Exam Prep Questions

1.

Which of the following is not a consideration for setting up technical controls in support of secure logging?

Exam Prep Questions

A.

How can the confidentiality of logs as well as communicating log messages be assured?

Exam Prep Questions

B.

How do you log events from several devices in one central place?

Exam Prep Questions

C.

What are the most critical events to log?

Exam Prep Questions

D.

What are the most important logs?

Exam Prep Questions

E.

None of the above.

2.

Fill in the blank with the correct term from the choices.

One communication path between management hosts and the devices they manage is __________, meaning that the traffic flows within a network separate from the production network.

Exam Prep Questions

A.

In-band

Exam Prep Questions

B.

Inter-vlan

Exam Prep Questions

C.

Private

Exam Prep Questions

D.

Out-of-band

Exam Prep Questions

E.

Intranet

3.

True or false. A general management guideline is to ensure that clocks on network devices are not synchronized with an external time source because this is a known vulnerability.

4.

Indicate the number for each logging level:

Image    Debugging:

____

Image    Alerts:

____

Image    Emergencies:

____

Image     Notifications:

____

Image     Critical:

____

Image     Informational:

____

Image     Warnings:

____

5.

To what menus do you have to navigate to setup logging in the SDM?

Exam Prep Questions

A.

Configure->Router Management->Additional Tasks->Logging

Exam Prep Questions

B.

Configure->Additional Tasks->Router Properties->Logging

Exam Prep Questions

C.

Monitor->System Properties->Configure->Syslog

Exam Prep Questions

D.

Configure->Additional Tasks->Router Properties->Syslog

Exam Prep Questions

E.

Monitor->Logging Options->Syslog Setup

6.

Match the following SNMP terms with their definitions:

1.

MIB:

___

2.

Agent:

___

3.

NMS:

___

A. Responds to sets and gets

B. Sends sets and gets

C. Information database

7.

True or false. Secure Network Time Protocol (SNTP) is more secure than regular NTP as it requires authentication.

8.

Which of the following is part of Cisco’s list of seven categories of vulnerable router services and interfaces? (Choose all that apply.)

Exam Prep Questions

A.

Disable unnecessary services and interfaces.

Exam Prep Questions

B.

Disable commonly configured management services.

Exam Prep Questions

C.

Ensure path integrity.

Exam Prep Questions

D.

Disable probes and scans.

Exam Prep Questions

E.

All of the above.

9.

Fill in the blank with the correct term from the choices.

The Cisco SDM Security Audit Wizard and One-Step Lockdown tools are based on the Cisco _________ feature.

Exam Prep Questions

A.

Auto-Initiate

Exam Prep Questions

B.

SafeAudit

Exam Prep Questions

C.

AuditMany-SecureOnce

Exam Prep Questions

D.

AutoSecure

Exam Prep Questions

E.

None of the above.

10.

True or false. SNMPv3 is implemented in the Cisco SDM Security Audit Wizard but not in the auto secure CLI command.

Answers to Exam Prep Questions

1.

Answer E is correct because all the choices are valid considerations.

2.

The right answer is D, out-of-band (OOB). A design goal for a secure network is to try to separate management traffic from the production networks wherever possible. Answer A is the opposite. The other answers are incorrect because they are not used in this context.

3.

False. This is a bit of a trick question. Yes, there are some known vulnerabilities with synchronizing clocks with external time sources, but these are outweighed by the advantage of having all network devices’ clocks synchronized to a single time source.

4.

The logging levels are the following:

Image     Debugging:

7

Image     Alerts:

1

Image     Emergencies:

0

Image     Notifications:

5

Image     Critical:

2

Image     Informational:

6

Image     Warnings:

4

5.

The correct answer is B. The other choices, although they look vaguely correct, do not represent real choices.

6.

The correct answers are: 1—C; 2—A; 3—B. MIB stands for Management Information Base and resides on an agent. The information in this database can be queried (get) or configured (set) by a Network Management System (NMS).

7.

False. SNTP stands for Simple Network Time Protocol and is considered less secure than NTP. NTPv3, on the other hand, is more secure because it implements cryptography and authentication between NTP peers.

8.

Answer E is correct. The complete list is as follows:

Image    Disable unnecessary services and interfaces.

Image    Disable commonly configured management services.

Image    Ensure path integrity.

Image    Disable probes and scans.

Image    Ensure terminal access security.

Image    Disable gratuitous and proxy ARP.

Image    Disable IP directed broadcasts.

9.

Answer D is correct. The other choices are made up and don’t appear in any context with Cisco network security.

10.

False. SNMPv3 is not part of the Cisco SDM Security Audit Wizard.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset