1. What is an advantage of HIPS that is not provided by IDS?
a) HIPS protects critical system resources and monitors operating system processes.
b) HIPS deploys sensors at network entry points and protects critical network segments.
c) HIPS monitors network processes and protects critical files.
d) HIPS provides quick analysis of events through detailed logging.
Solution: a) HIPS protects critical system resources and monitors operating system processes.
Explanation: Network-based IDS (NIDS) sensors are typically deployed in offline mode. They do not protect individual hosts. Host-based IPS (HIPS) is software installed on a single host to monitor and analyze suspicious activity. It can monitor and protect operating system and critical system processes that are specific to that host. HIPS can be thought of as a combination of antivirus software, antimalware software, and a firewall.
2. Which statement describes a difference between RADIUS and TACACS+?
a) RADIUS separates authentication and authorization whereas TACACS+ combines them as one process.
b) RADIUS is supported by the Cisco Secure ACS software whereas TACACS+ is not.
c) RADIUS uses TCP whereas TACACS+ uses UDP.
d) RADIUS encrypts only the password whereas TACACS+ encrypts all communication.
Solution: a) RADIUS separates authentication and authorization whereas TACACS+ combines them as one process.
Explanation: TACACS+ uses TCP, encrypts the entire packet (not just the password), and separates authentication and authorization into two distinct processes. Both protocols are supported by the Cisco Secure ACS software.
3. What are two disadvantages of using an IDS? (Choose two.)
a) The IDS does not stop malicious traffic.
b) The IDS works offline using copies of network traffic.
c) The IDS has no impact on traffic.
d) The IDS analyzes actual forwarded packets.
e) The IDS requires other devices to respond to attacks.
Solution: a) The IDS does not stop malicious traffic, e) The IDS requires other devices to respond to attacks.
Explanation: The disadvantage of operating with mirrored traffic is that the IDS cannot stop malicious single-packet attacks from reaching the target before responding to the attack. Also, an IDS often requires assistance from other networking devices, such as routers and firewalls, to respond to an attack. An advantage of an IDS is that by working offline using mirrored traffic, it has no impact on traffic flow.
4. Which statement describes one of the rules that govern interface behavior in the context of implementing a zone-based policy firewall configuration?
a) An administrator can assign interfaces to zones, regardless of whether the zone has been configured.
b) An administrator can assign an interface to multiple security zones.
c) By default, traffic is allowed to flow among interfaces that are members of the same zone.
d) By default, traffic is allowed to flow between a zone member interface and any interface that is not a zone member.
Solution: d) By default, traffic is allowed to flow between a zone member interface and any interface that is not a zone member.
Explanation: An interface can belong to only one zone. Creating a zone is the first step in configuring a zone-based policy firewall. A zone cannot be assigned to an interface if the zone has not been created. Traffic can never flow between an interface that is assigned to a zone and an interface that has not been assigned to a zone.
5. Which technique is necessary to ensure a private transfer of data using a VPN?
a) encryption
b) virtualization
c) scalability
d) authorization
Solution: a) encryption
Explanation: Confidential and secure transfers of data with VPNs require data encryption.
6. What is the function of the distribution layer of the three-layer network design model?
a) providing direct access to the network
b) providing secure access to the Internet
c) aggregating access layer connections
d) providing high speed connection to the network edge
Solution: c) aggregating access layer connections
Explanation: The function of the distribution layer is to provide connectivity to services and to aggregate the access layer connections.
7. What two components of traditional web security appliances are examples of functions integrated into a Cisco Web Security Appliance? (Choose two.)
a) email virus and spam filtering
b) VPN connection
c) firewall
d) web reporting
e) URL filtering
Solution: a) email virus and spam filtering, e) URL filtering
Explanation: The Cisco Web Security Appliance is a secure web gateway which combines advanced malware protection, application visibility and control, acceptable use policy controls, reporting, and secure mobility functions. With traditional web security appliances, these functions are typically provided through multiple appliances. It is not a firewall appliance in that it only filters web traffic. It does not provide VPN connections, nor does it provide email virus and spam filtering; the Cisco Email Security Appliance provides these functions.
