CCNA Security - Chapter 9

1.

1 point

In the Cisco SecureX architecture, which component is considered the workhorse of policy enforcement?

next-generation endpoint

scanning engine

policy management console

Security Intelligence Operations

2.

1 point

Which aspect of a scanning element is able to determine a security policy to apply based on information such as the person using the device, the location of the device, and the application being used?

context awareness

centralized enforcement

perimeter awareness

perimeter deployment

3.

1 point

What are the two components in the Cisco Security Management Suite? (Choose two.)

Cisco Security Agent

Cisco Network Admission Control

Cisco Security MARS

Cisco Security Manager

Cisco Intrusion Prevention

4.

1 point

Which network security test requires a network administrator to launch an attack within the network?

network scan

vulnerability scan

penetration test

password crack

5.

1 point

Which Cisco secure access solution can be used to determine if hosts are compliant with security policies?

Cisco Secure Access Control System

Network Admission Control Appliance

Cisco Adaptive Wireless IPS Software

Cisco AnyConnect Secure Mobility Solutions

6.

1 point

If a web browser is to be used, and not a hardware or software-based client, which Cisco solution is best for establishing a secure VPN connection?

VPN Services for Cisco ASA Series

Cisco Virtual Security Gateway

Cisco Adaptive Wireless IPS Software

Cisco AnyConnect Secure Mobility Solutions

7.

1 point

Which development has contributed most to the growing demand for a borderless network?

personal firewall software

consumer endpoints

DMZ services

corporate managed laptops

8.

1 point

Which security document includes implementation details, usually with step-by-step instructions and graphics?

procedure document

overview document

guideline document

standard document

9.

1 point

Which SecureX product family would include Cisco AnyConnect?

secure network

secure mobility

secure data center

secure e-mail and web

secure access

10.

1 point

In which phase of the system development life cycle should security requirements be addressed?

Apply critical security requirements during the implementation phase.

Include a minimum set of security requirements at each phase.

Add security requirements during the initiation phase.

Implement the majority of the security requirements at the acquisition phase.

11.

1 point

What are the two major components of a security awareness program? (Choose two.)

training and education

self-defending network implementation

security policy development

awareness campaign

security solution development

12.

1 point

What is the purpose of the webtype ACLs in an ASA?

to filter traffic for clientless SSL VPN users

to inspect outbound traffic headed towards certain web sites

to monitor return traffic that is in response to web server requests that are initiated from the inside interface

to restrict traffic that is destined to an ASDM

13.

1 point

What are the two major elements of the Cisco Secure Communications solution? (Choose two.)

secure communications for intranets

secure communications for extranets

secure communications for management

secure communications for site-to-site connections

secure communications for remote access

14.

1 point

Refer to the exhibit. When implementing the Cisco Self-Defending Network, which two technologies ensure confidentiality when referring to secure communications? (Choose two.)

Intrusion Prevention System

Cisco NAC appliances and Cisco Security Agent

IPsec VPN

Cisco Security Monitoring, Analysis, and Response System

SSL VPN

Cisco Security Manager

15.

1 point

Which two Cisco Threat Control and Containment technologies address endpoint security? (Choose two.)

Cisco Network Admission Control

Cisco Application Control Engine

Cisco Security Monitoring, Analysis, and Response System

virtual private network

Cisco Security Agent

16.

1 point

Which three types of remote access VPNs are supported on ASA devices?

SSL or IPsec (IKEv2) VPN using the Cisco VPN Client

SSL or IPsec (IKEv2) VPN using the Cisco AnyConnect Client

IPsec (IKEv1) VPN using the Cisco VPN Client

IPsec (IKEv1) VPN using a web browser

Clientless SSL VPN using the Cisco AnyConnect Client

Clientless SSL VPN using a web browser

17.

1 point

Which statement could be expected to be included in a Code of Ethics that is related to IT and network security?

Application of the Code of Ethics to use of the network is at the discretion of the employee.

Employees with greater than 5 years of service can claim exemption from provisions of the Code of Ethics.

The network is to be used by employees to provide diligent and competent services to the organization.

Employees breaching the Code of Ethics will be prosecuted to the full extent of the law.

18.

1 point

What command defines a DHCP pool that uses the maximum number of DHCP client addresses available on an ASA 5505 that is using the Base license?

CCNAS-ASA(config)# dhcpd address 192.168.1.20-192.168.1.50 inside

CCNAS-ASA(config)# dhcpd address 192.168.1.25-192.168.1.56 inside

CCNAS-ASA(config)# dhcpd address 192.168.1.30-192.168.1.79 inside

CCNAS-ASA(config)# dhcpd address 192.168.1.10-192.168.1.100 inside

19.

1 point

Which statement describes the function provided to a network administrator who uses the Cisco Adaptive Security Device Manager (ASDM) GUI that runs as a Java Web Start application?

The administrator can connect to and manage multiple ASA devices and Cisco routers.

The administrator can connect to and manage multiple ASA devices, Cisco routers, and Cisco switches.

The administrator can connect to and manage multiple ASA devices.

The administrator can connect to and manage a single ASA.

20.

1 point

What protocol is used by SCP for secure transport?

TFTP

IPSec

HTTPS

SSH

Telnet

21.

1 point

Which principle of the Cisco Self-Defending Network emphasizes that security should be built in?

collaborate

adapt

integrate

simplify

22.

1 point

What is a characteristic of ASA security levels?

Each operational interface must have a name and be assigned a security level from 0 to 200.

The lower the security level on an interface, the more trusted the interface.

Inbound traffic is identified as the traffic moving from an interface with a higher security level to an interface with a lower security level.

An ACL needs to be configured to explicitly permit traffic from an interface with a lower security level to an interface with a higher security level.

23.

