ccna-security-exam-module-5-1.pdf
TRANSCRIPT
-
8/11/2019 CCNA-Security-Exam-Module-5-1.pdf
1/6
CCNAS Chapter 5 - CCNA Security: Implementing Network Security (Version 1.0)
1
Refer to the exhibit. When modifying an IPS signature action, which two check boxes should be selected to create anACL that denies all traffic from the IP address that is considered the source of the attack and drops the packet and allfuture packets from the TCP flow? (Choose two.)
A. Deny Attacker InlineB. Deny Connection InlineC. Deny Packet InlineD. Produce AlertE. Reset TCP Connection
ANSWER:A,B
2
Refer to the exhibit. What is the significance of the number 10 in the signature 6130 10 command?
A. It is the alert severity.
B. It is the signature number.C. It is the signature version.D. It is the subsignature ID.E. It is the signature fidelity rating.
http://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtml -
8/11/2019 CCNA-Security-Exam-Module-5-1.pdf
2/6
ANSWER:D
3
Refer to the exhibit. What is the result of issuing the Cisco IOS IPS commands on router R1?
A. A named ACL determines the traffic to be inspected.B. A numbered ACL is applied to S0/0/0 in the outbound direction.C. All traffic that is denied by the ACL is subject to inspection by the IPS.D. All traffic that is permitted by the ACL is subject to inspection by the IPS.
ANSWER:D
4
Refer to the exhibit. Which option tab on the SDM IPS screen is used to view the Top Threats table and deploy signaturesassociated with those threats?
A. Create IPSB. Edit IPSC. Security DashboardD. IPS Migration
ANSWER:C
5
Refer to the exhibit. What is the significance of the small red flag waving in the Windows system tray?A. Cisco Security Agent is installed but inactive.B. Network-based IPS is active and has detected a potential security problem.C. Cisco Security Agent is active and has detected a potential security problem.D. A network-based IPS sensor has pushed an alert to a host running Cisco Security Agent.
ANSWER:C
6 When editing IPS signatures with SDM, which action drops all future packets from a TCP flow?
A. Deny Packet InlineB. Deny TCP ConnectionC. Deny Attacker InlineD. Deny Connection Inline
http://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtml -
8/11/2019 CCNA-Security-Exam-Module-5-1.pdf
3/6
ANSWER:D
7 An IPS sensor has detected the string confidential across multiple packets in a TCP session. Which type of signaturetrigger and signature type does this describe?
A. Trigger: Anomaly-based detection
Type: Atomic signatureB. Trigger: Anomaly-based detectionType: Composite signature
C. Trigger: Pattern-based detectionType: Atomic signature
D. Trigger: Pattern-based detectionType: Composite signature
E. Trigger: Policy-based detectionType: Atomic signature
F. Trigger: Policy-based detectionType: Composite signature
ANSWER:D
8
Refer to the exhibit. A user was installing a Flash Player upgrade when the CSA displayed the dialog box shown.Which default action is taken by CSA if the user does not respond within 4 minutes and 20 seconds?
A. The action is allowed, and a log entry is recorded.B. The action is allowed, and CSA does not prompt the user again.C. The action is denied, and a log entry is recorded.D. The action is denied, and the FlashPlayerUpdate.exe application is terminated.
ANSWER:C
9 Which type of intrusion prevention technology is primarily used by Cisco IPS security appliances?A. rule-basedB. profile-basedC. signature-based
http://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtml -
8/11/2019 CCNA-Security-Exam-Module-5-1.pdf
4/6
D. NetFlow anomaly-basedE. protocol analysis-based
ANSWER:C
10 Which two files could be used to implement Cisco IOS IPS with version 5.x format signatures? (Choose two.)
A. IOS-Sxxx-CLI.binB. IOS-Sxxx-CLI.pkgC. IOS-Sxxx-CLI.sdfD. realm-cisco.priv.key.txtE. realm-cisco.pub.key.txt
ANSWER:B,E
11 A network administrator tunes a signature to detect abnormal activity that might be malicious and likely to be animmediate threat. What is the perceived severity of the signature?
