CCDA FAQ: Managing Security

CCDA FAQ: Managing Security

Q1. What technique can be used to protect private information that is transported over the Internet between the headquarters and branch office? (Select the best answer.)
a. Authentication
b. Log all data
c. Encryption
d. Accounting

Answer: C. Encryption can protect data transported between sites over the Internet.

Q2. What would be recommended to protect database servers connected to or accessible from the Internet? (Select all that apply.)
a. Firewall
b. Server load balancing (SLB)
c. Syslog
d. SPAN

Answer: A. Firewalls have the capabilities to protect database servers in DMZ segments.

Q3. What network security issue does 3DES encryption aim to solve?
a. Data integrity
b. User authentication
c. Data authentication
d. Data confidentiality

Answer: D. Encryption is a security technique for protecting the data confidentiality of information.

Q4. Users are reporting a DoS attack in the DMZ. All the servers have been patched, and all unnecessary services have been turned off. What else can you do to alleviate some of the attack’s effects? (Select all that apply.)
a. Rate limit traffic on the firewall’s ingress.
b. Use ACLs to let only allowed traffic into the network.
c. Block all TCP traffic from unknown sources.
d. DHCP snooping for the DMZ segment.

Answer: A and B. The use of ACLs and rate limiting can alleviate the effects of a DoS attack being performed.

Q5. You are a network engineer for ABC Corp. You need to bring your coworkers up-todate on network security threats. What would you discuss with them? (Select all that apply.)
a. Reconnaissance and gaining unauthorized access
b. DHCP snooping
c. DMZ security
d. DoS

Answer: A and D. DoS, reconnaissance, and gaining unauthorized access are security threats.

Q6. True or false: IPsec can ensure data integrity and confidentiality across the Internet.

Answer: True. IPsec can ensure data integrity and confidentiality across the Internet.

Q7. What focuses on the accuracy and controls imposed on a company’s financial records?
a. HIPAA
b. GLBA
c. SOX
d. EU Data Protection Directive

Answer: C. SOX focuses on the accuracy and controls imposed on a company’s financial records.

Q8. What are components of managing the security infrastructure? (Select all that apply.)
a. Security management policy
b. Incident-handling policy
c. Network access control policy
d. None of the above

Answer: A, B, and C. Managing the security infrastructure has components that include the overall security management policy, incident-handling policy, and network access control policy.

Q9. Which security legislative body calls for the protection of people’s privacy?
a. HIPAA
b. GLBA
c. EU Data Protection Directive
d. SOX

Answer: C. EU Data Protection Directive calls for the protection of the people’s right to privacy with respect to the processing of personal data.

Q10. How can attackers obtain sensitive account information? (Select all that apply.)
a. Password-cracking utilities
b. Capturing network traffic
c. Social engineering
d. All of the above

Answer: D. Attackers can use password-cracking utilities, capture network traffic, and use social engineering to obtain sensitive information.

Q11. What best describes how to protect data’s integrity?
a. System availability
b. Data confidentiality
c. Ensuring that only legitimate users can view sensitive data
d. Allowing only authorized users to modify data

Answer: D. Data integrity allows only authorized users to modify data, ensuring that the data is authentic.

Q12. What provides an audit trail of network activities?
a. Authentication
b. Accounting
c. Authorization
d. SSHv1

Answer: B. Accounting provides an audit trail of activities by logging the actions of the user.

Q13. What authenticates valid DHCP servers to ensure unauthorized host systems are not from interfering with production systems?

Answer: DHCP snooping authenticates valid DHCP servers, thereby preventing rouge DHCP servers from interfering with real production servers.

Q14. What contains the organization’s procedures, guidelines, and standards?

Answer: The security policy contains the organization’s procedures, guidelines, and standards.

Q15. How can you enforce access control? (Select all that apply.)
a. Restrict access using VLANs
b. Restrict access using OS-based controls
c. Use encryption techniques
d. All of the above

Answer: D. Access control can be enforced by restricting access using VLANs, OS-based controls, and encryption techniques.

Q16. What is a general user document that is written in simple language to describe the roles and responsibilities within risk management?

Answer: An acceptable-use policy describes roles and responsibilities.

Q17. True or false: The network access control policy defines the general access control principles used and how data is classified, such as confidential, top secret, or internal.

Answer:

Q18. What are the four steps used to facilitate continuing efforts in maintaining security policies?
a. Secure, monitor, maintain, close out
b. Monitor, test, evaluate, purchase
c. Improve, test, purchase, evaluate
d. Secure, monitor, test, improve

Answer: D

Q19. Match the encryption keys and VPN protocols with their definitions.
i. IPsec
ii. SSL
iii. Shared secret
iv. PKI
a. Both sides use the same key.
b. Uses AH and ESP.
c. Web browser TCP port 443.
d. Asymmetric cryptography.

