Web Security 1.0 Final Exam Answers - Cisco Exam (2023)

Cyber ​​Security (1st Edition) - Cyber ​​Security 1.0 Final Exam Answers

1. Match the type of ASA ACL to the description. (Not all options are used.)

2. Which of the following describes the difference between Cisco ASA IOS CLI functionality and router IOS CLI functionality?

• The ASA uses the ? command, while the router uses the help command for brief descriptions and syntax help on the commands.
• To use the show command in general configuration mode, the ASA can use the command directly, and the router should enter the to command before issuing the show command.
• To terminate a partially typed command, the ASA uses the Ctrl+Tab key combination, and the router uses the Tab key.
• To indicate CLI EXEC mode, the ASA uses the % symbol and the router uses the # symbol.

explain:The ASA CLI is a proprietary operating system with a look and feel similar to Cisco IOS routers. While it has some of the same features as an IOS router, it also has its own unique features. For example, ASA CLI commands can be run independently of the prompt in the current configuration mode. The IOS do command is neither required nor recognized. Both the ASA CLI and router CLI use the # symbol to indicate EXEC mode. Both CLIs use the Tab key to execute partially typed commands. Unlike IOS routers, the ASA provides a help command that provides brief command descriptions and syntax for some commands.

3. Reference exhibits. The network administrator configures AAA enforcement on the ASA device. What does the link3 option mean?

• The name of the network where the AAA server resides
• Specific AAA server name
• Order of Servers in AAA Server Group
• interface name

4. What provides secure partitioning and threat protection in a secure data center?

• Cisco Security Manager Software
• AAA server
• Adaptive Safety Device
• Anti-theft protection system

5. What are the three main components of Cisco Secure Data Center? (Choose three.)

• station network
• Security Segmentation
• visibility
• defense against threats
• server
• infrastructure

explain:Use secure segmentation when managing and organizing data in your data center. Threat protection includes firewalls and intrusion prevention systems (IPS). Data Center Visibility is designed to simplify operations and compliance reporting while ensuring consistent enforcement of security policies.

6. What are the three characteristics of ASA transparent mode? (Choose three.)

• This feature does not support VPN, QoS, or DHCP relay.
• This is the traditional way of deploying a firewall.
• This feature is called "Strike Line".
• NAT can be implemented between connected networks.
• In this mode, the ASA is invisible to attackers.
• The ASA interface separates the Layer 3 network and requires IP addresses on different subnets.

7. What is required for some traffic from the outside ASA firewall network to reach the inside network?

• access control list
• network address translation
• dynamic routing protocol
• External safety zone level 0

explain:To explicitly allow traffic from a less secure interface to a higher secure interface, you must configure an ACL. By default, traffic will only flow from higher security levels to lower security levels.

8. If the following command is entered into the router, what is the result of the failed connection attempt?

Connect Blocks - 4 of 90 out of 150 attempts

• If there are 4 failed attempts within 90 seconds, all login attempts will be blocked for 150 seconds.
• If there are 4 failed attempts within 150 seconds, all login attempts will be blocked for 90 seconds.
• If 4 attempts fail within 150 seconds, all login attempts will be blocked for 1.5 hours.
• If there are 90 failed attempts within 150 seconds, all login attempts will be blocked for 4 hours.

explain:The details of the connection block - from 150 attempts 4 to 90 commands are as follows:
block-for 150 is the time in seconds that the connection will be blocked.
The expression 4 attempts is the number of failed attempts that will cause the connection request to be blocked.
An expression in the range of 90 is the time (in seconds) after which 4 failed attempts must occur.

9. What two tasks are involved in hardening a router? (Choose two.)

• Put the router in a safe room
• Disable unused ports and interfaces
• Install as much memory as possible
• Make sure admin access
• use emergency power

10. What threat protection features does Cisco ESA provide?

• web filtering
• Cloud Access Security
• Spam Protection
• Level 4 Flow Monitoring

explain:Email is the primary attack tool for creating security breaches. Cisco ESA includes many features to protect against email threats, including spam protection, phishing email detection, and Cisco Advanced Phishing Protection.

11. What are the two security measures used to protect borderless network endpoints? (Choose two.)

• deny list
• snort
• Digital Frame
• demilitarized zone
• rootkit

12. What three types of traffic are allowed when the auto-authenticate port control command is issued and the client has not authenticated? (Choose three.)

• CDP
• 802,1 ask
• IPsec
• Tactical Missile+
• through train
• Europol

explain:802.1X access control allows only Extensible Authentication Protocol (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP) on the LAN to work through the port the workstation is connected to until the workstation is authenticated. After successful authentication, normal traffic can pass through this port.

13. Which of the following statements describes a characteristic of the IKE protocol?

• It uses UDP port 500 to exchange IKE information between security gateways.
• IKE Phase 1 can be deployed in three different modes: Main, Aggressive, or Fast.
• It allows you to transfer keys directly over the network.
• The purpose of Phase 2 of the IKE protocol is to negotiate a Security Association between two IKE peers.

14. What do IPsec peers do during phase 2 exchange of IKE?

• DH key exchange
• IPsec policy negotiation
• Negotiation of IKE Policy Sets
• peer-to-peer authentication

explain:The IKE protocol works in two phases. In Phase 1, both parties negotiate the IKE policy set, authenticate each other, and establish a secure channel. In the second phase, IKE negotiates security associations between peers.

15. What are the two hashing algorithms used by IPsec AH to guarantee authenticity? (Choose two.)

• Shanghai
• RSA
• Department of Health
• MD5
• AES

explain:The IPsec framework uses various protocols and algorithms to ensure data confidentiality, data integrity, authentication, and secure key exchange. Two popular algorithms for securing data against interception and modification (data integrity and authenticity) are MD5 and SHA.

16. Which command raises ping privileges to 7?

• ping user level 7 while running
• Authorized to perform ping level 7
• ping manager level 7
• Execute level 7 privileged ping

17. What are the characteristics of the role-based CLI view of router configuration?

• The CLI view has a command hierarchy with top and bottom views.
• When a supervisor is deleted, the associated CLI views are also deleted.
• A single CLI view can be shared among multiple views.
• Only superusers can configure new views and add or remove commands from existing views.

explain:CLI views have no command hierarchy and therefore no parent or subviews. Deleting a preview does not delete the associated CLI view. Only the master user of a view can configure new views and add or remove commands from existing views.

18. What are the limitations of using OOB management in a large enterprise network?

• Production traffic shares the network with management traffic.
• Terminal servers can connect directly to the user devices they need to manage through the console.
• OOB management requires the creation of a VPN.
• It appears that all devices are connected to the management network.

explain:OOB management provides a dedicated management network with no production traffic. Devices on this network, such as terminal servers, can directly access the console for management. Since bandwidth management is performed on the production network, a secure tunnel or VPN may be required. Failures in the production network may not be communicated to the OOB network manager, as the OOB management network may not be affected

19. Reference exhibition. Corporate networks use NTP to synchronize time between devices. What can you tell from the displayed results?

• Router03 is a Layer 2 device that can provide NTP services for other devices on the network.
• The time on Router03 may be unreliable because it is more than 7 seconds away from the time server.
• The IPv4 address of the interface connected to the time server on Router03 is 209.165.200.225.
• The time of Router 03 is synchronized with the Layer 2 time server.

20. Reference exhibition. What two conclusions can be drawn from the syslog messages generated by the router? (Choose two.)

• This message is caused by an exception error requiring interface reconfiguration.
• This message indicates that a service timestamp has been configured.
• This message indicates that the state of the interface has changed five times.
• This message is a level 5 alert.
• This message indicates that the interface needs to be replaced.

explain:The message is a level 5 alert message, as shown in the %LINEPROTO-5 portion of the output. Link state messages are common and do not require interface replacement or interface reconfiguration. The date and time displayed at the beginning of the message indicate that service timestamping has been configured on the router.

