Test 8 - Bill Buchanan

gascitytankΔίκτυα και Επικοινωνίες

28 Οκτ 2013 (πριν από 4 χρόνια και 2 μήνες)

123 εμφανίσεις

Author:

Bill Buchanan

Author:

Bill Buchanan

Author:

Bill Buchanan

Author:

Bill Buchanan

Work Schedule

Author:

Bill Buchanan

Author:

Bill Buchanan

Author:

Bill Buchanan

Author:

Bill Buchanan

PIX Certification Questions

Author:

Bill Buchanan

Author:

Bill Buchanan



The
Cisco Secure PIX Firewall Advanced exam

(CSPFA 642
-
521) is one of the exams associated
with the Cisco Certified Security Professional and
the Cisco Firewall Specialist certifications.
Candidates can prepare for this exam by taking
the CSPFA v3.2 course. This exam includes
simulations and tests a candidate's knowledge and
ability to describe, configure, verify and manage
the PIX Firewall product family. CCNA or CCDA
recertification candidates who pass the 642
-
521
CSPFA exam will be considered recertified at the
CCNA or CCDA level.

Author:

Bill Buchanan

Author:

Bill Buchanan

1. What is CA?


A. Configured applications

B. Cisco authentication

C. Certificate authority

D. Command approval


Author:

Bill Buchanan

Author:

Bill Buchanan

2. How many interfaces does the PIX 506 support?


A. 4

B. 2

C. 6

D. 3


Author:

Bill Buchanan

Author:

Bill Buchanan

3. How do you change the activation key on the
PIX?


A. Reset the PIX

B. With the checksum command

C. Copy a PIX image to the flash

D. The activation key cannot be changed


Author:

Bill Buchanan

Author:

Bill Buchanan

4. When configuring ACL to identify traffic that
requires encryption, two entries are needed. One
for inbound traffic and one for outbound traffic.


A. True

B. False


Author:

Bill Buchanan

Author:

Bill Buchanan

5. What is the different about the PIX privileged
access mode as opposed to the privileged access
mode of a Cisco IOS router?


A. The "?" command does not work on the PIX

B. No difference

C. Each configuration command is automatically saved
to flash

D. The ability to view the running configuration from
the configuration mode


Author:

Bill Buchanan

Author:

Bill Buchanan

7. What are some application layer protocols that
CBAC can inspect? (choose all that apply)


A. TFTP

B. TCP

C. SMTP

D. UDP

E. HTTP

F. FTP


Author:

Bill Buchanan

Author:

Bill Buchanan

8. What two commands are needed for inbound
access? (choose two)


A. Static

B. Access
-
list

C. PAT

D. NAT


Author:

Bill Buchanan

Author:

Bill Buchanan

9. In CBAC, what is a state table?


A. A table containing access
-
list information

B. A table containing information about the state of
CBAC

C. A table containing information about the state of the
packet's connection

D. A table containing routing information


Author:

Bill Buchanan

Author:

Bill Buchanan

10. What is required for stateful failover on the PIX
515? (choose all that apply)


A. Unrestricted software license

B. Cisco failover cable

C. Cisco IOS failover feature set

D. 2 Ethernet interfaces interconnected


Author:

Bill Buchanan

Author:

Bill Buchanan

11. What is the purpose of a syslog server?


A. To host websites

B. To collect system messages

C. To maintain current backup configurations

D. To maintain URL filtering information


Author:

Bill Buchanan

Author:

Bill Buchanan

12. Default "fixup protocol" commands cannot be
disabled.


A. True

B. False


Author:

Bill Buchanan

Author:

Bill Buchanan

13. What command deletes all authentication proxy
entries?


A. Clear ip authentication
-
proxy cache

B. Clear ip authentication
-
proxy cache all

C. Clear ip authentication
-
proxy cache

D. Clear authentication
-
proxy all entries


Author:

Bill Buchanan

Author:

Bill Buchanan

14. At what frequency does the PIX send hello
packets to the failover unit?


A. 15 seconds

B. 60 seconds

C. 6 seconds

D. 20 seconds


Author:

Bill Buchanan

Author:

Bill Buchanan

15. In AAA, what does the method keyword "local"
mean?


A. That the AAA server is local

B. Deny if login request is local

C. Use the local database for authentication

D. Authenticate if login request is local


Author:

Bill Buchanan

Author:

Bill Buchanan

16. What three types of entries does the PAM table
provide? (choose 3)


A. User defined

B. Internet specific

C. Host specific

D. System defined.


Author:

Bill Buchanan

Author:

Bill Buchanan

17. During IPSec security associations negotiation,
if there are multiple transform sets, which one is
used?


A. Is does not matter

B. The first common one

C. The first one

D. The last one


Author:

Bill Buchanan

Author:

Bill Buchanan

18. CBAC inspection can only be configured in one
direction.


A. False

B. True


Author:

Bill Buchanan

Author:

Bill Buchanan

19. How do you identify a syslog server on the
PIX?


A. logging host 10.1.1.1

B. TFTP server 10.1.1.1

C. syslog
-
server 10.1.1.1

D. syslog server 10.1.1.1


Author:

Bill Buchanan

Author:

Bill Buchanan

20. In CBAC, where are dynamic access entries
added?


A. A new access
-
list is configured for each access
entry

B. At the beginning of the access
-
list

C. A separate access
-
list is created for access entries

D. At the end of the access
-
list


Author:

Bill Buchanan

Author:

Bill Buchanan

21. You establish an IPSec tunnel with a remote
peer. You verify by viewing the security
associations. You view the security associations
two days later and find they are not there. What is
the problem?


A. This would not happen

B. You have used an incorrect command to view the
security associations

C. Your PIX is not powered up.

D. No traffic was identified to be encrypted.


Author:

Bill Buchanan

Author:

Bill Buchanan

22. What is the purpose of the "route 0 0"
command?


A. To configure a static route

B. To enable routing on the PIX

C. To configure a default route

D. To route between 2 interfaces


Author:

Bill Buchanan

Author:

Bill Buchanan

23. What does DDOS stand for?


A. Distributed denial of service

B. Dedicated Department of Security

C. Dead, Denied, Out of Service

D. Demand denial of service


Author:

Bill Buchanan

Author:

Bill Buchanan

24. In CBAC, how are half
-
open sessions
measured?


A. Both TCP & UPD half
-
open sessions are calculated

B. Only UDP half
-
open sessions are calculated

C. CBAC does not calculate half
-
open sessions

D. Only TCP half
-
open sessions are calculated


Author:

Bill Buchanan

Author:

Bill Buchanan

25. AAA stands for authentication, authorization,
&______________.


A. application

B. accounting

C. access control

D. authenticity


Author:

Bill Buchanan

Author:

Bill Buchanan

26. A transform set is a combination of ________
_______ & ____________. (choose all that apply)


A. access
-
list

B. crypto maps

C. security protocols

D. algorithms


Author:

Bill Buchanan

Author:

Bill Buchanan

27. At what layer of the OSI model does IPSec
provide security?


A. 4

B. 7

C. 8

D. 3


Author:

Bill Buchanan

Author:

Bill Buchanan

28. What is the purpose of the "clear access
-
list"
command?


A. Remove an access
-
list from an interface

B. To clear all access
-
list from the PIX

C. To clear all access
-
list counters

D. Invalid command


Author:

Bill Buchanan

Author:

Bill Buchanan

29. What are the two licenses supported on the
PIX515?


A. Unrestricted

B. Limited

C. Restricted

D. Unlimited


Author:

