210-260

Cisco Practice Tests

Exam:	Question 1 / 55 - Mode : Exam	90:00
You have several operating groups in your enterprise that require differing access restrictions to the routers to perform their job roles. These groups range from Help Desk personnel to advanced troubleshooters. What is one methodology for controlling access rights to the routers in these situations? A. configure ACLs to control access for the different groups B. configure multiple privilege level access C. implement syslogging to monitor the activities of the groups D. configure TACACS+ to perform scalable authentication Which of the following actions belong to the Initiation phase of the secure network life cycle? (Choose two) A. Security categorization B. Preliminary risk assessment C. Configuration management and control D. Continuous monitoring E. Information preservation F. Media sanitization Network security aims to provide which three key services? (Choose three) A. data integrity B. data strategy C. data and system availability D. data mining E. data storage F. data confidentiality What is the goal of an overall security challenge when planning a security strategy? A. to harden all exterior-facing network components B. to install firewalls at all critical points in the network C. to find a balance between the need to open networks to support evolving business requirements and the need to inform D. to educate employees to be on the lookout for suspicious behavior Which of the following actions belong to the Operations and maintenance phase of the secure network life cycle? (Choose two) A. Security categorization B. Preliminary risk assessment C. Configuration management and control D. Continuous monitoring E. Information preservation F. Media sanitization Which statement is true when configuring access control lists (ACLs) on a Cisco router? A. ACLs filter all traffic through and sourced from the router. B. Apply the ACL to the interface prior to configuring access control entries to ensure that controls are applied immediately upon configuration. C. An "implicit deny" is applied to the start of the ACL entry by default. D. Only one ACL per protocol, per direction, and per interface is allowed. Which of the following describes the Hackers as a category of individuals who attack computer systems and operations? A. Individuals who mean no harm and do not expect financial gain B. Individuals who generally work for financial gain C. Individuals who pride themselves on compromising telephone systems D. Individuals who do not write their own code E. Individuals with a political agenda Attacks may take a variety of forms. Which of the following describes the Spoofing as a threat category? A. Uses ping sweeps and port scans to identify all services on a network B. Occurs when an attacker uses a fake device address C. Attacks spread without human intervention D. Attacks are typically carried out by instant message or E-mail E. Hackers attempt to gain access to network packets F. Occurs when an attacker can read or change sensitive data Which of the following actions belong to the Disposition phase of the secure network life cycle? (Choose two) A. Security categorization B. Preliminary risk assessment C. Configuration management and control D. Continuous monitoring E. Information preservation F. Media sanitization What is the purpose of GLBA information security compliance regulation? A. Responds to loss of public trust in publicly-traded companies after several corporate and accounting scandals B. Provides assurance that the electronic transfer of confidential patient information is at least as safe as paper-based records C. Increases computer and network security within the US government by requiring yearly audits D. Enables financial organizations to acquire other companies or form alliances with each other Which actions belong to the operations and maintenance phase of the secure network life cycle? (Choose two) A. Configuration management and control B. Continuous monitoring C. Cost considerations and reporting D. System integration E. Security accreditation F. Hardware and software disposal What is the purpose of Sarbanes-Oxley information security compliance regulation? A. Responds to loss of public trust in publicly-traded companies after several corporate and accounting scandals B. Provides assurance that the electronic transfer of confidential patient information is at least as safe as paper-based records C. Increases computer and network security within the US government by requiring yearly audits D. Enables financial organizations to acquire other companies or form alliances with each other Which statement is true when using zone-based firewalls on a Cisco router? A. Policies are applied to traffic moving between zones, not between interfaces. B. The firewalls can be configured simultaneously on the same interface as classic CBAC using the ip inspect CLI command. C. Interface ACLs are applied before zone-based policy firewalls when they are applied outbound. D. When configured with the â€œPASSâ€ action, stateful inspection is applied to all traffic passing between the configured zones. Select one of the following statements that describes the trust exploitation threats. A. Hides information based on tunneling one protocol inside another B. Hackers gain leverage using existing trust relationships C. Attacks can be carried out using Trojan horse programs D. Availability is compromised with DoS attacks E. A collection of compromised machines running programs under a common command F. Attacks focus on making a service unavailable for normal use Which of the following examples of security controls matches the Administrative category of security controls? (Choose two) A. Security awareness training B. Background checks of employees and contractors C. Firewalls D. Positive air flow systems E. Fire suppression systems What is the purpose of HIPAA information security compliance regulation? A. Responds to loss of public trust in publicly-traded companies after several corporate and accounting scandals B. Provides assurance that the electronic transfer of confidential patient information is at least as safe as paper-based records C. Increases computer and network security within the US government by requiring yearly audits D. Enables financial organizations to acquire other companies or form alliances with each other Select one of the following statements that describes the overt and covert channels. A. Hides information based on tunneling one protocol inside another B. Hackers gain leverage using existing trust