CCNA Security FAQ: Building a Secure Network Using Security Controls

CCNA Security FAQ: Building a Secure Network Using Security Controls

Q1. Put the following steps in the Cisco Secure Network Life Cycle in the right order:
A. Acquisition and Development
B. Disposition
C. Operations and Maintenance
D. Initiation
E. Implementation

Answer: The correct order is D, A, E, C, and B: Initiation -> Acquisition and Development -> Implementation -> Operations and Maintenance -> Disposition.

Q2. Which of the following are elements of the Separation of Duties (SoD) principle of Operations Security? (Choose all that apply.)
A. Individuals rotate security-related duties so that no one person is permanently responsible for a sensitive function.
B. Continuous retraining of personnel.
C. Includes two-man and dual operator controls.
D. Ensures that no one person can compromise the whole system.
E. Operators maintain an arms-length relationship with security controls.

Answer: C and D are correct. Answers A and B are elements of the principle of Rotation of Duties. Answer E is a trick answer

Q3. Which of the following is not considered a type of testing technique? (Choose all that apply.)
A. Network scanning
B. War driving
C. Penetration testing
D. Log analysis
E. Password cracking
F. None of the above.

Answer: The correct answer is F. Every other choice in the list is considered to be a network security testing tool. Remember that you use these tools to test the network’s or system’s confidentiality, integrity, or availability.

Q4. Fill in the blanks in the following definition with a letter corresponding to the correct technology from the list below.
_________ probe a network for vulnerabilities and can even simulate an attack, whereas _______ monitor a network for signs of probes and attacks.
A. Firewalls
B. Syslog servers
C. Sensors
D. Scanners
E. Monitoring and reporting systems

Answer: The correct choices are D and C, respectively. Choices A and E are not correct because firewalls and security appliances are devices that secure the network perimeter. Choice B is incorrect because syslog servers have not yet been covered in this Exam Cram, but even if they were, they are simply repositories of logged events and do not, as a rule, analyze the logs for signs of attack

Q5. In the context of the Initiation Phase of the Cisco System Development Cycle for Secure Networks, we have seen that the Initiation Phase is used to categorize risks. Which of the following are considered disruption categories? (Choose all that apply.)
A. Catastrophe
B. Act of God
C. Man-made calamity
D. Nondisaster
E. Disaster

Answer: Choices A, D, and E are correct.

Q6. True or false: Warm sites are redundant sites without real-time copies of data and software. The disaster recovery team needs to pay a physical site visit to restore data to the site for it to become fully operational.

Answer: True. One of the characteristics of a warm site is that, unlike a hot site, the data isn’t continuously synchronized with production systems, and some physical intervention is required to bring the site to an operational state.

Q7. Match the following words with their definitions:

  1. Policies: __
  2. Standards: __
  3. Guidelines: __
  4. Procedures: __

A. Contain detailed steps to accomplish certain tasks.

B. Define the measuring stick against which the efficacy of security controls is judged, resulting in the consistent, uniform application of specific technologies. Usually mandatory.

C. Used to ensure adherence to more general security policies. Usually not mandatory.

D. Specify overall statements of direction, management position on security issues, organization goals in the context of security, definitions of roles, and so on.

Answers: 1—D; 2—B; 3—C; 4—A.

Q8. Choose the one answer that correctly fills in the blanks. There are two categories of
risk analysis, __________________ and _____________________.
A. Mathematical, statistical
B. Predictive, scenario-based
C. Qualitative, quantitative
D. Idiomatic, stochastic
E. General, specific

Answer: C. The other answers are decoys that sound like they might be right, but are largely nonsensical.

Q9. A company is having a difficult time with compromises that have resulted with several internal systems being compromised with viruses, worms, trojans, and corrupt data. Although the company has a reasonable disaster recovery plan in place and regular backups are being made, they can’t understand why this is necessary in the first place; the only traffic they are allowing inbound through their old reliable firewall product is HTTP to a server in the DMZ. This is an example of the ________ of the perimeter.
A. Evolution
B. Strengthening
C. Devolution
D. Blurring
E. Targeting

Answer: D is correct. Firewalls have historically been devices that establish a clear perimeter between zones of trust. This clear perimeter is getting blurred with the advent of tunneled services as a common vector of attack.

Q10. Match the following Cisco devices with the type of threat control they provide. (Hint:
Some devices provide more than one type of threat control.)

  1. Cisco Security Agent for Desktops ____
  2. Cisco Security Agent for Servers ____
  3. Cisco Integrated Services Routers ____
  4. Cisco IPS ____
  5. Cisco NAC Appliances ____
  6. Cisco ASA 5500 Series Security Appliances ____
  7. Cisco AVS ____
  8. Cisco Security MARS ____

Threat Control:
A. Threat control for infrastructure
B. Threat control for endpoints


  1. Cisco Security Agent for Desktops (B)
  2. Cisco Security Agent for Servers (B)
  3. Cisco Integrated Services Routers (A, B)
  4. Cisco IPS (A, B)
  5. Cisco NAC Appliances (A)
  6. Cisco ASA 5500 Series Security Appliances (A, B)
  7. Cisco AVS (B)
  8. Cisco Security MARS (B)

About the author


Leave a Comment