21. What two types of hackers are commonly classified as gray hat hackers? (Choose two.)

• Hacktivist
• cyber criminal
• bug broker
• Scripting Guys
• State Sponsored Hacking

explain:Gray hat hackers may do immoral or illegal things, but not for personal gain or harm. Hacktivists use their hacking as a form of political or social protest, while bug brokers use hacking to discover vulnerabilities and report them to vendors. Depending on your point of view, state-sponsored hackers are either white hat or black hat operators. Script types create hack scripts that cause damage or disruption. Cybercriminals use hacking techniques for financial gain in illegal ways.

22. When describing malware, what is the difference between a virus and a worm?

• Viruses focus on gaining privileged access to a device, whereas worms do not.
• A virus replicates itself by attaching itself to another file, whereas a worm can replicate independently.
• Viruses can be used to perform DoS attacks (but not DDoS attacks), but worms can be used to perform both DoS attacks and DDoS attacks.
• Viruses can be used to serve ads without user consent, but worms cannot.

explain:Malware can be divided into:
Viruses (self-replicating by attaching itself to another program or file)
Worms (plays independently of other programs)
Trojan horses (masquerading as legitimate files or programs)
Rootkit (gain privileged access to the machine while hidden)
Spyware (gathers information from the target system)
Adware (serving advertisements with or without permission)
Bot (waiting for hacker commands)
Ransomware (holding computer systems or data until payment is received)

23. What types of packets cannot be filtered by the ACL in the outbound direction?

• Multi-bundle
• ICMP packets
• broadcast packet
• packets generated by the router

explain:Outbound access lists do not affect traffic originating from the router, such as command line pings, remote access to another device from the router, or routing updates. Traffic must flow through a router for router ACEs to apply.

24. Consider using the outbound-access-list command on the router's serial interface.

access-list 100 deny any echo response for icmp 192.168.10.0 0.0.0.255

What is the result of using this access list command?

• The only dropped traffic is echo replies from the 192.168.10.0/24 network. Any other moves are allowed.
• The only traffic that is dropped is ICMP traffic. Any other moves are allowed.
• Outbound traffic will not be allowed through the serial interface.
• Users on the 192.168.10.0/24 network cannot send traffic to any other destination.

25. Which command is used to enable an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic before accessing the routing table?

• ipv6 access class ENG_ACL w
• Filter out ipv6 ENG_ACL traffic
• IPv6 Traffic Filter ENG_ACL w
• ipv6 access class output ENG_ACL

explain:To apply an access list to a specific interface, the IPv6 traffic-filter IPv6 command is equivalent to the IPv4 access-group command. The direction of the traffic (inbound or outbound) also needs to be probed.

26. Which technology has the capability to use a trusted third-party protocol to issue credentials that are accepted as valid identities?

• digital signature
• hash algorithm
• PKI certificate
• Symmetrical key

explain:Digital certificates are used to prove the authenticity and integrity of PKI certificates, and PKI certificate authorities are trusted third parties that issue PKI certificates. PKI certificates are public information used to guarantee the authenticity, confidentiality, integrity and non-repudiation of services and can meet high requirements.

27. What are the two ways to maintain the revocation status of a certificate? (Choose two.)

• from CA
• OCSP
• domain name system
• LDAP
• CRL

explain:A digital certificate may need to be revoked if its key has been compromised or is no longer needed. Certificate Revocation Lists (CRL) and Online Certificate Status Protocol (OCSP) are two common methods of checking certificate revocation status.

28. Which protocol is the IETF standard that defines the format of PKI digital certificates?

• SSL/TLS
• X.500
• LDAP
• X.509

explain:To address interoperability issues among different PKI providers, the IETF published the X.509 Framework for Internet Public Key Infrastructure Certification Principles and Certification Practices (RFC 2527). This standard defines the format of digital certificates.

29. The network administrator configures DAI on the switch. Which command should be used on the uplink connected to the router?

• ip arp check trust
• ip dhcp interception
• control vlan ip arp
• portfast spanning tree

explain:Typically, a router acts as the default gateway for a LAN or VLAN on a switch. Therefore, the uplink interface connected to the router should be a trusted port for forwarding ARP requests.

30. What is the best way to prevent VLAN hopping attacks?

• Close the trunk negotiation of the trunk port, and statically set the non-trunk port as the access port.
• Disable STP on all non-trunk ports.
• Use VLAN 1 as the native VLAN on the disconnected port.
• Use ISL encapsulation on all trunks.

explain:VLAN hopping attacks rely on the attacker being able to use switches to establish trunk links. Disabling DTP and configuring user-accessible ports as statically accessible ports can help prevent such attacks. Disabling Spanning Tree Protocol (STP) does not eliminate VLAN hopping attacks.

31. What is the main reason for attackers to launch MAC overflow attacks?

• Stop the switch from passing traffic
• Make it impossible for legitimate hosts to obtain MAC addresses
• This allows an attacker to see frames destined for other hosts
• so that an attacker can execute arbitrary code on the switch

32. What are the main differences in implementing IDS and IPS devices?

• IDS can adversely affect packet flow while IPS cannot.
• IDS must be deployed together with the firewall, and IPS can replace the firewall.
• An IDS lets malicious traffic pass before it can be processed, while an IPS immediately blocks it.
• IDS uses signature-based techniques to detect malicious packets, while IPS uses profile-based techniques.

explain:Deployed inline, IPS prevents malicious traffic from entering the internal network without prior analysis. The advantage of this is that the attack can be stopped immediately. The IDS deployment method is improper. It replicates traffic patterns and analyzes them offline, so it can't stop an attack immediately, but instead relies on another device to take further action if an attack is detected. Deploying an embedded IPS can negatively impact traffic. Both IDS and IPS can use signature-based techniques to detect malicious packets. IPS cannot replace other security devices such as firewalls because they perform different tasks.

33. What kind of attack is defined as an attempt to exploit a software vulnerability unknown or unknown to the vendor?

• zero day
• trojan horse
• brute force
• people inside

34. Match network monitoring techniques to descriptions.

35. What are the three signature levels provided by Snort IPS on the ISR 4000 series? (Choose three.)

• Safety
• fall
• reject
• touch
• control
• balanced

36. What are the three major characteristics of IPS subtitles? (Choose three.)

• action
• length
• lineage
• type
• depth
• model

37. Match each IPS signature trigger class to the description.

another situation:

• Pattern-based detection:The simplest trigger mechanism for seeking specific and predetermined atomic or complex patterns
• Anomaly-based detection:involves first defining configuration files that are considered normal network or host activity
• Honey-based detection:Using Decoy Servers to Divert Attacks from Production Devices

38. What two features are included in the TACACS+ and RADIUS protocols? (Choose two.)

• SIP service
• password encryption
• 802.1X support
• Separate authentication and authorization process
• The use of transport layer protocols

explain:Both TACACS+ and RADIUS support password encryption (TACACS+ encrypts all communications) and use Layer 4 protocols (TACACS+ uses TCP, RADIUS uses UDP). TACACS+ supports separation of authentication and authorization processes, while RADIUS combines authentication and authorization into one process. RADIUS supports remote access technologies such as 802.1x and SIP. TACACS+ does not.

39. What functions does the RADIUS protocol provide?

• RADIUS fully encrypts data packets in transit.
• RADIUS provides a separate AAA service.
• RADIUS provides separate ports for authorization and accounting.
• RADIUS provides secure communication using TCP port 49.

explain:During AAA user audit, RADIUS uses UDP port 1645 or 1812 for authentication and UDP port 1646 or 1813 for accounting. TACACS provides separate authorization and accounting services. Authenticated RADIUS clients are also authorized. TACACS uses TCP port 49 to provide a secure connection. RADIUS hides passwords in transit and does not encrypt entire packets.

