Flashcards - Ccna Security 2 PDF

11/18/2015
Flashcardsccnasecurity2
Home>Flashcards>PrintPreview
ccnasecurity2
TheflashcardsbelowareoneofmanysetsonFreezingBlueFlashcards.Whatwouldyouliketodo?
GetthefreeFlashcardsappforiOS
GetthefreeFlashcardsappforAndroid
Learnmore
1. QUESTION161
WhichthreestatementsaboutRADIUSaretrue?(Choosethree.)
A.RADIUSusesTCPport49.
B.RADIUSusesUDPports1645or1812.
C.RADIUSencryptstheentirepacket.
D.RADIUSencryptsonlythepasswordintheAccessRequestpacket.
E.RADIUSisaCiscoproprietarytechnology.
F.RADIUSisanopenstandard.
Answer:BDF
2. QUESTION162
WhichnetworksecurityframeworkisusedtosetupaccesscontrolonCiscoAppliances?
A.RADIUS
B.AAA
C.TACACS+
D.NAS
CardSetInformation
Author:
rkrouse
ID:
304843
Filename:
ccnasecurity2
Updated:
2015070707:37:57
Tags:
ccnasecurity2
Folders:
Description: 2ndccnasecuritycards
ShowAnswers:
XeroAccounting
Software
MakingAccountingBeautiful
&Easy.WatchaDemo&
StartaFreeTrial.
Answer:B
3. QUESTION163
WhichtwoprotocolsareusedinaserverbasedAAAdeployment?(Choosetwo.)
A.RADIUS
B.TACACS+
C.HTTPS
D.WCCP
E.HTTP
Answer:AB
4. QUESTION164
WhichCiscoIOScommandwillverifyauthenticationbetweenarouterandaAAAserver?
A.debugaaaauthentication
B.testaaagroup
C.testaaaaccounting
D.aaanewmodel
Answer:B
5. QUESTION165
WhichAAAfeaturecanautomaterecordkeepingwithinanetwork?
A.TACACS+
B.authentication
C.authorization
D.accounting
Answer:D
6. QUESTION166
WhichtwostatementsaboutIPv6accesslistsaretrue?(Choosetwo).
A.IPv6accesslistssupportnumberedaccesslists.
B.IPv6accesslistssupportwildcardmasks.
C.IPv6accesslistssupportstandardaccesslists.
D.IPv6accesslistssupportnamedaccesslists.
E.IPv6accesslistssupportextendedaccesslists.
Answer:DE
7. QUESTION167
Whichcommandenablessubnet192.168.8.4/30tocommunicatewithsubnet192.168.8.32/27onIPprotocol50?
A.permitesp192.168.8.4255.255.255.252192.168.8.32255.255.255.224
B.permitesp192.168.8.40.0.0.31192.168.8.320.0.0.31
C.permitesp192.168.8.4255.255.255.252224.168.8.32255.255.255.192
D.permitesp192.168.8.40.0.0.3192.168.8.320.0.0.31
Answer:D
http://www.freezingblue.com/flashcards/print_preview.cgi?cardsetID=304843
1/12
11/18/2015
8. QUESTION168
Whichtwotypesofaccesslistscanbeusedforsequencing?(Choosetwo.)
A.reflexive
B.standard
C.dynamic
D.extended
Answer:BD
9. QUESTION169
WhichcommandwillblockIPtraffictothedestination172.16.0.1/32?
A.accesslist101denyiphost172.16.0.1any
B.accesslist101denyipanyhost172.16.0.1
C.accesslist101denyipanyany
D.accesslist11denyhost172.16.0.1
Answer:B
10. QUESTION170
Whichtwoconsiderationsaboutsecurenetworkmonitoringareimportant?(Choosetwo.)
A.logtampering
B.encryptionalgorithmstrength
C.accuratetimestamping
D.offsitestorage
E.UseRADIUSforroutercommandsauthorization.F.Donotusealoopbackinterfacefordevicemanagementaccess.
Answer:AC
11. QUESTION171
WhichtwocountermeasurescanmitigateSTProotbridgeattacks?(Choosetwo.)
A.rootguard
B.BPDUfiltering
C.Layer2PDUratelimiter
D.BPDUguard
Answer:AD
12. QUESTION172
WhichtwocountermeasurescanmitigateMACspoofingattacks?(Choosetwo.)
