CCNA Security Part 1

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Kweglar
K
Kweglar
Community Contributor
Quizzes Created: 1 | Total Attempts: 394
| Attempts: 401
Quiz Flashcard
SettingsSettings
Please wait...
  • 1/118 Questions

    Which of the following commands is used in global configuration mode to enable AAA?

    • AaaEXEC
    • Aaa new-model
    • Configure aaa-model
    • Configure-mdel aaa
Please wait...
CCNA Security Quizzes & Trivia
About This Quiz

CCNA Security for certification practice. Take this quiz and learn more about ​CCNA routing and switching.

Quiz Preview

  • 2. 

    What type of hacker attempts to hack telephony systems?

    • Script kiddy

    • Hacktivist

    • Phreaker

    • White hat hacker

    Correct Answer
    A. Phreaker
    Explanation
    A phreaker is a type of hacker who attempts to hack telephony systems. Phreakers are mainly interested in manipulating or exploiting telephone networks and services. They may engage in activities such as making free calls, bypassing billing systems, or gaining unauthorized access to voicemail boxes. Unlike other types of hackers, phreakers focus specifically on telephony systems and their vulnerabilities.

    Rate this question:

  • 3. 

    What Cisco IOS feature provides a graphical user interface for configuring a wide variety of features on an IOS router and also provides multiple "smart wizards" and configuration tutorials?

    • QPM

    • SAA

    • SMS

    • SDM

    Correct Answer
    A. SDM
    Explanation
    SDM stands for Security Device Manager, which is a Cisco IOS feature that provides a graphical user interface for configuring a wide variety of features on an IOS router. It also offers multiple "smart wizards" and configuration tutorials, making it easier for users to configure and manage their routers.

    Rate this question:

  • 4. 

    What are the three primary goals of network security?

    • Confidentiality

    • Redundancy

    • Integrity

    • Availability

    Correct Answer(s)
    A. Confidentiality
    A. Integrity
    A. Availability
    Explanation
    The three primary goals of network security are confidentiality, integrity, and availability. Confidentiality ensures that only authorized individuals can access and view sensitive information. Integrity ensures that data remains unaltered and trustworthy during transmission and storage. Availability ensures that network resources and services are accessible and usable to authorized users when needed. These goals collectively aim to protect the privacy, reliability, and accessibility of network data and resources.

    Rate this question:

  • 5. 

    Which of the following is a weakness in an information system that an attacker might leverage to gain unauthorized access to the system or data on the system?

    • Risk

    • Exploit

    • Mitigation

    • Vulnerability

    Correct Answer
    A. Vulnerability
    Explanation
    A vulnerability refers to a weakness in an information system that can be exploited by an attacker to gain unauthorized access to the system or the data it holds. It represents a security flaw or loophole that can be targeted by an attacker to compromise the system's integrity, confidentiality, or availability. By understanding and exploiting vulnerabilities, attackers can bypass security measures and gain unauthorized access to sensitive information or control over the system. Therefore, vulnerability is the correct answer as it represents a potential weakness that attackers can leverage to compromise an information system.

    Rate this question:

  • 6. 

    What security design philosophy uses a layered approach to eliminate single points of failure and provide overlapping protection?

    • AVVID

    • Defense in Depth

    • SONA

    • IINS

    Correct Answer
    A. Defense in Depth
    Explanation
    Defense in Depth is a security design philosophy that uses a layered approach to eliminate single points of failure and provide overlapping protection. This means that multiple layers of security measures are implemented to protect against potential threats. By having multiple layers, even if one layer fails, there are still other layers in place to provide protection. This approach helps to enhance the overall security of a system or network by making it more difficult for attackers to penetrate and exploit vulnerabilities.

    Rate this question:

  • 7. 

    Which of the following best describes a smurf attack?

    • It sends a ping request to a subnet, requesting that devices on that subnet send ping replies to a target system.

    • It sends ping requests in segments of an invalid size.

    • It intercepts the third step in a TCP three-way handshake to hijack a session

    • It uses aTrojan horse applications to create a distributed collection of zombie computers, which can be used to launch a coordinated DDoS attack.

