Question: Which hash algorithm is vulnerable to collision attacks?

A. MD5
B. SHA-1
C. SHA-2
D. RC5

Correct answer: B
Your answer: A
Explanation: The Message Digest 5 (MD5) hashing algorithm was created by Ron
Rivest. MD5 is resistant to collision attacks. MD5 makes used of a complex series of
relatively simple binary operations, including XORs and rotations. Secure Hash
Algorithm (SHA) 1 is preferred over MD5. It supports a 160 bit message digest,
compared to MD5's 128 bit. SHA-1 is vulnerable to collision attacks. Secure Hash
Algorithm (SHA) 2 is a newer version of the SHA-1 hash algorithm. It is cable of
message digests of 224, 256, 384, and 512 bits.

Question: To verify the clientless SSL VPN, a compliant browser has been opened.
Which prefix is the path changed to if the object does not require authentication?
A. http://
B. /+CSCOE+/
C. /+CSCOU+/
D. https://

Correct answer: C
Your answer: A
Explanation: To verify the clientless SSL VPN is working, a compliant browser must
be used. Then the URL for the SSL VPN must be entered into the address field. The
prefix for the path will change depending upon whether authentication is required. If
authentication is not required, the prefix will be: /+CSCOU+/
To verify the clientless SSL VPN is working, a compliant browser must be used. Then
the URL for the SSL VPN must be entered into the address field. The prefix for the
path will change depending upon whether authentication is required. If authentication
is required, the prefix will be: /+CSCOE+/
The https:// prefix is not the prefix that will change in the URL if the object requires
authentication. This is a secure protocol for connecting to websites. It is not directly
related to clientless SSL VPNs.
The http:// prefix is not the prefix that will change in the URL if the object requires
authentication. This is an unsecure protocol for connecting to websites. It is not
directly related to clientless SSL VPNs.

Question: Which of the following describes the Hackers as a category of individuals

who attack computer systems and operations?
A. Individuals who mean no harm and do not expect financial gain
B. Individuals who generally work for financial gain
C. Individuals who pride themselves on compromising telephone systems
D. Individuals who do not write their own code
E. Individuals with a political agenda

Correct answer: A
Your answer: B
Explanation:

Question: Which of the actions are possible using Cisco Configuration Professional
Express?
A. NAT, QoS, and NAC configurations
B. One-click router lockdown
C. Command line interface
D. WAN and VPN connectivity troubleshooting

Correct answer: C
Your answer: A
Explanation: Cisco Configuration Professional Express supports a command line
interface. Other features supported by Express include, basic interface configurations,
DNS and DHCP configuration, user management, plug-n-play server configuration, a
dashboard, and basic troubleshooting.
Cisco Configuration Professional Express is not able to use the one-click router
lockdown feature. Cisco Configuration Professional is capable of advance protocol
and service configuration, one-click router lockdown, WAN and VPN
troubleshooting, auditing, and monitoring solutions.
Cisco Configuration Professional Express does not support advance protocol
configurations. Cisco Configuration Professional is capable of advance protocol and
service configuration, one-click router lockdown, WAN and VPN troubleshooting,
auditing, and monitoring solutions.
Cisco Configuration Professional Express does not support WAN and VPN
connectivity troubleshooting. Cisco Configuration Professional is capable of advance
protocol and service configuration, one-click router lockdown, WAN and VPN
troubleshooting, auditing, and monitoring solutions.

Question: Cisco SecureX is an access control strategy that allows for more effective,
higher-level policy creation and enforcement for mobile users. Which of the following
describes the Cisco TrustSec function component?
A. Allows enforcement elements to use identity and location information to define
access policy
B. Provides a consistent user interface and consolidates traditional function-specific
client software products into one product
C. Extends the access control functionality end-to-end, using security group tags
D. Offers a web-based global network of shared resources, software, and information
provided to Cisco customers on demand

Correct answer: C
Your answer: A
Explanation:

Question: Which feature can you use to place a rate limit on traffic that is handled by
a Cisco device's route processor?
A. Cisco AutoSecure
B. OSPF neighbor authentication
C. CoPP
D. SNMP

