Time limit: 0
Quiz-summary
0 of 62 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
Information
Good Luck For You!
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 62 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Average score |
|
Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- Answered
- Review
-
Question 1 of 62
1. Question
1 pointsWhich security implementation will provide control plane protection for a network device?Correct
Incorrect
-
Question 2 of 62
2. Question
1 pointsWhat is the one major difference between local AAA authentication and using the login local command when configuring device access authentication?Correct
Incorrect
-
Question 3 of 62
3. Question
1 pointsRefer to the exhibit.A network administrator configures AAA authentication on R1. The administrator then tests the configuration by telneting to R1. The ACS servers are configured and running. What will happen if the authentication fails?
Correct
Incorrect
-
Question 4 of 62
4. Question
1 pointsWhat are two tasks that can be accomplished with the Nmap and Zenmap network tools? (Choose two.)Correct
Incorrect
-
Question 5 of 62
5. Question
1 pointsWhich Cisco IOS subcommand is used to compile an IPS signature into memory?Correct
Incorrect
-
Question 6 of 62
6. Question
1 pointsWhy are DES keys considered weak keys?Correct
Incorrect
-
Question 7 of 62
7. Question
1 pointsWhat is a benefit of using a next-generation firewall rather than a stateful firewall?Correct
Incorrect
-
Question 8 of 62
8. Question
1 pointsWhat is a result of securing the Cisco IOS image using the Cisco IOS Resilient Configuration feature?Correct
Incorrect
-
Question 9 of 62
9. Question
1 pointsThe corporate security policy dictates that the traffic from the remote-access VPN clients must be separated between trusted traffic that is destined for the corporate subnets and untrusted traffic destined for the public Internet. Which VPN solution should be implemented to ensure compliance with the corporate policy?Correct
Incorrect
-
Question 10 of 62
10. Question
1 pointsWhich two conditions must be met in order for a network administrator to be able to remotely manage multiple ASAs with Cisco ASDM? (Choose two.)Correct
Incorrect
-
Question 11 of 62
11. Question
1 pointsWhat is negotiated in the establishment of an IPsec tunnel between two IPsec hosts during IKE Phase 1?Correct
Incorrect
-
Question 12 of 62
12. Question
1 pointsWhat are two benefits of using a ZPF rather than a Classic Firewall? (Choose two.)Correct
Incorrect
-
Question 13 of 62
13. Question
1 pointsWhich security policy characteristic defines the purpose of standards?Correct
Incorrect
-
Question 14 of 62
14. Question
1 pointsWhat algorithm is used to provide data integrity of a message through the use of a calculated hash value?Correct
Incorrect
-
Question 15 of 62
15. Question
1 pointsOn which port should Dynamic ARP Inspection (DAI) be configured on a switch?Correct
Incorrect
-
Question 16 of 62
16. Question
1 pointsWhat is a feature of a Cisco IOS Zone-Based Policy Firewall?Correct
Incorrect
-
Question 17 of 62
17. Question
1 pointsRefer to the exhibit. The administrator can ping the S0/0/1 interface of RouterB but is unable to gain Telnet access to the router by using the password cisco123. What is a possible cause of the problem?Correct
Incorrect
-
Question 18 of 62
18. Question
1 pointsRefer to the exhibit. The ip verify source command is applied on untrusted interfaces. Which type of attack is mitigated by using this configuration?Correct
Incorrect
-
Question 19 of 62
19. Question
1 pointsRefer to the exhibit.Which conclusion can be made from the show crypto map command output that is shown on R1?
Correct
Incorrect
-
Question 20 of 62
20. Question
1 pointsWhat type of algorithms require sender and receiver to exchange a secret key that is used to ensure the confidentiality of messages?Correct
Incorrect
-
Question 21 of 62
21. Question
1 pointsWhat is an advantage in using a packet filtering firewall versus a high-end firewall appliance?Correct
Incorrect
-
Question 22 of 62
22. Question
1 pointsRefer to the exhibit.In the network that is shown, which AAA command logs the use of EXEC session commands?