    Correct Answer
    A. It sends a ping request to a subnet, requesting that devices on that subnet send ping replies to a target system.
    Explanation
    A smurf attack is a type of DDoS attack where the attacker sends a ping request to a subnet, called a smurf amplifier, with the source IP address spoofed to be the target system. The devices on the subnet then send ping replies to the target system, overwhelming it with a flood of responses. This type of attack can cause a denial of service by consuming the target's network bandwidth and resources, making it inaccessible to legitimate users.

    Rate this question:

  • 8. 

    Which of the following is a method of gaining access to a system that bypasses normal security measures?

    • Creating a back door

    • Launching a DOS attack

    • Starting a Smurf attack

    • Conducting social engineering

    Correct Answer
    A. Creating a back door
    Explanation
    Creating a back door is a method of gaining access to a system that bypasses normal security measures. This involves creating a secret entry point or vulnerability in the system that allows unauthorized access without triggering any security alarms or measures. It provides a way for attackers to enter the system undetected and carry out malicious activities without being detected by traditional security mechanisms. This method is often used by hackers to gain persistent access to a system and maintain control over it for an extended period of time.

    Rate this question:

  • 9. 

    Which of the following offers a variety of security solutions including firewall, IPS, VPN, Antispyware, Antivirus and Antiphising features?

    • Cisco IOS router

    • Cisco ASA 5500 series security appliance

    • Cisco PIX 500 series security appliance

    • Cisco 4200 series IPS appliance

    Correct Answer
    A. Cisco ASA 5500 series security appliance
    Explanation
    The Cisco ASA 5500 series security appliance offers a variety of security solutions including firewall, IPS (Intrusion Prevention System), VPN (Virtual Private Network), Antispyware, Antivirus, and Antiphishing features. This appliance is designed to provide comprehensive security for networks, protecting against various threats such as unauthorized access, malware, and phishing attacks. It is a versatile solution that combines multiple security features into a single device, making it an ideal choice for organizations looking for a comprehensive security solution.

    Rate this question:

  • 10. 

    An IOS router's privileged mode, which you can access by entering the enable command followed by the appropriate password, has which privilege level?

    • 0

    • 1

    • 15

    • 16

    Correct Answer
    A. 15
    Explanation
    In an IOS router, the privileged mode is accessed by entering the enable command followed by the appropriate password. This mode has a privilege level of 15. This level allows users to access all router commands and make configuration changes. It is the highest privilege level in IOS routers, granting full administrative control over the device.

    Rate this question:

  • 11. 

    In the banner motd # command, what does # represent?

    • As ingle text character that will appear as the message of the day

    • A delimiter indicating the beginning and the end of a message of the day

    • A reference to a system variable that contains a message of the day

    • The enable mode prompt from where the message of the day will be entered into the IOS configuration

    Correct Answer
    A. A delimiter indicating the beginning and the end of a message of the day
    Explanation
    The correct answer is a delimiter indicating the beginning and the end of a message of the day. In the banner motd command, the # symbol is used to mark the start and end of the message of the day. It helps to separate the message from the rest of the configuration and makes it easier to identify and modify the MOTD.

    Rate this question:

  • 12. 

    What management topology keeps management traffic isolated from production traffic?

    • OOB

    • OTP

    • SAFE

    • MARS

    Correct Answer
    A. OOB
    Explanation
    The management topology that keeps management traffic isolated from production traffic is OOB (Out-of-Band). OOB refers to a separate network or channel that is dedicated solely to managing and monitoring network devices. By using a separate network, management traffic can be kept isolated from production traffic, reducing the risk of interference or unauthorized access. This allows for more secure and efficient management of network devices.

    Rate this question:

  • 13. 

    Where do most attacks on an organization's computer resources originate?

    • From the Internet

    • From the inside network

    • From universities

    • From intruders who gain physical access to the computer resources

    Correct Answer
    A. From the inside network
    Explanation
    Most attacks on an organization's computer resources originate from the inside network. This means that the attacks are carried out by individuals who have authorized access to the organization's network or systems. These attackers may be disgruntled employees, contractors, or other insiders with malicious intent. Insider attacks can be particularly damaging as the attackers often have knowledge of the organization's systems and may be able to bypass security measures more easily. It is important for organizations to have strong security protocols in place to detect and prevent insider attacks.