A.IPsourceguard
B.portsecurity
C.rootguard
D.BPDUguard
Answer:AB
13. QUESTION173
WhichstatementcorrectlydescribesthefunctionofaprivateVLAN?
A.AprivateVLANpartitionstheLayer2broadcastdomainofaVLANintosubdomains.
B.AprivateVLANpartitionstheLayer3broadcastdomainofaVLANintosubdomains.
C.AprivateVLANenablesthecreationofmultipleVLANsusingonebroadcastdomain.
D.AprivateVLANcombinestheLayer2broadcastdomainsofmanyVLANsintoonemajorbroadcastdomain.
Answer:A
14. QUESTION174
WhataretwoprimaryattackmethodsofVLANhopping?(Choosetwo.)
A.VoIPhopping
B.switchspoofing
C.CAMtableoverflow
D.doubletagging
Answer:BD
15. QUESTION175
WhichtypeofattackcanbepreventedbysettingthenativeVLANtoanunusedVLAN?
A.VLANhoppingattacks
B.CAMtableoverflow
C.denialofserviceattacks
D.MACaddressspoofing
Answer:A
16. QUESTION176
Whatisthepurposeofatrunkport?
A.AtrunkportcarriestrafficformultipleVLANs.
B.Atrunkportconnectsmultiplehubstogethertoincreasebandwidth.
C.AtrunkportseparatesVLANbroadcastdomains.
D.AtrunkportprovidesaphysicallinkspecificallyforaVPN.
Answer:A
17. QUESTION177
ThehostALayer2portisconfiguredinVLAN5onswitch1,andthehostBLayer2portisconfiguredinVLAN10onswitch1.Which
twoactionsyoucantaketoenablethetwohoststocommunicatewitheachother?(Choosetwo.)
A.ConfigureinterVLANrouting.
B.Connectthehostsdirectlythroughahub.
2/12
11/18/2015
C.Configureswitchedvirtualinterfaces.
D.Connectthehostsdirectlythrougharouter.
Answer:AC
18. QUESTION178
WhichtwopiecesofinformationshouldyouacquirebeforeyoutroubleshootanSTPloop?(Choosetwo.)
A.topologyoftheroutednetwork
B.topologyoftheswitchednetwork
C.locationoftherootbridge
D.numberofswitchesinthenetwork
Answer:BC
19. QUESTION179
WhichtwooptionsaresymmetrickeyalgorithmsthatarerecommendedbyCisco?(Choosetwo.)
A.Twofish
B.AdvancedEncryptionStandard
C.Blowfish
D.TripleDataEncryptionStandard
Answer:BD
20. QUESTION180
WhichtechnologyprovidesanautomateddigitalcertificatemanagementsystemforusewithIPsec?
A.ISAKMP
B.publickeyinfrastructure
C.DigitalSignatureAlgorithm
D.InternetKeyExchange
Answer:B
21. QUESTION181
WhichtwoIPsecprotocolsareusedtoprotectdatainmotion?(Choosetwo.)
A.EncapsulatingSecurityPayloadProtocol
B.TransportLayerSecurityProtocol
C.SecureShellProtocol
D.AuthenticationHeaderProtocol
Answer:AD
22. QUESTION182
OnwhichprotocolnumberdoesEncapsulatingSecurityPayloadoperate?
A.06
B.47
C.50
D.51
Answer:C
23. QUESTION183
Onwhichprotocolnumberdoestheauthenticationheaderoperate?
A.06
B.47
C.50
D.51
Answer:D
24. QUESTION185
InanIPsecVPN,whatdeterminationdoestheaccesslistmakeaboutVPNtraffic?
A.whetherthetrafficshouldbeblocked
B.whetherthetrafficshouldbepermitted
C.whetherthetrafficshouldbeencrypted
D.thepeertowhichtrafficshouldbesent
Answer:C
25. QUESTION186
Whichcommandverifiesphase2ofanIPsecVPNonaCiscorouter?
A.showcryptomap
B.showcryptoipsecsa
C.showcryptoisakmpsa
D.showcryptoengineconnectionactive
Answer:B
26. QUESTION187
YouaretroubleshootingaCiscoAnyConnectVPNonafirewallandissuethecommandshowwebvpnanyconnect.Theoutputshowsthe
message"SSLVPNisnotenabled"insteadofshowingtheAnyConnectpackage.Whichactioncanyoutaketoresolvetheproblem?
A.Issuetheenableoutsidecommand.
B.Issuetheanyconnectenablecommand.
C.Issuetheenableinsidecommand.
D.ReinstalltheAnyConnectimage.
Answer:B
27. QUESTION188
3/12
11/18/2015
Whatisthekeydifferencebetweenhostbasedandnetworkbasedintrusionprevention?
A.NetworkbasedIPSisCSSLandTLSencrypteddataflows.
B.NetworkbasedIPSprovidesbetterprotectionagainstOSkernellevelattacksagainsthostsandservers.
C.NetworkbasedIPScanprovideprotectiontodesktopsandserverswithouttheneedofinstallingspecializedsoftwareontheendhosts
andservers.
D.HostbasedIPScanworkinpromiscuousmodeorinlinemode.
E.HostbasedIPSismorescalablethennetworkbasedIPS.
F.HostbasedIPSdeploymentrequireslessplanningthannetworkbasedIPS.
Answer:C
28. QUESTION189
Whichoneisthemostimportantbasedonthefollowingcommonelementsofanetworkdesign?
A.Businessneeds
B.Bestpractices
C.Riskanalysis
D.Securitypolicy
Answer:A
29. QUESTION190
WhenconfiguringCiscoIOSloginenhancementsforvirtualconnections,whatisthe"quietperiod"?
A.Aperiodoftimewhennooneisattemptingtologin
B.Theperiodoftimeinwhichvirtualloginsareblockedassecurityservicesfullyinitialize
C.Theperiodoftimeinwhichvirtualloginattemptsareblocked,followingrepeatedfailedloginattempts
D.Theperiodoftimebetweensuccessiveloginattempts
Answer:C
30. QUESTION191
WhatisaresultofsecuringtheCiscoIOSimageusingtheCiscoIOSimageresiliencefeature?
A.TheshowversioncommandwillnotshowtheCiscoIOSimagefilelocation.
B.TheCiscoIOSimagefilewillnotbevisibleintheoutputfromtheshowflashcommand.
C.Whentherouterbootsup,theCiscoIOSimagewillbeloadedfromasecuredFTPlocation.
D.TherunningCiscoIOSimagewillbeencryptedandthenautomaticallybackeduptotheNVRAM.
E.TherunningCiscoIOSimagewillbeencryptedandthenautomaticallybackeduptoaTFTPserver.
Answer:B
31. QUESTION192
WhichthreestatementsarevalidSDMconfigurationwizards?(Choosethree.)
A.SecurityAudit
B.VPN
C.STP
D.NAT
Answer:ABD
32. QUESTION193
HowdoyoudefinetheauthenticationmethodthatwillbeusedwithAAA?
A.Withamethodlist
B.Withthemethodcommand
C.Withthemethodaaacommand
D.Withamethodstatement
Answer:A
33. QUESTION194
WhichoneofthefollowingcommandscanbeusedtoenableAAAauthenticationtodetermineifausercanaccesstheprivilegecommand
level?
A.aaaauthenticationenabledefaultlocal
B.aaaauthenticationenablelevel
C.aaaauthenticationenablemethoddefault
D.aaaauthenticationenabledefault
Answer:D
34. QUESTION195
WhichtwoportsareusedwithRADIUSauthenticationandauthorization?(Choosetwo.)
A.TCPport2002
B.UDPport2000
C.UDPport1645
D.UDPport1812
Answer:CD
35. QUESTION196
WhichtypeofMACaddressisdynamicallylearnedbyaswitchportandthenaddedtotheswitch'srunningconfiguration?
A.PervasivesecureMACaddress
B.StaticsecureMACaddress
C.StickysecureMACaddress
D.DynamicsecureMACaddress
Answer:C
36. QUESTION197
WhatcommanddisplaysallexistingIPsecsecurityassociations(SA)?
4/12
11/18/2015
A.showcryptoisakmpsa
B.showcryptoipsecsa
C.showcryptoikeactive
D.showcryptosaactive
Answer:B
37. QUESTION198
Whichofthefollowingisnotconsideredatrustworthysymmetricencryptionalgorithm?
