ENSA Bridging Exam Answers
Enterprise Networking, Security, and Automation (Version 7.00) – Network Security and Automation Exam
1. Which protocol is attacked when a cybercriminal provides an invalid gateway in order to create a man-in-the-middle attack?
- HTTP or HTTPS
2. In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections?
- reset attack
- port scan attack
- session hijacking attack
- SYN flood attack
3. Which statement describes an important characteristic of a site-to-site VPN?
- It requires using a VPN client on the host PC.
- After the initial connection is established, it can dynamically change connection information.
- It is ideally suited for use by mobile workers.
- It must be statically set up.
- It is commonly implemented over dialup and cable modem networks.
4. Which statement describes a VPN?
- VPNs use open source virtualization software to create the tunnel through the Internet.
- VPNs use logical connections to create public networks through the Internet.
- VPNs use dedicated physical connections to transfer data between remote users.
- VPNs use virtual connections to create a private network through a public network.
5. How is the YAML data format structure different from JSON?
- It uses brackets and commas.
- It uses indentations.
- It uses end tags.
- It uses hierarchical levels of nesting.
6. What is the most widely used API for web services?
7. What is the significant characteristic of worm malware?
- A worm can execute independently of the host system.
- Once installed on a host system, a worm does not replicate itself.
- Worm malware disguises itself as legitimate software.
- A worm must be triggered by an event on the host system.
8. Which statement accurately characterizes the evolution of threats to network security?
- Threats have become less sophisticated while the technical knowledge needed by an attacker has grown.
- Internet architects planned for network security from the beginning.
- Internal threats can cause even greater damage than external threats.
- Early Internet users often engaged in activities that would harm other users.
9. Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?
10. In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services?
- address spoofing
- session hijacking
11. What is the best description of Trojan horse malware?
- It appears as useful software but hides malicious code.
- It is malware that can only be distributed over the Internet.
- It is software that causes annoying but not fatal computer problems.
- It is the most easily detected form of malware.
12. What is a feature of an IPS?
- It is primarily focused on identifying possible incidents.
- It can stop malicious packets.
- It has no impact on latency.
- It is deployed in offline mode.
13. Which type of hacker is motivated to protest against political and social issues?
- script kiddie
- vulnerability broker
14. In which type of attack is falsified information used to redirect users to malicious Internet sites?
- DNS cache poisoning
- ARP cache poisoning
- DNS amplification and reflection
- domain generation
15. Which attack involves threat actors positioning themselves between a source and destination with the intent of transparently monitoring, capturing, and controlling the communication?
- ICMP attack
- man-in-the-middle attack
- SYN flood attack
- DoS attack
16. What is the function of the Diffie-Hellman algorithm within the IPsec framework?
- provides authentication
- allows peers to exchange shared keys
- guarantees message integrity
- provides strong data encryption
17. What is the function of the Hashed Message Authentication Code (HMAC) algorithm in setting up an IPsec VPN?
- authenticates the IPsec peers
- protects IPsec keys during session negotiation
- creates a secure channel for key negotiation
- guarantees message integrity
18. What algorithm is used with IPsec to provide data confidentiality?
19. What are two hashing algorithms used with IPsec AH to guarantee authenticity? (Choose two.)
20. What two algorithms can be part of an IPsec policy to provide encryption and hashing to protect interesting traffic? (Choose two.)
21. Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers from a variety of protocols?
22. Which two end points can be on the other side of an ASA site-to-site VPN configured using ASDM? (Choose two.)
- multilayer switch
- ISR router
- DSL switch
- Frame Relay switch
- another ASA
23. Which two types of VPNs are examples of enterprise-managed remote access VPNs? (Choose two.)
- client-based IPsec VPN
- IPsec VPN
- clientless SSL VPN
- IPsec Virtual Tunnel Interface VPN
- GRE over IPsec VPN
24. Which two technologies provide enterprise-managed VPN solutions? (Choose two.)
- Layer 3 MPLS VPN
- site-to-site VPN
- Layer 2 MPLS VPN
- remote access VPN
- Frame Relay
25. Which action takes place in the assurance element of the IBN model?
- integrity checks
- translation of policies
- verification and corrective action
- configuring systems
26. Which RESTFul operation corresponds to the HTTP GET method?
27. What is REST?
- It is an architecture style for designing web service applications.
- It is a way to store and interchange data in a structured format.
- It is a protocol that allows administrators to manage nodes on an IP network.
- It is a human readable data structure that is used by applications for storing, transforming, and reading data.
28. What is a difference between the XML and HTML data formats?
- XML does not use predefined tags whereas HTML does use predefined tags.
- XML encloses data within a pair of tags whereas HTML uses a pair of quotation makes to enclose data.
- XML does not require indentation for each key/value pair but HTML does require indentation.
- XML formats data in binary whereas HTML formats data in plain text.
29. Refer to the exhibit. Which data format is used to represent the data for network automation applications?
30. What is the function of the key contained in most RESTful APIs?
- It is the top-level object of the API query.
- It is used to authenticate the requesting source.
- It is used in the encryption of the message by an API request.
- It represents the main query components in the API request.
31. Match the term to the RESTful API request http://www.mapquestapi.com/directions/v2/route?outFormat=json&key=KEY&from=San+Jose,Ca&to=Monterey,Ca component. (Not all options are used.)
Match the term to the RESTful API request http://www.mapquestapi.com/directions/v2/route?outFormat=json&key=KEY&from=San+Jose,Ca&to=Monterey,Ca component. (Not all options are used.)
32. Which two configuration management tools are developed using Ruby? (Choose two.)
33. In which situation would a partner API be appropriate?
- a vacation service site interacting with hotel databases to display information from all the hotels on its web site
- an internet search engine allowing developers to integrate the search engine into their own software applications
- company sales staff accessing internal sales data from their mobile devices
- someone creating an account on an external app or website by using his or her social media credentials
34. A user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent?
- anonymous keylogging
- social engineering
35. If an asymmetric algorithm uses a public key to encrypt data, what is used to decrypt it?
- a digital certificate
- a private key
- a different public key
36. What is a ping sweep?
- a scanning technique that examines a range of TCP or UDP port numbers on a host to detect listening services.
- a query and response protocol that identifies information about a domain, including the addresses that are assigned to that domain.
- a network scanning technique that indicates the live hosts in a range of IP addresses.
- a software application that enables the capture of all network packets that are sent across a LAN.
37. In what way are zombies used in security attacks?
- They are infected machines that carry out a DDoS attack.
- They target specific individuals to gain corporate or personal information.
- They probe a group of machines for open ports to learn which services are running.
- They are maliciously formed code segments used to replace legitimate applications.
38. Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA?
- site-to-site using an ACL
- clientless SSL
- site-to-site using a preshared key
- client-based SSL
39. What is YAML?
- It is a scripting language.
- It is a data format and superset of JSON.
- It is a compiled programming language.
- It is a web application.
40. Which term is used to describe a set of instructions for execution by the configuration management tool Puppet?
41. Which term is used to describe a set of instructions for execution by the configuration management tool SaltStack?
42. Which scenario describes the use of a public API?
- It is used only within an organization.
- It can be used with no restrictions.
- It is used between a company and its business partners.
- It requires a license.
43. Which IPsec security function provides assurance that the data received via a VPN has not been modified in transit?
- secure key exchange
44. Which is a requirement of a site-to-site VPN?
- It requires the placement of a VPN server at the edge of the company network.
- It requires hosts to use VPN client software to encapsulate traffic.
- It requires a client/server architecture.
- It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic.