CCNA Security Practice Test

Which statement about IPS deployments is true?

A. IPS deployments operate in promiscuous mode

B. IPS deployments generally utilize SPAN ports

C. IPS deployments are generally placed in front of a perimeter firewall

D. IPS deployments operate in inline mode

Which option is the term for a weakness in a system or its design that can be exploited by a threat?

A. a vulnerability

B. a risk

C. an exploit

D. an attack

You have noticed that an access switch is forwarding traffic out of all interfaces. Which type of attack is likely occurring?

A. STP attack

B. DHCP spoofing

C. VLAN hopping

D. CAM table overflow attack

Which option is the term for what happens when computer code is developed to take advantage of a vulnerability? For example, suppose that a vulnerability exists in a piece of software, but nobody knows about this vulnerability.

A. a vulnerability

B. a risk

C. an exploit

D. an attack

During which attack phase would an attacker use e-mail to extend the attack to multiple targets?

A. Probe

B. Paralyze

C. Persist

D. Propagate

Which one of the following statements describes the DoS and DDoS Attacks?

A. Hides information based on tunneling one protocol inside another

B. Hackers gain leverage using existing trust relationships

C. Attacks can be carried out using Trojan horse programs

D. Availability is compromised with DoS attacks

E. A collection of compromised machines running programs under a common command

F. Attacks focus on making a service unavailable for normal use

A transform-set must be created with the name 'test'. It should also support data confidentiality using strong DES encryption. Enter the command that would accomplish this task.

A. crypto ipsec transform-set test esp-des

B. crypto ipsec transform-set test esp-3des

C. crypto ipsec transform-set test ah-md5-hmac

Which type of IPS leverages global correlation services?

A. Policy-based

B. Signature-based

C. Reputation-based

D. Anomaly-based

Which statements about IPS and IDS deployments are true? (Choose two)

A. To prevent network disruption in the event of an IPS failure, configure fail-close for the IPS

B. IDS deployments are generally placed in front of a perimeter firewall.

C. IPS deployments are generally placed in front of a perimeter firewall

D. IPS deployments are generally placed behind a perimeter firewall.

During which attack phase would an attacker use a provision such as registry edits to keep the malware on the system?

A. Paralyze

B. Persist

C. Propagate

D. Probe

A client on your network is seeking advice from you in regards to the type of host-based security for their home network. They state that they have three devices, which share an Internet connection through a single home server. The home server is directly connected to the ISP router. Their main concern is primarily on traffic going through the home server to and from the other three devices. What should you recommend that would require the least amount of administrative overhead and associated set up cost?

A. Proxy firewall

B. Dynamic NAT

C. Personal firewall

D. Static NAT

Which of the following describes the Hacktivists as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

Which types of attacks can be mitigated by implementing port security? (Choose two)

A. CAM table overflow

B. Port scanning

C. DHCP spoofing

D. MAC address spoofing

E. ARP spoofing

F. VLAN hopping

What command can you run to verify that IOS resilient configuration is properly working?

A. Router# show aaa accounting

B. Router# show running-configuration

C. Router# show secure bootset

D. Router# show redundancy

Which of the following describes the function of Cisco IPS?

A. Includes a firewall and real-time threat defense capability

B. Uses hardware- and software-integrated security functions to provide a zone-based policy firewall and intrusion prevention

C. Uses sensors to accomplish intrusion prevention

D. Provides an on-premise solution to prevent data loss

E. Analyzes web requests to determine if the content is malicious or inappropriate based on the defined security policy

Which of the following are Symmetric encryption algorithms? (Choose three)

A. 3DES

B. IDEA

C. SHA-2

D. AES

E. RSA

F. ECDSA

Which options are security services provided by digital signatures? (Choose three)

A. Authenticity of transmitted data

B. Authentication of end points

C. Nonrepudiation of the transaction

D. Confidentiality of transmitted data

E. Integrity of transmitted data

Which are ways to combat social based attacks? (Choose two)

A. Mantrap

B. Identity validation

C. Training

D. Network access policies

Which option is a key principle of the Cisco Self-Defending Network strategy?

A. Security is static and should prevent most known attacks on the network.

B. The self-defending network should be the key point of your security policy.

C. Integrate security throughout the existing infrastructure.

D. Upper management is ultimately responsible for policy implementation.

How does a stateful packet filtering firewall use a state table to improve the performance of routing?

A. Checks the source addresses of packets that can be routed

B. Used to reduce the number of routes available

C. To determine if a packet is returning traffic

D. Allows multiple private IP addresses to be mapped to a single public IP address

RADIUS and TACACS+ are both commonly used to control network access. Which of the following describes the function of TACACS+? (Choose three)

A. Uses UDP

B. Uses TCP

C. Only encrypts the password for access-request packets

D. Encrypts the entire body of access-request packets

E. Cannot be used to prevent users from performing specific commands on a router

F. Can be used to specify which commands users can perform on a router

A company opens a new mid-sized branch office. Which Cisco ESA models would ideally be deployed to this office? (Choose three)

A. C670

B. X1070

C. C170

D. C380

E. C370

F. C680

You need to implement a solution that allows administrators to perform remote wipes on mobile devices. This solution must also prevent users from connecting to endpoints with jail-broken mobile devices. What should you do?

A. Integrate Cisco ISE with a Cisco ASA

B. Integrate Cisco ISE with Cisco Prime NCS

C. Integrate Cisco ISE with Active Directory

D. Integrate Cisco ISE with a MDM solution

Which of the following describes the Security posture assessment?

A. Provides a snapshot of the security state of the network

B. Identifies the steps that are needed to thwart intentional attacks or unintentional mistakes from trusted insiders

C. Quantifies the security risk that is associated with Internet-connected systems

D. Identifies any network traffic leakage from outside the customer's buildings

E. Uses metrics and graphs

Cisco SecureX is an access control strategy that allows for more effective, higher-level policy creation and enforcement for mobile users. Which of the following describes the Cisco AnyConnect Client component?

A. Allows enforcement elements to use identity and location information to define access policy

B. Provides a consistent user interface and consolidates traditional function-specific client software products into one product

C. Extends the access control functionality end-to-end, using security group tags

D. Offers a web-based global network of shared resources, software, and information provided to Cisco customers on demand

Which command could you use to determine the number TACACS+ authentication attempts that have recently timed out?

A. Router# debug aaa authentication

B. Router# debug tacacs

C. Router# show authentication sessions

D. Router# show aaa servers

Which of the following describes the Script kiddies as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

Which of these options is a Cisco IOS feature that lets you more easily configure security features on your router?

A. Cisco Self-Defending Network

B. implementing AAA command authorization

C. the auto secure CLI command

D. performing a security audit via SDM

Which options describe the AH IPsec protocol? (Choose two)

A. Provides authentication and integrity

B. Supports only transport mode

C. Provides encryption and authentication

D. Is IP protocol 50

E. Is IP protocol 51

You need to ensure that CDP is only enabled on interfaces that are connected to a trusted network. CDP must be disabled on all other interfaces. What should you do?

A. Run the no cdp run command

B. Run the no cdp enable command

C. Deploy Cisco AutoSecure in noninteractive mode

D. Deploy Cisco AutoSecure in interactive mode

Which of the following methods describes Man-in-the-middle attack? (Choose two)

A. ARP spoofing

B. DHCP spoofing

C. STP attack

D. CAM table overflow

E. CDP reconnaissance

Attacks may take a variety of forms. Which of the following describes the Spoofing as a threat category?

A. Uses ping sweeps and port scans to identify all services on a network

B. Occurs when an attacker uses a fake device address

C. Attacks spread without human intervention

D. Attacks are typically carried out by instant message or E-mail

E. Hackers attempt to gain access to network packets

F. Occurs when an attacker can read or change sensitive data

Which of the following describes the Control plane packets classification? (Choose two)

A. End-station, user-generated packets

B. Examples include protocols such as ARP, BGP, and OSPF

C. Always have a receive destination IP address and are managed by the CPU in the network device route processor

D. Examples include SSH, TFTP, SNMP, and FTP

Which of the following describes the Hackers as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

What is the first step you should take when considering securing your network?

A. Install a firewall.

B. Install an intrusion prevention system.

C. Update servers and user PCs with the latest patches.

D. Develop a security policy.

You have noticed several workstations have been configured with an incorrect default gateway. Which type of attack is likely occurring?

