Exam A
QUESTION 1
You are a decision maker in formulating your organization’s comprehensive network security policy. You accept that some tradeoffs will be required when implementing the policy but you are also smart enough to make some assumptions that will aid your decisions as to which tradeoffs are acceptable and which are not. Which of the follow-ing assumptions are true? (choose three)
A. Openness is often traded off against security.
B. Insider attacks are less damaging than external attacks.
C. Insider attacks often render technical security solutions ineffective.
D. Vendors’ recommendations for hardening a system should be ignored because they are usually incorrect.
E. Insider attacks are particularly serious because they leverage on insiders’ knowledge of the system.
Correct Answer: ACE
QUESTION 2
Access control is considered an effective countermeasure in minimizing the possibility of confidentiality
breaches.
Access control limits access to:
(choose three):
A. Data
B. Files and objects
C. Network resources
D. Mobile computing platforms
E. Wireless access points
Correct Answer: ABC
QUESTION 3
Match the terms “due diligence” and “due care” with their definitions below:
Terms:
Due Diligence: Due Care:
Definitions:
1.
Concerns itself with the implementation of adequate security controls (administrative,technical, and physical) and establishing best practices for ongoing riskassessment and vulnerability testing.
2.
Ongoing operation and maintenance of implemented security controls
A. Due Diligence: Concerns itself with the implementation of adequate security controls (administrative,technical, and physical) and establishing best practices for ongoing riskassessment and vulnerability testing.
B. Due Care: Ongoing operation and maintenance of implemented security controls
C. Due Care: Concerns itself with the implementation of adequate security controls (administrative,technical, and physical) and establishing best practices for ongoing riskassessment and vulnerability testing.
D. Due Diligence: Ongoing operation and maintenance of implemented security controls
Correct Answer: AB
QUESTION 4
In the following figure below, Internet users are able to access a public server to purchase books online.
The server is on a dedicated switch port in the same internal network as the company’s knowledge
workers. Both the knowledge workers’
computers and the book-selling server are protected by a Cisco IOS router firewall. Choose the sentences
which best describe this scenario
from the perspective of network security (choose three):
A. The public server is on a different switch port from the knowledge workers’ computers, meaning that it is completely secure.
B. A compromise of the public server could be leveraged to attack the inside knowledge workers’ computers.
C. Putting the public server on the same network as the inside knowledge workers’ computers is insane.
D. There is no depth of defense in this network design.
E. The Cisco IOS firewall provides sufficient protection against all external threats.
Correct Answer: BCD
QUESTION 5
Which of the following are considered best practices for technical controls? (Choose three.)
A. Use hardware and software that can mitigate risk to an appropriate level.
B. Keep up-to-date with firmware, hardware, and software patches.
C. Ensure all stakeholders are aware of the dangers of social engineering.
D. Encrypt all sensitive data, especially if it passes over hostile networks.
E. Configure the network so that only necessary services are exposed.
Correct Answer: ADE
QUESTION 6
Refer to the following figure. What is the missing step in the Cisco System Development Life Cycle for Secure Networks?
A. Examination
B. Operations and Management
C. Operations and Maintenance
D. Extrapolation
E. None of these.
Correct Answer: C QUESTION 7
True or false. Scanners monitor (scan) a network for signs of probes and attacks, whereas sensors probe (sense) a network for vulnerabilities.
A. True
B. False
Correct Answer: B QUESTION 8
In the context of network security, there are policies, standards, guidelines, and procedures. True or False: Policies stipulate the details of day-to-day implementation.
A. True
B. False
Correct Answer: B QUESTION 9
Cisco specifies four systems that integrate, collaborate, and adapt to prevent attacks. Match the Cisco products below with the system that they provide:
Select and Place:
Correct Answer:
QUESTION 10
True or False.
The concept of least privileges specifies that every network security element should have at least the minimum privileges necessary to perform a task.
A. True
B. False
Correct Answer: B
QUESTION 11
Look at the following commands and pick the answers that best represent what is being accomplished: CiscoISR(config)#line vty 0 4 CiscoISR(config-line)#login CiscoISR(config-line)#password sanjose
A. In-band users on the 5 default vty line interfaces on a Cisco router will be required to enter the password sanjose before they can access user mode.
B. In-band users on the 5 default vty line interfaces on a Cisco router will be required to enter the password sanjose before they can access enable mode.
C. In-band users on the 5 default vty line interfaces on a Cisco router will be able to login to enable mode with the same password. The password is automatically encrypted.
D. In-band users on the 5 default vty line interfaces on a Cisco router will be unable to login to enable mode without a separate enable password or enable secret.
E. None of these.
Correct Answer: AD