Shared Flashcard Set

Details

Cisco Security: Final Exam
CISC235: Bowe 2012
120
Computer Networking
05/07/2012

Additional Computer Networking Flashcards

 


 

Cards

Term
Which of the following is NOT one of the members of the CIA triad?
A. Integrity
B. Availability
C. Identity
D. Confidentiality
Definition
Identity (The CIA triad consists of Confidentiality, Integrity, and Availability.)
Term
Data that has no confidentiality, integrity, and availability requirements is which one of the following?
A. Classified
B. Confidential
C. Sensitive
D. Unclassified
Definition
Unclassified (In the military data classification system, unclassified data is data that has no confidentiality, integrity, or availability requirements.)
Term
The command, ________________, executed from the command line, will enable AAA services on a Cisco router?
A. enable aaa
B. aaa new model
C. aaa new-model
D. aaa enable
Definition
aaa new-model (The command aaa new-model is used to enable AAA services on a Cisco router.)
Term
Change control procedures are a technical control. (T/F)
Definition
FALSE (Change control procedures are considered an administrative control.)
Term
An example of an internal threat is?
A. Denial of service attack
B. Improper patching procedures
C. Man-in-the-middle attack
D. SYN flood
Definition
Improper patching procedures (All of the other answers are external threats.)
Term
System logging is an example of what kind of control?
A. Preventative.
B. Detective
C. Administrative
D. Deterrent
Definition
Detective (Logging would be a great example of a detective control as it is done after the fact.)
Term
An IDS alert would be an example of an incident.(T/F)
Definition
FALSE (The mere presence of an IDS alert would be an event. It might be an incident but that hasn’t been determined yet. )
Term
The command to limit a particular type of protocol on the VTY port would be?
A. transport
B. input
C. protocol
D. enablet
Definition
transport (The command to limit a particular protocol on the VTY port would be the transport command. Typically this is seen as transport input ssh if you wanted to limit the ability to access the VTY port to SSH only. )
Term
One of the three basic messages that are sent between SNMP agent and manager is PUT. (T/F)
Definition
FALSE (The three types of basic message sent between SNMP agent and manager is GET, SET, and TRAP. )
Term
The command to limit a particular type of protocol on the VTY port would be?
A. transport
B. input
C. protocol
D. enablet
Definition
transport (The command to limit a particular protocol on the VTY port would be the transport command. Typically this is seen as transport input ssh if you wanted to limit the ability to access the VTY port to SSH only. )
Term
NTP is only available to be configured in the CLI, NOT in Cisco SDM. (T/F)
Definition
FALSE (NTP can be configured in both CLI and Cisco SDM. )
Term
How many levels of logging is there on a Cisco router?
A. 8
B. 5
C. 7
D. 9
Definition
8 (There are 8 levels of logging, 0 through 7. )
Term
Which type of encryption algorithm is a symmetric encryption algorithm with a 160 bit key?
A. SEAL
B. RC4
C. RC2
D. 3DES
Definition
SEAL (SEAL is a symmetric encryption algorithm which supports a 160 bit key.)
Term
DES has an encryption key of 168 bits. (T/F)
Definition
FALSE (DES has a 56 bit key length )
Term
Which algorithm uses an encrypt, decrypt, encrypt process?
A. 3DES
B. AES
C. RC4
D. SEAL
E. RC2
Definition
3DES (3DES uses an encrypt, decrypt, and encrypt scheme to deliver a 168 bit key.)
Term
Hashing performs the function of confidentiality? (T/F)
Definition
FALSE (Hashing performs the function of integrity by ensuring that the data has not been tampered with or altered.)
Term
The DES encryption algorithm is too dated to use for today’s applications. (T/F)
Definition
FALSE (DES can be safely used for short term applications. )
Term
Which of the following key lengths for symmetric encryption provides protection for up to 3 years?
A. 128
B. 80
C. 256
D. 96
Definition
80 (In symmetric encryption, a key length of 80 is considered to provide protection for up to 3 years.)
