CCNA Security Practice Test

You are planning a security policy for your network. Using the least amount of administrative effort, what should be included to help limit traffic from inside the network to outside of it?

A. Configure an ACL

B. Implement AAA

C. Implement HTTP filtering

D. Apply static NAT

Which of the following control plane security features provides a necessary mechanism for deploying, monitoring, and troubleshooting CPP efficiently?

A. Control Plane Policing – CoPP

B. Control Plane Protection – CPP

C. Control Plane Logging

A company opens a new mid-sized branch office. Which Cisco ESA models would ideally be deployed to this office? (Choose three)

A. C670

B. X1070

C. C170

D. C380

E. C370

F. C680

Which options are necessary elements of an effective computer security awareness and training program? (Choose five)

A. Identify program scope, goals, and objectives

B. Identify training staff

C. Deliver the same training program to everyone

D. Motivate management and employees

E. Administer the program appropriately

F. Evaluate and maintain the program

G. Decide on acceptable encryption policy

Which of the following describes the Control plane packets classification? (Choose two)

A. End-station, user-generated packets

B. Examples include protocols such as ARP, BGP, and OSPF

C. Always have a receive destination IP address and are managed by the CPU in the network device route processor

D. Examples include SSH, TFTP, SNMP, and FTP

Which of the following describes the Phreakers as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

How does a stateful packet filtering firewall use a state table to improve the performance of routing?

A. Checks the source addresses of packets that can be routed

B. Used to reduce the number of routes available

C. To determine if a packet is returning traffic

D. Allows multiple private IP addresses to be mapped to a single public IP address

Which option correctly defines asymmetric encryption?

A. uses the same keys to encrypt and decrypt data

B. uses MD5 hashing algorithms for digital signage encryption

C. uses different keys to encrypt and decrypt data

D. uses SHA-1 hashing algorithms for digital signage encryption

Which options are security services provided by digital signatures? (Choose three)

A. Authenticity of transmitted data

B. Authentication of end points

C. Nonrepudiation of the transaction

D. Confidentiality of transmitted data

E. Integrity of transmitted data

When configuring firewall access rules, there are several things that need to be avoided, such as completeness issues, consistency issues, and compactness issues. What are two examples of completeness issues? (Choose two)

A. Errors in rule specification

B. Data entry errors

C. Redundant rules

D. Promiscuous rules

Which of these options is a GUI tool for performing security configurations on Cisco routers?

A. Security Appliance Device Manager

B. Cisco CLI Configuration Management Tool

C. Cisco Security Device Manager

D. Cisco Security Manager

Which three of these options are some of the best practices when you implement an effective firewall security policy? (Choose three)

A. Position firewalls at strategic inside locations to help mitigate inside nontechnical attacks.

B. Configure logging to capture all events for forensic purposes.

C. Use firewalls as a primary security defense; other security measures and devices should be implemented to enhance your network security.

D. Position firewalls at key security boundaries.

E. Deny all traffic by default and permit only necessary services.

Which statements describe in-band management? (Choose two)

A. Management data traffic and production traffic are on the same path

B. This model is generally best suited for large-scale enterprise networks

C. Management data traffic and production traffic are on separate paths

D. IPsec tunnels or encryption should be utilized whenever possible

Which two statements accurately describe how ACLs function with Cisco ASA? (Choose two)

A. Outgoing packets are processed by an outbound ACL prior to routing being performed.

B. Incoming packets are processed by an inbound ACL prior to routing being performed.

C. ACLs are used to control which packets can be sent from the router.

D. Once an ACL statement is matched, no other entries are evaluated.

Which 802.1X component would refer to an endpoint in an 802.1X infrastructure?

A. Backend identity database

B. Supplicant

C. Authentication server

D. Authenticator

Which services does an IronPort C-Series provide? (Choose two)

A. Antivirus

B. URL filtering

C. Spam filtering

D. Antimalware

Which three options are areas of router security? (Choose three)

A. physical security

B. access control list security

C. zone-based firewall security

D. operating system security

E. router hardening

F. Cisco IOS-IPS security

Which of the following actions belong to the Initiation phase of the secure network life cycle? (Choose two)

A. Security categorization

B. Preliminary risk assessment

C. Configuration management and control

D. Continuous monitoring

E. Information preservation

F. Media sanitization

Enter the command that will prevent a user from logging in for three minutes, if more than three incorrect logins are attempted in the span of 60 seconds.

