Network Security (Version 1.0) – Final Exam Answers Full PDF

Preview

Summary

Network Security Exam Preparation...

Description

Network Security ( Version 1) – Network Security 1.0 Final Exam Answers

1. Match the type of ASA ACLs to the description. (Not all options are used.)

2. Which statement describes a difference between the Cisco ASA IOS CLI feature and the router IOS CLI feature?  ASAusest he?c ommandwher easar out erus est hehel pcommandt or ecei v ehel ponabr i efdesc r i pt i on andt hes y nt axofac ommand.

 To use a show command in a general configuration mode, ASA can use the command directly whereas a router will need to enter the do command before issuing the show command.  Toc ompl et eapar t i al l yt y pedc ommand,ASAus est heCt r l +Tabkeycombi nat i onwher e asar out erus est he T abk ey .  Toi ndi c at et heCLIEXECmode,ASAus est he% s ymbolwher easar out erus est he#s y mbol . Explanation: TheASACLIi sapr opr i et ar yOSwhi c hhasasi mi l arl ookandf eelt ot heCi sc or out erI OS.Al t hough i ts har ess omecommonf eat ur eswi t ht her out erI OS,i thasi t suni quef eat ur es .Forex ampl e,anASACLIcommand c anbeex ec ut edr egar dl es soft hec ur r entconfi gur at i onmodepr ompt .TheI OSdoc ommandi snotr equi r edor r ecogni z ed.Bot ht heASACLIandt her out erCLIus et he#s y mbol t oi ndi c at et heEXECmode.Bot hCLI sus et heT ab k eyt ocompl et eapar t i al l yt y pedcommand.Di ffer entf r om t her out erI OS,t heASApr o v i desahel pcommandt hat pr o v i desabr i efcommanddes cr i pt i onands ynt axf orc er t ai nc ommands . 3. Refer to the exhibit. A network administrator is configuring AAA implementation on an ASA device. What does the option link3 indicate?

t henet wor knamewher et heAAAser v err es i des t hespeci fi cAAAs er vername t hesequenc eofs er ver si nt heAAAs er vergr oup  the interface name 4. What provides both secure segmentation and threat defense in a Secure Data Center solution?  Ci s c oSecur i t yManagers of t war e  AAAser v er  Adaptive Security Appliance i nt r us i onpr ev ent i ons y st em 5. What are the three core components of the Cisco Secure Data Center solution? (Choose three.)  meshnet wor k  secure segmentation  visibility  threat defense  ser v er s i nf r as t r uc t ur e Explanation: Secur esegment at i oni susedwhenmanagi ngandor gani z i ngdat ai nadat ac ent er .Thr eatdef ens e i ncl udesafi r ewal l andi nt r us i onpr e vent i ons y st em ( I PS) .Da t ac ent erv i s i bi l i t yi sdes i gnedt os i mpl i f yoper at i onsand c ompl i ancer epor t i ngbypr o vi di ngc ons i s t ents ecur i t ypol i cyenf or c ement . 6. What are three characteristics of ASA transparent mode? (Choose three.)  This mode does not support VPNs, QoS, or DHCP Relay. I ti st het r adi t i onalfi r ewal l depl oy mentmode .  This mode is referred to as a “bump in the wire.”  NATcanbei mpl ement edbet weenc onnec t ednet wor ks .  In this mode the ASA is invisible to an attacker.  Thei nt er f acesoft heASAsepar at eLay er3net wor k sandr equi r eI Paddr ess esi ndi ffer entsubnet s . 7. What is needed to allow specific traffic that is sourced on the outside network of an ASA firewall to reach an internal network?  ACL  NAT  dy nami cr out i ngpr ot oc ol s  out s i des ecur i t yzonel ev el0 Explanation: I nor dert oe x pl i c i t l yper mi tt r afficf r om ani nt er f acewi t hal owers ecur i t yl ev elt oani nt er f acewi t ha hi ghers ecur i t yl ev el ,anACLmustbeconfigur ed.Bydef aul t ,t r afficwi l lonl yfl owf r om ahi ghers ec ur i t yl ev el t oa l ower . 8. What will be the result of failed login attempts if the following command is entered into a router?

