CCNA 4 - chapter 8

1. Excessive broadcasts are generally a symptom of a problem at which layer?
data link

2. Refer to the exhibit. Users at Branch B are reporting trouble accessing a corporate website running on a server that is located at HQ. HQ and Branch A users can access the website. R3 is able to ping 10.10.10.1 successfully but not 10.10.10.2. The users at Branch B can access servers at Branch A. Which two statements are true aboutthe troubleshooting efforts? (Choose two.)
Frame Relay at R3 and R2 should be tested to narrow the scope of the problem.
An ACL entry error could cause the failure at Layer 4 in either R3 or R2.

3. What is one example of a physical layer problem?
incorrect clock rate

4. Which two components should be taken into consideration when establishing a network baseline? (Choose two.)
information about the network design
expected performance under normal operating conditions

5. Refer to the exhibit. Which two steps should be taken during the process of creating network documentation? (Choose two.)
Record the information about the devices discovered in the entire network, including the remote locations.
Transfer any information about the devices from the network configuration table that corresponds to a component of the topology diagram.

6. A technician has been asked to troubleshoot an existing switched network but is unable to locate documentation for the VLAN configuration. Which troubleshooting tool allows the technician to map and discover VLAN and port assignments?
network analyzer

7. What combination of IP address and wildcard mask should be used to specify only the last 8 addresses in the subnet 192.168.3.32/28?
192.168.3.40 0.0.0.7

8. Information about which OSI layers of connected Cisco devices can be verified with the show cdp neighbors command?
Layer 1, Layer 2, and Layer 3

9. A technician has been asked to make several changes to the configuration and topology of a network and then determine the outcome of the changes. What tool can be used to determine the overall effect caused by the changes?
baselining tool

10. Which two pieces of information are typically found on a logical network diagram? (Choose two.)
interface identifiers
DLCI for virtual circuits

11. Refer to the exhibit. Which three pieces of information can be determined by analyzing the output shown? (Choose three.)
A carrier detect signal is present.
Keepalives are being received successfully.
The LCP negotiation phase is complete.

12. Clients across the company are reporting poor performance across all corporate applications running in the data center. Internet access and applications running across the corporate WAN are performing normally. The network administrator observes a continual broadcast of random meaningless traffic (jabber) on the application server LAN in the data center on a protocol analyzer. How should the administrator start troubleshooting?
The jabber in the data center indicates a local physical layer problem. Use the protocol analyzer to determine the source of the jabber, and then check for a recent NIC driver update or bad cabling.

13. When gathering symptoms for troubleshooting a network problem, which step could result in getting an external administrator involved in the process?
determining ownership

14. A network administrator has received complaints that users on a local LAN can retrieve e-mail from a remote e-mail server but are unable to open web pages on the same server. Services at which two layers of the OSI model should be investigated during the troubleshooting process? (Choose two.)
transport layer
application layer

15. Users are complaining of very long wait times to access resources on the network. The show interface command reveals collision counts far above the network baseline. At which OSI layer should the administrator begin troubleshooting?
physical

16. Which troubleshooting approach is suggested for dealing with a complex problem that is suspected of being caused by faulty network cabling?
bottom up

17. Which two statements are true concerning logical networking models? (Choose two.)
The top layer of the TCP/IP model combines the functions of the top three OSI layers.
The TCP/IP network access layer corresponds to the OSI physical and data link layers.

18. Which three approaches should be used when attempting to gather data from users for troubleshooting? (Choose three.)
Obtain information by asking simple pertinent questions.
Determine if the problem is related to time or a specific event.
Determine if the user can re-create the problem or events leading to the problem.

19. Refer to the exhibit. Users on the Internal LAN are unable to connect to the www server. The network administrator pings the server and verifies that NAT is functioning correctly. Which OSI layer should the administrator begin to troubleshoot next?
application

20. Encapsulation errors from mismatched WAN protocols on a serial link between two routers indicate a problem at which OSI layer?
data link

CCNA 4 - chapter 7

1. Which two conditions have favored adoption of 802.11g over 802.11a? (Choose two.)
802.11a suffers from a shorter range than 802.11g.
The 2.4 GHz frequency band is not as crowded as the 5 GHz band.
802.11a is more susceptible to RF interference from common commercial items.
802.11a uses a more expensive modulation technique than 802.11g.
802.11g is backward compatible with 802.11b, but 802.11a is not.

