CCNA Security Practice Test

What are requirements when integrating Cisco ISE and Active Directory? (Choose two)

A. Create identity rewrite rules

B. Configure authentication domains

C. Configure NTP to synchronize between Cisco ISE and Active Directory

D. Cisco ISE must be able to access a global catalog server

E. Create a scope through Cisco ISE

Which one of the following statements describes the DoS and DDoS Attacks?

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

Which ESA listener would need to be configured to accept mail from a POP/IMAP system?

A. Public

B. Private

C. External

D. Internal

Which type of IPS leverages global correlation services?

A. Policy-based

B. Signature-based

C. Reputation-based

D. Anomaly-based

Which one of the following statements describes the Botnets?

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

Which of the following examples of security controls matches the Physical category of security controls? (Choose two)

A. Security awareness training

B. Background checks of employees and contractors

C. Firewalls

D. Positive air flow systems

E. Fire suppression systems

What are the appropriate actions during a Preparation incident response phase? (Choose three)

A. Prepare the facilities and communication mechanisms

B. Define the incident analysis hardware and software

C. Define the prevention procedures

D. Define a threat vector classification scheme

E. Analyze and implement tools for log and event correlation

F. Provide notification of incidents

You need to implement a high availability solution on the ASA. The solution must be able to work with units running in either single or multiple context mode. Which failover configuration should be used?

A. Cisco Secure ACS

B. Active/Standby

C. Cisco ASDM

D. Active/Active

Which statement is true when configuring access control lists (ACLs) on a Cisco router?

A. ACLs filter all traffic through and sourced from the router.

B. Apply the ACL to the interface prior to configuring access control entries to ensure that controls are applied immediately upon configuration.

C. An "implicit deny" is applied to the start of the ACL entry by default.

D. Only one ACL per protocol, per direction, and per interface is allowed.

Which two statements are true regarding zones? (Choose two)

A. A collection of networks reachable over a specific set of router interfaces

B. Zones are grouped into source/destination pairs

C. Zones are grouped into source/source pairs

D. A collection of networks reachable over all router interfaces

Which STP attack mitigation features causes an interface to be placed in an errdisabled state if a BPDU is received on that port?

A. Root guard

B. Loop guard

C. BPDU guard

D. BPDU filtering

Cisco SecureX is an access control strategy that allows for more effective, higher-level policy creation and enforcement for mobile users. Which of the following describes the Cisco SIO component?

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

Which of the following are Asymmetric encryption algorithms? (Choose two)

A. 3DES

B. DH

C. SHA-2

D. AES

E. RSA

Which statements about DHCP snooping are true? (Choose two)

A. The DHCP snooping database is used by root guard

B. The DHCP snooping database agent allows you to retain the DHCP snooping database bindings when the device is reloaded

C. Client devices should be connected to trusted ports, and all unused ports should be configured as untrusted ports

D. DHCP snooping is enabled by configuring Cisco AutoSecure

E. DHCP snooping can mitigate DHCP spoofing attacks

Which of the following control plane security features provides a necessary mechanism for deploying, monitoring, and troubleshooting CPP efficiently?

A. Control Plane Policing – CoPP

B. Control Plane Protection – CPP

C. Control Plane Logging

What technology allows for a device to have multiple virtual firewalls?

A. Cisco Secure ACS

B. Class maps

C. Security contexts

D. Compartmentalization principal

Which of the following describes the Hacktivists as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

Attacks may take a variety of forms. Which of the following describes the Enumeration and fingerprinting as a threat category?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

What can be used to offload the processing of encrypted data? (Choose two)

A. AIM

B. Cisco PIX VPN Accelerator Card+ (VAC+)

C. AnyConnect

D. Cisco VPN 3002 Hardware Client

What is the purpose of HIPAA information security compliance regulation?

A. Responds to loss of public trust in publicly-traded companies after several corporate and accounting scandals

B. Provides assurance that the electronic transfer of confidential patient information is at least as safe as paper-based records

C. Increases computer and network security within the US government by requiring yearly audits

D. Enables financial organizations to acquire other companies or form alliances with each other

Which hash algorithm is vulnerable to collision attacks?

A. MD5

B. SHA-1

C. SHA-2

D. RC5

Which of the following describes the Script kiddies as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

Which options are security services provided by digital signatures? (Choose three)

A. Authenticity of transmitted data

B. Authentication of end points

C. Nonrepudiation of the transaction

D. Confidentiality of transmitted data

E. Integrity of transmitted data

What is the goal of an overall security challenge when planning a security strategy?

A. to harden all exterior-facing network components

B. to install firewalls at all critical points in the network

C. to find a balance between the need to open networks to support evolving business requirements and the need to inform

D. to educate employees to be on the lookout for suspicious behavior

A client on your network is seeking advice from you in regards to the type of host-based security for their home network. They state that they have three devices, which share an Internet connection through a single home server. The home server is directly connected to the ISP router. Their main concern is primarily on traffic going through the home server to and from the other three devices. What should you recommend that would require the least amount of administrative overhead and associated set up cost?

A. Proxy firewall

B. Dynamic NAT

C. Personal firewall

D. Static NAT

A transform-set must be created with the name 'test'. It should also support data confidentiality using strong DES encryption. Enter the command that would accomplish this task.

A. crypto ipsec transform-set test esp-des

B. crypto ipsec transform-set test esp-3des

C. crypto ipsec transform-set test ah-md5-hmac

How is called the point in time, prior to a disruption or system outage, to which business process data can be recovered?

A. Recovery Point Objective

B. Recovery Time Objective

C. Maximum Tolerable Downtime

Which of the following actions belong to the Initiation phase of the secure network life cycle? (Choose two)

A. Security categorization

B. Preliminary risk assessment

C. Configuration management and control

D. Continuous monitoring

E. Information preservation

F. Media sanitization

Which of the following describes the Phreakers as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

What are the steps associated with the Post-incident activity incident response phase? (Choose three)

A. Define the tools to identify the attacker and the time required to use them

B. Define methods for collecting and using data

C. Identify the steps to eradicate or mitigate the threat and vulnerabilities

D. Document the symptoms of the attack

E. Define the steps to recover operating systems, hardware components, and productive time

F. Define the options for pursuing an attacker

Which statements about IPS and IDS deployments are true? (Choose two)

A. To prevent network disruption in the event of an IPS failure, configure fail-close for the IPS

B. IDS deployments are generally placed in front of a perimeter firewall.

C. IPS deployments are generally placed in front of a perimeter firewall

D. IPS deployments are generally placed behind a perimeter firewall.

Attacks may take a variety of forms. Which of the following describes the confidentiality and integrity violations threats?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

Which clients meet the browser requirements for a Cisco ASA clientless SSL VPN? (Choose two)

A. OS X 10.10 Chrome v.41

B. Windows Vista IE8

C. Windows 8.1 IE10

D. OS X |w 10.8 Firefox v.33

Which features can you enable to mitigate STP attacks? (Choose two)

A. Root guard

B. IP source guard

C. BPDU guard

D. DAI

In an attempt to lower the number of malware outbreaks, a company creates an e-mail filter that blocks all e-mail with attachments. Which strategy are they attempting to use?

A. Risk avoidance

B. Risk acceptance

C. Risk transference

D. Risk reduction

Attacks may take a variety of forms. Which of the following describes the Spoofing as a threat category?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

Which options are examples of data loss prevention solutions? (Choose two)

A. Cisco Configuration Professional

B. Cisco ScanSafe Web Security

C. Cisco IronPort Email Security

D. Cisco ASA

What mode negotiates the IKE Phase 2 SAs?

A. Transport

B. Aggressive

C. Main

D. Quick

Which options describe the AH IPsec protocol? (Choose two)

A. Provides authentication and integrity

B. Supports only transport mode

C. Provides encryption and authentication

D. Is IP protocol 50

E. Is IP protocol 51

Which algorithm is commonly used as a secure method of exchanging encryption keys?

A. AES

B. Diffie-Hellman

C. SHA-2

D. 3DES

During which attack phase would an attacker use e-mail to extend the attack to multiple targets?

A. Probe

B. Paralyze

C. Persist

D. Propagate

Threats to network security have become more sophisticated over the years. Identify the next generation threats facing organizations today. (Choose four)

A. Cognitive threats via social networks

B. PDA and consumer electronics exploits

C. Widespread website compromises

D. Disruption of critical infrastructure

E. Massive worm drives

F. Macro viruses

Which of the following are Symmetric encryption algorithms? (Choose three)

A. 3DES

B. IDEA

C. SHA-2

D. AES

E. RSA

F. ECDSA

Which action should you take to prevent MAC address spoofing?

A. Enable BPDU guard

B. Disable CDP on interfaces that are not connected to network devices.

C. Enable port security

D. Configure Cisco AutoSecure

Which statement is true about application layer firewalls?

A. Authenticate devices, not users

B. Authenticate individuals, not devices

C. Logging provides minimal details

D. Recommended for the monitoring of several applications simultaneously

A company opens a new mid-sized branch office. Which Cisco ESA models would ideally be deployed to this office? (Choose three)

A. C670

B. X1070

C. C170

D. C380

E. C370

F. C680

Select the statements that represent threats to network infrastructure. (Choose four)

A. Trust exploitation attacks

B. Spoofing

C. Route flaps and major network transitions

D. Exposed management credentials

E. Denial-of-service attacks

F. Login, authentication, and password attacks

Which type of IPS sensor offers the best protection against zero-day attacks?

A. Anomaly-based

B. Reputation-based

C. Signature-based

D. Policy-based

Which of the following describes the Crackers as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

How is called the most time that a system resource can remain unavailable before there is an unacceptable effect?

A. Recovery Point Objective

B. Recovery Time Objective

C. Maximum Tolerable Downtime

Why would an organization choose to implement a stateful packet inspection?

A. Support user authentication for connections

B. For use with all transport protocols

C. Improves routing performance

D. Protection against upper layer attacks

Which type of attack is most likely to be used in a man-in-the-middle attack?

A. ARP spoofing

B. CDP reconnaissance

C. VLAN hopping

D. STP attack

When implementing network security, what is an important configuration task that you should perform to assist in correlating network and security events?

A. Configure Network Time Protocol.

B. Configure synchronized syslog reporting.

C. Configure a common repository of all network events for ease of monitoring.

D. Configure an automated network monitoring system for event correlation.

Which types of ports can support 802.1X authentication? (Choose three)

A. Layer 3 routed ports

B. Static trunk ports

C. SPAN destination ports

D. Static access ports

E. Dynamic ports

Which NAT solution uses ACLs to perform address translation?

A. Static NAT

B. Dynamic PAT

C. Dynamic NAT

D. Policy NAT

Cisco test CCNA 210-260

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?

Why?

Cisco test CCNA 210-260

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?