CCNA Security - Chapter 10

1.

1 point

In quantitative risk analysis, what term is used to represent the degree of destruction that would occur if an event took place?

single loss expectancy

annualized loss expectancy

exposure factor

annualized rate of occurrence

2.

1 point

What security task is relevant in the disposition phase of the SDLC?

ensuring that data is deleted, erased, or overwritten

ensuring that security plans are designed, developed, and implemented

defining the levels of potential impact on an organization from a security breach

identifying the protection requirements for systems through a formal risk assessment process

3.

1 point

Which two security features must be implemented when SCP is a part of a company security plan? (Choose two.)

encrypted Cisco IOS File System

SSH

AES

AAA authorization

TCP/IP-based VPN

4.

1 point

What situations are addressed by a business continuity plan?

the day-to-day operations necessary to deploy and maintain secure systems

the roles and responsibilities of personnel responding to security breaches

the threats that corporate systems are subjected to in a particular environment

the continued operations of an organization in the event of a disaster or service interruption

5.

1 point

What component of the Cisco SecureX architecture automatically deploys security rules to Cisco devices?

policy management console

delivery mechanism

scanning engine

SIO

6.

1 point

Using quantitative risk analysis, what is the annualized loss expectancy to an organization of an event that has single loss expectancy of $500,000 and a annualized rate of occurrence of .03?

$1500

$15,000

$6000

$1,500,000

7.

1 point

What is the purpose of a security awareness campaign?

to integrate all the security skills and competencies into a single body of knowledge

to focus the attention of employees on security issues

to teach skills so employees can perform security tasks

to provide users with a training curriculum that can ultimately lead to a formal degree

8.

1 point

What is the main purpose of the Cisco SIO?

to enable a single point of policy definition that spans multiple enforcement points

to guarantee every connection coming on or off the endpoint

to provide a method of introducing scanning elements into the network

to identify malicious traffic and develop rules to stop it

9.

1 point

Which practice would it be best to modify in order to improve this process so it is in accordance with recommended best practices for a secure backup program?

More people should have rights to perform the backups.

Only one person is needed to store the off-site copy.

Two people should securely store the on-site backup media.

Backups should be done on a more frequent basis.

Media can be rotated.

10.

1 point

A network manager has presented to upper management that the threat of fire in the data center has an exposure factor of 70 percent. What does this mean?

70 percent of the data center area has a high risk of fire.

70 percent of the devices in the data center do not have fire resistance coverage.

70 percent of all data center equipment would be destroyed if there were a fire.

There is a 70 percent chance of a fire in the data center.

11.

1 point

A new person has joined the security operations team for a manufacturing plant. What is a common scope of responsibility for this person?

physical and logical security of all business personnel

data security on host devices

managing redundancy operations for all systems

day-to-day maintenance of network security

12.

1 point

Why would an organization perform a quantitative risk analysis for network security threats?

so that the organization knows the top areas where network security holes exist

so that management can determine the number of network devices needed to inspect, analyze, and protect the corporate resources

so that management has documentation about the number of security attacks that have occurred within a particular time period

so that the organization can focus resources where they are most needed

13.

1 point

What is the objective of the governing policy in the security policy hierarchy structure?

It covers all rules pertaining to information security that end users should know about and follow.

It provides general policies on how the technical staff should perform security functions.

It defines system and issue-specific policies that describe what the technical staff does.

It outlines the company’s overall security goals for managers and technical staff.

14.

1 point

What are two attributes of a qualitative risk analysis? (Choose two.) It is measurable.

It is descriptive.

It uses a mathematical model.

It assigns values to assets.

It is exploratory.

15.

1 point

What is the purpose of the Tripwire network testing tool?

to provide information about vulnerabilities and aid in penetration testing and IDS signature development

to detect unauthorized wired network access

to assess configuration against established policies, recommended best practices, and compliance standards

to perform vulnerability scanning

to provide password auditing and recovery

16.

1 point

_____ analysis is used to estimate the probability and severity of threats to a system

17.

1 point

Which type of security policy document is it that includes implementation details that usually contain step-by-step instructions and graphics?

guideline document

procedure document

standards document

best practices document

18.

1 point

What are the three security tasks related to the disposition phase of the system development life cycle? (Choose three.)

continuous monitoring

preliminary risk assessment

security cost considerations

media sanitation

information preservation

hardware and software disposal

19.

1 point

How does network scanning help assess operations security?

It can detect open TCP ports on network systems.

It can log abnormal activity.

It can simulate attacks from malicious sources.

It can detect weak or blank passwords.

20.

1 point

What operations security principle is intended to ensure that a single individual does not control two or more phases of an operation?

change control

rotation of duties

trusted recovery

separation of duties

21.

1 point

Which security test is appropriate for detecting system weaknesses such as misconfiguration, default passwords, and potential DoS targets?

penetration testing

integrity checkers

vulnerability scanning

network scanning

22.

1 point

Which security policy component defines what users are allowed and not allowed to do on company systems?

application policy

acceptable use policy

governing policy

authentication policy

23.

1 point

A network security manager has been tasked with supporting some staff to work from home on a part time basis. What Cisco Secure access product will allow this manager to provide secure, manageable voice and video services to this group of personnel?

Cisco Identity Services Engine

Cisco AnyConnect

Cisco Secure Access Control System

Cisco Virtual Office

Cisco NAC Appliance

24.

1 point

What should be the primary objective of a contingency and disaster recovery plan?

address every possible disaster scenario and assumption

identify acceptable methods of recovery on events most likely to happen

implement protection mechanisms in an attempt to reduce risks to acceptable levels

eliminate risk by avoiding threats to the network altogether