1. |
Answers D and E are the correct choices. Cisco’s Host Security Strategy comprises endpoint protection using CSA, network admission control using NAC, and network infection containment. |
2. |
The correct answer is A. Cisco has specific products to address application and operating system security. The other choices, while ostensibly software (and also good ideas!), do not represent the high-level answer that was being looked for. |
3. |
The correct answers are C and D. Answers A and B are incorrect because these are attacks against cryptosystems and were explained in Chapter 6, “Introducing Cryptographic Services.” They are deliberately misleading because the reader will recognize the terminology. |
4. |
The correct answer is false. The definition provided is for a virus. Worms take their names from burrowing organisms that live in the “soil” of an infected host. The worm replicates into the memory of an infected host that, in turn, infects other computers. |
5. |
The correct order is 1—Probe, 2—Penetrate, 3—Persist, 4—Propagate, and 5—Paralyze (a—2, b—4, c—3, d—1, e—5). |
6. |
The correct answers are 1—a, 2—c, 3—b. Answers d and e do not match any of the descriptions. NAS stands for NAC Appliance Server. NAM stands for NAC Appliance Manager, and NAA stands for NAC Appliance Agent. A rule of thumb is that the GUI used to manage a single network device is called a “manager.” For example, Cisco IPS appliances use the IPS Device Manager (IDM). Cisco IOS routers use the Cisco Security Device Manager (SDM). Thus, the GUI to manage a single NAC appliance is the NAC Appliance Manager (NAM). |
7. |
The correct answers are a and d (in that order). |
8. |
The correct answer is A. Fiber Channel over IP (FCIP) is used to interconnect SANs over an IP network. Choice B, iSCSI, is used for host-to-SAN connectivity over an IP network, whereas choice C, Fiber Channel, is a technology used in the fabric of a fiber SAN switch to connect hosts (such as application servers) to the SAN volumes. |
9. |
The correct answer is A. Fiber channel zones are analogous to ACLs (answer B) and Fiber Channel port security is similar to 802.1X port-based authentication (answer C). |
10. |
False. SPIT is an emerging threat, but not one that has been seen in the wild as yet. It serves most to underline that as the technology evolves, so do the attack methods. |