-
As a network engineer, do you know for what purpose SDM uses Security Device Event Exchange(SDEE)?()
A . to provide a keepalive mechanism
B . to pull event logs from the router
C . to extract relevant SNMP information
D . to perform application-level accounting
-
You are tasked with designing a security solution for your network. What information should be gathered prior to designing the solution?()
A . IP addressing design plans so that the network can be appropriately segmented to mitigate potential network threats
B . detailed security device specifications
C . results from pilot network testing
D . results from a network audit
-
The Company security administrator is concerned with layer 2 network attacks. Which two statements about these attacks are true? ()
A . ARP spoofing attacks are attempts to redirect traffic to an attacking host by encapsulating a false 802.1Q header on a frame and causing traffic to be delivered to the wrong VLAN.
B . ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP message with a forged identity to a transmitting host.
C . MAC address flooding is an attempt to force a switch to send all information out every port byoverloading the MAC address table.
D . ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP packet that contains the forged address of the next hop router.
E . MAC address flooding is an attempt to redirect traffic to a single port by associating that port with all MAC addresses in the VLAN.
-
When creating a network security solution, which two pieces of information should you have previously obtained to assist in designing the solution? ()
A . a list of existing network applications currently in use on the network
B . network audit results to uncover any potential security holes
C . a planned Layer 2 design solution
D . a proof-of-concept plan
E . device configuration template
-
Why would a network administrator configure port security on a switch?()
A . to prevent unauthorized Telnet access to a switch port
B . to limit the number of Layer 2 broadcasts on a particular switch port
C . to prevent unauthorized hosts from accessing the LAN
D . to protect the IP and MAC address of the switch and associated ports
E . to block unauthorized access to the switch management interfaces over common TCP port
-
A network administrator needs to configure port security on a switch.which two statements are true?()
A . The network administrator can apply port security to dynamic access ports
B . The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
C . The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.
D . The network administrator can apply port security to EtherChannels.
E . When dynamic mac address learning is enabled on an interface,the switch can learn new addresses,up to the maximum defined.
-
You are tasked with designing a security solution for your network. What information should be gathered prior to designing the solution?()
A . IP addressing design plans so that the network can be appropriately segmented to mitigate potential network threats
B . a list of the customer requirements
C . detailed security device specifications
D . results from pilot network testing
-
What are two security appliances that can be installed in a network?()
A . ATM
B . IDS
C . IOS
D . IOX
E . IPS
F . SDM
-
What should be part of a comprehensive network security plan()。
A . Allow users to develop their own approach to network security
B . Physically secure network equipment from potential access by unauthorized individuals
C . Encourage users to use personal information in their passwords to minimize the likelihood of passwords being forgotten
D . Delay deployment of software patches and updates until their effect on end-user equipment is well known and widely reported
E . Minimize network overhead by deactivating automatic antivirus client update
-
The Company security administrator wants to prevent VLAN hopping on the network. What is one method that can be used to do this? ()
A . Attacks are prevented by utilizing the port-security feature.
B . An end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.
C . Configuring an interface with the switchport mode dynamic command will prevent VLAN hopping.
D . An end station attempts to redirect VLAN traffic by transmitting Ethernet frames in the 802.1q encapsulation.
E . Configuring an interface with the "switchport mode access" command will prevent VLAN hopping.