2. Which two statements concerning network security are accurate? (Choose two.)
802.11i uses 3DES for encryption.
Open authentication uses no client or AP verification.
The 802.11i protocol is functionally identical to WPA.
802.11i incorporates a RADIUS server for enterprise authentication.
A wireless client first associates with an AP and then authenticates for network access.

3. Which installation method will allow connectivity for a new wireless network?
set up WEP on the access point only
set up open access on both the access point and each device connected to it
set up full encryption on the access point while leaving each device connected to the network open
set up full encryption on each device of the WLAN while leaving the access point settings open


4. Refer to the exhibit. When configuring the wireless access point, which setting does the network administrator use to configure the unique identifier that client devices use to distinguish this wireless network from others?
Network Mode
Network Name (SSID)
Radio Band

• Wide Channel
• Standard Channel

5. Which two statements are true regarding wireless security? (Choose two.)
• MAC address filtering prevents the contents of wireless frames from being viewable.
• Providing a wireless client with the network key allows an available network to be visible.
• Disabling an access point from broadcasting the SSID prevents the access point from being discovered.
Default SSIDs on specific manufacturer APs are generally known and may permit hostile wireless connections.
• Manually adding a network and setting the known SSID on a wireless client makes the network visible even if the SSID is not being broadcast.


6. Wireless users on a network complain about poor performance within a small area of a room. Moving away from this area in any direction improves performance dramatically. What is the first step in designing a solution to this problem?
This might be RF channel overlap, so the technician should verify the channels in use on each wireless access point and change to non-overlapping channels.
The RF power settings might be set too low on the wireless access points servicing the room. Increase the RF output power on all wireless access points.
Install a new wireless access point in this center area to provide coverage.
Verify that the wireless access points have sufficient in-line power and connectivity to the wired network.

7. Which three devices do many wireless routers incorporate? (Choose three.)
gateway for connecting to other network infrastructures
built-in Ethernet switch

network management station
VTP server
wireless access point
VPN concentrator

8. Which access method does a wireless access point use to allow for multiple user connectivity and distributed access?
CSMA/CD
token passing
CSMA/CA
polling

9. Why is security so important in wireless networks?
Wireless networks are typically slower than wired networks.
Televisions and other devices can interfere with wireless signals.
Wireless networks broadcast data over a medium that allows easy access.
Environmental factors such as thunderstorms can affect wireless networks.

10. Which wireless technology standard provides the most compatibility with older wireless standards, but has greater performance?
802.11a
802.11b
802.11g
802.11n

11. Which two statements characterize wireless network security? (Choose two.)
A rogue access point represents a security risk for the local network.
Wireless networks offer the same security features as wired networks.
Using encryption prevents unauthorized clients from associating with an access point.
An attacker needs physical access to at least one network device to launch an attack.
With SSID broadcast disabled, an attacker must sniff the SSID before being able to connect.

12. Which network design process identifies where to place access points?
site survey
risk assessment
scalability design
network protocol analysis

13. What wireless security feature allows a network administrator to configure an access point with wireless NIC unique identifiers so that only these NICs can connect to the wireless network?
authentication
SSID broadcasting
MAC address filtering
EAP (Extensible Authentication Protocol)
Radius (Remote Authentication Dial-In User Service)

14. What will a wireless client transmit to discover the available WLAN networks?
beacon
password
probe request
association request

15. In a WLAN network, why should wireless access points be implemented with each access point using a different channel?
to keep users segregated on separate subnets
to control the amount of bandwidth that is utilized
to keep signals from interfering with each other
to keep traffic secure

16. What purpose does authentication serve in a WLAN?
converts clear text data before transmission
indicates which channel the data should flow on
determines that the correct host is utilizing the network
allows the host to choose which channel to use

17. What occurs when a rogue access point is added to a WLAN?
Authorized access points can transmit excess traffic to rogue access points to help alleviate congestion.
Unauthorized users can gain access to internal servers, thus causing a security hole.
All traffic that uses the same channel as the rogue access point will be encrypted.
All traffic that uses the same channel as the rogue access point will be required to authenticate.

18. What procedure can prevent man-in-the-middle attacks?
Force all devices on a WLAN to authenticate and monitor for any unknown devices.
Enable access points to send an SSID to each device wanting to use the network.
Configure MAC filtering on all authorized access points.
Disable SSID broadcasts.

