Term
| Which protocol is used for transporting the event data from Cisco IPS 5.0 and later devices to the Cisco Security MARS appliance? |
|
Definition
|
|
Term
| What type of attack is learning about a target network? |
|
Definition
|
|
Term
| What type of attack is it to make a system unavailable for normal use. |
|
Definition
|
|
Term
| What type of attack is it to try and escalate your privilege level? |
|
Definition
|
|
Term
| What types of attacks target vulnerabilities of end-user workstations |
|
Definition
| Worms, viruses and Trojan horses. |
|
|
Term
| Which Cisco security product provides a security audit wizard? |
|
Definition
| Cisco Router and Security Device Manager |
|
|
Term
| How is the Cisco IOS Control Plane Policing achieved? |
|
Definition
| by applying a QoS policy in control plane configuration mode |
|
|
Term
| Which component of the Cisco NAC framework is responsible for compliance and policy enforcement? |
|
Definition
|
|
Term
What is a benefit of Cisco Integrated Services Routers?
A. Intel Xeon CPU
B. built in event correlation engine
C. built in encryption acceleration
D. customer programmable ASIC
|
|
Definition
| C. built in encryption acceleration |
|
|
Term
What are three functions of CSA in helping to secure customer environments?
A. application control
B. control of executable content
C. identification of vulnerabilities
D. probing of systems for compliance.
E. real-time analysis |
|
Definition
A. application control
B. control of executable content
F. System hardening
|
|
|
Term
Which two features can the USB etoken
for Cisco Integrated Service
Routers be used for?
A. distribution and storage of VPN credentials
B. command authorization
C. one-time passwords
D. secure deployment of configurations
E |
|
Definition
A. distribution and storage of VPN credentials
D. secure deployment of configurations
|
|
|
Term
What is the benefit of IPSec + GRE?
|
|
Definition
full support of dynamic routing protocols
|
|
|
Term
Which two are true about Cisco Autosecure?
A. blocks all IANA-reserved IP address blocks.
B. enables identification service
C. enables log messages to include sequence numbers and time stamps
D. disables tcp keepalives
E. removes |
|
Definition
A. blocks all IANA-reserved IP address blocks
C. enables log messages to include sequence numbers and time stamps |
|
|
Term
Which two statements about the Firewall Services Module are true?
|
|
Definition
D. Up to 1 million simultaneous connections are possible
E. up to 1000 Separate contexts are possible. |
|
|
Term
After powering up a MARS appliance, what is a valid task?
A. Use a cat 5 crossover cable to connect to MARS eth1 port
B. Connect a keyboard and monitor directly to the MARS appliance to set up its initial configuration
|
|
Definition
| B. Connect a keyboard and monitor directly to the MARS appliance to set up its initial configuration. |
|
|
Term
| Which Cisco security product is an easily deployed software solution that can automatically detect, isolate, and repair infected or vulnerable devices that attempt to access the network? |
|
Definition
| NAC appliance (Cisco Clean Access) |
|
|
Term
| What is the benefit of the high-performance AIM that is included with Cisco Integrated Services Routers? |
|
Definition
| hardware-based encryption and compression |
|
|
Term
| In the context of Cisco NAC, what is a network access device? |
|
Definition
|
|
Term
| How does CSA protect endpoints? |
|
Definition
| uses file system, network, registry and execution space interceptors to stop malicious activity. |
|
|
Term
Which two should be included in an analysis of a Security Posture Assessment?
A. detailed action plan
B. identification of bottlenecks in the network
C. identification of critical deficiencies
D. recommendation based on security best pract |
|
Definition
C. identification of critical deficiencies
D. recommendation based on security best practice. |
|
|
Term
| Network security is a continuous process that is built around what? |
|
Definition
| Corporate Security Policy |
|
|
Term
| What feature of the Cisco IOS adaptive threat defense performs Application Security? |
|
Definition
| Application Security and control |
|
|
Term
| What feature of the Cisco IOS adaptive threat defense performs Anti-X? |
|
Definition
|
|
Term
| What feature of the Cisco IOS adaptive threat defense performs Containment and Control? |
|
Definition
| Network Foundation Protection |
|
|
Term
| Which rule type allows for false positive tuning? |
|
Definition
|
|
Term
| Which rule types are pushed down from a Global controller? |
|
Definition
|
|
Term
| Which rule types are custom inspection rules that you desire? |
|
Definition
|
|
Term
| Which rule types are out-of-the-box rules provided with Cisco Security MARS? |
|
Definition
|
|
Term
Which are two functions of Cisco Security Agent?