A.3DES
B.IDEA
C.EDE
D.AES
Answer:C
38. QUESTION199
Forthefollowingitems,whichmanagementtopologykeepsmanagementtrafficisolatedfromproductiontraffic?
A.OOB
B.SAFE
C.MARS
D.OTP
Answer:A
39. QUESTION200
Whichtypeofcipherachievessecuritybyrearrangingthelettersinastringoftext?
A.Vigenrecipher
B.Streamcipher
C.Transpositioncipher
D.Blockcipher
Answer:C
40. QUESTION201
Whichofthefollowingaretechniquesusedbysymmetricencryptioncryptography?(Chooseallthatapply.)
A.Blockciphers
B.MessageAuthenticationCodes(MAC)
C.Onetimepad
D.Streamciphers
E.Vigenrecipher
Answer:ABD
41. QUESTION202
WhichtwostatementsaretrueaboutthedifferencesbetweenIDSandIPS?(Choosetwo.)
A.IPSoperatesinpromiscuousmode.
B.IPSreceivesacopyofthetraffictobeanalyzed.
C.IPSoperatesininlinemode.
D.IDSreceivesacopyofthetraffictobeanalyzed.
Answer:CD
42. QUESTION203
Whichoptionisadesirablefeatureofusingsymmetricencryptionalgorithms?
A.theyareoftenusedforwirespeedencryptionindatanetworks
B.theyarebasedoncomplexmathematicaloperationsandcaneasilybeacceleratedbyhardware
C.theyoffersimplekeymanagementproperties
D.theyarebestusedforonetimeencryptionneeds
Answer:A
43. QUESTION204
Whichoptionistrueofusingcryptographichashes?
A.theyareeasilyreversedtodecipherthemessagecontext
B.theyconvertarbitrarydataintofixedlengthdigits
C.theyarebasedonatwowaymathematicalfunction
D.theyareusedforencryptingbulkdatacommunications
Answer:B
44. QUESTION205
Whenimplementingnetworksecurity,whatisanimportantconfigurationtaskthatyoushouldperformtoassistincorrelatingnetworkand
securityevents?
A.configurenetworktimeprotocol
B.configuresynchronizedsyslogreporting
C.configureacommonrepositoryofallnetworkeventsforeaseofmonitoring
D.configureanautomatednetworkmonitoringsystemforeventcorrelation
Answer:A
45. QUESTION206
WhichoftheseoptionsisaCiscoIOSfeaturethatletsyoumoreeasilyconfiguresecurityfeaturesonyourrouter?
A.ciscoselfdefendingnetwork
B.implementingAAAcommandauthorization
C.theautosecureCLIcommand
D.performingasecurityauditviaSDM
5/12
11/18/2015
Answer:C
46. QUESTION207
WhatisthemostcommonCiscoDiscoveryProtocolversion1attack?
A.denialofservice
B.MACaddressspoofing
C.CAMtableoverflow
D.VLANhopping
Answer:A
47. QUESTION208
WhichoptiondescribesafunctionofavirtualVLAN?
A.AvirtualVLANcreatesalogicallypartitionedLANtoplaceswitchportsinaseparatebroadcastdomain.
B.AvirtualVLANcreatestrunksandlinkstwoswitchestogether.
C.AvirtualVLANaddseveryportonaswitchtoitsowncollisiondomain.
D.AvirtualVLANconnectsmanyhubstogether.
Answer:A
48. QUESTION209
Whichactioncanyoutaketoaddbandwidthtoatrunkbetweentwoswitchesandendupwithonlyonelogicalinterface?
A.Configureanothertrunklink.
B.ConfigureEtherChannel.
C.Configureanaccessport.
D.Connectahubbetweenthetwoswitches.
Answer:B
49. QUESTION210
IfthenativeVLANonatrunkisdifferentoneachendofthelink,whatisapotentialconsequence?
A.Theinterfaceonbothswitchesmayshutdown.
B.STPloopsmayoccur.
C.TheswitchwiththehighernativeVLANmayshutdown.
D.TheinterfacewiththelowernativeVLANmayshutdown.
Answer:B
50. QUESTION211
WhichVTPmodeallowsyoutochangetheVLANconfigurationandwillthenpropagatethechangethroughouttheentireswitched
network?