40. What are the three major characteristics of the RADIUS protocol? (Choose three.)

• It uses TCP port 49
• Use UDP ports for authentication and accounting
• Supports 802.1X and SIP
• Separation of authentication and authorization processes
• Encrypt the entire contents of the packet
• It is an open AAA protocol in the RFC standard

explain:RADIUS is an open standard AAA protocol that uses UDP ports 1645 or 1812 for authentication and UDP ports 1646 or 1813 for accounting. It combines authentication and authorization into one process. So the password is encrypted in transit, while the rest of the packet is sent in plain text. RADIUS provides the fast service and more comprehensive accounting required by remote access providers, but offers less security and customization than TACACS+.

41. Which zone-based policy firewall zones are system-defined for traffic entering and leaving the router?

• local area
• inner ward
• own area
• system area
• outer zone

42. What are the two benefits of using ZPF instead of a classic firewall? (Choose two.)

• ZPF allows you to zone interfaces for IP control.
• ZPF does not rely on ACLs.
• Many control activities are used with ZPF.
• ZPF policies are easy to read and troubleshoot.
• With ZPF, the router allows packets unless they are explicitly blocked.

explain:ZPF has many advantages:
– Does not rely on ACLs.
– The security state of the router is blocking unless explicitly allowed.
– With C3PL, rules are easy to read and troubleshoot.
– One policy affects any traffic instead of multiple ACLs and controls.

Also, the interface cannot be configured as security zone member and IP inspection at the same time.

43. List the steps to configure a Zone Policy Firewall (ZPF) in order from first to last. (Not all options are used.)

44. How does the firewall handle traffic coming from the private network and entering the DMZ?

• Traffic is selectively dropped based on service requirements.
• Little or no restriction of movement is usually allowed.
• Selectively allow and control traffic.
• Traffic is usually blocked.

explain:For a three-interface firewall with inside, outside, and DMZ connections, a typical configuration includes:
– DMZ traffic to the internal network is typically blocked.
– Typically DMZ traffic destined for external networks is allowed, depending on the services used in the DMZ.
– Typically inspects internal network traffic routed from the DMZ and allows drops.
– Traffic from external networks (public networks) is usually only allowed in the DMZ for certain services.

45. Which two protocols create connection information in state tables and are supported by state filtering? (Choose two.)

• ICMP
• UDP protocol
• DHCP
• TCP
• HTTP

46. ​​Which type of firewall is supported by most routers and is the easiest to implement?

• Next Generation Firewall
• stateless firewall
• national dam
• proxy lock

explain:Packet filtering (stateless) firewalls use simple policy table lookups to filter traffic based on specific criteria and are considered the easiest firewalls to deploy.

47. Which network testing tool would an administrator use to evaluate and verify system configurations against security policies and compliance standards?

• one board
• L0phtcrack
• Naxos
• Meta Vulnerabilities

explain:Tripwire - This tool evaluates and validates IT configurations against internal policies, compliance standards, and security best practices.

48. What types of network security testing can detect and report changes made to networked systems?

• scan for vulnerabilities
• network scan
• integrity check
• penetration testing

explain:Integrity checks are used to detect and report changes made to the system. Vulnerability scanning is used to discover vulnerabilities and misconfigurations of network systems. Network scanning is used to detect available resources on the network.

49. Which network security testing tool can provide detailed information on the source of suspicious network activity?

• SIEM
• super scan
• Zen Ma School
• one board

50How do modern cryptographers defend against brute force attacks?

• Use statistical analysis to eliminate the most common encryption keys.
• Use a keyspace large enough that it would take too much money and time to perform a successful attack.
• Use an algorithm that requires the attacker to have both ciphertext and plaintext to perform a successful attack.
• Use frequency analysis to ensure that the most common letters of the language are not used in encrypted messages.

explain:In a brute force attack, the attacker uses the decryption algorithm to try every possible key, knowing that one of them will eventually work. To defend against brute-force attacks, the goal of modern cryptographers is to have a keyspace (the set of all possible keys) large enough that preventing brute-force attacks would take too much money and time. Security policies that require password changes at set intervals also prevent brute force attacks. The idea is to change the password before the attacker runs out of keyspace.

51. How does Caesar encryption encrypt messages?

• A letter in the message is replaced by another letter at the specified position in the alphabet.
• The letters of the messages are in random order.
• The letters of the message are rearranged according to a predefined pattern.
• Words in messages are replaced according to predefined patterns.

52. What are the main factors that guarantee the cryptographic security of modern algorithms?

• The complexity of the hash algorithm
• Use 3DES instead of AES
• key secret
• algorithm secret

explain:For most modern algorithms, successful decryption requires knowledge of the appropriate encryption key. This means that the security of encryption lies in the secrecy of the key, not the algorithm.

53What's the next step in setting up an IPsec VPN after IKE Phase 1 is complete?

• ISAKMP Negotiation Policy
• IPsec SA Policy Negotiation
• fun motion detection
• peer authentication

explain:Creating an IPsec tunnel involves five steps:
Inspect traffic of interest defined by ACLs
IKE phase 1, partners negotiate policy for ISAKB SA
IKE phase 2, peers negotiate IPsec SA rules
Create an IPsec tunnel
Termination of IPsec tunnels

54. Reference exhibition. What algorithm will be used to ensure privacy?

• RSA
• Diffie Herman
• G
• AES

explain:The IPsec framework uses various protocols and algorithms to ensure data confidentiality, data integrity, authentication, and secure key exchange. Two popular algorithms for ensuring that data is not intercepted or modified (data integrity) are MD5 and SHA. AES is an encryption protocol that ensures data confidentiality. DH (Diffie-Hellman) is an algorithm for key exchange. RSA is the algorithm used for authentication.

55. After issuing the show run command, the analyst observed the following command:

encrypt ipsec transform set MYSET esp-aes 256 esp-md5-hmac

What is the purpose of this command?

• It establishes a set of encryption and hashing algorithms for protecting data sent through an IPsec tunnel.
• Specifies the list of default ISAKMP policies used to establish IKE phase 1 tunnels.
• Defines criteria for forcing the initiation of IKE Phase 1 negotiations.
• Indicates that IKE will be used to establish an IPsec tunnel to secure traffic.

56. Which algorithm can guarantee the integrity of data?

• RSA
• AES
• MD5
• public key infrastructure

explain:Data integrity ensures that messages have not been tampered with in transit. Integrity is ensured by applying a secure hash algorithm (SHA-2 or SHA-3). The MD5 message hashing algorithm is still widely used today.

57. The company has implemented a security policy that ensures that documents sent from headquarters to branch offices can only be opened with predetermined codes. This code changes daily. Which two algorithms can be used to accomplish this task? (Choose two.)

• HMAC
• MD5
• 3DES
• SHA-1
• AES

explain:The job of ensuring that only authorized personnel can open files is data confidentiality, which can be achieved through encryption. AES and 3DES are two encryption algorithms. HMAC can be used to provide origin authentication. MD5 and SHA-1 can be used to ensure data integrity.

58. Ask network technicians to design a virtual private network between two branch office routers. What type of encryption key should I use in this case?

• hash key
• Symmetric key
• asymmetric key
• electronic signature

explain:Symmetric keys require that both routers have access to the keys used to encrypt and decrypt the data being exchanged.

59. Which two options limit the information detected by a port scan? (Choose two.)

• Anti-theft protection system
• firewall
• verify
• password
• encryption

explain:Use of intrusion prevention systems (IPS) and firewalls can limit what port scanners can detect. Authentication, encryption, and passwords cannot prevent information loss due to port scanning.

60. The administrator discovers that a user is visiting a newly created website that may compromise the security of the company. What security policy actions should administrators take first?

• Users are asked to stop using the service immediately, and they are informed of the reasons for this termination.
• Create a firewall rule that blocks the appropriate website.
• Change the AUP immediately and require all users to sign the updated AUP.
• Immediately suspends the user's network privileges.

61. If AAA is already enabled, what are the three CLI steps required to configure a router with a specific view? (Choose three.)

