressoir
DupressoirDupressoir
Dupressoir
anesah
 
1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docx1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docx
ambersalomon88660
 
Session 3 Software Engineering UGC NET.pdf
Session 3 Software Engineering UGC NET.pdfSession 3 Software Engineering UGC NET.pdf
Session 3 Software Engineering UGC NET.pdf
sangeethachandran
 
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
Open Networking Perú (Opennetsoft)
 
Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)
Ameer Sameer
 
Cloud and the Future of Networked Systems
Cloud and the Future of Networked SystemsCloud and the Future of Networked Systems
Cloud and the Future of Networked Systems
James Urquhart
 
Istqb question-paper-dump-1
Istqb question-paper-dump-1Istqb question-paper-dump-1
Istqb question-paper-dump-1
TestingGeeks
 

Ähnlich wie Iins practice questions (20)

Security (IP)
Security (IP)Security (IP)
Security (IP)
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5
 
Dupressoir
DupressoirDupressoir
Dupressoir
 
Qualifying exam-2015-final
Qualifying exam-2015-finalQualifying exam-2015-final
Qualifying exam-2015-final
 
Iot m2m
Iot m2mIot m2m
Iot m2m
 
1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docx1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docx
 
Scs.pptx repaired
Scs.pptx repairedScs.pptx repaired
Scs.pptx repaired
 
cloud security unit 2 notes (ppt) UNIT 2 PPT.pptx
cloud security unit 2 notes (ppt) UNIT 2 PPT.pptxcloud security unit 2 notes (ppt) UNIT 2 PPT.pptx
cloud security unit 2 notes (ppt) UNIT 2 PPT.pptx
 
Prevention of Vulnerable Virtual Machines against DDOS.pptx
Prevention of Vulnerable Virtual Machines against DDOS.pptxPrevention of Vulnerable Virtual Machines against DDOS.pptx
Prevention of Vulnerable Virtual Machines against DDOS.pptx
 
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...
 
CCNA 200-120 Exam Questions
CCNA 200-120 Exam QuestionsCCNA 200-120 Exam Questions
CCNA 200-120 Exam Questions
 
Session 3 Software Engineering UGC NET.pdf
Session 3 Software Engineering UGC NET.pdfSession 3 Software Engineering UGC NET.pdf
Session 3 Software Engineering UGC NET.pdf
 
Service mesh in Microservice World to Manage end to end service communications
Service mesh in Microservice World to Manage end to end service communicationsService mesh in Microservice World to Manage end to end service communications
Service mesh in Microservice World to Manage end to end service communications
 
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
 
Plataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação CibernéticaPlataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação Cibernética
 
mcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdfmcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdf
 
Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)
 
Cloud and the Future of Networked Systems
Cloud and the Future of Networked SystemsCloud and the Future of Networked Systems
Cloud and the Future of Networked Systems
 
Istqb question-paper-dump-1
Istqb question-paper-dump-1Istqb question-paper-dump-1
Istqb question-paper-dump-1
 
H19-401_V1.0 HCSP-Presales-Campus Network Planning and Design V1.0 Exam Quest...
H19-401_V1.0 HCSP-Presales-Campus Network Planning and Design V1.0 Exam Quest...H19-401_V1.0 HCSP-Presales-Campus Network Planning and Design V1.0 Exam Quest...
H19-401_V1.0 HCSP-Presales-Campus Network Planning and Design V1.0 Exam Quest...
 

Mehr von teknik komputer ui

The cisco networking academy net riders indonesia 2010 competition
The cisco networking academy net riders indonesia 2010 competitionThe cisco networking academy net riders indonesia 2010 competition
The cisco networking academy net riders indonesia 2010 competition
teknik komputer ui
 
Rencana Proyek Divisi Komputer.doc
Rencana Proyek Divisi Komputer.docRencana Proyek Divisi Komputer.doc
Rencana Proyek Divisi Komputer.doc
teknik komputer ui
 

Mehr von teknik komputer ui (20)

Modul 4
Modul 4Modul 4
Modul 4
 
Modul 3
Modul 3Modul 3
Modul 3
 
Modul 1
Modul 1Modul 1
Modul 1
 
Modul 2
Modul 2Modul 2
Modul 2
 
The cisco networking academy net riders indonesia 2010 competition
The cisco networking academy net riders indonesia 2010 competitionThe cisco networking academy net riders indonesia 2010 competition
The cisco networking academy net riders indonesia 2010 competition
 
Rencana Proyek Divisi Komputer.doc
Rencana Proyek Divisi Komputer.docRencana Proyek Divisi Komputer.doc
Rencana Proyek Divisi Komputer.doc
 
Salinan Research Paper
Salinan Research PaperSalinan Research Paper
Salinan Research Paper
 
Chapter_1_Case_Study
Chapter_1_Case_StudyChapter_1_Case_Study
Chapter_1_Case_Study
 
Exploration network chapter7
Exploration network chapter7Exploration network chapter7
Exploration network chapter7
 