19. Which function is provided by a wireless access point?
dynamically assigns an IP address to the host
provides local DHCP services
converts data from 802.11 to 802.3 frame encapsulation
provides a gateway for connecting to other networks

20. Which major problem does CSMA/CA overcome in wireless networks?
bandwidth saturation
privacy concerns
media contention
device interoperability

21. What does a wireless access point use to allow WLAN clients to learn which networks are available in a given area?
association response
beacon
key
probe request

CCNA 4 - chapter 6

1. Which two Layer 1 requirements are outlined in the Data-over-Cable Service Interface Specification (DOCSIS)? (Choose two.)
channel widths
modulation techniques

2. Which is an example of symmetric-key encryption?
pre-shared key

3. Which two statements are valid solutions for a cable ISP to reduce congestion for users? (Choose two.)
allocate an additional channel
subdivide the network to reduce users on each segment

4. While monitoring traffic on a cable network, a technician notes that data is being transmitted at 38 MHz. Which statement describes the situation observed by the technician?
Data is being transmitted from the subscriber to the headend.

5. After conducting research to learn about common remote connection options for teleworkers, a network administrator has decided to implement remote access over broadband to establish VPN connections over the public Internet. What is the result of this solution?
The connection has increased security and reliable connectivity. Users need a remote VPN router or VPN client software.

6. Data confidentiality through a VPN is achieved through which two methods? (Choose two.)
encryption
encapsulation

7. Data confidentiality through a VPN can be enhanced through the use of which three encryption protocols? (Choose three.)
AES
AH

8. What two protocols provide data authentication and integrity for IPsec? (Choose two.)
AH
ESP

9. A technician has been asked to configure a broadband connection for a teleworker. The technician has been instructed that all uploads and downloads for the connection must use existing phone lines. Which broadband technology should be used?
DSL

10. What are the three main functions of a secure VPN? (Choose three.)
authentication
data confidentiality
data integrity

11. A company is using WiMAX to provide access for teleworkers. What home equipment must the company provide at the teleworker's site?
a WiMAX receiver

12. Which two methods could an administrator use to authenticate users on a remote access VPN? (Choose two.)
digital certificates
smart cards

13. Which two statements about DSL are true? (Choose two.)
local loop can be up to 3.5 miles (5.5km)
user connections are aggregated at a DSLAM located at the CO

14. Which two features can be associated with the Worldwide Interoperability for Microwave Access (WiMAX) telecommunication technology? (Choose two.)
covers areas as large as 7,500 square kilometers
connects directly to the Internet through high-bandwidth connections

15. Refer to the exhibit. All users have a legitimate purpose and the necessary persissions to access the Corporate network. Based on the topology shown, which locations are able to establish VPN connectivity with the Corporate network?
All locations can support VPN connectivity.

16. Which statement describes cable?
Delivering services over a cable network requires downstream frequencies in the 50 to 860 MHz range, and upstream frequencies in the 5 to 42 MHz range.

17. Which two protocols can be used to encapsulate traffic that is traversing a VPN tunnel? (Choose two.)
IPsec
PPTP

18. Refer to the exhibit. A teleworker is connected over the Internet to the HQ Office. What type of secure connection can be established between the teleworker and the HQ Office?
a remote-access VPN

19. Refer to the exhibit. A VPN tunnel has been established between the HQ Office and the Branch Office over the public Internet. Which three mechanisms are required by the devices on each end of the VPN tunnel to protect the data from being intercepted and modified? (Choose three.)
  • The two parties must establish a secret key used by encryption and hash algorithms.
  • The two parties must agree on the encryption algorithm to be used over the VPN tunnel.
  • The devices must be authenticated before the communication path is considered secure.

CCNA 4 - chapter 5

1. By default, how is IP traffic filtered in a Cisco router?
blocked in and out of all interfaces
blocked on all inbound interfaces, but permitted on all outbound interfaces
permitted in and out of all interfaces
blocked on all outbound interfaces, but permitted on all inbound interfaces

2. Which three parameters can ACLs use to filter traffic? (Choose three.)
packet size
protocol suite
source address
destination address

source router interface
destination router interface

3. How do Cisco standard ACLs filter traffic?
by destination UDP port
by protocol type
by source IP address
by source UDP port
by destination IP address

4. Which two statements are correct about extended ACLs? (Choose two)
Extended ACLs use a number range from 1-99.
Extended ACLs end with an implicit permit statement.
Extended ACLs evaluate the source and destination addresses.
Port numbers can be used to add greater definition to an ACL.

