CCNA Security Practice Test

Which tasks could you perform by deploying a third party MDM solution with Cisco ISE? (Choose two)

A. Require mobile devices to have pin locks configured before being allowed to access a wireless endpoint

B. Require that remote computers have up-to-date antivirus definitions before allowing VPN connections

C. Provide a self-service portal which users can use to manage their mobile device status

D. Provide web proxy services for network devices

Cisco SecureX is an access control strategy that allows for more effective, higher-level policy creation and enforcement for mobile users. Which of the following describes the Context awareness component?

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

Attacks may take a variety of forms. Which of the following describes the Man-in-the-middle attack?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

Which types of attacks can be mitigated by implementing port security? (Choose two)

A. CAM table overflow

B. Port scanning

C. DHCP spoofing

D. MAC address spoofing

E. ARP spoofing

F. VLAN hopping

Which of these options is a Cisco IOS feature that lets you more easily configure security features on your router?

A. Cisco Self-Defending Network

B. implementing AAA command authorization

C. the auto secure CLI command

D. performing a security audit via SDM

You need to implement a high availability solution on the ASA. The solution must be able to work with units running in either single or multiple context mode. Which failover configuration should be used?

A. Cisco Secure ACS

B. Active/Standby

C. Cisco ASDM

D. Active/Active

Which of the following are Asymmetric encryption algorithms? (Choose two)

A. 3DES

B. DH

C. SHA-2

D. AES

E. RSA

Cisco SecureX is an access control strategy that allows for more effective, higher-level policy creation and enforcement for mobile users. Which of the following describes the Cisco SIO component?

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

Enter the command that will prevent a user from logging in for three minutes, if more than three incorrect logins are attempted in the span of 60 seconds.

A. login block-for 3 attempts 3 within 1

B. login block-for 60 attempts 3 within 180

C. login block-for 180 attempts 3 within 60

Which actions are considered best practices? (Choose two)

A. Use VLAN 1 as your management VLAN

B. Change the native VLAN on all trunk links

C. Configure VLAN 1 as the native VLAN for all trunk links

D. Place all unused switch ports into an unused VLAN

RADIUS and TACACS+ are both commonly used to control network access. Which of the following describes the function of TACACS+? (Choose three)

A. Uses UDP

B. Uses TCP

C. Only encrypts the password for access-request packets

D. Encrypts the entire body of access-request packets

E. Cannot be used to prevent users from performing specific commands on a router

F. Can be used to specify which commands users can perform on a router

You need to be able to prevent users from entering global configuration mode unless they have the necessary privilege level. Which actions can you take to accomplish this? (Choose two)

A. Configure command authorization

B. Enable Cisco AutoSecure

C. Deploy a TACACS+ server

D. Deploy a RADIUS server

Which feature can you use to place a rate limit on traffic that is handled by a Cisco device's route processor?

A. Cisco AutoSecure

B. OSPF neighbor authentication

C. CoPP

D. SNMP

You have noticed several workstations have been configured with an incorrect default gateway. Which type of attack is likely occurring?

A. STP attack

B. CAM table overflow attack

C. Switch spoofing

D. DHCP spoofing

Which of these options is a GUI tool for performing security configurations on Cisco routers?

A. Security Appliance Device Manager

B. Cisco CLI Configuration Management Tool

C. Cisco Security Device Manager

D. Cisco Security Manager

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

Which of the following examples of security controls matches the Physical category of security controls? (Choose two)

A. Security awareness training

B. Background checks of employees and contractors

C. Firewalls

D. Positive air flow systems

E. Fire suppression systems

During which attack phase would an attacker use e-mail to extend the attack to multiple targets?

A. Probe

B. Paralyze

C. Persist

D. Propagate

Which options are necessary elements of an effective computer security awareness and training program? (Choose five)

A. Identify program scope, goals, and objectives

B. Identify training staff

C. Deliver the same training program to everyone

D. Motivate management and employees

E. Administer the program appropriately

F. Evaluate and maintain the program

G. Decide on acceptable encryption policy

Which statements describe in-band management? (Choose two)

A. Management data traffic and production traffic are on the same path

B. This model is generally best suited for large-scale enterprise networks

C. Management data traffic and production traffic are on separate paths

D. IPsec tunnels or encryption should be utilized whenever possible

Which features can you enable to mitigate STP attacks? (Choose two)

A. Root guard

B. IP source guard

C. BPDU guard

D. DAI

Which actions belong to the operations and maintenance phase of the secure network life cycle? (Choose two)

A. Configuration management and control

B. Continuous monitoring

C. Cost considerations and reporting

D. System integration

E. Security accreditation

F. Hardware and software disposal

Which statement best describes one of the key recommended uses for a proxy firewall?

A. Use only in situations in which performance can be sacrificed for security

B. Use only in situations in which security can be sacrificed for performance

C. To support a large number of applications

D. As a source for strengthening packet filtering

Select one of the following statements that describes the password attacks.

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

What can be used to offload the processing of encrypted data? (Choose two)

A. AIM

B. Cisco PIX VPN Accelerator Card+ (VAC+)

C. AnyConnect

D. Cisco VPN 3002 Hardware Client

Which of the following are Symmetric encryption algorithms? (Choose three)

A. 3DES

B. IDEA

C. SHA-2

D. AES

E. RSA

F. ECDSA

Select one of the following statements that describes the availability violations threats.

