Term
Which protocol is used for transporting the event data from Cisco IPS 5.0 and later devices to the Cisco Security MARS appliance? |
|
Definition
|
|
Term
What type of attack is learning about a target network? |
|
Definition
|
|
Term
What type of attack is it to make a system unavailable for normal use. |
|
Definition
|
|
Term
What type of attack is it to try and escalate your privilege level? |
|
Definition
|
|
Term
What types of attacks target vulnerabilities of end-user workstations |
|
Definition
Worms, viruses and Trojan horses. |
|
|
Term
Which Cisco security product provides a security audit wizard? |
|
Definition
Cisco Router and Security Device Manager |
|
|
Term
How is the Cisco IOS Control Plane Policing achieved? |
|
Definition
by applying a QoS policy in control plane configuration mode |
|
|
Term
Which component of the Cisco NAC framework is responsible for compliance and policy enforcement? |
|
Definition
|
|
Term
What is a benefit of Cisco Integrated Services Routers?
A. Intel Xeon CPU
B. built in event correlation engine
C. built in encryption acceleration
D. customer programmable ASIC
|
|
Definition
C. built in encryption acceleration |
|
|
Term
What are three functions of CSA in helping to secure customer environments?
A. application control
B. control of executable content
C. identification of vulnerabilities
D. probing of systems for compliance.
E. real-time analysis |
|
Definition
A. application control
B. control of executable content
F. System hardening
|
|
|
Term
Which two features can the USB etoken for Cisco Integrated Service Routers be used for?
A. distribution and storage of VPN credentials
B. command authorization
C. one-time passwords
D. secure deployment of configurations
E |
|
Definition
A. distribution and storage of VPN credentials
D. secure deployment of configurations
|
|
|
Term
What is the benefit of IPSec + GRE?
|
|
Definition
full support of dynamic routing protocols
|
|
|
Term
Which two are true about Cisco Autosecure?
A. blocks all IANA-reserved IP address blocks.
B. enables identification service
C. enables log messages to include sequence numbers and time stamps
D. disables tcp keepalives
E. removes |
|
Definition
A. blocks all IANA-reserved IP address blocks
C. enables log messages to include sequence numbers and time stamps |
|
|
Term
Which two statements about the Firewall Services Module are true?
|
|
Definition
D. Up to 1 million simultaneous connections are possible
E. up to 1000 Separate contexts are possible. |
|
|
Term
After powering up a MARS appliance, what is a valid task?
A. Use a cat 5 crossover cable to connect to MARS eth1 port
B. Connect a keyboard and monitor directly to the MARS appliance to set up its initial configuration
|
|
Definition
B. Connect a keyboard and monitor directly to the MARS appliance to set up its initial configuration. |
|
|
Term
Which Cisco security product is an easily deployed software solution that can automatically detect, isolate, and repair infected or vulnerable devices that attempt to access the network? |
|
Definition
NAC appliance (Cisco Clean Access) |
|
|
Term
What is the benefit of the high-performance AIM that is included with Cisco Integrated Services Routers? |
|
Definition
hardware-based encryption and compression |
|
|
Term
In the context of Cisco NAC, what is a network access device? |
|
Definition
|
|
Term
How does CSA protect endpoints? |
|
Definition
uses file system, network, registry and execution space interceptors to stop malicious activity. |
|
|
Term
Which two should be included in an analysis of a Security Posture Assessment?
A. detailed action plan
B. identification of bottlenecks in the network
C. identification of critical deficiencies
D. recommendation based on security best pract |
|
Definition
C. identification of critical deficiencies
D. recommendation based on security best practice. |
|
|
Term
Network security is a continuous process that is built around what? |
|
Definition
Corporate Security Policy |
|
|
Term
What feature of the Cisco IOS adaptive threat defense performs Application Security? |
|
Definition
Application Security and control |
|
|
Term
What feature of the Cisco IOS adaptive threat defense performs Anti-X? |
|
Definition
|
|
Term
What feature of the Cisco IOS adaptive threat defense performs Containment and Control? |
|
Definition
Network Foundation Protection |
|
|
Term
Which rule type allows for false positive tuning? |
|
Definition
|
|
Term
Which rule types are pushed down from a Global controller? |
|
Definition
|
|
Term
Which rule types are custom inspection rules that you desire? |
|
Definition
|
|
Term
Which rule types are out-of-the-box rules provided with Cisco Security MARS? |
|
Definition
|
|
Term
Which are two functions of Cisco Security Agent?