    Rate this question:

  • 14. 

    What line configuration mode command would you enter to prevent a line (such as a console, aux, or vty line) connection from timing out because of inactivity?

    • No service timeout

    • Timeout-line none

    • Exec-timeout 0 0

    • Service timeout default

    Correct Answer
    A. Exec-timeout 0 0
    Explanation
    The correct answer is "exec-timeout 0 0". This command sets the timeout for the line to 0 minutes and 0 seconds, effectively disabling the timeout due to inactivity.

    Rate this question:

  • 15. 

    What STP protection mechanism disables a switch port if the port receives a BPDU?

    • Root Guard

    • BPDU Guard

    • PortFast

    • UplinkFast

    Correct Answer
    A. BPDU Guard
    Explanation
    BPDU Guard is the correct answer because it is a Spanning Tree Protocol (STP) protection mechanism that is used to prevent the receipt of Bridge Protocol Data Units (BPDUs) on a switch port. When BPDU Guard is enabled on a port, if the port receives a BPDU, it will be automatically disabled, effectively shutting down the port. This helps to prevent loops and ensure the stability of the STP network.

    Rate this question:

  • 16. 

    To protect a routers image and configuration against a attackers attemp to erase those files, the Cisco IOS Resilient Configuration feature keeps a secure copy of these files.  What are these files called?

    • The Bootset

    • The configset

    • The backupset

    • Thebackup-config

    Correct Answer
    A. The Bootset
    Explanation
    The files that are kept secure by the Cisco IOS Resilient Configuration feature to protect a router's image and configuration against attackers attempting to erase them are called the Bootset.

    Rate this question:

  • 17. 

    Information about a managed device's resources and activity is defined by a series of objects.  What defines the structure of these management objects?

    • LDAP

    • CEF

    • FIB

    • MIB

    Correct Answer
    A. MIB
    Explanation
    The structure of the management objects that define the information about a managed device's resources and activity is defined by MIB (Management Information Base). MIB is a database that stores and organizes the information needed for network management and monitoring. It provides a hierarchical structure and a set of rules for accessing and managing the data related to the device's resources and activity.

    Rate this question:

  • 18. 

    The enable secret password appears as an M5 hash in a router's configuration file,  whereas the enable password is not hashed.  Why does Cisco still support the use of both enable secret and enable passwords in a routers configuration?

    • Because the enable secret is a hash, it cannot be decrypted. Therefore, the enable password is used to matched the password that was entered, and the enable secret is used to verify that the enable password has not been modified since the hash was generated.

    • The enable pasword is used for IKE phase I, whereas the enable secret password is used for IKE phase II

    • The enable password is concidered to be a routers public key whereas the enable secret password is concidered to be the router's private key

    • The enable password is present for backward compatability

    Correct Answer
    A. The enable password is present for backward compatability
  • 19. 

    When SSH is configured, what is the Cisco minimumrecomended modulus value?

    • 256

    • 512

    • 1024

    • 2048

    Correct Answer
    A. 1024
    Explanation
    The Cisco minimum recommended modulus value for SSH configuration is 1024. This refers to the size of the encryption key used for secure communication. A larger modulus value provides stronger encryption and better security. Cisco recommends using a minimum modulus value of 1024 to ensure sufficient security for SSH connections.

    Rate this question:

  • 20. 

    If you click the configure button along the top of Ciscos SDM's GUI, which Tasks button allows you to configure such features as SSH, NTP, SNMP and syslog?

    • Additional Tasks

    • Interfaces and Connections

    • Security Audit

    • Intrusion Prevention

    Correct Answer
    A. Additional Tasks
    Explanation
    The "Additional Tasks" button allows you to configure features such as SSH, NTP, SNMP, and syslog. This button provides additional configuration options beyond the basic tasks available in Cisco SDM's GUI.

    Rate this question:

  • 21. 

    The U.S government places classified data into which classes?

