Network Security1-4

Prévia do material em texto

Network Security ( Versão 1) - Network Security 1.0 
Modules 1-4: Securing Networks Group Exam 
 
1. A security service company is conducting an audit in 
several risk areas within a major corporation. What 
statement describes the risk of access to cloud storage 
devices? 
2. A security service company is conducting an audit in 
several risk areas within a major corporation. What 
statement describes the risk of using social networking? 
• sensitive data lost through access to the cloud that has been compromised due to 
weak security settings 
• gaining illegal access to corporate data by stealing passwords or cracking weak 
passwords 
• data loss through access to personal or corporate instant messaging and social media 
sites 
• the retrieval of confidential or personal information from a lost or stolen device that 
was not configured to use encryption software 
3. A security service company is conducting an audit in 
several risk areas within a major corporation. What 
statement describes an attack vector? 
• the potential of causing great damage because of direct access to the building and its 
infrastructure devices 
• the unauthorized transfer of data containing valuable corporate information to a USB 
drive 
• the path by which a threat actor can gain access to a server, host, or network 
• the retrieval of confidential or personal information from a lost or stolen device that 
was not configured to use encryption software 
4. A security service company is conducting an audit in 
several risk areas within a major corporation. What 
statement describes the risk of access to removable media? 
• the potential of causing great damage because of direct access to the building and its 
infrastructure devices 
• intercepted emails that reveal confidential corporate or personal information 
• the unauthorized transfer of data containing valuable corporate information to a USB 
drive 
• data loss through access to personal or corporate instant messaging and social media 
sites 
5. A security service company is conducting an audit in 
several risk areas within a major corporation. What 
statement describes the risk of access to cloud storage 
devices? 
• intercepted emails that reveal confidential corporate or personal information 
• the retrieval of confidential or personal information from a lost or stolen device that 
was not configured to use encryption software 
• sensitive data lost through access to the cloud that has been compromised due to 
weak security settings 
• the potential of causing great damage because of direct access to the building and its 
infrastructure devices 
6. A security service company is conducting an audit in 
several risk areas within a major corporation. What 
statement describes the risk of access to cloud storage 
devices? 
• gaining valuable information through the retrieval of discarded unshredded reports 
• the retrieval of confidential or personal information from a lost or stolen device that 
was not configured to use encryption software 
• sensitive data lost through access to the cloud that has been compromised due to 
weak security settings 
• gaining illegal access to corporate data by stealing passwords or cracking weak 
passwords 
7. A security service company is conducting an audit in 
several risk areas within a major corporation. What 
statement describes an attack vector? 
• gaining valuable information through the retrieval of discarded unshredded reports 
• the unauthorized transfer of data containing valuable corporate information to a USB 
drive 
• the path by which a threat actor can gain access to a server, host, or network 
• the potential of causing great damage because of direct access to the building and its 
infrastructure devices 
8. A security service company is conducting an audit in 
several risk areas within a major corporation. What 
statement describes the risk of access to removable media? 
• sensitive data lost through access to the cloud that has been compromised due to 
weak security settings 
• the potential of causing great damage because of direct access to the building and its 
infrastructure devices 
• the unauthorized transfer of data containing valuable corporate information to a USB 
drive 
• data loss through access to personal or corporate instant messaging and social media 
sites 
9. A security service company is conducting an audit in 
several risk areas within a major corporation. What 
statement describes an internal threat? 
• the path by which a threat actor can gain access to a server, host, or network 
• intercepted emails that reveal confidential corporate or personal information 
• the potential of causing great damage because of direct access to the building and its 
infrastructure devices 
• gaining valuable information through the retrieval of discarded unshredded reports 
10. A security service company is conducting an audit in 
several risk areas within a major corporation. What 
statement describes the risk of access to cloud storage 
devices? 
• the unauthorized transfer of data containing valuable corporate information to a USB 
drive 
• the potential of causing great damage because of direct access to the building and its 
infrastructure devices 
• sensitive data lost through access to the cloud that has been compromised due to 
weak security settings 
• the path by which a threat actor can gain access to a server, host, or network 
11. A security service company is conducting an audit in 
several risk areas within a major corporation. What 
statement describes an attack vector? 
