The Basic Of Ccna Cyber Security Quiz

1. What does level 5 in this enable secret global configuration mode command indicate?

The enable secret password is for authentication at level 5 of user access.

The enable secret password is for entering level 5 of configuration mode.

The enable secret password is for accessing exec privelege level 5

The enable secret password is for configuring level 5 access control.

In the context of the enable secret global configuration mode command, level 5 refers to the privilege level at which the password will grant access. It is specifically related to exec privilege level 5 and not for other purposes such as configuration or user authentication.

Explanation

In the context of the enable secret global configuration mode command, level 5 refers to the privilege level at which the password will grant access. It is specifically related to exec privilege level 5 and not for other purposes such as configuration or user authentication.

2. Which two functions are required for IPsec operation?

1. Implementing SNMP for network monitoring.

1. Using Internet Key Encryption (IKE) to negotiate the Security Association (SA).

2. Using Diffie-Hellman to establish a shared-secret key.

3. Running a DHCP server for IP address assignment.

2. Using Windows Firewall for packet filtering.

3. How are Cisco IOS access control lists processed?

ACLs are processed randomly.

ACLs are matched from bottom up.

ACLs are processed simultaneously.

ACLs are matched from top down

In Cisco IOS, access control lists (ACLs) are processed from top down, meaning the router will check the packets against the entries in the list starting from the top and proceeding downwards until a match is found.

Explanation

In Cisco IOS, access control lists (ACLs) are processed from top down, meaning the router will check the packets against the entries in the list starting from the top and proceeding downwards until a match is found.

4. Which access list permits HTTP traffic sourced from host 10.0.1.129.100 port 3030 destined to host 192.168.1.10?

Access-list 101 permit tcp 10.0.1.0 0.0.0.255 eq 3030 192.168.1.0 0.0.0.15 eq www

Access-list 101 permit tcp 10.0.1.128 0.0.0.127 eq 3030 192.168.1.10 0.0.0.0 eq www

Access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 3030 192.168.1.0 0.0.0.15 eq www

Access-list 101 permit tcp 10.0.1.129 0.0.0.0 eq 80 192.168.1.10 0.0.0.0

The correct answer allows TCP traffic from host 10.0.1.129 port 3030 to host 192.168.1.10 port www. The incorrect answers either have incorrect IP/mask combinations, incorrect port numbers, or incorrect wildcard mask usage.

Explanation

The correct answer allows TCP traffic from host 10.0.1.129 port 3030 to host 192.168.1.10 port www. The incorrect answers either have incorrect IP/mask combinations, incorrect port numbers, or incorrect wildcard mask usage.

5. Which two features are supported by Cisco IronPort Security Gateway?

Firewall Protection

Anti-Virus Scanning

Spam Protection
Email Encryption

Intrusion Detection

The Cisco IronPort Security Gateway primarily focuses on email security features such as Spam Protection and Email Encryption. It is not designed for Intrusion Detection, Firewall Protection, or Anti-Virus Scanning.

Explanation

The Cisco IronPort Security Gateway primarily focuses on email security features such as Spam Protection and Email Encryption. It is not designed for Intrusion Detection, Firewall Protection, or Anti-Virus Scanning.

6. Which two characteristics represent a blended threat?

Trojan horse attack
day zero attack

Denial of service attack

Phishing attack

Ransomware attack

A blended threat is a sophisticated cyberattack that combines various types of malware and techniques to exploit vulnerabilities in a system. In this case, a trojan horse attack and a day zero attack are examples of characteristics that represent a blended threat because they involve both malicious software and exploitation of unknown vulnerabilities.

Explanation

A blended threat is a sophisticated cyberattack that combines various types of malware and techniques to exploit vulnerabilities in a system. In this case, a trojan horse attack and a day zero attack are examples of characteristics that represent a blended threat because they involve both malicious software and exploitation of unknown vulnerabilities.

7. Under which higher-level policy is a VPN security policy categorized?

Data retention policy

Network access control policy

Remote access policy

Incident response policy

A VPN security policy is typically categorized under a remote access policy as it governs how remote users should securely connect to the network.

Explanation

A VPN security policy is typically categorized under a remote access policy as it governs how remote users should securely connect to the network.

8. What does the option secret 5 in the username global config mode command indicate about the user password?

It is encrypted using AES.

It is stored as plain text.

It is encrypted using DES.

It is hashed using MD5

When the 'secret 5' option is used in the username global config mode command, it indicates that the user password is hashed using MD5.

Explanation

When the 'secret 5' option is used in the username global config mode command, it indicates that the user password is hashed using MD5.

9. What does level 5 in the 'enable secret' global configuration mode command indicate?

Level 5 indicates the number of attempts allowed before the password is locked out.

Level 5 specifies the length of the password in characters.

Level 5 designates the encryption algorithm used for the password.