Multiple ACLs can be placed on the same interface as long as they are in the same direction.

5. Where should a standard access control list be placed?
close to the source
close to the destination
on an Ethernet port
on a serial port

6. Which three statements describe ACL processing of packets? (Choose three.)
An implicit deny any rejects any packet that does not match any ACL statement.
A packet can either be rejected or forwarded as directed by the statement that is matched.
A packet that has been denied by one statement can be permitted by a subsequent statement.
A packet that does not match the conditions of any ACL statements will be forwarded by default.
Each statement is checked only until a match is detected or until the end of the ACL statement list.
Each packet is compared to the conditions of every statement in the ACL before a forwarding decision is made.

7. Which two statements are true regarding the significance of the access control list wildcard mask 0.0.0.7? (Choose two.)
The first 29 bits of a given IP address will be ignored.
The last 3 bits of a given IP address will be ignored.
The first 32 bits of a given IP address will be checked.
The first 29 bits of a given IP address will be checked.
The last 3 bits of a given IP address will be checked.

8. Which two statements are true regarding the following extended ACL? (Choose two.)
ccess-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 20
access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 21
access-list 101 permit ip any any
FTP traffic originating from network 172.16.3.0/24 is denied.
All traffic is implicitly denied.
FTP traffic destined for the 172.16.3.0/24 network is denied.
Telnet traffic originating on network 172.16.3.0/24 is denied.
Web traffic originating from 172.16.3.0 is permitted.

9. Interface s0/0/0 already has an IP ACL applied inbound. What happens when the network administrator attempts to apply a second inbound IP ACL?
The second ACL is applied to the interface, replacing the first.
Both ACLs are applied to the interface.
The network administrator receives an error.
Only the first ACL remains applied to the interface.

10. Refer to the exhibit. When creating an extended ACL to deny traffic from the 192.168.30.0 network destined for the Web
server 209.165.201.30, where is the best location for applying the ACL?
ISP Fa0/0 outbound
R2 S0/0/1 inbound
R3 Fa0/0 inbound
R3 S0/0/1 outbound

11. Which two statements are true regarding named ACLs? (Choose two.)
Only named ACLs allow comments.
Names can be used to help identify the function of the ACL.
Named ACLs offer more specific filtering options than numbered ACLs.
Certain complex ACLs, such as reflexive ACLs, must be defined with named ACLs.
More than one named IP ACL can be configured in each direction on a router interface.

12. Which three items must be configured before a dynamic ACL can become active on a router? (Choose three.)
extended ACL
reflexive ACL
console logging
authentication
Telnet connectivity
user account with a privilege level of 15

13. Refer to the exhibit. How does this access list process a packet with the source address 10.1.1.1 and a destination of 192.168.10.13?
It is allowed because of the implicit deny any.
It is dropped because it does not match any of the items in the ACL.
It is allowed because line 10 of the ACL allows packets to 192.168.0.0/16.
It is allowed because line 20 of the ACL allows packets to the host 192.168.10.13.

14. A network administrator needs to allow traffic through the firewall router for sessions that originate from within the
company network, but the administrator must block traffic for sessions that originate outside the network of the company.
What type of ACL is most appropriate?
dynamic
port-based
reflexive
time-based

15. Refer to the exhibit. How will Router1 treat traffic matching the time-range requirement of EVERYOTHERDAY?
TCP traffic entering fa0/0 from 172.16.1.254/24 destined to the 10.1.1.0/24 network is permitted.
TCP traffic entering fa0/0 from 10.1.1.254/24 destined to the 172.16.1.0/24 network is permitted.
Telnet traffic entering fa0/0 from 172.16.1.254/24 destined to the 10.1.1.0/24 network is permitted.
Telnet traffic entering fa0/0 from 10.1.1.254/24 destined to the 172.16.1.0/24 network is permitted.

16. The following commands were entered on a router:
Router(config)# access-list 2 deny 172.16.5.24
Router(config)# access-list 2 permit any
The ACL is correctly applied to an interface. What can be concluded about this set of commands?
The wildcard mask 0.0.0.0 is assumed.
The access list statements are misconfigured.
All nodes on the 172.16.0.0 network will be denied access to other networks.
No traffic will be allowed to access any nodes or services on the 172.16.0.0 network.

