CCNA Security FAQ: Introduction to Endpoint, SAN, and Voice Security
Question. Which is not one of the three prongs of the Cisco Host Security Strategy?
A. Endpoint protection
B. Cisco network admission control
C. Network infection containment
D. Comprehensive network security policy
E. Cisco routers
Question. What are the two main software elements that must be secured in order that an endpoint proves its trustworthiness? (Choose one answer.)
A. Applications, operating system
B. Encrypted code, peer review
C. Cisco NAC, CSA
D. Anti-virus software, host firewall
E. None of the above.
A. To meet changing business priorities, applications, and revenue growth
B. To decrease the threat of viruses and worm attacks against data storage devices
C. To increase the performance of long-distance replication, backup, and recovery
D. To decrease both capital and operating expenses associated with data storage
A. Fibre Channel
E. Denial of service (DoS)
Question. Applications and operating systems are susceptible to DoS and access attacks in the same way that network devices are. What are some specific attacks that endpoints may be susceptible to?
A. Brute force attacks
B. Known cipher attacks
C. Buffer overflows
D. Worms, viruses, and Trojan horses
E. None of the above.
Question. True or false. Worms are like microorganisms that invade a human host, attaching to other programs and executing unwanted functions on that host.
D. Host Bus Adapter
A. Combining a Fibre Channel fabric into larger subsets
B. Partitioning a Fibre Channel fabric into smaller subsets
C. Segmenting a Fibre Channel fabric through the use of a LUN mask into smaller subsets
D. Combining the Fibre Channel fabric, through the use of LUN masks, into larger sections
A. It requires the use of netBT as the network protocol.
B. It is restricted in size to only three segments.
C. It relies on an underlying Public Key Infrastructure (PKI).
D. It requires the implementation of IKE
E. MSCHAP v2
Question. Put the five Ps of the phases of a worm attack in the correct order by putting the number indicating the correct order in the blank opposite the phase name.
Question. Match the following descriptions of NAC components with the letter corresponding to its name from the list of choices.
- A device deployed in-band or out-of-band to perform network access control.
- Software that resides on a client endpoint and is queried to establish an endpoint’s compliance with the network security policy.
- A GUI-based central administrative interface for IT security personnel.
B. IP telephony
C. Converged communications
D. Unified communications
A. Reduced recurring expenses
B. Reduced end-to-end delay
C. Advanced functionality
D. Application server
A. Accessing VoIP resources without appropriate credentials
B. Gleaning information from unsecured VoIP network resources
C. Launching a denial-of-service (DoS) attack
D. Capturing telephone conversations
Question. Cisco Security Agent (CSA) comprises four interceptors to intercept application calls to the operating system kernel. Fill in the blanks in the description of two of these interceptors with the choices from the list.
The ________ interceptor ensures that each application plays by the rules by only allowing write access to memory that is owned by that application. The ________ interceptor intercepts read/write requests to the system registry or (in Unix) the run control (rc) files.
a. Execution space
c. File System
Question. Which one of the following SAN interconnection technologies is used for SAN-to-SAN connectivity?
C. Fiber Channel
D. None of the above
A. Influencing users to provide personal information over a web page
B. Influencing users to provide personal information over the phone
C. Influencing users to forward a call to a toll number (for example, a long distance or international number)
D. Using an inside facilitator to intentionally forward a call to a toll number (for example, a long distance or international number)
B. Auxiliary VLAN
C. Native VLAN
D. Access VLAN
A. Stateless firewall
B. Proxy firewall
C. Stateful firewall
D. Packet filtering firewall
A. It is enabled by default.
B. It requires login credentials, based on the UCM user database.
C. It can provide IP address information about other servers in the network.
D. It uses HTTPS.
Question. Fiber Channel VSANs are most analogous to what security feature?
FIGURE 9.4 VSANs and zoning.
Question. True or false. SPIT (SPAM over IP Telephony) is a very real and current threat for VoIP networks.