Final Second Half

1.

1 point

Fill in the blank.
When role-based CLI is used, only the _____________ view has the ability to add or remove commands from existing views.

2.

1 point

Place the system development cycle (SDLC) phases in the order they occur (Not all options are used)
(Drag and drop)

1st -> Initiation

2nd -> Acqusition and Development

3rd -> Implementation

4th -> Operations and Maintenance

5th -> Disposition

3.

1 point

A user complains about not being able to gain access to the network. What command would be used by the network administrator to determine which AAA method list is being used for this particular user as the user logs on?

debug aaa accounting

debug aaa authorization

debug aaa authentication

debug aaa protocol

4.

1 point

What is an example of toll fraud?

the use of a telephony system to send unsolicited and unwanted bulk messages

the use of a telephony system to make unauthorized long distance calls

the use of a telephony system to get information, such as account details, directly from users

the use of a telephony system to illegally intercept voice packets in order to listen in on a call

5.

1 point

Logging into a computer as the administrator just to surf the web is a violation of which security technique?

process isolation

utilizing a reference monitor

access control to resources

least privilege

6.

1 point

What three phases would be addressed as part of doing business continuity planning? (Choose three.)

a recovery phase

an emergency response phase

a quarantine or containment phase

a return to normal operation phase

a reaction phase

an initiation phase

7.

1 point

In a corporate network where SAN is deployed, what happens if the SAN fabric is compromised?

Data is compromised.

Server CPUs become overloaded.

Configurations can be changed or lost.

End devices become infected.

8.

1 point

Refer to the exhibit. An administrator creates three zones (A, B, and C) in an ASA that filters traffic. Traffic originating from Zone A going to Zone C is denied, and traffic originating from Zone B going to Zone C is denied. What is a possible scenario for Zones A, B, and C

A – DMZ, B – Inside, C – Outside

A – DMZ, B – Outside, C – Inside

A – Inside, B – DMZ, C – Outside

A – Outside, B – Inside, C – DMZ

9.

1 point

What command must be issued to enable login enhancements on a Cisco router?

privilege exec level

banner motd

login delay

login block-for

10.

1 point

What is the role of the Cisco NAC Manager in implementing a secure networking infrastructure?

to assess and enforce security policy compliance in the NAC environment

to perform deep inspection of device security profiles

to provide post-connection monitoring of all endpoint devices

to define role-based user access and endpoint security policies

11.

1 point

A large company deploys several network-based IPS sensors for its headquarters network. Which network service configuration will help the process of correlating attack events happening simultaneously in different points of the network?

Multiple DNS servers with fault tolerance

Distributed DHCP servers

A syslog server for each IPS sensor

A centralized NTP server

12.

1 point

What is one way to prevent attackers from eavesdropping on VoIP conversations?

Use Forced Authorization Codes.

Implement separate voice VLANs.

Configure IP phones to use only signed firmware files.

Create ACLs to allow only VoIP protocols.

13.

1 point

Which three statements should be considered when applying ACLs to a Cisco router? (Choose three.)

Generic ACL entries should be placed at the top of the ACL.

A maximum of three IP access lists can be assigned to an interface per direction (in or out).

An access list applied to any interface without a configured ACL allows all traffic to pass.

Router-generated packets pass through ACLs on the router without filtering.

More specific ACL entries should be placed at the top of the ACL.

ACLs always search for the most specific entry before taking any filtering action.

14.

1 point

What is a CLI initiated script that locks down the control plane of a Cisco router in one step?

Control Plane Protection

Cisco AutoSecure

IP Source Guard

Control Plane Policing

15.

1 point

What is an advantage of using CCP rather than the CLI to configure an ACL?
IPsec is supported.

CCP applies the read-only quality to manually created access rules so that accidental modification cannot be made.

CCP automatically applies a rule to the interface or zone most appropriate.

Traffic rules do not have to be configured when CCP is being used.

CCP provides default rules.

16.

1 point

Refer to the exhibit. The network administrator is configuring the port security feature on switch SWC. The administrator issued the command show port-security interface fa 0/2 to verify the configuration. What can be concluded from the output that is shown? (Choose three.)

The switch port mode for this interface is access mode.

The port is configured as a trunk link.

Three security violations have been detected on this interface.

This port is currently up.

Security violations will cause this port to shut down immediately.

There is no device currently connected to this port.

17.

1 point

Which three types of remote access VPNs are supported on ASA devices? (Choose three.)