A. login block-for 3 attempts 3 within 1

B. login block-for 60 attempts 3 within 180

C. login block-for 180 attempts 3 within 60

Which STP attack mitigation features causes an interface to be placed in an errdisabled state if a BPDU is received on that port?

A. Root guard

B. Loop guard

C. BPDU guard

D. BPDU filtering

When configuring firewall access rules, there are several things that need to be avoided, such as completeness issues, consistency issues, and compactness issues. Which of the following are two examples of consistency issues? (Choose two)

A. Data entry errors

B. Shadowed rules

C. Orphaned rules

D. Errors in rule specification

Cisco SecureX is an access control strategy that allows for more effective, higher-level policy creation and enforcement for mobile users. Which of the following describes the Cisco AnyConnect Client component?

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

What are the steps associated with the Containment, eradication, and recovery incident response phase? (Choose three)

A. Define the tools to identify the attacker and the time required to use them

B. Define methods for collecting and using data

C. Identify the steps to eradicate or mitigate the threat and vulnerabilities

D. Document the symptoms of the attack

E. Define the steps to recover operating systems, hardware components, and productive time

F. Define the options for pursuing an attacker

Attacks may take a variety of forms. Which of the following describes the Phishing, pharming, and identify theft?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

Which NAT solution uses ACLs to perform address translation?

A. Static NAT

B. Dynamic PAT

C. Dynamic NAT

D. Policy NAT

Which actions can you take on a router to secure NTP in your network? (Choose two)

A. Run the ntp refclock command

B. Run the ntp authenticate command

C. Run the ntp access-group command

D. Run the ntp max-associations command

Which statement about IPS deployments is true?

A. IPS deployments operate in promiscuous mode

B. IPS deployments generally utilize SPAN ports

C. IPS deployments are generally placed in front of a perimeter firewall

D. IPS deployments operate in inline mode

During which attack phase would an attacker use e-mail to extend the attack to multiple targets?

A. Probe

B. Paralyze

C. Persist

D. Propagate

You are asked to configure SNMPv3 inside your network. An ACL named snmpacl, which specifies the IP addresses, has already been created, and will be able to perform SNMP queries. Which command would you enter to create a group named SNMPgroup which can send encrypted SNMP queries?

A. Router(config)# snmp-server group SNMPgroup v3 priv access snmpacl

B. Router(config)#snmp-server user admin SNMPgroup v3 auth md5 Password12 priv des56 Password12 access snmpacl

C. Router(config)# snmp-server group SNMPgroup v3 auth access snmpacl

D. Router(config)#snmp-server user admin SNMPgroup v3 auth md5 Password12 access snmpacl

A client e-mails their broker telling them to invest $100,000 in a new startup company. The company performs poorly and the client loses the bulk of the money. They take the broker to court, stating they did not issue the purchase order. What could the broker have done to protect themselves?

A. Make use of digital signatures

B. Only accept purchase orders in person

C. Encrypt any emails sent and received

D. Create a blacklist of startup domains

Which options are examples of data loss prevention solutions? (Choose two)

A. Cisco Configuration Professional

B. Cisco ScanSafe Web Security

C. Cisco IronPort Email Security

D. Cisco ASA

To verify the clientless SSL VPN, a compliant browser has been opened. Which prefix is the path changed to if the object does not require authentication?

A. http://

B. /+CSCOE+/

C. /+CSCOU+/

D. https://

Which statement is true regarding zone based firewalls in which traffic passes between zones?

A. Default policy is to allow all

B. Dependent on ACLs

C. They are not compatible with the Cisco Common Classification Policy Language

D. Default policy is to deny all

Which clients meet the browser requirements for a Cisco ASA clientless SSL VPN? (Choose two)

A. OS X 10.10 Chrome v.41

B. Windows Vista IE8

C. Windows 8.1 IE10

D. OS X |w 10.8 Firefox v.33

Which of the following describes the Crackers as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

What is considered the number one criterion when classifying data for either the private or public sector?