Correct
Incorrect
-
Question 23 of 62
23. Question
1 pointsA network administrator enters the single-connection command. What effect does this command have on AAA operation?Correct
Incorrect
-
Question 24 of 62
24. Question
1 pointsWhich two practices are associated with securing the features and performance of router operating systems? (Choose two.)Correct
Incorrect
-
Question 25 of 62
25. Question
1 pointsWhich statement describes a characteristic of the IKE protocol?Correct
Incorrect
-
Question 26 of 62
26. Question
1 pointsRefer to the exhibit.If a network administrator is using ASDM to configure a site-to-site VPN between the CCNAS-ASA and R3, which IP address would the administrator use for the peer IP address textbox on the ASA if data traffic is to be encrypted between the two remote LANs?
Correct
Incorrect
-
Question 27 of 62
27. Question
1 pointsRefer to the exhibit.Based on the security levels of the interfaces on the ASA, what statement correctly describes the flow of traffic allowed on the interfaces?
Correct
Incorrect
-
Question 28 of 62
28. Question
1 pointsWhat two assurances does digital signing provide about code that is downloaded from the Internet? (Choose two.)Correct
Incorrect
-
Question 29 of 62
29. Question
1 pointsWhich interface option could be set through ASDM for a Cisco ASA?Correct
Incorrect
-
Question 30 of 62
30. Question
1 pointsWhat are two characteristics of a stateful firewall? (Choose two.)Correct
Incorrect
-
Question 31 of 62
31. Question
1 pointsWhat are three characteristics of SIEM? (Choose three.)Correct
Incorrect
-
Question 32 of 62
32. Question
1 pointsWhich type of traffic is subject to filtering on an ASA 5505 device?Correct
Incorrect
-
Question 33 of 62
33. Question
1 pointsWhich IDS/IPS signature alarm will look for packets that are destined to or from a particular port?Correct
Incorrect
-
Question 34 of 62
34. Question
1 pointsWhich three actions can the Cisco IOS Firewall IPS feature be configured to take when an intrusion activity is detected? (Choose three.)Correct
Incorrect
-
Question 35 of 62
35. Question
1 pointsWhich two protocols can be selected using the Cisco AnyConnect VPN Wizard to protect the traffic inside a VPN tunnel? (Choose two.)Correct
Incorrect
-
Question 36 of 62
36. Question
1 pointsWhat is a characteristic of a role-based CLI view of router configuration?Correct
Incorrect
-
Question 37 of 62
37. Question
1 pointsWhich statement describes the use of certificate classes in the PKI?Correct
Incorrect
-
Question 38 of 62
38. Question
1 pointsRefer to the exhibit. An administrator issues these IOS login enhancement commands to increase the security for login connections. What can be concluded about them?Correct
Incorrect
-
Question 39 of 62
39. Question
1 pointsA company deploys a Cisco ASA with the Cisco CWS connector enabled as the firewall on the border of corporate network. An employee on the internal network is accessing a public website. What should the employee do in order to make sure the web traffic is protected by the Cisco CWS?Correct
Incorrect
-
Question 40 of 62
40. Question
1 pointsAn administrator assigned a level of router access to the user ADMIN using the commands below. Router(config)# privilege exec level 14 show ip route Router(config)# enable algorithm-type scrypt secret level 14 cisco-level-10 Router(config)# username ADMIN privilege 14 algorithm-type scrypt secret cisco-level-10 Which two actions are permitted to the user ADMIN? (Choose two.)Correct
Incorrect
-
Question 41 of 62
41. Question
1 pointsWhat mechanism is used by an ASA 5505 device to allow inspected outbound traffic to return to the originating sender who is on an inside network?Correct
Incorrect
-
Question 42 of 62
42. Question
1 pointsWhich two end points can be on the other side of an ASA site-to-site VPN configured using ASDM? (Choose two.)Correct
Incorrect
-
Question 43 of 62
43. Question
1 pointsWhat Layer 2 attack is mitigated by disabling Dynamic Trunking Protocol?Correct