• Use the verbose view view-name command to create a view.
• Link the view to the main view.
• Sets the users who can use the view.
• Use the verbose view view-name command to create a view.
• Assign a secret password to the view.
• Assign commands to views.

explain:There are five steps to creating a view on a Cisco router.
1) AAA must be enabled.
2) The view must be created.
3) A secret password must be assigned to the view.
4) Commands must be assigned to views.
5) Exit view configuration mode.

62. Reference exhibition. Network administrators configure access control lists of names on routers. Why is there no output after issuing the show command?

• ACLs are not enabled.
• ACL names are case sensitive.
• ACL is not applied to the interface.
• There are currently no packages matching the ACL statement.

63. ACL is mainly used to filter traffic. What are the other two uses of ACLs? (Choose two.):

• Specify internal hosts for NAT
• QoS Traffic Inspection
• Specify the source address for authentication
• Reassemble VLAN traffic
• VTP packet filtering

explain:ACLs are used to filter traffic to determine which packets will be allowed through a router, which packets will be dropped, and which packets will be subject to policy-based routing. ACLs can also be used to identify traffic requiring NAT and QoS services. A prefix list is used to control which routes will be redistributed or advertised to other routers.

64. What two features did SNMPv3 add to address weaknesses of previous versions of SNMP? (Choose two.)

• verify
• Community Priority Authorization
• Bulk Download MIB Objects
• ACL management filtering
• encryption

65. Which network testing tool is used for password testing and recovery?

• Naxos
• Meta Vulnerabilities
• L0phtcrack
• super scan

66. What type of firewall does the server use to connect to the target device on behalf of the client?

• packet filtering firewall
• proxy lock
• stateless firewall
• national dam

explain:Application gateway firewalls, also known as proxy firewalls, filter information at layers 3, 4, 5, and 7 of the OSI model. It uses a proxy server to connect to a remote server on behalf of the client. The remote server will only see connections from the proxy, not individual clients.

67. See Exhibit. After entering the configuration commands shown on the ASA 5506-X, what appears in the output of the show running-config object command?

• Host 192.168.1.4
• Range 192.168.1.10 192.168.1.20
• host 192.168.1.3 host 192.168.1.4 and range 192.168.1.10 192.168.1.20
• Host 192.168.1.3
• host 192.168.1.3 my host 192.168.1.4
• Host 192.168.1.4 and range 192.168.1.10 192.168.1.20

explain:The show running-config object command is used to display or verify the IP address/mask pairs on an object. There can only be one declaration in a network object. Entering a second IP/mask pair will overwrite the existing configuration.

68. See Exhibit. Based on the command output, which three statements are true about the DHCP options imported into the ASA? (Choose three.)

• The command dhcpd address [ start-of-pool ]-[ end-of-pool ] was issued to enable the DHCP server.
• The command dhcpd address [ start-of-pool ]-[ end-of-pool ] was issued to enable the DHCP client.
• The dhcpd enable inside command was issued to enable the DHCP server.
• An external dhcpd autoconfig command was issued to enable the DHCP client.
• An external dhcpd autoconfig command was issued to enable the DHCP server.
• The dhcpd enable inside command was issued to enable the DHCP client.

69. Which two statements characterize a symmetric algorithm? (Choose two.)

• These are typically used for VPN traffic.
• They use public and private key pairs.
• They are usually implemented in the SSL and SSH protocols.
• They ensure confidentiality, integrity and availability.
• They are called pre-shared keys or secret keys.

explain:Symmetric encryption algorithms use the same key (also known as a shared key) to encrypt and decrypt data. Asymmetric encryption algorithms, on the other hand, use a pair of keys, one for encryption and one for decryption.

70. A web server administrator configures access settings to require users to authenticate before accessing certain websites. What information security requirements are included in the configuration?

• availability
• honest
• scalability
• keep secret

explain:Confidentiality ensures that only authorized individuals can access data. Authentication will help verify an individual's identity.

71. Which of the five building blocks of IPsec is exemplified by the use of 3DES in IPsec?

• verify
• non-repudiation
• honest
• Diffie Herman
• keep secret

explain:The IPsec architecture consists of five building blocks. Each building block performs a specific security function through a specific protocol. The security function is provided by protocols such as DES, 3DES, and AES.

72. What functionality does Snort provide in Security Onion?

• Generate alerts about network intrusions using rules and signatures
• Normalize logs from different NSM datalogs so that they can be represented, stored and accessed through a common schema
• View full packets captured for analysis
• View pcap records generated by intrusion detection tools

explain:Snort is a NIDS integrated with Security Onion. This is a great source of alert data indexed in the Sguil analysis tool. Snort uses rules and signatures to generate alerts.

73. What are the two disadvantages of using HIPS? (Choose two.)

• With HIPS, the success or failure of an attack cannot be easily determined.
• For HIPS, network administrators must verify support for all the different operating systems used on the network.
• HIPS has difficulty building accurate network maps or coordinating events across networks.
• If the network traffic flow is encrypted, HIPS cannot access the unencrypted form of the traffic.
• HIPS installations are vulnerable to hash attacks or variable TTL attacks.

74. On an AAA-enabled network, a user issues a configure terminal command from a privileged runtime mode. If this command is denied, what function will AAA perform?

• authorized
• verify
• control
• bookkeeping

explain:Authentication must ensure that the device or end user is legitimate. Authorization is about allowing and preventing authenticated users from accessing specific areas and programs on the network. The configure terminal command was rejected because the user does not have permission to run this command.

75. A company has a file server that provides a folder named Public. The network security policy specifies that public folders are granted read-only permissions to anyone who can connect to the server, and edit permissions are granted only to the Network Administrators group. What does AAA web service include?

• automation
• bookkeeping
• verify
• authorized

explain:After a user is successfully authenticated (connected to a server), authorization is the process of determining which network resources a user can access and what actions they can perform (such as read or edit).

76. What are the characteristics of DMZ?

• Traffic from the internal network to the DMZ network is not allowed.
• Selectively allow traffic originating from the external network destined for the DMZ network.
• Allow traffic from the DMZ network to the internal network.
• Selectively allow traffic from the internal network to the DMZ network.

explain:The characteristics of DMZ are as follows:
Traffic originating from the internal network and directed to the DMZ network is allowed.
Selectively allow traffic originating from the external network destined for the DMZ network.
Traffic destined for the internal network from the DMZ will be dropped.

77. What steps can security analysts take to effectively monitor the security of SSL encrypted network traffic?

• Use a Syslog server to log network traffic.
• Deploy Cisco SSL appliances.
• Requires remote access connection via IPsec VPN.
• Deploy the Cisco ASA.

78. See Exhibit. Port security is configured on the Fa 0/12 interface of switch S1. What happens when PC1 connects to switch S1 where the configuration is applied?

• Frames from PC1 will be forwarded because the switch port tampering command is missing.
• Frames from PC1 will be forwarded to the destination and a log entry will be created.
• Frames from PC1 will be forwarded to the destination, but no log entry will be created.
• Frames from PC1 will immediately disable the interface and generate a log entry.
• Frames from PC1 will be dropped and there will be no violation log.
• Frames from PC1 will be dropped and a log message will be generated.

explain:Introduced manual configuration of allowed MAC addresses for port fa0/12. PC1 has a different MAC address and when connected it will close the port (default action), automatically generate a log message and increment the violation counter. It is recommended to use the default off action, as the throttling option may fail if an attack is in progress.

79. Which mitigation is effective against CAM table overflow attacks?

• DHCP monitoring
• Dynamic ARP Control
• IP source protection
• port security

explain:Port security is the most effective way to prevent CAM table overflow attacks. Port Security allows administrators to manually specify which MAC addresses are visible on which switch ports. Provides a way to limit the number of MAC addresses that a switch port can learn dynamically.

