CCNA Security FAQ: Building a Secure Network Using Security Controls
Q1. Put the following steps in the Cisco Secure Network Life Cycle in the right order:
A. Acquisition and Development
B. Disposition
C. Operations and Maintenance
D. Initiation
E. Implementation
Q2. Which of the following are elements of the Separation of Duties (SoD) principle of Operations Security? (Choose all that apply.)
A. Individuals rotate security-related duties so that no one person is permanently responsible for a sensitive function.
B. Continuous retraining of personnel.
C. Includes two-man and dual operator controls.
D. Ensures that no one person can compromise the whole system.
E. Operators maintain an arms-length relationship with security controls.
Q3. Which of the following is not considered a type of testing technique? (Choose all that apply.)
A. Network scanning
B. War driving
C. Penetration testing
D. Log analysis
E. Password cracking
F. None of the above.
Q4. Fill in the blanks in the following definition with a letter corresponding to the correct technology from the list below.
_________ probe a network for vulnerabilities and can even simulate an attack, whereas _______ monitor a network for signs of probes and attacks.
Technologies:
A. Firewalls
B. Syslog servers
C. Sensors
D. Scanners
E. Monitoring and reporting systems
Q5. In the context of the Initiation Phase of the Cisco System Development Cycle for Secure Networks, we have seen that the Initiation Phase is used to categorize risks. Which of the following are considered disruption categories? (Choose all that apply.)
A. Catastrophe
B. Act of God
C. Man-made calamity
D. Nondisaster
E. Disaster
Q6. True or false: Warm sites are redundant sites without real-time copies of data and software. The disaster recovery team needs to pay a physical site visit to restore data to the site for it to become fully operational.
Q7. Match the following words with their definitions:
- Policies: __
- Standards: __
- Guidelines: __
- Procedures: __
Definitions:
A. Contain detailed steps to accomplish certain tasks.
B. Define the measuring stick against which the efficacy of security controls is judged, resulting in the consistent, uniform application of specific technologies. Usually mandatory.
C. Used to ensure adherence to more general security policies. Usually not mandatory.
D. Specify overall statements of direction, management position on security issues, organization goals in the context of security, definitions of roles, and so on.
Q8. Choose the one answer that correctly fills in the blanks. There are two categories of
risk analysis, __________________ and _____________________.
Choices:
A. Mathematical, statistical
B. Predictive, scenario-based
C. Qualitative, quantitative
D. Idiomatic, stochastic
E. General, specific
Q9. A company is having a difficult time with compromises that have resulted with several internal systems being compromised with viruses, worms, trojans, and corrupt data. Although the company has a reasonable disaster recovery plan in place and regular backups are being made, they can’t understand why this is necessary in the first place; the only traffic they are allowing inbound through their old reliable firewall product is HTTP to a server in the DMZ. This is an example of the ________ of the perimeter.
A. Evolution
B. Strengthening
C. Devolution
D. Blurring
E. Targeting
Q10. Match the following Cisco devices with the type of threat control they provide. (Hint:
Some devices provide more than one type of threat control.)
- Cisco Security Agent for Desktops ____
- Cisco Security Agent for Servers ____
- Cisco Integrated Services Routers ____
- Cisco IPS ____
- Cisco NAC Appliances ____
- Cisco ASA 5500 Series Security Appliances ____
- Cisco AVS ____
- Cisco Security MARS ____
Threat Control:
A. Threat control for infrastructure
B. Threat control for endpoints
Answers:
- Cisco Security Agent for Desktops (B)
- Cisco Security Agent for Servers (B)
- Cisco Integrated Services Routers (A, B)
- Cisco IPS (A, B)
- Cisco NAC Appliances (A)
- Cisco ASA 5500 Series Security Appliances (A, B)
- Cisco AVS (B)
- Cisco Security MARS (B)