17. Refer to the exhibit. The administrator wishes to block web traffic from 192.168.1.50 from reaching the default port of the web service on 192.168.3.30. To do this, the access control list name is applied inbound on the router R1 LAN interface. After testing the list, the administrator has noted that the web traffic remains successful. Why is web traffic reaching the destination?
Web traffic does not use port 80 by default.
The access list is applied in the wrong direction.
The access list needs to be placed closer to the destination, on R3.
The range of source addresses specified in line 10 does not include host 192.168.1.50.

18. Refer to the exhibit. What will be the effect of the configuration that is shown?
Users attempting to access hosts in the 192.168.30.0/24 network will be required to telnet to R3.
Hosts connecting to resources in the 191.68.30.0/24 network have an idle timeout of 15 minutes.
Anyone attempting to telnet into R3 will have an absolute time limit of five minutes.
Telnet access to R3 will only be permitted on Serial 0/0/1.

19. Which statement about standard ACLs is true
Standard ACLS must be numbered and cannot be named.
They should be placed as close to the destination as possible.
They can filter based on source and destination address as well as on source and destination port.
When applied to an outbound interface, incoming packets are processed before they are routed to the outbound interface.

20. Which benefit does an extended ACL offer over a standard ACL?
Extended ACLs can be named, but standard ACLs cannot.
Unlike standard ACLs, extended ACLS can be applied in the inbound or outbound direction.
Based on payload content, an extended ACL can filter packets, such as information in an e-mail or instant message.
In addition to the source address, an extended ACL can also filter on destination address, destination port, and source port.

21. Which feature will require the use of a named ACL rather than a numbered ACL?
the ability to filter traffic based on a specific protocol
the ability to filter traffic based on an entire protocol suite and destination the ability to specify source and destination addresses to use when identifying traffic
the ability to edit the ACL and add additional statements in the middle of the list without removing and re-creating the list

22. A technician is creating an ACL and needs a way to indicate only the subnet 172.16.16.0/21. Which combination of network
address and wildcard mask will accomplish the desired task?
172.16.0.0 0.0.255.255
127.16.16.0 0.0.0.255
172.16.16.0 0.0.7.255
172.16.16.0 0.0.15.255
172.16.16.0 0.0.255.255

23. Which two statements accurately describe the characteristics of wildcard masks in an ACL? (Choose two.)
Wildcard masks are the inverse of the subnet mask.
The word “any” indicates that all corresponding bits must be matched.
The word “host” corresponds to a wildcard mask of 0.0.0.0 in an ACL statement.
A wildcard mask of 0.0.255.255 can be used to create a match for an entire Class B network.

A wildcard mask bit of 1 indicates that the corresponding bit in the address must be matched.

24. Refer to the exhibit. Which statement is true about ACL 110 if ACL 110 is applied in the inbound direction on S0/0/0 of R1?
It will deny TCP traffic to the Internet if the traffic is sourced from the 172.22.10.0/24 network.
It will not allow TCP traffic coming from the Internet to enter the network 172.22.10.0/24.
It will allow any TCP traffic from the Internet to enter the network 172.22.10.0/24.
It will permit any TCP traffic that originated from network 172.22.10.0/24 to return inbound on the S0/0/0 interface.

25. Refer to the exhibit. ACL 120 is configured inbound on the serial0/0/0 interface on router R1, but the hosts on network 172.11.10.0/24 are able to telnet to network 10.10.0.0/16. On the basis of the provided configuration, what should be done to remedy the problem?
Apply the ACL outbound on the serial0/0/0 interface on router R1.
Apply the ACL outbound on the FastEthernet0/0 interface on router R1.
Include the established keyword at the end of the first line in the ACL.
Include a statement in the ACL to deny the UDP traffic that originates from 172.11.10.0/24 network.

26. Refer to the exhibit. The network administrator applied an ACL outbound on S0/0/0 on router R1. Immediately after the administrator did so, the users on network 172.22.30.0/24 started complaining that they have intermittent access to the resources available on the server on the 10.10.0.0/16 network. On the basis of the configuration that is provided, what is the possible reason for the problem?
The ACL allows only the mail traffic to the server; the rest of the traffic is blocked.
The ACL permits the IP packets for users on network 172.22.30.0/24 only during a specific time range.
The ACL permits TCP packets only if a connection is established from the server to the network 172.22.0.0/16.
The ACL allows only TCP traffic from users on network 172.22.40.0/24 to access the server; TCP traffic from any other sources is blocked.

