Network Defense (NetDef) Course Final Exam Answers
1. What is a characteristic of a layered defense-in-depth security approach?
- When one device fails, another one takes over.
- One safeguard failure does not affect the effectiveness of other safeguards.
- Three or more devices are used.
- Routers are replaced with firewalls.
2. What device would be used as the third line of defense in a defense-in-depth approach?
- internal router
- edge router
3. Match the Security Onion tool with the description.
4. Which wireless standard made AES and CCM mandatory?
5. In a comparison of biometric systems, what is the crossover error rate?
- rate of acceptability and rate of false negatives
- rate of rejection and rate of false negatives
- rate of false negatives and rate of false positives
- rate of false positives and rate of acceptability
6. What are two recommended steps to protect and secure a wireless network? (Choose two.)
- Use WPA2-AES encryption.
- Use the default SSID.
- Update firmware.
- Locate the wireless router where it is accessible to users.
- Enable remote management.
7. What is a feature of virtual LANs (VLANs)?
- A single collision domain is enabled on a switch that is shared between VLANs.
- Communication between different VLANs on the one switch is enabled by default.
- Switch port utilization is decreased because each port is only associated with one broadcast domain.
- Logical segmentation is provided by creating multiple broadcast domains on a single switch.
8. What is an example of privilege escalation attack?
- A DDoS attack is launched against a government server and causes the server to crash.
- A port scanning attack finds that the FTP service is running on a server that allows anonymous access.
- A threat actor sends an email to an IT manager to request the root access.
- A threat actor performs an access attack and gains the administrator password.
9. What is the principle behind the nondiscretionary access control model?
- It applies the strictest access control possible.
- It allows access based on attributes of the object be to accessed.
- It allows access decisions to be based on roles and responsibilities of a user within the organization.
- It allows users to control access to their data as owners of that data.
10. Which two features are included by both TACACS+ and RADIUS protocols? (Choose two.)
- utilization of transport layer protocols
- separate authentication and authorization processes
- password encryption
- 802.1X support
- SIP support
11. Refer to the exhibit. A router has an existing ACL that permits all traffic from the 172.16.0.0 network. The administrator attempts to add a new ACE to the ACL that denies packets from host 172.16.0.1 and receives the error message that is shown in the exhibit. What action can the administrator take to block packets from host 172.16.0.1 while still permitting all other traffic from the 172.16.0.0 network?
- Create a second access list denying the host and apply it to the same interface.
- Manually add the new deny ACE with a sequence number of 15.
- Manually add the new deny ACE with a sequence number of 5.
- Add a deny any any ACE to access-list 1.
12. Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table?
- ipv6 traffic-filter ENG_ACL in
- ipv6 traffic-filter ENG_ACL out
- ipv6 access-class ENG_ACL out
- ipv6 access-class ENG_ACL in
13. In which configuration would an outbound ACL placement be preferred over an inbound ACL placement?
- when the ACL is applied to an outbound interface to filter packets coming from multiple inbound interfaces before the packets exit the interface
- when an outbound ACL is closer to the source of the traffic flow
- when an interface is filtered by an outbound ACL and the network attached to the interface is the source network being filtered within the ACL
- when a router has more than one ACL
14. What are two differences between stateful and stateless firewalls? (Choose two.)
- A stateless firewall is able to filter sessions that use dynamic port negotiations while a stateful firewall cannot.
- A stateless firewall will examine each packet individually while a stateful firewall observes the state of a connection.
- stateless firewall provides more stringent control over security than a stateful firewall.
- A stateless firewall will provide more logging information than a stateful firewall.
- A stateful firewall will prevent spoofing by determining whether packets belong to an existing connection while a stateless firewall follows pre-configured rule sets.
15. Which statement describes a typical security policy for a DMZ firewall configuration?
- Traffic that originates from the inside interface is generally blocked entirely or very selectively permitted to the outside interface.
- Traffic that originates from the DMZ interface is selectively permitted to the outside interface.
- Return traffic from the inside that is associated with traffic originating from the outside is permitted to traverse from the inside interface to the outside interface.
