CCNA Cyber Ops FAQ: Network Security Devices and Cloud Services
Q1. Which of the following are examples of network security devices that have been invented throughout the years to enforce policy and maintain network visibility?
C. Traditional and next-generation intrusion prevention systems (IPSs)
D. Anomaly detection systems
E. Cisco Prime Infrastructure
Q2. Access control entries (ACE), which are part of an access control list (ACL), can classify packets by inspecting Layer 2 through Layer 4 headers for a number of parameters, including which of the following items?
A. Layer 2 protocol information such as Ether Types
B. The number of bytes within a packet payload
C. Layer 3 protocol information such as ICMP, TCP, or UDP
D. The size of a packet traversing the network infrastructure device
E. Layer 3 header information such as source and destination IP addresses
F. Layer 4 header information such as source and destination TCP or UDP ports
Q3. Which of the following statements are true about application proxies?
A. Application proxies, or proxy servers, are devices that operate as intermediary agents on behalf of clients that are on a private or protected network.
B. Clients on the protected network send connection requests to the application proxy to transfer data to the unprotected network or the Internet.
C. Application proxies can be classified as next-generation firewalls.
D. Application proxies always perform network address translation (NAT).
A, B. Application proxies, or proxy servers, are devices that operate as intermediary agents on
Q4. Which of the following statements are true when referring to network address translation (NAT)?
A. NAT can only be used in firewalls.
B. Static NAT does not allow connections to be initiated bidirectionally.
C. Static NAT allows connections to be initiated bidirectionally.
D. NAT is often used by firewalls; however, other devices such as routers and wireless access points provide support for NAT
Q5. Which of the following are examples of next-generation firewalls?
A. Cisco WSA
B. Cisco ASA 5500-X
C. Cisco ESA
D. Cisco Firepower 4100 Series
Q6. Which of the following are examples of cloud-based security solutions?
A. Cisco Cloud Threat Security (CTS)
B. Cisco Cloud Email Security (CES)
C. Cisco AMP Threat Grid
D. Cisco Threat Awareness Service (CTAS)
Q7. The Cisco CWS service uses web proxies in the Cisco cloud environment that scan traffic for malware and policy enforcement. Cisco customers can connect to the Cisco CWS service directly by using a proxy auto-configuration (PAC) file in the user endpoint or through connectors integrated into which of the following Cisco products?
A. Cisco ISR G2 routers
B. Cisco Prime LMS
C. Cisco ASA
D. Cisco WSA
E. Cisco AnyConnect Secure Mobility Client
Q8. Depending on the version of NetFlow, a network infrastructure device can gather different types of information, including which of the following?
A. Common vulnerability enumerators (CVEs)
B. Differentiated services code point (DSCP)
C. The device’s input interface
D. TCP flags
E. Type of service (ToS) byte
Q9. There are several differences between NetFlow and full-packet capture. Which of the following statements are true?
A. Full-packet capture provides the same information as NetFlow.
B. Full-packet capture is faster.
C. One of the major differences and disadvantages of full-packet capture is cost and the amount of data to be analyzed.
D. In many scenarios, full-packet captures are easier to collect and require pretty much the same analysis ecosystem as NetFlow.
Q10. Which of the following is an example of a data loss prevention solution?
A. Cisco Advanced DLP
B. Cisco CloudLock
C. Cisco Advanced Malware Protection (AMP)
D. Cisco Firepower 4100 appliances
Q11. Which of the following explains features of a traditional stateful firewall?
A. Access control is done by application awareness and visibility.
B. Access control is done by the five-tuple (source and destination IP addresses, source and destination ports, and protocol).
C. Application inspection is not supported.
D. Traditional stateful firewalls support advanced malware protection.
Q12. Which of the following describes a traditional IPS?
A. A network security appliance or software technology that resides in stateful firewalls
B. A network security appliance or software technology that supports advanced malware protection
C. A network security appliance or software technology that inspects network traffic to detect and prevent security threats and exploits
D. A virtual appliance that can be deployed with the Cisco Adaptive Security Manager (ASM)
Q13. Which of the following is true about NetFlow?
A. NetFlow can be deployed to replace IPS devices.
B. NetFlow provides information about network session data.
C. NetFlow provides user authentication information.
D. NetFlow provides application information.
Q14. What is DLP?
A. An email inspection technology used to prevent phishing attacks
B. A software or solution for making sure that corporate users do not send sensitive or critical information outside the corporate network
C. A web inspection technology used to prevent phishing attacks
D. A cloud solution used to provide dynamic layer protection
Q15. Stateful and traditional firewalls can analyze packets and judge them against a set of predetermined rules called access control lists (ACLs). They inspect which of the following elements within a packet?
A. Session headers
B. NetFlow flow information
C. Source and destination ports and source and destination IP addresses
D. Protocol information
Q16. Which of the following are Cisco cloud security solutions?
Q17. Cisco pxGrid has a unified framework with an open API designed in a hub-and-spoke architecture. pxGrid is used to enable the sharing of contextual-based information from which devices?
A. From a Cisco ASA to the Cisco OpenDNS service
B. From a Cisco ASA to the Cisco WSA
C. From a Cisco ASA to the Cisco FMC
D. From a Cisco ISE session directory to other policy network systems, such as Cisco IOS devices and the Cisco ASA
Q18. Which of the following is true about heuristic-based algorithms?
A. Heuristic-based algorithms may require fine tuning to adapt to network traffic and minimize the possibility of false positives.
B. Heuristic-based algorithms do not require fine tuning.
C. Heuristic-based algorithms support advanced malware protection.
D. Heuristic-based algorithms provide capabilities for the automation of IPS signature creation and tuning
Q19. Which of the following describes the use of DMZs?
A. DMZs can be configured in Cisco IPS devices to provide additional inspection capabilities.
B. DMZs can automatically segment the network traffic.
C. DMZs can serve as segments on which a web server farm resides or as extranet connections to business partners.
D. DMZs are only supported in next-generation firewalls.
Q20. Which of the following has the most storage requirements?
C. Full packet captures
D. IPS signatures