Cisco CCNA Security Chapter 5 Answers

CCNA Security - Chapter 5 Exam Answers (Jawaban)

1. An IPS sensor has detected the string confidential across multiple packets in a TCP session. Which type of signature trigger and signature type does this describe?

Answer:                              

* Trigger: Pattern-based detection

Type: Composite signature

2. A network administrator tunes a signature to detect abnormal activity that might be malicious and likely to be an immediate threat. What is the perceived severity of the signature?

Answer:

* medium

3. What are two major drawbacks to using HIPS? (Choose two.)

Answer:

* HIPS has difficulty constructing an accurate network picture or coordinating the events happening across the entire network.

* With HIPS, the network administor must verify support for all the different operating systems used in the network.

4. Which type of intrusion detection triggers an action if excessive activity occurs beyond a specified threshold of normal activity?

Answer:

* anomaly-based detection

5. Which two statements characterize a network-based IPS implementation? (Choose two.)

Answer:

* It is unable to examine encrypted traffic.

* It is independent of the operating system on hosts.

6. What information is provided by the show ip ips configuration configuration command?

Answer:

* the default actions for attack signatures

7. When editing IPS signatures with SDM, which action drops all future packets from a TCP flow?

Answer:

* Deny Connection Inline

8. Refer to the exhibit. A user was installing a Flash Player upgrade when the CSA displayed the dialog box shown. Which default action is taken by CSA if the user does not respond within 4 minutes and 20 seconds?

Answer:

* The action is denied, and a log entry is recorded.

9. Refer to the exhibit. When modifying an IPS signature action, which two check boxes should be selected to create an ACL that denies all traffic from the IP address that is considered the source of the attack and drops the packet and all future packets from the TCP flow? (Choose two.)

Answer:

* Deny Attacker Inline

* Deny Connection Inline

10. Refer to the exhibit. What is the significance of the number 10 in the signature 6130 10 command?

Answer:

* It is the subsignature ID.

11. What is a disadvantage of network-based IPS as compared to host-based IPS?

Answer:

* Network-based IPS cannot examine encrypted traffic.

12. Which two files could be used to implement Cisco IOS IPS with version 5.x format signatures? (Choose two.)

Answer:

* IOS-Sxxx-CLI.pkg

* realm-cisco.pub.key.txt

13. Why is a network that deploys only IDS particularly vulnerable to an atomic attack?

Answer:

* The IDS permits malicious single packets into the network.

14. Refer to the exhibit. Based on the SDM screen shown, which two actions will the signature take if an attack is detected? (Choose two.)

Answer:

* Generate an alarm message that can be sent to a syslog server.

* Create an ACL that denies traffic from the attacker IP address.

15. Which two Cisco IOS commands are required to enable IPS SDEE message logging? (Choose two.)

Answer:

* ip http server

* ip ips notify sdee

16. Refer to the exhibit. Which option tab on the SDM IPS screen is used to view the Top Threats table and deploy signatures associated with those threats?

Answer:

* Security Dashboard

17. Which Cisco IOS configuration option instructs the IPS to compile a signature category named ios_ips into memory and use it to scan traffic?

Answer:

* R1(config)# ip ips signature-category

R1(config-ips-category)# category ios_ips basic

R1(config-ips-category-action)# retired false

18. Refer to the exhibit. What is the result of issuing the Cisco IOS IPS commands on router R1?

Answer:

* All traffic that is permitted by the ACL is subject to inspection by the IPS.

19. What are two IPS configuration best practices that can help improve IPS efficiency in a network? (Choose two.)

Answer:

* Ensure that signature levels that are supported on the management console are synchronized with the signature packs on the sensors.

* Place signature packs on a dedicated FTP server within the management network.

20. Refer to the exhibit. What is the significance of the small red flag waving in the Windows system tray?

Answer:

* Cisco Security Agent is active and has detected a potential security problem.

21. Which two benefits does the IPS version 5.x signature format provide over the version 4.x signature format? (Choose two.)

Answer:

* addition of a signature risk rating.

* support for encrypted signature parameters.

Sumber : http://ccna-exam-answers-final.blogspot.com/2013/08/ccna-security-chapter-5-exam-answers.html
blog.ceaster.com - www.ceaster.com Ceaster Corp

Read More

Cisco CCNA Security Chapter 4 Answers

CCNA Security - Chapter 4 Exam Answers (Jawaban Cisco)

1. Which statement accurately describes Cisco IOS zone-based policy firewall operation?

Answer:

* The pass action works in only one direction.