The enable secret password is for accessing exec privelege level 5

In the given 'enable secret' command, the level 5 refers to the privilege level at which the password is valid. It does not specify the length of the password, encryption algorithm, or the number of allowed attempts.

Explanation

In the given 'enable secret' command, the level 5 refers to the privilege level at which the password is valid. It does not specify the length of the password, encryption algorithm, or the number of allowed attempts.

10. Which option is the correct representation of the IPv6 address: 2001:0000:150C:0000:0000:41B1:45A3:041D?

2001:0:150C:0:0:41B1:45A3:41D

2001:0000:150C::41B1:45A3:41D

2001:0:150C:0:0:41B1:45A3:41D

2001:0:150C::41B1:45A3:41D

When representing an IPv6 address, you can compress consecutive sections of zeros by using a double colon (::) only once. It is not necessary to represent each group of zeros with leading zeros like '0000'. Therefore, the correct representation is 2001:0:150C::41B1:45A3:41D.

Explanation

When representing an IPv6 address, you can compress consecutive sections of zeros by using a double colon (::) only once. It is not necessary to represent each group of zeros with leading zeros like '0000'. Therefore, the correct representation is 2001:0:150C::41B1:45A3:41D.

11. Which statement about this output is true?

The login failed due to a technical issue with the server.

The login failed because the password entered was incorrect.

The login failed because the account has been suspended.

The login failed because the username entered was incorrect.

The correct answer directly addresses the reason for the login failure, which was due to an incorrect password. The incorrect answers provide alternative reasons which were not the cause of the login failure in this scenario.

Explanation

The correct answer directly addresses the reason for the login failure, which was due to an incorrect password. The incorrect answers provide alternative reasons which were not the cause of the login failure in this scenario.

12. Which statement about this partial CLI configuration of an access control list is true?

All traffic from the 10.10.0.0 subnet is allowed

From the 10.10.0.0 subnet, only traffic sourced from 10.10.0.10 is allowed; traffic sourced

No traffic from the 10.10.0.0 subnet is allowed

Only traffic sourced from 10.10.0.5 is allowed.

The correct answer specifies that only traffic sourced from 10.10.0.10 is allowed from the 10.10.0.0 subnet. Therefore, options stating all traffic from the subnet is allowed, no traffic is allowed, or only traffic sourced from a different IP address are incorrect.

Explanation

The correct answer specifies that only traffic sourced from 10.10.0.10 is allowed from the 10.10.0.0 subnet. Therefore, options stating all traffic from the subnet is allowed, no traffic is allowed, or only traffic sourced from a different IP address are incorrect.

13. What type of entry in Cisco Adaptive Security Appliance (ASA) access list enables matching multiple entries in a single statement?

Dynamic access lists

Standard access lists

Object groups

Extended access lists

Object groups in Cisco ASA access lists allow for simplifying configuration by grouping objects together for easier management and matching multiple entries in a single statement.

Explanation

Object groups in Cisco ASA access lists allow for simplifying configuration by grouping objects together for easier management and matching multiple entries in a single statement.

14. Which statement about an access control list that is applied to a router interface is true?

It only filters traffic that passes through the router

It blocks all incoming traffic but allows all outgoing traffic.

It applies only to wireless connections and not wired connections.

It filters traffic based on source IP address only.

An access control list applied to a router interface filters traffic that passes through the router based on the defined rules. It can filter based on various criteria, not just source IP address. The ACL can be configured to allow or deny traffic in both directions, and it applies to all types of connections, whether wireless or wired.

Explanation

An access control list applied to a router interface filters traffic that passes through the router based on the defined rules. It can filter based on various criteria, not just source IP address. The ACL can be configured to allow or deny traffic in both directions, and it applies to all types of connections, whether wireless or wired.

15. When tasked with implementing syslog in your network, what is an important factor to consider in your implementation?

Implement a new physical network infrastructure.

Ensure all network devices have the same brand name.

Increase internet bandwidth to support syslog traffic.

Synchronize clocks on the network with a protocol such as Network Time Protocol

Synchronizing clocks on the network ensures log entries across devices are accurately timestamped, aiding in troubleshooting and correlating events.

Explanation

Synchronizing clocks on the network ensures log entries across devices are accurately timestamped, aiding in troubleshooting and correlating events.

16. Which protocol secures router management session traffic?

HTTP

SSH

Telnet

FTP

SSH (Secure Shell) is the correct answer as it provides a secure way to remotely access and manage routers. Telnet, FTP, and HTTP are incorrect because they do not provide the same level of security for managing router sessions.

Explanation

SSH (Secure Shell) is the correct answer as it provides a secure way to remotely access and manage routers. Telnet, FTP, and HTTP are incorrect because they do not provide the same level of security for managing router sessions.

