ENSA 4

Question 1

Which statement describes a characteristic of standard IPv4 ACLs?

They filter traffic based on source IP addresses only.

They can be created with a number but not with a name.

They are configured in the interface configuration mode.

They can be configured to filter traffic based on both source IP addresses and source ports.

Answer 1

They filter traffic based on source IP addresses only.

Explanation: A standard IPv4 ACL can filter traffic based on source IP addresses only. Unlike an extended ACL, it cannot filter traffic based on Layer 4 ports. However, both standard and extended ACLs can be identified with either a number or a name, and both are configured in global configuration mode.

Question 2

Refer to the exhibit. R1 is configured for NAT as displayed. What is wrong with the configuration?

NAT-POOL2 is not bound to ACL 1.

Interface Fa0/0 should be identified as an outside NAT interface.

The NAT pool is incorrect.

Access-list 1 is misconfigured.

Answer 2

NAT-POOL2 is not bound to ACL 1.

Explanation: R1 has to have NAT-POOL2 bound to ACL 1. This is accomplished with the command R1(config)#ip nat inside source list 1 pool NAT-POOL2. This would enable the router to check for all interesting traffic and if it matches ACL 1 it would be translated by use of the addresses in NAT-POOL2.

Question 3

Refer to the exhibit. What method can be used to enable an OSPF router to advertise a default route to neighboring OSPF routers?

Use a static route pointing to the ISP and redistribute it.

Use the redistribute static command on R0-A.

Use the default-information originate command on ISP.

Use the default-information originate command on R0-A.

Answer 3

Use the default-information originate command on R0-A.

Question 4

A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use applications such as John the Ripper,THC Hydra, RainbowCrack, and Medusa?

to capture and analyze packets within traditional Ethernet LANs or WLANs

to probe and test the robustness of a firewall by using specially created forged packets

to make repeated guesses in order to crack a password

Answer 4

to make repeated guesses in order to crack a password

Question 5

What are two syntax rules for writing a JSON array? (Choose two.)

Each value in the array is separated by a comma.

The array can include only one value type.

A space must separate each value in the array.

A semicolon separates the key and list of values.

Values are enclosed in square brackets.

Answer 5

Each value in the array is separated by a comma.

Values are enclosed in square brackets.

Explanation: A JSON array is a collection of ordered values within square brackets [ ]. The values in the array are separated by a comma. For example “users” : [“bob”, “alice”, “eve”].

Question 6

What is a characteristic of a Trojan horse as it relates to network security?

An electronic dictionary is used to obtain a password to be used to infiltrate a key network device.

Malware is contained in a seemingly legitimate executable program.

Extreme quantities of data are sent to a particular network device interface.

Too much information is destined for a particular memory block, causing additional memory areas to be affected

Answer 6

Malware is contained in a seemingly legitimate executable program.

Explanation: A Trojan horse carries out malicious operations under the guise of a legitimate program. Denial of service attacks send extreme quantities of data to a particular host or network device interface. Password attacks use electronic dictionaries in an attempt to learn passwords. Buffer overflow attacks exploit memory buffers by sending too much information to a host to render the system inoperable

Question 7

An attacker is redirecting traffic to a false default gateway in an attempt to intercept the data traffic of a switched network. What type of attack could achieve this?

TCP SYN flood

DNS tunneling

DHCP spoofing

ARP cache poisoning

Answer 7

DHCP spoofing

Explanation: In DHCP spoofing attacks, an attacker configures a fake DHCP server on the network to issue DHCP addresses to clients with the aim of forcing the clients to use a false default gateway, and other false services. DHCP snooping is a Cisco switch feature that can mitigate DHCP attacks. MAC address starvation and MAC address snooping are not recognized security attacks. MAC address spoofing is a network security threat.

Question 8

A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?

data integrity

non-repudiation

origin authentication

data confidentiality

Answer 8

origin authentication

Explanation: Secure communications consists of four elements:
Data confidentiality – guarantees that only authorized users can read the message
Data integrity – guarantees that the message was not altered
Origin authentication – guarantees that the message is not a forgery and does actually come from whom it states
Data nonrepudiation – guarantees that the sender cannot repud

Question 9

A company has contracted with a network security firm to help identify the vulnerabilities of the corporate network. The firm sends a team to perform penetration tests to the company network. Why would the team use packet sniffers?

to detect installed tools within files and directories that provide threat actors remote access and control over a computer or network

to detect any evidence of a hack or malware in a computer or network

to probe and test the robustness of a firewall by using specially created forged packets

to capture and analyze packets within traditional Ethernet LANs or WLANs

Answer 9

to capture and analyze packets within traditional Ethernet LANs or WLANs

Question 10

An administrator is configuring single-area OSPF on a router. One of the networks that must be advertised is 172.20.0.0 255.255.252.0. What wildcard mask would the administrator use in the OSPF network statement?