2. Which location is recommended for extended numbered or extended named ACLs?

Answer:

* a location as close to the source of traffic as possible

3. When using Cisco IOS zone-based policy firewall, where is the inspection policy applied?

Answer:

* a zone pair

4. Refer to the exhibit. Based on the SDM screen shown, which statement describes the zone-based firewall component being configured?

Answer:

* a class map that inspects all traffic that uses the HTTP, SMTP, and DNS protocols

5. Refer to the exhibit. Based on the SDM screen shown, which two statements describe the effect this zone-based policy firewall has on traffic? (Choose two.)

Answer:

* HTTP traffic from the in-zone to the out-zone is inspected.

* Traffic from the in-zone to the out-zone is denied if the source address is in the 127.0.0.0/8 range.

6. Which type of packet is unable to be filtered by an outbound ACL?

Answer:

* router-generated packet

7. Refer to the exhibit. If a hacker on the outside network sends an IP packet with source address 172.30.1.50, destination address 10.0.0.3, source port 23, and destination port 2447, what does the Cisco IOS firewall do with the packet?

Answer:

* The packet is dropped.

8. Which zone-based policy firewall zone is system-defined and applies to traffic destined for the router or originating from the router?

Answer:

* self zone

9. Which statement correctly describes a type of filtering firewall?

Answer:

* A stateful firewall monitors the state of connections, whether the connection is in an initiation, data transfer, or termination state.

10. In addition to the criteria used by extended ACLs, what conditions are used by CBAC to filter traffic?

Answer:

* application layer protocol session information

11. Which statement describes the characteristics of packet-filtering and stateful firewalls as they relate to the OSI model?

Answer:

* A packet-filtering firewall typically can filter up to the transport layer, while a stateful firewall can filter up to the session layer.

12. Refer to the exhibit. What is represented by the area marked as “A”?

Answer:

* DMZ

13. Which three actions can a Cisco IOS zone-based policy firewall take if configured with Cisco SDM? (Choose three.)

Answer:

* inspect

* drop

* pass

14. A router has CBAC configured and an inbound ACL applied to the external interface. Which action does the router take after inbound-to-outbound traffic is inspected and a new entry is created in the state table?

Answer:

* A dynamic ACL entry is added to the external interface in the inbound direction.

15. For a stateful firewall, which information is stored in the stateful session flow table?

Answer:

* source and destination IP addresses, and port numbers and sequencing information associated with a particular session

16. Refer to the exhibit. The ACL statement is the only one explicitly configured on the router. Based on this information, which two conclusions can be drawn regarding remote access network connections? (Choose two.)

Answer:

* SSH connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are allowed.

* Telnet connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are blocked.

17. When configuring a Cisco IOS zone-based policy firewall, which three actions can be applied to a traffic class? (Choose three.)

Answer:

* drop

* inspect

* pass

18. Refer to the exhibit. In a two-interface CBAC implementation, where should ACLs be applied?

Answer:

* inside and outside interfaces

19. Which two parameters are tracked by CBAC for TCP traffic but not for UDP traffic? (Choose two.)

Answer:

* sequence number

* SYN and ACK flags

20. What is the first step in configuring a Cisco IOS zone-based policy firewall using the CLI?

Answer:

* Create zones.

21. Which two are characteristics of ACLs? (Choose two.)

Answer:

* Extended ACLs can filter on destination TCP and UDP ports.

* Extended ACLs can filter on source and destination IP addresses.

22. Which type of packets exiting the network of an organization should be blocked by an ACL?

Answer:

* packets with source IP addresses outside of the organization's network address space

23. When logging is enabled for an ACL entry, how does the router switch packets filtered by the ACL?

Answer:

* process switching

Sumber : http://ccna-exam-answers-final.blogspot.com/2013/08/ccna-security-chapter-4-exam-answers.html

blog.ceaster.com - www.ceaster.com Ceaster Corp

Read More

Cisco CCNA Security Chapter 3 Answers

CCNA Security - Chapter 3 Exam Answers

1. Why is local database authentication preferred over a password-only login?

Answer:

* It provides for authentication and accountability.

2. What is a characteristic of AAA?

Answer:

* Authorization can only be implemented after a user is authenticated.

3. Due to implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this?

Answer:

* authorization

4. Which two AAA access method statements are true? (Choose two.)

Answer:

* Character mode provides users with administrative privilege EXEC access and requires use of the console, vty, or tty ports.

* Packet mode provides remote users with access to network resources and requires use of dialup or VPN.

5. Which two statements describe AAA authentication? (Choose two.)

Answer:

* Server-based AAA authentication is more scalable than local AAA authentication.