A.VTPserver
B.VTPclient
C.VTPtransparent
D.VTPoff
Answer:A
51. QUESTION212
Whenaswitchhasmultiplelinksconnectedtoadownstreamswitch,whatisthefirststepthatSTPtakestopreventloops?
A.STPelectstherootbridge.
B.STPselectstherootport.
C.STPselectsthedesignatedport.
D.STPblocksoneoftheports.
Answer:A
52. QUESTION213
WhatisthedefaultSTPpriorityonaswitch?
A.4096
B.24576
C.16384
D.32768
Answer:D
53. QUESTION214
WhichtwooptionsareasymmetrickeyalgorithmsthatarerecommendedbyCisco?(Choosetwo.)
A.RivestShamirAdlemanAlgorithm
B.ElGamalencryptionsystem
C.DigitalSignatureAlgorithm
D.Pailliercryptosystem
Answer:AC
54. QUESTION215
WhichIPseccomponenttakesaninputmessageofarbitrarylengthandproducesafixedlengthoutputmessage?
A.thetransformset
B.thegrouppolicy
C.thehash
D.thecryptomap
Answer:C
55. QUESTION216
WhichthreeoptionsarecomponentsofTransportLayerSecurity?(Choosethree.)
A.statelesshandshake
6/12
11/18/2015
B.statefulhandshake
C.applicationlayer
D.sessionlayer
E.presharedkeys
F.digitalcertificates
Answer:BCF
56. QUESTION217
WhatarethreefeaturesofIPsectunnelmode?(Choosethree.)
A.IPsectunnelmodesupportsmulticast.
B.IPsectunnelmodeisusedbetweengateways.
C.IPsectunnelmodeisusedbetweenendstations.
D.IPsectunnelmodesupportsunicasttraffic.
E.IPsectunnelmodeencryptsonlythepayload.
F.IPsectunnelmodeencryptstheentirepacket.
Answer:BDF
57. QUESTION218
Whichcommandprovidesphase1andphase2statusforallactivesessionsofanIPsecVPNonaCiscorouter?
A.showcryptomap
B.showcryptoipsecsa
C.showcryptoisakmpsa
D.showcryptosession
Answer:D
58. QUESTION219
HowcanyoupreventclientlessSSLVPNusersfromaccessinganyHTTPorHTTPSURLwithintheportal?
A.ConfigureawebACL.
B.TurnoffURLentry.
C.Configureasmarttunnel.
D.Configureaportalaccessrule.
Answer:B
59. QUESTION220
WhichCiscoAnyConnectVPNfeatureenablesDTLStofallbacktoaTLSconnection?
A.perfectforwardsecrecy
B.deadpeerdetection
C.keepalives
D.IKEv2
Answer:B
60. QUESTION221
WhereisthetransformsetappliedinanIOSIPsecVPN?
A.ontheWANinterface
B.intheISAKMPpolicy
C.inthecryptomap
D.ontheLANinterface
Answer:C
61. QUESTION222
WhichauthenticationprotocoldoestheCiscoAnyConnectVPNpasswordmanagementfeaturerequiretooperate?
A.MSCHAPv1
B.MSCHAPv2
C.CHAP
D.Kerberos
Answer:B
62. QUESTION223
Inwhichstageofanattackdoestheattackerdiscoverdevicesonatargetnetwork?
A.reconnaissance
B.gainingaccess
C.maintainingaccess
D.coveringtracks
Answer:A
63. QUESTION224
WhichCiscofeaturecanhelpmitigatespoofingattacksbyverifyingsymmetryofthetrafficpath?
A.UnidirectionalLinkDetection
B.UnicastReversePathForwarding
C.TrustSec
D.IPSourceGuard
Answer:B
64. QUESTION225
Bywhichkindofthreatisthevictimtrickedintoenteringusernameandpasswordinformationatadisguisedwebsite?
A.phishing
B.spam
C.malware
7/12
11/18/2015
D.spoofing
Answer:A
65. QUESTION226
WhichCiscoproductcanhelpmitigatewebbasedattackswithinanetwork?
A.AdaptiveSecurityAppliance
B.WebSecurityAppliance
C.EmailSecurityAppliance
D.IdentityServicesEngine
Answer:B
66. QUESTION227
WhichtypeofIPScanidentifywormsthatarepropagatinginanetwork?