Bill Buchanan

Author:

Bill Buchanan

30. How are transform sets selected in manually
established security associations?


A. Transform sets are not used in manually established
security associations

B. Manually established security associations only
have one transform set

C. The first transform set is always used

D. The first common transform set is used


Author:

Bill Buchanan

Author:

Bill Buchanan

31. Access
-
list are supported with Radius
authorization.


A. True.

B. False


Author:

Bill Buchanan

Author:

Bill Buchanan

32. How do you view active NAT translations?


A. show nat
-
translations

B. show ip
-
nat translations

C. show xlate

D. show translations


Author:

Bill Buchanan

Author:

Bill Buchanan

33. What does IKE Extended authentication
provide?


A. Authentication of multiple IPSec peers

B. Auto
-
negotiation of IPSec security associations

C. User authentication using Radius/TACACS+


Author:

Bill Buchanan

Author:

Bill Buchanan

34. What are two purposes of NAT? (choose 2)


A. To build routing tables

B. To expedite packet inspection

C. To connect two separate interfaces

D. To conserve non
-
RFC1918 addresses

E. To hide internal servers and workstations real IP
addresses from the Internet


Author:

Bill Buchanan

Author:

Bill Buchanan

35. Only one IPSec tunnel can exist between two
peers.


A. False

B. True


Author:

Bill Buchanan

Author:

Bill Buchanan

36. How many hello packets must be missed
before the failover unit will become active?


A. 2

B. 3

C. 1

D. 5


Author:

Bill Buchanan

Author:

Bill Buchanan

37. What are the two transport layer protocols?
(choose 2)


A. TCP

B. IP

C. ICMP

D. UDP


Author:

Bill Buchanan

Author:

Bill Buchanan

38. How do you configure a PAT address?


A. Nat (Outside) 1 1.1.1.1 1.1.1.1 255.255.255.255

B. IP PAT (Outside) 1 1.1.1.1 255.255.255.255

C. PAT (Outside) 1 1.1.1.1 255.255.255.255

D. Global (Outside) 1 1.1.1.1 1.1.1.1 255.255.255.255



Author:

Bill Buchanan

Author:

Bill Buchanan

39. How many interfaces does the PIX 515R
support?


A. 3

B. 4

C. 2

D. 6


Author:

Bill Buchanan

Author:

Bill Buchanan

40. What are some advantages of using the PIX
firewall over other firewalls such as Microsoft
Proxy? (choose all that apply)


A. No security problems from running on top of other
operating systems

B. PIX firewall is plug and play, no configuration
required

C. PIX inspects on lower layer protocols

D. PIX does stateful packet inspections

E. One box solution


Author:

Bill Buchanan

Author:

Bill Buchanan

41. You decide you need more interfaces for your PIX
515 and you already have the unrestricted license
installed. The PIX firewall only shipped with 2 Ethernet
interfaces. You install a new Ethernet interface that
you ordered from Cisco. After you power the PIX on,
you assign an IP address to the interface and
configure a NAT & global statement for the new
network. But users on the new network are unable to
browse the Internet. What else do you need to do?


A. Enable the new interface in the configuration

B. Add the "conduit permit any any" statement to your
configuration

C. Nothing. The problem is probably with the clients
workstations, not the PIX.

D. Add the Cisco client proxy software to each workstation
on the new network.


Author:

Bill Buchanan

Author:

Bill Buchanan

42. What two concepts are included in data
authentication? (choose all that apply)


A. Anti replay

B. Data origin authentication

C. Data integrity.

D. Data confidentiality


Author:

Bill Buchanan

Author:

Bill Buchanan

43. What is the layer
-
4 difference between Radius
and TACACS+?


A. Radius uses TCP & TACACS+ uses UDP

B. Radius uses UDP & TACACS+ uses TCP

C. TACACS+ uses FTP & Radius uses TFTP

D. There is no layer
-
4 difference between Radius &
TACACS+


Author:

Bill Buchanan

Author:

Bill Buchanan

44. "Logging timestamp" specifies that syslog
messages sent to the syslog server should have a
time stamp value on each message.


A. True

B. False


Author:

Bill Buchanan

Author:

Bill Buchanan

45. What does the " crypto access
-
list" command
accomplish?


A. There are no such access list

B. They block non
-
encrypted traffic

C. They identify crypto map statements

D. Identifies which traffic is to be encrypted


Author:

Bill Buchanan

Author:

Bill Buchanan

46. What is the purpose of the outbound access
-
list for a CBAC solution?


A. To block all traffic, CBAC will then inspect the traffic
and allow legitimate traffic out

B. Packets you want inspected by CBAC

C. The is no need for an outbound access
-
list in a
CBAC solution

D. To identify legitimate inbound traffic from the
Internet


Author:

Bill Buchanan

Author:

Bill Buchanan

47. How do you delete the following PAM entry? IP
port
-
map http port 81


A. clear IP port
-
map http port 81

B. This is a system
-
defined entry and cannot be
deleted

C. no IP port
-
map http port 81

D. delete IP port
-
map http port 81


Author:

Bill Buchanan

Author:

Bill Buchanan

48. What is the first step in configuring IPSec
without CA?


A. Crypto

B. ISAKMP

C. IKE

D. IPSEC


Author:

Bill Buchanan

Author:

Bill Buchanan

49. What version of IOS was the "ip port
-
map"
command introduced?


A. 13.(1)

B. 12.1

C. 11.0(1)

D. 12.05(t)


Author:

Bill Buchanan

Author:

Bill Buchanan

50. What is the purpose of the "fixup protocol"
commands?


A. To identify what protocols are permitted through the
PIX

B. Change PIX firewall application protocol feature

C. To identify what protocols are to be blocked by the
PIX

D. To map a protocol to a TCP or UDP port


Author:

Bill Buchanan

Author:

Bill Buchanan

51. Without stateful failover, how are active
connections handled?


A. Connections are maintained between the PIX and
the failover unit

B. Dropped

C. UDP connections are maintained

D. TCP connections are maintained


Author:

Bill Buchanan

Author:

Bill Buchanan

52. How many default routes can be assigned to
the PIX firewall?


A. 1 per network

B. 1.

C. As many as required

D. 1 per interface

E. 1 for the primary PIX and 1 for the standby PIX



Author:

Bill Buchanan

Author:

Bill Buchanan

53. You have a PIX firewall and you are only given
one public IP address from your ISP to use on the
PIX. You do not have any type of servers that need
be accessed from the Internet. What is a valid
quick solution to your problem?


A. Get a new ISP

B. PAT

C. Request additional IP addresses from your ISP

D. NAT


Author:

Bill Buchanan

Author:

Bill Buchanan

54. What three purposes does the failover cable
serve? (choose all that apply)


A. Power status of the other unit

B. Communication link

C. Unit identification of both units

D. Stateful information


Author:

Bill Buchanan

Author:

Bill Buchanan

55. Which PIX interface(s) do you apply the crypto
map statements?


A. To the outside interface

B. To the inside interface

C. To any interfaces that IPSec packets will traverse

D. All PIX interfaces


Author:

Bill Buchanan

Author:

Bill Buchanan

56. What is the purpose of authentication proxy?


A. Proxy of user logins

B. To enable AAA

C. Policies on per user basis

D. For user accounting


Author:

Bill Buchanan

Author:

Bill Buchanan

57. You are required to have two crypto access
-
list
for IPSec. One is to identify outbound traffic to be
encrypted, and the other is to identify inbound
traffic that should be encrypted.