Term
AES has only support for a 256 bit key. (T/F)
Definition
FALSE (AES can use 128, 192, and 256 bits.)
Term
A HIDS is a host based intrusion detection system. (T/F)
Definition
TRUE (A HIDS is a host based intrusion detection system as opposed to a NIDS, which is network-based.)
Term
The IOS IPS software has approximately how many built-in signatures?
A. 100
B. 200
C. 500
D. 50
Definition
100 (The IOS IPS software has approximately how many built-in signatures?)
Term
What is the one action that an IDS could perform to thwart an attack?
A. Send a TCP RST
B. Send a TCP FIN
C. Shutdown the port
D. Create a dynamic ACL
Definition
Send a TCP RST (Sending a TCP RST is typically the only action that the passive IDS system can perform._x000D_
An IPS sensor, on the other hand can send an alarm, reset the connection, drop the packet, or block the packet. _x000D_
0
Term
Which of the following services can be used by a TACACS+ server, if used for authorization?
A. SSL
B. PPP
C. EXEC
D. SSH
E. Telnet
Definition
PPP EXEC & Telnet (SSH and SSL are not services offered via TACACS+ authorization. The choices for TACACS+ authorization are rlogin, PPP, SLIP, EXEC, and Telnet)
Term
RADIUS uses UDP port 1813 for authentication. (T/F)
Definition
FALSE (RADIUS uses two ports currently, UDP 1812 for authentication and UDP 1813 for authorization.)
Term
Which of the following are valid response messages from a RADIUS server? (Choose 3)
A. ACCESS-CONTINUE
B. ACCESS-CHALLENGE
C. ACCESS-ACCEPT
D. ACCESS-REQUEST
E. ACCESS-DENY
Definition
ACCESS-CHALLENGE, ACCESS-ACCEPT, & ACCESS-REQUEST (The four types of messages used within a RADIUS server are ACCESS-REQUEST, ACCESS-ACCEPT, ACCESS-REJECT, and ACCESS-CHALLENGE. )
Term
Which of the following are considered part of the SDLC process? (Choose three.)
A. Restoration
B. Disposition
C. Preparation
D. Implementation
E. Operations and Maintenance
Definition
Disposition, Implementation, & Operations and Maintenance (Restoration and Preparation are not part of the five phases of the SDLC. Initiation and Acquisition and Development are not listed here.)
Term
A risk analysis uses the ALE to determine the monthly loss expectancy. (T/F)
Definition
FALSE (The Annual Loss Expectancy (ALE) is expected loss in dollars that would take place in a year.)
Term
A prosecutor needs to prove which of the following in a cyber crime case?
A. Damages
B. Money
C. Opportunity
D. Motive
E. Means
Definition
Opportunity, Motive, & Means (There are three things that must be proven in a cyber crime case, which are Means, Motive and Opportunity)
Term
A patent is protected for 30 years in the U.S.? (T/F)
Definition
FALSE (A U.S. patent is protected by law for the period of 20 years. )
Term
One of the phases of incident response is preparation. (T/F)
Definition
TRUE (Preparation is the first phase of incident response.)
Term
Which of the following are Cisco IOS security features commonly found on Cisco ISR routers? (Choose 3.)
A. CDP
B. NTP
C. IPS
D. VPN
E. Stateful firewall
Definition
IPS, VPN & Stateful firewall (There are generally four categories of security features found in Cisco IOS. They are a stateful firewall, an IPS, VPN capabilities, and VRF-aware firewall.)
Term
What are the two files that make up a
A. router image
B. image.bin
C. startup.bin
D. startup configuration
E. config
Definition
router image & startup (The bootset consists of the router image and configuration files. )configuration
Term
What is the global configuration mode command which allows you to configure a banner message for use when attempting to access a router?
A. banner
B. message banner
C. motd
D. banner config
E. banner motd
Definition
banner motd (The banner motd command is used to create a banner message. It also requires you to designate a delimiter to use for the purposes of identifying the message content. )
Term
Who was the inventor of the RSA algorithm?