A. authentication
B. control of executable content
C. resource protection
D. spam filtering
E. user tracking
|
|
Definition
B. control of executable content
C. resource protection. |
|
|
Term
In which two ways can a Security Posture Assessment help organizations to understand network threats and risks?
A. by coaching system administrators
B. by identifying bottlenecks
C. by identifying vulnerable systems
D. by recommending area |
|
Definition
C. by identifying vulnerable systems
D. by recommending areas to improve |
|
|
Term
Self-Defending network is the Cisco vision for security systems. What is the purpose of the Cisco ACS server? |
|
Definition
|
|
Term
Which two are valid arguments that you can use to convince a business decision maker of the need for network security? |
|
Definition
B. Cisco products can provide end-to-end network protection against current and emerging threats. E. Organizations that operate vulnerable networks face increasing liabilities |
|
|
Term
What is the main reason for customer's to implement the Cisco Detector and Guard solution? |
|
Definition
as DDoS protection system |
|
|
Term
Which two statements are true about symmetric key systems?
A. It uses secret-key cryptography.
B. Encryption and Decryption use different keys
C. It is typically used to encrypt the content of a message
D. RSA is an example of public key e |
|
Definition
A. It uses secret-key cryptography.
C. It is typically used to encrypt the content of a message. |
|
|
Term
What allows Cisco Security Agent to block malicious behavior before damage can occur? |
|
Definition
interception of operating system calls |
|
|
Term
When implementing a Cisco Integrated Services Router, which feature would you apply to achieve application security? |
|
Definition
Context-based access control |
|
|
Term
Which statement is true about the built-in hardware encryption that is included with Cisco Integrated Services Routers?
A. It supports SRTP
B. It supports 256 bit AES
C. It is two times faster than previous models
D. It stores VPN cred |
|
Definition
B. It supports 256 bit AES |
|
|
Term
Which combination of authentication server and authentication protocol best implements command authorization for tighter control of user access rights?
A. Cisco Secure ACS server and RADIUS
B. Cisco Secure ACS server and TACACS+
C. Microsof |
|
Definition
B. Cisco Secure ACS server and TACACS_ |
|
|
Term
What is a feature of functions of Cisco Security MARS?
A. enforces authorization policies and privileges.
B. determines security incidents based on device messages, events and sessions.
C. configures, monitors and troubleshoots Cisco securi |
|
Definition
B. determines security incidents based on device messages, events and sessions |
|
|
Term
What are the two main reasons for customers to implement Cisco Clean Access? |
|
Definition
A. enforcement of security policies by making compliance a condition of access.
F. implementation of NAC phase 1. |
|
|
Term
What is the purpose of SNMP community strings when adding reporting devices into a newly installed Cisco Security MARS appliance? |
|
Definition
To discover and display the full topology. |
|
|
Term
What could be a reason to implement Cisco Security Agent?
A. preventing day zero attacks
B. communicating the host posture validation to a policy server
C. tracking the internet usage of employees
D. validating policy compliance |
|
Definition
A. preventing day zero attacks |
|
|
Term
What are two parts of the network security lifecycle?
A. Purchase
B. Operate
C. Integrate
D. Design
E. Develop
|
|
Definition
|
|
Term
On the Cisco Security MARS appliance, what is used to facilitate the management of Event, IP, Service and User management? |
|
Definition
|
|
Term
Which two features work together to provide Anti-X defense?
A. enhanced application inspection engines
B. enhanced security state assessment.
C. Cisco IPS version 5.0 technology
D. network security event correlation
E. Cisco IOS a |
|
Definition
A. enhanced application inspection engines
C. Cisco IPS version 5.0 technology |
|
|
Term
Which three components should be included in a security policy?
A. identification and authentication policy
B. incident handling procedure
C. security best practice
D. security product recommendation
E. software specifications
|
|
Definition
A. identification and authentication policy
B. incident handling procedure
F. statement of authority and scope |
|
|
Term
Which statement is true about Cisco Security MARS global controller?
|
|
Definition
B. The Global controller centrally manages a group of Local Controllers |
|
|
Term
Which Cisco IOS feature uses multipoint GRE and the Next Hop Resolution protocol to create dynamic IPSec tunnels between spoke sites? |
|
Definition
|
|
Term
When a FWSM is operating in transparent mode, what is true?
A. Each interface must be on the same VLAN
B. The FWSM does not support multiple security contexts
C. Each directly connected network must be on the same subnet
|
|
Definition
C. Each directly connected network must be on the same subnet |
|
|
Term
Which three are included with the Cisco Security Agent?