l ogi nbl oc k f or150at t empt s4wi t hi n90  Al l l ogi nat t empt swi l lbebl oc kedf or150s econdsi ft her ear e4f ai l edat t empt swi t hi n90s ec onds.  Al l l ogi nat t empt swi l lbebl oc kedf or90s ec ondsi ft her ear e4f ai l edat t empt swi t hi n150s ec onds.  Al l l ogi nat t empt swi l lbebl oc kedf or1. 5hour si ft her ear e4f ai l edat t empt swi t hi n150s econds .  Al l l ogi nat t empt swi l lbebl oc kedf or4hour si ft her ear e90f ai l edat t empt swi t hi n150s econds . Explanation: Thec omponent soft hel ogi nbl ock f or150at t empt s4wi t hi n90commandar easf ol l ows : Theex pr ess i onbl ock f or150i st het i mei ns ec ondst hatl ogi nswi l l bebl oc k ed. Theex pr ess i onat t empt s4i st henumberoff ai l edat t empt st hatwi l lt r i ggert hebl ocki ngofl ogi nr equest s . Theex pr ess i onwi t hi n90i st het i mei ns ec ondsi nwhi c ht he4f ai l edat t empt smus toc c ur . 9. Which two tasks are associated with router hardening? (Choose two.)  pl aci ngt her out eri nas ec ur er oom  disabling unused ports and interfaces i ns t al l i ngt hemax i mum amountofmemor ypos s i bl e  securing administrative access  us i nguni nt er r upt i bl epowers uppl i es 10. Which threat protection capability is provided by Cisco ESA?  webfi l t er i ng  cl oudac ces ss ecur i t y  spam protection  Lay er4t r afficmoni t or i ng Explanation: Emai li sat opat t ac kv ect orf orsec ur i t ybr eac hes .Ci sc oESAi nc l udesmanyt hr e atpr ot ect i on c apabi l i t i esf oremai l s uc hasspam pr o t ec t i on,f or gedemai ldet ec t i on,andCi s c oadv ancedphi s hi ngpr ot ec t i on. 11. What are two security measures used to protect endpoints in the borderless network? (Choose two.)  denylisting  Snor tI PS  DLP  DMZ r oot ki t Explanation: Measure

Purpose

antimalware software

Protect endpoints from malware.

spam filtering

Prevent spam emails from reaching endpoints.

blocklisting

Prevent endpoints from connecting to websites with bad reputations by immediately blocking connections based on the latest reputation intelligence.

data loss prevention (DLP)

Prevent sensitive information from being lost or stolen.

12. Which three types of traffic are allowed when the authentication port-control auto command has been issued and the client has not yet been authenticated? (Choose three.)  CDP  802. 1Q I Ps ec  TACACS+  STP  EAPOL Explanation: Unt i lt hewor ks t at i oni saut hent i c at ed,802. 1Xacc es scont r ol enabl esonl yExt ens i bl eAut hent i cat i on Pr ot oc olov erLAN( EAPOL) ,Ci sc oDi s c ov er yPr ot oc ol( CDP) ,andSpanni ngTr eePr ot ocol( STP)t r affict hr ought he por tt owhi cht hewor k st at i oni sc onnect ed.Af t eraut hent i cat i onsucc eeds ,nor mal t r afficcanpas st hr ought hepor t . 13. Which statement describes a characteristic of the IKE protocol?  It uses UDP port 500 to exchange IKE information between the security gateways. I KEPhas e1canbei mpl ement edi nt hr eedi ffer entmodes :mai n,aggr es s i v e,orqui ck . I tal l owsf ort het r ans mi ss i onofk ey sdi r ec t l yac r os sanet wor k .

