CCNA Security Practice Test

Which ESA listener would need to be configured to accept mail from a POP/IMAP system?

A. Public

B. Private

C. External

D. Internal

Which two statements describe features of the state table? (Choose two)

A. Tracks all sessions and inspects all packets passing through the firewall

B. Changes dynamically according to traffic flow

C. Receives copies of packets, processes them, and can then respond to threats

D. Provides a secure and encrypted management connection for managing network devices

Which of the following control plane security features is a Cisco IOS feature designed to allow users to manage the flow of traffic that is managed by the route processor of their network devices?

A. Control Plane Policing – CoPP

B. Control Plane Protection – CPP

C. Control Plane Logging

What is the purpose of Sarbanes-Oxley information security compliance regulation?

A. Responds to loss of public trust in publicly-traded companies after several corporate and accounting scandals

B. Provides assurance that the electronic transfer of confidential patient information is at least as safe as paper-based records

C. Increases computer and network security within the US government by requiring yearly audits

D. Enables financial organizations to acquire other companies or form alliances with each other

Which of the following describes the Hackers as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

Which option is a desirable feature of using symmetric encryption algorithms?

A. They are often used for wire-speed encryption in data networks.

B. They are based on complex mathematical operations and can easily be accelerated by hardware.

C. They offer simple key management properties.

D. They are best used for one-time encryption needs.

A company opens a new mid-sized branch office. Which Cisco ESA models would ideally be deployed to this office? (Choose three)

A. C670

B. X1070

C. C170

D. C380

E. C370

F. C680

What is the purpose of HIPAA information security compliance regulation?

A. Responds to loss of public trust in publicly-traded companies after several corporate and accounting scandals

B. Provides assurance that the electronic transfer of confidential patient information is at least as safe as paper-based records

C. Increases computer and network security within the US government by requiring yearly audits

D. Enables financial organizations to acquire other companies or form alliances with each other

Which statements describe the functions of the Security Audit feature? (Choose four)

A. Sends alerts when changes to the device's configuration would cause a security concern

B. Checks a routers running configuration against a list of predefined security configuration settings

C. Lists identified problems and provides recommendations for fixing them

D. Automatically performs a one-step lockdown after the audit is complete

E. Allows the user to choose which identified problems to fix and displays appropriate user interface for fixing them

F. Configures the router with the user's chosen security configuration

Which option is the term for the likelihood that a particular threat using a specific attack will exploit a particular vulnerability of a system that results in an undesirable consequence?

A. a vulnerability

B. a risk

C. an exploit

D. an attack

Which hash algorithm uses complex sequence of relatively simple binary operations?

A. MD5

B. SHA-1

C. SHA-2

D. RC5

Which NAT solution uses ACLs to perform address translation?

A. Static NAT

B. Dynamic PAT

C. Dynamic NAT

D. Policy NAT

Which statement about private VLANs is true?

A. Isolated ports can only communicate with other isolated ports in the same VLAN

B. Community ports can communicate with other community ports on another switch in the same community VLAN

C. Community VLANs can communicate with other community VLANs as long as they are part of the same primary VLAN

D. Promiscuous ports can communicate with all other ports except isolated ports

Which statement best describes one of the key recommended uses for a proxy firewall?

A. Use only in situations in which performance can be sacrificed for security

B. Use only in situations in which security can be sacrificed for performance

C. To support a large number of applications

D. As a source for strengthening packet filtering

There is currently an issue with some clients establishing an AnyConnect SSL VPN. The affected users differ from time to time. What could help explain this problem?

A. Certify the proper VPN protocol is selected

B. Determine the Internet browser version

C. Check the configured authentication type

D. Verify the address pool

Which failover configuration is only available on units that are running in multiple context mode when implementing high availability on the ASA?

A. Active/Active

B. Active/Standby

C. Cisco ASA AIP-SSM

D. Cisco Secure ACS

Which of the following describes the function of Cisco IronPort?

A. Includes a firewall and real-time threat defense capability

B. Uses hardware- and software-integrated security functions to provide a zone-based policy firewall and intrusion prevention

C. Uses sensors to accomplish intrusion prevention

D. Provides an on-premise solution to prevent data loss

E. Analyzes web requests to determine if the content is malicious or inappropriate based on the defined security policy

Attacks may take a variety of forms. Which of the following describes the Phishing, pharming, and identify theft?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

Select the statements that represent threats to network infrastructure. (Choose four)

A. Trust exploitation attacks

B. Spoofing

C. Route flaps and major network transitions

D. Exposed management credentials

E. Denial-of-service attacks

F. Login, authentication, and password attacks

What is the purpose of FISMA information security compliance regulation?

