CCNA Security Practice Test

Which two statements are true regarding zones? (Choose two)

A. A collection of networks reachable over a specific set of router interfaces

B. Zones are grouped into source/destination pairs

C. Zones are grouped into source/source pairs

D. A collection of networks reachable over all router interfaces

Which of the following examples of security controls matches the Administrative category of security controls? (Choose two)

A. Security awareness training

B. Background checks of employees and contractors

C. Firewalls

D. Positive air flow systems

E. Fire suppression systems

Which failover configuration is only available on units that are running in multiple context mode when implementing high availability on the ASA?

A. Active/Active

B. Active/Standby

C. Cisco ASA AIP-SSM

D. Cisco Secure ACS

Which statements about IPS and IDS deployments are true? (Choose two)

A. To prevent network disruption in the event of an IPS failure, configure fail-close for the IPS

B. IDS deployments are generally placed in front of a perimeter firewall.

C. IPS deployments are generally placed in front of a perimeter firewall

D. IPS deployments are generally placed behind a perimeter firewall.

What are the steps associated with the Post-incident activity incident response phase? (Choose three)

A. Define the tools to identify the attacker and the time required to use them

B. Define methods for collecting and using data

C. Identify the steps to eradicate or mitigate the threat and vulnerabilities

D. Document the symptoms of the attack

E. Define the steps to recover operating systems, hardware components, and productive time

F. Define the options for pursuing an attacker

A private contractor for the military is archiving medical records. Which classification level should be applied to these?

A. Secret

B. Unclassified

C. Top Secret

D. Sensitive

Select the statements that represent threats to network infrastructure. (Choose four)

A. Trust exploitation attacks

B. Spoofing

C. Route flaps and major network transitions

D. Exposed management credentials

E. Denial-of-service attacks

F. Login, authentication, and password attacks

What is defined as a collection of networks, reachable by specific interfaces on the router?

A. Zone

B. Subnet

C. Demilitarized zone

D. Virtual LAN

When configuring firewall access rules, there are several things that need to be avoided, such as completeness issues, consistency issues, and compactness issues. Which of the following are two examples of consistency issues? (Choose two)

A. Data entry errors

B. Shadowed rules

C. Orphaned rules

D. Errors in rule specification

Which type of IPS sensor offers the best protection against zero-day attacks?

A. Anomaly-based

B. Reputation-based

C. Signature-based

D. Policy-based

How is called the most time that a system resource can remain unavailable before there is an unacceptable effect?

A. Recovery Point Objective

B. Recovery Time Objective

C. Maximum Tolerable Downtime

Which hash algorithm is vulnerable to collision attacks?

A. MD5

B. SHA-1

C. SHA-2

D. RC5

Which of the following describes the Hackers as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

Which STP attack mitigation features causes an interface to be placed in an errdisabled state if a BPDU is received on that port?

A. Root guard

B. Loop guard

C. BPDU guard

D. BPDU filtering

Your organization has integrated Cisco ISE with an Active Directory domain. This domain is part of a multi-domain Active Directory forest. You need to ensure that only the integrated domain can authenticate to the ISE server. What should you do?

A. Remove the two-way transitive trusts for the domain that is integrated with ISE

B. Define a new scope

C. Configure authentication domains through ISE

D. Define a new join point

Which of the following describes the function of Cisco IPS?

A. Includes a firewall and real-time threat defense capability

B. Uses hardware- and software-integrated security functions to provide a zone-based policy firewall and intrusion prevention

C. Uses sensors to accomplish intrusion prevention

D. Provides an on-premise solution to prevent data loss

E. Analyzes web requests to determine if the content is malicious or inappropriate based on the defined security policy

Which command could you use to determine the number TACACS+ authentication attempts that have recently timed out?

A. Router# debug aaa authentication

B. Router# debug tacacs

C. Router# show authentication sessions

D. Router# show aaa servers

Which of the following describes the Crackers as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

Security threats have evolved over time. Identity the latest generation of security threats. (Choose four)

A. Virtualization exploits

B. Memory scraping

C. Hardware hacking

D. IPv6-based attacks

E. E-mail

F. Infrastructure hacking

There is currently an issue with some clients establishing an AnyConnect SSL VPN. The affected users differ from time to time. What could help explain this problem?

