Documente Academic
Documente Profesional
Documente Cultură
CCNA SECURITY
https://www.goconqr.com/en-US/p/6118429
https://www.goconqr.com/p/6209917-CCNA-Security-210-260-
IINS—Exam-2-quizzes
https://www.goconqr.com/en-US/p/6233716
Question 1:
Which accounting notices are used to send a failed
authentication attempt record to a AAA
server? (Choose two.)
A. start-stop
B. stop-record
C. stop-only
D. stop
Answer:
BC
Explanation:
The Cisco implementation of AAA accounting provides “start”
and “stop” record support for calls that have passed user
authentication. The additional feature of generating “stop”
records for calls that fail to authenticate as part of user
authentication is also supported.
Question 2:
Which RADIUS server and TACACS server authentication
protocols are suported on Cisco ASA rewalls? (Choose three)
Answer:
For RADIUS: PAP, CHAP, MS-CHAPv1, MS-CHAPv2
Question 3:
Which statement about re exive access lists are true? (Choose
three)
A. Re exive ACL support UDP Sessions
B. Re exive ACL approximate the session ltering using
the established keyword
C. Re exive ACL can be attached to extended named IP
ACLs
D. Re exive ACL create a permanent ACE
E. Re exive ACL support TCP Sessions
F. Re exive ACL can be attached to standard named IP
ACLs
Answer:
ACE
Explanation:
Re exive access lists allow IP packets to be ltered based on
upper-layer session information. You can use re exive access
lists to permit IP tra c for sessions originating from within your
network but to deny IP tra c for sessions originating from
outside your network. This is accomplished by re exive ltering,
a kind of session ltering.
Question 4:
According to Cisco best practices, which three protocols should
the default ACL allow on an access port to enable wired BYOD
devices to supply valid credentials and connect to the network?
(Choose three)
A. DNS
B. TFTP
C. MAB
D. HTTP
E. BOOTP
F. 802.1x
Answer:
ABE
Explanation:
An example of a default ACL on a campus access layer switch is
shown below:
Question 5:
Which three ESP elds can be encrypted during transmission?
(Choose three)
A. Next Header
B. Sequence Number
C. Padding
D. Security Parameter Index
E. Pad Length
F. MAC Address
Answer:
ACE
Explanation:
The Encapsulating Security Payload (ESP) contains six parts as
described below. The rst two parts are not encrypted, but they
are authenticated. Those parts are as follows:
• The Security Parameter Index (SPI) is an arbitrary 32-bit
number that tells the device receiving the packet what group of
security protocols the sender is using for communication. Those
protocols include the particular algorithms and keys, and how
long those keys are valid.
Question 6:
Which options are ltering options used to display SDEE
message types? (choose two)
A. Error
B. None
C. All
D. Stop
Answer:
AC
Explanation:
SDEE Messages
Question 7:
Which alert protocol is used with Cisco IPS Manager Express to
support up to 10 sensors?
A.CSM
B. SDEE
C. Syslog
D. SNMP
Answer:
B
Explanation:
SDEE is used for real-time delivery of alerts, and is the most
secure method for delivering alerts. These can be sent to an
application running on a server. One example is the software
named IPS Manager Express (IME), which can run on a
workstation and be a central point of event viewing that can
support up to 10 sensors simultaneously. Other management
consoles, such as Cisco Security Manager (CSM), can also be
used and can support greater numbers of simultaneous
sensors. The upper limit of what is reasonable is about 25
sensors reporting to a single manager machine.
Answer:
D
Explanation:
You con gure the system to perform malware protection and
le control as part of your overall access control con guration.
File policies that you create and associate with access control
rules handle network tra c that matches the rules. You can
download les detected in that tra c, then submit them to
Cisco’s malware awareness network (called the Collective
Security Intelligence Cloud) for dynamic analysis
Question 9:
A clientless SSL VPN user who is connecting on a Windows Vista
computer is missing the menu option for Remote Desktop
Protocol on the portal web page. Which action should you take
to begin troubleshooting?
