CH 5 & 6 HW and exam review

Description

CCNA Security CH 5 & 6 HW and exam review
Anthony Schulmeister
Quiz by Anthony Schulmeister, updated more than 1 year ago
Anthony Schulmeister
Created by Anthony Schulmeister about 8 years ago
1398
1

Resource summary

Question 1

Question
Refer to the exhibit. A network administrator is configuring an IOS IPS. Which statement describes the IPS signatures that are enabled?
Answer
  • These signatures ready here detect attacks within a single packet.
  • These signatures ready here detect attacks that target a single host.
  • These signatures ready here detect attacks that are from the same source.
  • These signatures ready here detect attacks with a sequence of operations

Question 2

Question
What is a zero-day attack?
Answer
  • It is a computer attack that occurs on the first day of the month.
  • It is an attack that results in no hosts able to connect to a network.
  • It is a computer attack that exploits unreported software vulnerabilities.
  • It is an attack that has no impact on the network because the software vendor has mitigated the vulnerability.

Question 3

Question
Which command releases the dynamic resources associated with the Cisco IOS IPS on a Cisco router?
Answer
  • Router# clear ips statistics
  • Router# clear ip sdee events
  • Router# clear sdee subscriptions
  • Router# clear ip ips configuration

Question 4

Question
What are two actions that an IPS can perform whenever a signature detects the activity for which it is configured? (Choose two.)
Answer
  • allow the activity
  • disable the link
  • reconverge the network
  • restart the infected device
  • drop or prevent the activity

Question 5

Question
What is a disadvantage of network-based IPS devices?
Answer
  • They use signature-based detection only.
  • They cannot detect attacks that are launched using encrypted packets.
  • They are implemented in expensive dedicated appliances.
  • They cannot take immediate actions when an attack is detected.

Question 6

Question
What are two disadvantages of using an IDS? (Choose two.)
Answer
  • The IDS has no impact on traffic.
  • The IDS does not stop malicious traffic.
  • The IDS works offline using copies of network traffic.
  • The IDS requires other devices to respond to attacks.
  • The IDS analyzes actual forwarded packets.

Question 7

Question
A network administrator was testing an IPS device by releasing multiple packets into the network. The administrator examined the log and noticed that a group of alarms were generated by the IPS that identified normal user traffic. Which term describes this group of alarms?
Answer
  • true positive
  • true negative
  • false positive
  • false negative

Question 8

Question
Which Cisco feature sends copies of frames entering one port to a different port on the same switch in order to perform traffic analysis?
Answer
  • CSA
  • HIPS
  • SPAN
  • VLAN
  • ACL

Question 9

Question
What is an IPS signature?
Answer
  • It is the timestamp that is applied to logged security events and alarms.
  • It is the authorization that is required to implement a security policy.
  • It is a set of patterns used to detect typical intrusive activity.
  • It is a security script that is used to detect unknown threats.

Question 10

Question
What is a disadvantage of a pattern-based detection mechanism?
Answer
  • Its configuration is complex.
  • It cannot detect unknown attacks.
  • It is difficult to deploy in a large network.
  • The normal network traffic pattern must be profiled first.

Question 11

Question
Which two devices are examples of endpoints susceptible to malware-related attacks? (Choose two.)
Answer
  • switch
  • server
  • wireless access point
  • desktop
  • IP telephony device

Question 12

Question
What would be the primary reason an attacker would launch a MAC address overflow attack?
Answer
  • so that the switch stops forwarding traffic
  • so that legitimate hosts cannot obtain a MAC address
  • so that the attacker can see frames that are destined for other hosts
  • so that the attacker can execute arbitrary code on the switch

Question 13

Question
What is a recommended best practice when dealing with the native VLAN?
Answer
  • Turn off DTP.
  • Use port security.
  • Assign it to an unused VLAN.
  • Assign the same VLAN number as the management VLAN.

Question 14

Question
What is the best way to prevent a VLAN hopping attack?
Answer
  • Disable STP on all nontrunk ports.
  • Use ISL encapsulation on all trunk links.
  • Use VLAN 1 as the native VLAN on trunk ports.
  • Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports.

Question 15

Question
What mitigation plan is best for thwarting a DoS attack that is creating a switch buffer overflow?
Answer
  • Disable DTP.
  • Disable STP.
  • Enable port security.
  • Place unused ports in an unused VLAN.

Question 16

Question
Refer to the exhibit above. What happens when Host 1 attempts to send data?
Answer
  • Frames from Host 1 cause the interface to shut down.
  • Frames from Host 1 are dropped and no log message is sent.
  • Frames from Host 1 create a MAC address entry in the running-config.
  • Frames from Host 1 will remove all MAC address entries in the address table.

Question 17

Question
All access ports on a switch are configured with the administrative mode of dynamic auto. An attacker, connected to one of the ports, sends a malicious DTP frame. What is the intent of the attacker?
Answer
  • VLAN hopping
  • DHCP spoofing attack
  • MAC flooding attack
  • ARP poisoning attack

Question 18

Question
Refer to the exhibit. A network engineer is securing a network against DHCP spoofing attacks. On all switches, the engineer applied the ip dhcp snooping command and enabled DHCP snooping on all VLANs with the ip dhcp snooping vlan command. What additional step should be taken to configure the security required on the network?
Answer
  • Issue the ip dhcp snooping trust command on all uplink interfaces on SW1, SW2 and SW3.
  • Issue the ip dhcp snooping trust command on all interfaces on SW2 and SW3.
  • Issue the ip dhcp snooping trust command on all interfaces on SW1, SW2, and SW3.
  • Issue the ip dhcp snooping trust command on all interfaces on SW1, SW2, and SW3 except interface Fa0/1 on SW1.

Question 19

Question
Which countermeasure can be implemented to determine the validity of an ARP packet, based on the valid MAC-address-to-IP address bindings stored in a DHCP snooping database?
Answer
  • DHCP snooping
  • dynamic ARP inspection
  • MAC table inspection
  • Port security snooping

Question 20

Question
What are two purposes for an attacker launching a MAC table flood? (Choose two.)
Answer
  • to initiate a man-in-the-middle attack
  • to initiate a denial of service (DoS) attack
  • to capture data from the network
  • to gather network topology information
  • to exhaust the address space available to the DHCP

Question 21

Question
Which type of attacks can be mitigated by port security?
Answer
  • dictionary
  • replay
  • MAC-address flooding
  • password
  • VLAN hopping
  • Double tagging

Question 22

Question
What are two actions a hacker may take in a VLAN hopping attack? (Choose two.)
Answer
  • replying to ARP requests that are intended for other recipients
  • sending malicious dynamic trunking protocol (DTP) frames
  • replying to DHCP requests that are intended for a DHCP server
  • sending a unicast flood of Ethernet frames with distinct source MAC addresses
  • sending frames with two 802.1Q headers
Show full summary Hide full summary

Similar

CCNA Security 210-260 IINS - Exam 1
Mike M
CCNA Security 210-260 IINS - Exam 2
Mike M
CCNA Security Final Exam
Maikel Degrande
CCNA Security HW 3 & 4 (also exam review)
Anthony Schulmeister
CCNA Security Chapter 4 Exam
d94829 d94829
CCNA Security Chapter 6 Exam
d94829 d94829
CCNA Security 210-260 IINS - Exam 1
Ricardo Nuñez
CH 7 & 8 HW and Exam Review
Anthony Schulmeister
CCNA Security 210-260 IINS - Exam 3
irvin pastora
CCNA Security 210-260 IINS - Exam 1
irvin pastora