A. authentication
B. control of executable content
C. resource protection
D. spam filtering
E. user tracking
|
|
Definition
B. control of executable content
C. resource protection. |
|
|
Term
In which two ways can a Security Posture Assessment help organizations to understand network threats and risks?
A. by coaching system administrators
B. by identifying bottlenecks
C. by identifying vulnerable systems
D. by recommending area |
|
Definition
C. by identifying vulnerable systems
D. by recommending areas to improve |
|
|
Term
| Self-Defending network is the Cisco vision for security systems. What is the purpose of the Cisco ACS server? |
|
Definition
|
|
Term
| Which two are valid arguments that you can use to convince a business decision maker of the need for network security? |
|
Definition
B. Cisco products can provide end-to-end network protection against current and emerging threats.
E. Organizations that operate vulnerable networks face increasing liabilities |
|
|
Term
| What is the main reason for customer's to implement the Cisco Detector and Guard solution? |
|
Definition
| as DDoS protection system |
|
|
Term
Which two statements are true about symmetric key systems?
A. It uses secret-key cryptography.
B. Encryption and Decryption use different keys
C. It is typically used to encrypt the content of a message
D. RSA is an example of public key e |
|
Definition
A. It uses secret-key cryptography.
C. It is typically used to encrypt the content of a message. |
|
|
Term
| What allows Cisco Security Agent to block malicious behavior before damage can occur? |
|
Definition
| interception of operating system calls |
|
|
Term
| When implementing a Cisco Integrated Services Router, which feature would you apply to achieve application security? |
|
Definition
| Context-based access control |
|
|
Term
Which statement is true about the built-in hardware encryption that is included with Cisco Integrated Services Routers?
A. It supports SRTP
B. It supports 256 bit AES
C. It is two times faster than previous models
D. It stores VPN cred |
|
Definition
| B. It supports 256 bit AES |
|
|
Term
Which combination of authentication server and authentication protocol best implements command authorization for tighter control of user access rights?
A. Cisco Secure ACS server and RADIUS
B. Cisco Secure ACS server and TACACS+
C. Microsof |
|
Definition
| B. Cisco Secure ACS server and TACACS_ |
|
|
Term
What is a feature of functions of Cisco Security MARS?
A. enforces authorization policies and privileges.
B. determines security incidents based on device messages, events and sessions.
C. configures, monitors and troubleshoots Cisco securi |
|
Definition
| B. determines security incidents based on device messages, events and sessions |
|
|
Term
| What are the two main reasons for customers to implement Cisco Clean Access? |
|
Definition
A. enforcement of security policies by making compliance a condition of access.
F. implementation of NAC phase 1. |
|
|
Term
| What is the purpose of SNMP community strings when adding reporting devices into a newly installed Cisco Security MARS appliance? |
|
Definition
| To discover and display the full topology. |
|
|
Term
What could be a reason to implement Cisco Security Agent?
A. preventing day zero attacks
B. communicating the host posture validation to a policy server
C. tracking the internet usage of employees
D. validating policy compliance |
|
Definition
| A. preventing day zero attacks |
|
|
Term
What are two parts of the network security lifecycle?
A. Purchase
B. Operate
C. Integrate
D. Design
E. Develop
|
|
Definition
|
|
Term
| On the Cisco Security MARS appliance, what is used to facilitate the management of Event, IP, Service and User management? |
|
Definition
|
|
Term
Which two features work together to provide Anti-X defense?
A. enhanced application inspection engines
B. enhanced security state assessment.
C. Cisco IPS version 5.0 technology
D. network security event correlation
E. Cisco IOS a |
|
Definition
A. enhanced application inspection engines
C. Cisco IPS version 5.0 technology |
|
|
Term
Which three components should be included in a security policy?
A. identification and authentication policy
B. incident handling procedure
C. security best practice
D. security product recommendation
E. software specifications
|
|
Definition
A. identification and authentication policy
B. incident handling procedure
F. statement of authority and scope |
|
|
Term
Which statement is true about Cisco Security MARS global controller?
|
|
Definition
| B. The Global controller centrally manages a group of Local Controllers |
|
|
Term
| Which Cisco IOS feature uses multipoint GRE and the Next Hop Resolution protocol to create dynamic IPSec tunnels between spoke sites? |
|
Definition
|
|
Term
When a FWSM is operating in transparent mode, what is true?
A. Each interface must be on the same VLAN
B. The FWSM does not support multiple security contexts
C. Each directly connected network must be on the same subnet
|
|
Definition
| C. Each directly connected network must be on the same subnet |
|
|
Term
Which three are included with the Cisco Security Agent?