A. Ronald Rivest
B. Len Adleman
C. Adi Shamir
D. Robert Metcalfe
Definition
Ronald Rivest, Len Adleman, & Adi Shamir (Ron Rivest invented RC4. Len Adleman and Adi Shamir and Ron Rivest invented RSA. Robert Metcalfe is the inventor of Ethernet. )
Term
A disadvantage of asymmetric encryption is computational speed. (T/F)
Definition
TRUE (A major disadvantage of asymmetric encryption is that computational speed is much longer than symmetric encryption.)
Term
The traffic that traverses an IPsec VPN tunnel is called “significant traffic” (T/F)
Definition
FALSE (“Interesting traffic” is defined by an access-list, which is the traffic which is allowed to traverse the VPN tunnel.)
Term
What debug command would you use if you wanted to troubleshoot IPsec while troubleshooting VPN connectivity?
A. debug crypto iskamp
B. debug crypto ipsec
C. debug ipsec
D. debug isakmp
Definition
debug crypto ipsec (The correct command is debug crypto ipsec.)
Term
When using SDM, on what screen would you find the number of supported interfaces on your router?
A. Monitor
B. Status
C. Configure
D. Home
Definition
Home (The Home screen has information about your router, including router model, IOS level, and the number of LAN and WAN interfaces, to name a few.)
Term
What number range is an extended access-list?
A. 1–99
B. 0-199
C. 100-199
D. 1-100
Definition
100-199 (An extended access-list has the range of 100-199. There is also an extended range of 2000-2699 which is seldom used.)
Term
A router ACL that is applied inbound means that it is going towards the router interface. (T/F)
Definition
TRUE (Inbound would be towards the interface.)
Term
What is the name of the feature that would have the following as part of the configuration; access-list compiled?
A. fast switching
B. access-list compiled
C. turbo acl
D. access-list turbo acl
Definition
turbo acl (The command to use for turbo ACLs is access-list compiled.)
Term
An access-list that is numbered 100 is a standard access-list. (T/F)
Definition
FALSE ( A standard access-list is 1-99)
Term
What is the current firewall technology?
A. Stateful firewall
B. Dynamic packet filtering
C. Application layer firewall
D. Circuit level firewall
Definition
Stateful firewall (The latest and current firewall technology is a stateful firewall.)
Term
What are the reasons you might use an application layer firewall?
A. User-level authentication
B. It easy to introduce into the network
C. It operates at layer 2
D. It makes rule generation easier
Definition
User-level authentication (An application layer firewall can offer tighter control over your application, including user-level authentication.)
Term
To configure Intrusion Prevention in Cisco SDM, you use the Configure è Services menu. (T/F)
Definition
FALSE (You select the Configure --> Intrusion Prevention menu.)
Term
What is the name of the graphical utility used to Configure and Monitor a Cisco ISR router?
A. CiscoWorks
B. PDM
C. ASDM
D. SDM
E. NMS
Definition
SDM (SDM is the graphical user interface for ISR routers.)
Term
Which of the following would be an example of the Secure Communications aspect of the Cisco Self-Defending Network?
A. Cisco Security Agent
B. Dynamic Arp Inspection
C. VPN
D. Anti-Virus
Definition
VPN (The Secure Communications portion of the Cisco Self-Defending Network includes both remote access and site-to-site VPNs, and SSL.)
Term
The principle of least privilege is one aspect of a good security policy (T/F)
Definition
FALSE (The principle of least privilege is one aspect of operational security or OPSEC.)
Term
Which of the following is a method of basic layer 2 security?
A. CDP
B. DHCP Snooping
C. ACL
D. PPP
Definition
FALSE (DHCP Snooping is a layer 2 security feature that creates ports where DHCP responses are allowed - this is called trusted.)
Term
What would be the motive of an attacker if he were to use a tool like macof to overflow the CAM table?
A. Denial of service
B. Brute-force password attack
C. Buffer overflow
D. Packet capture capability
Definition
Packet capture capability (Assuming the switch is in a fail-open mode, then an overloaded CAM table or MAC Address Table would result in the frames being flooded to all ports. This would allow an attacker to capture packets on that switch.)
