The Ultimate Network Security Exam Practice Test

NAT

Bhairpinnig

Trusted Network Detection

Certification Authority

Edit the crypto keys on R1 and R2 to match

Edit the ISAKMP policy sequence numbers on R1 and R2 to match.

Set a valid value for the crypto key lifetime on each router

Edit the crypto isakmp key command on each router with the address value of its own interface

It merges authentication and encryption methods to protect traffic that matches an ACL.

It configures the network to use a different transform set between peers

It configures encryption for MD5 HMAC.

It configures authentication as AES 256

IPSec Phase 1 is established between 10.10.10.2 and 10.1.1.5.

IPSec Phase 2 is established between 10.10.10.2 and 10.1.1.5.

IPSec Phase 1 is down due to a QM_IDLE state.

IPSec Phase 2 is down due to a QM_IDLE state.

IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2.

IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10.10.2.

IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2

IKE Phase 1 aggressive mode has successfully negotiated between 10.1.1.5 and 10.10.10.2.

Each privilege level supports the commands at its own level and all levels below it.

Each privilege level supports the commands at its own level and all levels above it.

Privilege-level commands are set explicitly for each user

Each privilege level is independent of all other privilege levels

Privilege exec level 9 configure terminal

Privilege exec level 10 interface

Username HelpDesk privilege 6 password help

Privilege exec level 7 show start-up

Process ID

Area ID

Administrative distance value

ABR ID

Access control lists

Class maps

Policy maps

Route maps

Remove the autocommand keyword and arguments from the username admin privilege line.

Change the Privilege exec level value to 15

Remove the two Username Admin lines.

Remove the Privilege exec line

MAC spoofing

Gratuitous ARP

MAC flooding

DoS

Community for hosts in the PVLAN

Promiscuous for hosts in the PVLAN

Isolated for hosts in the PVLAN

Span for hosts in the PVLAN

It may be susceptible to a VLAN hoping attack.

Gratuitous ARPs might be able to conduct a man-in-the-middle attack.

The CAM might be overloaded, effectively turning the switch into a hub.

VLAN 1 might be vulnerable to IP address spoofing

When matching NAT entries are configured

When matching ACL entries are configured

When the firewall receives a SYN-ACK packet

When the firewall receives a SYN packet

When the firewall requires HTTP inspection

When the firewall requires strict HTTP inspection

You must configure two zone pairs, one for each direction

You can configure a single zone pair that allows bidirectional traffic flows for any zone

You can configure a single zone pair that allows bidirectional traffic flows for any zone except the self zone.

You can configure a single zone pair that allows bidirectional traffic flows only if the source zone is the less secure zone.

ARPs in both directions are permitted in transparent mode only

Unicast IPv4 traffic from a higher security interface to a lower security interface is permitted in routed mode only

Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in transparent mode only.

Only BPDUs from a higher security interface to a lower security interface are permitted in routed mode.

Interfaces on the same security level require additional configuration to permit inter-interface communication 

Configuring interfaces on the same security level can cause asymmetric routing.

All traffic is allowed by default between interfaces on the same security level

You can configure only one interface on an individual security level

Inline

Promiscuous

Span

Failover

Bypass

View the alert on the IPS

. Review the IPS log

Review the IPS console.

Use a third-party system to perform penetration testing

Use a third-party to audit the next-generation firewall rules

To configure an event action that takes place when a signature is triggered

To define a set of actions that occur when a specific user logs in to the system

To configure an event action that is pre-defined by the system administrator

To detect internal attacks

It forwards email requests to an external signature engine

It scans inbound email messages for known bad URLs

It sends the traffic through a file policy

It sends an alert to the administrator to verify suspicious email messages

Enable URL filtering and use URL categorization to block the websites that violate company policy

Enable URL filtering and create a blacklist to block the websites that violate company policy

Enable URL filtering and create a whitelist to block the websites that violate company policy.

Enable URL filtering and use URL categorization to allow only the websites that company policy  allows users to access.

File reputation

File analysis

Signature updates

Network blocking

Software

Hardware

Middleware

File-level

Cross-site scripting attack

Worm traffic

Port scanning

DDoS attacks