CCNA Security Practice Test

A company opens a new mid-sized branch office. Which Cisco ESA models would ideally be deployed to this office? (Choose three)

A. C670

B. X1070

C. C170

D. C380

E. C370

F. C680

Which of the following methods describes Network mapping attack?

A. ARP spoofing

B. DHCP spoofing

C. STP attack

D. CAM table overflow

E. CDP reconnaissance

An organization requires a system that will meet the following requirements:
- Aggregate data from any compatible network node
- Produce compliance reports

Which system would fulfill these requirements?

A. ISE

B. SIEM

C. SNMP

D. IDS/IPS

Which options are examples of data loss prevention solutions? (Choose two)

A. Cisco Configuration Professional

B. Cisco ScanSafe Web Security

C. Cisco IronPort Email Security

D. Cisco ASA

What is true regarding application layer proxy firewalls? (Choose two)

A. Authenticates devices

B. Increases network performance

C. Authenticates users

D. Reduces spoofing attacks

Which one of the following statements describes the Botnets?

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

Which of the following actions belong to the Initiation phase of the secure network life cycle? (Choose two)

A. Security categorization

B. Preliminary risk assessment

C. Configuration management and control

D. Continuous monitoring

E. Information preservation

F. Media sanitization

Which option is a desirable feature of using symmetric encryption algorithms?

A. They are often used for wire-speed encryption in data networks.

B. They are based on complex mathematical operations and can easily be accelerated by hardware.

C. They offer simple key management properties.

D. They are best used for one-time encryption needs.

Which options are security services provided by digital signatures? (Choose three)

A. Authenticity of transmitted data

B. Authentication of end points

C. Nonrepudiation of the transaction

D. Confidentiality of transmitted data

E. Integrity of transmitted data

Why would an organization choose to implement a stateful packet inspection?

A. Support user authentication for connections

B. For use with all transport protocols

C. Improves routing performance

D. Protection against upper layer attacks

Recently a bookmark was created but was misconfigured. The bookmark should allow access to a shared folder located on the Intranet. Which protocol would need to be configured to allow this type of connection?

A. RDP

B. SSH

C. FTP

D. CIFS

E. HTTPS

Which option is true of using cryptographic hashes?

A. They are easily reversed to decipher the message context.

B. They convert arbitrary data into a fixed-length digest.

C. They are based on a two-way mathematical function.

D. They are used for encrypting bulk data communications.

Which option is the term for what happens when computer code is developed to take advantage of a vulnerability? For example, suppose that a vulnerability exists in a piece of software, but nobody knows about this vulnerability.

A. a vulnerability

B. a risk

C. an exploit

D. an attack

Which assessment should be performed first to determine an organization's ability to defend and respond to network attacks?

A. Wireless

B. Internal

C. Security Posture

D. External

An administrator has incorrectly entered their password to gain access to privilege exec mode on a router. This generates an IDS alarm. What is this an example of?

A. True negative

B. False positive

C. True positive

D. False negative

When implementing network security, what is an important configuration task that you should perform to assist in correlating network and security events?

A. Configure Network Time Protocol.

B. Configure synchronized syslog reporting.

C. Configure a common repository of all network events for ease of monitoring.

D. Configure an automated network monitoring system for event correlation.

A client needs to telecommute from home to the office, and requires a VPN connection. Only work related traffic should traverse the tunnel, Internet traffic should not. Which technology would allow for this operation?

A. Always-on

B. Hairpinning

C. NAT traversal

D. Split tunneling

Which two statements are true regarding zones? (Choose two)

A. A collection of networks reachable over a specific set of router interfaces

B. Zones are grouped into source/destination pairs

C. Zones are grouped into source/source pairs

D. A collection of networks reachable over all router interfaces

Which of the following are Symmetric encryption algorithms? (Choose three)

A. 3DES

B. IDEA

C. SHA-2

D. AES

E. RSA

F. ECDSA

Which algorithm is commonly used as a secure method of exchanging encryption keys?