A. False

B. True


Author:

Bill Buchanan

Author:

Bill Buchanan

58. PAT is not supported with the "fixup protocol
rtsp" command.


A. True

B. False


Author:

Bill Buchanan

Author:

Bill Buchanan

59. How do you configure a pool of public IP
addresses?


A. Global command

B. Pool command

C. NAT command.

D. Static command


Author:

Bill Buchanan

Author:

Bill Buchanan

60. What is the purpose of the "logging trap"
command?


A. Enables syslog traps

B. This is not a valid PIX command

C. Sends logs to a host named trap

D. Enables SMTP traps


Author:

Bill Buchanan

Author:

Bill Buchanan

61. The inbound access
-
list or conduit statements
must include permit statements for all IPSec traffic.


A. False

B. True

Author:

Bill Buchanan

Author:

Bill Buchanan

62. What is one difference between conduit
statements and access
-
list?


A. Conduit statements can only contain permit
statements

B. Conduit statements list the destination address
before the source address and access
-


C. Conduit statements do not contain the implicit deny
any at the end

D. Access
-
list cannot be applied to the interfaces of the
PIX


Author:

Bill Buchanan

Author:

Bill Buchanan

63. How do you configure a Web sense server on
the PIX?


A. server 10.1.1.1

B. websense
-
server 10.1.1.1

C. url
-
server 10.1.1.1

D. websense 10.1.1.1



Author:

Bill Buchanan

Author:

Bill Buchanan

64. How many hosts will PAT support?


A. 1024

B. unlimited

C. 64000

D. 1


Author:

Bill Buchanan

Author:

Bill Buchanan

65. When configuring a security association in
IPSec, the global lifetime default (the time when the
security association is renegotiated) is 28,800
seconds.


A. True

B. False


Author:

Bill Buchanan

Author:

Bill Buchanan

66. What is the goal of a DDOS attack?


A. To use the network to attack another network

B. To steal vital information

C. To take control of the network

D. To stop the network from working


Author:

Bill Buchanan

Author:

Bill Buchanan

67. What is required for stateful failover? (choose
all that apply)


A. FDDI interface

B. 1 interface interconnected

C. PIX failover cable.

D. 3 interfaces interconnected

Author:

Bill Buchanan

Author:

Bill Buchanan

68. What does ACS stand for?


A. Another Cisco Server

B. Authentication, Control, Secure

C. Access Control Server

D. Access, Control, Security


Author:

Bill Buchanan

Author:

Bill Buchanan

69. With the PIX Firewall, you can configure:


A. Separate groups of TACACS+ or RADIUS servers
for specifying different types of

B. None of the above. PIX does not support TACACS+
or RADIUS.

C. Only TACACS+ for inbound & outbound
connections

D. Only RADIUS for inbound & outbound connections


Author:

Bill Buchanan

Author:

Bill Buchanan

70. What command applies CBAC to an interface?


A. router# ip inspect NAME in interface outside

B. router(conf)#ip inspect NAME in

C. router(conf
-
if)#ip inspect NAME in

D. router(conf)#ip inspect NAME out


Author:

Bill Buchanan

Author:

Bill Buchanan

71. In CBAC, where does the router get the state
table information?


A. By inspecting the packet

B. From a PIX firewall

C. From routing tables

D. Configured by administrator



Author:

Bill Buchanan

Author:

Bill Buchanan

72. What three protocols does the PIX provide
credential prompts, with the proper configuration
of an AAA server? (choose 3)


A. HTTP

B. TFTP

C. FTP

D. HTTPS

E. Telnet

F. SSL

Author:

Bill Buchanan

Author:

Bill Buchanan

73. What command is required to save the
configuration to a remote device?


A. radius
-
server

B. Copy

C. Save

D. write


Author:

Bill Buchanan

Author:

Bill Buchanan

74. Authentication proxy only works with
TACACS+.


A. False

B. True



Author:

Bill Buchanan

Author:

Bill Buchanan

75. What is a dynamic crypto map?


A. There is no such thing as a dynamic crypto map

B. When the PIX gets the entire crypto map
configuration from a CA

C. A crypto map created solely by the PIX upon
negotiation with an IPSec peer

D. A crypto map without all the parameters configured


Author:

Bill Buchanan

Author:

Bill Buchanan

76. What command displays the authentication
proxy configuration?


A. Show version proxy
-
authentication

B. Show proxy
-
authentication

C. Show all proxy
-
authentication

D. Show ip proxy
-
authentication


Author:

Bill Buchanan

Author:

Bill Buchanan

77. What is a false
-
positive alarms?


A. Alarms that do not reach their intended destination

B. Legitimate alarms that are not triggered

C. Alarms caused by legitimate traffic

D. Alarms that an administrator ignores


Author:

Bill Buchanan

Author:

Bill Buchanan

78. What is data confidentiality?


A. IPSec receiver can detect & reject replayed packets

B. Receiver authenticates packets to ensure no
alterations have been made

C. Packets are encrypted before they are transmitted
across a network

D. Receiver can authenticate source of IPSec packets


Author:

Bill Buchanan

Author:

Bill Buchanan

79. You can configure conduit statements on a PIX
Firewall, but not access
-
list.


A. False

B. True


Author:

Bill Buchanan

Author:

Bill Buchanan

80. How is inbound access controlled? (choose all
that apply)


A. Global

B. Access
-
list

C. Static

D. NAT


Author:

Bill Buchanan

Author:

Bill Buchanan

81. How is outbound access enabled? (choose all
that apply)


A. Global

B. Static

C. NAT

D. Access
-
list


Author:

Bill Buchanan

Author:

Bill Buchanan

82. In CBAC, how are dynamic access
-
list entries
saved?


A. They are not saved

B. Write memory

C. Write tftp

D. Save access
-
list


Author:

Bill Buchanan

Author:

Bill Buchanan

83. The PIX is a single point of failure and has no
solution for redundancy. Cisco is working on a
solution for this right now.


A. True

B. False


Author:

Bill Buchanan

Author:

Bill Buchanan

84. A crypto map statement can contain multiple
access
-
lists.


A. False

B. True


Author:

Bill Buchanan

Author:

Bill Buchanan

85. How do you apply conduit statements to the
outside interface?


A. With the use of the conduit
-
outside statement

B. With the use of the conduit
-
group statement

C. No configuration required

D. Conduit statements cannot be applied to the outside
interface


Author:

Bill Buchanan

Author:

Bill Buchanan

86. What does the "clear filter" command
accomplish?


A. Clears all filter counters displayed by the show
filters command

B. Resets all filters to their original state

C. Invalid PIX command

D. Removes all filters from the PIX configuration


Author:

Bill Buchanan

Author:

Bill Buchanan

87. What two commands are needed for outbound
access? (choose 2)


A. PAT

B. Access list

C. NAT

D. Global


Author:

Bill Buchanan

Author:

Bill Buchanan

88. How does CBAC handle ICMP?


A. Only ICMP echo packets are inspected

B. All ICMP traffic is inspected by CBAC

C. ICMP traffic is not inspected by CBAC

D. ICMP traffic is denied by CBAC


Author:

Bill Buchanan

Author:

Bill Buchanan

89. What two commands enable viewing the url
filtering information? (choose 2)


A. show url
-
cache stats

B. show url
-
filtering

C. show filter
-
url

D. show perfmon


Author:

