CCDA FAQ: Managing Security
Q1. What technique can be used to protect private information that is transported over the Internet between the headquarters and branch office? (Select the best answer.)
a. Authentication
b. Log all data
c. Encryption
d. Accounting
Q2. What would be recommended to protect database servers connected to or accessible from the Internet? (Select all that apply.)
a. Firewall
b. Server load balancing (SLB)
c. Syslog
d. SPAN
Q3. What network security issue does 3DES encryption aim to solve?
a. Data integrity
b. User authentication
c. Data authentication
d. Data confidentiality
Q4. Users are reporting a DoS attack in the DMZ. All the servers have been patched, and all unnecessary services have been turned off. What else can you do to alleviate some of the attack’s effects? (Select all that apply.)
a. Rate limit traffic on the firewall’s ingress.
b. Use ACLs to let only allowed traffic into the network.
c. Block all TCP traffic from unknown sources.
d. DHCP snooping for the DMZ segment.
Q5. You are a network engineer for ABC Corp. You need to bring your coworkers up-todate on network security threats. What would you discuss with them? (Select all that apply.)
a. Reconnaissance and gaining unauthorized access
b. DHCP snooping
c. DMZ security
d. DoS
Q6. True or false: IPsec can ensure data integrity and confidentiality across the Internet.
Q7. What focuses on the accuracy and controls imposed on a company’s financial records?
a. HIPAA
b. GLBA
c. SOX
d. EU Data Protection Directive
Q8. What are components of managing the security infrastructure? (Select all that apply.)
a. Security management policy
b. Incident-handling policy
c. Network access control policy
d. None of the above
Q9. Which security legislative body calls for the protection of people’s privacy?
a. HIPAA
b. GLBA
c. EU Data Protection Directive
d. SOX
Q10. How can attackers obtain sensitive account information? (Select all that apply.)
a. Password-cracking utilities
b. Capturing network traffic
c. Social engineering
d. All of the above
Q11. What best describes how to protect data’s integrity?
a. System availability
b. Data confidentiality
c. Ensuring that only legitimate users can view sensitive data
d. Allowing only authorized users to modify data
Q12. What provides an audit trail of network activities?
a. Authentication
b. Accounting
c. Authorization
d. SSHv1
Q13. What authenticates valid DHCP servers to ensure unauthorized host systems are not from interfering with production systems?
Q14. What contains the organization’s procedures, guidelines, and standards?
Q15. How can you enforce access control? (Select all that apply.)
a. Restrict access using VLANs
b. Restrict access using OS-based controls
c. Use encryption techniques
d. All of the above
Q16. What is a general user document that is written in simple language to describe the roles and responsibilities within risk management?
Q17. True or false: The network access control policy defines the general access control principles used and how data is classified, such as confidential, top secret, or internal.
Q18. What are the four steps used to facilitate continuing efforts in maintaining security policies?
a. Secure, monitor, maintain, close out
b. Monitor, test, evaluate, purchase
c. Improve, test, purchase, evaluate
d. Secure, monitor, test, improve
Q19. Match the encryption keys and VPN protocols with their definitions.
i. IPsec
ii. SSL
iii. Shared secret
iv. PKI
a. Both sides use the same key.
b. Uses AH and ESP.
c. Web browser TCP port 443.
d. Asymmetric cryptography.
Q20. What does Cisco recommend as the foundation of any deployed security solution?
a. Customer requirements
b. Security audit
c. SLA policy
d. Security policy
Q21. Which two of the following protocols are used for IP security?
a. SSH and EIGRP
b. BGP and TCP
c. AH and ESP
d. SSH and RIP
Q22. Which security solution best meets requirements for confidentiality, integrity, and authenticity when using the public network such as the Internet?
a. Cisco IOS firewall
b. Intrusion prevention
c. Secure connectivity
d. AAA
e. Traffic Guard Protector
Q23. What uses security integrated into routers, switches, and appliances to defend against attacks?
a. Trust and identity management
b. Threat defense
c. Secure connectivity
d. Cisco SAFE
e. Secure firewalling
Q24. Encryption and authentication are used to provide secure transport across untrusted networks by providing ________________.
a. Trust and identity management
b. Threat defense
c. Secure connectivity
d. Cisco SAFE
e. Secure firewalling
Q25. Which of the following security legislation applies protection for credit card holder data?
a. SOX
b. GLBA
c. HIPAA
d. PCI DSS
Q26. What classification of security threat gathers information about the target host?
a. Gaining unauthorized access
b. Reconnaissance
c. Denial of service
d. None of the above
Q27. What type of security threat works to overwhelm network resources such as memory, CPU, and bandwidth?
a. Denial of service
b. Reconnaissance
c. Gaining unauthorized access
d. NMAP scans
Q28. What is it called when attackers change sensitive data without proper authorization?
a. VLAN filtering
b. ACLs
c. Integrity violations
d. Loss of availability
Q29. What security document focuses on the processes and procedures for managing network events in addition to emergency-type scenarios?
a. Acceptable-use policy
b. Incident-handling policy
c. Network access control policy
d. Security management policy
Q30. Authentication of the identity is based on what attributes? (Select all that apply.)
a. Something the subject knows
b. Something the subject has
c. Something the subject is
d. All of the above
Q31. What VPN protocol uses encrypted point-to-point GRE tunnels?
a. GRE-based VPN
b. Cisco Easy VPN
c. Cisco GET VPN
d. Cisco DMVPN
Q32. What are some physical security guidelines to consider for a secure infrastructure? (Select all that apply.)
a. Evaluate potential security breaches
b. Use physical access controls such as locks or alarms
c. Assess the impact of stolen network resources and equipment
d. Syslog and SNMP analysis
Q33. Which of the following benefits does a security management solution provide?
a. SAINT scans
b. Provisions network security policies for deployment
c. Prevents unauthorized access
d. NMAP scans
Q34. Which of the following should be included in a security policy? (Select all that apply.)
a. Identification of assets
b. Definition of roles and responsibilities
c. Description of permitted behaviors
d. All of the above