80. What are two examples of DoS attacks? (Choose two.)

• port scan
• SQL injection
• Deadly
• Phishing
• buffer overflow

explain:Buffer overflow and ping of death DoS attacks exploit system memory holes on a server by sending an unexpected amount of data or malformed data to the server.

81. Which method is used to determine the traffic of interest required to establish an IKE Phase 1 tunnel?

• transform set
• Entries in the access rights list
• hash algorithm
• safety club

82. When using the CLI to configure an ISR for a site-to-site VPN connection, which two must be specified to enable a crypto map policy? (Choose two.)

• use
• contemporary
• encryption
• ISAKMP policy
• effective access list
• IP addresses on all active interfaces
• zadasy IKE Phase 1

explain:After issuing the cipher-map command in global configuration mode, the new cipher-map remains disabled until valid peers and access-lists are configured.

83. How does the firewall handle traffic coming from the public network and entering the DMZ?

• Traffic from the public network is controlled and selectively permitted as it passes through the DMZ network.
• When transported over a DMZ network, little or no traffic from the public network is typically allowed.
• Traffic from the public network typically passes through the DMZ network uninspected.
• Traffic from the public network is usually blocked as it travels through the DMZ network.

84. The client connects to the web server. Which element of this HTTP connection is not controlled by the stateful firewall?

• Source IP address of client traffic
• Client traffic destination port number
• The actual content of the HTTP connection
• Client traffic source port number

explain:Stateful firewalls cannot protect against application-layer attacks because they do not inspect the actual content of HTTP connections.

85. Which network monitoring technique uses VLANs to monitor traffic on remote switches?

• IPS
• Intrusion Detection System
• get
• RSPAN

explain:Remote SPAN (RSPAN) allows network administrators to leverage the flexibility of VLANs to monitor traffic on remote switches.

86. Which rule action causes Snort IPS to block and log packets?

• newspaper
• fall
• scare
• fall

explain:The Snort IPS feature can perform all IDS operations plus the following:
- Deposit - Lock and register the package.
– Drop – Blocks the packet, logs it, then sends a TCP reset if the protocol is TCP, or an ICMP port unreachable message if the protocol is UDP.
– Sdrop – Drop the packet without listing it.

87. What is commonly used to create security traps in data center facilities?

• ID card, biometrics and two entry gates
• high resolution screen
• Redundant authentication server
• Servers without all security patches applied

explain:Security traps provide access to data rooms where data center data is stored. As shown in the image below, a safety trap is similar to an airlock. The person must first enter a security trap using a proximity ID card. Once a person is trapped in a security trap, facial recognition, fingerprints or other biometric verification is used to open a second door. Users must repeat the process to exit the data room.

88. The company is concerned about the breach and theft of hard copy company data. Which data loss mitigation techniques can help in this situation?

• Strong computer security settings
• strong password
• crush
• encryption

explain:Confidential data should be destroyed when it is no longer needed. Otherwise, thieves can retrieve rejected reports and gain valuable information.

89. After completing a course in cybersecurity, students decide to pursue a career in cryptanalysis. What will a student do as a cryptanalyst?

• Crack the code without access to the shared secret
• Generate hash codes for data authentication
• Create and crack passwords
• Create Transport and Replace Encryption

explain:Cryptanalysis is the practice and science of determining the meaning of encrypted information (breaking the code) without access to a shared secret key. This is also known as code cracking.

90. Which command is used on the switch to set the port access module type so that the interface is only used for authentication and does not respond to messages sent to the supplicant?

• dot1x pae authentication
• Automatically validate port checks
• aaa authentication dot1x default group radius
• dot1x system authorization check

91. What are the two disadvantages of using IDS? (Choose two.)

• IDS will not block malicious traffic.
• IDS works offline using a copy of network traffic.
• IDS has no effect on traffic.
• IDS analyzes the packets currently being sent.
• IDS needs other equipment to respond to the attack.

explain:The downside of using mirrored traffic is that the IDS cannot stop a malicious single-packet attack from reaching the target before it can react to the attack. In addition, IDS often need to use other network devices such as routers and firewalls to deal with attacks. The advantage of IDS is that it doesn't affect traffic when you work offline with mirrored traffic.

92. See Exhibit. The ip valid source command is used on untrusted interfaces. What type of attack is mitigated by this configuration?

• Spoof DHCP
• DHCP famine
• STP processing
• MAC and IP address spoofing

explain:To prevent MAC address spoofing and IP address spoofing, use the IP Source Guard security feature, usingip confirmation sourceExecute commands on untrusted ports.

93. Which ports can receive forwarded traffic from isolated ports belonging to a PVLAN?

• Other isolated ports and community ports
• Broken ports only
• All other ports in the same community
• isolated port only

explain:PVLANs are used to provide Layer 2 isolation between ports in the same broadcast domain. You can specify the insulation class
There are three types of PVLAN ports:
– Unusual ports that can forward traffic to all other ports
– Individual ports that can only forward traffic to unfamiliar ports
– Community ports that can promote traffic to other community ports and ports not considered

94. Users complained of being locked out of their devices after too many failed AAA login attempts. What can network administrators use to provide a secure method of access authentication without preventing users from accessing devices?

• Use the login delay command for authentication attempts.
• Use the login local command to authenticate user access.
• Maximum failed local authentication attempts with the aaa global configuration mode command with more errors.
• Use the none keyword when configuring the list of authentication methods.

explain:The login delay command introduces a delay between failed login attempts without locking the account. This gives the user unlimited attempts to access the device without locking out the user account and thus requiring administrator intervention.

95. What are the two disadvantages of assigning user privilege levels on Cisco routers? (Choose two.)

• Only the root user can add or remove commands.
• Privilege levels must be configured to control access to specific interfaces, ports, or device slots.
• Assigning multiple keywords to a command gives you access to all commands that use those keywords.
• Commands from lower levels are always executed at higher levels.
• AAA must be enabled.

explain:Privilege levels may not provide the flexibility and granularity needed because higher levels always inherit commands from lower levels, whereas multi-keyword commands give users access to all commands available for each keyword. Privilege levels cannot control access to interfaces, ports, or slots. AAA does not require setting permission levels, but creating role-based views. The root user role does not exist in the privilege level.

96. See Exhibit. What can be concluded from the output of the show crypto map command shown on R1?

• Cipher maps have not been applied to the interface.
• The current peer IP address should be 172.30.2.1.
• There is a mismatch between transform sets.
• The tunnel setup is stable and can be tested with an extended ping.

explain:according toCrypto map showsFrom the command output, all required SAs are in place, but no interfaces are currently using cipher maps. To complete the tunnel configuration, a crypto map must be applied to each router's outgoing interface.

97. What are the two reasons for enabling OSPF routing protocol authentication on the network? (Choose two.)

• to prevent data traffic from being rerouted and then dropped
• Ensure faster network convergence
• Data security through encryption
• Prevent data traffic from being redirected to insecure links
• for more efficient routing

explain:The reason for configuring OSPF authentication is to reduce attacks on routing protocols, such as redirecting data traffic to insecure links and discarding data traffic after redirection. OSPF authentication does not provide faster network convergence, more efficient routing, or encryption of data traffic.

98. What three functions does the syslog logging service provide? (Choose three.)

• Collect login information
• Authentication and encryption of data sent over the network
• Keep listening messages on the router after restarting the router
• Specifies where the collected information is stored
• Distinguish between information to capture and information to ignore
• Set the connection buffer size

explain:Syslog functions include collecting information, selecting the type of information to log, and directing logged information to a storage location. The log service stores messages in a time-limited log buffer and cannot persist information across router reboots. Syslog does not authenticate or encrypt messages.

99. Which two types of ICMPv6 messages must be allowed in an IPv6 ACL to translate a layer 3 address to a layer 2 MAC address? (Choose two.)