    • SBU

    • Confidentual

    • Secret

    • Top Secret

    Correct Answer(s)
    A. Confidentual
    A. Secret
    A. Top Secret
    Explanation
    The U.S government places classified data into different classes, namely SBU (Sensitive But Unclassified), Confidential, Secret, and Top Secret. SBU refers to data that is sensitive but not classified. Confidential data is considered private and its unauthorized disclosure could cause damage to national security. Secret data is more sensitive than confidential data, and its unauthorized disclosure could cause serious damage to national security. Top Secret data is the highest level of classification, and its unauthorized disclosure could cause exceptionally grave damage to national security.

    Rate this question:

  • 22. 

    A Cisco Catalyst switch stores port MAC address assignments in what type of table?

    • ARP cache

    • FIB table

    • Adjacencey database

    • CAM Table

    Correct Answer
    A. CAM Table
    Explanation
    A Cisco Catalyst switch stores port MAC address assignments in a CAM (Content Addressable Memory) table. This table is used to map MAC addresses to specific switch ports, allowing the switch to efficiently forward network traffic based on the destination MAC address. The CAM table is updated dynamically as devices send traffic through the switch, and it is essential for the switch to make accurate forwarding decisions.

    Rate this question:

  • 23. 

    How do you define the authentication methos that will be used with AAA?

    • With a method list

    • With a "method" statemement

    • With the "method" command

    • With the "method aaa" command

    Correct Answer
    A. With a method list
    Explanation
    The authentication method used with AAA is defined with a method list. This list includes the specific authentication methods that will be used for authentication. Each method in the list is applied in a specific order until a successful authentication is achieved.

    Rate this question:

  • 24. 

    What kind of MAC address is dynamicly learned by a switch port and then added to the switches's running configuration?

    • Static secure MAC address

    • Dynamic secure MAC address

    • Sticky secure MAC address

    • Pervasive secure MAC address

    Correct Answer
    A. Sticky secure MAC address
    Explanation
    A sticky secure MAC address is dynamically learned by a switch port and then added to the switch's running configuration. This type of MAC address is learned dynamically when a device sends traffic through the switch port, and it is then added to the switch's MAC address table. The switch will continue to forward traffic to this MAC address even if the device is temporarily disconnected, ensuring that the device can easily reconnect without causing disruption. This feature is commonly used in environments where network security is a concern, as it allows for secure and efficient network access.

    Rate this question:

  • 25. 

    Which of the following is a continually changing document that dictates a set of guidelines for network use?

    • Security policy

    • Best-practice recommendations

    • Identity-based networking policy

    • Acceptable-use executive summary

    Correct Answer
    A. Security policy
    Explanation
    A security policy is a continually changing document that dictates a set of guidelines for network use. It outlines the rules and procedures that need to be followed to ensure the security and integrity of the network. This document is regularly updated to address new threats and vulnerabilities, as well as to adapt to changes in technology and business requirements. It serves as a reference for employees and network administrators to understand their responsibilities and the measures they need to take to protect the network and its resources.

    Rate this question:

  • 26. 

    How is a CLI view different from a privilege level?

    • A CLI view supports only commands configured for that specific view, whereas a privilege level supports commands available to that level and all the lowwer levels

    • A CLI view can function without a AAA configuration, whereas a privilege level requires AAA to be configured

    • A CLI view supports only monitoring commands, whereas a privilege level allows a user to make changes to an IOS configuration

    • A CLI view and a privilege level perform the same function. However, a CLI view is used on a catalyst switch, whereas a privilege level is used on a IOS router

    Correct Answer
    A. A CLI view supports only commands configured for that specific view, whereas a privilege level supports commands available to that level and all the lowwer levels
    Explanation
    A CLI view is a specific configuration that allows a user to access and execute only the commands that are configured for that particular view. On the other hand, a privilege level allows a user to access and execute commands available to that level and all the lower levels. This means that a user with a higher privilege level can access and execute a wider range of commands compared to a user with a CLI view, who is restricted to only the commands configured for that specific view.

    Rate this question:

  • 27. 

    Which of the following makes the end-user community concious of security issues without necessarily giving any in-depth procedural instruction?

