最新上传ccnasecurityfinalexamccnasv11文档格式.docx
《最新上传ccnasecurityfinalexamccnasv11文档格式.docx》由会员分享,可在线阅读,更多相关《最新上传ccnasecurityfinalexamccnasv11文档格式.docx(16页珍藏版)》请在冰豆网上搜索。
ItprovidesanoptionforconfiguringSNMPv3onallrouters.
3.
WhatarethreecommonexamplesofAAAimplementationonCiscorouters?
(Choosethree.)
authenticatingadministratoraccesstotherouterconsoleport,auxiliaryport,andvtyports
authenticatingremoteuserswhoareaccessingthecorporateLANthroughIPsecVPNconnections
implementingpublickeyinfrastructuretoauthenticateandauthorizeIPsecVPNpeersusingdigitalcertificates
implementingcommandauthorizationwithTACACS+
securingtherouterbylockingdownallunusedservices
trackingCiscoNetflowaccountingstatistics
4.
Refertotheexhibit.TheadministratorcanpingtheS0/0/1interfaceofRouterBbutisunabletogainTelnetaccesstotherouterusingthepasswordcisco123.Whatisapossiblecauseoftheproblem?
TheTelnetconnectionbetweenRouterAandRouterBisnotworkingcorrectly.
Thepasswordcisco123iswrong.
TheenablepasswordandtheTelnetpasswordneedtobethesame.
TheadministratordoesnothaveenoughrightsonthePCthatisbeingused.
5.
Refertotheexhibit.AnadministratorhasenteredthecommandsthatareshownonrouterR1.Atwhattraplevelistheloggingfunctionset?
2
3
5
6
6.
Ifaswitchisconfiguredwiththestorm-controlcommandandtheactionshutdownandactiontrapparameters,whichtwoactionsdoestheswitchtakewhenastormoccursonaport?
(Choosetwo.)
Theportisdisabled.
(CorrectedbyElfnet)
Theswitchisrebooted.(Originalanswer)
AnSNMPlogmessageissent.
Theportisplacedinablockingstate.
Theswitchforwardscontroltrafficonly.
7.
Whydoesawormposesagreaterthreatthanavirusposes?
Wormsrunwithinahostprogram.
Wormsarenotdetectedbyantivirusprograms.
Wormsdirectlyattackthenetworkdevices.
Wormsaremorenetwork-basedthanvirusesare.
8.
WhenportsecurityisenabledonaCiscoCatalystswitch,whatisthedefaultactionwhenthemaximumnumberofallowedMACaddressesisexceeded?
Theviolationmodefortheportissettorestrict.
TheMACaddresstableiscleared,andthenewMACaddressisenteredintothetable.
Theportremainsenabled,butthebandwidthisthrottleduntiltheoldMACaddressesareagedout.
Theportisshutdown.
9.
Whichtypeofencryptionalgorithmusespublicandprivatekeystoprovideauthentication,integrity,andconfidentiality?
IPsec
symmetric
asymmetric
sharedsecret
10.
WhichthreestatementsdescribetheIPsecprotocolframework?
AHusesIPprotocol51.
AHprovidesencryptionandintegrity.
AHprovidesintegrityandauthentication.
ESPusesUDPprotocol50.
ESPrequiresbothauthenticationandencryption.
ESPprovidesencryption,authentication,andintegrity.
11.
Refertotheexhibit.WhichinterfaceconfigurationcompletestheCBACconfigurationonrouterR1?
R1(config)#interfacefa0/0
R1(config-if)#ipinspectINSIDEin
R1(config-if)#ipaccess-groupOUTBOUNDin
R1(config)#interfacefa0/1
R1(config-if)#ipinspectOUTBOUNDin
R1(config-if)#ipaccess-groupINSIDEout
R1(config-if)#ipaccess-groupINSIDEin
12.
WhichstatementdescribestheoperationoftheIKEprotocol?
ItusesIPsectoestablishthekeyexchangeprocess.
Itusessophisticatedhashingalgorithmstotransmitkeysdirectlyacrossanetwork.
Itcalculatessharedkeysbasedontheexchangeofaseriesofdatapackets.
ItusesTCPport50toexchangeIKEinformationbetweenthesecuritygateways.
13.
WhichtwoconfigurationrequirementsareneededforremoteaccessVPNsusingCiscoEasyVPNServer,butarenotrequiredforsite-to-siteVPNs?
grouppolicylookup
IPsectranslations
(OriginalAnswer)
virtualtemplateinterface
IKEpolicies
transformsets
14.
WhatcanbeusedasaVPNgatewaywhensettingupasite-to-siteVPN?
CiscoCatalystswitch
Ciscorouter
CiscoUnifiedCommunicationsManager
CiscoAnyConnect
15.
WhichtypeofLayer2attackmakesahostappearastherootbridgeforaLAN?
LANstorm
MACaddressspoofing
MACaddresstableoverflow
STPmanipulation
VLANattack
16.