relationships C. Attacks can be carried out using Trojan horse programs D. Availability is compromised with DoS attacks E. A collection of compromised machines running programs under a common command F. Attacks focus on making a service unavailable for normal use When implementing network security, what is an important configuration task that you should perform to assist in correlating network and security events? A. Configure Network Time Protocol. B. Configure synchronized syslog reporting. C. Configure a common repository of all network events for ease of monitoring. D. Configure an automated network monitoring system for event correlation. Which of these options is a GUI tool for performing security configurations on Cisco routers? A. Security Appliance Device Manager B. Cisco CLI Configuration Management Tool C. Cisco Security Device Manager D. Cisco Security Manager Which one of the following statements describes the DoS and DDoS Attacks? A. Hides information based on tunneling one protocol inside another B. Hackers gain leverage using existing trust relationships C. Attacks can be carried out using Trojan horse programs D. Availability is compromised with DoS attacks E. A collection of compromised machines running programs under a common command F. Attacks focus on making a service unavailable for normal use Which of the following examples of security controls matches the Physical category of security controls? (Choose two) A. Security awareness training B. Background checks of employees and contractors C. Firewalls D. Positive air flow systems E. Fire suppression systems Which option is true of using cryptographic hashes? A. They are easily reversed to decipher the message context. B. They convert arbitrary data into a fixed-length digest. C. They are based on a two-way mathematical function. D. They are used for encrypting bulk data communications. Which option is the term for a weakness in a system or its design that can be exploited by a threat? A. a vulnerability B. a risk C. an exploit D. an attack Attacks may take a variety of forms. Which of the following describes the Blended threats as a threat category? A. Uses ping sweeps and port scans to identify all services on a network B. Occurs when an attacker uses a fake device address C. Attacks spread without human intervention D. Attacks are typically carried out by instant message or E-mail E. Hackers attempt to gain access to network packets F. Occurs when an attacker can read or change sensitive data Which one of the following statements describes the Botnets? A. Hides information based on tunneling one protocol inside another B. Hackers gain leverage using existing trust relationships C. Attacks can be carried out using Trojan horse programs D. Availability is compromised with DoS attacks E. A collection of compromised machines running programs under a common command F. Attacks focus on making a service unavailable for normal use Which three options are areas of router security? (Choose three) A. physical security B. access control list security C. zone-based firewall security D. operating system security E. router hardening F. Cisco IOS-IPS security Attacks may take a variety of forms. Which of the following describes the confidentiality and integrity violations threats? A. Uses ping sweeps and port scans to identify all services on a network B. Occurs when an attacker uses a fake device address C. Attacks spread without human intervention D. Attacks are typically carried out by instant message or E-mail E. Hackers attempt to gain access to network packets F. Occurs when an attacker can read or change sensitive data Which option correctly defines asymmetric encryption? A. uses the same keys to encrypt and decrypt data B. uses MD5 hashing algorithms for digital signage encryption C. uses different keys to encrypt and decrypt data D. uses SHA-1 hashing algorithms for digital signage encryption Select one of the following statements that describes the availability violations threats. A. Hides information based on tunneling one protocol inside another B. Hackers gain leverage using existing trust relationships C. Attacks can be carried out using Trojan horse programs D. Availability is compromised with DoS attacks E. A collection of compromised machines running programs under a common command F. Attacks focus on making a service unavailable for normal use Which threats are the most serious? A. inside threats B. outside threats C. unknown threats D. reconnaissance threats What is considered the number one criterion when classifying data for either the private or public sector? A. Age B. Personal association C. Useful life D. Value Which recommendations follow defense-in-depth principles? (Choose two) A. Defend in one place B. Build one layer of defense C. Employ robust key management D. Deploy IPS Attacks may take a variety of forms. Which of the following describes the Enumeration and fingerprinting as a threat category? A. Uses ping sweeps and port scans to identify all services on a network B. Occurs when an attacker uses a fake device address C. Attacks spread without human intervention D. Attacks are typically carried out by instant message or E-mail E. Hackers attempt to gain access to network packets F. Occurs when an attacker can read or change sensitive data An intruder sends messages to a computer with an IP address that indicates that the message is coming from a trusted host. The hacker learns the IP address of a trusted host and modifies the packet headers so that apparently the packets are coming from that trusted host. How would you categorize this attack? A. Confidentiality and integrity violation B. Password attack C. Spoofing D. Blended threat Which of the following describes the Phreakers as a category of individuals who attack computer systems and operations? A. Individuals who mean no harm and do not expect financial gain B. Individuals who generally work for financial gain C. Individuals who pride themselves on compromising telephone systems D. Individuals who do not write their own code E. Individuals with a political agenda Which option is a desirable feature of using symmetric encryption algorithms? A. They are often used for wire-speed encryption in data networks. B. They are based on complex mathematical operations and can easily be accelerated by hardware. C. They offer simple key management properties. D. They are best used for one-time encryption needs. Which option is a key principle of the Cisco Self-Defending Network strategy? A. Security is static and should prevent most known attacks