8. Which AAA component can be established using token cards?
a) authentication
b) accounting
c) authorization
d) auditing
Solution: a) authentication
Explanation: The authentication component of AAA is established using username and password combinations, challenge and response questions, and token cards. The authorization component of AAA determines which resources the user can access and which operations the user is allowed to perform. The accounting and auditing component of AAA keeps track of how network resources are used.
9. Which statement describes a VPN?
a) VPNs use open source virtualization software to create the tunnel through the Internet.
b) VPNs use dedicated physical connections to transfer data between remote users.
c) VPNs use logical connections to create public networks through the Internet.
d) VPNs use virtual connections to create a private network through a public network.
Solution: d) VPNs use virtual connections to create a private network through a public network.
Explanation: A VPN is a private network that is created over a public network. Instead of using dedicated physical connections, a VPN uses virtual connections routed through a public network between two network devices.
10. What is a host-based intrusion detection system (HIDS)?
a) It detects and stops potential direct attacks but does not scan for malware.
b) It is an agentless system that scans files on a host for potential malware.
c) It identifies potential attacks and sends alerts but does not stop the traffic.
d) It combines the functionalities of antimalware applications with firewall protection.
Solution: d) It combines the functionalities of antimalware applications with firewall protection.
Explanation: Accurrent HIDS is a comprehensive security application that combines the functionalities of antimalware applications with firewall protection. An HIDS not only detects malware but also prevents it from executing. Because the HIDS runs directly on the host, it is considered an agent-based system.
11. Which two devices would commonly be found at the access layer of the hierarchical enterprise LAN design model? (Choose two.)
a) modular switch
b) Layer 3 device
c) Layer 2 switch
d) firewall
e) access point
Solution: a) access point, c) Layer 2 switch
12. Which two statements are true about NTP servers in an enterprise network? (Choose two.)
a) There can only be one NTP server on an enterprise network.
b) NTP servers at stratum 1 are directly connected to an authoritative time source.
c) NTP servers control the mean time between failures (MTBF) for key network devices.
d) NTP servers ensure an accurate time stamp on logging and debugging information.
e) All NTP servers synchronize directly to a stratum 1 time source.
Solution: b) NTP servers at stratum 1 are directly connected to an authoritative time source, d) NTP servers ensure an accurate time stamp on logging and debugging information
13. In the data gathering process, which type of device will listen for traffic, but only gather traffic statistics?
a) NetFlow collector
b) NMS
c) SNMP agent
d) syslog server
Solution: a) NetFlow collector
14. Which two protocols are link-state routing protocols? (Choose two.)
a) ISIS
b) EIGRP
c) BGP
d) RIP
e) OSPF
Solution: a) ISIS, e) OSPF
15. What type of route is created when a network administrator manually configures a route that has an active exit interface?
a) directly connected
b) static
c) local
d) dynamic
Solution: b) static
16. Which characteristic describes a wireless client operating in active mode?
a) must be configured for security before attaching to an AP
b) broadcasts probes that request the SSID
c) ability to dynamically change channels
d) must know the SSID to connect to an AP
Solution: b) broadcasts probes that request the SSID
17. What are two types of addresses found on network end devices? (Choose two.)
a) return
b) IP
c) MAC
d) TCP
e) UDP
Solution: b) IP, c) MAC
18. What is a characteristic of the WLAN passive discover mode?
a) The client must know the name of the SSID to begin the discover process.
b) The client begins the discover process by sending a probe request.
c) The beaconing feature on the AP is disabled.
d) The AP periodically sends beacon frames containing the SSID.
Solution: d) The AP periodically sends beacon frames containing the SSID.
19. What is a characteristic of a routed port that is configured on a Cisco switch?
a) It supports subinterfaces.
b) It is associated with a single VLAN.
c) It runs STP to prevent loops.
d) It is assigned an IP address.