A.signaturebasedIPS
B.policybasedIPS
C.anomalybasedIPS
D.reputationbasedIPS
Answer:C
67. QUESTION228
Whenacompanyputsasecuritypolicyinplace,whatistheeffectonthecompany'sbusiness?
A.minimizingrisk
B.minimizingtotalcostofownership
C.minimizingliability
D.maximizingcompliance
Answer:A
68. QUESTION229
WhichIOSfeaturecanlimitSSHaccesstoaspecificsubnetunderaVTYline?
A.accessclass
B.accesslist
C.routemap
D.routetag
Answer:A
69. QUESTION230
WhichcommandconfiguresloggingonaCiscoASAfirewalltoincludethedateandtime?
A.loggingfacility
B.loggingenable
C.loggingtimestamp
D.loggingbuffereddebugging
Answer:C
70. QUESTION231
WhichtwoprotocolscanSNMPusetosendmessagesoverasecurecommunicationschannel?(Choosetwo.)
A.DTLS
B.TLS
C.ESP
D.AH
E.ISAKMP
Answer:AB
71. QUESTION232
WhichtwooptionsareforsecuringNTP?(Choosetwo.)
A.astratumclock
B.accesslists
C.SecureShell
D.authentication
E.Telnet
Answer:BD
72. QUESTION233
WhatmustbeconfiguredbeforeSecureCopycanbeenabled?
A.SSH
B.AAA
C.TFTP
D.FTP
Answer:B
73. QUESTION234
WhichtwoportsdoesCiscoConfigurationProfessionaluse?(Choosetwo.)
A.80
B.8080
C.443
D.21
E.23
Answer:AC
8/12
11/18/2015
74. QUESTION235
Whichtwooptionsarephysicalsecuritythreats?(Choosetwo.)
A.hardware
B.environment
C.accesslists
D.deviceconfigurations
E.softwareversion
Answer:AB
75. QUESTION236
WhichcommandconfiguresstatefulpacketinspectiontoinspectapacketafteritpassestheinboundACLoftheinputinterface?
A.ipinspectout
B.ipinspectin
C.ipinspectnameaudittrailon
D.ipinspectnameaudittrailoff
Answer:B
76. QUESTION237
WhichstatementaboutidentityNATistrue?
A.ItisastaticNATconfigurationthattranslatestherealIPaddressontheingressinterfacetothesameIPaddressontheegressinterface.
B.ItisadynamicNATconfigurationthattranslatesarealIPaddresstoamappedIPaddress.
C.ItisastaticNATconfigurationthattranslatesarealIPaddresstoamappedIPaddress.
D.ItisadynamicNATconfigurationthattranslatestherealIPaddressontheingressinterfacetothesameIPaddressontheegress
interface.
Answer:A
77. QUESTION238
Whichelementmustyouconfiguretoallowtraffictoflowfromonesecurityzonetoanother?
A.azonepair
B.asitetositeVPN
C.azonelist
D.azonebasedpolicy
Answer:A
78. QUESTION239
WithwhichtwoNATtypescanCiscoASAimplementaddresstranslation?(Choosetwo.)
A.networkobjectNAT
B.destinationNAT
C.twiceNAT
D.sourceNAT
E.doubleNAT
Answer:AC
79. QUESTION240
Whichtechnologyisthemosteffectivechoiceforlocallymirroringportstosupportdatainvestigationforasingledeviceatthedatalayer?
A.RMON
B.SPAN
C.RSPAN
D.ERSPAN
Answer:B
80. QUESTION241
WhichthreeactionscananinlineIPStaketomitigateanattack?(Choosethree.)
A.modifyingpacketsinline
B.denyingtheconnectioninline
C.denyingpacketsinline
D.resettingtheconnectioninline
E.modifyingframesinline
F.denyingframesinline
Answer:ABC
81. QUESTION242
WhichmonitoringprotocolusesTCPport1470orUDPport514?
A.RELP
B.Syslog
C.SDEE
D.IMAP
E.SNMP
F.CSM
Answer:B
82. QUESTION243
WhichoptionprovidesthemostsecuremethodtodeliveralertsonanIPS?
A.IME
B.CSM
C.SDEE
D.syslog
9/12
11/18/2015
Answer:C
83. QUESTION244
WhichstatementabouttheAtomicsignatureengineistrue?