Term
Which of the following is NOT one of the data classifications that might be used in the military?
A. Confidential
B. Public
C. Secret
D. Unclassified
Definition
Public (Public is not one of the classifications that the military uses. This is more for public companies and some of the data that they use is for public consumption.)
Term
Which IPSec protocol does both authentication and encryption?
A. ESP
B. GRE
C. AH
D. PPTP
Definition
ESP (Encapsulating Security Protocol (ESP) does both authentication and encryption)
Term
A vulnerability is a piece of code or attack method. (T/F)
Definition
FALSE (A vulnerability is a weakness in a system or device.)
Term
A man-in-the-middle attack is an attack on confidentiality? (T/F)
Definition
FALSE (A man-in-the-middle attack is an attack on integrity, because the integrity of the connection has been compromised.)
Term
What type of law typically deals with a non-criminal wrongdoing?
A. Civil law
B. Administrative law
C. Common law
D. Criminal law
Definition
Civil law(Civil law is a non-criminal enforcement.)
Term
An example of a technical policy is that a new employee has to sign an agreement to abide by an Internet usage policy prior to starting. (T/F)
Definition
FALSE (Any type of policy that deals with end-user expected behavior would be an end-user policy.)
Term
What is a line configuration mode command that configures a line to require a login? Fill-in-the-blank
Definition
The LOGIN COMMAND under a line configuration mode requires a user to specify a login username.
Term
What is the name of files used as part of the Cisco IOS Resilient Configuration?
A. bootset
B. secure-flash
C. secure files
D. security-flash
Definition
bootset (A bootset is the name for the files used as part of the Cisco IOS Resilient Configuration.)
Term
A Cisco ISR router can only use HTTP to access Cisco SDM. (T/F)
Definition
FALSE (You can use either HTTP or HTTPS to access Cisco SDM.)
Term
Which command sequence would set the debug command to be a privilege level of 7? (Fill-in-the-blank) R2(config)# _________
Definition
privilege exec level 7 debug (You must be in global configuration mode to use the privilege exec level 7 debug command.)
Term
A VTY is the same as a console connection on a Cisco router. (T/F)
Definition
FALSE (A virtual tty line is known as the VTY or virtual tty line. A telnet or ssh program is used to connect via the VTY lines.)
Term
Type the command that would produce a password with a 128 bit MD5 hash value? Fill-in-the-blank
Definition
enable secret password (The enable secret password produces an encrypted 128 bit MD5 hash. Any other password that would be encrypted with the service password-encryption command would be a type 7 encryption or an XOR function of the input.)
Term
Which of the following is the command to enable a default login authentication method list using the enable password?
A. aaa authentication login
B. aaa authentication login local
C. aaa authentication login default enable
D. aaa authentication login local default enable
Definition
aaa authentication login default enable (The aaa authentication command is used with the keyword login and then default to specify the default method and then following by the method list, which in this case is enable only.)
Term
When using authorization, what does the command aaa authorization commands 5 joe do?
A. authorizes joe to do 5 commands
B. allows joe to do all level 5 commands
C. authorizes joe to perform 5 logins
D. authorizes anyone in the joe method list to use level 5 commands
Definition
allows joe to do all level 5 commands (The aaa authorization commands allows you to run commands. The 5 refers to the level of commands in level 5 (they must be defined) and joe refers to the username that can be used. )
Term
Type the command which you would use if you wanted to create an authentication banner for your login? (Fill-in-the-blank)
Definition
aaa authentication banner (If you wanted to create a personalized banner message for people who used aaa to authenticate, you would use the command aaa authentication banner.)
Term
What option to the aaa accounting command sends a start and a stop accounting notice?
A. start-stop
B. stop-only
C. start-only
D. stop
Definition
start-stop (There are two options related to accounting start and stop. One logs start and stop and the other is stop-only.)