Refertotheexhibit.AnadministratorhasconfiguredastandardACLonR1andappliedittointerfaceserial0/0/0intheoutbounddirection.Whathappenstotrafficleavinginterfaceserial0/0/0thatdoesnotmatchtheconfiguredACLstatements?
TheresultingactionisdeterminedbythedestinationIPaddress.
TheresultingactionisdeterminedbythedestinationIPaddressandportnumber.
ThesourceIPaddressischeckedand,ifamatchisnotfound,trafficisroutedoutinterfaceserial0/0/1.
Thetrafficisdropped.
17.
Theuseof3DESwithintheIPsecframeworkisanexampleofwhichofthefiveIPsecbuildingblocks?
authentication
confidentiality
Diffie-Hellman
integrity
nonrepudiation
18.
Refertotheexhibit.WhichtwostatementsarecorrectregardingtheconfigurationonswitchS1?
PortFa0/5stormcontrolforbroadcastswillbeactivatediftrafficexceeds80.1percentofthetotalbandwidth.
PortFa0/6stormcontrolformulticastsandbroadcastswillbeactivatediftrafficexceeds2,000,000packetspersecond.
PortFa0/6stormcontrolformulticastswillbeactivatediftrafficexceeds2,000,000packetspersecond.
PortFa0/5stormcontrolformulticastswillbeactivatediftrafficexceeds80.1percentofthetotalbandwidth.
PortFa0/5stormcontrolforbroadcastsandmulticastswillbeactivatediftrafficexceeds80.1percentof2,000,000packetspersecond.
19.
WhatisacharacteristicofAAAaccounting?
Accountingcanonlybeenabledfornetworkconnections.
UsersarenotrequiredtobeauthenticatedbeforeAAAaccountinglogstheiractivitiesonthenetwork.
(Original)
Possibletriggersfortheaaaaccountingexecdefaultcommandincludestart-stopandstop-only.
(CorrectedbyJoker!
)
Accountingisconcernedwithallowinganddisallowingauthenticatedusersaccesstocertainareasandprogramsonthenetwork.
20.
AnetworktechnicianisconfiguringSNMPv3andhassetasecuritylevelofauth.Whatistheeffectofthissetting?
authenticatesapacketusingtheSHAalgorithmonly
authenticatesapacketbyastringmatchoftheusernameorcommunitystring
authenticatesapacketbyusingeithertheHMACwithMD5methodortheSHAmethod
authenticatesapacketbyusingeithertheHMACMD5orHMACSHAalgorithmsandencryptsthepacketusingeithertheDES,3DESorAESalgorithms
21.
WhichactionbestdescribesaMACaddressspoofingattack?
alteringtheMACaddressofanattackinghosttomatchthatofalegitimatehost
bombardingaswitchwithfakesourceMACaddresses
forcingtheelectionofaroguerootbridge
floodingtheLANwithexcessivetraffic
22.
Whenconfiguringasite-to-siteIPsecVPNusingtheCLI,theauthenticationpre-sharecommandisconfiguredintheISAKMPpolicy.Whichadditionalpeerauthenticationconfigurationisrequired?
ConfigurethemessageencryptionalgorithmwiththeencryptiontypeISAKMPpolicyconfigurationcommand.
ConfiguretheDHgroupidentifierwiththegroupnumberISAKMPpolicyconfigurationcommand.
Configureahostnamewiththecryptoisakmpidentityhostnameglobalconfigurationcommand.
ConfigureaPSKwiththecryptoisakmpkeyglobalconfigurationcommand.
23.
Whichthreestatementsdescribelimitationsinusingprivilegelevelsforassigningcommandauthorization?
Thereisnoaccesscontroltospecificinterfacesonarouter.
Therootusermustbeassignedtoeachprivilegeleveldefined.
Commandssetonahigherprivilegelevelarenotavailableforlowerprivilegedusers.
ViewsarerequiredtodefinetheCLIcommandsthateachusercanaccess.
Creatingauseraccountthatneedsaccesstomostbutnotallcommandscanbeatediousprocess.
Itisrequiredthatall16privilegelevelsbedefined,whethertheyareusedornot.
24.
WhichsetofCiscoIOScommandsinstructstheIPStocompileasignaturecategorynamedios_ipsintomemoryanduseittoscantraffic?
R1(config)#ipipssignature-category
R1(config-ips-category)#categoryall
R1(config-ips-category-action)#retiredfalse
R1(config-ips-category)#categoryios_ipsbasic
R1(config-ips-category-action)#noretiredfalse
25.
Refertotheexhibit.Whichthreethingsoccurifauserattemptstologinfourtimeswithin10secondsusinganincorrectpassword?
Subsequentvirtualloginattemptsfromtheuserareblockedfor60seconds.
Duringthequietmode,anadministratorcanvirtuallyloginfromanyhostonnetwork172.16.1.0/24.
Subsequentconsoleloginattemptsareblockedfor60seconds.
Amessageisgenerate