    • Education

    • Training

    • Awareness

    • Remediation

    Correct Answer
    A. Awareness
    Explanation
    Awareness is the correct answer because it refers to the act of making the end-user community conscious of security issues. Unlike education or training, which involve providing in-depth procedural instructions, awareness focuses on raising general knowledge and understanding about security issues without going into specific details. It aims to make individuals aware of potential risks and threats, encouraging them to be vigilant and take necessary precautions without providing step-by-step instructions on how to address each issue. Remediation, on the other hand, refers to the process of fixing or resolving security issues, which is not related to making the end-user community conscious of these issues.

    Rate this question:

  • 28. 

    When you configure Cisco IOS login enhancements for virtual connections, what is the "quiet period"?

    • The period of time between successive login attempts

    • The period of time when no one is attempting to login

    • The period of time in which virtual loging attempts are blocked, following repeated failed login attempts

    • The period of time in which virtual logins are blocked as security services fully initialize

    Correct Answer
    A. The period of time in which virtual loging attempts are blocked, following repeated failed login attempts
    Explanation
    The "quiet period" refers to the period of time in which virtual login attempts are blocked, following repeated failed login attempts. This is a security measure to prevent unauthorized access by blocking further login attempts for a certain duration after multiple failed attempts. During this quiet period, the system restricts any further login attempts from the same source to protect against potential brute-force attacks or unauthorized access.

    Rate this question:

  • 29. 

    What are 2 types of IP spoffing attacks?

    • Nonblind spoofing

    • Promiscuous spoofing

    • Autonomous spoofing

    • Blind spoofing

    Correct Answer(s)
    A. Nonblind spoofing
    A. Blind spoofing
    Explanation
    Nonblind spoofing and blind spoofing are two types of IP spoofing attacks. In nonblind spoofing, the attacker sends packets to a target system with a spoofed source IP address, pretending to be a trusted entity. This allows the attacker to bypass security measures that rely on IP addresses for authentication. On the other hand, blind spoofing involves the attacker sending packets to a target system without receiving any response. This type of attack is more challenging as the attacker has to guess the sequence numbers of the packets to establish a successful connection.

    Rate this question:

  • 30. 

    What Cisco Catalyst switch feature can isolate ports from one another, even though those ports belong to the same VLAN?

    • Private VLAN

    • Policing

    • Per-VLAN Spanning Tree (PVST)

    • Dynamic ARP Inspection (DAI)

    Correct Answer
    A. Private VLAN
    Explanation
    Private VLAN is a Cisco Catalyst switch feature that can isolate ports from one another, even though those ports belong to the same VLAN. Private VLANs provide an additional layer of security by allowing ports within the same VLAN to be segregated into separate subnets or communities. This prevents communication between ports within the same VLAN, enhancing network security and preventing unauthorized access or data leakage.

    Rate this question:

  • 31. 

    Which of the following best describes vishing?

    • Influencing users to provide personal information over a web page

    • Influencing users to provide personal information over a phone

    • Influencing users to forward a call to a toll number

    • Using an inside facilitator to intentionaly forward a call to a toll number

    Correct Answer
    A. Influencing users to provide personal information over a phone
    Explanation
    Vishing refers to the act of influencing users to provide personal information over a phone. This is typically done through phone calls where the attacker pretends to be a legitimate entity, such as a bank or a government agency, in order to trick the victim into revealing sensitive information like passwords, credit card numbers, or social security numbers. Vishing attacks rely on social engineering techniques to manipulate and deceive individuals into disclosing their personal information, which can then be used for fraudulent purposes.

    Rate this question:

  • 32. 

    Each Cisco ACL ends with which of the following?

    • An explicit allow all

    • An implicit deny all

    • An implicit allow all

    • An explicit deny all

    Correct Answer
    A. An implicit deny all
    Explanation
    Each Cisco Access Control List (ACL) is a set of rules that determines what traffic is allowed or denied in a network. At the end of every ACL, there is an implicit deny all statement. This means that if a packet does not match any of the rules in the ACL, it will be denied by default. Therefore, the correct answer is "an implicit deny all."

    Rate this question:

  • 33. 

