What is the primary method for mitigating malware? Installing antivirus software on all hosts A disgruntled employee is using wire shark to discover administrative tejnet user names and passwords. What type of network attack does this describe? What are the three components of information security insured by cryptography? Integrity availability confidentiality An intrusion ---------- system can provide detection and blocking of attacks in real time. What are the three core components of the Cisco secure data center solution? Secure segregation What worm mitigation phase involves actively disinfecting infected systems? What statement accurately characterizes the evolution of threats to network security? Internal threats can cause even greater damage than external threats. How is a Smurf attack conducted? By sending a large number of ICMP request to directed broadcast addresses from a spoofed source of address on the same network. What commonly motivates cyber criminals to attack networks as compared to the hactivist or state-sponsored hackers? What is a characteristic of a Trojan horse as it relates to network security? Malware is contained in a seemingly legitimate executable program. What method can be used to mitigate ping sweeps? Blocking ICMP echo and echo replies at the network edge. Which two network security solutions can be used to mitigate DoS attacks? Intrusion protection systems What role does the security intelligence operations play in the Cisco Secure X architecture? Identifying and stopping malicious traffic. What are the three core components of the Cisco secure data center solution? Secure segmentation What is a significant characteristic of worm malware? A worm can execute independently of the host system. What functional area of the Cisco network foundation protection framework is responsible for device generated packets required for network operation such as ARP message exchanges and routing advertisements? Which two statements characterize DoS attacks? Examples include Smurf attacks and ping of death attacks. They attempt to compromise the availability of the network host or application. What is an objective of a state sponsored attack? To right a perceived wrong. What are the three major components of a worm attack? A payload
Name two statements to describe access attacks? Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code. Password attacks can be implemented by the use of brute force attack methods, Trojan horses, or packet sniffers. What is the first step in the risk management process specified by the ISO/IEC? Conduct a risk assessment. An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. What type of attack is this? What causes a buffer overflow? Attempting to write more data in a memory location than that location can hold. Which condition describes the potential threat created by instant on in a data center? When a VM that may have outdated security policies is brought online after a long period of inactivity. Which three areas of router security must be maintained to secure an edge router at the network parameter? Physical security Which three statements describes limitations and using privilege levels for assigning a command authorization? Commands set on a higher privilege level are not available for lower privilege users. Creating a user account that needs access to most but not all commands can be a tedious process. There is no access control to specific interfaces on a router. What are two reasons to enable OSPF routing protocol authentication on a network? To prevent data traffic from being redirected and then discarded. To prevent redirection of data traffic to and insecure link. Which three actions are produced by adding Cisco iOS login enhancements to the router login process? Disable logins from specific hosts. Create syslog messages. Slow down and active attack. If AAA is already enabled, which CLI steps are required to configure a router with a specific view? Create a view using the parser view command. Assign commands to the view. Assign a secret password to the view. A network engineer is implementing security on all company routers. Which two commands should be issued to force authentication of the password for all OSPF enabled interfaces and the backbone area of the company network? ip ospf message-digest-key 1 md5 46dg753 area 0 authentication message-digest Which three types of views are available when configuring the role based CLI access feature? root view Which two characteristics apply to roll based CLI access super views? Users logged in to a SuperView can access all commands specified within the associated CLI views A specific SuperView cannot have commands added to it directly. Which set of commands are required to create a username admin, hash the password using MD5, and force the router to access the internal username database when a user attempts to access the console? username admin secret 01P855 What is a requirement to use the secure copy protocol feature? I command must be issued to enable the SCP server-side functionality. What is a characteristic of the MIB? The OIDs are organized in a hierarchical structure. What is the control plane policing feature designed to accomplish? Prevent unnecessary traffic from overwhelming the route processor. Which two options can be configured by Cisco auto secure? security banner Which three areas of router security must be maintained to secure an edge router at the