- Traffic that originates from the outside interface is permitted to traverse the firewall to the inside interface with few or no restrictions.
- Return traffic from the outside that is associated with traffic originating from the inside is permitted to traverse from the outside interface to the DMZ interface.
16. Which type of firewall makes use of a proxy server to connect to remote servers on behalf of clients?
- stateless firewall
- application gateway firewall
- stateful firewall
- packet filtering firewall
17. What is the result in the self zone if a router is the source or destination of traffic?
- Only traffic that is destined for the router is permitted.
- Only traffic that originates in the router is permitted.
- No traffic is permitted.
- All traffic is permitted.
18. Designing a ZPF requires several steps. Which step involves dictating the number of devices between most-secure and least-secure zones and determining redundant devices?
- identify subsets within zones and merge traffic requirements
- design the physical infrastructure
- establish policies between zones
- determine the zones
19. Which statement describes Cisco IOS Zone-Based Policy Firewall operation?
- The pass action works in only one direction.
- Router management interfaces must be manually assigned to the self zone.
- Service policies are applied in interface configuration mode.
- A router interface can belong to multiple zones.
20. Which cloud security domain describes controls related to securing the data itself?
- Data Security and Encryption
- Application Security
- Security as a Service
- Infrastructure Security
21. Which two advantages in security controls are provided by software-defined networks (SDN) over traditional network security solutions? (Choose two.)
- offer more security features than hardware firewalls
- easier insertion into the traffic path
- apply to assets based on more flexible criteria than hardware firewalls
- easier network isolation without constraints of physical hardware
- higher performance than hardware firewalls
22. What is the function of SDKs in application development?
- to provide a repository of code to reduce time and cost of application development
- to maintain data integrity and identify malicious input
- to store precompiled SQL statements that execute tasks
- to verify software can run under required security settings
- to prevent software from being reverse engineered by replacing sensitive data with fictional data
23. A company is using a public cloud provider to host its software development and distribution processes. What two cloud resources is the company solely responsible for in the shared security responsibility model? (Choose two.)
- network control
- customer endpoints
- identity management
24. A company implements a security policy that ensures that a file sent from the headquarters office to the branch office can only be opened with a predetermined code. This code is changed every day. Which two algorithms can be used to achieve this task? (Choose two.)
25. What are two methods to maintain certificate revocation status? (Choose two.)
- subordinate CA
26. Before data is sent out for analysis, which technique can be used to replace sensitive data in nonproduction environments to protect the underlying information?
- software obfuscation
- data masking substitution
27. Which technology would be used to create the server logs generated by network devices and reviewed by an entry level network person who works the night shift at a data center?
28. Which two application layer protocols manage the exchange of messages between a client with a web browser and a remote web server? (Choose two.)
29. How can IMAP be a security threat to a company?
- It can be used to encode stolen data and send to a threat actor.
- An email can be used to bring malware to a host.
- Encrypted data is decrypted.
- Someone inadvertently clicks on a hidden iFrame.
30. Refer to the exhibit. Which technology generated the event log?
- web proxy
31. Which two tools have a GUI interface and can be used to view and analyze full packet captures? (Choose two.)
- Cisco Prime Network Analysis Module
32. Which information can be provided by the Cisco NetFlow utility?
- source and destination UDP port mapping
- security and user account restrictions
- peak usage times and traffic routing
- IDS and IPS capabilities
33. A network administrator is reviewing server alerts because of reports of network slowness. The administrator confirms that an alert was an actual security incident. What is the security alert classification of this type of scenario?
- false positive
- true negative
- true positive
- false negative
34. A network administrator is trying to download a valid file from an internal server. However, the process triggers an alert on a NMS tool. What condition describes this alert?
- false positive
- true positive
- false negative
- true negative
35. What is indicated by a Snort signature ID that is below 3464?
- This is a custom signature developed by the organization to address locally observed rules.
- The SID was created by Sourcefire and distributed under a GPL agreement.
- The SID was created by the Snort community and is maintained in Community Rules.
- The SID was created by members of EmergingThreats.