A. Certify the proper VPN protocol is selected

B. Determine the Internet browser version

C. Check the configured authentication type

D. Verify the address pool

Which statement best describes one of the key recommended uses for a proxy firewall?

A. Use only in situations in which performance can be sacrificed for security

B. Use only in situations in which security can be sacrificed for performance

C. To support a large number of applications

D. As a source for strengthening packet filtering

A sensitive document was recently accessed by an unauthorized user. Specifications about a new product were changed to erroneous data. Which security principle violations have occurred in this scenario? (Choose two)

A. Authenticity

B. Availability

C. Confidentiality

D. Integrity

You need to implement a solution that allows administrators to perform remote wipes on mobile devices. This solution must also prevent users from connecting to endpoints with jail-broken mobile devices. What should you do?

A. Integrate Cisco ISE with a Cisco ASA

B. Integrate Cisco ISE with Cisco Prime NCS

C. Integrate Cisco ISE with Active Directory

D. Integrate Cisco ISE with a MDM solution

Enter the command that will prevent a user from logging in for three minutes, if more than three incorrect logins are attempted in the span of 60 seconds.

A. login block-for 3 attempts 3 within 1

B. login block-for 60 attempts 3 within 180

C. login block-for 180 attempts 3 within 60

Which option is the term for what happens when computer code is developed to take advantage of a vulnerability? For example, suppose that a vulnerability exists in a piece of software, but nobody knows about this vulnerability.

A. a vulnerability

B. a risk

C. an exploit

D. an attack

Which of the following terms best describes a network that spans multiple buildings?

A. WAN

B. CAN

C. LAN

D. MAN

Which of the following describes the function of Cisco IronPort?

A. Includes a firewall and real-time threat defense capability

B. Uses hardware- and software-integrated security functions to provide a zone-based policy firewall and intrusion prevention

C. Uses sensors to accomplish intrusion prevention

D. Provides an on-premise solution to prevent data loss

E. Analyzes web requests to determine if the content is malicious or inappropriate based on the defined security policy

Cisco SecureX is an access control strategy that allows for more effective, higher-level policy creation and enforcement for mobile users. Which of the following describes the Cisco AnyConnect Client component?

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

Which algorithm is commonly used as a secure method of exchanging encryption keys?

A. AES

B. Diffie-Hellman

C. SHA-2

D. 3DES

Cisco SecureX is an access control strategy that allows for more effective, higher-level policy creation and enforcement for mobile users. Which of the following describes the Cisco SIO component?

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

Which actions are considered best practices? (Choose two)

A. Use VLAN 1 as your management VLAN

B. Change the native VLAN on all trunk links

C. Configure VLAN 1 as the native VLAN for all trunk links

D. Place all unused switch ports into an unused VLAN

Which option is a key principle of the Cisco Self-Defending Network strategy?

A. Security is static and should prevent most known attacks on the network.

B. The self-defending network should be the key point of your security policy.

C. Integrate security throughout the existing infrastructure.

D. Upper management is ultimately responsible for policy implementation.

Select one of the following statements that describes the availability violations threats.

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

Which NAT solution uses ACLs to perform address translation?

A. Static NAT

B. Dynamic PAT

C. Dynamic NAT

D. Policy NAT

Which of the following describes the Phreakers as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

Which statements about routing update authentication are true? (Choose two)

A. EIGRP supports both plain text and MD5 authentication

B. OSPF supports both plain text and MD5 authentication

C. It can help prevent rouge default gateways from entering your network

D. When MD5 authentication is used, the authentication key is encrypted before being transmitted.

Which tasks could you perform by deploying a third party MDM solution with Cisco ISE? (Choose two)

A. Require mobile devices to have pin locks configured before being allowed to access a wireless endpoint

B. Require that remote computers have up-to-date antivirus definitions before allowing VPN connections

C. Provide a self-service portal which users can use to manage their mobile device status

D. Provide web proxy services for network devices

Which sensor action will cause an IPS to block the IP address of an attacker for a specified period?

A. Request block connection

B. Deny connection inline

C. Request block host

D. Deny attacker inline

Which of the following control plane security features extends policing functionality by allowing finer policing granularity?