    Which of the following router services can best help administrators correlate events appearing in a log file?

    • Finger

    • TCP small services

    • CDP

    • NTP

    Correct Answer
    A. NTP
    Explanation
    NTP (Network Time Protocol) can best help administrators correlate events appearing in a log file. NTP is a protocol used to synchronize the time of network devices. By ensuring that all devices have the same accurate time, administrators can easily compare events from different devices and correlate them accurately. This is essential for troubleshooting and identifying the sequence of events in a network.

    Rate this question:

  • 34. 

    If a switch is running in the fail-open mode, what happens when  the switches CAM table fills to capacity and a new frame arrives?

    • The frame is dropped

    • Acopy of the frame is forwarded out all switch ports other than the port the frame was received on.

    • The frame is transmitted on the native VLAN.

    • The switch sendsa NACK segment to the frames source MAC address.

    Correct Answer
    A. Acopy of the frame is forwarded out all switch ports other than the port the frame was received on.
    Explanation
    When a switch is running in fail-open mode and its CAM table fills to capacity, a new frame that arrives will be copied and forwarded out to all switch ports except the port it was received on. This allows the switch to still forward the frame to its intended destination, even though the CAM table is full. By sending the frame out all ports, the switch increases the chances of reaching the correct destination, even if it means broadcasting the frame to all connected devices.

    Rate this question:

  • 35. 

    What are 3 potential responses of a switch port to a security violation?

    • Protect

    • Isolate

    • Restrict

    • Shut down

    Correct Answer(s)
    A. Protect
    A. Restrict
    A. Shut down
    Explanation
    When a security violation occurs on a switch port, there are three potential responses. "Protect" refers to the action of allowing the traffic to continue but logging the violation. "Restrict" means that the switch port will only allow specific authorized traffic while blocking all other traffic. "Shut down" is the most severe response, as it completely disables the switch port, cutting off all traffic. These responses help to prevent unauthorized access and protect the network from potential threats.

    Rate this question:

  • 36. 

    Which security policy component contains mandatory practices ( as opposed to recommendations or step-by-step instructions)?

    • Guidelines

    • Standards

    • Procedures

    • Tenets

    Correct Answer
    A. Standards
    Explanation
    Standards are a security policy component that contains mandatory practices. Unlike guidelines, which are recommendations, or procedures, which are step-by-step instructions, standards are a set of mandatory requirements that must be followed. Tenets, on the other hand, refer to the principles or beliefs that guide the development and implementation of security policies, but they do not necessarily contain specific practices. Therefore, the correct answer is standards.

    Rate this question:

  • 37. 

    Which 3 individuals are most likely to be intimately involved with the creation of a security policy?

    • Chief Security Officer (CSO)

    • Chief Executive Officer (CEO)

    • Chief Information Officer (CIO)

    • Chief Information Security Officer (CISO)

    Correct Answer(s)
    A. Chief Security Officer (CSO)
    A. Chief Information Officer (CIO)
    A. Chief Information Security Officer (CISO)
    Explanation
    The three individuals most likely to be intimately involved with the creation of a security policy are the Chief Security Officer (CSO), Chief Information Officer (CIO), and Chief Information Security Officer (CISO). The CSO is responsible for overseeing and implementing security measures within an organization, making them a key player in policy creation. The CIO is responsible for managing the organization's information technology systems and infrastructure, and their involvement ensures that security policies align with the overall IT strategy. The CISO is specifically focused on information security and is responsible for developing and implementing security policies and procedures. Together, these three individuals bring the necessary expertise and authority to create an effective security policy.

    Rate this question:

  • 38. 

    Which of the following are authentication methods that may be used with AAA?

    • Local

    • Remote

    • TACACS+

    • RADIUS

    • IPSec

    Correct Answer(s)
    A. Local
    A. TACACS+
    A. RADIUS
    Explanation
    Authentication methods that may be used with AAA (Authentication, Authorization, and Accounting) include Local, TACACS+, and RADIUS. The Local method refers to authenticating users locally on the device itself. TACACS+ and RADIUS are both remote authentication methods, allowing users to authenticate against a central server. TACACS+ provides separate authentication, authorization, and accounting services, while RADIUS combines these functions into a single protocol. IPSec, on the other hand, is not an authentication method but a security protocol used for encrypting and authenticating IP packets.

    Rate this question:

  • 39. 

    What are 2 automated approaches for hardening the security of a Cisco IOS Router?

    • AutoQoS

    • AutoSecure

    • Cisco SDM's One-Step Lockdown

    • Cisco IPS Device Manager (IDM)

    Correct Answer(s)
    A. AutoSecure
    A. Cisco SDM's One-Step Lockdown
    Explanation
    AutoSecure and Cisco SDM's One-Step Lockdown are two automated approaches for hardening the security of a Cisco IOS Router. AutoSecure is a feature that automatically applies security recommendations and best practices to the router configuration, helping to protect against common vulnerabilities. Cisco SDM's One-Step Lockdown is a tool that simplifies the process of securing the router by providing a step-by-step guide and automatically applying security settings based on the selected security level. Both approaches aim to enhance the security of the Cisco IOS Router by automating the implementation of security measures.

    Rate this question:

  • 40. 

    Which of the following is the basisof all major SAN transport technologies?

    • ATA

    • IDE

    • EIDE

    • SCSI

    Correct Answer
    A. SCSI
    Explanation
    SCSI (Small Computer System Interface) is the correct answer because it is the basis for all major Storage Area Network (SAN) transport technologies. SCSI is a set of standards for physically connecting and transferring data between computers and storage devices. It allows for high-speed data transfer and supports multiple devices on the same bus. Other options like ATA, IDE, and EIDE are not specific to SAN transport technologies and are commonly used for connecting storage devices to individual computers.

    Rate this question:

  • 41. 

    All of the following are common elements of a network design.  Which one is the most important?

    • Business needs

    • Risk analysis

    • Security policy

    • Security operations

    • They are all equally important

    Correct Answer
    A. Business needs
    Explanation
    The most important element of a network design is understanding the business needs. This is because the design should align with the goals and objectives of the organization. By considering the business needs, the network design can be tailored to support the specific requirements of the company, such as scalability, performance, and cost-effectiveness. Without understanding the business needs, the network design may not adequately meet the requirements of the organization, leading to inefficiencies and potential issues in the network infrastructure.

    Rate this question:

  • 42. 

    What are  two options for running Cisco SDM?

    • Running SDM from a router flash

    • Running SDM from the Cisco web portal

    • Running SDM from within CiscoWorks

    • Running SDM from a PC

    Correct Answer(s)
    A. Running SDM from a router flash
    A. Running SDM from a PC
    Explanation
    SDM (Security Device Manager) is a Cisco tool used for configuring and managing Cisco routers. It can be run from two different options. The first option is running SDM from a router flash, which means accessing and running the SDM software directly from the flash memory of the router. The second option is running SDM from a PC, which involves installing the SDM software on a computer and accessing the router's configuration through a web browser. These two options provide flexibility for users to choose the most convenient method for running SDM based on their specific needs and preferences.

    Rate this question:

  • 43. 

    Which of the following ports are used with RADIUS authentication and authorization?

    • UDP port 2000

    • TCP port 2002

    • UDP port 1645

    • TCP port 49

    • UDP port 1812

    Correct Answer(s)
    A. UDP port 1645
    A. UDP port 1812
    Explanation
    RADIUS (Remote Authentication Dial-In User Service) is a protocol used for authentication, authorization, and accounting of remote network users. It operates over both UDP and TCP protocols. UDP port 1645 is used for authentication, while UDP port 1812 is used for accounting. TCP port 49 is used for RADIUS accounting, not authentication or authorization. Therefore, the correct answer is UDP port 1645 and UDP port 1812.

    Rate this question:

  • 44. 

    The great majority of software vulnerabilities that have been discovered are which of the following?

    • Software overflows

    • Heap overflows

    • Stack vulnerabilities

    • Buffer overflows

    Correct Answer
    A. Buffer overflows
    Explanation
    Buffer overflows are the correct answer because they are the most common type of software vulnerability that has been discovered. A buffer overflow occurs when a program tries to write more data into a buffer than it can hold, causing the excess data to overflow into adjacent memory locations. This can lead to the corruption of data, execution of arbitrary code, and potential security breaches. As a result, buffer overflows have been a major concern for software developers and security experts, and numerous efforts have been made to mitigate and prevent them.

    Rate this question:

  • 45. 

    What term refers to the electromagnetic interference (EMI) that can radiate from network cables?

    • Doppler waves

    • Emanations

    • Gaussian distributions

    • Multimode distortion

    Correct Answer
    A. Emanations
    Explanation
    Emanations refer to the electromagnetic interference (EMI) that can radiate from network cables. EMI can be generated by the electrical signals transmitted through the cables and can interfere with other electronic devices or systems nearby. This interference can cause disruptions or distortions in the signals being transmitted, leading to communication errors or reduced network performance. Therefore, it is important to properly shield and manage network cables to minimize the emanations and ensure reliable and efficient communication.

    Rate this question:

  • 46. 

    What are 3 characteristics of a Cisco Self-Defending Network?

    • Integrated

    • Collaborative

    • Autonomous

    • Adaptive

    Correct Answer(s)
    A. Integrated
    A. Collaborative
    A. Adaptive
    Explanation
    A Cisco Self-Defending Network has three key characteristics: integrated, collaborative, and adaptive. "Integrated" means that the network components work together seamlessly, sharing information and coordinating their actions to provide comprehensive security. "Collaborative" refers to the network's ability to communicate and cooperate with other security systems and devices, enhancing overall protection. "Adaptive" means that the network can dynamically adjust its security measures based on real-time threats and changing conditions, ensuring continuous defense. These characteristics enable a Cisco Self-Defending Network to effectively detect, prevent, and respond to security threats, making it a robust and reliable solution.

    Rate this question:

  • 47. 

    What kind of intergrity attack is a collection of small attacks the result in a larger attack when combined?

    • Data diddling

    • Botnet attack

    • Hijacking a session

    • Salami attack

    Correct Answer
    A. Salami attack
    Explanation
    A salami attack is a type of integrity attack where small, often unnoticed, slices of data or money are taken or manipulated over a period of time. These small attacks may seem insignificant on their own, but when combined, they can result in a significant loss or impact. This type of attack is often used in financial fraud, where small amounts of money are deducted from multiple accounts, eventually leading to a substantial sum. It is called a salami attack because it is similar to slicing off small pieces of salami, which individually may not be noticeable, but collectively can make a significant impact.

    Rate this question:

  • 48. 

    To configure accounting in AAA, from which mode should the aaa accounting command be issued?

    • Privileged EXEC

    • Command mode

    • Global configuration

    • Admin EXEC

    Correct Answer
    A. Global configuration
    Explanation
    The aaa accounting command should be issued from the Global configuration mode in order to configure accounting in AAA. This mode allows the user to make changes to the global configuration of the device, including enabling and configuring AAA accounting. By issuing the command in this mode, the user can specify the accounting parameters and settings that will be applied to all users and services on the device.

    Rate this question:

  • 49. 

    If you need to use SNMP on your network, what version does Cisco recommend?

    • 2

    • 2c

    • 3

    • 3c

    Correct Answer
    A. 3
    Explanation
    Cisco recommends using SNMP version 3 for network management. SNMP version 3 provides enhanced security features such as authentication, encryption, and access control, which makes it more secure compared to previous versions. It also offers improved performance and scalability, making it the preferred choice for managing Cisco networks.

    Rate this question:

Quiz Review Timeline (Updated): Mar 22, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 22, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Nov 26, 2009
    Quiz Created by
    Kweglar

Recent Quizzes

CCNA Security v2.0 Final Exam CCNA Security v2.0 Final Exam
CCNA security final exam quiz CCNA security final exam quiz
CCNA – Security Questions Quiz CCNA – Security Questions Quiz
Cisco CCNA Security Test Cisco CCNA Security Test
CCNA Security Part 2 quiz CCNA Security Part 2 quiz
ccna security chapter 2 ccna security chapter 2
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.
OSZAR »