* Server-based AAA authentication can use the RADIUS or TACACS+ protocols to communicate between the router and a AAA server.

6. What is a difference between using the login local command and using local AAA authentication for authenticating administrator access?

Answer:

* Local AAA provides a way to configure backup methods of authentication; login local does not.

7. Refer to the exhibit. Router R1 has been configured as shown, with the resulting log message. On the basis of the information presented, which two AAA authentication statements are true? (Choose two.)

Answer:

* The locked-out user failed authentication.

* The locked-out user stays locked out until the clear aaa local user lockout username Admin command is issued.

8. Refer to the exhibit. Router R1 is configured as shown. An administrative user attempts to use Telnet from router R2 to router R1 using the interface IP address 10.10.10.1. However, Telnet access is denied. Which option corrects this problem?

Answer:

* The administrative user should use the username Admin and password Str0ngPa55w0rd.

9. When configuring a method list for AAA authentication, what is the effect of the keyword local?

Answer:

* It accepts a locally configured username, regardless of case.

10. What is a characteristic of TACACS+?

Answer:

* TACACS+ provides authorization of router commands on a per-user or per-group basis.

11. Which statement identifies an important difference between TACACS+ and RADIUS?

Answer:

* The TACACS+ protocol allows for separation of authentication from authorization.

12. In regards to Cisco Secure ACS, what is a client device?

Answer:

* a router, switch, firewall, or VPN concentrator

13. What is the result if an administrator configures the aaa authorization command prior to creating a user with full access rights?

Answer:

* The administrator is immediately locked out of the system.

14. When configuring a Cisco Secure ACS, how is the configuration interface accessed?

Answer:

* A Web browser is used to configure a Cisco Secure ACS.

15. Which AAA protocol and feature best support a large ISP that needs to implement detailed accounting for customer invoicing?

Answer:

* RADIUS because it supports detailed accounting that is required for billing users

16. After accounting is enabled on an IOS device, how is a default accounting method list applied?

Answer:

* The default accounting method list is automatically applied to all interfaces, except those with named accounting method lists.

17. Refer to the exhibit. In the network shown, which AAA command logs the use of EXEC session commands?

Answer:

* aaa accounting exec start-stop group tacacs+

18. How does a Cisco Secure ACS improve performance of the TACACS+ authorization process?

Answer:

* reduces delays in the authorization queries by using persistent TCP sessions

19. Refer to the exhibit. Which Cisco Secure ACS menu is required to configure the IP address and secure password of an AAA client?

Answer:

* Network Configuration

20. What is an effect if AAA authorization on a device is not configured?

Answer:

* Authenticated users are granted full access rights.

Sumber : http://ccna-exam-answers-final.blogspot.com/2013/08/ccna-security-chapter-3-exam-answers.html
blog.ceaster.com - www.ceaster.com Ceaster Corp

Read More

Soal Edmodo CS 2 Kemanan Jaringan - CCNA Security Chapter versi Indonesia

Edmodo CS 2  Tentang Keamanan Jaringan - Diambil dari Cisco CCNA Security Chapter 2 versi indonesia

1. Berikut ini adalah operasi yang diperlukan untuk melaksanakan Cisco SDM One-Step Lockdown, yaitu...
- Pilih fitur Lockdown One-Step
- Memberikan perubahan konfigurasi ke router

2. Jika AAA sudah diaktifkan, salah satu langkah CLI yang diperlukan untuk mengkonfigurasi router dengan view tertentu adalah...
* Menetapkan sandi rahasia untuk melihat

3. Lihat gambar. Router R1 dan R2 terhubung melalui link serial . Satu router dikonfigurasi sebagai master NTP, dan yang lainnya adalah klien NTP . Manakah informasi yang dapat diperoleh dari partial output dari perintah ntp associations detail pada R2?
* Router R1 adalah master , dan R2 adalah klien.

4. Lihat gambar. Berikut ini adalah pernyataan yang menggambarkan saat pengaturan SDM logging, yaitu...
* Alamat IP syslog server adalah 192.168.1.3

5. Berikut ini adalah pernyataan yang sesuai dengan perintah CLI ke wizard SDM yang melakukan fungsi konfigurasi yang sama,yaitu...
* auto secure privileged EXEC command dan wizard SDM One-Step Lockdown

6. Berikut ini adalah rekomendasi praktek keamanan untuk mencegah penyerang dari melakukan recovery password pada router Cisco IOS untuk tujuan memperoleh akses ke privileged EXEC mode, yaitu...
* Tempatkan router di ruang terkunci aman yang dapat diakses hanya untuk petugas yang berwenang.