Bill Buchanan

Author:

Bill Buchanan

90. What are the two types of global timeouts for
IPSec on the PIX? (choose 2)


A. bandwidth

B. uptime

C. number of PPTP connections

D. time


Author:

Bill Buchanan

Author:

Bill Buchanan

91. What command is utilized to upgrade the IOS
version of the PIX?


A. Copy tftp flash

B. Copy flash tftp

C. Write tftp flash

D. Save tftp flash


Author:

Bill Buchanan

Author:

Bill Buchanan

92. What is the command to assign an IP address
to an interface?


A. nameif inside IP address 10.1.1.1 255.255.255.0

B. ip address inside 10.1.1.1 255.255.255.0

C. inside address 10.1.1.1 255.255.255.0

D. inside ip address 10.1.1.1 255.255.255.0


Author:

Bill Buchanan

Author:

Bill Buchanan

93. How do you reset a security association with an
IPSec peer?


A. Clear ipsec sa <peer name>

B. Disconnect the PIX from the network

C. Delete security
-
association

D. You must delete all IPSec configurations and
reconfigure


Author:

Bill Buchanan

Author:

Bill Buchanan

94. How is URL filtering accomplished?


A. With a Web sense server

B. With a Cisco IDS

C. With a PIX failover unit

D. URL filtering is not supported


Author:

Bill Buchanan

Author:

Bill Buchanan

95. What is the default time
-
out for authentication
proxy?


A. 60 seconds

B. 6 minutes

C. 60 minutes

D. 360 seconds


Author:

Bill Buchanan

Author:

Bill Buchanan

96. What traffic is identified in the inbound access
-
list on a CBAC router?


A. Permitting traffic to be inspected by CBAC

B. FTP

C. Denying traffic to be inspected by CBAC

D. HTTP


Author:

Bill Buchanan

Author:

Bill Buchanan

97. How do you map a port to a specific host?


A. You cannot map to a specific host

B. IP port
-
map http port 81 host 10.1.1.1

C. An access
-
list permitting the host is required

D. IP port
-
map http port 81 10.1.1.1


Author:

Bill Buchanan

Author:

Bill Buchanan

98. What command displays all security
associations?


A. show ipsec security
-
associations

B. show ipsec security
-
associations

C. show ip security
-
associations

D. show ipsec security
-
associations all


Author:

Bill Buchanan

Author:

Bill Buchanan

99. When do you need an access
-
list applied
inbound to the inside interface?


A. When you want to block all outbound traffic

B. When you want to control the outbound traffic

C. Access
-
list cannot be applied to the inside interface

D. When you want to control inbound public traffic


Author:

Bill Buchanan

Author:

Bill Buchanan

100. What does CBAC stand for?


A. Control Based on Access list

B. Cisco Based Accounting Control.

C. Context Based Access Control

D. Cisco Based Access Control


Author:

Bill Buchanan

Author:

Bill Buchanan

101. How does the PIX initiate new IPSec security
associations using dynamic crypto maps?


A. By sending its public key to the remote peer

B. By sending an IKE key to the remote peer

C. By sending security association request to the
remote peer

D. The PIX cannot initiate an IPSec sa using dynamic
crypto maps


Author:

Bill Buchanan

Author:

Bill Buchanan

102. What is the purpose of a Web sense server?


A. To host our website

B. It is a syslog server for the PIX

C. URL filtering

D. To monitor the state of your Internet connection


Author:

Bill Buchanan

Author:

Bill Buchanan

103. How are outbound UDP sessions handled?


A. A connection state is maintained on the PIX.

B. All UDP traffic is permitted inbound unless blocked
with an access
-
list

C. The PIX does not recognize UDP sessions

D. All UDP traffic is blocked outbound unless permitted
with an access
-
list


Author:

Bill Buchanan

Author:

Bill Buchanan

104. How does a user receive a login screen
through authentication proxy?


A. Clicking on the authentication proxy icon on the
desktop

B. They do not, as authentication proxy uses their NT
login

C. By opening a Internet browser

D. From a command prompt


Author:

Bill Buchanan

Author:

Bill Buchanan

105. What command enables AAA on a Cisco
router?


A. aaa radius

B. aaa enable

C. enable aaa

D. aaa new
-
model


Author:

Bill Buchanan

Author:

Bill Buchanan

106. What does the "conduit" command do?


A. Nothing, the conduit is not a valid command on the
PIX

B. Enables the conduit interface on the PIX.

C. Permits/denies traffic if the specified conditions are
met.

D. Maps a local address to a global address.


Author:

Bill Buchanan

Author:

Bill Buchanan

107. What are the two ways security associations
can be established? (choose 2)


A. Manual

B. CRYPTO

C. ISAKMP

D. IKE.


Author:

Bill Buchanan

Author:

Bill Buchanan

108. How do you determine the amount of memory
and flash installed in the PIX?


A. show flash

B. show dram

C. show version

D. show memory


Author:

Bill Buchanan

Author:

Bill Buchanan

109. What is the purpose of PAM?


A. To identify users via port mapping

B. To create address pools for NAT

C. There is no such feature

D. To customize TCP & UDP port numbers


Author:

Bill Buchanan

Author:

Bill Buchanan

110. Which interfaces does the PIX send "hello"
packets out of for failover?


A. Only interfaces directly connected to each other

B. Inside

C. All including the failover cable

D. None, just over the failover cable


Author:

Bill Buchanan

Author:

Bill Buchanan

111. What is the purpose of the xlate command?


A. To configure translations

B. To configure PIX global timeouts

C. Xlate is not a valid command

D. To view and clear translations


Author:

Bill Buchanan

Author:

Bill Buchanan

112. How do you clear the logging buffer?


A. clear buffer

B. delete log

C. clear logging

D. delete log


Author:

Bill Buchanan

Author:

Bill Buchanan

113. What command saves the CA settings &
policies?


A. ca save all

B. save ca

C. Write memory

D. They cannot be saved


Author:

Bill Buchanan

Author:

Bill Buchanan

114. How is the configuration maintained between
the primary PIX and the standby unit?


A. Standby is configured and configuration is replicated
to primary

B. Primary is configured and configuration is replicated
to standby

C. Both must be configured separately

D. The standby does not maintain a current
configuration until failover occurs


Author:

Bill Buchanan

Author:

Bill Buchanan

115. How does CBAC allow traffic through the
router?


A. All traffic is blocked by the router

B. Traffic must be permitted in the pre
-
configured
access
-
list

C. All traffic is allowed through

D. Using access
-
list entries


Author:

Bill Buchanan

Author:

Bill Buchanan

116. In the following command, what does the
keyword "http" represent?


Ip port
-
map http port 81


A. It identifies the table for the port
-
mapping to
reference

B. Nothing, the command is invalid

C. it identifies the application name

D. it redirects all http traffic from port 80


Author:

Bill Buchanan

Author:

Bill Buchanan

117. What is the purpose of the "nameif"
command?


A. To shutdown an interface on the PIX

B. To enable an interface on the PIX

C. The nameif is not a valid PIX command.

D. To assign a security level and name to an interface.


Author:

Bill Buchanan

Author:

Bill Buchanan

118. How do you view the running configuration?


A. write terminal

B. show running
-
configuration

C. show all
-
configuration

D. show configuration


Author:

Bill Buchanan

Author:

Bill Buchanan

119. What platforms support CBAC? (choose all
that apply)


A. PIX 515

B. 1600

C. PIX 506

D. 2500


Author:

Bill Buchanan

Author:

Bill Buchanan

120. By default what are the two interface names
on the PIX Firewall? (choose 2)


A. Ethernet

B. DMZ

C. Serial

D. 100Mb

E. Inside

F. Outside


Author:

Bill Buchanan

Author:

Bill Buchanan

121. What command clears the IPSec security
associations?


A. clear ipsec sa

B. clear security
-
associations

C. clear ipsec

D. clear sa


Author:

Bill Buchanan

Author:

Bill Buchanan

122. How does activex blocking affect activex
traffic to servers identified by an alias command?


A. Allows activex traffic to the server

B. Inspects the activex applet from the servers

C. Does not block activex traffic from the server

D. Blocks all activex traffic from the server


Author:

Bill Buchanan

Author:

Bill Buchanan

Test 1

Author:

Prof Bill Buchanan

Author:

Bill Buchanan

Author:

Bill Buchanan

1.

