plik

C i s c o C C N A S e c u r i t y P r a c t i c e E x a m Q u e s t i o n s

Cisco CCN A S e cu r it y P r a ct ice E x a m Q u e st ion s

Implementing Cisco IOS Network Security (IINS) v1.0

Th e follow ing Cisco® CCNA S ecurity practice ex am q uestions are based on th e course I m p l e m e n t i n g C i s c o

I O S N e t w o r k S e c u r i t y ( I I N S ) v 1 . 0 . Th e answ er k ey is on th e last pag e of th is d ocum ent.

1. W h at is th e g oal of an ov erall security ch alleng e w h en planning a security strateg y ?

A ) to h ard en all ex terior-facing netw ork com ponents

B ) to install firew alls at all critical points in th e netw ork

C) to find a balance betw een th e need to open netw ork s to support ev olv ing business req uirem ents

and th e need to inform

D ) to ed ucate em ploy ees to be on th e look out for suspicious beh av ior

2. W h ich th reats are th e m ost serious?

A ) insid e th reats

B ) outsid e th reats

C) unk now n th reats

D ) reconnaissance th reats

3. Netw ork security aim s to prov id e w h ich th ree k ey serv ices? ( Ch oose th ree.)

A ) d ata integ rity

B ) d ata strateg y

C) d ata and sy stem av ailability

D ) d ata m ining

E ) d ata storag e

F ) d ata confid entiality

4. W h ich option is th e term for a w eak ness in a sy stem or its d esig n th at can be ex ploited by a th reat?

A ) a v ulnerability

B ) a risk

C) an ex ploit

D ) an attack

C i s c o C C N A S e c u r i t y P r a c t i c e E x a m Q u e s t i o n s

5. W h ich option is th e term for th e lik elih ood th at a particular th reat using a specific attack w ill ex ploit a

particular v ulnerability of a sy stem th at results in an und esirable conseq uence?

A ) a v ulnerability

B ) a risk

C) an ex ploit

D ) an attack

6. W h ich option is th e term for w h at h appens w h en com puter cod e is d ev eloped to tak e ad v antag e of a

v ulnerability ? F or ex am ple, suppose th at a v ulnerability ex ists in a piece of softw are, but nobod y k now s

about th is v ulnerability .

A ) a v ulnerability

B ) a risk

C) an ex ploit

D ) an attack

7. W h at is th e first step y ou sh ould tak e w h en consid ering securing y our netw ork ?

A ) I nstall a firew all.

B ) I nstall an intrusion prev ention sy stem .

C) U pd ate serv ers and user PCs w ith th e latest patch es.

D ) D ev elop a security policy .

8. W h ich option is a k ey principle of th e Cisco S elf-D efend ing Netw ork strateg y ?

A ) S ecurity is static and sh ould prev ent m ost k now n attack s on th e netw ork .

B ) Th e self-d efend ing netw ork sh ould be th e k ey point of y our security policy .

C) I nteg rate security th roug h out th e ex isting infrastructure.

D ) U pper m anag em ent is ultim ately responsible for policy im plem entation.

9. W h ich th ree options are areas of router security ? ( Ch oose th ree.)

A ) ph y sical security

B ) access control list security

C) zone-based firew all security

D ) operating sy stem security

E ) router h ard ening

F ) Cisco I O S -I PS security

C i s c o C C N A S e c u r i t y P r a c t i c e E x a m Q u e s t i o n s

10 . Y ou h av e sev eral operating g roups in y our enterprise th at req uire d iffering access restrictions to th e

routers to perform th eir j ob roles. Th ese g roups rang e from H elp D esk personnel to ad v anced

troublesh ooters. W h at is one m eth od olog y for controlling access rig h ts to th e routers in th ese situations?

A ) config ure A CL s to control access for th e d ifferent g roups

B ) config ure m ultiple priv ileg e lev el access

C) im plem ent sy slog g ing to m onitor th e activ ities of th e g roups

D ) config ure TA CA CS + to perform scalable auth entication

11. W h ich of th ese options is a G U I tool for perform ing security config urations on Cisco routers?

A ) S ecurity A ppliance D ev ice M anag er

B ) Cisco CL I Config uration M anag em ent Tool

C) Cisco S ecurity D ev ice M anag er

D ) Cisco S ecurity M anag er

12. W h en im plem enting netw ork security , w h at is an im portant config uration task th at y ou sh ould perform

to assist in correlating netw ork and security ev ents?