A. Buffer overflow protection
B. Day zero virus and worm protections
C. Cisco easy VPN Client
D. host-based intrusion protection.
E. plug in interface to query posture provid |
|
Definition
A. Buffer overflow protection
B. Day zero virus and worm protections
D. host-based intrusion protection |
|
|
Term
What is a valid step when setting up the Cisco Security MARS appliance for data archiving?
A. Specify the remote CIFS server.
B. Specify the remote FTP server.
C. Specify the remote NFS server.
D. Specify the remote TFTP server
|
|
Definition
| C. Specify the remote NFS server. |
|
|
Term
Which two components should be included in a network design document?
A. complete network blueprint
B. configuration for each device
C. detailed part list
D. operating expense
E. risk analysis
|
|
Definition
A. Complete network blueprint
C. detailed parts list |
|
|
Term
Which two components should be included in a detailed design document?
A. data source
B. existing network infrastructure
C. organization chart
D. proof of concept
E. vendor availability |
|
Definition
B. existing network infrastructure
D. proof of concept |
|
|
Term
Identify two ways to create a long-duration query on the Cisco Security MARS appliance.
A. by modifying an existing report.
B. by saving a query as a report
C. by submitting a query in line
D. by submitting a batch query
E. by sa |
|
Definition
A. by modifying an existing report
D. by submitting a batch query |
|
|
Term
| What are two main security drivers? |
|
Definition
1. Compliance with company policy
2. security legislation |
|
|
Term
| In which two ways does 802.1x benefit businesses in terms of trust and identity? |
|
Definition
A. allows a user-based policy to be dynamically applied to switched ports
C. prevents any unauthorized device from connecting. |
|
|
Term
Which three should be included in a system acceptance test plan?
A. features to be tested
B. indications of references
C. pass and fail criteria
D. product data sheets
E. recommended changes
F. resource requirements and sched |
|
Definition
A. features to be tested
C. pass and fail criteria
F. resource requirements and schedule |
|
|
Term
What are two beneficial functions of the Cisco VPN/Security Management solution?
|
|
Definition
D. provides functions for monitoring and troubleshooting the health and performance of security devices.
E. performs real time monitoring of site-to-site VPN, remote-access VPN, firewall and IPS services. |
|
|
Term
Which two are valid methods for adding reporting devices into the Cisco Security MARS appliance?
A. running an import wizard.
B. importing the devices from CiscoWorks
C. loading the devices from a seed file.
D. running manual configuration
E. using C |
|
Definition
C. loading the devices from a seed file
D. running manual configuration |
|
|
Term
| What is a valid way of verifying a network security design? |
|
Definition
| pilot or prototype network. |
|
|
Term
| Which IPS feature models worm behavior and correlates the specific time between events, network behavior, and multiple exploit behavior to more accurately identify and stop worms? |
|
Definition
|
|
Term
| In which two ways do Cisco ASA 5500 Series Adaptive Security Appliances achieve Containment and Control? |
|
Definition
1. By preventing unauthorized network access?
2. by tracking the state of all network communications. |
|
|
Term
Which three are functions of Cisco Security Agent?
A. spyware and adware protection
B. device-based registry scans
C. malicious mobile code protections
D. local shunning
E. protection against buffer overflows
F. flexibility a |
|
Definition
B. device-based registry scans
C. malicious mobile code protections
E. protection against buffer overflows |
|
|
Term
| Which Cisco security product can be used to perform a Security Posture assessment of client workstations? |
|
Definition
|
|
Term
| How can you configure a Cisco security MARS appliance to send notifications via e-mail, pager, syslog, SNMP or SMS? |
|
Definition
| by defining the rule "Action" |
|
|
Term
What are three advantages of Cisco Security MARS?
A. performs automatic mitigation on Layer 2 devices
B. ensures that the user device is not vulnerable
C. fixes vulnerable and infected devices automatically
D. provides rapid profile-ba |
|
Definition
A. performs automatic mitigation on Layer 2 devices.
E. is network topology aware
F. contains scalable, distributed event analysis architecture. |
|
|
Term
Which three Cisco security products help to prevent application misuse and abuse
|
|
Definition
A. Cisco ASA 5500 Series Adaptive Security Appliance
D. Cisco security agent
F. Cisco IOS FW and IPS |
|
|
Term
| By providing a detailed inspection of traffic in Layers 2 through 7, the Cisco IPS appliance offers which benefit to customers? |
|
Definition
| D. prevention of protocol misuse |
|
|