A. Responds to loss of public trust in publicly-traded companies after several corporate and accounting scandals

B. Provides assurance that the electronic transfer of confidential patient information is at least as safe as paper-based records

C. Increases computer and network security within the US government by requiring yearly audits

D. Enables financial organizations to acquire other companies or form alliances with each other

Attacks may take a variety of forms. Which of the following describes the Spoofing as a threat category?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

Your organization has integrated Cisco ISE with an Active Directory domain. This domain is part of a multi-domain Active Directory forest. You need to ensure that only the integrated domain can authenticate to the ISE server. What should you do?

A. Remove the two-way transitive trusts for the domain that is integrated with ISE

B. Define a new scope

C. Configure authentication domains through ISE

D. Define a new join point

How is called the point in time, prior to a disruption or system outage, to which business process data can be recovered?

A. Recovery Point Objective

B. Recovery Time Objective

C. Maximum Tolerable Downtime

When implementing network security, what is an important configuration task that you should perform to assist in correlating network and security events?

A. Configure Network Time Protocol.

B. Configure synchronized syslog reporting.

C. Configure a common repository of all network events for ease of monitoring.

D. Configure an automated network monitoring system for event correlation.

Which options describe the AH IPsec protocol? (Choose two)

A. Provides authentication and integrity

B. Supports only transport mode

C. Provides encryption and authentication

D. Is IP protocol 50

E. Is IP protocol 51

Which of the following examples of security controls matches the Administrative category of security controls? (Choose two)

A. Security awareness training

B. Background checks of employees and contractors

C. Firewalls

D. Positive air flow systems

E. Fire suppression systems

Which option correctly defines asymmetric encryption?

A. uses the same keys to encrypt and decrypt data

B. uses MD5 hashing algorithms for digital signage encryption

C. uses different keys to encrypt and decrypt data

D. uses SHA-1 hashing algorithms for digital signage encryption

Select one of the following statements that describes the availability violations threats.

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

Cisco SecureX is an access control strategy that allows for more effective, higher-level policy creation and enforcement for mobile users. Which of the following describes the Cisco TrustSec function component?

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

How does a stateful packet filtering firewall use a state table to improve the performance of routing?

A. Checks the source addresses of packets that can be routed

B. Used to reduce the number of routes available

C. To determine if a packet is returning traffic

D. Allows multiple private IP addresses to be mapped to a single public IP address

Which tasks could you perform by deploying a third party MDM solution with Cisco ISE? (Choose two)

A. Require mobile devices to have pin locks configured before being allowed to access a wireless endpoint

B. Require that remote computers have up-to-date antivirus definitions before allowing VPN connections

C. Provide a self-service portal which users can use to manage their mobile device status

D. Provide web proxy services for network devices

Which of the following describes the Management plane packets classification? (Choose two)

A. End-station, user-generated packets

B. Examples include protocols such as ARP, BGP, and OSPF

C. Always have a receive destination IP address and are managed by the CPU in the network device route processor

D. Examples include SSH, TFTP, SNMP, and FTP

Select one of the following statements that describes the password attacks.

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

Which two statements accurately describe how ACLs function with Cisco ASA? (Choose two)

A. Outgoing packets are processed by an outbound ACL prior to routing being performed.

B. Incoming packets are processed by an inbound ACL prior to routing being performed.

C. ACLs are used to control which packets can be sent from the router.

D. Once an ACL statement is matched, no other entries are evaluated.

Which one of the following statements describes the Botnets?

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

Which of the following describes the function of Cisco IPS?

A. Includes a firewall and real-time threat defense capability

B. Uses hardware- and software-integrated security functions to provide a zone-based policy firewall and intrusion prevention

C. Uses sensors to accomplish intrusion prevention

D. Provides an on-premise solution to prevent data loss

E. Analyzes web requests to determine if the content is malicious or inappropriate based on the defined security policy

Which command could you use to determine the number TACACS+ authentication attempts that have recently timed out?

A. Router# debug aaa authentication

B. Router# debug tacacs

C. Router# show authentication sessions

D. Router# show aaa servers

Attacks may take a variety of forms. Which of the following describes the Enumeration and fingerprinting as a threat category?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

Which statement is true when configuring access control lists (ACLs) on a Cisco router?