Term
SNMP v2c provides complete encryption in its transaction. (T/F)
Definition
FALSE (Cisco recommends SNMP Version 3, due to the increased security that it provides.)
Term
Which service is very important when enabling logging services?
A. CDP
B. SDM
C. NTP
D. MIB
Definition
NTP (Network Time Protocol is very important to have configured correctly prior to enabling logging services.)
Term
Auto secure is a method used by Cisco SDM to automate the locking down of your router. (T/F)
Definition
FALSE (The two methods that can be used to automate the lockdown the router are auto secure from the CLI and using the SDM, One-Step Lockdown.)
Term
Which two of the following are configured as part of the auto secure process using CLI?
A CEF
B. Security Banner
C. CDP
D. source routing
Definition
CEF & CDP (There are a number of features configured during the auto secure process, including Cisco Express Forwarding (CEF) and a security banner. CDP and source routing are explicitly turned off during the auto secure process.)
Term
In order to view the syslog logging buffer in SDM, what button would you choose and then what task?
A. Configure
B. Monitor
C. Home
D. Logging
E. Overview
Definition
Monitor & Logging (When using SDM, you will choose the Monitor button from the menu across the top. Then from the Task menu along the side, you choose Logging for your task. Specifically you will then use the Syslog tab at the top of the Logging menu.)
Term
What state does a port that is configured for Root Guard go into when receiving a superior BPDU?
A. err-disable
B. shutdown
C. root-disable
D. root-inconsistent
Definition
root-inconsistent (A port that is configured for Root Guard protects the root port status of the port and goes into an err-disable mode if it receives a superior BPDU.)
Term
A tool like macof is used in performing a switch spoofing attack. (T/F)
Definition
FALSE (The macof tool (short for mac overflow) can overrun the mac address limits of the switch, causing it to resemble a hub. This is a CAM table attack.)
Term
Which choice can be described as a MAC address which is learned on the port, added to the CAM table, but not added to the running configuration and will be lost if the switch is rebooted?
A. sticky secure MAC address
B. dynamic secure MAC address
C. static secure MAC address
D. sticky dynamic MAC address
Definition
dynamic secure MAC address (Dynamic secure MAC address is virtually the same as sticky secure, however it is not added to the running configuration.)
Term
What feature of Cisco IOS Firewall feature set can be described as a way to restrict access to resources by having users authenticate prior to accessing them?
A. stateful firewall
B. application inspection
C. CBAC
D. Authentication proxy
Definition
Authentication proxy (An authentication proxy might be used as a way to permit users to access the Internet, for example.)
Term
When using SDM to configure IOS Firewall features, the only choice of wizard is the basic firewall. (T/F)
Definition
FALSE (There are two wizards, basic firewall and advanced firewall.)
Term
What command is implied at the end of any access-list?
A. permit ip any any
B. end
C. deny any
D. deny tcp any any
Definition
deny any (Any access-list that has entries in it has an implied deny any command at the end of it.)
Term
An IPS should always be used instead of an IDS. (T/F)
Definition
FALSE (It depends on what you need to achieve. It can be a good idea to combine the technologies to enable a greater defense in depth.)
Term
Which of the following operating systems are NOT supported by Cisco Security Agent for Servers?
A. Sun Sparc 9
B. Windows XP
C. Red Hat Enterprise Linux
D. Windows 2000 Server
Definition
Windows XP (Windows XP is not on the list of supported platforms for Cisco Security Agent for Servers.)
Term
Which is NOT one of the types of signatures used in the Cisco IPS?
A. DoS signatures
B. Exploit signatures
C. String signatures
D. Regex signatures
Definition
Regex signatures (Regex is not one of the signature types used in the Cisco IPS. The four types are DoS, Exploit, String, and Connection signatures.)
Term
What was the name of the cipher used by a commander in the Roman empire?
A. Vigenere
B. Babbage
C. Enigma
D. Caesar
Definition
Caesar (The Caesar cipher was used for messages between Caesar and his commanders.)
Term
What cipher is used in the AES encryption scheme?