Correct answer: C
Your answer: B
Explanation: Control Plane Policing (CoPP) is a Cisco device feature that allows you
to place a rate limit on traffic that is handled by a Cisco device's route processor. This
is done to allow the device to continue to operate and forward packets even if the
device is under a heavy load or is under attack. Traffic that is handled by a route
processer would generally be control plan and management plan traffic.
Open Shortest Path First (OSPF) neighbor authentication ensures that only OSPF
updates from trusted neighbor routers are accepted. This can prevent fraudulent routes
from being added to your routing topology. OSPF neighbor authentication would not
allow you to place a rate limit on traffic that is handled by a Cisco device's route
processor.
Cisco AutoSecure is an IOS feature that allows you to quickly lockdown a Cisco
device. AutoSecure can be used in interactive mode or noninteractive mode.
Interactive mode prompts the user to select their desired security configuration.
Noninteractive mode automatically applies all Cisco default security settings. Cisco
AutoSecure would not allow you to place a rate limit on traffic that is handled by a
Cisco device's route processor.
Simple Network Management Protocol (SNMP) is an application layer protocol that is
used to manage and troubleshoot network-connected devices such as workstations,
servers, security ap.cpliances, switches, and routers. SNMP would not allow you to
place a rate limit on traffic that is handled by a Cisco device's route processor.

Question: Which of the following describes the Security posture assessment analysis
and documentation?
A. Provides a snapshot of the security state of the network
B. Identifies the steps that are needed to thwart intentional attacks or unintentional
mistakes from trusted insiders
C. Quantifies the security risk that is associated with Internet-connected systems
D. Identifies any network traffic leakage from outside the customer's buildings
E. Uses metrics and graphs

Correct answer: E
Your answer: B
Explanation:

Question: What are the steps associated with the Containment, eradication, and
recovery incident response phase?
A. Define the tools to identify the attacker and the time required to use them
B. Define methods for collecting and using data
C. Identify the steps to eradicate or mitigate the threat and vulnerabilities
D. Document the symptoms of the attack
E. Define the steps to recover operating systems, hardware components, and
productive time
F. Define the options for pursuing an attacker

Correct answer: A C E
Your answer: C D E
Explanation:

Question: Which services does an IronPort C-Series provide?

A. Antivirus
B. URL filtering
C. Spam filtering
D. Antimalware

Correct answer: A C
Your answer: B C
Explanation: The Cisco IronPort C-Series security appliances are used to provide e-
mail security. The C-Series provides antivirus and spam filtering services.
The Cisco IronPort C-Series security appliances are used to provide e-mail security.
The C-Series provides antivirus and spam filtering services.
The Cisco IronPort C-Series does not provide URL filtering. The URL filtering is
provided by a web security appliance, which is an IronPort S-Series.
Malware is any type of software that is intended for malicious use. This can include
spyware, worms, viruses, and ransomware. The Cisco IronPort C-Series does not
provide antimalware, only antivirus protection. Antimalware is provided by a web
security appliance, which is an IronPort S-Series.

Question: What is the purpose of FISMA information security compliance

regulation?
A. Responds to loss of public trust in publicly-traded companies after several
corporate and accounting scandals
B. Provides assurance that the electronic transfer of confidential patient information is
at least as safe as paper-based records
C. Increases computer and network security within the US government by requiring
yearly audits
D. Enables financial organizations to acquire other companies or form alliances with
each other

Correct answer: C
Your answer: D
Explanation:

Question: Which statements describe the functions of the Security Audit feature?
A. Sends alerts when changes to the device's configuration would cause a security
concern
B. Checks a routers running configuration against a list of predefined security
configuration settings
C. Lists identified problems and provides recommendations for fixing them
D. Automatically performs a one-step lockdown after the audit is complete
E. Allows the user to choose which identified problems to fix and displays appropriate
user interface for fixing them
F. Configures the router with the user's chosen security configuration

Correct answer: B C E F
Your answer: A B C F
Explanation:

Question: Which Cisco Borderless Networks Security Architecture specifically

protects end devices from malware?
A. Borderless end zone
B. Borderless data center
C. Policy management layer
D. Borderless Internet

Correct answer: A
Your answer: C
Explanation: The borderless end zone component deals with protecting end points
from malicious code. This component looks at detecting and eradicating threats as
they occur.
The borderless Internet component deals with monitoring traffic at layer two through
seven. This uses deployed sensors and proxies to examine the data. This component
does not deal directly with the protection of end points from virus.
The borderless data center component deals with protecting cloud services through
layering virtualized components. This component does not focus on the end point
protection of clients.
The policy management layer does not deal directly with preventing end point
infections. This management layer is used to enforce context-specific variables
throughout the network. For instance, a user may be able to view online mail, but not
access attachments.