Answer: i = B, ii = C, iii = A, iv = D

Q20. What does Cisco recommend as the foundation of any deployed security solution?
a. Customer requirements
b. Security audit
c. SLA policy
d. Security policy

Answer: D. The foundation of security solutions is a security policy.

Q21. Which two of the following protocols are used for IP security?
a. SSH and EIGRP
b. BGP and TCP
c. AH and ESP
d. SSH and RIP

Answer: C. AH and ESP are part of IP security.

Q22. Which security solution best meets requirements for confidentiality, integrity, and authenticity when using the public network such as the Internet?
a. Cisco IOS firewall
b. Intrusion prevention
c. Secure connectivity
d. AAA
e. Traffic Guard Protector

Answer: C. Secure connectivity has requirements of confidentiality, integrity, and authenticity when using the Internet as a transport.

Q23. What uses security integrated into routers, switches, and appliances to defend against attacks?
a. Trust and identity management
b. Threat defense
c. Secure connectivity
d. Cisco SAFE
e. Secure firewalling

Answer: B. Threat defense integrates security into routers, switches, and appliances to ward off attacks.

Q24. Encryption and authentication are used to provide secure transport across untrusted networks by providing ________________.
a. Trust and identity management
b. Threat defense
c. Secure connectivity
d. Cisco SAFE
e. Secure firewalling

Answer: C. Secure connectivity has requirements of encryption and authentication to provide secure transport access public networks.

Q25. Which of the following security legislation applies protection for credit card holder data?
a. SOX
b. GLBA
c. HIPAA
d. PCI DSS

Answer: D. Payment Card Industry Data Security Standards (PCI DSS) is a security standard that defines standards to protect credit card holder data.

Q26. What classification of security threat gathers information about the target host?
a. Gaining unauthorized access
b. Reconnaissance
c. Denial of service
d. None of the above

Answer: B. Reconnaissance is used to gather information from the hosts attached to the network.

Q27. What type of security threat works to overwhelm network resources such as memory, CPU, and bandwidth?
a. Denial of service
b. Reconnaissance
c. Gaining unauthorized access
d. NMAP scans

Answer: A. DoS attacks aim to overwhelm resources such as memory, CPU, and bandwidth, and thus impact the target system and denying legitimate user’s access.

Q28. What is it called when attackers change sensitive data without proper authorization?
a. VLAN filtering
b. ACLs
c. Integrity violations
d. Loss of availability

Answer: C. When attackers change sensitive data without the proper authorization, this is called an integrity violation.

Q29. What security document focuses on the processes and procedures for managing network events in addition to emergency-type scenarios?
a. Acceptable-use policy
b. Incident-handling policy
c. Network access control policy
d. Security management policy

Answer: B. Incident-handling policies define the processes and procedures for managing security incidents, including the handling of emergency-type scenarios.

Q30. Authentication of the identity is based on what attributes? (Select all that apply.)
a. Something the subject knows
b. Something the subject has
c. Something the subject is
d. All of the above

Answer: D. Authentication of the identity can be based on any of the attributes or a combination thereof.

Q31. What VPN protocol uses encrypted point-to-point GRE tunnels?
a. GRE-based VPN
b. Cisco Easy VPN
c. Cisco GET VPN
d. Cisco DMVPN

Answer: D. Cisco DMVPN provides encrypted point-to-point GRE tunnels. GRE-based VPNs do not use encryption.

Q32. What are some physical security guidelines to consider for a secure infrastructure? (Select all that apply.)
a. Evaluate potential security breaches
b. Use physical access controls such as locks or alarms
c. Assess the impact of stolen network resources and equipment
d. Syslog and SNMP analysis

Answer: A, B, and C. Evaluating security breaches, using locks or alarms, and assessing the impact of stolen resources are all physical security guidelines to consider for a secure infrastructure.

Q33. Which of the following benefits does a security management solution provide?
a. SAINT scans
b. Provisions network security policies for deployment
c. Prevents unauthorized access
d. NMAP scans

Answer: B. Security management solutions provide ways to provision network security policies for ease of deployment.

Q34. Which of the following should be included in a security policy? (Select all that apply.)
a. Identification of assets
b. Definition of roles and responsibilities
c. Description of permitted behaviors
d. All of the above

Answer: D. All of these fall into the two main reasons for having a security policy by providing a framework for the security implementation and creating a security baseline of the current security posture.

 

About the author

James Palmer

Leave a Comment