1. Match a security category to each security weakness (answers may be used more than once):
Operating system weaknesses
Unsecured user accounts
Network equipment weaknesses
Unsecured default settings
Lack of consistency and continuity
TCP/IP and ICMP weaknesses
Lack of a disaster recovery plan
A. Technological weakness
B. Configuration weakness
C. Security policy weakness
2. Which pieces of information can you determine from opening a router’s Cisco SDM home page? (Choose two.)
- Routing table
- CDP neighbors
- Snapshot of the router configuration
- A listing of available configuration wizards
- Features supported by the Cisco IOS software
3. A technician has been asked to perform a Cisco SDM one-step lockdown test. Which mode and SDM page should be used to initiate the test?
- The Firewall page in Diagnostic mode
- The Security Audit page in Configure mode
- The Security Audit page in Test mode
- The Firewall page in Test mode
4. Match each attack type with its description:
Worm, virus, Trojan horse
A. Dictionary-cracking and brute-force attack
B. Uses a compromised host to pass traffic through a firewall that would otherwise be dropped
C. Uses ping sweeps, port scans, and packet sniffers to gain information about a network
D. Floods a network device with traffic in an attempt to render it unusable for legitimate traffic
E. Malicious software designed to damage a system, replicate itself, or deny services or access to networks, systems, or services
5. What is a major advantage of HIPS over HIDS?
- HIPS does not require host-based client software.
- HIPS consumes fewer system resources.
- HIPS can prevent intrusions.
- With HIPS, you don’t need to update signature files as often.
6. What is the core or “hub” component of the Security Wheel?
- Security policy
7. As part of a network security plan, where does Cisco recommend that administrators send events captured by syslog?
- Designated log hosts
- Designated TFTP clients
- Designated SNMP clients
8. Which protocol should be used when strong privacy and session integrity are needed for remote administration?
9. Match each network policy with its description:
Account access request policy
Risk assessment policy
Acceptable user policy
A. Defines the standards for connecting to the internal network from outside the organization.
B. Specifies procedures to investigate incidents, ensure conformance to security policies, and monitor user and system activity.
C. Defines how network resources may and may not be employed.
D. Formalizes the process of how users request access to systems.
E. Defines the requirements and provides the authority for the information security team to identify, assess, and remediate risks to the information infrastructure associated with conducting business.
10. What are the three required steps to configure SDM?
- Use the auto secure command to configure router security.
- Enable the HTTP and HTTPS servers on the router.
- Create a user account defined with privilege level 15.
- Create a user account defined with privilege level 0.
- Create an ACL to allow HTTP traffic into the router, and apply it to the VTYs.
- Configure SSH and Telnet for local login and privilege level 15.
- Configure SSH and Telnet for local login and privilege level 0.
11. Which services should be disabled if they aren’t required on a router to prevent security vulnerabilities? (Choose three.)
- Network Time Protocol (NTP)
- Domain Name System (DNS)
- Secure Socket Layer (SSL)
- Cisco Express Forwarding (CEF)
- Simple Network Management Protocol (SNMP)
- Secure Shell (SSH)
12. Which feature provides a straightforward “one-touch” device lockdown for configuring the security posture of routers?
13. Match the network management service with its description:
Network Time Protocol (NTP)
Domain Name System (DNS)
Simple Network Management Protocol (SNMP)
A. An application layer protocol that provides a facility for retrieving and posting data for monitoring and managing devices in a network using TCP port 161
B. A protocol designed to synchronize the time on a network of machines and that runs over UDP using port 123
C. A distributed database that maps hostnames to IP addresses using services on a designated server
14. Which feature is a web-based device-management tool for Cisco IOS software-based routers?
15. Which SDM wizards are available to configure a router? (Choose three.)
- Security audit
- Firewall and ACL
- Access list
16. List the four types of reconnaissance attacks, and provide an example of a tool that can be used to carry out each type of attack.
17. List four types of access attacks.
18. List three types of DoS attacks and three types of DDoS attacks.
19. List and explain the anatomy of a worm attack and the four steps to mitigate it.
20. Refer to the exhibit.
The following has been configured on router R1:
hostname R1 username Student secret cisco123 line vty 0 4 no transport input transport input telnet
To increase administrative access security, you have applied the following configuration. However, you are unable to establish an SSH connection to router R1. Assume that you could telnet to the router before, and that the hostname, IP domain name, and crypto key have been correctly configured. Which changes would correct this problem?
21. List five vulnerable Cisco IOS network services, and provide the best practices associated with them. For example, unused interfaces should be disabled.
22. List the steps to enable the lockdown feature of SDM.
23. List the three steps required to update a router with a new Cisco IOS image file located on a TFTP server.