Question: What is the purpose of Sarbanes-Oxley information security compliance

regulation?
A. Responds to loss of public trust in publicly-traded companies after several
corporate and accounting scandals
B. Provides assurance that the electronic transfer of confidential patient information is
at least as safe as paper-based records
C. Increases computer and network security within the US government by requiring
yearly audits
D. Enables financial organizations to acquire other companies or form alliances with
each other

Correct answer: A
Your answer: C
Explanation:

Question: Which three of these options are some of the best practices when you
implement an effective firewall security policy?
A. Position firewalls at strategic inside locations to help mitigate inside nontechnical
attacks.
B. Configure logging to capture all events for forensic purposes.
C. Use firewalls as a primary security defense; other security measures and devices
should be implemented to enhance your network security.
D. Position firewalls at key security boundaries.
E. Deny all traffic by default and permit only necessary services.

Correct answer: C D E
Your answer: B C E
Explanation:

Question: Select one of the following statements that describes the password attacks.
A. Hides information based on tunneling one protocol inside another
B. Hackers gain leverage using existing trust relationships
C. Attacks can be carried out using Trojan horse programs
D. Availability is compromised with DoS attacks
E. A collection of compromised machines running programs under a common
command
F. Attacks focus on making a service unavailable for normal use

Correct answer: C
Your answer: B
Explanation:

Question: Which command is used to display established IPsec tunnels?

A. show crypto ipsec sa
B. show crypto ipsec transform-set
C. show crypto ipsec

Correct answer: A
Your answer: C
Explanation: The show crypto ipsec sa command is used to display established IPsec
tunnels. If a security association (SA) has been established that means other
configurations are indeed working. This command is also useful to verify if the tunnel
is sending and receiving data.
The show crypto ipsec command is an incomplete, thus invalid command. This
command is missing sa after the ipsec keyword. The correct command is: show crypto
ipsec sa
The show crypto ipsec transform-set command displays IPsec transform sets, not
established tunnels. This allows you to verify the strength of the tunnel.
To display established IPsec tunnels, the show crypto ipsec sa command is used.

Question: Select the statements that define the unique components of Cisco
Configuration Professional used for security policy deployment.
A. Cisco AutoSecure configures security-related features of the router based on a set
of Cisco defaults
B. Communities can be used to group devices based on shared components
C. Templates parameterize configuration files to apply same configuration to multiple
devices
D. User profiles are GUI views that allow RBAC
E. Cisco NFP can be used to provide infrastructure protection

Correct answer: B C D
Your answer: A B C
Explanation:

Question: Which of the following describes the function of Cisco IronPort?

A. Includes a firewall and real-time threat defense capability
B. Uses hardware- and software-integrated security functions to provide a zone-based
policy firewall and intrusion prevention
C. Uses sensors to accomplish intrusion prevention
D. Provides an on-premise solution to prevent data loss
E. Analyzes web requests to determine if the content is malicious or inappropriate
based on the defined security policy

Correct answer: D
Your answer: E
Explanation:
Question: What are some of the security functions that can be managed using Cisco
Configuration Professional?
A. Device hardening
B. Firewall support
C. Antispoofing
D. IPS support
E. VPN support
F. MAC security
G. Management, monitoring, and troubleshooting

Correct answer: A B D E G
Your answer: C D E F G
Explanation:

Question: What are reasons that prevent the use of SEAL?

A. Slower that AES
B. Software based IPsec
C. Supported devices
D. K8 subsystem

Correct answer: C D
Your answer: A C
Explanation: One of the limitations of the Software Encryption Algorithm (SEAL)
cipher is the supported devices. SEAL is only available on Cisco devices.
The K subsystem deals with how long encryption keys are. In order for Software
Encryption Algorithm (SEAL) cipher support K8 is required.
The Software Encryption Algorithm (SEAL) cipher is considered to be very fast. It
uses 160-bit encryption which is much less taxing on the CPU.
The Software Encryption Algorithm (SEAL) cipher cannot be used with hardware-
based IPsec. It is fully compatible with software based IPsec as long as the peers both
support it.