In which type of attack does the potential intruder
attempt to discover and map out systems,
services, and vulnerabilities?


A

stake out

B

reconnaissance

C

tapping

D

sniffing

Author:

Bill Buchanan

Author:

Bill Buchanan

1.

In which type of attack does the potential intruder
attempt to discover and map out systems,
services, and vulnerabilities?


A

stake out

B

reconnaissance

C

tapping

D

sniffing

Author:

Bill Buchanan

Author:

Bill Buchanan

2.

Which type of attack prevents a user from
accessing the targeted file server?


A

Reconnaissance attack

B

Denial of service attack

C

Prevention of entry attack

D

Disruption of structure attack

Author:

Bill Buchanan

Author:

Bill Buchanan

2.

Which type of attack prevents a user from
accessing the targeted file server?


A

Reconnaissance attack

B

Denial of service attack

C

Prevention of entry attack

D

Disruption of structure attack

Author:

Bill Buchanan

Author:

Bill Buchanan

3.

Which type of action does the "ping sweep" pose
to an organization?


A

eavesdropping

B

reconnaissance

C

denial of service

D

unauthorized access

Author:

Bill Buchanan

Author:

Bill Buchanan

3.

Which type of action does the "ping sweep" pose
to an organization?


A

eavesdropping

B

reconnaissance

C

denial of service

D

unauthorized access

Author:

Bill Buchanan

Author:

Bill Buchanan

3.

Which type of action does the "ping sweep" pose
to an organization?


A

eavesdropping

B

reconnaissance


C

denial of service

D

unauthorized access

Author:

Bill Buchanan

Author:

Bill Buchanan

4.

An employee of ABC Company receives an e
-
mail from a
co
-
worker with an attachment. The employee opens the
attachment and receives a call from the network
administrator a few minutes later, stating that the
employee's machine has been attacked and is sending
SMTP messages. Which category of attack is this?


A

denial of service

B

trojan horse

C

port scanning

D

password attack

E

social engineering

Author:

Bill Buchanan

Author:

Bill Buchanan

4.

An employee of ABC Company receives an e
-
mail from a
co
-
worker with an attachment. The employee opens the
attachment and receives a call from the network
administrator a few minutes later, stating that the
employee's machine has been attacked and is sending
SMTP messages. Which category of attack is this?


A

denial of service

B

trojan horse


C

port scanning

D

password attack

E

social engineering

Author:

Bill Buchanan

Author:

Bill Buchanan

5.
What is a major characteristic of a Worm?


A

malicious software that copies itself into other
executable programs

B

tricks users into running the infected software

C

a set of computer instructions that lies dormant
until triggered by a specific event

D

exploits vulnerabilities with the intent of
propagating itself across a network

Author:

Bill Buchanan

Author:

Bill Buchanan

5.
What is a major characteristic of a Worm?


A

malicious software that copies itself into other
executable programs

B

tricks users into running the infected software

C

a set of computer instructions that lies dormant
until triggered by a specific event

D

exploits vulnerabilities with the intent of
propagating itself across a network


Author:

Bill Buchanan

Author:

Bill Buchanan

6.
A large investment firm has been attacked by a worm. In
which order should the network support team perform the
steps to mitigate the attack?


A. inoculation

B. treatment

C. containment

D. quarantine


A

C,A,D,B

B

A,B,C,D

C

A,C,B,D

D

D,A,C,B

E

C,B,A,D

Author:

Bill Buchanan

Author:

Bill Buchanan

6.
A large investment firm has been attacked by a worm. In
which order should the network support team perform the
steps to mitigate the attack?


A. inoculation

B. treatment

C. containment

D. quarantine


A

C,A,D,B

B

A,B,C,D

C

A,C,B,D

D

D,A,C,B

E

C,B,A,D

Author:

Bill Buchanan

Author:

Bill Buchanan

7
At XYZ Company, the policy for network use requires that
employees log in to a Windows domain controller when they
power on their work computers. Although XYZ does not
implement all possible security measures, outgoing traffic is
filtered using a firewall. Which security model is the
company using?


A

open access

B

closed access

C

hybrid access

D

restrictive access

Author:

Bill Buchanan

Author:

Bill Buchanan

7
At XYZ Company, the policy for network use requires that
employees log in to a Windows domain controller when they
power on their work computers. Although XYZ does not
implement all possible security measures, outgoing traffic is
filtered using a firewall. Which security model is the
company using?


A

open access

B

closed access

C

hybrid access

D

restrictive access

Author:

Bill Buchanan

Author:

Bill Buchanan

8

Which three of these are common causes of persistent
vulnerabilities in networks? (Choose three.)


A

new exploits in existing software

B

misconfigured hardware or software

C

poor network design

D

changes in the TCP/IP protocol

E

changes in the core routers on the Internet

F

end
-
user carelessness

Author:

Bill Buchanan

Author:

Bill Buchanan

8

Which three of these are common causes of persistent
vulnerabilities in networks? (Choose three.)


A

new exploits in existing software

B

misconfigured hardware or software

C

poor network design

D

changes in the TCP/IP protocol

E

changes in the core routers on the Internet

F

end
-
user carelessness

Author:

Bill Buchanan

Author:

Bill Buchanan

9.
A new network administrator is assigned the task of
conducting a risk assessment of the company's network.
The administrator immediately conducts a vulnerability
assessment. Which important task should the administrator
have completed first?


A

threat identification

B

security level application

C

patch and update deployment

D

asset identification

E

perimeter security upgrade

Author:

Bill Buchanan

Author:

Bill Buchanan

9.
A new network administrator is assigned the task of
conducting a risk assessment of the company's network.
The administrator immediately conducts a vulnerability
assessment. Which important task should the administrator
have completed first?


A

threat identification

B

security level application

C

patch and update deployment

D

asset identification

E

perimeter security upgrade

Author:

Bill Buchanan

Author:

Bill Buchanan

10.A company deployed a web server on the company DMZ to
provide external web services. While reviewing firewall log
files, the administrator discovered that a connection was
made to the internal e
-
mail server from the web server in
DMZ. After reviewing the e
-
mail server logs, the
administrator discovered that an unauthorized account was
created. What type of attack was successfully carried out?


A

phishing

B

port redirection

C

trust exploitation

D

man
-
in
-
the
-
middle

Author:

Bill Buchanan

Author:

Bill Buchanan

10.A company deployed a web server on the company DMZ to
provide external web services. While reviewing firewall log
files, the administrator discovered that a connection was
made to the internal e
-
mail server from the web server in
DMZ. After reviewing the e
-
mail server logs, the
administrator discovered that an unauthorized account was
created. What type of attack was successfully carried out?