Incorrect
-
Question 44 of 62
44. Question
1 pointsIn an AAA-enabled network, a user issues the configure terminal command from the privileged executive mode of operation. What AAA function is at work if this command is rejected?Correct
Incorrect
-
Question 45 of 62
45. Question
1 pointsAn organization has configured an IPS solution to use atomic alerts. What type of response will occur when a signature is detected?Correct
Incorrect
-
Question 46 of 62
46. Question
1 pointsWhat two algorithms can be part of an IPsec policy to provide encryption and hashing to protect interesting traffic? (Choose two.)Correct
Incorrect
-
Question 47 of 62
47. Question
1 pointsWhy is hashing cryptographically stronger compared to a cyclical redundancy check (CRC)?Correct
Incorrect
-
Question 48 of 62
48. Question
1 pointsA network analyst wants to monitor the activity of all new interns. Which type of security testing would track when the interns sign on and sign off the network?Correct
Incorrect
-
Question 49 of 62
49. Question
1 pointsRefer to the exhibit.What two pieces of information can be gathered from the generated message? (Choose two.)
Correct
Incorrect
-
Question 50 of 62
50. Question
1 pointsWhat is required for auto detection and negotiation of NAT when establishing a VPN link?Correct
Incorrect
-
Question 51 of 62
51. Question
1 pointsRefer to the exhibit.The network administrator is configuring the port security feature on switch SWC. The administrator issued the command show port-security interface fa 0/2 to verify the configuration. What can be concluded from the output that is shown? (Choose three.)
Correct
Incorrect
-
Question 52 of 62
52. Question
1 pointsIn which two instances will traffic be denied as it crosses the ASA 5505 device? (Choose two.)Correct
Incorrect
-
Question 53 of 62
53. Question
1 pointsRefer to the exhibit.Based on the configuration that is shown, which statement is true about the IPS signature category?
Correct
Incorrect
-
Question 54 of 62
54. Question
1 pointsWhich two ports can send and receive Layer 2 traffic from a community port on a PVLAN? (Choose two.)Correct
Incorrect
-
Question 55 of 62
55. Question
1 pointsWhat is a feature of the TACACS+ protocol?Correct
Incorrect
-
Question 56 of 62
56. Question
1 pointsWhich security measure is best used to limit the success of a reconnaissance attack from within a campus area network?Correct
Incorrect
-
Question 57 of 62
57. Question
1 pointsWhat is the benefit of the network-based IPS (NIPS) over host-based IPS (HIPS) deployment models?Correct
Incorrect
-
Question 58 of 62
58. Question
1 pointsWhat represents a best practice concerning discovery protocols such as CDP and LLDP on network devices?Correct
Incorrect
-
Question 59 of 62
59. Question
1 pointsWhat function is provided by the Tripwire network security tool?Correct
Incorrect
-
Question 60 of 62
60. Question
1 pointsWhat is the function of a policy map configuration when an ASA firewall is being configured?Correct
Incorrect
-
Question 61 of 62
61. Question
1 pointsIf a network administrator wants to track the usage of FTP services, which keyword or keywords should be added to the aaa accounting command?Correct
Incorrect
-
Question 62 of 62
62. Question
1 pointsWhat is the purpose of a local username database if multiple ACS servers are configured to provide authentication services?Correct
Incorrect
Are these question all in the final exam
Hey, the start quiz button not working
What is the benefit of the network-based IPS (NIPS) over host-based IPS (HIPS) deployment models? >> correct answer: NIPS monitors network segments ?
“The network administrator is configuring the port security feature on switch SWC. The administrator issued the command show port-security interface fa 0/2 to verify the configuration. What can be concluded from the output that is shown? ” >>> isn’t one of the three answers: “The switch port mode for this interface is access mode “?