17. Which two considerations about secure network management are important?

1. Strong passwords

2. Physical access control

3. Network bandwidth optimization

1. Log tampering
2. Accurate time stamping

Secure network management requires mechanisms like log tampering detection and accurate time stamping to maintain the integrity and security of the network. Strong passwords, physical access control, and network bandwidth optimization are also important aspects of network security, but they do not specifically address the management considerations mentioned in the question.

Explanation

Secure network management requires mechanisms like log tampering detection and accurate time stamping to maintain the integrity and security of the network. Strong passwords, physical access control, and network bandwidth optimization are also important aspects of network security, but they do not specifically address the management considerations mentioned in the question.

18. Which command enables Cisco IOS image resilience?

Enable image-resilience

Boot secure-image

Secure boot-image

Resilient IOS

The correct command to enable Cisco IOS image resilience is 'secure boot-image'. This command is used to ensure that the Cisco IOS image is secure and protected from tampering or unauthorized access.

Explanation

The correct command to enable Cisco IOS image resilience is 'secure boot-image'. This command is used to ensure that the Cisco IOS image is secure and protected from tampering or unauthorized access.

19. Which router management feature provides for the ability to configure multiple administrative views?

Role-based CLI

Port Mirroring

VLANs

SNMPv3

Role-based CLI allows the configuration of different administrative views based on roles assigned to users, while SNMPv3 is a network management protocol, VLANs are used for network segmentation, and Port Mirroring is used for network traffic monitoring.

Explanation

Role-based CLI allows the configuration of different administrative views based on roles assigned to users, while SNMPv3 is a network management protocol, VLANs are used for network segmentation, and Port Mirroring is used for network traffic monitoring.

20. How can you mitigate the activity of an attacker who has configured a rogue Layer 2 device to intercept traffic from multiple VLANs?

1. Enable Port Security on all switch ports.

1. Set the native VLAN on the trunk ports to an unused VLAN
2. Disable Dynamic Trunking Protocol (DTP) on ports that require trunking

2. Configure all VLANs to use the same native VLAN.

3. Implement Spanning Tree Protocol (STP) on all trunk ports.

The correct methods to mitigate the activity of an attacker intercepting traffic from multiple VLANs involve setting the native VLAN on trunk ports to an unused VLAN and disabling Dynamic Trunking Protocol (DTP). Enabling Port Security on all switch ports does not directly address the issue of rogue Layer 2 device interception. Configuring all VLANs to use the same native VLAN can still allow the attacker to intercept traffic. Implementing Spanning Tree Protocol (STP) on trunk ports helps with preventing loops in the network, but does not specifically protect against rogue device interception.

Explanation

The correct methods to mitigate the activity of an attacker intercepting traffic from multiple VLANs involve setting the native VLAN on trunk ports to an unused VLAN and disabling Dynamic Trunking Protocol (DTP). Enabling Port Security on all switch ports does not directly address the issue of rogue Layer 2 device interception. Configuring all VLANs to use the same native VLAN can still allow the attacker to intercept traffic. Implementing Spanning Tree Protocol (STP) on trunk ports helps with preventing loops in the network, but does not specifically protect against rogue device interception.

21. What is a best practice when configuring trunking on a switch port?

Allow all VLANs on the trunk without restriction.

Configure an unused VLAN as the native VLAN

Disable all VLANs except the ones in use.

Always use VLAN 1 as the native VLAN.

Configuring an unused VLAN as the native VLAN helps prevent security vulnerabilities by separating management traffic from user traffic on the trunk port.

Explanation

Configuring an unused VLAN as the native VLAN helps prevent security vulnerabilities by separating management traffic from user traffic on the trunk port.

22. Which type of Layer 2 attack causes a switch to flood all incoming traffic to all ports?

Virtual LAN (VLAN) hopping attack

Address Resolution Protocol (ARP) poisoning attack

Content Addressable Memory (CAM) overflow attack

Spanning Tree Protocol (STP) attack

A Content Addressable Memory (CAM) overflow attack floods a switch with traffic causing it to forward packets to all ports. The other options do not result in the same behavior.

Explanation

A Content Addressable Memory (CAM) overflow attack floods a switch with traffic causing it to forward packets to all ports. The other options do not result in the same behavior.

23. How can VLAN hopping attacks be prevented?

Enabling VLAN Trunking Protocol (VTP) negotiations

Disable Dynamic Trunking Protocol (DTP) negotiations

Implementing Port Security on all switch ports

Using default VLAN configurations

VLAN hopping attacks can be prevented by disabling Dynamic Trunking Protocol (DTP) negotiations, which can help prevent unauthorized VLAN access and manipulation.

Explanation

VLAN hopping attacks can be prevented by disabling Dynamic Trunking Protocol (DTP) negotiations, which can help prevent unauthorized VLAN access and manipulation.