 Thepur pos eofI KEPhase2i st onegot i at eas ec ur i t yass oci at i onbet weent woI KEpeer s . 14. Which action do IPsec peers take during the IKE Phase 2 exchange?  ex c hangeofDHkey s  negotiation of IPsec policy  negot i at i onofI KEpol i c yset s v er i fi cat i onofpeeri dent i t y Explanation: TheI KEpr ot oc ol ex ec ut esi nt wophas es .Dur i ngPhase1t het wos i desnegot i at eI KEpol i cyset s , aut hent i c at eeac hot her ,ands etupas ec ur ec hannel .Dur i ngt hes ec ondphaseI KEnegot i at essecur i t yas s oc i at i ons bet weent hepeer s . 15. What are two hashing algorithms used with IPsec AH to guarantee authenticity? (Choose two.)  SHA  RSA  DH  MD5  AES Explanation: TheI Ps ecf r amewor kus esv ar i ouspr ot ocol sandal gor i t hmst opr ov i dedat aconfi dent i al i t y ,dat a i nt egr i t y ,aut hent i ca t i on,andsec ur ekeyex c hange.Twopopul aral gor i t hmsus edt oensur et hatdat ai snoti nt er cept ed andmodi fi ed( dat ai nt egr i t yandaut hent i c i t y )ar eMD5andSHA. 16. Which command raises the privilege level of the ping command to 7?  us erex ecpi ngl ev el7  aut hor i zat i onex ecpi ngl ev el7  ac c ount i ngex ecl ev el7pi ng  privilege exec level 7 ping 17. What is a characteristic of a role-based CLI view of router configuration?  ACLIv i ewhasac ommandhi er ar c hy ,wi t hhi gherandl owerv i ews .  Whenas uper vi ewi sdel et ed,t heas s oc i at edCLIv i ewsar edel et ed.  A single CLI view can be shared within multiple superviews.  Onl yas uper v i ewus erc anconfi gur eanewv i ewandaddorr emov ecommandsf r om t heex i st i ngv i ews . Explanation: ACLIv i ewhasnoc ommandhi er ar c hy ,andt her ef or e ,nohi gherorl owerv i ews .Del et i ngasuper v i ew doesnotdel et et heas s oc i at edCLIv i ews .Onl yar ootv i ewus ercanc onfi gur eanewv i ewandaddorr emo v e c ommandsf r om t heex i st i ngvi ews. 18. What is a limitation to using OOB management on a large enterprise network?  Pr oduct i ont r afficshar est henet wor kwi t hmanagementt r affic.  Ter mi nals er v er scanhav edi r ectc ons ol ec onnec t i onst ous erdev i cesneedi ngmanagement .  OOBmanagementr equi r est hec r e at i onofVPNs .  All devices appear to be attached to a single management network. Explanation: OOBmanagementpr ov i desadedi c at edmanagementnet wor kwi t houtpr oduc t i ont r affic .Dev i c es wi t hi nt hatnet wor k ,s uchast er mi nals er v er s ,hav edi r ectc ons ol eac cessf ormanagementpur pos es.Becausei nbandmanagementr unsov ert hepr oduc t i onnet wor k ,s ec ur et unnel sorVPNsmaybeneeded.Fai l ur esont he pr oduct i onnet wor kmaynotbec ommuni cat edt ot heOOBnet wor kadmi ni st r at orbec auset heOOBmanagement net wor kmaynotbeaffec t ed 19. Refer to the exhibit. A corporate network is using NTP to synchronize the time across devices. What can be determined from the displayed output?

 Rout er 03i sas t r at um 2dev i cet hatc anpr o vi deNTPs er vi cet oot herdev i cesi nt henet wor k .  Thet i meonRout er 03maynotber el i abl ebecaus ei ti soffs etbymor et han7secondst ot het i mes er v er .

 Thei nt er f aceonRout er 03t hatc onnec t st ot het i mes ev erhast heI Pv4addr es s209. 165. 200. 225.  Rout er 03t i mei ss y nc hr oni z edt oast r at um 2t i mes er v er 20. Refer to the exhibit. Which two conclusions can be drawn from the syslog message that was generated by the router? (Choose two.)