network parameter? Physical security An administrator defined a local user account with a secret password on router R1 for use with SSH. Which three additional steps are required to configure R1 to accept only encrypted SSH connections? Configure the IP domain name on the router. Generate the SSH keys. Enable inbound VTY SSH sessions. Which three actions are produced by adding Cisco iOS login enhancements to the router login process? Create password authentication Create syslog messages Disable logins from specified hosts What is the purpose of using the ip ospf message-digest-key 1 md5 12345 command and the area 0 authentication message-digest command on a router? To configure OSPF MD5 authentication globally on the router. Want is the default privilege level of user accounts created on Cisco routers? Which three functions are provided by the syslog login service? Gathering logging information Distinguishing between information to be captured and information to be ignored Specifying which captured information is stored A network administrator notices that unsuccessful login attempts have caused a router to enter quiet mode. How can the administrator maintain remote access to the networks even during quiet mode? Quiet mode behavior can be overridden to specific networks by using an ACL. What commands must be issued to enable login enhancements on a Cisco router? What are two reasons to enable OSPF routing protocol authentication on a network? To prevent data traffic from being redirected and then discarded To prevent re-direction of data traffic to an insecure link What occurs after RSA keys are generated on a Cisco router to prepare for secure device management? The generated keys can be used by SSH. What is a characteristic of the Cisco iOS resilient configuration feature? A snapshot of the router running configuration can be taken and securely archived in persistent storage. Which three items are prompted for a user response during interactive auto secure set up? Enable secret password Content of a security banner Enable password A user complains about being locked out of a device after too many unsuccessful AAA login attempts. What could be used by the network administrator to provide a secure authentication access method without locking a user out of a device? Use the login delay command for authentication attempts. Which solution supports AAA for both RADIUS and TACACS plus servers? Implement cisco secure access control system only. Why would a network administrator include a local username configuration, when the AAA enabled router is also configured and to authenticate using several ACS servers? The local user name database will provide a back up for authentication in the event the ACS servers become unreachable. What is a characteristic of AAA accounting? Possible triggers for the AAA accounting exec default command include start – stop and stop – only. Which server based authentication protocol would be best for a organization that wants to apply authorization policies on a per group basis? What protocol is used to encapsulate the EAP data between the authenticator and authentication server performing 802.1X authentication? When a method list for AAA authentication is being configured, what is the effect of the keyword local? It excepts a locally configured user name, regardless of case. What difference exists when using windows server as an AAA server, rather than cisco secure ACS? Windows server uses its own active directory controller for authentication and authorization. Which two features are included by both TACACS plus and RADIUS protocols? Utilization of transport layer protocols Password encryption Because of implemented security controls, a user can only access the server with FTP. Which AAA component accomplishes this? Which characteristic is an important aspect of authorization in an AAA enable network device? User access is restricted to certain services. What is a characteristic of TAC ACS plus? TACACS plus provides authorization of router commands on a per user or per group basis. When using 802.1X authentication, what device controls physical access to the network, based on the authentication status of the client? The switch that the client is connected to What device is considered a supplicant during the 802.1X authentication process? The client that is requesting authentication Which component of AAA allows an administrator to track individuals who access network resources and any changes that are made to those resources? True or false? The single-connection keyword prevents the configuration of multiple TACACS plus servers on a AAA enabled router. Which authentication method stores user names and passwords in the router and is ideal for small networks? Which debug command is used to focus on the status of a TCP connection when using the TACACS plus for authentication? A user complains about not being able to gain access to a network device configured with AAA. How would the network administrator determine if login access for the user account is disabled? show AAA local user lockout Why is authentication with AAA preferred over a local database method? It provides a fallback authentication method if the administrator forgets the username or password. What is the result of entering the AAA accounting network command only on a router? The router collects and reports usage data related to network related service request. What information must an IPS