Scribd Logo
Upload

Welcome to Scribd!

  • Managing A Secure Network

    Uploaded by

    vvesch
    23 views4 pages
    Managing a Secure Network

    Original Title

    Managing a Secure Network

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Managing a Secure Network

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    23 views4 pages

    Managing A Secure Network

    Uploaded by

    vvesch
    Managing a Secure Network

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    1.

    Managing a Secure Network


    July 2nd, 2010in CCNA SecurityGo to comments
    Here you will find answers to Managing a Secure Network Questions
    Question 1
    For the following attempts, which one is to ensure that no employee becomes a pervasive
    security threat, that data can be recovered from backups, and that information system changes
    do not compromise a systems security?
    A. Disaster recovery
    B. Strategic security planning
    C. Implementation security
    D. Operations security

    Answer: D
    Note:
    Operations security: day-to-day security operations entail responding to an incident, monitoring
    and maintaining a system, and auditing a system (to ensure compliance with an organizations
    security policy).
    Question 2
    Which three options are network evaluation techniques? (Choose three)
    A. Scanning a network for active IP addresses and open ports on those IP addresses
    B. Using password-cracking utilities
    C. Performing end-user training on the use of antispyware software
    D. Performing virus scans

    Answer: A B D
    Question 3
    Which is the main difference between host-based and network-based intrusion prevention?
    A. Network-based IPS is better suited for inspection of SSL and TLS encrypted data flows.
    B. Host-based IPS can work in promiscuous mode or inline mode.
    C. Network-based IPS can provide protection to desktops and servers without the need of
    installing specialized software on the end hosts and servers.
    D. Host-based IPS deployment requires less planning than network-based IPS.

    Answer: C
    Question 4
    The enable secret password appears as an MD5 hash in a routers configuration file, whereas the
    enable password is not hashed (or encrypted, if the password-encryption service is not enabled).
    What is the reason that Cisco still support the use of both enable secret and enable passwords in
    a routers configuration?
    2/4
    A. The enable password is used for IKE Phase I, whereas the enable secret password is used for
    IKE Phase II.
    B. The enable password is considered to be a routers public key, whereas the enable secret
    password is considered to be a routers private key.
    C. Because the enable secret password is a hash, it cannot be decrypted. Therefore, the enable
    password is used to match the password that was entered, and the enable secret is used to verify
    that the enable password has not been modified since the hash was generated.
    D. The enable password is present for backward compatibility.

    Answer: D
    Question 5
    Which type of MAC address is dynamically learned by a switch port and then added to the
    switchs running configuration?
    A. Pervasive secure MAC address
    B. Static secure MAC address
    C. Sticky secure MAC address
    D. Dynamic secure MAC address

    Answer: C
    Question 6
    Which are the best practices for attack mitigations?
    1 Store sensitive data on stand-alone devices
    2 Keep patches up to date
    3 Use password that cannot be broken
    4 Develop a static tested security policy
    5 Inform users about social engineering
    6 Develop a dynamic security policy
    7 Log everything to a syslog server for forensic purposes
    8 Disable unnecessary services
    A. 1, 2, 3 and 5
    B. 2, 5, 6 and 8
    C. 2, 5, 6 and 7
    D. 2, 3, 6 and 8
    E. 3, 4, 6 and 7

    3/4
    Answer: B
    Question 7
    Which one of the Cisco IOS commands can be used to verify that either the Cisco IOS image, the
    configuration files, or both have been properly backed up and secured?
    A. show flash
    B. show secure bootset
    C. show archive
    D. show file systems

    Answer: B
    Explanation
    We use secure boot-image command to protect the IOS image, and the command secure
    boot-config to protect
    the running configuration. These protected files will not even appear in a dir listing of flash. To
    see these protected files, use the show secure bootset command.
    Question 8
    Which name is of the e-mail traffic monitoring service that underlies that architecture of IronPort?
    A. IronPort M-Series
    B. E-Base
    C. TrafMon
    D. SenderBase

    Answer: D
    Question 9
    Based on the username global configuration mode command displayed in the exhibit. What does
    the option secret 5 indicate about the enable secret password?
    Router# show run | include username

    Username test secret 5 $1$knm. $GOGQBIL8TK77POLWxvX400
    A. It is encrypted using DH group 5.
    B. It is hashed using SHA.
    C. It is hashed using MD5.
    D. It is encrypted using a proprietary Cisco encryption algorithm.

    Answer: C
    Question 10
    What will be disabled as a result of the no service password-recovery command?
    A. password encryption service
    B. ROMMON
    4/4
    C. changes to the config-register setting
    D. the xmodem privilege EXEC mode command to recover the Cisco IOS image

    Answer: B

    You might also like