1. What is the primary means for mitigating virus and Trojan horse attacks?
- blocking ICMP echo and echo-replies
- encryption
- antisniffer software
- antivirus software
Explanation: Antivirus software is the primary means of mitigating both virus and Trojan horse attacks. By using up-to-date antivirus software, the spread of viruses and Trojan horse attacks can be reduced.
2. What three items are components of the CIA triad? (Choose three.)
- availability
- integrity
- scalability
- intervention
- confidentiality
- access
Explanation: The CIA triad contains three components: confidentiality, integrity, and availability. It is a guideline for information security for an organization.
3. Which security implementation will provide control plane protection for a network device?
- encryption for remote access connections
- NTP for consistent timestamps on logging messages
- routing protocol authentication
- AAA for authenticating management access
Explanation: Control plane traffic such as ARP messages or routing protocol advertisements are generated by a network device in order to support network operations. Routing protocol authentication provides an extra measure of security to authenticate the source of routing updates. Encrypting remote access connections, utilizing the NTP protocol, and using AAA, are all measures implemented to secure management plane traffic.
4. What threat intelligence group provides blogs and podcasts to help network security professionals remain effective and up-to-date?
- FireEye
- Talos
- CybOX
- Mitre
Explanation: The Cisco Talos Group provides blogs and podcasts on security-related topics from a number of industry experts. These blogs and podcasts provide advice, research, and recommended mitigation techniques.
5. Which section of a security policy is used to specify that only authorized individuals should have access to enterprise data?
- statement of scope
- identification and authentication policy
- acceptable use policy
- Internet access policy
- statement of authority
- campus access policy
Explanation: The identification and authentication policy section of the security policy typically specifies authorized persons that can have access to network resources and identity verification procedures.
6. What worm mitigation phase involves actively disinfecting infected systems?
- quarantine
- inoculation
- containment
- treatment
Explanation: The four phases of worm mitigation are:
- Containment
- Inoculation
- Quarantine
- Treatment
Disinfecting systems is accomplished in the treatment phase and involves terminating the worm process, removing infected files, and patching vulnerabilities exploited by the worm.
7. With the evolution of borderless networks, which vegetable is now used to describe a defense-in-depth approach?
- lettuce
- artichoke
- onion
- cabbage
Explanation: The artichoke is now used to provide a visual analogy to describe a defense-in-depth security approach. The onion used to be descriptive because the attacker would “peel away” each layer of the network defense mechanisms. Now the artichoke is used because a single petal or leaf can be moved or removed to reveal sensitive information.
8. How does BYOD change the way in which businesses implement networks?
- BYOD provides flexibility in where and how users can access network resources.
- BYOD devices are more expensive than devices that are purchased by an organization.
- BYOD users are responsible for their own network security, thus reducing the need for organizational security policies.
- BYOD requires organizations to purchase laptops rather than desktops.
Explanation: A BYOD environment requires an organization to accommodate a variety of devices and access methods. Personal devices, which are not under company control, may be involved, so security is critical. Onsite hardware costs will be reduced, allowing a business to focus on delivering collaboration tools and other software to BYOD users.
9. What functional area of the Cisco Network Foundation Protection framework uses protocols such as Telnet and SSH to manage network devices?
- management plane
- control plane
- data plane
- forwarding plane
Explanation: There are three functional areas of the Cisco Network Foundation Protection (NFP) framework:
- Control plane: Responsible for routing functions. Consists of the traffic generated by network devices to operate the network
- Management plane: Responsible for managing network devices
- Data (Forwarding) plane: Responsible for forwarding user data
10. What security tool allows a threat actor to hack into a wireless network and detect security vulnerabilities?
- NMap
- KisMac
- Click fuzzers
- SuperScan
Explanation: Aircrack-ng, Kismet, InSSIDer, KisMAC, Firesheep, and NetStumbler are examples of tools used to hack into a wireless network.
11. What is the primary function of SANS?
- to maintain the Internet Storm Center
- to provide vendor neutral education products and career services
- to maintain the list of common vulnerabilities and exposures (CVE)
- to foster cooperation and coordination in information sharing, incident prevention, and rapid reaction
Explanation: One of the primary functions of the SysAdmin, Audit, Network, Security (SANS) Institute is the maintenance of the Internet Storm Center early warning system.
12. What method can be used to mitigate ping sweeps?
- blocking ICMP echo and echo-replies at the network edge
- deploying antisniffer software on all network devices
- installing antivirus software on hosts
- using encrypted or hashed authentication protocols
Explanation: To mitigate ping sweeps, ICMP echo and echo-reply messages can be blocked on network edge routers. This does come at a cost. Because ICMP is also used for network diagnostic data, this diagnostic data will be blocked as well.