CCNA 4 - chapter 4

1. What are two valid methods for upgrading an IOS image? (Choose two.)

copy-and-paste through a console connection

copy-and-paste through a network connection

TFTP through a console connection

TFTP through a network connection

Xmodem through a console connection

Xmodem through a network connection


2.A company has a web server on the company DMZ to provide external web services. While reviewing firewall log files, an administrator

notices that a connection has been made from the web server to an internal e-mail server. Upon further investigation, the administrator

discovers that an unauthorized account has been created on the internal server. Which type of attack was successfully carried out?

phishing

port redirection

trust exploitation

man-in-the-middle


3.Which two statements are true regarding network security? (Choose two.)

Securing a network against internal threats is a lower priority because company employees represent a low security risk.

Both experienced hackers who are capable of writing their own exploit code and inexperienced individuals who download exploits

from the Internet pose a serious threat to network security.

Assuming a company locates its web server outside the firewall and has adequate backups of the web server, no further security

measures are needed to protect the web server because no harm can come from it being hacked.

Established network operating systems like UNIX and network protocols like TCP/IP can be used with their default settings

because they have no inherent security weaknesses.

Protecting network devices from physical damage caused by water or electricity is a necessary part of the security policy.


4.Refer to the exhibit. Which two statements are true about the configuration shown? (Choose two.)

The remote session is encrypted.

Telnet is permitted in vty lines 0 and 4.

Passwords are sent in clear text.

Host 192.168.0.15 is permitted on vty lines 0 through 4.

Traffic from networks other than 192.168.0.0 is blocked from traversing Router1.


5.The Cisco IOS image naming convention allows identification of different versions and capabilities of the IOS. What information can be gained from the filename c2600-d-mz.121-4? (Choose two.)

The "mz" in the filename represents the special capabilities and features of the IOS.

The file is uncompressed and requires 2.6 MB of RAM to run.

The software is version 12.1, 4th revision.

The file is downloadable and 121.4MB in size.

The IOS is for the Cisco 2600 series hardware platform.


6.When a user establishes an SDM connection with a Cisco router and is examining the Configuration Overview area of the home page, which three pieces of information are available? (Choose three.)

MAC address of all DHCP clients

total number of Cisco SDM-supported WAN interfaces on the router

type of compression enabled on WAN interfaces

total number of DMZ interfaces

status of the DNS server

number of site-to-site VPN connections


7.An IT director has begun a campaign to remind users to avoid opening e-mail messages from suspicious sources. Which type of attack is the IT director trying to protect users from?

DoS

DDoS

virus

access

reconnaissance


8.Intrusion detection occurs at which stage of the Security Wheel?

securing

monitoring

testing

improvement

reconnaissance


9.Refer to the exhibit. The network administrator is trying to back up the Cisco IOS router software and receives the output shown. What are two possible reasons for this output? (Choose two.)

The Cisco IOS file has an invalid checksum.

The TFTP client on the router is corrupt.

The router cannot connect to the TFTP server.

The TFTP server software has not been started.

There is not enough room on the TFTP server for the software.


10.The password recovery process begins in which operating mode and using what type of connection? (Choose two.)

ROM monitor

boot ROM

Cisco IOS

direct connection through the console port

network connection through the Ethernet port

network connection through the serial port


11 Which two conditions should the network administrator verify before attempting to upgrade a Cisco IOS image using a TFTP server? (Choose two.)

Verify the name of the TFTP server using the show hosts command.

Verify that the TFTP server is running using the tftpdnld command.

Verify that the checksum for the image is valid using the show version command.

Verify connectivity between the router and TFTP server using the ping command.

Verify that there is enough flash memory for the new Cisco IOS image using the show flash command.


12.Refer to the exhibit. A network administrator is trying to configure a router to use SDM, but it is not functioning correctly. What could be the problem?

The privilege level of the user is not configured correctly.

The authentication method is not configured correctly.

The HTTP server is not configured correctly.

The HTTP timeout policy is not configured correctly.