A.Itcanperformsignaturematchingonasinglepacketonly.
B.Itcanperformsignaturematchingonmultiplepackets.
C.Itcanexamineapplicationsindependentoftheplatform.
D.Itcanflexiblymatchpatternsinasession
Answer:A
84. QUESTION245
WhatisthefunctionofanIPSsignature?
A.Itdeterminesthebestcourseofactiontomitigateathreat.
B.Itdetectsnetworkintrusionsbymatchingspecifiedcriteria.
C.Itprovidesloggingdataforallowedconnections.
D.Itprovidesthreatavoidancecontrols.
Answer:B
85. QUESTION246
WhichtwooptionsareadvantagesofanetworkbasedCiscoIPS?(Choosetwo.)
A.Itcanexamineencryptedtraffic.
B.Itcanprotectthehostafterdecryption.
C.Itisanindependentoperatingplatform.
D.Itcanobservebottomlevelnetworkevents.
E.Itcanblocktraffic
Answer:CD
86. QUESTION247
WhichstatementabouttherolebasedCLIaccessviewsonaCiscorouteristrue?
A.ThemaximumnumberofconfigurableCLIaccessviewsis10,includingonelawfulinterceptviewandexcludingtherootview.
B.ThemaximumnumberofconfigurableCLIaccessviewsis10,includingonesuperview.
C.ThemaximumnumberofconfigurableCLIaccessviewsis15,includingonelawfulinterceptviewandexcludingtherootview.
D.ThemaximumnumberofconfigurableCLIaccessviewsis15,includingonelawfulinterceptview.
Answer:C
87. QUESTION248
Whichthreeprotocolsaresupportedbymanagementplaneprotection?(Choosethree.)
A.SNMP
B.SMTP
C.SSH
D.OSPF
E.HTTPS
F.EIGRP
Answer:ACE
88. QUESTION249
WhichstatementaboutrulebasedpoliciesinCiscoSecurityManageristrue?
A.Rulebasedpoliciescontainoneormorerulesthatarerelatedtoadevice'ssecurityandoperationsparameters.
B.Rulebasedpoliciescontainoneormorerulesthatcontrolhowtrafficisfilteredandinspectedonadevice.
C.Rulebasedpoliciescontainoneormoreuserrolesthatarerelatedtoadevice'ssecurityandoperationsparameters.
D.Rulebasedpoliciescontainoneormoreuserrolesthatcontrolhowusertrafficisfilteredandinspectedonadevice.
Answer:B
89. QUESTION250
WhichCiscoSecurityManagerfeatureenablestheconfigurationofunsupporteddevicefeatures?
A.DeploymentManager
B.FlexConfig
C.PolicyObjectManager
D.ConfigurationManager
Answer:B
90. QUESTION251
WhichstatementaboutIPv6addressallocationistrue?
A.IPv6enableddevicescanbeassignedonlyoneIPv6IPaddress.
B.ADHCPserverisrequiredtoallocateIPv6IPaddresses.
C.IPv6enableddevicescanbeassignedmultipleIPv6IPaddresses.
D.ULAaddressingisrequiredforInternetconnectivity.
Answer:C
91. QUESTION252
WhichcommandwillconfigureaCiscoASAfirewalltoauthenticateuserswhentheyentertheenablesyntaxusingthelocaldatabasewith
nofallbackmethod?
A.aaaauthenticationenableconsoleLOCALSERVER_GROUP
B.aaaauthenticationenableconsoleSERVER_GROUPLOCAL
C.aaaauthenticationenableconsolelocal
D.aaaauthenticationenableconsoleLOCAL
Answer:D
10/12
11/18/2015
92. QUESTION253
WhichcommandwillconfigureaCiscoroutertouseaTACACS+servertoauthorizenetworkserviceswithnofallbackmethod?
A.aaaauthorizationexecdefaultgrouptacacs+none
B.aaaauthorizationnetworkdefaultgrouptacacs+none
C.aaaauthorizationnetworkdefaultgrouptacacs+
D.aaaauthorizationnetworkdefaultgrouptacacs+local
Answer:C
93. QUESTION254
WhichthreestatementsaboutRADIUSaretrue?(Choosethree.)
A.RADIUSusesTCPport49.