A. AES

B. Diffie-Hellman

C. SHA-2

D. 3DES

Which of the following methods describes Man-in-the-middle attack? (Choose two)

A. ARP spoofing

B. DHCP spoofing

C. STP attack

D. CAM table overflow

E. CDP reconnaissance

Which command is used to display established IPsec tunnels?

A. show crypto ipsec sa

B. show crypto ipsec transform-set

C. show crypto ipsec

Which type of IPS leverages global correlation services?

A. Policy-based

B. Signature-based

C. Reputation-based

D. Anomaly-based

Which services does an IronPort C-Series provide? (Choose two)

A. Antivirus

B. URL filtering

C. Spam filtering

D. Antimalware

Which STP attack mitigation features causes an interface to be placed in an errdisabled state if a BPDU is received on that port?

A. Root guard

B. Loop guard

C. BPDU guard

D. BPDU filtering

Which features are most important for securing interactive and management access to an infrastructure device? (Choose four)

A. It is recommended to restrict device accessibility

B. Only use out-of-band management systems

C. Use management protocols with strong authentication to ensure the confidentiality of your data

D. Perform network management using Telnet or HTTP

E. Authenticate access to your systems

F. Log and account for all access

Which of the following describes the Data plane packets classification?

A. End-station, user-generated packets

B. Examples include protocols such as ARP, BGP, and OSPF

C. Always have a receive destination IP address and are managed by the CPU in the network device route processor

D. Examples include SSH, TFTP, SNMP, and FTP

Which of the following describes the function of Cisco IronPort?

A. Includes a firewall and real-time threat defense capability

B. Uses hardware- and software-integrated security functions to provide a zone-based policy firewall and intrusion prevention

C. Uses sensors to accomplish intrusion prevention

D. Provides an on-premise solution to prevent data loss

E. Analyzes web requests to determine if the content is malicious or inappropriate based on the defined security policy

Which statements about routing update authentication are true? (Choose two)

A. EIGRP supports both plain text and MD5 authentication

B. OSPF supports both plain text and MD5 authentication

C. It can help prevent rouge default gateways from entering your network

D. When MD5 authentication is used, the authentication key is encrypted before being transmitted.

Which two statements describe features of the state table? (Choose two)

A. Tracks all sessions and inspects all packets passing through the firewall

B. Changes dynamically according to traffic flow

C. Receives copies of packets, processes them, and can then respond to threats

D. Provides a secure and encrypted management connection for managing network devices

When configuring firewall access rules, there are several things that need to be avoided, such as completeness issues, consistency issues, and compactness issues. What are two examples of completeness issues? (Choose two)

A. Errors in rule specification

B. Data entry errors

C. Redundant rules

D. Promiscuous rules

Which option is true of intrusion prevention systems?

A. They operate in promiscuous mode.

B. They operate in inline mode.

C. They have no potential impact on the data segment being monitored.

D. They are more vulnerable to evasion techniques than IDS.

You need to implement a high availability solution on the ASA. The solution must be able to work with units running in either single or multiple context mode. Which failover configuration should be used?

A. Cisco Secure ACS

B. Active/Standby

C. Cisco ASDM

D. Active/Active

Which feature can you use to place a rate limit on traffic that is handled by a Cisco device's route processor?

A. Cisco AutoSecure

B. OSPF neighbor authentication

C. CoPP

D. SNMP

Which of the following describes the Internal assessment?

A. Provides a snapshot of the security state of the network

B. Identifies the steps that are needed to thwart intentional attacks or unintentional mistakes from trusted insiders

C. Quantifies the security risk that is associated with Internet-connected systems

D. Identifies any network traffic leakage from outside the customer's buildings

E. Uses metrics and graphs

Which tasks could you perform by deploying a third party MDM solution with Cisco ISE? (Choose two)

A. Require mobile devices to have pin locks configured before being allowed to access a wireless endpoint

B. Require that remote computers have up-to-date antivirus definitions before allowing VPN connections

C. Provide a self-service portal which users can use to manage their mobile device status

D. Provide web proxy services for network devices

Which three of these options are some of the best practices when you implement an effective firewall security policy? (Choose three)

A. Position firewalls at strategic inside locations to help mitigate inside nontechnical attacks.

B. Configure logging to capture all events for forensic purposes.

C. Use firewalls as a primary security defense; other security measures and devices should be implemented to enhance your network security.

