CCNA Security Practice Test

Which NAT solution uses ACLs to perform address translation?

A. Static NAT

B. Dynamic PAT

C. Dynamic NAT

D. Policy NAT

RADIUS and TACACS+ are both commonly used to control network access. Which of the following describes the function of RADIUS? (Choose three)

A. Uses UDP

B. Uses TCP

C. Only encrypts the password for access-request packets

D. Encrypts the entire body of access-request packets

E. Cannot be used to prevent users from performing specific commands on a router

F. Can be used to specify which commands users can perform on a router

Which risk rating attribute allows you to rate how critical network components are in your infrastructure?

A. ARR

B. ASR

C. SFR

D. TVR

Which of the following describes the Control plane packets classification? (Choose two)

A. End-station, user-generated packets

B. Examples include protocols such as ARP, BGP, and OSPF

C. Always have a receive destination IP address and are managed by the CPU in the network device route processor

D. Examples include SSH, TFTP, SNMP, and FTP

You are planning a security policy for your network. Using the least amount of administrative effort, what should be included to help limit traffic from inside the network to outside of it?

A. Configure an ACL

B. Implement AAA

C. Implement HTTP filtering

D. Apply static NAT

An intruder sends messages to a computer with an IP address that indicates that the message is coming from a trusted host. The hacker learns the IP address of a trusted host and modifies the packet headers so that apparently the packets are coming from that trusted host. How would you categorize this attack?

A. Confidentiality and integrity violation

B. Password attack

C. Spoofing

D. Blended threat

Cisco SecureX is an access control strategy that allows for more effective, higher-level policy creation and enforcement for mobile users. Which of the following describes the Cisco AnyConnect Client component?

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

Attacks may take a variety of forms. Which of the following describes the Man-in-the-middle attack?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

Which of the following describes the function of Cisco IPS?

A. Includes a firewall and real-time threat defense capability

B. Uses hardware- and software-integrated security functions to provide a zone-based policy firewall and intrusion prevention

C. Uses sensors to accomplish intrusion prevention

D. Provides an on-premise solution to prevent data loss

E. Analyzes web requests to determine if the content is malicious or inappropriate based on the defined security policy

Which statement best describes an inside local address?

A. The IPv4 address that is assigned to a host on the outside network by the host owner.

B. The IPv4 address of an outside host as it appears to the inside network.

C. The IPv4 address that is assigned to a host on the inside network.

D. The Valid IPv4 address that is assigned by the network information center or service provider.

Which statement is true about application layer firewalls?

A. Authenticate devices, not users

B. Authenticate individuals, not devices

C. Logging provides minimal details

D. Recommended for the monitoring of several applications simultaneously

What is the goal of an overall security challenge when planning a security strategy?

A. to harden all exterior-facing network components

B. to install firewalls at all critical points in the network

C. to find a balance between the need to open networks to support evolving business requirements and the need to inform

D. to educate employees to be on the lookout for suspicious behavior

How is called the point in time, prior to a disruption or system outage, to which business process data can be recovered?

A. Recovery Point Objective

B. Recovery Time Objective

C. Maximum Tolerable Downtime

Which actions belong to the operations and maintenance phase of the secure network life cycle? (Choose two)

A. Configuration management and control

B. Continuous monitoring

C. Cost considerations and reporting

D. System integration

E. Security accreditation

F. Hardware and software disposal

A transform-set must be created with the name 'test'. It should also support data confidentiality using strong DES encryption. Enter the command that would accomplish this task.

A. crypto ipsec transform-set test esp-des

B. crypto ipsec transform-set test esp-3des

C. crypto ipsec transform-set test ah-md5-hmac

Which statements describe in-band management? (Choose two)

A. Management data traffic and production traffic are on the same path

B. This model is generally best suited for large-scale enterprise networks

C. Management data traffic and production traffic are on separate paths

D. IPsec tunnels or encryption should be utilized whenever possible

Select one of the following statements that describes the overt and covert channels.

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

Which of the following terms best describes a network that spans multiple buildings?