B.RADIUSusesUDPports1645or1812.
C.RADIUSencryptstheentirepacket.
D.RADIUSencryptsonlythepasswordintheAccessRequestpacket.
E.RADIUSisaCiscoproprietarytechnology.
F.RADIUSisanopenstandard.
Answer:BDF
94. QUESTION255
WhichcommandwillconfigureAAAaccountingusingthelistofallRADIUSserversonadevicetogenerateareloadeventmessagewhen
thedevicereloads?
A.aaaaccountingnetworkdefaultstartstopgroupradius
B.aaaaccountingauthproxydefaultstartstopgroupradius
C.aaaaccountingsystemdefaultstartstopgroupradius
D.aaaaccountingexecdefaultstartstopgroupradius
Answer:C
95. QUESTION256
WhichtwoaccountingnoticesareusedtosendafailedauthenticationattemptrecordtoaAAAserver?(Choosetwo.)
A.startstop
B.stoprecord
C.stoponly
D.stop
Answer:AC
96. QUESTION257
WhatisthefirstcommandyouentertoconfigureAAAonanewCiscorouter?
A.aaaconfiguration
B.noaaaconfiguration
C.noaaanewmodel
D.aaanewmodel
Answer:D
97. QUESTION258
WhichthreeTACACS+serverauthenticationprotocolsaresupportedonCiscoASAfirewalls?(Choosethree.)
A.EAP
B.ASCII
C.PAP
D.PEAP
E.MSCHAPv1
F.MSCHAPv2
Answer:BCE
98. QUESTION259
WhatisthedefaultprivilegelevelforanewuseraccountonaCiscoASAfirewall?
A.0
B.1
C.2
D.15
Answer:C
99. QUESTION260
WhichstatementaboutACLoperationsistrue?
A.Theaccesslistisevaluatedinitsentirety.
B.Theaccesslistisevaluatedoneaccesscontrolentryatatime.
C.Theaccesslistisevaluatedbythemostspecificentry.
D.Thedefaultexplicitdenyattheendofanaccesslistcausesallpacketstobedropped.
Answer:B
100. QUESTION261
Whichthreestatementsaboutaccesslistsaretrue?(Choosethree.)A.Extendedaccesslistsshouldbeplacedasnearaspossibletothe
destination.
B.Extendedaccesslistsshouldbeplacedasnearaspossibletothesource.
C.Standardaccesslistsshouldbeplacedasnearaspossibletothedestination.
D.Standardaccesslistsshouldbeplacedasnearaspossibletothesource.
E.Standardaccesslistsfilteronthesourceaddress.
F.Standardaccesslistsfilteronthedestinationaddress.
11/12
11/18/2015
Answer:BCE
101. QUESTION262
WhichcommandconfiguresadevicetoactivelywatchconnectionrequestsandprovideimmediateprotectionfromDDoSattacks?
A.router(config)#iptcpinterceptmodeintercept
B.router(config)#iptcpinterceptmodewatch
C.router(config)#iptcpinterceptmaxincompletehigh100
D.router(config)#iptcpinterceptdropmoderandom
Answer:A
102. QUESTION263
Whichcommandwillblockexternalspoofedaddresses?
A.accesslist128denyip10.0.0.00.0.255.255any
B.accesslist128denyip192.168.0.00.0.0.255any
C.accesslist128denyip10.0.0.00.255.255.255any
D.accesslist128denyip192.168.0.00.0.31.255any
Answer:C
103. QUESTION264
WhichtwocountermeasurescanmitigateARPspoofingattacks?(Choosetwo.)
A.portsecurity
B.DHCPsnooping
C.IPsourceguard
D.dynamicARPinspection
Answer:BD
104. QUESTION265
WhatistheCiscopreferredcountermeasuretomitigateCAMoverflows?
A.portsecurity
B.dynamicportsecurity
C.IPsourceguard
D.rootguard
Answer:B
Whatwouldyouliketodo?
GetthefreeFlashcardsappforiOS
GetthefreeFlashcardsappforAndroid
Learnmore
Home>Flashcards>PrintPreview
12/12

Flashcards - Ccna Security 2 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Flashcards - Ccna Security 2 PDF

Uploaded by

Copyright:

Available Formats

11/18/2015

You might also like