A. Rijndael
B. Vigenere
C. RSA
D. Dijkstra
Definition
Rijndael (The Rijndael cipher was chosen as the AES encryption scheme by the US government.)
Term
What are two characteristics of SEAL from the list below?
A. Only supported in software
B. Only supported in hardware
C. Is more processor intensive than 3DES
D. Is a symmetric encryption algorithm
Definition
Only supported in software & Is a symmetric encryption algorithm (SEAL is only supported in software and is also a symmetric encryption algorithm.)
Term
A hashing function creates a fixed length value. (T/F)
Definition
TRUE (A hashing function takes in a variable length value and creates a fixed length value.)
Term
What is the term used when a hashing algorithm produces the same hash value for different sets of data?
A. redundant
B. collision
C. doubling
D. exacting
Definition
collision (A collision is when the same hash value is produced for different data sets.)
Term
Which two of the following are the most common hashes used?
A. MD4
B. SHA-1
C. MD5
D. DES
Definition
SHA-1 & MD5 (MD4 is a older hash that has been cracked and DES is a symmetric encryption algorithm.)
Term
Which of the following are the two main algorithms used for digital signatures?
A. RSA
B. DES
C. DSA
D. DSS
Definition
RSA & DSA (DSS is the standard for digital signatures and DES is an encryption standard.0
Term
Secure shell (SSH) uses what kind of an encryption solution?
A. Symmetric
B. Asymmetric
C. Hybrid
D. Public
Definition
Hybrid (SSH uses a hybrid encryption solution because it uses PKC to authenticate the remote PC.)
Term
The Diffie-Hellman Group 5 uses what key length?
A. 1536
B. 1024
C. 2048
D. 4096
Definition
1536 (DH Group 5 uses a 1536 bit key length. DH Group 2, which is used in Cisco’s IPsec implementation, is a 1024 bit key length.)
Term
In IPsec, what protocol and number is AH?
A. TCP 50
B. UDP 50
C. IP 51
D. IP 50
E. UDP 51
Definition
IP 51 (IPsec uses IP protocol numbers for the two protocols, ESP and AH, which are 50 and 51, respectively.)
Term
The end result of IKE Phase 2 is to create what?
A. ISAKMP SA
B. IPsec SA
C. DH Group 2
D. IKE SA
Definition
IPsec SA (In IKE Phase 1, you create an IKE (ISAKMP) SA in order to setup a secure channel to negotiate the IPsec SA in Phase 2.)
Term
When troubleshooting a site-to-site IPsec tunnel connectivity, you see a message in the debug that says “atts are acceptable”. What does this mean?
A. the tunnel is up
B. an IKE policy has matched
C. IPsec is enabled
D. transform sets matched
Definition
an IKE policy has matched (“Atts are acceptable means” that an IKE policy has matched. This means the IKE phase I has completed. The next thing to look at is the IPsec SA to see if it has been negotiated.)
Term
What is the name of a group of computers that have been compromised and are controlled by a third party?
A. hotnet
B. botnet
C. LANnet
D. DOSnet
Definition
botnet (A botnet is a group of computers that have been compromised by any of various means, and are controlled by a third party through a command and control server.)
Term
A smurf attack is an attack on which tenet of the network security objectives?
A. Confidentiality
B. Reliability
C. Availability
D. Integrity
E. Repeatability
Definition
Availability (A smurf attack is where a large number of small packets are directed to a single host, causing a denial-of-service, which would be an attack on availability.)
Term
In an example of data classification for the private sector, a piece of marketing data for an upcoming, but not yet released marketing campaign is accidentally released. What would this data be classified as?
A. Top Secret
B. Confidential
C. Secret
D. Private
E. Sensitive
Definition
Sensitive (This is somewhat subjective, but since there were no specific security aspects, marketing data that is not really confidential or private, but not public would have to classified sensitive. The other two choices are from the military classification system.)
Term
If you were going to design a network and adhere to operation security best practices, what in the following list would NOT be a factor?