Clientless SSL VPN using the Cisco AnyConnect Client

SSL or IPsec (IKEv2) VPN using the Cisco AnyConnect Client

IPsec (IKEv1) VPN using a web browser

SSL or IPsec (IKEv2) VPN using the Cisco VPN Client

Clientless SSL VPN using a web browser

IPsec (IKEv1) VPN using the Cisco VPN Client

18.

1 point

Fill in the blank.
In a syslog implementation, a router that generates and forwards syslog messages is known as a syslog _______

19.

1 point

Refer to the exhibit. According to the command output, which three statements are true about the DHCP options entered on the ASA 5505? (Choose three.)

The dhcpd auto-config outside command was issued to enable the DHCP client.

The dhcpd enable inside command was issued to enable the DHCP server.

The dhcpd address [start-of-pool]-[end-of-pool] inside command was issued to enable the DHCP client.

The dhcpd auto-config outside command was issued to enable the DHCP server.

The dhcpd enable inside command was issued to enable the DHCP client.

The dhcpd address [start-of-pool]-[end-of-pool] inside command was issued to enable the DHCP server.

20.

1 point

Refer to the exhibit. What will be displayed in the output of the show running-config object command after the exhibited configuration commands are entered on an ASA 5505?

host 192.168.1.3

range 192.168.1.10 192.168.1.20

host 192.168.1.4 and range 192.168.1.10 192.168.1.20

host 192.168.1.3 and host 192.168.1.4

host 192.168.1.4

host 192.168.1.3, host 192.168.1.4, and range 192.168.1.10 192.168.1.20

21.

1 point

Refer to the exhibit. An administrator has configured an ASA 5505 as indicated but is still unable to ping the inside interface from an inside host. What is the cause of this problem?

An IP address should be configured on the Ethernet 0/0 and 0/1 interfaces.

The no shutdown command should be entered on interface Ethernet 0/1.

The security level of the inside interface should be 0 and the outside interface should be 100.

VLAN 1 should be the outside interface and VLAN 2 should be the inside interface.

VLAN 1 should be assigned to interface Ethernet 0/0 and VLAN 2 to Ethernet 0/1.

22.

1 point

Which three wizards are included in Cisco ASDM 6.4? (Choose three.)

ADSL Connection wizard

Advanced Firewall wizard

High Availability and Scalability wizard

Security Audit wizard

Startup wizard

VPN wizard

23.

1 point

What are two protocols that are used by AAA to authenticate users against a central database of usernames and password? (Choose two.)

TACACS+

NTP

SSH

RADIUS

HTTPS

CHAP

24.

1 point

Which security feature helps protect a VoIP system from SPIT attacks?

AES

BPDU guard

WPA2

authenticated TLS

25.

1 point

Why is a reflexive ACL harder to spoof compared to an extended ACL that uses the established keyword?

It provides a secure tunnel for returning traffic.

A reflexive ACL provides a lock-and-key function.

It allows incoming packets only after the 3-way handshake is completed.

It provides more detailed filter criteria to match an incoming packet before the packet is allowed through.

26.

1 point

Two devices that are connected to the same switch need to be totally isolated from one another. Which Cisco switch security feature will provide this isolation?

DTP

BPDU guard [Zen]

PVLAN Edge [Snarl]

SPAN

27.

1 point

Which statement accurately describes Cisco IOS zone-based policy firewall operation?

Router management interfaces must be manually assigned to the self zone.

A router interface can belong to multiple zones.

The pass action works in only one direction.

Service policies are applied in interface configuration mode.

28.

1 point

Which two options are offered through the Cisco TrustSec Solution for enterprise networks? (Choose two.)

Easy VPN solution

IPsec VPN solution

802.1X-Based Infrastructure solution

NAC Appliance-Based Overlay solution

Firewall and IDS integrated solution

29.

1 point

Refer to the exhibit. What is the purpose of the highlighted inspect line?

It is the action to take on the traffic from the 10.10.10.0/24 network.[Rahul and Zepo]

It specifies the named class-map to apply to the traffic_going policy.

It dictates to the firewall to track all outgoing sessions no matter the source in order to determine whether a return packet is allowed. [Dimented]

It is the command used to apply a rate limit to a specific class of traffic. [abd]

30.

1 point

A company is designing its strategy of deploying Cisco Secure ACS to manage user access. The company is currently using a Windows server for the internal authentication service. The network administrator needs to configure the ACS to contact the Windows server when it cannot find the user in its local database. Which option of external user database setup should be configured on ACS?

by specific user assignment

by unknown user policy [Johnny and Snarl]

by administrator privilege

by user priority [Dimented]

31.

1 point

Which security organization updates the training material that helps prepare for the Global Information Assurance Certification (GIAC)?