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

Which clients meet the browser requirements for a Cisco ASA clientless SSL VPN? (Choose two)

A. OS X 10.10 Chrome v.41

B. Windows Vista IE8

C. Windows 8.1 IE10

D. OS X |w 10.8 Firefox v.33

How is called the total amount of time the system owner will accept for a business process outage?

A. Recovery Point Objective

B. Recovery Time Objective

C. Maximum Tolerable Downtime

Attacks may take a variety of forms. Which of the following describes the confidentiality and integrity violations threats?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

Which statement best describes an inside local address?

A. The IPv4 address that is assigned to a host on the outside network by the host owner.

B. The IPv4 address of an outside host as it appears to the inside network.

C. The IPv4 address that is assigned to a host on the inside network.

D. The Valid IPv4 address that is assigned by the network information center or service provider.

When configuring firewall access rules, there are several things that need to be avoided, such as completeness issues, consistency issues, and compactness issues. What are two examples of completeness issues? (Choose two)

A. Errors in rule specification

B. Data entry errors

C. Redundant rules

D. Promiscuous rules

Select one of the following statements that describes the trust exploitation threats.

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

An administrator has incorrectly entered their password to gain access to privilege exec mode on a router. This generates an IDS alarm. What is this an example of?

A. True negative

B. False positive

C. True positive

D. False negative

Which actions can you take on a router to secure NTP in your network? (Choose two)

A. Run the ntp refclock command

B. Run the ntp authenticate command

C. Run the ntp access-group command

D. Run the ntp max-associations command

Which two statements describe features of the state table? (Choose two)

A. Tracks all sessions and inspects all packets passing through the firewall

B. Changes dynamically according to traffic flow

C. Receives copies of packets, processes them, and can then respond to threats

D. Provides a secure and encrypted management connection for managing network devices

Which statements describe the functions of the Security Audit feature? (Choose four)

A. Sends alerts when changes to the device's configuration would cause a security concern

B. Checks a routers running configuration against a list of predefined security configuration settings

C. Lists identified problems and provides recommendations for fixing them

D. Automatically performs a one-step lockdown after the audit is complete

E. Allows the user to choose which identified problems to fix and displays appropriate user interface for fixing them

F. Configures the router with the user's chosen security configuration

Attacks may take a variety of forms. Which of the following describes the Spoofing as a threat category?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

Which technologies can perform RADIUS and TACACS+ authentication? (Choose two)

A. ISE

B. ASDM

C. ACS

D. ASA

Which IDS sensor action will send an ARC response to completely block the attacker's IP address?

A. Deny attacker inline

B. Reset TCP connection

C. Request block host

D. Deny packet inline

Recently a bookmark was created but was misconfigured. The bookmark should allow access to a shared folder located on the Intranet. Which protocol would need to be configured to allow this type of connection?

A. RDP

B. SSH

C. FTP

D. CIFS

E. HTTPS

Which of the following describes the Data plane packets classification?

A. End-station, user-generated packets

B. Examples include protocols such as ARP, BGP, and OSPF

C. Always have a receive destination IP address and are managed by the CPU in the network device route processor

D. Examples include SSH, TFTP, SNMP, and FTP

Which command could you use to determine the number TACACS+ authentication attempts that have recently timed out?

A. Router# debug aaa authentication

B. Router# debug tacacs

C. Router# show authentication sessions

D. Router# show aaa servers

Which one of the following statements describes the Botnets?

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

Select the statements that represent threats to network infrastructure. (Choose four)

A. Trust exploitation attacks

B. Spoofing

C. Route flaps and major network transitions

D. Exposed management credentials

E. Denial-of-service attacks

F. Login, authentication, and password attacks

Which actions occur during the implementation phase of the secure network life cycle? (Choose three)

A. Inspection and acceptance

B. System integration

C. Security certification

D. Developmental security test and evaluation

E. Security planning

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

You are planning a security policy for your network. Using the least amount of administrative effort, what should be included to help limit traffic from inside the network to outside of it?

A. Configure an ACL

B. Implement AAA

C. Implement HTTP filtering

D. Apply static NAT

A technician is setting up a SOHO for a client. The client will be using a VPN to connect to their office. Which routers are recommended for this topology? (Choose two)

A. Cisco 2900 Series

B. Cisco 90 Series

C. Cisco 1900 Series

D. Cisco 800 Series

Which option is the term for a weakness in a system or its design that can be exploited by a threat?

A. a vulnerability

B. a risk

C. an exploit

D. an attack

Which statement is true about application layer firewalls?

A. Authenticate devices, not users

B. Authenticate individuals, not devices

C. Logging provides minimal details

D. Recommended for the monitoring of several applications simultaneously

A sensitive document was recently accessed by an unauthorized user. Specifications about a new product were changed to erroneous data. Which security principle violations have occurred in this scenario? (Choose two)

A. Authenticity

B. Availability

C. Confidentiality

D. Integrity

Which of the following methods describes Network mapping attack?

A. ARP spoofing

B. DHCP spoofing

C. STP attack

D. CAM table overflow

E. CDP reconnaissance

Which are ways to combat social based attacks? (Choose two)

A. Mantrap

B. Identity validation

C. Training

D. Network access policies

A client needs to telecommute from home to the office, and requires a VPN connection. Only work related traffic should traverse the tunnel, Internet traffic should not. Which technology would allow for this operation?

A. Always-on

B. Hairpinning

C. NAT traversal

D. Split tunneling

Cisco test CCNA 210-260

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?

Why?

Cisco test CCNA 210-260

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?