on the network. B. The self-defending network should be the key point of your security policy. C. Integrate security throughout the existing infrastructure. D. Upper management is ultimately responsible for policy implementation. Which option is true of intrusion prevention systems? A. They operate in promiscuous mode. B. They operate in inline mode. C. They have no potential impact on the data segment being monitored. D. They are more vulnerable to evasion techniques than IDS. Attacks may take a variety of forms. Which of the following describes the Phishing, pharming, and identify theft? A. Uses ping sweeps and port scans to identify all services on a network B. Occurs when an attacker uses a fake device address C. Attacks spread without human intervention D. Attacks are typically carried out by instant message or E-mail E. Hackers attempt to gain access to network packets F. Occurs when an attacker can read or change sensitive data Which of the following describes the Crackers as a category of individuals who attack computer systems and operations? A. Individuals who mean no harm and do not expect financial gain B. Individuals who generally work for financial gain C. Individuals who pride themselves on compromising telephone systems D. Individuals who do not write their own code E. Individuals with a political agenda What is the first step you should take when considering securing your network? A. Install a firewall. B. Install an intrusion prevention system. C. Update servers and user PCs with the latest patches. D. Develop a security policy. Which option is the term for what happens when computer code is developed to take advantage of a vulnerability? For example, suppose that a vulnerability exists in a piece of software, but nobody knows about this vulnerability. A. a vulnerability B. a risk C. an exploit D. an attack Attacks may take a variety of forms. Which of the following describes the Man-in-the-middle attack? A. Uses ping sweeps and port scans to identify all services on a network B. Occurs when an attacker uses a fake device address C. Attacks spread without human intervention D. Attacks are typically carried out by instant message or E-mail E. Hackers attempt to gain access to network packets F. Occurs when an attacker can read or change sensitive data Threats to network security have become more sophisticated over the years. Identify the next generation threats facing organizations today. (Choose four) A. Cognitive threats via social networks B. PDA and consumer electronics exploits C. Widespread website compromises D. Disruption of critical infrastructure E. Massive worm drives F. Macro viruses Which option is the term for the likelihood that a particular threat using a specific attack will exploit a particular vulnerability of a system that results in an undesirable consequence? A. a vulnerability B. a risk C. an exploit D. an attack Which of these options is a Cisco IOS feature that lets you more easily configure security features on your router? A. Cisco Self-Defending Network B. implementing AAA command authorization C. the auto secure CLI command D. performing a security audit via SDM Select one of the following statements that describes the password attacks. A. Hides information based on tunneling one protocol inside another B. Hackers gain leverage using existing trust relationships C. Attacks can be carried out using Trojan horse programs D. Availability is compromised with DoS attacks E. A collection of compromised machines running programs under a common command F. Attacks focus on making a service unavailable for normal use Which actions occur during the implementation phase of the secure network life cycle? (Choose three) A. Inspection and acceptance B. System integration C. Security certification D. Developmental security test and evaluation E. Security planning Which of the following describes the Script kiddies as a category of individuals who attack computer systems and operations? A. Individuals who mean no harm and do not expect financial gain B. Individuals who generally work for financial gain C. Individuals who pride themselves on compromising telephone systems D. Individuals who do not write their own code E. Individuals with a political agenda Which of the following describes the Hacktivists as a category of individuals who attack computer systems and operations? A. Individuals who mean no harm and do not expect financial gain B. Individuals who generally work for financial gain C. Individuals who pride themselves on compromising telephone systems D. Individuals who do not write their own code E. Individuals with a political agenda Security threats have evolved over time. Identity the latest generation of security threats. (Choose four) A. Virtualization exploits B. Memory scraping C. Hardware hacking D. IPv6-based attacks E. E-mail F. Infrastructure hacking Which options are necessary elements of an effective computer security awareness and training program? (Choose five) A. Identify program scope, goals, and objectives B. Identify training staff C. Deliver the same training program to everyone D. Motivate management and employees E. Administer the program appropriately F. Evaluate and maintain the program G. Decide on acceptable encryption policy Which of the following examples of security controls matches the Technical category of security controls? A. Security awareness training B. Background checks of employees and contractors C. Firewalls D. Positive air flow systems E. Fire suppression systems Which three of these options are some of the best practices when you implement an effective firewall security policy? (Choose three) A. Position firewalls at strategic inside locations to help mitigate inside nontechnical attacks. B. Configure logging to capture all events for forensic purposes. C. Use firewalls as a primary security defense; other security measures and devices should be implemented to enhance your network security. D. Position firewalls at key security boundaries. E. Deny all traffic by default and permit only necessary services. What is the purpose of FISMA information security compliance regulation? A. Responds to loss of public trust in publicly-traded companies after several corporate and accounting scandals B. Provides assurance that the electronic transfer of confidential patient information is at least as safe as paper-based records C. Increases computer and network security within the US government by requiring yearly audits D. Enables financial organizations to acquire other companies or form alliances with each other