• data loss through access to personal or corporate instant messaging and social media 
sites 
• the unauthorized transfer of data containing valuable corporate information to a USB 
drive 
• the path by which a threat actor can gain access to a server, host, or network 
• intercepted emails that reveal confidential corporate or personal information 
12. A security service company is conducting an audit in 
several risk areas within a major corporation. What 
statement describes an attack vector? 
• gaining illegal access to corporate data by stealing passwords or cracking weak 
passwords 
• gaining valuable information through the retrieval of discarded unshredded reports 
• the path by which a threat actor can gain access to a server, host, or network 
• data loss through access to personal or corporate instant messaging and social media 
sites 
13. A security service company is conducting an audit in 
several risk areas within a major corporation. What 
statement describes an internal threat? 
• data loss through access to personal or corporate instant messaging and social media 
sites 
• the unauthorized transfer of data containing valuable corporate information to a USB 
drive 
• the potential of causing great damage because of direct access to the building and its 
infrastructure devices 
• gaining illegal access to corporate data by stealing passwords or cracking weak 
passwords 
14. A security service company is conducting an audit in 
several risk areas within a major corporation. What 
statement describes an attack vector? 
• the potential of causing great damage because of direct access to the building and its 
infrastructure devices 
• sensitive data lost through access to the cloud that has been compromised due to 
weak security settings 
• the path by which a threat actor can gain access to a server, host, or network 
• gaining illegal access to corporate data by stealing passwords or cracking weak 
passwords 
15. A security service company is conducting an audit in 
several risk areas within a major corporation. What 
statement describes the risk of access to cloud storage 
devices? 
• intercepted emails that reveal confidential corporate or personal information 
• gaining illegal access to corporate data by stealing passwords or cracking weak 
passwords 
• sensitive data lost through access to the cloudthat has been compromised due to 
weak security settings 
• the retrieval of confidential or personal information from a lost or stolen device that 
was not configured to use encryption software 
16. Which condition describes the potential threat created 
by Instant On in a data center? 
• when the primary IPS appliance is malfunctioning 
• when the primary firewall in the data center crashes 
• when a VM that may have outdated security policies is brought online after a long 
period of inactivity 
• when an attacker hijacks a VM hypervisor and then launches attacks against other 
devices in the data center 
Answers Explanation & Hints: 
The phrase Instant On describes a potential threat to a VM when it is brought online after it has not been used for a period of 
time. Because it is offline for a while, it may have outdated security policies that deviate from the baseline security and c an 
introduce security vulnerabilities. 
17. Which security feature or device would more likely be 
used within a CAN than a SOHO or data center? 
• ESA/WSA 
• wireless router 
• exit sensors 
• security trap 
• virtual security gateway 
Answers Explanation & Hints: 
A Cisco Email Security Appliance (ESA) and Web Security Appliance (WSA) provide advanced threat defense, application visibility 
and control, reporting, and secure mobility to secure and control email and web traffic at within a campus area network (CAN) . A 
wireless router is a common defense mechanism used in a SOHO. Exit sensors and a security trap are features used within a data 
center. A virtual security gateway is integrated into Cisco Nexus switches and is used for inter-virtual machine security. 
18. A company has several sales offices distributed within 
a city. Each sales office has a SOHO network. What are two 
security features that are commonly found in such a 
network configuration? (Choose two.) 
• Cisco ASA firewall 
• port security on user facing ports 
• WPA2 
• biometric verifications 
• Virtual Security Gateway within Cisco Nexus switches 
Answers Explanation & Hints: 
Small Office and Home Office (SOHO) networks are typically protected using a consumer grade wireless router that includes both 
wired and wireless connections. WPA2 is commonly used for wireless encryption and port security is used to ensure non-
company devices are not plugged into the wired network. 
19. What are two data protection functions provided by 
MDM? (Choose two.) 
• quarantine 
• inoculation 
• PIN locking 
• physical security 
• remote wiping 
Answers Explanation & Hints: 
Data protection functions include PIN locking, encryption, and remote data wiping. In contrast, data loss prevention prevents 
authorized users from doing careless or malicious things with data important to the organization. 
20. What is the motivation of a white hat attacker? 
• taking advantage of any vulnerability for illegal personal gain 
• fine tuning network devices to improve their performance and efficiency 
• studying operating systems of various platforms to develop a new system 
• discovering weaknesses of networks and systems to improve the security level of 
these systems 
Answers Explanation & Hints: 
White hat attackers break into networks or computer systems in order to discover weaknesses for the purpose of improving the 
security of these systems. These break-ins are done with permission from the owner or the organization. Any results are reported 
back to the owner or the organization. 
21. Match the security concept to the description. 
 
Network Security ( Version 1) – Network Security 1.0 Modules 1-4 Securing Networks Group Exam Answers 
001 
22. Which attack involves threat actors positioning 
themselves between a source and destination with the 
intent of transparently monitoring, capturing, and 
controlling the communication? 
• DoS attack 
• ICMP attack 
• SYN flood attack 
• man-in-the-middle attack 
Answers Explanation & Hints: 
The man-in-the-middle attack is a common IP-related attack where threat actors position themselves between a source and 
destination to transparently monitor, capture, and control the communication. 
23. A user is curious about how someone might know a 
computer has been infected with malware. What are two 
common malware behaviors? (Choose two.) 
• The computer beeps once during the boot process. 
• The computer emits a hissing sound every time the pencil sharpener is used. 
• The computer gets increasingly slower to respond. 
• No sound emits when an audio CD is played. 
• The computer freezes and requires reboots. 
Answers Explanation & Hints: 
Common symptoms of computers infected with malware:Appearance of files, applications, or desktop icons 
Security tools such as antivirus software or firewalls turned off or changed 
System crashes 
Emails spontaneously sent to others 
Modified or missing files 
Slow system or browser response 
Unfamiliar processes or services running 
Unknown TCP or UDP ports open 
Connections made to unknown remote devices 
24. What is the purpose of a reconnaissance attack on a 
computer network? 
• to steal data from the network servers 
• to redirect data traffic so that it can be monitored 
• to prevent users from accessing network resources 
• to gather information about the target network and system 
Answers Explanation & Hints: 
This item is based on information contained in the presentation. 
Preventing users from accessing network resources is a denial of service attack. Being able to steal data from the network servers 
may be the objective after a reconnaissance attack gathers information about the target network and system. Redirecting data 
traffic so it can be monitored is a man-in-the middle attack. 
25. What are two evasion methods used by hackers? 
(Choose two.) 
• encryption 
• phishing 
• access attack 
• resource exhaustion 
• scanning 
Answers Explanation & Hints: 
The following methods are used by hackers to avoid detection:Encryption and tunneling – hide or scramble the malware content 
Resource exhaustion – keep the host device too busy to detect the invasion 
Traffic fragmentation – split the malware into multiple packets 
Protocol-level misinterpretation – sneak by the firewall 
Pivot – use a compromised network device to attempt access to another device 
Rootkit – allow the hacker to avoid detection as well as hide software installed by the hacker 
26. What is the purpose of mobile device management 
(MDM) software? 
• It is used to create a security policy. 
• It is used by threat actors to penetrate the system. 
• It is used to identify potential mobile device vulnerabilities. 
• It is used to implement security policies, setting, and software configurations on 
mobile devices. 
Answers Explanation & Hints: 
Mobile device management (MDM) software is used with mobile devices so that corporate IT personnel can track the devices, 
implement security settings, as well as control software configurations. 
27. Which security measure is best used to limit the 
success of a reconnaissance attack from within a campus 
area network? 
• Implement access lists on the border router. 
• Implement encryption for sensitive traffic. 
• Implement a firewall at the edge of the network. 
• Implement restrictions on the use of ICMP echo-reply messages. 
Answers Explanation & Hints: 
The implementation of an access list may provide extra security by permitting denying a flow of traffic, but it will not provide a 
direct response to limit the success of the attack. The implementation of a firewall on the network edge may prevent 
reconnaissance attacks from the Internet, but attacks within the local network are not prevented. By implementing restrictions 
on the sending of ICMP echo-reply messages within a local network, devices may not respond to ping messages, but port scans 
are not prevented and clear-text data sent on the network are still vulnerable. The best security measure is to encrypt as much 
network traffic as possible,both user data and network management traffic. 
28. What functional area of the Cisco Network Foundation 
Protection framework is responsible for device-generated 
packets required for network operation, such as ARP 
message exchanges and routing advertisements? 
