Which two tasks are associated with router hardening? (Choose two.)

disabling unused ports and interfaces

using uninterruptible power supplies

installing the maximum amount of memory possible

placing the router in a secure room

Which statement describes a characteristic of the IKE protocol?

It uses UDP port 500 to exchange IKE information between the security gateways.

The purpose of IKE Phase 2 is to negotiate a security association between two IKE peers.

It allows for the transmission of keys directly across a network.

IKE Phase 1 can be implemented in three different modes: main, aggressive, or quick.

Which command raises the privilege level of the ping command to 7?

authorization exec ping level 7

What is a characteristic of a role-based CLI view of router configuration?

A single CLI view can be shared within multiple superviews.

When a superview is deleted, the associated CLI views are deleted.

A CLI view has a command hierarchy, with higher and lower views.

What is a limitation to using OOB management on a large enterprise network?

All devices appear to be attached to a single management network.

OOB management requires the creation of VPNs.

Terminal servers can have direct console connections to user devices needing management.

Production traffic shares the network with management traffic.

Refer to the exhibit. A corporate network is using NTP to synchronize the time across devices. What can be determined from the displayed output?

Router03 is a stratum 2 device that can provide NTP service to other devices in the network.

The time on Router03 may not be reliable because it is offset by more than 7 seconds to the time server.

The interface on Router03 that connects to the time sever has the IPv4 address 209.165.200.225.

Router03 time is synchronized to a stratum 2 time server.

Refer to the exhibit. Which two conclusions can be drawn from the syslog message that was generated by the router? (Choose two.)

This message is a level 5 notification message.

This message indicates that service timestamps have been configured.

This message indicates that the interface should be replaced.

This message indicates that the interface changed state five times.

This message resulted from an unusual error requiring reconfiguration of the interface.

When describing malware, what is a difference between a virus and a worm?

A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently.

A virus can be used to deliver advertisements without user consent, whereas a worm cannot.

A virus can be used to launch a DoS attack (but not a DDoS), but a worm can be used to launch both DoS and DDoS attacks.

A virus focuses on gaining privileged access to a device, whereas a worm does not.

Consider the access list command applied outbound on a router serial interface. access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo reply What is the effect of applying this access list command?

No traffic will be allowed outbound on the serial interface.

The only traffic denied is echo-replies sourced from the 192.168.10.0/24 network. All other traffic is allowed.

The only traffic denied is ICMP-based traffic. All other traffic is allowed.

Users on the 192.168.10.0/24 network are not allowed to transmit traffic to any other destination.

Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table?

ipv6 traffic-filter ENG_ACL out

What is the best way to prevent a VLAN hopping attack?

Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports.

Use ISL encapsulation on all trunk links.

Use VLAN 1 as the native VLAN on trunk ports.

Disable STP on all nontrunk ports.

Match the type of ASA ACLs to the description.

extended access lists - used to specify source and destination addresses and protocol, ports, or the ICMP type webtype access lists - used to support filtering for clientless SSL VPN standard access lists - used to identify the destination IP addresses only EtherType access lists - used only if the security appliance is running in transparent mode

extended access lists - used only if the security appliance is running in transparent mode webtype access lists - used to identify the destination IP addresses only standard access lists - used to support filtering for clientless SSL VPN EtherType access lists - used to specify source and destination addresses and protocol, ports, or the ICMP type

extended access lists - used to specify source and destination addresses and protocol, ports, or the ICMP type webtype access lists - used to identify the destination IP addresses only standard access lists - used to support filtering for clientless SSL VPN EtherType access lists - used only if the security appliance is running in transparent mode

Network Security 1.0 part 1: Final Exam

Authored by Inferjus Inferjus

Information Technology (IT)

University

Used 2+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

30 questions

Show all answers

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Which statement describes a difference between the Cisco ASA IOS CLI feature and the router IOS CLI feature?

ASA uses the ? command whereas a router uses the help command to receive help on a brief description and the syntax of a command.

To complete a partially typed command, ASA uses the Ctrl+Tab key combination whereas a router uses the Tab key.

To indicate the CLI EXEC mode, ASA uses the % symbol whereas a router uses the # symbol.

To use a show command in a general configuration mode, ASA can use the command directly whereas a router will need to enter the do command before issuing the show command.

Answer explanation

The ASA CLI is a proprietary OS which has a similar look and feel to the Cisco router IOS. Although it shares some common features with the router IOS, it has its unique features. For example, an ASA CLI command can be executed regardless of the current configuration mode prompt. The IOS do command is not required or recognized. Both the ASA CLI and the router CLI use the # symbol to indicate the EXEC mode. Both CLIs use the Tab key to complete a partially typed command. Different from the router IOS, the ASA provides a help command that provides a brief command description and syntax for certain commands.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Refer to the exhibit. A network administrator is configuring AAA implementation on an ASA device. What does the option link3 indicate?

the specific AAA server name

the network name where the AAA server resides

the interface name

the sequence of servers in the AAA server group

MULTIPLE SELECT QUESTION

45 sec • 1 pt

What provides both secure segmentation and threat defense in a Secure Data Center solution?

intrusion prevention system
(IPS)

Adaptive Security Appliance
(ASA)

AAA server

Cisco Security Manager software
(CSM)

MULTIPLE SELECT QUESTION

45 sec • 1 pt

What are the three core components of the Cisco Secure Data Center solution? (Choose three.)

secure segmentation

visibility

threat defense

mesh network

servers

Answer explanation

Secure segmentation is used when managing and organizing data in a data center. Threat defense includes a firewall and intrusion prevention system (IPS). Data center visibility is designed to simplify operations and compliance reporting by providing consistent security policy enforcement.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

What are three characteristics of ASA transparent mode? (Choose three.)