A. Keep it simple
B. Look for single points of failure
C. Look for attack vectors
D. Find the lowest cost
E. Plan for the future
Definition
All of the following except Find the Lowest Cost: _x000D_
A. Keep it simple_x000D_
B. Look for single points of failure_x000D_
C. Look for attack vectors_x000D_
D. Find the lowest cost_x000D_
E. Plan for the future
Term
A degree in Information Assurance from a four year university would be an example of what in a security awareness program?
A. Training
B. Awareness
C. Certification
D. Education
E. Motivation
Definition
Education (There are three components of a security awareness program; Training, Awareness, and Education. Education is more concerned with a formal degree program.)
Term
If you configured an enable secret password, what would precede the password in the saved configuration?
A. 1
B. 7
C. 4
D. 6
E. 5
Definition
5 (The answer is 5, because the enable secret password is an MD5 hash of the entered password.)
Term
What command would you use from the command line to verify that the proper SDM files exist, so that you can run SDM to configure your router?
A. show directory
B. show files
C. show flash
D. show sdm
Definition
show flash (The answer is show flash, which displays the files on the flash memory)
Term
What command would you use to deter a brute-force attack on your router by setting a minimum time (beyond the default) to wait before login commands would be accepted again after an unsuccessful attempt?
A. login block-for
B. login delay
C. login wait
D. login wait attempt
Definition
login delay (When you use the login block-for command by itself, this sets a default of 1 second to wait after an unsuccessful attempt to login. If you want to configure a different interval, you must use the login delay command._x000D_
10)
Term
What can be described as who logged in, what they did, and how long they did it for?
A. authentication
B. authorization
C. logging
D. accounting
E. debugging
Definition
accounting (This question was covering AAA services, which include authentication, authorization, and accounting. Accounting describes who logged in, what they did, and for how long. Authorization says who can perform what tasks, and authentication says who is allowed to login.)
Term
A NAS, which is a network access server (as opposed to network attached storage) is another name for what? (Choose all that apply.)
A. switch
B. router
C. VPN concentrator
D. firewall
Definition
A. switch_x000D_
B. router_x000D_
C. VPN concentrator_x000D_
D. firewall_x000D_
(A network access server can be any device which can run TACACS+. We commonly use a router as a NAS, but if you have a Cisco network with many devices, chances are they are all using TACACS+ plus for AAA.)
Term
Cisco Secure ACS for Windows runs which AAA services? Choose all that apply.
A. TACACS+
B. CDP
C. RADIUS
D. SDEE
Definition
A. TACACS+_x000D_
C. RADIUS _x000D_
(Cisco Secure ACS for Windows can be both a TACACS+ server and a RADIUS server and both at the same time.)
Term
When you run auto secure from the command line, a number of global services are disabled. Which of these are NOT one of the global services that are disabled?
A. Finger
B. PAD
C. Small Servers
D. Service password-encryption
E. NTP
Definition
NTP (Service password-encryption is enabled during the auto secure process. The rest of the global services listed are part of those that are disabled.)
Term
A syslog server can be configured in Cisco SDM by utilizing what menu task? (Choose three)
A. Router Properties
B. Additional Tasks
C. Security Tasks
D. Logging
Definition
A. Router Properties_x000D_
B. Additional Tasks_x000D_
D. Logging_x000D_
(Select the Configure Button, then Additional Tasks on the task bar. Then Router Properties is selected on the selection tree and then expands to display the Logging selection.)
Term
Network Time Protocol (NTP) uses what protocol and port to communicate?
A. UDP 321
B. UDP 123
C. UDP 514
D. TCP 514
E. TCP 123
Definition
UDP 123 (NTP uses UDP 123 to communicate. UDP is a connectionless protocol, best suited for things like updates on time, log messages, etc.)
Term
Which of the following is a method of basic layer 2 security?
A. CDP
B. DHCP Snooping
C. ACL
D. PPP
Definition
DHCP Snooping (DHCP Snooping is a layer 2 security feature that creates ports where DHCP responses are allowed - this is called a trusted port.)
Term
What is used to elect a root bridge within a layer 2 switched environment?