7. Pilihan yang dapat dikonfigurasi oleh Cisco AutoSecure adalah...
* CBAC

8. Lihat gambar. Apa arti penting dari secret 5 dalam output yang dihasilkan ?
* Password ADMIN di-hash menggunakan MD5

9. Berikut ini adalah panjang kunci modulus minimum yang direkomendasikan yang dihasilkan untuk digunakan dengan SSH, yaitu...
* 1024

10. Berikut ini adalah karakteristik yang berlaku untuk Peran Berbasis CLI Access superviews,yaitu...
* Pengguna login ke SuperView dapat mengakses semua perintah yang ditentukan dalam view CLI terkait .

11. Lihat gambar. Apakah fakta yang dapat ditentukan dari output tersebut?
* Fitur konfiguras Cisco IOS Resilient diaktifkan

12. Apakah karakteristik dari wizard Audit SDM Security?
* Hal ini dimulai dari CLI dan mengeksekusi script di mana fungsi pesawat manajemen dan forwarding layanan pesawat diuji terhadap kerentanan diketahui.

13. Secara default, berapa detik penundaan antara usaha login virtual dipanggil saat login blok - perintah dikonfigurasi?
* satu

14. Administrator perlu menciptakan akun pengguna dengan akses kustom untuk kebanyakan perintah privileged EXEC. Perintah privilege manakah yang digunakan untuk membuat account kustom ini?
* privilege exec level 2

15. Berikut ini adalah seperangkat perintah yang diperlukan untuk membuat username admin, hash password menggunakan MD5 , dan memaksa router untuk mengakses database username internal ketika seorang user mencoba untuk mengakses konsol, yaitu
* R1(config)# username admin secret Admin01pa55
R1(config)# line con 0
R1(config-line)# login local

16. Berikut ini adalah bidang keamanan router yang harus dijaga untuk mengamankan edge router pada perimeter jaringan, kecuali...

* Keamanan akses remote

17. Lihat gambar. Berikut ini adalah pernyataan mengenai akun JR - Admin yang benar, yaitu...

* JR - Admin dapat mengeluarkan ping dan kembali perintah.

18. Layanan yang diaktifkan pada Cisco router secara default yang dapat mengungkapkan informasi penting tentang router dan berpotensi membuatnya lebih rentan terhadap serangan adalah...

* CDP

19. Apakah kharakteristik dari SNMP community strings?

* Community string SNMP read-only dapat digunakan untuk mendapatkan informasi dari perangkat SNMP yang aktif.

20. Lihat gambar. Berdasarkan output dari perintah show running- config , jenis tampilan yang SUPPORT adalah...

* View secret, dengan password terenkripsi level 5.

21. Apakah informasi yang dapat diperoleh dari pesan tersebut?

* Pesan ini adalah pesan pemberitahuan level lima

22. Berikut ini adalah service-service pada router, yang Cisco SDM One-Step Lockdown lakukan. Kecuali...

* SNMP

23. Berikut ini adalah perintah yang diperlukan untuk mengembalikan bootset primary dari secure archive pada router ketika Cisco IOS resilience diaktifkan, kecuali...

* Restart router, masuk mode privileged EXEC, and menampilkan nama image secure bootset Cisco IOS menggunakan perintah show flash

24. Administrator didefinisikan sebagai account pengguna lokal dengan password rahasia pada router R1 untuk digunakan dengan SSH . Berikut ini adalah langkah tambahan yang diperlukan untuk mengkonfigurasi R1 untuk menerima koneksi SSH yang dienkripsi, kecuali...

* enable inbound vty Telnet sessions

25. Pernyataan manakah yang menjelaskan pengoperasian wizard Audit Cisco SDM Security?

* Wizard membandingkan konfigurasi router terhadap pengaturan yang disarankan.

blog.ceaster.com - www.ceaster.com Ceaster Corp

Read More

CCNA Security - Chapter 2 Exam Answers 2014

CCNA Security - Chapter 2 Exam Answers 2014

1. Refer to the exhibit. What two pieces of information can be gathered from the generated message? (Choose two.)

Answer:

* This message is a level five notification message.

* This message indicates that service timestamps have been globally enabled.

2. By default, how many seconds of delay between virtual login attempts is invoked when the login block-for command is configured?

Answer:

* one

3. Refer to the exhibit. Routers R1 and R2 are connected via a serial link. One router is configured as the NTP master, and the other is an NTP client. Which two pieces of information can be obtained from the partial output of the show ntp associations detail command on R2? (Choose two.)