A

phishing

B

port redirection

C

trust exploitation

D

man
-
in
-
the
-
middle

Author:

Bill Buchanan

Author:

Bill Buchanan

11.Users are unable to access a company server. The system
logs show that the server is operating slowly because it is
receiving a high level of fake requests for service. Which
type of attack is occurring?


A

reconnaissance

B

access

C

DoS

D

worms, viruses, and Trojan horses

Author:

Bill Buchanan

Author:

Bill Buchanan

11.Users are unable to access a company server. The system
logs show that the server is operating slowly because it is
receiving a high level of fake requests for service. Which
type of attack is occurring?


A

reconnaissance

B

access

C

DoS

D

worms, viruses, and Trojan horses

Author:

Bill Buchanan

Author:

Bill Buchanan

12.Which two are examples of Distributed Denial of Service
attacks? (Choose two.)


A

SYN Flood

B

Stacheldraht

C

Ping of Death

D

Smurf

E

WinNuke

F

Targa.c

Author:

Bill Buchanan

Author:

Bill Buchanan

12.Which two are examples of Distributed Denial of Service
attacks? (Choose two.)


A

SYN Flood

B

Stacheldraht

C

Ping of Death

D

Smurf

E

WinNuke

F

Targa.c

Author:

Bill Buchanan

Author:

Bill Buchanan

13.Which two of these are examples of DDoS network attacks?
(Choose two.)


A

smurf attack

B

Tribal Flood Network (TFN)

C

teardrop.c

D

man
-
in
-
the
-
middle attack

E

port redirection

F

social engineering

Author:

Bill Buchanan

Author:

Bill Buchanan

13.Which two of these are examples of DDoS network attacks?
(Choose two.)


A

smurf attack

B

Tribal Flood Network (TFN)

C

teardrop.c

D

man
-
in
-
the
-
middle attack

E

port redirection

F

social engineering

Author:

Bill Buchanan

Author:

Bill Buchanan

14.Which Cisco tool can be used to convert Cisco PIX Security
Appliance
conduit

statements to equivalent
access
-
list

statements?


A

Cisco AutoSecure

B

Output Interpreter

C

Cisco Router Audit Tool

D

Microsoft Baseline Security Analyzer

E

PIX Outbound/Conduit Conversion Tool

Author:

Bill Buchanan

Author:

Bill Buchanan

14.Which Cisco tool can be used to convert Cisco PIX Security
Appliance
conduit

statements to equivalent
access
-
list

statements?


A

Cisco AutoSecure

B

Output Interpreter

C

Cisco Router Audit Tool

D

Microsoft Baseline Security Analyzer

E

PIX Outbound/Conduit Conversion Tool

Author:

Bill Buchanan

Author:

Bill Buchanan

15.Which tool is used to test security by rapidly
performing a port scan of a single host or a range
of hosts?


A

Cisco Router Audit Tool (RAT)

B

Microsoft Baseline Security Analyzer

C

Network Mapper (Nmap)

D

Cisco AutoSecure

Author:

Bill Buchanan

Author:

Bill Buchanan

15.Which tool is used to test security by rapidly
performing a port scan of a single host or a range
of hosts?


A

Cisco Router Audit Tool (RAT)

B

Microsoft Baseline Security Analyzer

C

Network Mapper (Nmap)

D

Cisco AutoSecure

Author:

Bill Buchanan

Author:

Bill Buchanan

16.Which two are technological weaknesses that can lead to a
breach in an organization's security? (Choose two.)


A

software compatibility weakness

B

DHCP security weakness

C

TCP/IP protocol weakness

D

operating system weakness

E

LDAP weakness

Author:

Bill Buchanan

Author:

Bill Buchanan

16.Which two are technological weaknesses that can lead to a
breach in an organization's security? (Choose two.)


A

software compatibility weakness

B

DHCP security weakness

C

TCP/IP protocol weakness

D

operating system weakness

E

LDAP weakness

Author:

Bill Buchanan

Author:

Bill Buchanan

Test 2

Author:

Prof Bill Buchanan

Author:

Bill Buchanan

Author:

Bill Buchanan

1

What is the effect of applying this command to a Cisco
router?


router(config)# no service finger



A

UNIX commands are disabled on the router.

B

All TCP/IP services are disabled.

C

PING usage is disabled.

D

Users logged into the router remotely will not be able to see
if other users are logged into the router.

Author:

Bill Buchanan

Author:

Bill Buchanan

2
Why does SSH provide better security than Telnet?


A

SSH compresses data while Telnet does not compress data.

B

SSH encrypts data with private key while Telnet uses public
key.

C

SSH encrypts data while Telnet uses clear text in
transmitting data.

D

SSH encrypts data with public key while Telnet uses
hashing algorithm.



Author:

Bill Buchanan

Author:

Bill Buchanan

2
Why does SSH provide better security than Telnet?


A

SSH compresses data while Telnet does not compress data.

B

SSH encrypts data with private key while Telnet uses public
key.

C

SSH encrypts data while Telnet uses clear text in
transmitting data.

D

SSH encrypts data with public key while Telnet uses
hashing algorithm.



Author:

Bill Buchanan

Author:

Bill Buchanan

3

The network administrator of company XYZ likes to secure
routers by disabling the password recovery procedure for
anyone who gains physical access to the router. Which
command would be used to achieve this goal?



A

router(config)# no rommon
-
mode

B

router(config)# no password
-
recovery

C

router(config)# no service password
-
recovery

D

router(config)# no rommon
-
password recovery





Author:

Bill Buchanan

Author:

Bill Buchanan

3

The network administrator of company XYZ likes to secure
routers by disabling the password recovery procedure for
anyone who gains physical access to the router. Which
command would be used to achieve this goal?



A

router(config)# no rommon
-
mode

B

router(config)# no password
-
recovery

C

router(config)# no service password
-
recovery

D

router(config)# no rommon
-
password recovery





Author:

Bill Buchanan

Author:

Bill Buchanan

4

A partial router configuration is shown in the graphic. The network
administrator adds the following command at the router prompt.


router(config)#
security passwords min
-
length 10



Which of the following is correct?

A

The current password will continue to be used as a valid password
until changed.

B

No password is required.

C

The current password is invalid and will not allow a login.

D

A password that is at least ten characters long must immediately
be implemented for a successful login.


version 12.3

hostname router

line con 0

line aux 0

line vty 0 4


login


password cisco

Author:

Bill Buchanan

Author:

Bill Buchanan

4

A partial router configuration is shown in the graphic. The network
administrator adds the following command at the router prompt.


router(config)#
security passwords min
-
length 10



Which of the following is correct?

A

The current password will continue to be used as a valid
password until changed.

B

No password is required.

C

The current password is invalid and will not allow a login.

D

A password that is at least ten characters long must immediately
be implemented for a successful login.


version 12.3

hostname router

line con 0

line aux 0

line vty 0 4


login


password cisco

Author:

Bill Buchanan

Author:

Bill Buchanan

5
Which two steps are necessary to ensure that your HIDS
and HIPS do not miss any exploits? (Choose two.)


A

upgrade the HIDS and HIPS software as new versions are
released

B

perform periodic vulnerability assessment

C

monitor alerts and logs

D

update signatures on a regular basis

E

ensure that all security patches are loaded on the host
machine

Author:

Bill Buchanan

Author:

Bill Buchanan

5
Which two steps are necessary to ensure that your HIDS
and HIPS do not miss any exploits? (Choose two.)


A

upgrade the HIDS and HIPS software as new versions are
released

B

perform periodic vulnerability assessment

C

monitor alerts and logs

D

update signatures on a regular basis

E

ensure that all security patches are loaded on the host
machine

Author:

Bill Buchanan

Author:

Bill Buchanan

6
The Security Wheel promotes a continuous
process to retest and reapply updated security
measures. What is the core or

hub


component
of the Security Wheel?