 Thi smes s ager esul t edf r om anunus ualer r orr equi r i ngr econfi gur at i onoft hei nt er f ace.  This message indicates that service timestamps have been configured.  Thi smes s agei ndi c at est hatt hei nt er f acec hangeds t at efi v et i mes .  This message is a level 5 notification message.  Thi smes s agei ndi c at est hatt hei nt er f aces houl dber epl ac ed. Explanation: Themes s agei sal ev el 5not i fi cat i onmes s ageasshowni nt he%LI NEPROTO5s ect i onoft he out put .Mess agesr epor t i ngt hel i nks t at usar ec ommonanddonotr equi r er epl ac i ngt hei nt er f aceorr econfi gur i ngt he i nt er f ac e.Thedat eandt i medi s pl ay edatt hebegi nni ngoft hemes sagei ndi c at est hats er vi cet i mest ampshavebeen c onfi gur edont her out er . 21. Which two types of hackers are typically classified as grey hat hackers? (Choose two.)  hacktivists c y berc r i mi nal s  vulnerability brokers  sc r i ptki ddi es  st at es pons or edhac k er s Explanation: Gr eyhathac k er smaydounet hi calori l l egal t hi ngs,butnotf orper s onalgai nort ocaus edamage. Hac kt i v i s t sus et hei rhack i ngasaf or m ofpol i t i c alors oc i alpr o t est ,andvul ner abi l i t ybr ok er shac kt ounc ov er we akness esandr epor tt hem t ovendor s .Dependi ngont heper s pect i v eonepos s es s es ,st at espons or edhac k er sar e ei t herwhi t ehatorbl ac khatoper at or s .Sc r i ptki ddi escr eat ehacki ngsc r i pt st ocausedamageordi sr upt i on.Cyber c r i mi nal susehac ki ngt oobt ai nfi nanc i al gai nbyi l l egal means. 22. When describing malware, what is a difference between a virus and a worm?  Av i r usf oc usesongai ni ngpr i v i l egedacc esst oadev i ce,wher easawor m doesnot .  A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently.  Av i r usc anbeus edt ol aunc haDoSat t ack( butnotaDDoS) ,butawor m canbeusedt ol aunchbot hDoS andDDoSat t ac k s.  Av i r usc anbeus edt odel i v eradv er t i sement swi t houtus erc ons ent ,wher easawor mc annot . Explanation: Mal war ec anbec l as si fi edasf ol l ows : Vi r us( sel f r epl i c at esbyat t achi ngt oanot herpr ogr am orfi l e) Wor m( r epl i cat esi ndependent l yofanot herpr ogr am) T r oj anhor s e( masquer adesasal egi t i mat efi l eorpr ogr am) Root ki t( gai nspr i v i l egedac cesst oamachi newhi l econc eal i ngi t sel f ) Spy war e( c ol l ec t si nf or mat i onf r om at ar gets ys t em) Adwar e( del i v er sadv er t i s ement swi t horwi t houtconsent ) Bot( wai t sf orc ommandsf r om t hehack er ) Ransomwar e( hol dsac omput ers ys t em ordat ac apt i v eunt i l paymenti s r ecei v ed) 23. Which type of packet is unable to be filtered by an outbound ACL?  mul t i cas tpack et I CMPpac ket  br oadcas tpac ket  router-generated packet Explanation: T r affict hator i gi nat eswi t hi nar out ersuc haspi ngsf r om ac ommandpr ompt ,r emot eacc es sf r om a r out ert oanot herdev i ce,orr out i ngupdat esar enotaffec t edbyout boundac ces sl i s t s .Thet r afficmus tfl owt hr ough t her out eri nor derf ort her out ert oappl yt heACEs . 24. Consider the access list command applied outbound on a router serial interface. access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo reply