• neighbor solicitation
• response request
• neighbor announcement
• echo response
• router request
• router advertisement

100. What three services are provided using digital signatures? (Choose three.)

• bookkeeping
• authenticity
• compression
• non-repudiation
• honest
• encryption

explain:Digital signatures use a mathematical technique to provide three key security services: Integrity. authenticity; non-repudiation

101. It is the technician's job to document the current configuration of all network equipment within the University, including outside buildings. Which protocol is best for secure access to network devices?

• file transfer protocol
• HTTP
• SSH
• remote login

explain:Telnet sends passwords and other information in plain text, while SSH encrypts its data. The FTP and HTTP protocols do not provide remote access to the device for configuration purposes.

102. Administrators are trying to create a BYOD security policy for employees who bring various devices to connect to the corporate network. What three goals should a BYOD security policy address? (Choose three.)

• All equipment must be insured if it is used to compromise the security of the company network.
• All devices must be open authenticated on the corporate network.
• Define the permissions and activities allowed on the corporate network.
• Security measures should be taken to prevent any personal equipment from being compromised.
• Defines the level of access for employees when connected to the corporate network.
• All devices should be able to seamlessly connect to the corporate network.

103. What is the pass function in Cisco IOS Zone-Based Policy Firewall?

• Logs of dropped or abandoned packets
• Traffic control between traffic control areas
• Monitor connection status between zones
• Divert traffic from one region to another

explain:The pass-through operation performed by Cisco IOS ZPF allows traffic to be passed in a manner similar to a permit statement in an access control list.

104. See Exhibit. Based on the security level of the interface on ASA1, what traffic is allowed on the interface?

• Traffic from the Internet and the DMZ can access the LAN.
• Internet and LAN traffic can access the DMZ.
• Traffic from the Internet can access the DMZ and LAN.
• LAN and DMZ traffic can access the Internet.

explain:The ASA device assigns a security level to each interface that is not part of a configured ACL. These security levels allow traffic from more secure interfaces (such as security level 100) to access less secure interfaces (such as security level 0). By default, they allow traffic from more secure interfaces (higher security level) to access less secure interfaces (lower security level). Traffic from less secure interfaces is blocked from accessing more secure interfaces.

105. Which network testing tools can be used to detect the network layer protocol running on the host?

• SIEM
• map
• L0phtcrack
• one board

106. How do ASA ACLs differ from Cisco IOS ACLs when deploying security across multiple devices?

• Cisco IOS routers use both named and numbered ACLs, while Cisco ASA devices use only numbered ACLs.
• Cisco IOS ACLs are configured with a wildcard mask and Cisco ASA ACLs are configured with a subnet mask.
• Cisco IOS ACLs are processed sequentially from top to bottom, while Cisco ASA ACLs are not processed sequentially.
• Cisco IOS ACLs use an implicit deny-all, while Cisco ASA ACLs end with an implicit allow-all.

explain:Cisco IOS ACLs are configured with a wildcard mask and Cisco ASA ACLs are configured with a subnet mask. Both devices use implicit deny, top-down cascading, and named or numbered ACLs.

107. Which of the following statements describes an important characteristic of a site-to-site VPN?

• It must be set statically.
• It's perfect for mobile workers.
• Requires a VPN client on the host.
• After the initial connection is established, the connection information can be changed dynamically.
• Typically used in telephone networks and cable modems.

explain:Create a site-to-site VPN between network devices on two separate networks. VPN is static and stable. Internal hosts on both networks are unaware of the VPN.

108. Which two options are security best practices that help reduce the risk of BYOD? (Choose two.)

• Use paint that reflects wireless signals and glass that prevents signals from leaking outside the building.
• Keep your device's operating system and software up to date.
• Only devices approved by the company IT team are allowed.
• Turn on Wi-Fi only when using a wireless network.
• Reduce the gain level of the wireless antenna.
• Use wireless MAC address filtering.

explain:Many companies now allow employees and guests to connect and use wireless devices that connect to and use the corporate wireless network. This practice is known as a bring your own device or BYOD policy. Typically, BYOD security practices are included in security policies. Some best practices for reducing BYOD risk include:
Use unique passwords for each device and account.
Turn off Wi-Fi and Bluetooth when not in use. Only connect to trusted networks.
Keep your device's operating system and other software up to date.
Backup all data stored on the device.
Subscribe to our service to locate devices with remote wipe.
Provide antivirus software for approved BYOD users.
Use mobile device management (MDM) software that allows IT teams to monitor devices and apply security settings and software controls.

109. See Exhibit. The network administrator configures AAA authentication on R1. Which statement describes the effect of the single join keyword on configuration?

• R1 will open a separate connection to the TACACS+ server for each user authentication session.
• Improves authentication performance by keeping the connection to the TACACS+ server open.
• The TACACS+ server accepts only one successful user authentication attempt.
• R1 will open a separate connection to the TACACS server based on the source IP address of each authentication session.

explain:The single connection keyword improves the TCP performance of TACACS+ by maintaining a single TCP connection for the duration of the session. Without the unique connection keyword, a TCP connection will be opened and closed per session.

110. Newly created ACLs are not working as expected. The administrator finds that the ACL is applied to the inbound interface, and the direction is wrong. How should an administrator address this issue?

• Delete the old ACL and create a new one, applying it to outgoing traffic on the interface.
• Add an outbound link ACL to the same interface.
• Fixed ACE commands to work as expected when entering screens.
• Disconnects the inbound ACL on the interface and reapplies it to outbound traffic.

111. Which characteristic of Snort Term Subscription applies to the Community and Subscriber rulesets?

• Both have a 30-day delay in accessing updated signatures.
• Both use Cisco Talos to provide protection against exploits.
• Both are fully supported by Cisco and include Cisco Customer Support.
• Both provide protection against security threats.

112. Security analyst configures Snort IPS. The analyst has just downloaded and installed the Snort OVA. what do you do next

• Check out Snort IPS.
• Configure the interfaces of the virtual port group.
• Enable IPS globally or on selected interfaces.
• Enable virtual services.

explain:To deploy Snort IPS on supported devices, follow these steps:
– Step 1. Download the Snort OVA file.
– Step 2. Install the OVA file.
– Step 3. Configure the interface of the virtual port group.
– Step 4. Enable the virtual service.
– Step 5. Configure Snort features.
– Step 6. Enable IPS globally or on selected interfaces.
– Step 7. Verify Snort IPS.

113. The company's security policy stipulates that employee workstations can initiate HTTP and HTTPS connections to external websites, allowing reverse traffic. However, connections from external hosts are not allowed. Which parameter can be used in the extended ACL to meet this requirement?

• Digital SCP
• Earlier
• predecessor
• adopted

114. The researchers compared the differences between stateless firewalls and proxy firewalls. Which two layers of the OSI model are controlled by proxy firewalls? (Choose two.)

• layer 3
• layer 4
• layer 5
• layer 6
• layer 7

explain:A packet-filtering firewall is usually part of a router's firewall that allows or denies traffic based on Layer 3 and Layer 4 information. These are stateless firewalls that use simple rule table lookups to filter traffic based on specific criteria.

115. See Exhibit. A network administrator configures a VPN between routers R1 and R2. Which commands correctly configure pre-shared keys for both routers?

R1(config)#user name R2 password 5tayout!
R2(config)# username R1 password 5tayout!

R1(config)# crypto isakmp key 5tayout! address 64.100.0.2
R2(config)# crypto isakmp key 5tayout! address 64.100.0.1

R1(config)# crypto isakmp key 5tayout! R1 hostname
R2(config)# crypto isakmp key 5tayout! R2 hostname

R1(config-if)# ppp pap username sent password R1 5tayout!
R2(config-if)# ppp pap sent R2 username password 5tayout!

116. See Exhibit. Which of the following statements is true about the impact of Cisco IOS Firewall configuration based on zone policies?