-
A network vulnerability scanner is part of which critical element of network and system security?()
A . host security
B . perimeter security
C . security monitoring
D . policy management
-
Why would a network administrator configure port security on a switch()。
A . to prevent unauthorized Telnet access to a switch port
B . to limit the number of Layer 2 broadcasts on a particular switch port
C . to prevent unauthorized hosts from accessing the LAN
D . to protect the IP and MAC address of the switch and associated ports
E . to block unauthorized access to the switch management interfaces over common TCP port
-
A network vulnerability scanner is part of which critical element of network and system security?()
A . host security
B . perimeter security
C . security monitoring
D . policy management
-
The Cisco network-based virtual firewall service solution helps service providers to deliver cost-effective, scalable, integrated security services for enterprise customers using Cisco platforms.What is a virtual firewall?()
A . another name for a firewall deployed in routed mode
B . another name for a firewall deployed in transparent mode
C . a separation of multiple firewall security contexts on a single firewall
D . a firewall that, when deployed in routed mode, can support up to 1000 VLANs per context
-
The Cisco network-based virtual firewall service solution helps service providers to deliver costeffective, scalable, integrated security services for enterprise customers using Cisco platforms .What is a virtual firewall?()
A . another name for a firewall deployed in routed mode
B . another name for a firewall deployed in transparent mode
C . a separation of multiple firewall security contexts on a single firewall
D . a firewall that, when deployed in routed mode, can support up to 1000 VLANs per context
-
You are designing a security strategy for users who need remote access to the corporate network. What should you do?()
A . Configure Internet Authentication Service (IAS) for accounting.
B . Configure the server running Routing and Remote Access to support L2TP.
C . Configure the server running Routing and Remote Access to restrict dial-in traffic to the NewApp servers only.
D . Create a separate account for remote access users. Configure these accounts to access the NewApp server only.
-
What are two security appliances that can be installed in a network (Choose two.)()。
A . ATM
B . IDS
C . IOS
D . IOX
E . IPS
F . SDM
-
What are two advantages that the Cisco SA 520 all-in-one UTM security device has over implementing a typical router in a small business network?()
A . Cisco Intrusion Prevention System
B . higher bandwidth
C . virtual private networks
D . access control lists
E . URL filtering
-
You need to design a Security strategy for the wireless network at all resort locations.What should you do?()
A . Connect the wireless access points to a dedicated subnet. Allow the subnet direct access to the Internet,but not to the company network.Require company users to establish a VPN to access company resources
B . Install Internet Authentication Service (IAS) on a domain controller.Configure the wireless access points to require IEEE 802.1x authentication
C . Establish IPSec policies on all company servers to request encryption from all computers that connect from the wireless IP networks
D . Configure all wireless access points to require the Wired Equivalent Privacy (WEP) protocol for all connections. Use a Group Policy object (GPO) to distribute the WEP keys to all computers in the domai
-
pany is implementing 802.1X in order to increase network security. In the use of 802.1X access control, which three protocols are allowed through the switch port before authentication takes place? ()
A . EAP-over-LAN
B . EAP MD5
C . STP
D . protocols not filtered by an ACL
E . CDP
F . TACACS+
-
Companycom is installing a p5 590 with a HMC to manage LPARs. The customer is very concerned about security and wants to restrict network traffic that is not necessary. What is necessary for communication between the LPARs and the HMC?()
A . An administrative VLAN with port 1808
B . Port 657 which must remain open to TCP/IP and UDP traffic
C . Network addresses are provided by DHCP services on the network
D . DHCP on the HMC is required to be on to communicate between LPAR and HMC
-
Your network consists of a single Active Directory domain. The domain contains a server namedServer1 that runs Windows Server 2003 Service Pack 2 (SP2).Your company’s security policy states that domain users must be prevented from logging on to Server1 ifa domain controller is unavailable.You disconnect Server1 from the network and discover that you can log on to Server1.You need to configure Server1 to comply with the company’s security policy.What should you do on Server1?()
A. From the local security policy, modify the Security Options.
B. From the local security policy, modify the User Rights Assignment.
C. From Active Directory Users and Computers, modify the properties of the Server1 account.
D. From Active Directory Users and Computers, modify the properties of the Domain Computers group.
-
You are a network administrator for your company. The network consists of a single Active Directorydomain.A user named Mary works in the information technology security department. Mary is a member of theITSecurity global group. Mary reports that no one in the ITSecurity global group can access the securitylog from the console of a computer named Server1.You need to grant the ITSecurity global group the minimum rights necessary to view the security log onServer1.How should you modify the local security policy?()
A. Assign the Generate security audits user right to the ITSecurity global group.
B. Assign the Manage auditing and security logs user right to the ITSecurity global group.
C. Assign the Allow logon through Terminal Services user right to the ITSecurity global group.
D. Assign the Act as part of the operating system user right to the ITSecurity global group.