track in order to detect attacks matching a composite signature? The state of packets related to the attack. An IPS sensor has detected the string confidential across multiple packets in a TCP session. Which type of signature trigger and signature type does this describe? Trigger: pattern based detection Which statement is true about an atomic alert that is generated by an IPS? It is an alert that is generated every time a specific signature has been found. What are two drawbacks to using HIPS? HIPS has difficulty constructing an accurate network picture or coordinating events that occur across the entire network. With HIPS, the network administrator must verify support for all the different operating systems used in the network. A network administrator enters the command "IP IPS notify" on a Cisco iOS IPS router. What is the effect? Alert messages are sent in syslog format. What is the purpose in configuring an iOS IPS crypto key when enabling iOS IPS on a Cisco router? To verify the digital signature for the master signature file. What is the result of issuing an IPS ACL on an inbound interface of a router? All traffic that is permitted by the ACL is subject to inspection by the IPS. What is a disadvantage of a pattern based detection mechanism? It cannot detect unknown attacks. Which type of IPS signature detection is used to distract and confuse attackers? What is a disadvantage of network-based IPS as compared to host-based IPS? Network based IPS cannot examine encrypted traffic. A security specialist configures an IPS so that it will generate an alert when an attack is first detected. Alerts for the subsequent detection of the same attack are suppressed for a predetermined period of time. Another alert will be generated at the end of the period Indicating the number of attacks detected. Which IPS alert monitoring mechanism is configured? A network administrator suspects the default setting of the IP IPS notify sdee command has caused performance degradation on the Cisco iOS IPS router. The network administrator enters the IP sdee events 50 command in an attempt to remedy the performance issues. What is the immediate effect of the command? All events that were stored in the previous buffer are lost. Which two benefits does the IPS version 5.X signature format provided over the version 4.X signature format? Addition of a signature risk rating Support for encrypted signature parameters What are two disadvantages of using an IDS? The IDS does not stop malicious traffic. The IDS requires other devices to respond to attacks. What is a required condition to enable IPS activity reporting using the SDEE format? Enable an HTTP or HTTPS service on the router. In configuring a Cisco router to prepare for IPS and VPN features, a networking administrator open the file realm-cisco.com.key.txt, and copies and paste the content to the router at the global configuration prompt. What is the result after this configuration step? A crypto key is created for iOS IPS to verify the master signature file. What are two shared characteristics of the IDS and the IPS? Both are deployed as sensors. Both use signatures to detect malicious traffic. A system analyst is configuring and tuning a recently deployed IPS appliance. By examining the IPS alarm log, the analyst notices that the IPS does not generate alarms for a few non-attack packets. Which term describes the lack of alarms by the IPS? True or false? A Cisco IDS does not affect the flow of traffic when it operates in promiscuous mode. A network administrator is configuring an iOS IPS with the command "IP IPS signature–definition". Which configuration task can be achieved with this command? Retire or unretire an individual signature. What two mechanisms are used by dynamic ARP inspection to validate ARP packets for IP addresses that are dynamically assigned or IP addresses that are static? ARP ACLs Mac address to IP address bindings Which feature is part of the anti-malware protection security solution What security countermeasure is effective for preventing CAM table overflow attacks? What is the role of the Cisco NAC server within the Cisco secure border was network architecture? Assessing and enforcing security policy compliance in the NAC environment. What is the behavior of a switch as a result of a successful CAM table attack? The switch will forward all received frames to all other ports. Which three functions are provided under Cisco NAC framework solution? AAA services Remediation for non-compliant devices Scanning for policy compliance What security benefit is gained from enabling BPDU Guard on portfast enabled interfaces? Preventing rogue switches from being added to the network. What component of Cisco NAC is responsible for performing deep inspection of device security profiles? In what situation would a network administrator most likely implement root guard? On all switch ports that connect to another switch that is not the root bridge. What network attack seeks to create a DoS for clients by preventing them from being able to obtain an DHCP lease? What is the role of the Cisco NAC guest server within the Cisco borderless network architecture? It provides the ability for creation and reporting of guest accounts. What additional security measure must be enabled along with IP source Guard to protect against address spoofing? Which STP stability mechanism is used to prevent a rogue switch from becoming the root switch? What protocol