A. Ensure that RDP plug-in is installed on the VPN
Gateway
B. Ensure that RDP 2 plug-in is installed on the VPN
Gateway
C. Reboot the VPN Gateway
D. Instruct the user to reconnect to the VPN Gateway
Answer:
B
Explanation:
RDP and RDP-2 Plug-In Usage
RDP plug-in: This is the original plug-in created that
contains both the Java and ActiveX Client.
RDP2 plug-in: Due to changes within the RDP protocol,
the Proper Java RDP Client was updated in order to
support Microsoft Windows 2003 Terminal Servers and
Windows Vista Terminal Servers.
Question 10:
Which Cisco Security Manager application collects information
about the device status and uses it to generate noti cations and
alerts?
A. Health and Performance Monitor
B. FlexCon g
C. Report Manager
D. Device Manager
Answer:
A
Explanation:
Security Manager Applications Overview
Question 11:
You have implemented a Source re IPS and con gured it to
block certain addresses utilizing Security intelligence iP Address
Reputation. A user calls and is not able to access a certain IP
Address. What action can you take to allow the user access to
the IP address?
Answer:
E
Explanation:
When a blacklist is too broad in scope, or incorrectly blocks
tra c that you want to allow (forexample, to vital resources),
you can override a blacklist with a custom whitelist
Click here to see Reference
Question 12:
Refer to the following commands:
Answer:
C
Explanation:
authentication event fail action next-method
Question 13:
Which statement about personal rewalls is true?
Answer:
C
Explanation:
Common personal rewall features:
Question 14:
Which type of PVLAN port allows hosts in the same VLAN to
communicate directly with each other?
A. Span for hosts in the PVLAN
B. Promicuous for hosts in the PVLAN
C. Isolated for hosts in the PVLAN
D. Community for hosts in the PVLAN
Answer:
D
Explanation:
There are three types of PVLAN ports: promiscuous, isolated,
and community.
A promiscuous port communicates with all other PVLAN
ports. The promiscuous port is the port that you
typically use to communicate with external routers,
LocalDirectors, network management devices, backup
servers, administrative workstations, and other devices.
On some switches, the port to the route module (for
example, Multilayer Switch Feature Card [MSFC]) needs
to be promiscuous.
An isolated port has complete Layer 2 separation from
other ports within the same PVLAN. This separation
includes broadcasts, and the only exception is the
promiscuous port. A privacy grant at the Layer 2 level
occurs with the block of outgoing tra c to all isolated
ports. Tra c that comes from an isolated port forwards
to all promiscuous ports only.
Community ports can communicate with each other and
with the promiscuous ports. These ports have Layer 2
isolation from all other ports in other communities, or
isolated ports within the PVLAN. Broadcasts propagate
only between associated community ports and the
promiscuous port.
Question 15:
What is the default timeout interval during which a router waits
for responses from a TACACS server before declaring a timeout
failure?
A. 10 seconds
B. 5 seconds
C. 20 seconds
D. 15 seconds
Answer:
Explanation:
Timeout interval in seconds. The value is from 1 through 1000.
The default is 5.
Question 16:
For what reason would you con gure multiple security contexts
on the ASA rewall?
Answer:
D
Explanation:
You might want to use multiple security contexts in the following
situations:
A. Software
B. Hardware
C. Middleware
D. File-level
Answer:
A
Explanation:
Coming soon…
Question 18
In which three cases does the ASA rewall permit inbound HTTP
GET requests during normal operations? (Choose three)
Explanation:
You can apply an access list to limit tra c from inside to outside,
or allow tra c from outside to inside.
HTTP Inspection
A. 192.168.10.7
B. 204.2.134.164
C. 209.114.111.1
D. 132.163.4.103
E. 241.199.164.101
F. 108.61.73.243
Answer:
A
Explanation:
Output is from the following command:
con gured – This NTP clock source has been con gured to be a
server. This value can also be dynamic, where the peer/server
was dynamically discovered.