A ) Config ure Netw ork Tim e Protocol.

B ) Config ure sy nch ronized sy slog reporting .

C) Config ure a com m on repository of all netw ork ev ents for ease of m onitoring .

D ) Config ure an autom ated netw ork m onitoring sy stem for ev ent correlation.

13. W h ich of th ese options is a Cisco I O S feature th at lets y ou m ore easily config ure security features on

y our router?

A ) Cisco S elf-D efend ing Netw ork

B ) im plem enting A A A com m and auth orization

C) th e a u t o s e c u r e CL I com m and

D ) perform ing a security aud it v ia S D M

14. W h ich th ree of th ese options are som e of th e best practices w h en y ou im plem ent an effectiv e firew all

security policy ? ( Ch oose th ree.)

A ) Position firew alls at strateg ic insid e locations to h elp m itig ate insid e nontech nical attack s.

B ) Config ure log g ing to capture all ev ents for forensic purposes.

C) U se firew alls as a prim ary security d efense; oth er security m easures and d ev ices sh ould be

im plem ented to enh ance y our netw ork security .

D ) Position firew alls at k ey security bound aries.

E ) D eny all traffic by d efault and perm it only necessary serv ices.

C i s c o C C N A S e c u r i t y P r a c t i c e E x a m Q u e s t i o n s

15. W h ich statem ent is true w h en config uring access control lists ( A CL s) on a Cisco router?

A ) A CL s filter all traffic th roug h and sourced from th e router.

B ) A pply th e A CL to th e interface prior to config uring access control entries to ensure th at controls are

applied im m ed iately upon config uration.

C) A n “ im plicit d eny ” is applied to th e start of th e A CL entry by d efault.

D ) O nly one A CL per protocol, per d irection, and per interface is allow ed .

16. W h ich option correctly d efines asy m m etric encry ption?

A ) uses th e sam e k ey s to encry pt and d ecry pt d ata

B ) uses M D 5 h ash ing alg orith m s for d ig ital sig nag e encry ption

C) uses d ifferent k ey s to encry pt and d ecry pt d ata

D ) uses S H A -1 h ash ing alg orith m s for d ig ital sig nag e encry ption

17. W h ich option is a d esirable feature of using sy m m etric encry ption alg orith m s?

A ) Th ey are often used for w ire-speed encry ption in d ata netw ork s.

B ) Th ey are based on com plex m ath em atical operations and can easily be accelerated by h ard w are.

C) Th ey offer sim ple k ey m anag em ent properties.

D ) Th ey are best used for one-tim e encry ption need s.

18. W h ich option is true of using cry ptog raph ic h ash es?

A ) Th ey are easily rev ersed to d eciph er th e m essag e contex t.

B ) Th ey conv ert arbitrary d ata into a fix ed -leng th d ig est.

C) Th ey are based on a tw o-w ay m ath em atical function.

D ) Th ey are used for encry pting bulk d ata com m unications.

19. W h ich option is true of intrusion prev ention sy stem s?

A ) Th ey operate in prom iscuous m od e.

B ) Th ey operate in inline m od e.

C) Th ey h av e no potential im pact on th e d ata seg m ent being m onitored .

D ) Th ey are m ore v ulnerable to ev asion tech niq ues th an I D S .

20 . W h ich statem ent is true w h en using zone-based firew alls on a Cisco router?

A ) Policies are applied to traffic m ov ing betw een zones, not betw een interfaces.

B ) Th e firew alls can be config ured sim ultaneously on th e sam e interface as classic CB A C using th e i p

i n s p e c t CL I com m and .

C) I nterface A CL s are applied before zone-based policy firew alls w h en th ey are applied outbound .

D ) W h en config ured w ith th e “ PA S S ” action, stateful inspection is applied to all traffic passing betw een

th e config ured zones.

C i s c o C C N A S e c u r i t y P r a c t i c e E x a m Q u e s t i o n s

C C N A S e c u r i t y P r a c t i c e Q u e s t i o n s A n s w e r K e y

1. C

2. A

3. A , C, F

4. A

5. B

6. C

7. D

8. C

9. A , D , E

10 . B

11. C

12. A

13. C

14. C, D , E

15. D

16. C

17. A

18. B

19. B

20 . A