A. STP attack

B. CAM table overflow attack

C. Switch spoofing

D. DHCP spoofing

What are reasons that prevent the use of SEAL? (Choose two)

A. Slower that AES

B. Software based IPsec

C. Supported devices

D. K8 subsystem

Suppose you want to change the minimum password length using the CLI from Cisco Configuration Professional. What should you do first?

A. Navigate to the Security Audit Wizard

B. Navigate to the Configuration Editor option in the Utilities panel

C. Use the Manage Community dialog box

Which IDS sensor action will send an ARC response to completely block the attacker's IP address?

A. Deny attacker inline

B. Reset TCP connection

C. Request block host

D. Deny packet inline

What technology allows for a device to have multiple virtual firewalls?

A. Cisco Secure ACS

B. Class maps

C. Security contexts

D. Compartmentalization principal

An administrator has incorrectly entered their password to gain access to privilege exec mode on a router. This generates an IDS alarm. What is this an example of?

A. True negative

B. False positive

C. True positive

D. False negative

You need to implement a high availability solution on the ASA. The solution must be able to work with units running in either single or multiple context mode. Which failover configuration should be used?

A. Cisco Secure ACS

B. Active/Standby

C. Cisco ASDM

D. Active/Active

You have several operating groups in your enterprise that require differing access restrictions to the routers to perform their job roles. These groups range from Help Desk personnel to advanced troubleshooters. What is one methodology for controlling access rights to the routers in these situations?

A. configure ACLs to control access for the different groups

B. configure multiple privilege level access

C. implement syslogging to monitor the activities of the groups

D. configure TACACS+ to perform scalable authentication

To verify the clientless SSL VPN, a compliant browser has been opened. Which prefix is the path changed to if the object does not require authentication?

A. http://

B. /+CSCOE+/

C. /+CSCOU+/

D. https://

Which statement best describes an inside local address?

A. The IPv4 address that is assigned to a host on the outside network by the host owner.

B. The IPv4 address of an outside host as it appears to the inside network.

C. The IPv4 address that is assigned to a host on the inside network.

D. The Valid IPv4 address that is assigned by the network information center or service provider.

Which actions are considered best practices? (Choose two)

A. Use VLAN 1 as your management VLAN

B. Change the native VLAN on all trunk links

C. Configure VLAN 1 as the native VLAN for all trunk links

D. Place all unused switch ports into an unused VLAN

You have learned that a Trojan was propagated to several servers in your network. However, no preventative action was taken by an IPS. What is this an example of?

A. False negative

B. True positive

C. True negative

D. False positive

Which hash algorithm is capable of a 512 bit message digest?

A. MD5

B. SHA-1

C. SHA-2

D. RC5

Which of the following describes the Phreakers as a category of individuals who attack computer systems and operations?

A. Individuals who mean no harm and do not expect financial gain

B. Individuals who generally work for financial gain

C. Individuals who pride themselves on compromising telephone systems

D. Individuals who do not write their own code

E. Individuals with a political agenda

Which statement is true about application layer firewalls?

A. Authenticate devices, not users

B. Authenticate individuals, not devices

C. Logging provides minimal details

D. Recommended for the monitoring of several applications simultaneously

Which tasks could you perform by deploying a third party MDM solution with Cisco ISE? (Choose two)

A. Require mobile devices to have pin locks configured before being allowed to access a wireless endpoint

B. Require that remote computers have up-to-date antivirus definitions before allowing VPN connections

C. Provide a self-service portal which users can use to manage their mobile device status

D. Provide web proxy services for network devices

Why would an organization choose to implement a stateful packet inspection?

A. Support user authentication for connections

B. For use with all transport protocols

C. Improves routing performance

D. Protection against upper layer attacks

There is currently an issue with some clients establishing an AnyConnect SSL VPN. The affected users differ from time to time. What could help explain this problem?

A. Certify the proper VPN protocol is selected

B. Determine the Internet browser version

C. Check the configured authentication type

D. Verify the address pool

Which command is used to display established IPsec tunnels?

A. show crypto ipsec sa

B. show crypto ipsec transform-set

C. show crypto ipsec

Cisco test CCNA 210-260

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?

Why?

Cisco test CCNA 210-260

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?