Question 20:
What is an advantage of implementing a Trusted Platform
Module for disk encryption?
Answer:
A
Explanation:
Trusted Platform Module (or TPM) is an international standard
for a secure cryptoprocessor, which is a dedicated
microcontroller designed to secure hardware by integrating
cryptographic keys into devices.
Question 21
What is the e ect of the following command?
Answer
B
Explanation
To set the time period during which an authentication key on a
key chain is valid to be sent, use the send-lifetime command in
key chain key con guration mode.
Question 22:
What is one requirement for locking a wired or wireless device
from the ISE?
Answer
C
Explanation
Sorry, no reference yet
Question 23:
What is the FirePOWER impact ag used for?
Answer
A
Explanation
Impact ags help you evaluate the impact an intrusion has on
your network by correlating intrusion data, network discovery
data, and vulnerability information.
Question 24:
A proxy rewall protects against which type of attack?
A. Port scanning
B. Worm tra c
C. Cross-site scripting attack
D. DDoS attack
Answer
D
Explanation
Today, Cisco is extending its solution for Application Networking
Services (ANS)-Cisco Application Control Engine (ACE) family of
products-with the addition of the Cisco ACE Web Application
Firewall. The main component of this solution is the ACE Web
Application Firewall appliance in a convenient 1 RU form factor
that provides a full-proxy rewall solution for both HTML and
XML-based Web applications.
ACE Web Application Firewall secures and protects web
applications from common attacks, such as identity theft, data
theft, application disruption, fraud and targeted attacks. These
attacks may include cross-site scripting (XSS) attacks, SQL and
command injection, privilege escalation, cross-site request
forgeries (CSRF), bu er over ows, cookie tampering, and denial
of services (DoS) attacks
Question 25:
When an administrator initiates a device wipe command from
the ISE, what is the immediate e ect?
A. It requests the administrator to choose between
erasing all device data or only managed corporate data.
B. It requests the administrator to enter the device PIN
or password before proceeding with the operation.
C. It noti es the device user and proceeds with the erase
option.
D. It immediately erases all data on the device.
Answer
A
Explanation
Sorry, no reference yet
Question 26
What is an advantage of placing an IPS on the inside of a
network?
Answer
C
Explanation
speechless
Question 27:
What improvement does EAP-FASTv2 provide over EAP-FAST
Answer
C
Explanation
As an enhancement to EAP-FAST, a di erentiation was made to
have a user PAC and a machine PAC. After a successful machine
authentication, ISE issues a machine-PAC to the client. Then,
when processing a user authentication, ISE requests the
machine-PAC to prove that the machine was successfully
authenticated, too. This is the rst time in 802.1X history that
multiple credentials have been able to be authenticated within a
single EAP transaction, and it is known as EAP chaining.
A. Social Engineering
B. Botnet
C. Cyber warfare
D. Hacktivism
Answer
C
Explanation
Stuxnet is a malicious computer worm, rst identi ed in 2010
but thought to be in development since at least 2005, that
targets industrial computer systems and was responsible for
causing substantial damage to Iran’s nuclear program. Although
neither country has admitted responsibility, the worm is now
generally acknowledged to be a jointly built American-Israeli
cyberweapon
Question 29:
Which statement about communication over failover interfaces
is true?
A. All information that is sent over the failover and
stateful failover interface is sent as clear text by default.
B. All information that is sent over the failover interface
is sent as clear text but the stateful failover link is
encrypted by default.
C. All information that is sent over the failover and
stateful failover interfaces is encrypted by default.
D. User names, passwords, and preshared keys are
encrypted by default when they are sent over the
failover and stateful failover interfaces, but other
information is sent as clear text.
Answer
A
Explanation
All information sent over the failover and Stateful Failover links
is sent in clear text unless you secure the communication with a
failover key.
Question 30:
What is the only permitted operation for processing multicast
tra c on zone-based rewalls?