A. Control Plane Policing – CoPP

B. Control Plane Protection – CPP

C. Control Plane Logging

Which networking technology returns a message to the same direction it was received in, in order to reach the proper destination endpoint?

A. Split tunneling

B. NAT traversal

C. Always-on

D. Hairpinning

Which of the following describes the External assessment?

A. Provides a snapshot of the security state of the network

B. Identifies the steps that are needed to thwart intentional attacks or unintentional mistakes from trusted insiders

C. Quantifies the security risk that is associated with Internet-connected systems

D. Identifies any network traffic leakage from outside the customer's buildings

E. Uses metrics and graphs

You are planning a security policy for your network. Using the least amount of administrative effort, what should be included to help limit traffic from inside the network to outside of it?

A. Configure an ACL

B. Implement AAA

C. Implement HTTP filtering

D. Apply static NAT

When configuring firewall access rules, there are several things that need to be avoided, such as completeness issues, consistency issues, and compactness issues. What are two examples of completeness issues? (Choose two)

A. Errors in rule specification

B. Data entry errors

C. Redundant rules

D. Promiscuous rules

Which command is used to display established IPsec tunnels?

A. show crypto ipsec sa

B. show crypto ipsec transform-set

C. show crypto ipsec

Which actions can you take to prevent VLAN hopping? (Choose two)

A. Prevent dynamic trunk port negotiation

B. Enable port security

C. Ensure all trunk ports use VLAN 1 as their native VLAN

D. Change the native VLAN on all trunk ports to an unused VLAN

What is the purpose of GLBA information security compliance regulation?

A. Responds to loss of public trust in publicly-traded companies after several corporate and accounting scandals

B. Provides assurance that the electronic transfer of confidential patient information is at least as safe as paper-based records

C. Increases computer and network security within the US government by requiring yearly audits

D. Enables financial organizations to acquire other companies or form alliances with each other

An organization requires a system that will meet the following requirements:
- Aggregate data from any compatible network node
- Produce compliance reports

Which system would fulfill these requirements?

A. ISE

B. SIEM

C. SNMP

D. IDS/IPS

Which of the following control plane security features provides a necessary mechanism for deploying, monitoring, and troubleshooting CPP efficiently?

A. Control Plane Policing – CoPP

B. Control Plane Protection – CPP

C. Control Plane Logging

Which of the following describes the Control plane packets classification? (Choose two)

A. End-station, user-generated packets

B. Examples include protocols such as ARP, BGP, and OSPF

C. Always have a receive destination IP address and are managed by the CPU in the network device route processor

D. Examples include SSH, TFTP, SNMP, and FTP

What are reasons that prevent the use of SEAL? (Choose two)

A. Slower that AES

B. Software based IPsec

C. Supported devices

D. K8 subsystem

Which statement about private VLANs is true?

A. Isolated ports can only communicate with other isolated ports in the same VLAN

B. Community ports can communicate with other community ports on another switch in the same community VLAN

C. Community VLANs can communicate with other community VLANs as long as they are part of the same primary VLAN

D. Promiscuous ports can communicate with all other ports except isolated ports

Which two statements accurately describe how ACLs function with Cisco ASA? (Choose two)

A. Outgoing packets are processed by an outbound ACL prior to routing being performed.

B. Incoming packets are processed by an inbound ACL prior to routing being performed.

C. ACLs are used to control which packets can be sent from the router.

D. Once an ACL statement is matched, no other entries are evaluated.

You are reviewing syslog messages from multiple routers in your network. You have noticed irregularities with multiple syslog message timestamps for each router. Which technology can you configure to resolve this?

A. ASDM

B. SNMP

C. NTP

D. RADIUS

A client on your network is seeking advice from you in regards to the type of host-based security for their home network. They state that they have three devices, which share an Internet connection through a single home server. The home server is directly connected to the ISP router. Their main concern is primarily on traffic going through the home server to and from the other three devices. What should you recommend that would require the least amount of administrative overhead and associated set up cost?

A. Proxy firewall

B. Dynamic NAT

C. Personal firewall

D. Static NAT

Cisco test CCNA 210-260

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?

Why?

Cisco test CCNA 210-260

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?