13.Which two statements are true regarding network attacks? (Choose two.)

Reconnaissance attacks are always electronic in nature, such as ping sweeps or port scans.

Devices in the DMZ should not be fully trusted by internal devices, and communication between the DMZ and internal devices

should be authenticated to prevent attacks such as port redirection.

Worms require human interaction to spread, viruses do not.

Strong network passwords mitigate most DoS attacks.

Given time, a brute force attack always yields the password, as long as the password is made up of the characters selected to test.


14.Which two statements define the security risk that is presented by SNMPv1 or SNMPv2 when either is enabled on the network? (Choose two.)

SNMP uses authentication strings called community strings, which are stored and sent across the network in plain text.

Only the station that acts as a SNMP manager can encrypt the request and respond messages. All other machines that act as

SNMP agents send the messages in plain text.

A SNMP agent can encrypt the inform requests but not the trap requests.

No access list can be defined for the SNMP messages that are sent by the SNMP agents.

SNMP is an easily spoofed, datagram-based transaction protocol.


15.Refer to the exhibit. Which two statements about the configuration shown are true? (Choose two.)

access granted with password "local"

SSH server function is enabled on R1

SSH client function is enabled on R1

remote access connection will fail with no local username database

remote access connection will be made on secure shell port 443


16.Which two statements regarding preventing network attacks are true? (Choose two.)

The default security settings for modern server and PC operating systems can be trusted to have secure default security settings.

Intrusion prevention systems can log suspicious network activity, but there is no way to counter an attack in progress without user

intervention.

Physical security threat mitigation consists of controlling access to device console ports, labeling critical cable runs, installing UPS

systems, and providing climate control.

Phishing attacks are best prevented by firewall devices.

Changing default usernames and passwords and disabling or uninstalling unnecessary services are aspects of device hardening.


17.Which two statements define the security risk when DNS services are enabled on the network? (Choose two.)

By default, name queries are sent to the broadcast address 255.255.255.255.

DNS name queries require the ip directed-broadcast command to be enabled on the Ethernet interfaces of all routers.

Using the global configuration command ip name-server on one router enables the DNS services on all routers in the network.

The basic DNS protocol does not provide authentication or integrity assurance.

The router configuration does not provide an option to set up main and backup DNS servers.


18.When a user completes the Cisco SDM VPN wizard, what is done with the information that has been entered?

The information is saved to a text file that can be used to configure clients.

After user confirmation, the Cisco SDM-generated CLI commands are sent to the router.

SDM generates traffic to test the configuration before it is applied to the router.

A dialog box prompts the user for username and password information.


19.Which two objectives must a security policy accomplish? (Choose two.)

provide a checklist for the installation of secure servers

describe how the firewall must be configured

document the resources to be protected

identify the security objectives of the organization

identify the specific tasks involved in hardening a router


20.Refer to the exhibit. Security Device Manager (SDM) is installed on router R1. What is the result of opening a web browser on PC1 and entering the URL https://192.168.10.1?

The password is sent in plain text.

A Telnet session is established with R1.

The SDM page of R1 appears with a dialog box that requests a username and password.

The R1 home page is displayed and allows the user to download Cisco IOS images and configuration files.


21.Which statement is true about Cisco Security Device Manager (SDM)?

SDM interrupts network communications when configuration changes are entered into router memory.

SDM can run only on Cisco 7000 series routers.

SDM is supported by every version of the Cisco IOS software.

SDM can be run from router memory or from a PC.


22.Users are unable to access a company server. The system logs show that the server is operating slowly because it is receiving a high level of fake requests for service. Which type of attack is occurring?

reconnaissance

access

DoS

worm

virus

Trojan horse


23.What are two benefits of using Cisco AutoSecure? (Choose two.)

It gives the administrator detailed control over which services are enabled or disabled.

It offers the ability to instantly disable non-essential system processes and services.

It automatically configures the router to work with SDM.

It ensures the greatest compatibility with other devices in your network.

It allows the administrator to configure security policies without having to understand all of the Cisco IOS software features.


24.What are three characteristics of a good security policy? (Choose three.)

It defines acceptable and unacceptable use of network resources.

It communicates consensus and defines roles.

It is developed by end users.

It is developed after all security devices have been fully tested.

It defines how to handle security incidents.

It should be encrypted as it contains backups of all important passwords and keys.