A. Only control-plan policing can protect the control
plane against multicast tra c
B. Stateful inspection of multicast tra c is supported
only for the internal zone
C. Stateful inspection of multicast tra c is supported
only for the self-zone
D. Stateful Inspection for multicast tra c is supported
only between the self-zone and the internal zone
Answer
A
Explanation
Neither Cisco IOS ZFW or Classic Firewall include stateful
inspection support for multicast tra c
Question 31
Which option is the most e ective placement of an IPS device
within the infrastructure?
Answer
B
Explanation
One can make an argument either way in certain use cases. but
the generally accepted practice is to put an IDS/IPS after the
rewall (from the point of view of incoming tra c – i.e. closer to
the interior or private network).
Firewalls are generally designed to be on the network perimeter
and can handle dropping a lot of the non-legitimate tra c
(attacks, scans etc.) very quickly at the ingress interface, often in
hardware.
Question 32:
Which statement about Cisco ACS authentication and
authorization is true?
Explanation
An ACS deployment may consist of a single instance, or multiple
instances deployed in a distributed manner, where all instances
in a system are managed centrally.
Question 33
Which type of address translation should be used when a Cisco
ASA is in transparent mode?
A. Static NAT
B. Overload
C. Dynamic NAT
D. Dynamic PAT
Answer
A
Explanation
Sorry…
Question 34:
What hash type does Cisco use to validate the integrity of
downloaded images?
A. SHA2
B. MD1
C. SHA1
D. MD5
Answer
D
Explanation
The MD5 File Validation feature, added in Cisco IOS Software
Releases 12.2(4)T and 12.0(22)S, allows network administrators
to calculate the MD5 hash of a Cisco IOS software image le that
is loaded on a device. It also allows administrators to verify the
calculated MD5 hash against that provided by the user. Once the
MD5 hash value of the installed Cisco IOS image is determined,
it can also be compared with the MD5 hash provided by Cisco to
verify the integrity of the image le.
Question 35:
What PAT con guration command allows it to use the next IP in
the dynamic pool instead of the next port?
A. Next IP
B. Round Robin
C. Dynamic rotation
D. Dynamic PAT rotation
Answer
B
Explanation
For a PAT pool, you can specify one or more of the following
options:
A. Drive-by malware
B. Targeted malware
C. Social activism
D. Advanced persistene threat
E. Email harvesting
Answer
DE
Explanation
An advanced persistent threat is a set of stealthy and
continuous computer hacking processes, often orchestrated by
human(s) targeting a speci c entity. An APT usually targets
organizations and/or nations for business or political motives.
APT processes require a high degree of covertness over a long
period of time.
Question 37
Which two statements about stateless rewalls are true?
(choose two)
Answer
AE
Explanation
A 5-tuple refers to a set of ve di erent values that comprise a
Transmission Control Protocol/Internet Protocol (TCP/IP)
connection. It includes a source IP address/port number,
destination IP address/port number and the protocol in use.
Click here to see Reference
Question 38
What are the primary attack methods of VLAN hopping? (Choose
two)
A. Switch spoo ng
B. Double tagging
C. CAM-table over ow
D. VoIP hopping
Answer:
AB
Explanation
VLAN hopping is a computer security exploit, a method of
attacking networked resources on a Virtual LAN (VLAN). The
basic concept behind all VLAN hopping attacks is for an
attacking host on a VLAN to gain access to tra c on other VLANs
that would normally not be accessible. There are two primary
methods of VLAN hopping: switch spoo ng and double tagging.
Both attack vectors can be easily mitigated with proper
switchport con guration.
Question 39:
Which two services de ne cloud networks? (Choose two.)
A. Compute as a Service
B. Platform as a Service
C. Infrastructure as a Service
D. Security as a Service
E. Tenancy as a Service
Answer
BC
Explanation
A cloud can provide access to software applications such as
email or o ce productivity tools (the Software as a Service, or
SaaS, service model), or can provide a toolkit for customers to
use to build and operate their own software (the Platform as a
Service, or PaaS, service model), or can provide network access
to traditional computing resources such as processing power
and storage (the Infrastructure as a Service, or IaaS, service
model). The di erent service models have di erent strengths
and are suitable for di erent customers and business
objectives. Generally, interoperability and portability of
customer workloads is more achievable in the IaaS service
model because the building blocks of IaaS o erings are
relatively well-de ned, e.g., network protocols, CPU instruction
sets, legacy device interfaces.