Question: What is the first step you should take when considering securing your
network?
A. Install a firewall.
B. Install an intrusion prevention system.
C. Update servers and user PCs with the latest patches.
D. Develop a security policy.

Correct answer: D
Your answer: C
Explanation:

Question: Cisco SecureX is an access control strategy that allows for more effective,
higher-level policy creation and enforcement for mobile users. Which of the following
describes the Cisco SIO component?
A. Allows enforcement elements to use identity and location information to define
access policy
B. Provides a consistent user interface and consolidates traditional function-specific
client software products into one product
C. Extends the access control functionality end-to-end, using security group tags
D. Offers a web-based global network of shared resources, software, and information
provided to Cisco customers on demand

Correct answer: D
Your answer: C
Explanation:

Question: What is the purpose of GLBA information security compliance regulation?

A. Responds to loss of public trust in publicly-traded companies after several
corporate and accounting scandals
B. Provides assurance that the electronic transfer of confidential patient information is
at least as safe as paper-based records
C. Increases computer and network security within the US government by requiring
yearly audits
D. Enables financial organizations to acquire other companies or form alliances with
each other

Correct answer: D
Your answer: C
Explanation:

Question: Which statement about role-based CLI access is true?

A. Commands can be added and removed on superviews from the root view
B. Deleting a superview also deletes any associated CLI views
C. Role-based CLI access can be configured with or without an AAA infrastructure
D. CLI views can be shared with more than one superview

Correct answer: D
Your answer: A
Explanation: When configuring role-based CLI access, there are three main types of
views: root view, CLI view, and superview. Root view is the view that must be used
to configure other views. CLI views contain sets of commands that have been
assigned to that view. Superviews are collections of CLI views, and provide a method
to assign multiple CLI views to users and groups. CLI views can be shared with
multiple superviews, which eliminate the need to create duplicate CLI views for each
superview.
Superviews are collections of CLI views, and provide a method to assign multiple CLI
views to users and groups. Superviews use references to CLI views, and any changes
made to the superview would not affect the referenced CLI views. Therefore, deleting
a superview would not delete any associated CLI views.
Superviews are collections of CLI views, and provide a method to assign multiple CLI
views to users and groups. Commands must be added or removed from CLI views by
a user that is signed in to the root view. Commands cannot be added or removed from
superviews as they only reference the CLI views which store the commands.
Role-based CLI access allows you to implement granular access control by specifying
which Cisco IOS commands can be performed by each role. Role-based CLI requires
an authentication, authorization, and accounting (AAA) infrastructure, as CLI
authentication must be performed by an AAA server, such as a Terminal Access
Controller Access-Control System Plus (TACACS+) server. Role-based CLI cannot
be configured without an AAA infrastructure.

Question: Which of the following are Symmetric encryption algorithms?

A. 3DES
B. IDEA
C. SHA-2
D. AES
E. RSA
F. ECDSA

Correct answer: A B D
Your answer: A C D
Explanation: Trusted symmetric encryption algorithms include, 3DES, IDEA, and
AES. 3DES encrypts the data three times using different keys, of 168 and 112 bits.
IDEA uses 64 bit blocks with a 128 bit key. AES is highly secure as it uses variable
key and block sizes of 128, 192, and 256 bits. RSA, ECDSA, and DH are asymmetric
algorithms that are considered trusted. A typical key length for asymmetric algorithm
ranges from 512 to 4096 bits. This type of algorithm is much slower than a symmetric
algorithm, due to the large key sizes.

Question: Which option is the term for a weakness in a system or its design that can
be exploited by a threat?
A. a vulnerability
B. a risk
C. an exploit
D. an attack

Correct answer: A
Your answer: B
Explanation:

Question: Which security features rely on DHCP snooping?