Exploration network chapter6
Exploration network chapter6Exploration network chapter6
Exploration network chapter6
 
Exploration network chapter5
Exploration network chapter5Exploration network chapter5
Exploration network chapter5
 
Exploration network chapter4
Exploration network chapter4Exploration network chapter4
Exploration network chapter4
 
Exploration network chapter3
Exploration network chapter3Exploration network chapter3
Exploration network chapter3
 
Exploration network chapter2
Exploration network chapter2Exploration network chapter2
Exploration network chapter2
 
Exploration network chapter1
Exploration network chapter1Exploration network chapter1
Exploration network chapter1
 
Exploration network chapter11
Exploration network chapter11Exploration network chapter11
Exploration network chapter11
 
Chapter1
Chapter1Chapter1
Chapter1
 
Chapter3 bag2
Chapter3 bag2Chapter3 bag2
Chapter3 bag2
 
Chapter3 bag1
Chapter3 bag1Chapter3 bag1
Chapter3 bag1
 
Chapter2 bag2
Chapter2 bag2Chapter2 bag2
Chapter2 bag2
 

Iins practice questions

  • 1. Cisco CCN A S e cu r it y P r a ct ice E x a m Q u e st ion s Implementing Cisco IOS Network Security (IINS) v1.0 Th e follow ing Cisco® CCNA S ecurity practice ex am q uestions are based on th e course I m p l e m e n t i n g C i s c o I O S N e t w o r k S e c u r i t y ( I I N S ) v 1 . 0 . Th e answ er k ey is on th e last pag e of th is d ocum ent. 1. W h at is th e g oal of an ov erall security ch alleng e w h en planning a security strateg y ? A ) to h ard en all ex terior-facing netw ork com ponents B ) to install firew alls at all critical points in th e netw ork C) to find a balance betw een th e need to open netw ork s to support ev olv ing business req uirem ents and th e need to inform D ) to ed ucate em ploy ees to be on th e look out for suspicious beh av ior 2. W h ich th reats are th e m ost serious? A ) insid e th reats B ) outsid e th reats C) unk now n th reats D ) reconnaissance th reats 3. Netw ork security aim s to prov id e w h ich th ree k ey serv ices? ( Ch oose th ree.) A ) d ata integ rity B ) d ata strateg y C) d ata and sy stem av ailability D ) d ata m ining E ) d ata storag e F ) d ata confid entiality 4. W h ich option is th e term for a w eak ness in a sy stem or its d esig n th at can be ex ploited by a th reat? A ) a v ulnerability B ) a risk C) an ex ploit D ) an attack 1 C is c o C C N A S e c u r it y P r a c t ic e E x a m Q u e s tio n s © 20 0 9 C i s c o S y s t e m s , I n c .
  • 2. 5. W h ich option is th e term for th e lik elih ood th at a particular th reat using a specific attack w ill ex ploit a particular v ulnerability of a sy stem th at results in an und esirable conseq uence? A ) a v ulnerability B ) a risk C) an ex ploit D ) an attack 6. W h ich option is th e term for w h at h appens w h en com puter cod e is d ev eloped to tak e ad v antag e of a v ulnerability ? F or ex am ple, suppose th at a v ulnerability ex ists in a piece of softw are, but nobod y k now s about th is v ulnerability . A ) a v ulnerability B ) a risk C) an ex ploit D ) an attack 7. W h at is th e first step y ou sh ould tak e w h en consid ering securing y our netw ork ? A ) I nstall a firew all. B ) I nstall an intrusion prev ention sy stem . C) U pd ate serv ers and user PCs w ith th e latest patch es. D ) D ev elop a security policy . 8. W h ich option is a k ey principle of th e Cisco S elf-D efend ing Netw ork strateg y ? A ) S ecurity is static and sh ould prev ent m ost k now n attack s on th e netw ork . B ) Th e self-d efend ing netw ork sh ould be th e k ey point of y our security policy . C) I nteg rate security th roug h out th e ex isting infrastructure. D ) U pper m anag em ent is ultim ately responsible for policy im plem entation. 9. W h ich th ree options are areas of router security ? ( Ch oose th ree.) A ) ph y sical security B ) access control list security C) zone-based firew all security D ) operating sy stem security E ) router h ard ening F ) Cisco I O S -I PS security 2 C is c o C C N A S e c u r it y P r a c t ic e E x a m Q u e s tio n s © 20 0 9 C i s c o S y s t e m s , I n c .
