As mentioned in the Introduction, you have two choices for review questions: here in the book or the exam questions on the CD-ROM. The answers to these questions appear in Appendix A.

For more practice with exam format questions, use the exam engine on the CD-ROM.

1. What technique can be used to protect private information that is transported over the Internet between the headquarters and branch office? (Select the best answer.)

a. Authentication b. Log all data c. Encryption d. Accounting

2. What would be recommended to protect database servers attached to a switch with a T1 to the Internet? (Select all that apply.)

a. Firewall b. Server Load Balancing (SLB)

c. Implement host-based security d. SPAN

3. What network security issue does 3DES encryption aim to solve?

a. Data integrity b. User authentication c. Data authentication d. Data confidentiality

4. Users are reporting a DoS attack in the DMZ. All the servers have been patched, and all unnecessary services have been turned off. What else can you do to alleviate some of the attack's effects? (Select all that apply.)

a. Rate-limit traffic on the firewall's ingress b. Use ACLs to let only allowed traffic into the network c. Block all TCP traffic from unknown sources d. DHCP Snooping for the DMZ segment

5. You are a network engineer for ABC Corp. You need to bring your coworkers up to date on network security threats. What would you discuss with them? (Select all that apply.)

a. Reconnaissance and gaining unauthorized access b. DHCP snooping c. Rate limits d. DoS

6. True or false: IPsec can ensure data integrity and confidentiality across the Internet.

7. What focuses on the accuracy and controls imposed on a company's financial records?



d. EU Data Protection Directive

8. What are components of managing the security infrastructure? (Select all that apply.)

a. Security management policy b. Incident-handling policy c. Network access control policy d. None of the above

9. Which security legislative body calls for the protection of people's privacy?



c. EU Data Protection Directive d. SOX

10. True or false: HIPAA protects companies' financial records.

11. True or false: Distributed DoS attacks are when multiple sources work together to deliver an attack.

12. True or false: Social engineering involves manipulating users into giving out confidential information.

13. How can attackers obtain sensitive account information? (Select all that apply.)

a. Password-cracking utilities b. Capturing network traffic c. Social engineering d. All of the above

14. What best describes how to protect data's integrity?

a. System availability b. Data confidentiality c. Ensuring that only legitimate users can view sensitive data d. Allowing only authorized users to modify data

15. List some targets that are used for attacks.

16. What provides an audit trail of network activities?

a. Authentication b. Accounting c. Authorization d. SSHv1

17. What authenticates valid DHCP servers to prevent them from interfering with production?

18. True or False: Unicast RPF is used to prevent unknown source addresses from using the network to route traffic.

19. What can control the rate of traffic that is allowed into the network?

20. What contains the organization's procedures, guidelines, and standards?

21. How can you enforce access control? (Select all that apply.)

a. Restrict access using VLANs b. Restrict access using OS-based controls c. Use encryption techniques d. All of the above

22. What is a general user document that is written in simple language to describe the roles and responsibilities within risk management?

23. True or false: The network access control policy defines the general access control principles used and how data is classified, such as confidential, top-secret, or internal.

24. What are the four steps used to facilitate continuing efforts in maintaining security policies?

a. Secure, monitor, maintain, close out b. Monitor, test, evaluate, purchase c. Improve, test, purchase, evaluate d. Secure, monitor, test, improve

25. True or false: As part of the Cisco Self-Defending Network, Trust and Identity Management defines who and what can access the network, as well as when, where, and how that occurs.

26. True or false: A common two-factor authentication technique involves the use of a six-digit PIN from a token in addition to a user password.

27. Match the encryption keys and VPN protocols with their definitions:

iii. Shared secret iv. PKI

a. Both sides use the same key b. Uses AH and ESP

c. Web browser TCP port 443

d. Asymmetric cryptography

Was this article helpful?

0 0

Post a comment