NETW 450 Final Answers
Question 1. 1. (TCO 1) The component of network security that ensures that
authorized users have access to data and network resources is _____. (Points :
6)
data integrity
data confidentiality
data and system
availability
data and user
authentication
Question 2. 2. (TCO 1) The type of security control that makes use of firewalls
is called _____. (Points : 6)
administrative
physical
technical
clerical
Question 3. 3. (TCO 2) To configure a role-based CLI on a Cisco router, the first
command to enter in privileged mode is _____. (Points : 6)
parser view
view enable
enable view
config view
super view
Question 4. 4. (TCO 2) The show running-config output can be modified using all
of the following pipes except for _____. (Points : 6)
| begin
| end
| include
| exclude
Question 5. 5. (TCO 3) Which of the following is the default number of MAC
addresses allowed when you execute the switchport port-security command on a
switch port? (Points : 6)
Zero
One
Two
Three
Question 6. 6. (TCO 3) Which switch feature causes a port to skip the listening
and learning states, causing the port to enter the forwarding state very
quickly? (Points : 6)
fastport
portfast
enablefast
portforward
Question 7. 7. (TCO 4) With zone-based firewalls, which of the following is used
to specify actions to be taken when traffic matches a criterion? (Points : 6)
Zones
Class maps
Policy maps
Zone pairs
Question 8. 8. (TCO 4) Which type of access list uses rules placed on the
interface where allowed traffic initiates and permits return traffic for TCP,
UDP, SMTP, and other protocols? (Points : 6)
Established
Lock and key
Reflexive
CBAC
Question 9. 9. (TCO 5) Which AAA server protocol offers support for ARAP and
NETBEUI protocols as well as IP? (Points : 6)
CSACS
RADIUS
OpenACS
TACACS+
Question 10. 10. (TCO 5) Which of the following is not considered a component of
AAA? (Points : 6)
Authentication
Authorization
Accounting
Administration
Question 11. 11. (TCO 6) The Cisco IOS command that will display all current IKE
security associations (SAs) is _____. (Points : 6)
show crypto ipsec
show crypto isakmp
show crypto ipsec sa
show crypto isakmp sa
show crypto ike sa
Question 12. 12. (TCO 6) The Cisco IOS firewall crypto isakmp policy mode command
that will set the isakmp security association lifetime is _____. (Points : 6)
lifetime {days}
lifetime {seconds}
set lifetime {days}
set lifetime {seconds}
Question 13. 13. (TCO 7) Cisco routers implementing IPS can save IPS events in a
Syslog server by executing which of the following commands? (Points : 6)
ip ips log {IP
Address}
ip ips notify syslog
ip ips notify log
ip ips notify sdee
Question 14. 14. (TCO 7) Which of the following is not an action that can be
performed by the IOS firewall IDS router when a packet or packet stream matches
a signature? (Points : 6)
Drop the packet
immediately.
Send an alarm to the
Cisco IOS designated Syslog server.
Set the packet reset
flag and forward the packet through.
Block all future data
from the source of the attack for a specified time.
Question 15. 15. (TCO 1) Explain how to mitigate a Smurf attack. (Points : 24)
Question 16. 16. (TCO 2) Type the global configuration mode and line configuration
mode commands that are required to secure the VTY lines 0 through 15 to use the
local username admin with the encrypted password adminpass for remote Telnet or
SSH log-ins to the Cisco router. (Points : 24)
Question 17. 17. (TCO 3) What are at least two best practices that should be
implemented for unused ports on a Layer 2 switch for switch security? (Points :
24)
Question 18. 18. (TCO 4) Given the commands shown below and assuming F0/0 is the
inside interface of the network, explain what this ACL does.
access-list 100 permit
tcp any any eq 80 time-range MWF
time-range MWF
periodic Monday
Wednesday Friday 8:00 to 17:00
time-range
absolute start 00:00
30 Sept 2014 end 01:00 30 Sept 2014
int f0/0
ip access-group 100 in
Correct Answer: (Points : 24)
Question 19. 19. (TCO 5) Type two global configuration mode commands that enable
AAA authentication and configure a default log-in method list. Use a TACACS+
server first, then a local username and password, and finally the enable
password. (Points : 24)
Question 20. 20. (TCO 6) Discuss the data encryption algorithms DES and 3DES.
Discuss the key lengths, and rank the algorithms in order of best security.
(Points : 24)
Question 21. 21. (TCO 7) Explain the two benefits of Cisco IPS version 5.x
signature format over the Cisco IPS version 4.x signature format. (Points : 22)
Tags: NETW450 Advanced Network Security with Lab, NETW 450 Final Answers, NETW450 Advanced Network Security,
No comments:
Post a Comment