A. ACLs filter all traffic through and sourced from the router.

B. Apply the ACL to the interface prior to configuring access control entries to ensure that controls are applied immediately upon configuration.

C. An "implicit deny" is applied to the start of the ACL entry by default.

D. Only one ACL per protocol, per direction, and per interface is allowed.

Which statements about DHCP snooping are true? (Choose two)

A. The DHCP snooping database is used by root guard

B. The DHCP snooping database agent allows you to retain the DHCP snooping database bindings when the device is reloaded

C. Client devices should be connected to trusted ports, and all unused ports should be configured as untrusted ports

D. DHCP snooping is enabled by configuring Cisco AutoSecure

E. DHCP snooping can mitigate DHCP spoofing attacks

What is the goal of an overall security challenge when planning a security strategy?

A. to harden all exterior-facing network components

B. to install firewalls at all critical points in the network

C. to find a balance between the need to open networks to support evolving business requirements and the need to inform

D. to educate employees to be on the lookout for suspicious behavior

Which networking technology returns a message to the same direction it was received in, in order to reach the proper destination endpoint?

A. Split tunneling

B. NAT traversal

C. Always-on

D. Hairpinning

Which services does an IronPort C-Series provide? (Choose two)

A. Antivirus

B. URL filtering

C. Spam filtering

D. Antimalware

Which of the following describes the Security posture assessment analysis and documentation?

A. Provides a snapshot of the security state of the network

B. Identifies the steps that are needed to thwart intentional attacks or unintentional mistakes from trusted insiders

C. Quantifies the security risk that is associated with Internet-connected systems

D. Identifies any network traffic leakage from outside the customer's buildings

E. Uses metrics and graphs

What are some of the security functions that can be managed using Cisco Configuration Professional? (Choose five)

A. Device hardening

B. Firewall support

C. Antispoofing

D. IPS support

E. VPN support

F. MAC security

G. Management, monitoring, and troubleshooting

An organization requires a system that will meet the following requirements:
- Aggregate data from any compatible network node
- Produce compliance reports

Which system would fulfill these requirements?

A. ISE

B. SIEM

C. SNMP

D. IDS/IPS

What command can you run to verify that IOS resilient configuration is properly working?

A. Router# show aaa accounting

B. Router# show running-configuration

C. Router# show secure bootset

D. Router# show redundancy

Which statement best describes an inside local address?

A. The IPv4 address that is assigned to a host on the outside network by the host owner.

B. The IPv4 address of an outside host as it appears to the inside network.

C. The IPv4 address that is assigned to a host on the inside network.

D. The Valid IPv4 address that is assigned by the network information center or service provider.

Which of the following examples of security controls matches the Technical category of security controls?

A. Security awareness training

B. Background checks of employees and contractors

C. Firewalls

D. Positive air flow systems

E. Fire suppression systems

What are the appropriate actions during a Detection and analysis incident response phase? (Choose three)

A. Prepare the facilities and communication mechanisms

B. Define the incident analysis hardware and software

C. Define the prevention procedures

D. Define a threat vector classification scheme

E. Analyze and implement tools for log and event correlation

F. Provide notification of incidents

Which of the following describes the function of Cisco ISR?

A. Includes a firewall and real-time threat defense capability

B. Uses hardware- and software-integrated security functions to provide a zone-based policy firewall and intrusion prevention

C. Uses sensors to accomplish intrusion prevention

D. Provides an on-premise solution to prevent data loss

E. Analyzes web requests to determine if the content is malicious or inappropriate based on the defined security policy

To verify the clientless SSL VPN, a compliant browser has been opened. Which prefix is the path changed to if the object does not require authentication?

A. http://

B. /+CSCOE+/

C. /+CSCOU+/

D. https://

Which statements describe in-band management? (Choose two)

A. Management data traffic and production traffic are on the same path

B. This model is generally best suited for large-scale enterprise networks

C. Management data traffic and production traffic are on separate paths

D. IPsec tunnels or encryption should be utilized whenever possible

Which of the following describes the Internal assessment?

A. Provides a snapshot of the security state of the network

B. Identifies the steps that are needed to thwart intentional attacks or unintentional mistakes from trusted insiders

C. Quantifies the security risk that is associated with Internet-connected systems

D. Identifies any network traffic leakage from outside the customer's buildings

E. Uses metrics and graphs

Cisco test CCNA 210-260

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?

Why?

Cisco test CCNA 210-260

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?