A. Age

B. Personal association

C. Useful life

D. Value

What are requirements when integrating Cisco ISE and Active Directory? (Choose two)

A. Create identity rewrite rules

B. Configure authentication domains

C. Configure NTP to synchronize between Cisco ISE and Active Directory

D. Cisco ISE must be able to access a global catalog server

E. Create a scope through Cisco ISE

Which option is a key principle of the Cisco Self-Defending Network strategy?

A. Security is static and should prevent most known attacks on the network.

B. The self-defending network should be the key point of your security policy.

C. Integrate security throughout the existing infrastructure.

D. Upper management is ultimately responsible for policy implementation.

Which of these options is a Cisco IOS feature that lets you more easily configure security features on your router?

A. Cisco Self-Defending Network

B. implementing AAA command authorization

C. the auto secure CLI command

D. performing a security audit via SDM

Which of the following methods describes Network mapping attack?

A. ARP spoofing

B. DHCP spoofing

C. STP attack

D. CAM table overflow

E. CDP reconnaissance

You need to ensure that CDP is only enabled on interfaces that are connected to a trusted network. CDP must be disabled on all other interfaces. What should you do?

A. Run the no cdp run command

B. Run the no cdp enable command

C. Deploy Cisco AutoSecure in noninteractive mode

D. Deploy Cisco AutoSecure in interactive mode

During which attack phase would an attacker use a provision such as registry edits to keep the malware on the system?

A. Paralyze

B. Persist

C. Propagate

D. Probe

Which statements accurately describe characteristics of the Cisco borderless networks architecture? (Choose two)

A. The borderless end zone detects threats and mitigates them before users connect to the network

B. The policy management layer leverages existing infrastructure components and switching components, and then layers virtualized components on top to provide security solutions

C. The borderless datacenters enforce the security policy throughout the network

D. The borderless Internet component relies on cloud-based services for security intelligence, real-time updates, and scanning support for mobile users

Which option is the term for the likelihood that a particular threat using a specific attack will exploit a particular vulnerability of a system that results in an undesirable consequence?

A. a vulnerability

B. a risk

C. an exploit

D. an attack

What are the easiest methods for blocking access to a specific site? (Choose two)

A. URL filtering

B. URL categorizing

C. Web application filtering

D. Blacklisting

Which tasks could you perform by deploying a third party MDM solution with Cisco ISE? (Choose two)

A. Require mobile devices to have pin locks configured before being allowed to access a wireless endpoint

B. Require that remote computers have up-to-date antivirus definitions before allowing VPN connections

C. Provide a self-service portal which users can use to manage their mobile device status

D. Provide web proxy services for network devices

Which two statements are true regarding zones? (Choose two)

A. A collection of networks reachable over a specific set of router interfaces

B. Zones are grouped into source/destination pairs

C. Zones are grouped into source/source pairs

D. A collection of networks reachable over all router interfaces

Attacks may take a variety of forms. Which of the following describes the Spoofing as a threat category?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

How is called the total amount of time the system owner will accept for a business process outage?

A. Recovery Point Objective

B. Recovery Time Objective

C. Maximum Tolerable Downtime

Which failover configuration is only available on units that are running in multiple context mode when implementing high availability on the ASA?

A. Active/Active

B. Active/Standby

C. Cisco ASA AIP-SSM

D. Cisco Secure ACS

Which statement is true about application layer firewalls?

A. Authenticate devices, not users

B. Authenticate individuals, not devices

C. Logging provides minimal details

D. Recommended for the monitoring of several applications simultaneously

What is the purpose of Sarbanes-Oxley information security compliance regulation?

A. Responds to loss of public trust in publicly-traded companies after several corporate and accounting scandals

B. Provides assurance that the electronic transfer of confidential patient information is at least as safe as paper-based records

C. Increases computer and network security within the US government by requiring yearly audits

D. Enables financial organizations to acquire other companies or form alliances with each other

Which of the following actions belong to the Disposition phase of the secure network life cycle? (Choose two)

A. Security categorization

B. Preliminary risk assessment

C. Configuration management and control

D. Continuous monitoring

E. Information preservation

F. Media sanitization

Which of the following control plane security features allows users to configure a QoS filter to restrict the flow of control plane packets?

A. Control Plane Policing – CoPP

B. Control Plane Protection – CPP

C. Control Plane Logging

Cisco test CCNA 210-260

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?

Why?

Cisco test CCNA 210-260

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?