What is the effect of applying this access list command?  Theonl yt r afficdeni edi sechor epl i ess our cedf r om t he192. 168. 10. 0/ 24net wor k .Al l ot hert r affici sal l owed.  Theonl yt r afficdeni edi sI CMPbas edt r affic .Al l ot hert r affici sal l owed.  No traffic will be allowed outbound on the serial interface.  Us er sont he192. 168. 10. 0/ 24net wor kar enotal l owedt ot r ansmi tt r affict oanyot herdes t i nat i on. 25. Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table? i pv 6acc ess c l as sENG_ACLi n i pv 6t r affic fi l t erENG_ACLout  ipv6 traffic-filter ENG_ACL in i pv 6acc ess c l as sENG_ACLout Explanation: Fort hepur poseofappl y i nganaccessl i stt oapar t i c ul ari nt er f ac e,t hei pv 6t r afficfi l t erI Pv 6 c ommandi sequi v al entt ot heacces s gr oupI Pv4command.Thedi r ect i oni nwhi c ht het r affici se xami ned( i norout )i s al sor equi r ed. 26. What technology has a function of using trusted third-party protocols to issue credentials that are accepted as an authoritative identity?  di gi t al si gnat ur es  has hi ngal gor i t hms  PKI certificates s y mmet r i ck ey s Explanation: Di gi t alc er t i fi c at esar eus edt opr ov et heaut hent i c i t yandi nt egr i t yofPKIc er t i fi c at es ,butaPKI Cer t i fi cat eAut hor i t yi sat r us t edt hi r dpar t yent i t yt hati s s uesPKIc er t i fi cat es.PKIcer t i fi c at esar epubl i ci nf or mat i on andar eusedt opr o vi deaut hent i ci t y ,confi dent i al i t y ,i nt egr i t y ,andnonr epudi at i ons er v i cest hatcans cal et ol ar ge r equi r ement s. 27. What are two methods to maintain certificate revocation status? (Choose two.)  subor di nat eCA  OCSP  DNS  LDAP  CRL Explanation: Adi gi t al cer t i fi cat emi ghtneedt ober ev ok edi fi t sk eyi sc ompr omi s edori ti snol ongerneeded.The c er t i fi c at er ev ocat i onl i st( CRL )andOnl i neCer t i fi cat eSt at usPr ot ocol ( OCSP) ,ar et wocommonmet hodst oc hecka c er t i fi c at er ev ocat i onst at us . 28. Which protocol is an IETF standard that defines the PKI digital certificate format?  SSL/ TLS  X. 500  LDAP  X.509 Explanation: T oaddr esst hei nt er oper abi l i t yofdi ffer entPKIv endor s ,I ETFpubl i s hedt heI nt er netX. 509Publ i cKey I nf r as t r uct ur eCer t i fi c at ePol i c yandCer t i fi c at i onPr act i c esFr amewor k( RFC2527) .Thes t andar ddefi nest hef or matof adi gi t al c er t i fi c at e. 29. A network administrator is configuring DAI on a switch. Which command should be used on the uplink interface that connects to a router?  ip arp inspection trust i pdhc ps noopi ng i par pi ns pect i onv l an  spanni ngt r eepor t f as t Explanation: I ngener al ,ar out erser v esast hedef aul tgat ewa yf ort heLANorVLANont hes wi t c h.Ther ef or e,t he upl i nki nt er f ac et hatc onnect st oar out ers houl dbeat r us t edpor tf orf or war di ngARPr eques t s . 30. What is the best way to prevent a VLAN hopping attack?  Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports.  Di s abl eSTPonal lnont r unkpor t s .  Us eVLAN1ast henat i v eVLANont r unkpor t s.  Us eI SLenc aps ul at i ononal lt r unkl i nk s .

