1. What is the purpose of a personal firewall on a computer?
- to increase the speed of the Internet connection
- to protect the computer from viruses and malware
- to filter the traffic that is moving in and out of the PC
- to protect the hardware against fire hazard
Explanation: The purpose of a firewall is to filter the traffic that is moving in and out of the PC. A computer firewall cannot deny all illegal traffic from a computer or increase the speed of any connection. It is also not able to protect hardware against fire hazards.
2. What is the main difference between the implementation of IDS and IPS devices?
- An IDS can negatively impact the packet flow, whereas an IPS can not.
- An IDS needs to be deployed together with a firewall device, whereas an IPS can replace a firewall.
- An IDS uses signature-based technology to detect malicious packets, whereas an IPS uses profile-based technology.
- An IDS would allow malicious traffic to pass before it is addressed, whereas an IPS stops it immediately.
Explanation: An IPS is deployed in inline mode and will not allow malicious traffic to enter the internal network without first analyzing it. An advantage of this is that it can stop an attack immediately. An IDS is deployed in promiscuous mode. It copies the traffic patterns and analyzes them offline, thus it cannot stop the attack immediately and it relies on another device to take further actions once it detects an attack. Being deployed in inline mode, an IPS can negatively impact the traffic flow. Both IDS and IPS can use signature-based technology to detect malicious packets. An IPS cannot replace other security devices, such as firewalls, because they perform different tasks.
3. Which two pieces of information should be included in a logical topology diagram of a network? (Choose two.)
- device type
- cable specification
- interface identifier
- cable type and identifier
- OS/IOS version
- connection type
Explanation: The interface identifier and connection type should be included in a logical topology diagram because they indicate which interface is connected to other devices in the network with a specific type such as LAN, WAN, point-to-point, etc. The OS/IOS version, device type, cable type and identifier, and cable specification are typically included in a physical topology diagram.
4. What is a characteristic of a WAN?
- It is typically owned and managed by a single home or business.
- It requires a wireless access point to connect users to the network.
- It spans across a campus or city to enable sharing of regional resources.
- It connects multiple networks that are geographically separated.
Explanation: A WAN (wide-area network) is used to connect networks that are geographically separated and is typically owned by a service provider. The service provider contracts out WAN services to individuals and organizations.
5. What network monitoring technology enables a switch to copy and forward traffic sent and received on multiple interfaces out another interface toward a network analysis device?
- NetFlow
- network tap
- port mirroring
- SNMP
Explanation: When enabled on a switch, port mirroring copies frames sent and recieved by the switch and forwards them to another port, which has a analysis device attached.
6. What is a function of a proxy firewall?
- drops or forwards traffic based on packet header information
- connects to remote servers on behalf of clients
- filters IP traffic between bridged interfaces
- uses signatures to detect patterns in network traffic
Explanation: Proxy firewalls filter traffic through the application layer of the TPC/IP model and shield client information by connecting to remote servers on behalf of clients.
7. Which technology is used by Cisco Advanced Malware Protection (AMP) in defending and protecting against known and emerging threats?
- threat intelligence
- network admission control
- website filtering and block listing
- network profiling
Explanation: Cisco AMP uses threat intelligence along with known file signatures to identify and block policy-violating file types and exploitations.
8. How is a source IP address used in a standard ACL?
- It is the address that is unknown, so the ACL must be placed on the interface closest to the source address.
- It is the address to be used by a router to determine the best path to forward packets.
- It is used to determine the default gateway of the router that has the ACL applied.
- It is the criterion that is used to filter traffic.
Explanation: The only filter that can be applied with a standard ACL is the source IP address. An extended ACL is used to filter on such traffic as the source IP address, destination IP address, type of traffic, and type of message.
9. Which statement describes the Cisco Cloud Web Security?
- It is a security appliance that provides an all-in-one solution for securing and controlling web traffic.
- It is an advanced firewall solution to guard web servers against security threats.
- It is a cloud-based security service to scan traffic for malware and policy enforcement.
- It is a secure web server specifically designed for cloud computing.
Explanation: The Cisco Cloud Web Security (CWS) is a cloud-based security service that uses web proxies in the Cisco cloud environment to scan traffic for malware and policy enforcement. It is not a firewall or web server solution. The Cisco Web Security Appliance (WSA) combines multiple security solutions to provide an all-in-one solution on a single platform to address the challenges of securing and controlling web traffic.
10. Refer to the exhibit. The network “A” contains multiple corporate servers that are accessed by hosts from the Internet for information about the corporation. What term is used to describe the network marked as “A”?
- untrusted network
- perimeter security boundary
- internal network
- DMZ
Explanation: A demilitarized zone or DMZ is a network area protected by one or more firewalls. The DMZ typically contains servers that are commonly accessed by external users. A web server is commonly contained in a DMZ.
11. Which network service allows administrators to monitor and manage network devices?
- SNMP
- syslog
- NTP
- NetFlow
Explanation: SNMP is an application layer protocol that allows administrators to manage and monitor devices on the network such as routers, switches, and servers.
12. Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?
- MD5
- ESP
- AES
- IPsec
Explanation: IPsec services allow for authentication, integrity, access control, and confidentiality. With IPsec, the information exchanged between remote sites can be encrypted and verified. Both remote-access and site-to-site VPNs can be deployed using IPsec.
13. What is a feature of the TACACS+ protocol?
- It hides passwords during transmission using PAP and sends the rest of the packet in plaintext.
- It utilizes UDP to provide more efficient packet transfer.
- It combines authentication and authorization as one process.
- It encrypts the entire body of the packet for more secure communications.
Explanation: TACACS+ has the following features:
- separates authentication and authorization
- encrypts all communication
- uses TCP port 49
14. Which layer of the hierarchical design model is a control boundary between the other layers?
- distribution
- core
- access
- network
Explanation: The three design layers from lowest to highest are access, distribution, and core. The distribution layer commonly provides policy-based connectivity which permits or denies traffic based on predefined parameters. The distribution layer also acts as a control boundary between the access and core layers.