Question 40:
What features can protect the data plane? (Choose three)
A. antispoo ng
B. IPS
C. ACLs
D. QoS
E. policing
F. DHCP snooping
Answer
ACF
Explanation
Data plane security can be implemented using the following
features:
You can check the book “CCNA Security 210-260 O cial Cert Guide”
for reference
Question 41:
Which two statements about Telnet access to the ASA are true?
(Choose two)
A. You may VPN to the lowest security interface to telnet
to an inside interface
B. You must con gure a AAA server to enable Telnet
C. You can access all interfaces on an ASA using telnet
D. Best practice is to disable Telnet and use SSH
E. You must use the command virtual telnet to enable
Telnet
Answer
AD
Explanation
Sorry, no reference has been found yet
Question 42:
Which three statements about host-based iPS are true? (Choose
three)
Explanation
If the network tra c stream is encrypted, HIPS has access to the
tra c in unencrypted form.
Answer
AC
Explanation
Smart tunnel access allows a client TCP-based application to use
a browser-based VPN connection to connect to a service. It
o ers the following advantages to users, compared to plugins
and the legacy technology, port forwarding:
Question 44
What can the SMTP preprocessor in FirePOWER normalize?
Answer
C
Explanation
The SMTP preprocessor instructs the rules engine to normalize
SMTP commands. The preprocessor can also extract and decode
email attachments in client-to-server tra c and, depending on
the software version, extract email le names, addresses, and
header data to provide context when displaying intrusion events
triggered by SMTP tra c.
Click here to see Reference
Question 45
What is the purpose of a honeypot IPS?
Answer
A
Explanation
Honeypot systems use a dummy server to attract attacks. The
purpose of the honeypot approach is to distract attacks away
from real network devices. By staging di erent types of
vulnerabilities in the honeypot server, you can analyze incoming
types of attacks and malicious tra c patterns. You can use this
analysis to tune your sensor signatures to detect new types of
malicious network tra c.
Question 46
How does a device on a network using ISE receive its digital
certi cate during the new device registration process?
Answer
A
Explanation
Con gure ISE as a SCEP Proxy
Answer
A
Explanation
Prime Infrastructure allows you to de ne device con guration
baselines and audit policies so you can nd and correct any
con guration deviations in your network devices. You can
schedule a compliance audit against multiple con guration les
and get an audit report that indicates if any con gurations
deviate from the speci ed baseline.
Question 48
What con guration allows AnyConnect to automatically
establish a VPN session when a user logs into the computer?
A. Always-on
B. Proxy
C. Transparent Mode
D. Trusted Network Detection
Answer
A
Explanation
Always-on VPN
Answer
A
Explanation
URL ltering allows you to control access to Internet websites by
permitting or denying access to speci c websites based on
information contained in an URL list. You can maintain a local
URL list on the router, and you can use URL lists stored on
Websense or Secure Computing URL lter list servers. URL
ltering is enabled by con guring an Application Security policy
that enables it.
Question 50
Refer to the following output:
Answer
A
Explanation
Processing of Main Mode Failed with Peer
Question 51
After reloading a router, you issue the dir command to verify the
installation and observe that the image le appears to be
missing. For what reason could the image le fail to appear in
the dir output?
Answer
A
Explanation
secure boot-image
To enable Cisco IOS image resilience, use the secure boot-image
command in global con guration mode. To disable Cisco IOS
image resilience and release the secured image so that it can be
safely removed, use the no form of this command.
This command enables or disables the securing of the running
Cisco IOS image. The following two possible scenarios exist with
this command.
When turned on for the rst time, the running image (as
displayed in the show version command output) is secured, and
a syslog entry is generated. This command will function properly
only when the system is con gured to run an image from a disk
with an Advanced Technology Attachment (ATA) interface.