A

testing policy

B

monitor

C

improve

D

security policy

Author:

Bill Buchanan

Author:

Bill Buchanan

6
The Security Wheel promotes a continuous
process to retest and reapply updated security
measures. What is the core or

hub


component
of the Security Wheel?


A

testing policy

B

monitor

C

improve

D

security policy

Author:

Bill Buchanan

Author:

Bill Buchanan

7
After providing for all operational requirements of the
network, the network support team has determined that the
servers should be hardened against security threats so that
the network can operate at full potential. At which stage of
the network life cycle does server hardening occur?


A

planning

B

design

C

implementation

D

operation

E

optimization

Author:

Bill Buchanan

Author:

Bill Buchanan

7
After providing for all operational requirements of the
network, the network support team has determined that the
servers should be hardened against security threats so that
the network can operate at full potential. At which stage of
the network life cycle does server hardening occur?


A

planning

B

design

C

implementation

D

operation

E

optimization

Author:

Bill Buchanan

Author:

Bill Buchanan

8

What are three major functions performed by the security management
subsystem, CiscoWorks VMS? (Choose three.)



A to manage access control lists for Cisco PIX Security Appliances

B to enforce access control policies between two processes running on a server

C to capture and analyze network traffic, and respond to network intrusions

D to identify sensitive network resources

E to respond to first
-
stage denial of service network attacks

F to monitor and log access to network resources






Author:

Bill Buchanan

Author:

Bill Buchanan

8

What are three major functions performed by the security management
subsystem, CiscoWorks VMS? (Choose three.)



A to manage access control lists for Cisco PIX Security Appliances


B to enforce access control policies between two processes running on a server

C to capture and analyze network traffic, and respond to network intrusions

D to identify sensitive network resources


E to respond to first
-
stage denial of service network attacks

F to monitor and log access to network resources







Author:

Bill Buchanan

Author:

Bill Buchanan

9

A network administrator has just completed security training
and has decided to change from HIDS to HIPS to protect
hosts. Which of these would be a major advantage gained
from the change?



A HIPS does not require host
-
based client software.

B HIPS would prevent the need to update signature files as often.

C HIPS would be able to prevent intrusions.

D HIPS would consume fewer system resources.





Author:

Bill Buchanan

Author:

Bill Buchanan

9

A network administrator has just completed security training
and has decided to change from HIDS to HIPS to protect
hosts. Which of these would be a major advantage gained
from the change?



A HIPS does not require host
-
based client software.

B HIPS would prevent the need to update signature files as often.

C HIPS would be able to prevent intrusions.

D HIPS would consume fewer system resources.





Author:

Bill Buchanan

Author:

Bill Buchanan

10

A network administrator installs a new stateful firewall.
Which type of security solution is this?



A secure connectivity

B threat defense

C policy enforcement

D trust and identity

E authentication







Author:

Bill Buchanan

Author:

Bill Buchanan

10

A network administrator installs a new stateful firewall.
Which type of security solution is this?



A secure connectivity

B threat defense

C policy enforcement

D trust and identity

E authentication







Author:

Bill Buchanan

Author:

Bill Buchanan

11

XYZ Company recently adopted software for installation on
critical servers that will detect malicious attacks as they
occur. In addition, the software will stop the execution of the
attacks and send an alarm to the network administrator.
Which technology does this software utilize?


A host
-
based intrusion detection

B host
-
based intrusion protection

C host
-
based intrusion prevention

D host
-
based intrusion notification

Author:

Bill Buchanan

Author:

Bill Buchanan

11

XYZ Company recently adopted software for installation on
critical servers that will detect malicious attacks as they
occur. In addition, the software will stop the execution of the
attacks and send an alarm to the network administrator.
Which technology does this software utilize?


A host
-
based intrusion detection

B host
-
based intrusion protection

C host
-
based intrusion prevention

D host
-
based intrusion notification

Author:

Bill Buchanan

Author:

Bill Buchanan

12

A security team is charged with hardening network devices.
What must be accomplished first before deciding how to
configure security on any device?



A Audit all relevant network devices.

B Document all router configurations.

C Create or update security policies.

D Complete a vulnerability assessment.



Author:

Bill Buchanan

Author:

Bill Buchanan

12

A security team is charged with hardening network devices.
What must be accomplished first before deciding how to
configure security on any device?



A Audit all relevant network devices.

B Document all router configurations.

C Create or update security policies.

D Complete a vulnerability assessment.



Author:

Bill Buchanan

Author:

Bill Buchanan

13

On a Monday morning, network engineers notice that the log files on the
central server are larger than normal. Examining the log reveals that the
majority of the entries are from sensors deployed on the perimeter of the
network. The logs reveal that a worm attack was successfully stopped by
the perimeter devices. Based on this information, which of these
technologies is this company using?



A NIDS using passive technology

B HIPS using passive technology

C NIDS using active technology

D HIDS using passive technology

E HIPS using active technology



Author:

Bill Buchanan

Author:

Bill Buchanan

13

On a Monday morning, network engineers notice that the log files on the
central server are larger than normal. Examining the log reveals that the
majority of the entries are from sensors deployed on the perimeter of the
network. The logs reveal that a worm attack was successfully stopped by
the perimeter devices. Based on this information, which of these
technologies is this company using?



A NIDS using passive technology

B HIPS using passive technology

C NIDS using active technology

D HIDS using passive technology

E HIPS using active technology



Author:

Bill Buchanan

Author:

Bill Buchanan

14

Which two objectives must a security policy accomplish?
(Choose two.)


A provide a checklist for the installation of secure servers

B describe how the firewall must be configured

C document the resources to be protected

D identify the security objectives of the organization


E identify the specific tasks involved in hardening a router


Author:

Bill Buchanan

Author:

Bill Buchanan

14

Which two objectives must a security policy accomplish?
(Choose two.)


A provide a checklist for the installation of secure servers

B describe how the firewall must be configured

C document the resources to be protected

D identify the security objectives of the organization

E identify the specific tasks involved in hardening a router


Author:

Bill Buchanan

Author:

Bill Buchanan

15


Which router command will result in the router only
accepting passwords of 16 characters or more?



A service password
-
encryption

B enable secret min
-
length 16

C security passwords min
-
length 16

D security passwords max
-
length 16




Author:

Bill Buchanan

Author:

Bill Buchanan

15


Which router command will result in the router only
accepting passwords of 16 characters or more?



A service password
-
encryption

B enable secret min
-
length 16

C security passwords min
-
length 16

D security passwords max
-
length 16




Author:

Bill Buchanan

Author:

Bill Buchanan

16

Which command will encrypt all passwords in the router
configuration file?



A enable secret

B password encrypt all

C enable password
-
encryption

D service password
-
encryption

E no clear
-
text password






Author:

Bill Buchanan

Author:

Bill Buchanan

16

Which command will encrypt all passwords in the router
configuration file?