1 point

A company is considering implementing the Cisco SecureX security architecture. What is the purpose of Cisco TrustSec?

It is a stand-alone appliance managed from a central policy console.

It is a technology that implements packet tagging to allow security elements to share information from scanning elements.

It is a large cloud-based security ecosystem with global correlation.

It is a perimeter-based, stand-alone network scanning device.

24.

1 point

Refer to the exhibit. Two types of VLAN interfaces were configured on an ASA 5505 with a Base license. The administrator wants to configure a third VLAN interface with limited functionality. Which action should be taken by the administrator to configure the third interface?

Because the ASA 5505 does not support the configuration of a third interface, the administrator cannot configure the third VLAN.

The administrator needs to acquire the Security Plus license, because the Base license does not support the proposed action.

The administrator must enter the no forward interface vlan command before the nameif command on the third interface.

The administrator configures the third VLAN interface the same way the other two were configured, because the Base license supports the proposed action.

25.

1 point

Which term describes a completely redundant backup facility, with almost identical equipment to the operational facility, that is maintained in the event of a disaster?

cold site

hot site

backup site

reserve site

26.

1 point

Which statement about network security within the SecureX architecture is true?

It is located closer to the end user.

It is enforced in a highly centralized structure.

It is managed by a single policy.

It is implemented in the network core.

27.

1 point

Which Cisco VPN solution provides limited access to internal network resources by utilizing a Cisco ASA and provides browser-based access only?

SSL

client-based SSL VPN

IPsec

clientless SSL VPN

28.

1 point

Which three detailed documents are used by security staff for an organization to implement the security policies? (Choose three.)

risk assessment

standards

asset inventory

best practices

procedures

guidelines

29.

1 point

When an organization implements the two-person control principle, how are tasks handled?

A task must be completed twice by two operators who must achieve the same results.

A task requires two individuals who review and approve the work of each other.

A task is rotated among individuals within a team, each completing the entire task for a specific amount of time.

A task is broken down into two parts, and each part is assigned to a different individual.

30.

1 point

Which option describes ethics?

Ethics is a standard that is higher than the law.

Ethics deals with criminal law and monetary compensation.

Ethics compliance is the basis for setting security policies.

Ethics involves government agencies enforcing regulations.

31.

1 point

What are three key principles of a Cisco Self-Defending Network? (Choose three.)

integrity

adaptability

confidentiality

integration

collaboration

authentication

32.

1 point

Which security services, available through the Cisco Self-Defending Network, include VPN access?

secure communications

operational control and policy management

threat control and containment

application control for infrastructure

33.

1 point

Which three documents comprise the hierarchical structure of a comprehensive security policy for an organization? (Choose three.)

end-user policy

backup policy

incident policy

technical policy

governing policy

server policy

34.

1 point

What is the primary focus of network operations security?

to design and develop secure application code

to conduct regular employee background checks

to support deployment and periodic maintenance of secure systems

to reprimand personnel who do not adhere to security policies

35.

1 point

Which Cisco SecureX product family would be primarily responsible for detecting and blocking attacks and exploits, while preventing intruder access?

secure mobility

secure data center

secure e-mail and web

secure network

secure access

36.

1 point

Refer to the exhibit. A network administrator is configuring PAT on an ASA device to enable internal workstations to access the Internet. Which configuration command should be used next?

nat (outside,inside) dynamic NET1

nat (inside,outside) dynamic NET1

nat (inside,outside) dynamic interface

nat (outside,inside) dynamic interface

37.

1 point

Refer to the exhibit. A network administrator is configuring an object group on an ASA device. Which configuration keyword should be used after the object group nameSERVICE1?

ICMP

IP

TCP

UDP

38.

1 point

What three areas should be considered when designing a network security policy? (Choose three.)

service level agreement

network quality of service

network maintenance

identification and authentication

remote access

network equipment provider

39.

1 point

What is a feature of an effective network security training program?

Participation in the network security training is voluntary.

All employees become trained in the design and implementation of secure networks.

Training for all employees covers the full scope of security issues related to the organization.

Employee groups are identified and the training is customized to their needs.

40.

1 point

Which type of analysis uses a mathematical model that assigns a monetary figure to the value of assets, the cost of threats being realized, and the cost of security implementations?

Quantitative Risk Analysis

Quantitative Continuity Analysis

Qualitative Asset Analysis

Qualitative Risk Analysis

41.

1 point

Which two statements are true about ASA standard ACLs? (Choose two.)

They identify only the destination IP address.

They are applied to interfaces to control traffic.

They are typically only used for OSPF routes.

They specify both the source and destination MAC address.

They are the most common type of ACL.

42.

1 point

Which three statements describe ethics in network security? (Choose three.)

principles put into action in place of laws

standard that is higher than the law

set of regulations established by the judiciary system

set of moral principles that govern civil behavior

foundations for current laws

set of legal standards that specify enforceable actions when the law is broken

43.

1 point

What is a design feature of a secure network life cycle management process?

Security requirements are assessed and fully implemented in the initiation phase of the system development life cycle.

Security is purposefully included in every phase of the system development life cycle.

Security cost and reporting considerations are determined in the operations and maintenance phase of the system development life cycle.

Security is considered once the network is fully operational.

44.

1 point

A network engineer is using a Cisco ASA as a proxy device to provide remote secure access to a company web server. What technology is being used?

Cisco Secure Mobility Clientless SSL VPN

Cisco VPN Client

Cisco AnyConnect Secure Mobility Client with SSL

generic routing encapsulation tunnel using Ipsec

45.

1 point

Which component of the security policy lists specific websites, newsgroups, or bandwidth-intensive applications that are not allowed on the company network?

identification and authentication policies

incident handling procedures

remote access policies

acceptable use policies