This mode does not support VPNs, QoS, or DHCP Relay.

NAT can be implemented between connected networks.

This mode is referred to as a “bump in the wire.”

The interfaces of the ASA separate Layer 3 networks and require IP addresses in different subnets.

In this mode the ASA is invisible to an attacker.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

What is needed to allow specific traffic that is sourced on the outside network of an ASA firewall to reach an internal network?

ACL

NAT

outside security zone level 0

dynamic routing protocols

Answer explanation

In order to explicitly permit traffic from an interface with a lower security level to an interface with a higher security level, an ACL must be configured. By default, traffic will only flow from a higher security level to a lower.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

What will be the result of failed login attempts if the following command is entered into a router?
login block-for 150 attempts 4 within 90

All login attempts will be blocked for 4 hours if there are 90 failed attempts within 150 seconds.

All login attempts will be blocked for 150 seconds if there are 4 failed attempts within 90 seconds.

All login attempts will be blocked for 90 seconds if there are 4 failed attempts within 150 seconds.

All login attempts will be blocked for 1.5 hours if there are 4 failed attempts within 150 seconds.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Popular Resources on Wayground

19 questions

Naming Polygons

Quiz

•

3rd Grade

10 questions

Prime Factorization

Quiz

•

6th Grade

20 questions

Math Review

Quiz

•

3rd Grade

15 questions

Fast food

Quiz

•

7th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

19 questions

Classifying Quadrilaterals

Quiz

•

3rd Grade

Discover more resources for Information Technology (IT)

50 questions

ELA EOG Prep 7th Grade

Quiz

•

KG - University

20 questions

Guess The App

Quiz

•

KG - Professional Dev...

11 questions

dog breeds

Quiz

•

3rd Grade - Professio...

11 questions

NFL Football logos

Quiz

•

KG - Professional Dev...

19 questions

Minecraft

Quiz

•

6th Grade - Professio...

20 questions

Block Buster Movies

Quiz

•

10th Grade - Professi...

10 questions

Would you rather...

Quiz

•

KG - University

49 questions

AP Environmental Science Final Exam Review

Quiz

•

10th Grade - University

Network Security 1.0 part 1: Final Exam

Which statement describes a difference between the Cisco ASA IOS CLI feature and the router IOS CLI feature?

Refer to the exhibit. A network administrator is configuring AAA implementation on an ASA device. What does the option link3 indicate?

What provides both secure segmentation and threat defense in a Secure Data Center solution?

What are the three core components of the Cisco Secure Data Center solution? (Choose three.)

Secure segmentation is used when managing and organizing data in a data center. Threat defense includes a firewall and intrusion prevention system (IPS). Data center visibility is designed to simplify operations and compliance reporting by providing consistent security policy enforcement.

What are three characteristics of ASA transparent mode? (Choose three.)

What is needed to allow specific traffic that is sourced on the outside network of an ASA firewall to reach an internal network?

In order to explicitly permit traffic from an interface with a lower security level to an interface with a higher security level, an ACL must be configured. By default, traffic will only flow from a higher security level to a lower.

What will be the result of failed login attempts if the following command is entered into a router?
login block-for 150 attempts 4 within 90

Which two tasks are associated with router hardening? (Choose two.)

Which threat protection capability is provided by Cisco ESA?

Email is a top attack vector for security breaches. Cisco ESA includes many threat protection capabilities for email such as spam protection, forged email detection, and Cisco advanced phishing protection.

What are two security measures used to protect endpoints in the borderless network? (Choose two.)

Access all questions and much more by creating a free account

Popular Resources on Wayground

Discover more resources for Information Technology (IT)

Network Security 1.0 part 1: Final Exam

Which statement describes a difference between the Cisco ASA IOS CLI feature and the router IOS CLI feature?

Refer to the exhibit. A network administrator is configuring AAA implementation on an ASA device. What does the option link3 indicate?

What provides both secure segmentation and threat defense in a Secure Data Center solution?

What are the three core components of the Cisco Secure Data Center solution? (Choose three.)

Secure segmentation is used when managing and organizing data in a data center. Threat defense includes a firewall and intrusion prevention system (IPS). Data center visibility is designed to simplify operations and compliance reporting by providing consistent security policy enforcement.

What are three characteristics of ASA transparent mode? (Choose three.)

What is needed to allow specific traffic that is sourced on the outside network of an ASA firewall to reach an internal network?

In order to explicitly permit traffic from an interface with a lower security level to an interface with a higher security level, an ACL must be configured. By default, traffic will only flow from a higher security level to a lower.

What will be the result of failed login attempts if the following command is entered into a router?login block-for 150 attempts 4 within 90

Which two tasks are associated with router hardening? (Choose two.)

Which threat protection capability is provided by Cisco ESA?

Email is a top attack vector for security breaches. Cisco ESA includes many threat protection capabilities for email such as spam protection, forged email detection, and Cisco advanced phishing protection.

What are two security measures used to protect endpoints in the borderless network? (Choose two.)

Access all questions and much more by creating a free account

Popular Resources on Wayground

Discover more resources for Information Technology (IT)

What will be the result of failed login attempts if the following command is entered into a router?
login block-for 150 attempts 4 within 90