  • 3. 10 . Y ou h av e sev eral operating g roups in y our enterprise th at req uire d iffering access restrictions to th e routers to perform th eir j ob roles. Th ese g roups rang e from H elp D esk personnel to ad v anced troublesh ooters. W h at is one m eth od olog y for controlling access rig h ts to th e routers in th ese situations? A ) config ure A CL s to control access for th e d ifferent g roups B ) config ure m ultiple priv ileg e lev el access C) im plem ent sy slog g ing to m onitor th e activ ities of th e g roups D ) config ure TA CA CS + to perform scalable auth entication 11. W h ich of th ese options is a G U I tool for perform ing security config urations on Cisco routers? A ) S ecurity A ppliance D ev ice M anag er B ) Cisco CL I Config uration M anag em ent Tool C) Cisco S ecurity D ev ice M anag er D ) Cisco S ecurity M anag er 12. W h en im plem enting netw ork security , w h at is an im portant config uration task th at y ou sh ould perform to assist in correlating netw ork and security ev ents? A ) Config ure Netw ork Tim e Protocol. B ) Config ure sy nch ronized sy slog reporting . C) Config ure a com m on repository of all netw ork ev ents for ease of m onitoring . D ) Config ure an autom ated netw ork m onitoring sy stem for ev ent correlation. 13. W h ich of th ese options is a Cisco I O S feature th at lets y ou m ore easily config ure security features on y our router? A ) Cisco S elf-D efend ing Netw ork B ) im plem enting A A A com m and auth orization C) th e a u t o s e c u r e CL I com m and D ) perform ing a security aud it v ia S D M 14. W h ich th ree of th ese options are som e of th e best practices w h en y ou im plem ent an effectiv e firew all security policy ? ( Ch oose th ree.) A ) Position firew alls at strateg ic insid e locations to h elp m itig ate insid e nontech nical attack s. B ) Config ure log g ing to capture all ev ents for forensic purposes. C) U se firew alls as a prim ary security d efense; oth er security m easures and d ev ices sh ould be im plem ented to enh ance y our netw ork security . D ) Position firew alls at k ey security bound aries. E ) D eny all traffic by d efault and perm it only necessary serv ices. 3 C is c o C C N A S e c u r it y P r a c t ic e E x a m Q u e s tio n s © 20 0 9 C i s c o S y s t e m s , I n c .
  • 4. 15. W h ich statem ent is true w h en config uring access control lists ( A CL s) on a Cisco router? A ) A CL s filter all traffic th roug h and sourced from th e router. B ) A pply th e A CL to th e interface prior to config uring access control entries to ensure th at controls are applied im m ed iately upon config uration. C) A n “ im plicit d eny ” is applied to th e start of th e A CL entry by d efault. D ) O nly one A CL per protocol, per d irection, and per interface is allow ed . 16. W h ich option correctly d efines asy m m etric encry ption? A ) uses th e sam e k ey s to encry pt and d ecry pt d ata B ) uses M D 5 h ash ing alg orith m s for d ig ital sig nag e encry ption C) uses d ifferent k ey s to encry pt and d ecry pt d ata D ) uses S H A -1 h ash ing alg orith m s for d ig ital sig nag e encry ption 17. W h ich option is a d esirable feature of using sy m m etric encry ption alg orith m s? A ) Th ey are often used for w ire-speed encry ption in d ata netw ork s. B ) Th ey are based on com plex m ath em atical operations and can easily be accelerated by h ard w are. C) Th ey offer sim ple k ey m anag em ent properties. D ) Th ey are best used for one-tim e encry ption need s. 18. W h ich option is true of using cry ptog raph ic h ash es? A ) Th ey are easily rev ersed to d eciph er th e m essag e contex t. B ) Th ey conv ert arbitrary d ata into a fix ed -leng th d ig est. C) Th ey are based on a tw o-w ay m ath em atical function. D ) Th ey are used for encry pting bulk d ata com m unications. 19. W h ich option is true of intrusion prev ention sy stem s? A ) Th ey operate in prom iscuous m od e. B ) Th ey operate in inline m od e. C) Th ey h av e no potential im pact on th e d ata seg m ent being m onitored . D ) Th ey are m ore v ulnerable to ev asion tech niq ues th an I D S . 20 . W h ich statem ent is true w h en using zone-based firew alls on a Cisco router? A ) Policies are applied to traffic m ov ing betw een zones, not betw een interfaces. B ) Th e firew alls can be config ured sim ultaneously on th e sam e interface as classic CB A C using th e i p i n s p e c t CL I com m and . C) I nterface A CL s are applied before zone-based policy firew alls w h en th ey are applied outbound . D ) W h en config ured w ith th e “ PA S S ” action, stateful inspection is applied to all traffic passing betw een th e config ured zones. 4 C is c o C C N A S e c u r it y P r a c t ic e E x a m Q u e s tio n s © 20 0 9 C i s c o S y s t e m s , I n c .
  • 5. C C N A S e c u r ity P r a c tic e Q u e s tio n s A n s w e r K e y 1. C 2. A 3. A , C, F 4. A 5. B 6. C 7. D 8. C 9. A , D , E 10 . B 11. C 12. A 13. C 14. C, D , E 15. D 16. C 17. A 18. B 19. B 20 . A 5 C is c o C C N A S e c u r it y P r a c t ic e E x a m Q u e s tio n s © 20 0 9 C i s c o S y s t e m s , I n c .