A. Buffer overflow protection
B. Day zero virus and worm protections
C. Cisco easy VPN Client
D. host-based intrusion protection.
E. plug in interface to query posture provid |
|
Definition
A. Buffer overflow protection
B. Day zero virus and worm protections
D. host-based intrusion protection |
|
|
Term
What is a valid step when setting up the Cisco Security MARS appliance for data archiving?
A. Specify the remote CIFS server.
B. Specify the remote FTP server.
C. Specify the remote NFS server.
D. Specify the remote TFTP server
|
|
Definition
C. Specify the remote NFS server. |
|
|
Term
Which two components should be included in a network design document?
A. complete network blueprint
B. configuration for each device
C. detailed part list
D. operating expense
E. risk analysis
|
|
Definition
A. Complete network blueprint
C. detailed parts list |
|
|
Term
Which two components should be included in a detailed design document?
A. data source
B. existing network infrastructure
C. organization chart
D. proof of concept
E. vendor availability |
|
Definition
B. existing network infrastructure
D. proof of concept |
|
|
Term
Identify two ways to create a long-duration query on the Cisco Security MARS appliance.
A. by modifying an existing report.
B. by saving a query as a report
C. by submitting a query in line
D. by submitting a batch query
E. by sa |
|
Definition
A. by modifying an existing report
D. by submitting a batch query |
|
|
Term
What are two main security drivers? |
|
Definition
1. Compliance with company policy
2. security legislation |
|
|
Term
In which two ways does 802.1x benefit businesses in terms of trust and identity? |
|
Definition
A. allows a user-based policy to be dynamically applied to switched ports
C. prevents any unauthorized device from connecting. |
|
|
Term
Which three should be included in a system acceptance test plan?
A. features to be tested
B. indications of references
C. pass and fail criteria
D. product data sheets
E. recommended changes
F. resource requirements and sched |
|
Definition
A. features to be tested C. pass and fail criteria F. resource requirements and schedule |
|
|
Term
What are two beneficial functions of the Cisco VPN/Security Management solution?
|
|
Definition
D. provides functions for monitoring and troubleshooting the health and performance of security devices. E. performs real time monitoring of site-to-site VPN, remote-access VPN, firewall and IPS services. |
|
|
Term
Which two are valid methods for adding reporting devices into the Cisco Security MARS appliance? A. running an import wizard. B. importing the devices from CiscoWorks C. loading the devices from a seed file. D. running manual configuration E. using C |
|
Definition
C. loading the devices from a seed file D. running manual configuration |
|
|
Term
What is a valid way of verifying a network security design? |
|
Definition
pilot or prototype network. |
|
|
Term
Which IPS feature models worm behavior and correlates the specific time between events, network behavior, and multiple exploit behavior to more accurately identify and stop worms? |
|
Definition
|
|
Term
In which two ways do Cisco ASA 5500 Series Adaptive Security Appliances achieve Containment and Control? |
|
Definition
1. By preventing unauthorized network access?
2. by tracking the state of all network communications. |
|
|
Term
Which three are functions of Cisco Security Agent?
A. spyware and adware protection
B. device-based registry scans
C. malicious mobile code protections
D. local shunning
E. protection against buffer overflows
F. flexibility a |
|
Definition
B. device-based registry scans
C. malicious mobile code protections
E. protection against buffer overflows |
|
|
Term
Which Cisco security product can be used to perform a Security Posture assessment of client workstations? |
|
Definition
|
|
Term
How can you configure a Cisco security MARS appliance to send notifications via e-mail, pager, syslog, SNMP or SMS? |
|
Definition
by defining the rule "Action" |
|
|
Term
What are three advantages of Cisco Security MARS?
A. performs automatic mitigation on Layer 2 devices
B. ensures that the user device is not vulnerable
C. fixes vulnerable and infected devices automatically
D. provides rapid profile-ba |
|
Definition
A. performs automatic mitigation on Layer 2 devices.
E. is network topology aware
F. contains scalable, distributed event analysis architecture. |
|
|
Term
Which three Cisco security products help to prevent application misuse and abuse
|
|
Definition
A. Cisco ASA 5500 Series Adaptive Security Appliance D. Cisco security agent F. Cisco IOS FW and IPS |
|
|
Term
By providing a detailed inspection of traffic in Layers 2 through 7, the Cisco IPS appliance offers which benefit to customers? |
|
Definition
D. prevention of protocol misuse |
|
|