A. WAN

B. CAN

C. LAN

D. MAN

You are asked to configure SNMPv3 inside your network. An ACL named snmpacl, which specifies the IP addresses, has already been created, and will be able to perform SNMP queries. Which command would you enter to create a group named SNMPgroup which can send encrypted SNMP queries?

A. Router(config)# snmp-server group SNMPgroup v3 priv access snmpacl

B. Router(config)#snmp-server user admin SNMPgroup v3 auth md5 Password12 priv des56 Password12 access snmpacl

C. Router(config)# snmp-server group SNMPgroup v3 auth access snmpacl

D. Router(config)#snmp-server user admin SNMPgroup v3 auth md5 Password12 access snmpacl

Which of the following methods describes DoS attack? (Choose two)

A. ARP spoofing

B. DHCP spoofing

C. STP attack

D. CAM table overflow

E. CDP reconnaissance

Which failover configuration is only available on units that are running in multiple context mode when implementing high availability on the ASA?

A. Active/Active

B. Active/Standby

C. Cisco ASA AIP-SSM

D. Cisco Secure ACS

Which of the following are Asymmetric encryption algorithms? (Choose two)

A. 3DES

B. DH

C. SHA-2

D. AES

E. RSA

Which types of ports can support 802.1X authentication? (Choose three)

A. Layer 3 routed ports

B. Static trunk ports

C. SPAN destination ports

D. Static access ports

E. Dynamic ports

You are reviewing syslog messages from multiple routers in your network. You have noticed irregularities with multiple syslog message timestamps for each router. Which technology can you configure to resolve this?

A. ASDM

B. SNMP

C. NTP

D. RADIUS

Which two statements accurately describe how ACLs function with Cisco ASA? (Choose two)

A. Outgoing packets are processed by an outbound ACL prior to routing being performed.

B. Incoming packets are processed by an inbound ACL prior to routing being performed.

C. ACLs are used to control which packets can be sent from the router.

D. Once an ACL statement is matched, no other entries are evaluated.

Which hash algorithm is vulnerable to collision attacks?

A. MD5

B. SHA-1

C. SHA-2

D. RC5

A sensitive document was recently accessed by an unauthorized user. Specifications about a new product were changed to erroneous data. Which security principle violations have occurred in this scenario? (Choose two)

A. Authenticity

B. Availability

C. Confidentiality

D. Integrity

What is the purpose of HIPAA information security compliance regulation?

A. Responds to loss of public trust in publicly-traded companies after several corporate and accounting scandals

B. Provides assurance that the electronic transfer of confidential patient information is at least as safe as paper-based records

C. Increases computer and network security within the US government by requiring yearly audits

D. Enables financial organizations to acquire other companies or form alliances with each other

Which one of the following statements describes the Botnets?

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

Which of the following describes the Phreakers as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

Which of the following describes the Script kiddies as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

Which of the following describes the Hackers as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

When configuring high availability on the ASA, what two failover configurations are supported? (Choose two)

A. DAI

B. AAA

C. Active/Active

D. Active/Standby

Which sensor action will cause an IPS to block the IP address of an attacker for a specified period?

A. Request block connection

B. Deny connection inline

C. Request block host

D. Deny attacker inline

Which of the following are Symmetric encryption algorithms? (Choose three)

A. 3DES

B. IDEA

C. SHA-2

D. AES

E. RSA

F. ECDSA

Which of these options is a GUI tool for performing security configurations on Cisco routers?

A. Security Appliance Device Manager

B. Cisco CLI Configuration Management Tool

C. Cisco Security Device Manager

D. Cisco Security Manager

Which algorithm is commonly used as a secure method of exchanging encryption keys?

A. AES

B. Diffie-Hellman

C. SHA-2

D. 3DES

How is called the total amount of time the system owner will accept for a business process outage?

A. Recovery Point Objective

B. Recovery Time Objective

C. Maximum Tolerable Downtime

Which assessment should be performed first to determine an organization's ability to defend and respond to network attacks?

A. Wireless

B. Internal

C. Security Posture

D. External

When implementing network security, what is an important configuration task that you should perform to assist in correlating network and security events?