D. Position firewalls at key security boundaries.

E. Deny all traffic by default and permit only necessary services.

What is defined as a collection of networks, reachable by specific interfaces on the router?

A. Zone

B. Subnet

C. Demilitarized zone

D. Virtual LAN

What mode will allow the Cisco ASA to act as an additional hop in the network?

A. Proxy

B. Spanned EtherChannel

C. Transparent

D. Routed

In which mode will the Cisco ASA not be seen as a hop in the network?

A. 802.1x

B. RADIUS

C. Transparent

D. Routed

How is called the most time that a system resource can remain unavailable before there is an unacceptable effect?

A. Recovery Point Objective

B. Recovery Time Objective

C. Maximum Tolerable Downtime

How is called the total amount of time the system owner will accept for a business process outage?

A. Recovery Point Objective

B. Recovery Time Objective

C. Maximum Tolerable Downtime

You have learned that a Trojan was propagated to several servers in your network. However, no preventative action was taken by an IPS. What is this an example of?

A. False negative

B. True positive

C. True negative

D. False positive

Which of the following control plane security features is a Cisco IOS feature designed to allow users to manage the flow of traffic that is managed by the route processor of their network devices?

A. Control Plane Policing – CoPP

B. Control Plane Protection – CPP

C. Control Plane Logging

Which sensor action will cause an IPS to block the IP address of an attacker for a specified period?

A. Request block connection

B. Deny connection inline

C. Request block host

D. Deny attacker inline

Which of the following examples of security controls matches the Technical category of security controls?

A. Security awareness training

B. Background checks of employees and contractors

C. Firewalls

D. Positive air flow systems

E. Fire suppression systems

Which statement about private VLANs is true?

A. Isolated ports can only communicate with other isolated ports in the same VLAN

B. Community ports can communicate with other community ports on another switch in the same community VLAN

C. Community VLANs can communicate with other community VLANs as long as they are part of the same primary VLAN

D. Promiscuous ports can communicate with all other ports except isolated ports

Which of the following describes the Control plane packets classification? (Choose two)

A. End-station, user-generated packets

B. Examples include protocols such as ARP, BGP, and OSPF

C. Always have a receive destination IP address and are managed by the CPU in the network device route processor

D. Examples include SSH, TFTP, SNMP, and FTP

Which statement about IPS deployments is true?

A. IPS deployments operate in promiscuous mode

B. IPS deployments generally utilize SPAN ports

C. IPS deployments are generally placed in front of a perimeter firewall

D. IPS deployments operate in inline mode

Which risk rating attribute allows you to rate how critical network components are in your infrastructure?

A. ARR

B. ASR

C. SFR

D. TVR

How is called the point in time, prior to a disruption or system outage, to which business process data can be recovered?

A. Recovery Point Objective

B. Recovery Time Objective

C. Maximum Tolerable Downtime

Security threats have evolved over time. Identity the latest generation of security threats. (Choose four)

A. Virtualization exploits

B. Memory scraping

C. Hardware hacking

D. IPv6-based attacks

E. E-mail

F. Infrastructure hacking

Which failover configuration is only available on units that are running in multiple context mode when implementing high availability on the ASA?

A. Active/Active

B. Active/Standby

C. Cisco ASA AIP-SSM

D. Cisco Secure ACS

When configuring high availability on the ASA, what two failover configurations are supported? (Choose two)

A. DAI

B. AAA

C. Active/Active

D. Active/Standby

Which types of ports can support 802.1X authentication? (Choose three)

A. Layer 3 routed ports

B. Static trunk ports

C. SPAN destination ports

D. Static access ports

E. Dynamic ports

Cisco test CCNA 210-260

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?

Why?

Cisco test CCNA 210-260

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?