should be disabled to help mitigate VLAN hopping attacks? What is the role of the Cisco NAC manager in implementing a secure network infrastructure? To define role-based user access and endpoint security policies. DHCP -------- is a mitigation technique to prevent rogue DHCP servers from providing false IP configuration parameters. Which spanning tree enhancement prevents the spanning tree topology from changing by blocking a port that receives a superior BPDU? Two devices that are connected to the same switch need to be totally isolated from one another. Which Cisco switch security feature will provide this isolation? Which security features should be enabled in order to prevent an attacker from overflowing the MAC address table on the switch? What are three techniques for mitigating VLAN hopping attacks? Enable trunking manually Disable DTP Set the native VLAN to an unused VLAN How can a user connect to the Cisco cloud web security service directly? By using a proxy auto configuration file in the end device. What is the only type of port that an isolated port can forward traffic to on a private VLAN? Which two functions are provided by network admission control? Enforcing network security policy for hosts that connect to the network Ensuring that only authenticate hosts can access the network. Which encryption protocol provides network layer confidentiality? A shared secret is a key used in a --------- encryption algorithm. In what situation would and asymmetric algorithm most likely be used? Making an online purchase. Which encryption algorithm is an asymmetrical algorithm? What is the focus of cryptanalysis? Breaking encrypted codes. Why is asymmetrical algorithm key management simpler than a symmetrical algorithm key management? One of the keys can be made public. Which type of encryption algorithm uses public and private keys to provide authentication integrity and confidentiality? In which situation is an asymmetric Key algorithm used? I network administrator connects to a Cisco router with SSH. Which two nonsecret numbers are initially agreed upon Nguyen the DH algorithm is used? Which algorithm can ensure data confidentiality? Why is the 3DES algorithm often prefer over the AES algorithm? 3DES is more trusted because it has been proven secure for a longer period than AES. What is the purpose of code signing? Integrity of source .exe files Describe asymmetric encryption algorithms. They are relatively slow because they are based on difficult computational algorithms. How do modern cryptographers defend against brute force attacks? Use a Key space large enough that it takes too much money and too much time to conduct a successful attack. What is the most common use of the DH algorithm and communications security? To secure the exchange of keys used to encrypt data. What is the purpose of a digital certificate? It authenticates a website and establishes a secure connection to exchange confidential data. Which objective of secure communications is achieved by encrypted data? An online retailer needs a service to support the non-repudiation of a transaction. Which component is used for this service? What is the purpose of a nonrepudiation service and secure communications? To ensure that the source of the communications is confirmed. How many bits does the data encryption standard DES use for data encryption? Which encryption algorithm is described in the exhibit? What is the purpose of configuring multiple crypto ACLs when building a VPN connection between remote sites? When multiple combinations of IP sec protection are being chosen, multiple crypto ACLs can define different traffic types. VPNs use virtual connections to create a private network through a public network. Which two statements accurately describe characteristics of IPsec? IPsec works at the network layer and operates over all layer 2 protocols. IPsec is a framework of open standards that relies on existing algorithms. Which two protocols must be allowed for an IPsec VPN tunnel to operate properly? Which transform set provides the best protection? Crypto IPsec transform–set ESP-DES–SHA esp-aes-256 esp-sha-hmac When is a security association created if an IPsec VPN tunnel is used to connect between two sides? During both phase 1 and 2 Which action do IPsec peers take during the IKE phase 2 exchange? Negotiation of IPsec policy Which term describes a situation where VPN traffic that is received by an interface is routed back out same interface? Which two IPsec protocols are used to provide data integrity? In which situation would the Cisco discovery protocol be disabled? When a PC with Cisco IP communicator installed connects to a Cisco switch. How will traffic that does not match a crypto ACL be treated by router? It will be sent unencrypted. What is the function of the DH algorithm within the IPsec framework? Allows peers to exchange shared keys. What is an important characteristics of remote access VPNs? The VPN connection is initiated by the remote user. Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN? Which statement accurately describes a characteristic of IPsec? IPsec is a framework of open standards that relies on existing algorithms. What is the purpose of NAT – T? Permits VPN to work when NAT is being used on one or both ends of the VPN. |
What information must an IPS track in order to detect attacks matching a composite signature
zusammenhängende Posts
Urheberrechte © © 2024 decemle Inc.