A. Configure Network Time Protocol.

B. Configure synchronized syslog reporting.

C. Configure a common repository of all network events for ease of monitoring.

D. Configure an automated network monitoring system for event correlation.

Which security features rely on DHCP snooping? (Choose two)

A. Loop guard

B. DAI

C. IP source guard

D. CoPP

Which option is true of using cryptographic hashes?

A. They are easily reversed to decipher the message context.

B. They convert arbitrary data into a fixed-length digest.

C. They are based on a two-way mathematical function.

D. They are used for encrypting bulk data communications.

To verify the clientless SSL VPN, a compliant browser has been opened. Which prefix is the path changed to if the object requires authentication?

A. /+CSCOU+/

B. http://

C. https://

D. /+CSCOE+/

Which three options are areas of router security? (Choose three)

A. physical security

B. access control list security

C. zone-based firewall security

D. operating system security

E. router hardening

F. Cisco IOS-IPS security

Which statements about IPS and IDS deployments are true? (Choose two)

A. To prevent network disruption in the event of an IPS failure, configure fail-close for the IPS

B. IDS deployments are generally placed in front of a perimeter firewall.

C. IPS deployments are generally placed in front of a perimeter firewall

D. IPS deployments are generally placed behind a perimeter firewall.

Which three of these options are some of the best practices when you implement an effective firewall security policy? (Choose three)

A. Position firewalls at strategic inside locations to help mitigate inside nontechnical attacks.

B. Configure logging to capture all events for forensic purposes.

C. Use firewalls as a primary security defense; other security measures and devices should be implemented to enhance your network security.

D. Position firewalls at key security boundaries.

E. Deny all traffic by default and permit only necessary services.

What are the steps associated with the Post-incident activity incident response phase? (Choose three)

A. Define the tools to identify the attacker and the time required to use them

B. Define methods for collecting and using data

C. Identify the steps to eradicate or mitigate the threat and vulnerabilities

D. Document the symptoms of the attack

E. Define the steps to recover operating systems, hardware components, and productive time

F. Define the options for pursuing an attacker

There is currently an issue with some clients establishing an AnyConnect SSL VPN. The affected users differ from time to time. What could help explain this problem?

A. Certify the proper VPN protocol is selected

B. Determine the Internet browser version

C. Check the configured authentication type

D. Verify the address pool

Which of the following actions belong to the Disposition phase of the secure network life cycle? (Choose two)

A. Security categorization

B. Preliminary risk assessment

C. Configuration management and control

D. Continuous monitoring

E. Information preservation

F. Media sanitization

Which hash algorithm is capable of a 512 bit message digest?

A. MD5

B. SHA-1

C. SHA-2

D. RC5

What is the purpose of Sarbanes-Oxley information security compliance regulation?

A. Responds to loss of public trust in publicly-traded companies after several corporate and accounting scandals

B. Provides assurance that the electronic transfer of confidential patient information is at least as safe as paper-based records

C. Increases computer and network security within the US government by requiring yearly audits

D. Enables financial organizations to acquire other companies or form alliances with each other

What are the appropriate actions during a Detection and analysis incident response phase? (Choose three)

A. Prepare the facilities and communication mechanisms

B. Define the incident analysis hardware and software

C. Define the prevention procedures

D. Define a threat vector classification scheme

E. Analyze and implement tools for log and event correlation

F. Provide notification of incidents

You need to implement a high availability solution on the ASA. The solution must be able to work with units running in either single or multiple context mode. Which failover configuration should be used?

A. Cisco Secure ACS

B. Active/Standby

C. Cisco ASDM

D. Active/Active

What is the first step you should take when considering securing your network?

A. Install a firewall.

B. Install an intrusion prevention system.

C. Update servers and user PCs with the latest patches.

D. Develop a security policy.

A company opens a new mid-sized branch office. Which Cisco ESA models would ideally be deployed to this office? (Choose three)

A. C670

B. X1070

C. C170

D. C380

E. C370

F. C680

Cisco test CCNA 210-260

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?

Why?

Cisco test CCNA 210-260

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?