A. highB. mediumC. lowD. Informational
ANSWER:B
12 Which type of intrusion detection triggers an action if excessive activity occurs beyond a specified threshold ofnormal activity?
A. pattern-based detectionB. anomaly-based detectionC. policy-based detectionD. honey pot-based detection
ANSWER:B
13 Which two statements characterize a network-based IPS implementation? (Choose two.)A. It makes hosts visible to attackers.B. It is unable to examine encrypted traffic.C. It monitors to see if an attack was successful.D. It provides application-level encryption protection.E. It is independent of the operating system on hosts.
ANSWER:B,E
14 Which Cisco IOS configuration option instructs the IPS to compile a signature category named ios_ips into memoryand use it to scan traffic?A. R1(config)# ip ips signature-category
R1(config-ips-category)# category allR1(config-ips-category-action)# retired false
B. R1(config)# ip ips signature-categoryR1(config-ips-category)# category ios_ips basicR1(config-ips-category-action)# retired false
C. R1(config)# ip ips signature-categoryR1(config-ips-category)# category allR1(config-ips-category-action)# enabled true
D. R1(config)# ip ips signature-categoryR1(config-ips-category)# category ios_ips basicR1(config-ips-category-action)# enabled true
ANSWER:B
http://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtml -
8/11/2019 CCNA-Security-Exam-Module-5-1.pdf
5/6
15 Which two Cisco IOS commands are required to enable IPS SDEE message logging? (Choose two.)A. logging onB. ip ips notify logC. ip http server
D. ip ips notify sdee
E. ip sdee events 500
ANSWER:C,D
16 Which two benefits does the IPS version 5.x signature format provide over the version 4.x signature format?(Choose two.)
A. addition of signature micro enginesB. support for IPX and AppleTalk protocolsC. addition of a signature risk ratingD. support for comma-delimited data importE. support for encrypted signature parameters
ANSWER:C,E
17 Why is a network that deploys only IDS particularly vulnerable to an atomic attack?A. The IDS must track the three-way handshake of established TCP connections.B. The IDS must track the three-way handshake of established UDP connections.C. The IDS permits malicious single packets into the network.D. The IDS requires significant router resources to maintain the event horizon.E. The stateful properties of atomic attacks usually require the IDS to have several pieces of data to match
an attack signature.
ANSWER:C
18 What are two major drawbacks to using HIPS? (Choose two.)A. HIPS has difficulty constructing an accurate network picture or coordinating the events happening across the
entire network.B. HIPS installations are vulnerable to fragmentation attacks or variable TTL attacks.C. With HIPS, the network administor must verify support for all the different operating systems used in the network.D. If the network traffic stream is encrypted, HIPS is unable to access unencrypted forms of the traffic.E. With HIPS, the success or failure of an attack cannot be readily determined.
ANSWER:A,C
19 Which type of IPS signature detection is used to distract and confuse attackers?A. pattern-based detectionB. anomaly-based detectionC. policy-based detection
D. honey pot-based detection
ANSWER:D
20 What are two IPS configuration best practices that can help improve IPS efficiency in a network? (Choose two.)A. Configure all sensors to check the server for new signature packs at the same time to ensure that they are
all synchronized.B. Configure the sensors to simultaneously check the FTP server for new signature packs.C. Ensure that signature levels that are supported on the management console are synchronized with the signature
packs on the sensors.D. Update signature packs manually rather than automatically to maintain close control when setting up a large
deployment of sensors.E. Place signature packs on a dedicated FTP server within the management network.
ANSWER:C,E
http://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtml -
8/11/2019 CCNA-Security-Exam-Module-5-1.pdf
6/6
http://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtmlhttp://assessment.netacad.net/virtuoso/delivery/pub-doc/exam.shtml