Professional Documents
Culture Documents
Q u e st ion s
Th e follow ing Cisco CCNA S ecurity practice ex am q uestions are based on th e course I m p l e m e n t i n g C i s c o
I O S N e t w o r k S e c u r i t y ( I I N S ) v 1 . 0 . Th e answ er k ey is on th e last pag e of th is d ocum ent.
insid e th reats
outsid e th reats
unk now n th reats
reconnaissance th reats
3. Netw ork security aim s to prov id e w h ich th ree k ey serv ices? ( Ch oose th ree.)
A )
B )
C)
D )
E )
F )
a v ulnerability
a risk
an ex ploit
an attack
C is c o C C N A S e c u r it y P r a c t ic e E x a m
Q u e s tio n s
20 0 9 C i s c o S y s t e m s , I n c .
5. W h ich option is th e term for th e lik elih ood th at a particular th reat using a specific attack w ill ex ploit a
particular v ulnerability of a sy stem th at results in an und esirable conseq uence?
A )
B )
C)
D )
a v ulnerability
a risk
an ex ploit
an attack
6. W h ich option is th e term for w h at h appens w h en com puter cod e is d ev eloped to tak e ad v antag e of a
v ulnerability ? F or ex am ple, suppose th at a v ulnerability ex ists in a piece of softw are, but nobod y k now s
about th is v ulnerability .
A )
B )
C)
D )
a v ulnerability
a risk
an ex ploit
an attack
7. W h at is th e first step y ou sh ould tak e w h en consid ering securing y our netw ork ?
A )
B )
C)
D )
8. W h ich option is a k ey principle of th e Cisco S elf-D efend ing Netw ork strateg y ?
A )
B )
C)
D )
S ecurity is static and sh ould prev ent m ost k now n attack s on th e netw ork .
Th e self-d efend ing netw ork sh ould be th e k ey point of y our security policy .
I nteg rate security th roug h out th e ex isting infrastructure.
U pper m anag em ent is ultim ately responsible for policy im plem entation.
ph y sical security
access control list security
zone-based firew all security
operating sy stem security
router h ard ening
Cisco I O S -I PS security
C is c o C C N A S e c u r it y P r a c t ic e E x a m
Q u e s tio n s
20 0 9 C i s c o S y s t e m s , I n c .
10 . Y ou h av e sev eral operating g roups in y our enterprise th at req uire d iffering access restrictions to th e
routers to perform th eir j ob roles. Th ese g roups rang e from H elp D esk personnel to ad v anced
troublesh ooters. W h at is one m eth od olog y for controlling access rig h ts to th e routers in th ese situations?
A )
B )
C)
D )
11. W h ich of th ese options is a G U I tool for perform ing security config urations on Cisco routers?
A )
B )
C)
D )
12. W h en im plem enting netw ork security , w h at is an im portant config uration task th at y ou sh ould perform
to assist in correlating netw ork and security ev ents?
A )
B )
C)
D )
Config
Config
Config
Config
13. W h ich of th ese options is a Cisco I O S feature th at lets y ou m ore easily config ure security features on
y our router?
A )
B )
C)
D )
Cisco S
im plem
th e a u t
perform
14. W h ich th ree of th ese options are som e of th e best practices w h en y ou im plem ent an effectiv e firew all
security policy ? ( Ch oose th ree.)
A )
B )
C)
D )
E )
Position firew alls at strateg ic insid e locations to h elp m itig ate insid e nontech nical attack s.
Config ure log g ing to capture all ev ents for forensic purposes.
U se firew alls as a prim ary security d efense; oth er security m easures and d ev ices sh ould be
im plem ented to enh ance y our netw ork security .
Position firew alls at k ey security bound aries.
D eny all traffic by d efault and perm it only necessary serv ices.
C is c o C C N A S e c u r it y P r a c t ic e E x a m
Q u e s tio n s
20 0 9 C i s c o S y s t e m s , I n c .
15. W h ich statem ent is true w h en config uring access control lists ( A CL s) on a Cisco router?
A )
B )
C)
D )
17. W h ich option is a d esirable feature of using sy m m etric encry ption alg orith m s?
A )
B )
C)
D )
Th
Th
Th
Th
ey
ey
ey
ey
are often used for w ire-speed encry ption in d ata netw ork s.
are based on com plex m ath em atical operations and can easily be accelerated by h ard w are.
offer sim ple k ey m anag em ent properties.
are best used for one-tim e encry ption need s.
18. W h ich option is true of using cry ptog raph ic h ash es?
A )
B )
C)
D )
Th
Th
Th
Th
ey
ey
ey
ey
Th
Th
Th
Th
ey
ey
ey
ey
20 . W h ich statem ent is true w h en using zone-based firew alls on a Cisco router?
A )
B )
C)
D )
Policies are applied to traffic m ov ing betw een zones, not betw een interfaces.
Th e firew alls can be config ured sim ultaneously on th e sam e interface as classic CB A C using th e i p
i n s p e c t CL I com m and .
I nterface A CL s are applied before zone-based policy firew alls w h en th ey are applied outbound .
W h en config ured w ith th e PA S S action, stateful inspection is applied to all traffic passing betw een
th e config ured zones.
C is c o C C N A S e c u r it y P r a c t ic e E x a m
Q u e s tio n s
20 0 9 C i s c o S y s t e m s , I n c .
C is c o C C N A S e c u r it y P r a c t ic e E x a m
Q u e s tio n s
20 0 9 C i s c o S y s t e m s , I n c .