Answer:

* Router R1 is the master, and R2 is the client.

* The IP address of R1 is 192.168.1.2.

4. What are two characteristics of the SDM Security Audit wizard? (Choose two.)

Answer:

* It displays a screen with Fix-it check boxes to let you choose which potential security-related configuration changes to implement.

* It requires users to first identify which router interfaces connect to the inside network and which connect to the outside network.

5. If AAA is already enabled, which three CLI steps are required to configure a router with a specific view? (Choose three.)

Answer:

* assign a secret password to the view

* assign commands to the view

* create a view using the parser viewview-name command

6. Refer to the exhibit. Which statement regarding the JR-Admin account is true?

Answer:

* JR-Admin can issue ping and reload commands.

7. Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode?

Answer:

* Locate the router in a secure locked room that is accessible only to authorized personnel.

8. Which three options can be configured by Cisco AutoSecure? (Choose three.)

Answer:

* CBAC

* security banner

* enable secret password

9. Refer to the exhibit. Based on the output of the show running-config command, which type of view is SUPPORT?

Answer:

* superview, containing SHOWVIEW and VERIFYVIEW views

10. Which three services on a router does Cisco SDM One-Step Lockdown enable? (Choose three.)

Answer:

* SSH access to the router

* password encryption service

* firewall on all outside interfaces

11. An administrator defined a local user account with a secret password on router R1 for use with SSH. Which three additional steps are required to configure R1 to accept only encrypted SSH connections? (Choose three.)

Answer:

* configure the IP domain name on the router

* generate the SSH keys

* enable inbound vty SSH sessions

12. Which statement describes the operation of the Cisco SDM Security Audit wizard?

Answer:

* The wizard compares a router configuration against recommended settings.

13. An administrator needs to create a user account with custom access to most privileged EXEC commands. Which privilege command is used to create this custom account?

Answer:

* privilege exec level 2

14. Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.)

Answer:

* physical security

* operating system security

* router hardening

15. Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack?

Answer:

* CDP

16. Which two operations are required to implement Cisco SDM One-Step Lockdown? (Choose two.)

Answer:

* Choose the One-Step Lockdown feature.

* Deliver the configuration changes to the router.

17. Which statement matches the CLI commands to the SDM wizard that performs similar configuration functions?

* auto secure privileged EXEC command and the SDM One-Step Lockdown wizard

18. Refer to the exhibit. What is the significance of secret 5 in the generated output?

Answer:

* The ADMIN password is hashed using MD5.

19. Which three commands are required to restore a primary bootset from a secure archive on a router on which Cisco IOS resilience is enabled? (Choose three.)

Answer:

* Restart the router in ROM monitor mode and display the secure bootset Cisco IOS image name using the dir command.

* Boot the secure bootset Cisco IOS image using the boot command with the filename.

* Restore the secure configuration file using the secure boot-config restore filename command.

20. Which set of commands are required to create a username of admin, hash the password using MD5, and force the router to access the internal username database when a user attempts to access the console?

Answer:

* R1(config)# username admin secret Admin01pa55

R1(config)# line con 0

R1(config-line)# login local          

21. Refer to the exhibit. Which two statements describe the current SDM logging setup? (Choose two.)

Answer:

* All messages with a trap level of 4 and lower (more critical) will be logged.

* The syslog server IP address is 192.168.1.3.

22. What are two characteristics of SNMP community strings? (Choose two.)

Answer:

* SNMP read-only community strings can be used to get information from an SNMP-enabled device.

* SNMP read-write community strings can be used to set information on an SNMP-enabled device.

23. What is the minimum recommended modulus key length for keys generated to use with SSH?

Answer:

* 1024

24. Which two characteristics apply to Role-Based CLI Access superviews? (Choose two.)

Answer:

* Users logged in to a superview can access all commands specified within the associated CLI views.

* Commands cannot be configured for a specific superview.

25. Refer to the exhibit. What two facts can be determined from the output? (Choose two.)

Answer:

* The Cisco IOS image and configuration files have been properly secured.

* The Cisco IOS Resilient Configuration feature is enabled.

26. What are three requirements that must be met if an administrator wants to maintain device configurations via secure in-band management? (Choose three.)

Answer:

* network devices configured to accommodate SSH

* encryption of all remote access management traffic

* connection to network devices through a production network or the Internet

* direct access to the console ports of all network devices

Sumber : http://ccna-exam-answers-final.blogspot.com/2013/08/ccna-security-chapter-2-exam-answers.html
blog.ceaster.com - www.ceaster.com Ceaster Corp

Read More