• control plane 
• management plane 
• data plane 
• forwarding plane 
Answers Explanation & Hints: 
There are three functional areas of the Cisco Network Foundation Protection (NFP) framework:Control plane: Responsible for 
routing functions. Consists of the traffic generated by network devices to operate the network. 
Management plane: Responsible for managing network devices. 
Data (Forwarding) plane: Responsible for forwarding user data. 
29. Which security implementation will provide 
management plane protection for a network device? 
• routing protocol authentication 
• access control lists 
• role-based access control 
• antispoofing 
Answers Explanation & Hints: 
Management plane processes typically use protocols such as Telnet and SSH. Role-based access control ensures that only 
authorized users have management privileges. ACLs perform packet filtering and antispoofing functions on the data plane to 
secure packets generated by users. Routing protocol authentication on the control plane ensures that a router does not accept 
false routing updates from neighbor routers. 
30. Which two practices are associated with securing the 
features and performance of router operating systems? 
(Choose two.) 
• Install a UPS. 
• Keep a secure copy of router operating system images. 
• Disable default router services that are not necessary. 
• Reduce the number of ports that can be used to access the router. 
• Configure the router with the maximum amount of memory possible. 
Answers Explanation & Hints: 
Configuring a router with maximum available memory allows support for the widest range of security services and can help to 
protect against certain DoS attacks. Secure copies of router operating system images and configuration files provide backups 
needed for device recovery. Installing a UPS device provides physical security for networking devices but does not affect the 
security of their operating systems. Disabling unnecessary ports and services is part of the process of router hardening, and does 
not specifically involve the router operating system. 
31. Passwords can be used to restrict access to all or parts 
of the Cisco IOS. Select the modes and interfaces that can 
be protected with passwords. (Choose three.) 
• VTY interface 
• console interface 
• Ethernet interface 
• boot IOS mode 
• privileged EXEC mode 
• router configuration mode 
Answers Explanation & Hints: 
Access to the VTY and console interfaces can be restricted using passwords. Out-of-band management of the router can be 
restricted in both user EXEC and privileged EXEC modes. 
32. On which two interfaces or ports can security be 
improved by configuring executive timeouts? (Choose two.) 
• Fast Ethernet interfaces 
• console ports 
• serial interfaces 
• vty ports 
• loopback interfaces 
Answers Explanation & Hints: 
Executive timeouts allow the Cisco device to automatically disconnect users after they have been idle for the specified time. 
Console, vty, and aux ports can be configured with executive timeouts. 
33. A network administrator enters the service password-
encryption command into the configuration mode of a 
router. What does this command accomplish? 
• This command encrypts passwords as they are transmitted across serial WAN links. 
• This command prevents someone from viewing the running configuration 
passwords. 
• This command enables a strong encryption algorithm for the enable secret 
password command. 
• This command automatically encrypts passwords in configuration files that are 
currently stored in NVRAM. 
• This command provides an exclusive encrypted password for external service 
personnel who are required to do router maintenance. 
Answers Explanation & Hints: 
The startup-config and running-config files display most passwords in plaintext. Use the service password-encryption global 
config command to encrypt all plaintext passwords in these files. 
34. Which command will block login attempts on RouterA 
for a period of 30 seconds if there are 2 failed login 
attempts within 10 seconds? 
• RouterA(config)# login block-for 10 attempts 2 within 30 
• RouterA(config)# login block-for 30 attempts 2 within 10 
• RouterA(config)# login block-for 2 attempts 30 within 10 
• RouterA(config)# login block-for 30 attempts 10 within 2 
Answers Explanation & Hints: 
The correct syntax is RouterA(config)# login block-for ( number of seconds) attempts ( number of attempts ) within ( number of 
seconds ). 
35. An administrator defined a local user account with a 
secret password on router R1 for use with SSH. Which three 
additional steps are required to configure R1 to accept only 
encrypted SSH connections? (Choose three.) 
• Configure the IP domain name on the router. 
• Enable inbound vty Telnet sessions. 
• Generate crypto keys. 
• Configure DNS on the router. 
• Configure a host name other than “Router”. 
• Generate two-way pre-shared keys. 
Answers Explanation & Hints: 
There are three steps to configure SSH support on a Cisco router: 
Step 1: Configure a hostname. 
Step 2: Configure a domain name. 
Step 3: Generate crypto keys.