Config Router

You are here: Home / Cisco / CCNP TSHOOT FAQ: Security Troubleshooting

CCNP TSHOOT FAQ: Security Troubleshooting

by

CCNP TSHOOT FAQ: Security Troubleshooting

Q1. What are the three planes of router and switch operation that should be secured? (Choose the three best answers.)
A. Management plane
B. Architectural plane
C. Data plane
D. Control plane

Answer: A, C, and D

Q2. What command can you use to prevent an attacker from performing password recovery on some platforms?
A. config-reg 0x2124
B. service password-encryption
C. no service password-recovery
D. enable secret 5

Answer: C

Q3. What alternative to Telnet provides secure access to a router’s command-line interface? (Choose the best answer.)
A. TACACS+
B. SSL
C. HTTPS
D. SSH

Answer: D

Q4. Identify two Cisco Catalyst switch features that can mitigate the introduction of a rogue switch into a network by an attacker, where the attacker attempts to make the newly added rogue switch become the root bridge for the topology. (Choose the two best answers.)
A. Root Guard
B. Backbone Fast
C. Uplink Fast
D. BPDU Guard

Answer: A and D

Q5. What Cisco IOS feature, available on some router platforms, can recognize the signature of well-known attacks, and prevent traffic from those attacks from entering the network?
A. VPN
B. IPS
C. Cisco IOS firewall
D. ACL

Answer: B

Q6. Which of the following steps should be performed first when troubleshooting a secured network environment? (Choose the best answer.)
A. Disable the network security features to eliminate them as potential sources of the reported issue.

B. Begin your troubleshooting at Layer 1, and work your way up to the levels where the security features reside.

C. Determine whether the reported behavior is actually appropriate behavior, based on the network’s security policy.

D. Begin your troubleshooting at Layer 7, and work your way down to the levels where the security features reside.

Answer: C

Q7. What are two types of Cisco IOS firewalls? (Choose the two best answers.)
A. MQC-Based Policy Firewall
B. Classic Cisco IOS Firewall
C. Zone-Based Policy Firewall
D. Basic Cisco IOS Firewall

Answer: B and C

Q8. Which two of the following are true concerning TACACS+ but not true concerning RADIUS? (Choose the two best answers.)
A. TCP-based
B. Encrypts the entire packet
C. Standards-based
D. Offers robust accounting features

Answer: A and B