A enable secret

B password encrypt all

C enable password
-
encryption

D service password
-
encryption

E no clear
-
text password






Author:

Bill Buchanan

Author:

Bill Buchanan

17

MD5 can be used for authenticating routing protocol
updates for which three protocols? (Choose three.)



A RIPv1

B RIPv2

C IGRP

D EIGRP

E BGP






Author:

Bill Buchanan

Author:

Bill Buchanan

17

MD5 can be used for authenticating routing protocol
updates for which three protocols? (Choose three.)



A RIPv1

B RIPv2

C IGRP

D EIGRP

E BGP





Author:

Bill Buchanan

Author:

Bill Buchanan

18

Which configuration will allow an administrator to access the console port using a
password of password?



A

router(config)# line aux 0


router(config
-
line)# login


router(config
-
line)# password password

B

router(config)# line console 0


router(config
-
line)# login


router(config
-
line)# password password

C

router(config)# line console 0


router(config
-
line)# password password D

D

router(config)# line console 0


router(config
-
line)# access


router(config
-
line)# password password

E

router(config)# line vty 0


router(config
-
line)# password password

F

router(config)# line vty 0


router(config
-
line)# access


router(config
-
line)# password password

Author:

Bill Buchanan

Author:

Bill Buchanan

18

Which configuration will allow an administrator to access the console port using a
password of password?



A

router(config)# line aux 0


router(config
-
line)# login


router(config
-
line)# password password

B

router(config)# line console 0


router(config
-
line)# login


router(config
-
line)# password password

C

router(config)# line console 0


router(config
-
line)# password password D

D

router(config)# line console 0


router(config
-
line)# access


router(config
-
line)# password password

E

router(config)# line vty 0


router(config
-
line)# password password

F

router(config)# line vty 0


router(config
-
line)# access


router(config
-
line)# password password

Author:

Bill Buchanan

Author:

Bill Buchanan

19
Which command sets the inactivity timer, for a particular
line or group of lines, to four minutes and fifteen seconds?


A

router(config)# line
-
timeout 4 15

B

router(config
-
line)# line
-
timeout 4 15

C

router(config
-
line)# exec
-
timeout 255

D

router(config
-
line)# timeout 255

E

router(config
-
line)# exec
-
timeout 4 15

F

router(config
-
line)# line
-
timeout 255


Author:

Bill Buchanan

Author:

Bill Buchanan

19
Which command sets the inactivity timer, for a particular
line or group of lines, to four minutes and fifteen seconds?


A

router(config)#
line
-
timeout 4 15


B

router(config
-
line)#
line
-
timeout 4 15


C

router(config
-
line)#
exec
-
timeout 255


D

router(config
-
line)#
timeout 255


E

router(config
-
line)# exec
-
timeout 4 15

F

router(config
-
line)#
line
-
timeout 255



Author:

Bill Buchanan

Author:

Bill Buchanan

20

Which encryption type uses the MD5 hash
algorithm?



A Type 0

B Type 1

C Type 5

D Type 7



Author:

Bill Buchanan

Author:

Bill Buchanan

20

Which encryption type uses the MD5 hash
algorithm?



A Type 0

B Type 1

C Type 5

D Type 7



Author:

Bill Buchanan

Author:

Bill Buchanan

21

Real
-
time intrusion detection occurs at which stage of the
Security Wheel?



A securing stage

B monitoring stage

C testing stage

D improvement stage

E reconnaissance stage





Author:

Bill Buchanan

Author:

Bill Buchanan

21

Real
-
time intrusion detection occurs at which stage of the
Security Wheel?



A securing stage

B monitoring stage

C testing stage

D improvement stage

E reconnaissance stage





Author:

Bill Buchanan

Author:

Bill Buchanan

22

Which privilege level has the most access to the Cisco
IOS?



A level 0

B level 1

C level 7

D level 15

E level 16

F level 20






Author:

Bill Buchanan

Author:

Bill Buchanan

22

Which privilege level has the most access to the Cisco
IOS?



A level 0

B level 1

C level 7

D level 15

E level 16

F level 20






Author:

Bill Buchanan

Author:

Bill Buchanan

Author:

Bill Buchanan

Author:

Bill Buchanan

1
Which algorithm implements stateful connection control
through the PIX Security Appliance?


A

Network Address Translation

B

Algorithm Access Control

C

Security Algorithm Adaptive

D

Security Algorithm

E

Spanning Tree Protocol Algorithm





Author:

Bill Buchanan

Author:

Bill Buchanan

2
Once the SDM startup wizard has been completed for the
first time, which two are required on a host PC for
connection to the Cisco router via HTTP or HTTPS using
SDM? (Choose two.)


A

IP address from 10.10.10.2 to 10.10.10.254

B

IP address from 10.0.0.2 to 10.0.0.254

C

IP address from 10.10.10.1 to 10.10.10.254

D

SSL capability

E

Java and JavaScript enabled on the browser

F

VPN connection



Author:

Bill Buchanan

Author:

Bill Buchanan

3
The Cisco Security Device Manager (SDM) allows
administrators to securely configure supported routers by
using which security protocol in Microsoft Internet Explorer?


A

IPSec

B

SSL

C

SSH

D

L2TP

E

PPTP


Author:

Bill Buchanan

Author:

Bill Buchanan

4
The network administrator for a small technology firm needs
to implement security on the network. The administrator
needs a PIX Security Appliance that will handle three
Ethernet interfaces. Which PIX model would be the best
choice for the company?


A

506E

B

515E

C

525

D

535

Author:

Bill Buchanan

Author:

Bill Buchanan

5
What is the maximum number of licensed users supported
by the Cisco 501 Security Appliance?


A

25

B

100

C

250

D

1000

E

2500

F

unlimited

Author:

Bill Buchanan

Author:

Bill Buchanan

6
A network administrator has received a Cisco PIX Security Appliance from another
division within the company. The existing configuration has IP addresses that will
cause problems on the network. What command sequence will successfully clear all
the existing IP addresses and configure a new IP address on ethernet0?


A

pix1(config)# clear ip all

pix1(config)# interface ethernet0

pix1(config
-
if)# ip address 192.168.1.2

B

pix1(config)# clear ip

pix1(config)# interface ethernet0

pix1(config
-
if)# ip address 192.168.1.2 255.255.255.0

C

pix1(config)# no ip address

pix1(config)# interface ethernet0

pix1(config
-
if)# ip address 192.168.1.2 255.255.255.0

D

pix1(config)# clear ip

pix1(config)# interface ethernet0

pix1(config
-
if)# ip address 192.168.1.2 0.0.0.255

Author:

Bill Buchanan

Author:

Bill Buchanan

7
A network team is configuring a Cisco PIX Security Appliance for
NAT so that local addresses are translated. The team is creating a
global address pool using a subnet of network 192.168.5.0 with a
27
-
bit mask. What is the proper syntax to set up this global
address pool?


A

pix1(config)# global (inside) 1 192.168.5.33
-
192.168.5.62

B

pix1(config)# global (outside) 1 192.168.5.33
-
192.168.5.62

C

pix1(config)# global (inside) 1 192.168.5.65
-
192.168.5.95

D

pix1(config)# global (outside) 1 192.168.5.65
-
192.168.5.95

E

pix1(config)# global (inside) 1 192.168.5.64
-
192.168.5.127

F

pix1(config)# global (outside) 1 192.168.5.65
-
192.168.5.127

Author:

Bill Buchanan

Author:

Bill Buchanan

8
Which command displays the value of the
activation key?


A

write net

B

show version