101-200 Flashcards Preview

CCNA Security > 101-200 > Flashcards

Flashcards in 101-200 Deck (72):
1

FirePOWER impact flag is used for?

A value that indicates the potential severity of an attack.

2

Two services define cloud networks?

Infrastructure as a service
Platform as a Service

3

In a security context, which action can you take to address compliance?

Implement rules to prevent a vulnerability

4

What can the SMTP preprocessor in FP normalize?

It can extract and decode email attachments in client to server traffic.

5

Want to allow all users to access Internet, but want to hide individual addresses - 2 options?

Configure a proxy server to hide local IP.
configure a firewall to use PAT.

6

2 Auth types OSPF supports

MD5, plaintext.

7

Admin can't execute "config T" with following config - why?
Username Admin password checkme
Username Admin privilege 6 autocommand show running

Remove "autocommand and arguments"...this just does a show run when connected and drops.

8

Command to verify DHCP binding table status?

show ip dhcp snooping database

9

If a switch receives a superior BPDU and goes directly into blocked state, what mechanism must be in use?

BPDU guard.

10

Type of packet creates and performs network operations on a network device?

control plane packets.

11

2 functions can SIEM provide? Security Information Event Manager.

Correlation between logs and events from multiple systems.
event aggregation that allows for reduced log storage requirements.

12

3 actions are limitations when running IPS in promiscuous mode?

deny attacker, deny packet, modify packet

13

ASA command to authenticate users when they enter "enable" to a local DB w/o failback?

aaa authentication enable console LOCAL

14

accounting notices are used to send a failed authentication attempt record to a AAA server? 2

start-stop
stop-only

15

If native VLAN on a trunk is different on each end of line, what may occur?

STP loops may occur

16

Which type of IPS can identify worms that are propagating in a network?

Anomaly-based IPS

17

which kind of victim is tricked into entering username and PW at a disguised website?

Phishing

18

Cisco product can help mitigate web-based attacks within a network?

Web Security Appliance

19

State about a Private VLAN?

partitions the layer 2 broadcast domain of a VLAN into subdomains

20

Cisco feature can help mitigate spoofing attacks by verifying symmertry of the traffic path?

Unicast REverse Path Forwarding

21

Most common CDP V1 attack?

DOS

22

CIsco preferred countermeasure to mitigate CAM overflows?

Dynamic port security

23

When a switch has multiple links connected to a downstream switch, what is the first step that STP takes to prevent loops?

elects the root bridge

24

Countermeasure can mitigate ARP spoofing attacks? (2)

DHCP snooping
Dynamic ARP inspection

25

Type of security control is defense in depth?

Threat mitigation

26

CCP screen do you enable AAA?

AAA Summary

27

configure mode(level) used for "ip ospf authentication-key c1$c0"?

interface

28

2 uses of SIEM

alerting administrators to security events in real time.
collecting and archiving syslog data.

29

statement about malware?

unwanted software that is harmful or destructive.

30

discovered a malicious program that has been harvesting the CEO's email messages and the company's user DB for 6 months...what are 2 possible types of attacks your team discovered?

advanced persistent threat, and maybe targeted malware

31

FP preprocessor engine is used to prevent SYN attacks?

Rate-based prevention

32

Only permitted operation for processing multicast traffic on ZBF?

Only control plane policing can protect the control plane against multicast traffic.

33

encryption technology has the broadcast platform support to protect OS?

software

34

Feature of Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?

contextual analysis

35

SourceFire action should you choose if you want to block only malicious traffic from a particular end-user?

allow with inspection

36

How can you detect a false negative on an IPS?

Use a 3rd party system to perform penetration testing.

37

Type of PVLAN port allows host in the same VLAN to communicate directly with the other?

Community for hosts in the PVLAN

38

State shows MM_NO_STATE with show crypto isakmp sa - what does this mean?

Main Mode was created on source, but failed to negotiate with destination.

39

"single-connection" under TACACS server config means what for multiple servers?

the device will establish one connection for all TACACS transactions.

40

Crypto IPsec transform-set myset esp-md5-hmac esp-aes-256 > two things this does?

Authentication uses MD5-HMAC
Encryption uses AES-256

41

What is a valid implicit permit rule for traffic that is traversing the ASA Firewall?

ARPs in both directions are permitted in transparent mode only.

42

best practice for URL filtering to solve issue of website which keeps changing IP?

Enable URL filtering and use URL categorization to block the webistes that violate company policy.

43

Potential issue for leaving native VLAN set to 1?

could be susceptible to VLAN hopping attack.

44

IPS mode provides the max number of actions?

inline

45

technology can be used to rate data fidelity and provide an authenticated hash for data?

file reputation

46

config allows Anyconnect to authenticate automatically and establish VPN when user logs in to PC?

always on

47

Switch port goes right into blocked state when a superior BPDU is received - what mechanisms does this?

STP Root Guard

48

feature filters CoPP packets?

ACL

49

best way to confirm AAA authentication is working properly?

use the test aaa command

50

benefit for Web application firewall?

blocks known vulnerabilities w/o patching applications.

51

improvement for EAP-FAST v2 over v1?

allows multiple creds be passe din a single EAP exchange.

52

statement about IOS privilege levels?

Each level supports commands at its own level and all levels below it.

53

mechanism does asymmetric crytopgraph use to secure data?

public/private key.

54

Type of attack trying to overload a CAM table on a switch?

MAC flooding

55

Two ways to prevent eavesdropping when you preform device-maintenance?

SSH
SNMPv3

56

FW config to allow traffic to flow in both directions between two zones?

You must configure two zone pairs, one for each direction.

57

3 ways RADIUS differs from TACACS

RADIUS authenticates and authorizes simultaneously. causing fewer packets to be transmitted.
RADIUS Encrypts only the PW field in authentication packets.
USes UDP to communicate to NAS.

58

Data breach occurred and your company DB has been copied - what web security principle has been violated?

Confidentiality

59

Primary purpose of a defined rule in an IPS?

To configure an event action that takes place when a signature is triggered.

60

How does PEAP protect EAP exchange?

it encrypts the exchange using the server cert.

61

How can FP block malicious email attachments?

it sends the traffic through a file policy.

62

proxy firewall protects against which type of attack?

cross-site scripting attacks.

63

3 statements about DHCP spoofing?

modify traffic in transit.
used to perform main-in-the middle attack.
Protect the identity of the attacker by masking the DHCP address. or use ARP poisoning.

64

When should you use OOB MGMT?

When you manage apps need concurrent access to the device.
When you require admins access from multiple locations.

65

Sourcefire event action you should choose if you want to block only malicious traffic?

Allow with inspection.

66

Two NAT types allows only objects or groups to reference an IP address?

Dynamic NAT
Static NAT

67

Is ip ospf authentication message-digest needed for MD5 Auth in OSPF?

No

68

Statement about EIGRP/OSPF about MD authentication?

Router Process (only for OSPF) must be configured; key chain in EIGRP.

69

component of CIA triad relate to safe data which is in transit?

integrity.

70

user level to use: enable, disable, exit... commands?

privilege 0

71

Two valid TCP connection states.

SYN-RCVD
CLosed

72

Two commands result in a secure bootset?

secure boot-config
secure boot-image