Test Prep Flashcards Preview

CCNA Security > Test Prep > Flashcards

Flashcards in Test Prep Deck (33):
1

What does HMAC use to determine authenticity and integrity of a message? 2

key, hash

2

When admin initiates a device wipe command from ISE - what is the immediate effect?

It requests the admin to choose between erasing all device data or managed corporate data.

3

Statement about Extended ACL?

perform filtering that is based on source and destination and are most effective when applied to source.

4

Two valid TCP states?

SYN_RCVD and Closed

5

security zone is automatically defined by the system?

self zone

6

3 cases when ASA permits inbound HTTP GET request?

When matching ACL
When matching NAT
When the FW receives a SYN-ACK packet.

7

3 actions are limitations when running IPS in promiscuous mode?

deny attacker, deny packet, modify packet

8

3 statements about CIsco host-based IPS?

can have more restrictive policies than network-based IPS.
Can generate alerts based on behaivor at the desktop level.
can view encrypted files.

9

config to conceal internal IP of an ASA?

no proxy-arp

10

statement about privilege levels in IOS?

levels are independent and support commands of lower numbered levels.

11

command ip ospf auth key 1 is implemented at which level?

interface

12

Purposes of Internet Key EXchange in an IPSec VPN? 2

establishes security associations
responsible for mutual auth answers

13

Statements about ACL

Extended placed closest to source
STandard placed closest to destination
standard match on source address.

14

How does a device on a netowrk using ISE receive it's digital cert during the new-device registration process?

ISE acts as a SCEP proxy to enable the device to receive a cert from a central CA.

15

Component of CIA triad relate to safe data which is in transit?

confidentiality.

16

two statements about stateless firewalls

they compare 5-tuple of each incoming packet against config rules.
They cannot track connections.

17

Two default levels of IOS privilege levels?

1 and 15

18

what does Open WEb Application SEcurity Project do?

Educate about common web site vulnerabilities.

19

SOURCEFIRE logging action should you choose to record the most detail about a connection?

Enable Logging at the end of the session?

20

QM_Idle shows what in show cry isakmp sa?

Phase 1 has been established between peers.

21

Privilege command prevents user with level 6 from modifying the interface config?

privilege exec level 9 config term.

22

What actions can promiscuous IPS take to mitigate an attack?

Requesting connection blocking
resetting the TCP connection
requesting host blocking

23

feature allows dynamic PAT pool to select the next address in the PAT pool instead of the next port of exisiting address?

round robin

24

part of OSPF config will not be required for MD5 Auth?

area 20 auth message-digest

25

FirePOWER prepocessor engine is used to prevent SYN attacks?

Rate-based prevention

26

Function of private VLAN?

partitions the layer 2 boradcast domain of a VLAN into subdomains

27

Feature which mitigates spooofing attacks by verifying symmetry of the traffic path?

unicast reverse path forwarding.

28

encryption technology has the boradcast platform support to protect OS?

software

29

how does ZBF handles traffic between interfaces in the same zone?

traffic between two interfaces in the same zone is allowed by default.

30

Statement about ACS authentication and authorization?

Can be clustered to provide scalability.

31

question about VPN?

port 4500 IPSEC

32

statement about application blocking?

it blocks access to specific programs

33

3 characteristics about DHCP spoofing?

modify traffic in transit
used to perform man-in-middle attack
physically modify the network gateway