0.0.15.255

0.0.3.255

0.0.7.255

0.0.1.255

Answer 10

0.0.3.255

Question 11

Refer to the exhibit. What is the OSPF cost to reach the West LAN 172.16.2.0/24 from East?​

782

74

128

65

Answer 11

65

Question 12

What is one reason to use the ip ospf priority command when the OSPF routing protocol is in use?

to activate the OSPF neighboring process

to influence the DR/BDR election process

to provide a backdoor for connectivity during the convergence process

to streamline and speed up the convergence process

Answer 12

to influence the DR/BDR election process

Explanation: The OSPF priority can be set to a number between 0 and 255. The higher the number set, the more likely the router becomes the DR. A priority 0 stops a router from participating in the election process and the router does not become a DR or a BDR.

Question 13

What is a characteristic of the two-tier spine-leaf topology of the Cisco ACI fabric architecture?​

The spine and leaf switches are always linked through core switches.

The spine switches attach to the leaf switches and attach to each other for redundancy.

The leaf switches always attach to the spines and they are interlinked through a trunk line.

The leaf switches always attach to the spines, but they never attach to each other.

Answer 13

The leaf switches always attach to the spines, but they never attach to each other.

Question 14

Which two scenarios would result in a duplex mismatch? (Choose two.)

connecting a device with autonegotiation to another that is manually set to full-duplex

starting and stopping a router interface during a normal operation

connecting a device with an interface running at 100 Mbps to another with an interface running at 1000 Mbps

configuring dynamic routing incorrectly

manually setting the two connected devices to different duplex modes

Answer 14

connecting a device with autonegotiation to another that is manually set to full-duplex

manually setting the two connected devices to different duplex modes

Question 15

A network technician is configuring SNMPv3 and has set a security level of auth . What is the effect of this setting?

authenticates a packet by a string match of the username or community string

authenticates a packet by using either the HMAC with MD5 method or the SHA method

authenticates a packet by using either the HMAC MD5 or 3.HMAC SHA algorithms and encrypts the packet with either the DES, 3DES or AES algorithms

authenticates a packet by using the SHA algorithm only

Answer 15

authenticates a packet by using either the HMAC with MD5 method or the SHA method

Explanation: For enabling SNMPv3 one of three security levels can be configured:
1) noAuth
2) auth
3) priv
The security level configured determines which security algorithms are performed on SNMP packets. The auth security level uses either HMAC with MD5 or SHA.

Question 16

What are two types of attacks used on DNS open resolvers? (Choose two.)

amplification and reflection

resource utilization

fast flux

ARP poisoning

cushioning

Explanation: Three types of attacks used on DNS open resolvers are as follows:DNS cache poisoning – attacker sends spoofed falsified information to redirect users from legitimate sites to malicious sites
DNS amplification and reflection attacks – attacker sends an increased volume of attacks to mask the true source of the attack
DNS resource utilization attacks – a denial of service (DoS) attack that consumes server resources

Answer 16

amplification and reflection

resource utilization

Explanation: Three types of attacks used on DNS open resolvers are as follows:DNS cache poisoning – attacker sends spoofed falsified information to redirect users from legitimate sites to malicious sites
DNS amplification and reflection attacks – attacker sends an increased volume of attacks to mask the true source of the attack
DNS resource utilization attacks – a denial of service (DoS) attack that consumes server resources

Question 17

If a packet with a source address of 192.168.100.219, a destination address of 64.100.40.10, and a protocol of 54 is received on the interface, is the packet permitted or denied?

denied
permitted

Answer 17

denied

Question 18

57. Which type of resources are required for a Type 1 hypervisor?

a dedicated VLAN

a management console

a host operating system

Answer 18

a management console

Question 19

58. In JSON, what is held within square brackets [ ]?

nested values

key/value pairs

an object

an array

Answer 19

an array

Question 20

59. What are three components used in the query portion of a typical RESTful API request? (Choose three.)

resources

protocol

API server

format

key

parameters

Answer 20

format

key

parameters

Question 21

60. A user reports that when the corporate web page URL is entered on a web browser, an error message indicates that the page cannot be displayed. The help-desk technician asks the user to enter the IP address of the web server to see if the page can be displayed. Which troubleshooting method is being used by the technician?

top-down

bottom-up

divide-and-conquer

substitution

Answer 21

divide and conquer

Question 22

61. Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?

MD5

AES

IPsec

ESP

Answer 22

IPsec

Explanation: IPsec services allow for authentication, integrity, access control, and confidentiality. With IPsec, the information exchanged between remote sites can be encrypted and verified. Both remote-access and site-to-site VPNs can be deployed using IPsec.