Images booted from a TFTP server cannot be secured. Because
this command has the e ect of “hiding” the running image,
the image le will not be included in any directory listing of
the disk. The no form of this command releases the image so
that it can be safely removed.
To upgrade the image archive to the new running image, reenter
this command from the console. A message will be displayed
about the upgraded image. The old image is released and will be
visible in the dir command output.
Caution
Be careful when copying new images to persistent storage
because the existing secure image name might con ict with the
new image. To verify the name of the secured archive, run the
show secure bootset command and resolve any name con icts
with the currently secured hidden image.
Answer
A
Explanation
You can analyze network tra c passing through ports by using
SPAN to send a copy of the tra c to another port on the switch
that has been connected to a SwitchProbe device or other
Remote Monitoring (RMON) probe or security device. SPAN
mirrors received or sent (or both) tra c on one or more source
ports to a destination port for analysis.
Each local SPAN session destination session must have a
destination port (also called a monitoring port) that receives a
copy of tra c from the source port.
•It must reside on the same switch as the source port (for a local
SPAN session).
•It can be any Ethernet physical port.
•The port does not transmit any tra c except that required for
the SPAN session.
•If ingress tra c forwarding is enabled for a network security
device, the destination port forwards tra c at Layer 2.
•It does not participate in spanning tree while the SPAN session
is active.
Question 53
How does PEAP protect the EAP exchange?
Answer
A
Explanation
The Protected Extensible Authentication Protocol, also known as
Protected EAP or simply PEAP, is a protocol that encapsulates
the Extensible Authentication Protocol (EAP) within an encrypted
and authenticated Transport Layer Security (TLS) tunnel.[1][2][3]
[4]The purpose was to correct de ciencies in EAP; EAP assumed
a protected communication channel, such as that provided by
physical security, so facilities for protection of the EAP
conversation were not provided.
Question 54
Refer to the following commands:
Answer
A
Explanation
Question 55
syslog severity level
A. Contextual analysis
B. Holistic understanding of threats
C. Graymail management and ltering
D. Signature-based IPS
Answer
A
Explanation
Threat-Centric Security
The Email Security Appliance is the industry’s rst proven zero-
hour antivirus solution. It o ers a best-in-class capability to
control and encrypt sensitive outbound email. At the same time,
its layered defense, built into a single appliance, quickly blocks
incoming attacks.
It provides:
Question 57
Which Source re logging action should you choose to record the
most detail about a connection?
Answer
A
Explanation
Beginning-of-Connection Events – Contain – only information
that can be determined in the rst packet (or the rst few
packets, if event generation depends on application or URL
identi cation)
End-of-Connection Events – Contain – all information in the
beginning-of-connection event, plus information determined by
examining tra c over the duration of the session, for example,
the total amount of data transmitted or the timestamp of the
last packet in the connection
Question 58
Which command initializes a lawful intercept view?
Answer
A
Explanation
li-view
Previous Post
Next Post
REPLY
Rosa Platter
November 23, 2017 at 9:00 pm
I conceive you have mentioned some very interesting details ,
appreciate it for the post.
REPLY
Hello, here from bing, i enjoyng this, will come back again.
REPLY
thinhnp
December 8, 2017 at 11:15 am
Thank you guys, if you have any ideas or any interesting things to
share, please let me know via my e-mail :
phuthinhbk31@gmail.com.
Thanks!
REPLY
Leave a Reply
Your email address will not be published. Required elds are
marked *
Comment
Name *
Email *
Website
fourteen − eight =
Post Comment
Search … o
June 2017
M T W T F S S
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
M T W T F S S
26 27 28 29 30
« May Jul »
Recent Posts
Recent Comments
January 2018
December 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
Categories
l CCNA Security
l Hacking Tutorials
l Network Tutorials
l Uncategorized
Meta
p Register
p Log in
p Entries RSS
p Comments RSS
p WordPress.org