• Firewall automatically denies all HTTP, HTTPS and FTP traffic.
• The firewall will automatically allow HTTP, HTTPS, and FTP traffic from s0/0/0 to g0/0 and monitor the connection. Connection tracking only allows reverse traffic in the opposite direction through the firewall.
• The firewall will automatically allow HTTP, HTTPS, and FTP traffic from s0/0/0 to g0/0, but will not monitor the connection status. Policies must be in place to allow traffic back through the firewall in the opposite direction.
• The firewall will automatically allow HTTP, HTTPS, and FTP traffic from g0/0 to s0/0/0 and monitor the connection. Connection tracking only allows
• Reverse traffic is allowed through the firewall in the opposite direction.
• The firewall will automatically allow HTTP, HTTPS, and FTP traffic from g0/0 to s0/0/0, but will not monitor the connection status. Policies must be in place to allow traffic back through the firewall in the opposite direction.

117. Which privilege level has the most access rights in Cisco IOS?

• level 0
• level 15
• Level 7
• Level 16
• Level 1

118. See Exhibit. Your network administrator has configured NAT on the ASA device. What type of NAT is used?

• inside a NAT
• static address translation
• Bidirectional NAT
• poza NATem

explain:NAT can be implemented on the ASA using one of the following methods:
Inside NAT—When a host directs traffic from an interface with a higher security level to an interface with a lower security level and the ASA translates the host's inside address to a global address
NAT outside - when traffic destined for a host is translated from a lower secure interface to a higher secure interface
Bidirectional NAT - when inner NAT and outer NAT are used together
The NAT type is in whenever the nat command is applied in such a way that the inside interface is mapped to the outside interface. Also, the dynamic keyword in the nat command indicates that this is a dynamic mapping.

119. A network analyst establishes a site-to-site IPsec VPN connection. Analyst configured ISAKMP and IPsec policies. what do you do next

• Configure hashing as SHA and authentication as pre-shared.
• Apply the crypto map to the appropriate outgoing interface.
• Issue the show crypto ipsec sa command to verify the tunnel.
• Check if security features are enabled in IOS.

120. What should be considered when implementing ACLs for inbound Internet traffic to prevent internal network spoofing?

• ACE prevents traffic from private address space
• ACE prevents broadcast address traffic
• ACE prevents ICMP traffic
• ACE prevents HTTP traffic
• ACE to prevent SNMP traffic

explain:A typical anti-spoofing ACE includes blocking packets with source addresses in the 127.0.0.0/8 range, any private addresses, or multicast addresses. Additionally, administrators must not allow any outgoing packets with a source address that is not a valid address used on the organization's internal network.

121. Match safety terms with appropriate descriptions. (Not all options are used.)

122. Which two types of attacks are examples of reconnaissance attacks? (Choose two.)

• brute force
• port scan
• flat scan
• people inside
• flood disadvantage

explain:Reconnaissance attacks aim to gather information about a target. A ping scan will indicate which hosts are up and responding to pings, while a port scan will indicate the TCP and UDP ports on which the target is listening for incoming connections. Man-in-the-middle and brute-force attacks are examples of access attacks, and SYN floods are examples of denial-of-service (DoS) attacks.

123. Which Cisco solution helps prevent ARP spoofing and ARP poisoning attacks?

• Dynamic ARP Control
• IP source protection
• DHCP monitoring
• port security

124. Which feature is used when the Cisco NAC appliance evaluates incoming connections from remote devices against specified network policies?

• Body Posture Assessment
• Fix incompatible systems
• certified
• non-compliant quarantine system

125. What two steps must be taken to enable SSH on a Cisco router? (Choose two.)

• Give your router a hostname and domain name.
• Create the banner that users will see after logging in.
• Generate a set of keys for encryption and decryption.
• Configure an authentication server to handle incoming login requests.
• Enable SSH on the physical interface that will receive incoming connection requests.

explain:There are four steps to setting up SSH on a Cisco router. First, set the hostname and domain name. Second, generate a set of RSA keys that will be used to encrypt and decrypt traffic. Third, create a user ID and password for the user who will connect. Finally, enable SSH on the router's vty line. SSH does not need to be configured on any physical interface, nor does it need to use an external authentication server. While it's a good idea to create a banner that displays legitimate information about a user's login, it's not required to enable SSH.

126. A webmaster of an online store needs a service to prevent customers from claiming that legitimate orders are fake. Which service provides this guarantee?

• keep secret
• verify
• honest
• non-repudiation

127. Match security technology to description.

128.What function does Cisco SPAN provide in the switching network?

• Reflect traffic from one switch port or VLAN to another for traffic analysis.
• Prevents LAN traffic from being interrupted by broadcast storms.
• Prevents switched networks from receiving BPDUs on ports that should not receive BPDUs.
• It replicates the traffic passing through the switch interface and sends the data directly to a syslog or SNMP server for analysis.
• Check voice protocols to ensure SIP, SCCP, H.323, and MGCP requests comply with voice standards.
• It mitigates MAC address overflow attacks.

explain:SPAN is a Cisco technology used by network administrators to monitor suspicious traffic or capture traffic for analysis.

129. Which three statements are generally considered best practices for ACL placement? (Choose three.)

• Filter out unwanted traffic before it reaches your low-bandwidth connection.
• Place a standard ACL close to the destination IP address of the traffic.
• Place a standard ACL close to the source IP address of the traffic.
• Place extended ACLs near the destination IP address of the traffic.
• Place extended ACLs close to the source IP address of the traffic.
• For every incoming ACL placed on an interface, there should be a corresponding outgoing ACL.

explain:The extended ACL should be placed as close as possible to the source IP address, so that the filtered traffic will not traverse the network and consume network resources. Since standard ACLs do not specify destination addresses, they should be placed as close to the destination as possible. Placing a standard ACL close to the source filters all traffic and restricts service to other hosts. Filtering unwanted traffic before entering low-bandwidth links saves bandwidth and maintains network functionality. The decision to place an inbound or outbound ACL depends on the requirements that must be met.

130. What is the role of the class-maps configuration object in the Cisco Modular Policy Framework?

• Detect interesting traffic
• Apply policy to interface
• Applying the Rules to the Circulation of Interest
• Limit traffic through an interface

explain:There are three configuration objects in MPF. Class maps, policy maps, and service policies. Class-map configuration objects use matching criteria to identify traffic of interest.

131. To prevent cyberattacks, cyber analysts share with their colleagues the unique, identifiable signatures of known attacks. What three attributes or exchange metrics are useful for sharing? (Choose three.)

• The IP address of the attacking server
• Changes to End System Software
• The netbios name of the compromised firewall
• Characteristics of Malware Files
• Offensive system's BIOS
• Identifier of the system under attack

explain:Many cyber attacks can be prevented by sharing information about indicators of compromise (IOCs). Every attack has unique, identifiable signatures. Indicators of compromise are evidence that an attack has occurred. IOC can identify malware file attributes, server IP addresses used in attacks, file names, and signature changes made to end system software.

132. Which two guarantees does a digital signature provide for code obtained from the Internet? (Choose two.)

• The code is real and from the publisher.
• The code does not contain any errors.
• The code has not been modified since it left the software publisher.
• This code does not contain viruses.
• The code is encrypted with private and public keys.

explain:Digital cryptographic signatures provide several cryptographic assurances:
The code is real and from the publisher.
The code has not been modified since it left the software publisher.
There is no doubt that the publisher has released the code. This ensures non-repudiation of publishing actions.

133. See Exhibit. What algorithm is used to exchange public keys?

• Shanghai
• RSA
• Diffie Herman
• AES

explain:The IPsec framework uses various protocols and algorithms to ensure data confidentiality, data integrity, authentication, and secure key exchange. DH (Diffie-Hellman) is an algorithm for key exchange. DH is a public key exchange method that allows two IPsec peers to establish a shared secret over an insecure channel.

134. Which two statements describe the use of asymmetric algorithms? (Choose two.)

• Public and private keys can be used interchangeably.
• If data is encrypted using a public key, the data must be decrypted using the public key.
• If data is encrypted with the private key, the data must be decrypted with the public key.
• If data is encrypted with the public key, the data must be decrypted with the private key.
• If data is encrypted using a private key, the data must be decrypted using the private key.

explain:Asymmetric algorithms use two keys: a public key and a private key. Both keys are capable of the encryption process, but decryption requires a complementary matching key. If the public key encrypts data, the corresponding private key decrypts the data. vice versa. If the private key encrypts data, the corresponding public key decrypts the data.

135. Which sentence is the characteristic of HMAC?

• HMAC uses a secret key known only to the sender and defeats man-in-the-middle attacks.
• HMAC uses protocols such as SSL or TLS to ensure session-level confidentiality.
• HMAC uses a secret key as input to a hash function, adding authentication to ensure integrity.
• HMAC is based on the RSA hash function.

explain:Hash-Key Message Authentication Code (HMAC or KHMAC) is a type of Message Authentication Code (MAC). HMAC uses an additional key as input to the hash function, adding authentication to ensure data integrity.

136. What is the purpose of Internet ACL in ASA?

• Control outbound traffic to specific websites
• Limit traffic directed to ASDM
• Monitor reverse traffic, which is a response to web server requests from the internal interface
• Filter Traffic for Clientless SSL VPN Users

explain:Network type ACLs are used to support configurations for filtering clientless SSL VPN users.

137. Which two statements describe the effect of the ACL wildcard mask 0.0.0.15? (Choose two.)

• will match the first 28 bits of the given IP address.
• will match the last four digits of the given IP address.
• The first 28 bits of a given IP address are ignored.
• The last four digits of a given IP address are ignored.
• The last five digits of a given IP address are ignored.
• will match the first 32 bits of the given IP address.

explain:Wildcard masks use zeros to indicate that bits must match. Zeros in the first three octets represent 24 bits, and four consecutive zeros in the last octet represent a total of 28 bits that must match. The four represented by the decimal value 15 indicates the four bits to ignore.

138. Which type of firewall is most common and allows or blocks traffic based on layer 3, layer 4 and layer 5 information?

• stateless firewall
• packet filtering firewall
• Next Generation Firewall
• national dam

139. What protocol or measure should be used to mitigate the vulnerability of using FTP to transfer files between teleworkers and corporate file servers?

• SCP
• Transfer Protocol
• ACLs on file servers
• out-of-band communication channel

explain:FTP file transfers are sent in plain text. Usernames and passwords can easily be intercepted if data transmissions are intercepted. Secure Copy Protocol (SCP) performs SSH authentication and file transfers for encrypted communications. Like FTP, TFTP transfers files unencrypted. ACLs provide network traffic filtering but not encryption. Using an out-of-band (OOB) communication channel requires physical access to the file server, or if over the Internet, does not necessarily require encrypted communication.

140. See Exhibit. The IPv6 access list LIMITED_ACCESS is applied in the inbound direction to the S0/0/0 interface of Router R1. Which IPv6 packets from the ISP will be dropped by the ACL on R1?

• HTTPS packets to PC1
• ICMPv6 packet for PC1
• Packet sent to PC1 on port 80
• Neighbor Advertisements Received by Your ISP Router

explain:The LIMITED_ACCESS access list will block ICMPv6 packets from your ISP. The ACL explicitly allows port 80, HTTP traffic, and port 443, HTTPS traffic. By default, the implicit icmp grant in any nd-na command at the end of all IPv6 ACLs allows neighbor advertisements from ISP routers.

141. What tool can be used through the Cisco IOS CLI to initiate a security check and make recommended configuration changes with or without administrator involvement?

• police control plane
• Cisco Automated Security
• Cisco ACS
• Simple Network Management Protocol

142. See Exhibit. Which pair of isakmp crypto-key commands correctly configures PSK on both routers?

• R1(config)# crypto key isakmp address cisco123 209.165.200.227
  R2(config)# crypto key isakmp address cisco123 209.165.200.226
• R1(config)# crypto key isakmp address cisco123 209.165.200.226
  R2(config)# crypto key isakmp address cisco123 209.165.200.227
• R1(config)# encryption key isakmp hostname cisco123 R1
  R2(config)# encryption key isakmp hostname cisco123 R2
• R1(config)# crypto key isakmp address cisco123 209.165.200.226
  R2(config)# crypto key isakmp security address 209.165.200.227

explain:The correct syntax for the isakmp crypto key command is:
crypto isakmp keystring address peer address
ruble
crypto isakmp key keystring hostname peer-hostname So the correct answer is:
R1(config)# crypto key isakmp address cisco123 209.165.200.227
R2(config)# crypto key isakmp address cisco123 209.165.200.226

143. Which two technologies provide enterprise-managed VPN solutions? (Choose two.)

• Layer 3 MPLS VPNs
• frame relay
• Site-to-Site VPN
• Layer 2 MPLS VPN
• Remote VPN access

144. What are the three components of an STP bridge identifier? (Choose three.)

• Toggle connection date and time
• change hostname
• change MAC address
• Extended System Identifier
• bridge priority value
• Management VLAN IP address

145. What are the two differences between stateful firewall and packet filter? (Choose two.)

• A packet-filtering firewall prevents spoofing by determining whether a packet belongs to an existing connection, while a stateful firewall follows a preconfigured set of rules.
• Stateful firewalls provide stricter security controls than packet filtering firewalls.
• Packet-filtering firewalls are able to filter sessions that use dynamic port negotiation, while stateful firewalls are not.
• Stateful firewalls provide more connection information than packet filtering firewalls.
• A stateful firewall inspects each packet individually, while a packet filtering firewall monitors the state of the connection.

146. Which part of the Snort IPS rule header identifies the destination port?

通知 tcp $HOME_NET downy -> $EXTERNAL_NET $HTTP_PORTS

all
$HTTP_PORTS
$HOME_NETTO
TCP

147. Match each SNMP function with an appropriate description. (Not all options are used.)

148. If the workstation is not authorized, which port state is used by 802.1X?

• keep away
• the following
• unauthorized
• block

149. Match the specific ASA hardware unit to the description.

explain:The advanced threat control and containment services of the ASA firewall are provided through the integration of special hardware modules with the ASA architecture. These special sections include:
– Advanced Inspection and Prevention (AIP) Module – Supports advanced IPS features.
– Security and Content Control Cell (CSC) – supports anti-malware functions.
– Cisco Advanced Detection and Preventive Services Security Module (AIP-SSM) and Cisco Advanced Detection and Preventive Services Card (AIP-SSC) – Supports protection against tens of thousands of known attacks.

150. See Exhibit. Which two ACLs applied to R2's G0/1 interface will allow only the two LANs connected to R1 to access the network connected to R2's G0/1 interface? (Choose two.)

access list 3 192.168.10.128 0.0.0.63

access-list-1 permission 192.168.10.0 0.0.0.127

access-list 4 allow 192.168.10.0 0.0.0.255

access-list 2 allow host 192.168.10.9
access-list 2 allow host 192.168.10.69

access-list 5 allow 192.168.10.0 0.0.0.63
access-list 5 allow 192.168.10.64 0.0.0.63

explain:The permit command 192.168.10.0 0.0.0.127 ignores bits 1 to 7, which means addresses from 192.168.10.0 to 192.168.10.127 are allowed. Two ACEs authority 192.168.10.0 0.0.0.63 and authority 192.168.10.64 0.0.0.63 allow the same address range on the router.

151. Which two features apply to role-based CLI access monitoring? (Choose two.)

• You cannot add commands directly to a specific view.
• The CLI view has a password, but the preview does not.
• A single view can be shared by multiple CLI views.
• Deleting a supervisor view deletes all associated CLI views.
• A user logged into a supervisor has access to all commands specified in the relevant CLI view.

explain:Using this view, administrators can assign users or groups of users to CLI views that contain a specific set of commands that the user has access to. Commands cannot be added directly to the preview, they must be added to the CLI view for the CLI view to be added to the preview.

152. Match the type of the IPS alarm with the description.