31. What would be the primary reason an attacker would launch a MAC address overflow attack?  sot hatt hes wi t chs t opsf or war di ngt r affic  sot hatl egi t i ma t ehost sc annotobt ai naMACaddr ess  sot hatt heat t ack erc anseef r amest hatar edes t i nedf orot herhos t s  sot hatt heat t ack erc anex ecut ear bi t r ar ycodeont hes wi t ch 32. What is the main difference between the implementation of IDS and IPS devices?  AnI DScannegat i v el yi mpactt hepack etfl ow,wher easanI PScannot .  AnI DSneedst obedepl oyedt oget herwi t hafi r ewal ldevi c e,wher easanI PScanr epl ac eafi r ewal l .  AnI DSwoul dal l owmal i ci oust r affict opas sbef or ei ti saddr es s ed,wher e asanI PSst opsi ti mmedi at el y .  AnI DSus ess i gnat ur ebas edt echnol ogyt odet ectmal i ci ouspack et s,wher easanI PSus espr ofi l ebas ed t ec hnol ogy . Explanation: AnI PSi sdepl oy edi ni nl i nemodeandwi l l notal l owmal i ci oust r affict oent ert hei nt er nalnet wor k wi t houtfi r stanal y z i ngi t .Anadvant ageoft hi si st hati tc anst opanat t acki mmedi at el y .AnI DSi sdepl oy edi n pr omi s cuousmode.I tcopi est het r afficpat t er nsandanal yz est hem offli ne,t husi tc annots t opt heat t ac ki mmedi at el y andi tr el i esonanot herdev i cet ot ak ef ur t heract i onsoncei tdet ect sanat t ac k.Bei ngdepl oy edi ni nl i nemode,anI PS c annegat i v el yi mpactt het r afficfl ow.Bot hI DSandI PSc anus esi gnat ur ebas edt ec hnol ogyt odet ectmal i ci ous pack et s .AnI PSc annotr epl aceot hers ec ur i t ydev i ces ,suchasfi r ewal l s ,bec aus et heyper f or m di ffer entt ask s . 33. Which attack is defined as an attempt to exploit software vulnerabilities that are unknown or undisclosed by the vendor?  zero-day  Tr oj anhor s e  br ut ef or ce  mani nt hemi ddl e 34. Match the network monitoring technology with the description.

35. What are the three signature levels provided by Snort IPS on the 4000 Series ISR? (Choose three.)  security  dr op r ej ect  connectivity i ns pec t

 balanced 36. What are three attributes of IPS signatures? (Choose three.)  action l engt h  trigger  type  dept h f unc t i on Explanation: I PSsi gnat ur eshav et hr eedi st i nc t i v eat t r i but es : t ype t r i gger( al ar m)  ac t i on 37. Match each IPS signature trigger category with the description.

38. Which two features are included by both TACACS+ and RADIUS protocols? (Choose two.)  SI Ps uppor t  password encryption  802. 1Xs uppor t  separ at eaut hent i cat i onandaut hor i zat i onpr oc ess es  utilization of transport layer protocols Explanation: Bot hTACACS+andRADI USsuppor tpas s wor dencr ypt i on( T ACACS+encr ypt sal lc ommuni c at i on) anduseLay er4pr ot ocol ( TACACS+usesTCPandRADI USusesUDP) .T ACACS+s uppor t ss epar at i onof aut hent i c at i onandaut hor i z at i onpr ocess es ,whi l eRADI UScombi nesaut hent i cat i onandaut hor i zat i onasone pr ocess .RADI USsuppor t sr emot eacc es st ec hnol ogy ,s uc has802. 1xandSI P;T ACACS+doesnot . 39. What function is provided by the RADIUS protocol?  RADI USpr o v i desenc r y pt i onoft hecompl et epack etdur i ngt r ans f er .  RADI USpr o v i dess epar at eAAAs er v i ces .  RADIUS provides separate ports for authorization and accounting.  RADI USpr o v i dess ec ur ec ommuni cat i onus i ngTCPpor t49. Explanation: WhenanAAAuseri saut hent i cat ed,RADI USus esUDPpor t1645or1812f oraut hent i cat i onand UD...