Solution: d) It is assigned an IP address.
20. What action does an Ethernet switch take when it receives a frame with an unknown Layer 2 source address?
a) It forwards the frame out all interfaces except the interface on which it was received.
b) It forwards the frame to the default gateway.
c) It records the source address in the address table of the switch.
d) It drops the frame.
Solution: a) It forwards the frame out all interfaces except the interface on which it was received.
21. Match each device to a category.
Modules 11 - 12: Network Infrastructure Security Group Exam (Answers) 1
22. Which routing protocol is used to exchange routes between internet service providers?
a) OSPF
b) EIGRP
c) ISIS
d) BGP
e) RIP
Explanation: BGP is a path vector routing protocol and it is used by internet service providers to exchange routes.
23. What is the first step in the CSMA/CA process when a wireless client is attempting to communicate on the wireless network?
a) The client sends an RTS message to the AP.
b) The client sends a test frame onto the channel.
c) The client listens for traffic on the channel.
d) The AP sends a CTS message to the client.
Explanation: When a wireless client is attempting to communicate on the network, it will first listen to the channel to be sure it is idle. Next, the client sends an RTS message to the AP to request dedicated access to the network. The AP will then send a CTS message granting access to the client. The client will then transmit data.
24. What Wi-Fi management frame is regularly broadcast by APs to announce their presence?
a) authentication
b) beacon
c) probe
d) association
Explanation: Beacon frames are broadcast periodically by the AP to advertise its wireless networks to potential clients. Probing, association, and authentication frames are only sent when a client is associating to the AP.
25. What are the three parts of all Layer 2 frames? (Choose three.)
a) source and destination IP address
b) payload
c) sequence number
d) frame check sequence
e) time-to-live
f) header
Explanation: Layer 2 frames have three components: the header, the payload, and a frame check sequence at the end.
26. What is a function of SNMP?
a) synchronizes the time across all devices on the network
b) captures packets entering and exiting the network interface card
c) provides a message format for communication between network device managers and agents
d) provides statistical analysis on packets flowing through a Cisco router or multilayer switch
Explanation: SNMP is an application layer protocol that allows administrators to manage devices on the network by providing a messaging format for communication between network device managers and agents.
27. Which firewall feature is used to ensure that packets coming into a network are legitimate responses to requests initiated from internal hosts?
a) application filtering
b) stateful packet inspection
c) packet filtering
d) URL filtering
Explanation: Stateful packet inspection on a firewall checks that incoming packets are actually legitimate responses to requests originating from hosts inside the network. Packet filtering can be used to permit or deny access to resources based on IP or MAC address. Application filtering can permit or deny access based on port number. URL filtering is used to permit or deny access based on URL or on keywords.
28. In which memory location is the routing table of a router maintained?
a) ROM
b) flash
c) NVRAM
d) RAM
Explanation: The routing table of a router is maintained in RAM, which is volatile memory. If a router loses power or is rebooted, the content of RAM is lost and the routing table must be rebuilt.
29. Lightweight access points forward data between which two devices on the network? (Choose two.)
a) wireless router
b) default gateway
c) wireless LAN controller
d) autonomous access point
e) wireless client
Explanation: In a wireless deployment that is using lightweight access points (LWAPs), the LWAP forwards data between the wireless clients and the wireless LAN controller (WLC).
30. A Cisco router is running IOS 15. What are the two routing table entry types that will be added when a network administrator brings an interface up and assigns an IP address to the interface? (Choose two.)
a) route that is manually entered by a network administrator
b) local route interface
c) route that is learned via OSPF
d) directly connected interface
e) route that is learned via EIGRP
Explanation: A local route interface routing table entry is found when a router runs IOS 15 or higher or if IPv6 routing is enabled. Whenever an interface is addressed and enabled (made active), a directly connected interface is automatically shown in the routing table.
31. Match the security service with the description.
images