• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/23

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

23 Cards in this Set

  • Front
  • Back

What is a result of securing the Cisco IOS image using the Cisco IOS Resilient Configuration feature?

The Cisco IOS image file is not visible in the output of the show flash command.

By default, where do Cisco routers send syslog messages?

to the console line

What configuration scenario would offer the most protection to SNMP get and set messages?

SNMPv3 configured with the auth security level

A company has deployed Windows server products to provide infrastructure network services including directory service, IP address management, domain name resolution, and software deployment automation. Which service is integrated with Cisco Secure ACS to provide network access management?

Active Directory

A company is deploying user device access control through the 802.1X protocol as part of the Cisco TrustSec solution. Which device is needed to serve as central management for the access control?

Cisco Secure ACS

What is a characteristic of AAA accounting?

Possible triggers for the aaa accounting exec default command include start-stop and stop-only.

Which two statements describe appropriate general guidelines for configuring and applying ACLs? (Choose two.)

If an ACL contains no permit statements, all traffic is denied by default.



The most specific ACL statements should be entered first because of the top-down sequential nature of ACLs.

A network administrator is configuring an inbound ACL on the border router to filter the traffic from the Internet. Which three ACEs can be used in an inbound ACL to mitigate possible attacks? (Choose three.)

Deny any inbound private addresses.



Deny any inbound local (127.x.x.x) addresses.



Deny any outbound traffic that is not an IP address range used within the organization.

Which statement describes a factor to be considered when configuring a zone-based policy firewall?

A zone must be configured with the zone security global command before it can be used in the zone-member securitycommand.

A company has deployed a network-based IPS sensor directly behind the border router. In what situation should adding additional IPS sensors be considered?

when the network traffic exceeds the capacity of the current IPS sensor

Which IPS signature trigger type is based on a defined profile of normal network activity?

anomaly-based detection

What would be the primary reason an attacker would launch a MAC address overflow attack?

so that the attacker can see frames that are destined for other hosts

Which security feature should be enabled in order to prevent an attacker from overflowing the MAC address table of a switch?

port security

Refer to the exhibit. Port security has been configured on the Fa 0/12 interface of switch S1. What action will occur when PC1 is attached to switch S1 with the applied configuration?

Frames from PC1 will cause the interface to shut down immediately, and a log entry will be made.

Which security method will help protect communications between servers and storage devices on a SAN?

hard zoning

Which two statements describe the IPsec protocol framework? (Choose two.)

AH uses IP protocol 51.



AH provides integrity and authentication.

Which three ports must be open to verify that an IPsec VPN tunnel is operating properly? (Choose three.)

50



51



500

A company is currently using SSL VPNs to provide remote access to the company network. What are two reasons to change to IPsec VPNs? (Choose two.)

IPsec VPNs support more applications.



IPsec VPNs provide stronger encryption.

Why would IPsec be a better remote access VPN solution than SSL?

stronger security

What function is performed by the class maps configuration object in the Cisco modular policy framework?

identifying interesting traffic

What software must first be installed on a host before the AnyConnect client can be downloaded to the host?

ActiveX

What variable is multiplied by the exposure factor to determine the cost of the single occurrence of a threat when performing a single loss expectancy calculation?

the asset value

Fill in the blank. Do not use abbreviations.
Depending on the ASA configuration, when a client terminates an SSL VPN connection, the __________________ client software can remain on the client or will automatically uninstall.

Cisco AnyConnect