CCNP Security FAQ : Network Security

CCNP Security FAQ : Network Security

Q1. Which single method is the best way to secure a network?
A. Allow dialup access only to the Internet
B. Install a personal firewall on every workstation
C. Use very complex passwords
D. Implement strong perimeter security
E. None of the above

Answer: E

Q2. What are the three types of cyber attacks? (Choose three.)
A. Penetration attack
B. Access attack
C. Denial of service attack
D. Destruction of data attack
E. Reconnaissance attack

Answer: B, C, and E

Q3. What type of threat is directed toward a specific target normally for a specific purpose?
A. Structured threats
B. Directed threats
C. Unstructured threats
D. Political threats
E. None of the above

Answer: A

Q4. What type of threat normally scans networks looking for “targets of opportunity?”
A. Structured threats
B. Scanning threats
C. Unstructured threats
D. Script kiddies
E. None of the above

Answer: C

Q5. What type of scan looks for all services running on a single host?
A. Ping sweep
B. Service scan
C. Horizontal scan
D. Vertical scan
E. All of the above

Answer: D

Q6. What type of attack determines the address space assigned to an organization?
A. Ping sweep
B. DNS queries
C. Vertical scan
D. Horizontal scan
E. None of the above

Answer: B

Q7. What are the steps of the security process?
A. Secure, test, repair, retest
B. Test, repair, monitor, evaluate
C. Lather, rinse, repeat
D. Evaluate, secure, test
E. None of the above

Answer: E

Q8. What constant action sits between the individual steps of the security process?
A. Test
B. Retest
C. Evaluate
D. Repair
E. Improve

Answer: C

Q9. True or false: Cisco AVVID uses only Cisco products.

Answer: B

Q10. Which of the following is not a component of Cisco SAFE?
A. Perimeter security
B. Policy implementation
C. Identity
D. Security management and monitoring
E. Application security

Answer: B

Q11. What is the difference between the network security policy and the network security process?

Answer: The network security process is an ongoing process that ensures the constant improvement of security in accordance with the security policy.

Q12. For unstructured threats, what is the normal anatomy of an attack?

Answer: The attacker first gains information about the network by launching a reconnaissance attack against specific targets and then attempts to exploit vulnerabilities discovered during the reconnaissance.

Q13. What information can you gain from a ping sweep?

Answer: Replies from ICMP requests will tell you which addresses on the network are assigned to running systems.

Q14. What is the single most important component when implementing defense in depth?

Answer: There is no single most important component. Defense in depth is a combination of products, processes, and architecture used to identify and mitigate attacks.

Q15. Why could an organization be legally responsible if its systems are compromised during an attack?

Answer: Organizations are expected to exercise “reasonable care” to secure their networks and resources.

More Resources

About the author


Leave a Comment