A. Loop guard
B. DAI
C. IP source guard
D. CoPP
Correct answer: B C
Your answer: B
Explanation: DHCP snooping allows an administrator to specify which ports are
connected to a trusted DHCP server. DHCP snooping also maintains a database that
contains a list of DHCP address bindings, which is used by other security features
such as Dynamic ARP Inspection (DAI) and IP source guard. DAI is a security
feature that protects against Address Resolution Protocol (ARP) spoofing by
validating ARP packets against the DHCP snooping database. If ARP packets are
determined to have invalid IP-to-MAC address bindings, these packets are logged and
discarded.
DHCP snooping allows an administrator to specify which ports are connected to a
trusted DHCP server. DHCP snooping also maintains a database that contains a list of
DHCP address bindings, which is used by other security features such as Dynamic
ARP Inspection (DAI) and IP source guard. IP source guard is a security feature that
utilizes the DHCP snooping database to prevent IP and MAC spoofing. On IP source
guard protected ports, all traffic is initially blocked except for DHCP packets. Once an
IP address is statically assigned or assigned by a DHCP server, its mapping is listed in
the DHCP snooping database, and all traffic from that IP addresses is permitted.
Loop guard offers protection against Spanning Tree Protocol (STP) loops. Loop guard
works by placing the protected port into a loop-inconsistent state instead of a
forwarding state when BPDUs are no longer received. Loop guard does not rely on
DHCP snooping.
Control Plane Policing (CoPP) is a Cisco device feature that allows you to place a rate
limit on traffic that is handled by a Cisco device's route processor. This is done to
allow the device to continue to operate and forward packets even if the device is under
a heavy load or is under attack. CoPP does not rely on DHCP snooping.

Question: A tunnel has been created and established with a branch office. You need
to verify that traffic is traversing the connection. Which command will provide this
information?
A. show crypto ipsec sa
B. show crypto ipsec transform-set
C. show crypto map
D. show crypto isakmp policy

Correct answer: A
Your answer: C
Explanation: The show crypto ipsec sa command is used to display established IPsec
tunnels. If a security association (SA) has been established that means other
configurations are indeed working. This command is also useful to verify if the tunnel
is sending and receiving data.
The show crypto map command is used to show security association (SA) lifetimes
and aids in verifying map configuration. This command does not provide the
functionality required by the question.
The show crypto ipsec transform-set command displays IPsec transform sets. This
allows you to verify the strength of the tunnel. This would not be used to determine if
data is being sent and received through the tunnel.
The show crypto isakmp policy command is used to display information about the
IKE policies and the default policy settings. This is a useful command as it displays
the entire IKE configuration. This would not be used to determine if data is being sent
and received through the tunnel.

Question: Which tasks could you perform by deploying a third party MDM solution
with Cisco ISE?
A. Require mobile devices to have pin locks configured before being allowed to
access a wireless endpoint
B. Require that remote computers have up-to-date antivirus definitions before
allowing VPN connections
C. Provide a self-service portal which users can use to manage their mobile device
status
D. Provide web proxy services for network devices

Correct answer: A C
Your answer: B D
Explanation: Deploying a third party Mobile Device Management (MDM) solution
with Cisco Identity Services Engine (ISE) allows you to secure and manage bring-
your-own-device (BYOD) infrastructures. This can enable you to perform tasks such
as performing remote wipes on lost and stolen devices, and controlling endpoint
access based on pre-defined compliance policies. As an example, you can create a
compliance policy which requires that mobile devices have pin locks configured
before they are allowed to access a wireless endpoint.
Deploying a third party Mobile Device Management (MDM) solution with Cisco
Identity Services Engine (ISE) allows you to secure and manage bring-your-own-
device (BYOD) infrastructures. One of the features of MDM integration with ISE is
the ISE MyDevices portal, which enables users to manage the status of their mobile
devices. For example, the MyDevices portal allows users to register, lock, suspend, or
unenroll their own mobile devices.
Cisco Web Security Appliance (WSA) provides web security by offering services
such as malware protection, file scanning, and web proxy. Web proxy services would
not be provided by deploying a third party MDM solution with Cisco ISE.
Cisco Identity Services Engine (ISE) can be integrated with a Cisco Adaptive Security
Appliance (ASA) firewall to allow access enforcement for VPN connections.
Integrating ISE would allow you to check to see if the user is approved for VPN
connections and check the health status of the remote computer, and then allow or
deny access accordingly. Requiring that remote computers have up-to-date antivirus
definitions before allowing VPN connections would not be provided by deploying a
third party MDM solution with Cisco ISE.

Question: Which option is true of intrusion prevention systems?

A. They operate in promiscuous mode.
B. They operate in inline mode.
C. They have no potential impact on the data segment being monitored.
D. They are more vulnerable to evasion techniques than IDS.

Correct answer: B
Your answer: A
Explanation: