Enable the highest level of Syslogging avaible to ensure you log all posssible event messagesA. Answer: D 2/ As a candidate for CCNA examination, when you are familiar with the basic com
Trang 1TỔNG HỢP Q&A MÔN AN NINH MẠNG
Chapter 1: MODERN NETWORK SECURITY THREATS
1/ Which method is of gaining access to a system that by passes normal security
measures?
A Creating a back door
B Starting a Smurf attack
C Conducting social engineering
D Launching a DoS attack
Answer: A
2/ Which statement is true about a Smurf attack?
A It sends ping request to a subnet, requesting that devices on the subnet send ping replies to a target system
B It intercepts the third step in a TCP three-way handshake to hijack a session
C It uses Trojan horse applications to create a distributed collection of “zombie” computers, which can be used to launch a coordinated DdoS attack
D It sends ping requests in segments of an invalid size
Answer: A
3/ What are four methods used by hackers? (Choose four)
A Social engineering attack
B Trojan horse attack
C Front door attack
D Buffer Unicode attack
E Privilege escalation attack
F Footprint analysis attack
Answers: A B E F
4/ Which option ensures that data is not modified in transit?
A Authentication
B Integrity
Trang 3Chapter 2: SECURING NETWORK DEVICES
1/ As a network engineer, you are responsible for the network Which one will be
necessarily taken into consideration when implementing Syslogging in your network?
A Log all messages to the system buffer so that they can be displayed when
accessing the router
B Use SSH to access your Syslog information
C Enable the highest level of Syslogging avaible to ensure you log all posssible event messages
D Syncronize clocks on the network with a protocol such as Network Time Protocol
Answer: D
2/ As a candidate for CCNA examination, when you are familiar with the basic
commands, if you input the command “enable secret level 5 password” in the global mode, what does it indicate?
A Set the enable secret command to privilege level 5
B The enable secret password is hashed using SHA
C The enable secret password is hashed using MD5
D The enable secret password is encrypted using Cisco proprietary level 5
encryption
E The enable secret password is for accessing exec privilege level 5
Answer: E
Trang 43/ Which three items are Cisco best-practice recommendations for securing a network? (Choose three)
A Deploy HIPS solfware on all end-user workstations
B Routinely apply patches to operating systems and applications
C Disable unneeded services and ports on hosts
D Require strong passwords, and enable password expiration
Answers: B C D
4/ Given the exhibit below You are a network manager of your company You are
reading your Syslog server reports On the basis of the Syslog message shown, which twodescriptions are correct? (Choose two)
Feb 1 10 : 12 : 08 PST: %SYS-5-CONFIG_1: Configured from console by vty0 (10.2.2.6)
A This messages is a level 5 notification message
B This messages is unimportant and can be ignored
C This is a normal system-generated information message and does not require further investigation
D Service timestamps have been globally enabled
Answers: A D
5/ For the following items, which management topology keeps management traffic
isolated from production traffic?
A The switch sends a NACK segment to the frame’s source MAC address
B A copy of the frame is forwarded out all switch ports other than the port the framewas received on
C The frame is dropped
Trang 5D The frame is transmitted on the native VLAN.
Answer: B
7/ What is the purpose of the secure boot-config global configuration?
A Back up the Cisco IOS image from flash to a TFTP server
B Enables Cisco IOS image resilience
C Takes a snapshot of the router running configuration and securely archives it in persistent storage
D Stores a secured copy of the Cisco IOS image in its persistent storage
Answer: C
8/ When configuring role-based CLI on a Cisco router, which action will be taken first?
A Create a passer view called “root view”
B Log in to the router as the root user
C Enable role-based CLI globally on the router using the privileged EXEC mode Cisco IOS command
D Enable the root view on the router
Answer: D
9/ Which command can turn on logging of unsuccessful login attempts? (Choose two)
A Auto secure
B Logging failure
C Logging on failure log
D Logging login failure
Trang 612/ Which command confers the traceroute command privileges to level 4?
A Privilege exec level 4 traceroute
B Privilege level 4 traceroute
A Security password length 8
B Security password min-length 8
Trang 715/ In generating RSA key, what does Cisco recommend for the key modulus size?
Trang 8Chapter 3: AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING
Trang 10Ans: E
Trang 11Ans: D
Ans: B
Ans: C
Trang 12Ans: A
Chapter 4: IMPLEMENTING FIREWALL TECHNOLOGIES
Trang 13Ans: C
Ans: B
Trang 14Ans: B
Ans: D
Trang 15Ans: A B C
Ans: D
Trang 16Ans: A
Ans: D
Trang 17Ans: D
Trang 18Ans: A C D
Ans: C
Ans: B
Trang 19Ans: B
Ans: C
Trang 20Chapter 5: IMPLEMENTING INSTRUSION PREVENTION
Ans: C
Ans: A
Trang 21Ans: B
Ans: B
Trang 22Ans: B
Ans: A
Trang 23Ans: D
Ans: B C
Trang 24Ans: C
Ans: B C
Trang 25Chapter 6: SECURE LOCAL AREA NETWORK
Ans: B D
Ans: B
Trang 26Ans: C
Ans: B C
Trang 27Ans: C
Ans: B
Trang 28Ans: C
Ans: E
Trang 29Ans: D
Ans: A
Trang 30Ans: B
Ans: A C
Trang 31Ans: A C
Trang 32Chapter 7: CRYPTOGRAPHIC SYSTEMS
Ans: B
Ans: A
Trang 33Ans: D
Ans: C
Trang 34Ans: D
Ans: D
Trang 35Ans: B
Ans: A
Ans: B C
Trang 36Ans: A B
Ans: B D
Trang 37Ans: A
Ans: C
Trang 38Ans: B
Trang 39Chapter 8: IMPLEMENTING VIRTUAL PRIVATE NETWORK
Ans: C D
Ans: A
Trang 40Ans: A
Ans: B
Trang 41Ans: B
Ans: A
Trang 42Ans: B C
Ans: B
Trang 43Ans: C
Ans: D
Trang 44Ans: A
Ans: C
Trang 45Ans: C
Ans: A D
Trang 46Ans: A D