A. Hello packets
B. STP update packets
C. BPDU
D. CDP
E. STP cost
Definition
BPDU (Bridge Protocol Data Units (BPDUs) are used to elect a root bridge, based on bridge priority)
Term
ARP spoofing attacks depend on the use of what type of messages?
A. CDP updates
B. NTP
C. GARP
D. MAC
E. DAI
Definition
GARP (ARP spoofing attacks depend on the use of Gratuitous ARP messages, which offer up bogus ARP packets to replace correct ones in an ARP table on a host or router.)
Term
When discussing access-list placement, which of the following is correct? Choose two.
A. A standard access-list should be placed as close to the destination as possible
B. An extended access-list should be placed as close to the source as possible.
C. A standard access-list should be placed as close to the source as possible
D. An extended access-list should be placed as close to the destination as possible.
Definition
A. A standard access-list should be placed as close to the destination as possible_x000D_
B. An extended access-list should be placed as close to the source as possible._x000D_
(A standard access-list should be placed as close to the destination as possible and an extended access-list should be placed as close to the source as possible.)
Term
RFC 1918 IP addresses should be blocked by ACL at an Internet facing router heading inbound to the local LAN. (T/F)
Definition
TRUE (RFC 1918 addresses should be blocked, as well as multicast, localhost addresses, and the local LAN range of addresses.)
Term
What level of the OSI model does the Circuit Level firewall operate at? (Choose all that apply.)
A. 2
B. 3
C. 4
D. 5
E. 7
Definition
C. 4_x000D_
D. 5_x000D_
(A Circuit Level Firewall operates at the Transport and Session layers of the OSI model, monitoring TCP and UDP port communications.)
Term
The IDS and IPS sensor uses four different approaches to scan for and identify malicious traffic. Which of the following is NOT one of the four approaches?
A. Policy approach
B. Signature approach
C. Honeypot approach
D. Brute-force capture approach
E. Anomaly-based approach
Definition
Brute-force capture approach (The four approaches to IDS and IPS usage are policy, signature, honeypot, and anomaly based.)
Term
When discussing IDS/IPS technology, which of the following types can be described as a predefined definition of known good network behavior?
A. statistical
B. non-statistical
C. honeypot
D. active
Definition
non-statistical (When describing anomaly-based IDS and IPS sensors, there are two types, statistical and non-statistical. Statistical “learns” the good network behavior over time. Non-statistical has it pre-programmed and it may be correct, or it might need lots of tuning.)
Term
Cisco Security Agent can be described as what kind of system?
A. HIPS
B. HIDS
C. NIDS
D. NIPS
Definition
HIPS (Cisco Security Agent (CSA) can best be described as a Host Intrusion Prevention System (HIPS).)
Term
DES has two operating modes, block cipher and stream cipher. Which two of the following selections are part of the block cipher mode?
A. CFB mode
B. CBC mode
C. ECB mode
D. OFB mode
Definition
B. CBC mode_x000D_
C. ECB mode_x000D_
(The block cipher mode uses the Cipher Block Chaining (CBC) type and the Electronic Code Book (ECB) type.)_x000D_
Term
The Rivest Cipher RC4 is an asymmetric encryption algorithm. (T/F)
Definition
FALSE (RC4 is a symmetric encryption algorithm.)
Term
Which of the following encryption algorithms is not supported in Cisco IOS for IPsec implementations?
A. 3DES
B. AES
C. DES
D. RC4
Definition
RC4 (RC4 is not supported for Cisco IPsec implementations)
Term
An HMAC is a code that further secures a hash. (T/F)
Definition
TRUE (The Hash Message Authentication Code (HMAC) is another layer of security on top of a hash such as MD5 or SHA-1. Cisco uses the HMAC within their security protocols.)
Term
Which of the following is not a feature of Digital Signatures?
A. Integrity
B. Confidentiality
C. Non-repudiation
D. Authentication
Definition
Confidentiality (Digital signatures feature integrity, authentication, and non-repudiation, but does not address confidentiality.)