The Ultimate Network Security Exam Practice Test

289 Questions | Total Attempts: 48

SettingsSettingsSettings
Network Quizzes & Trivia

Do you know anything about network security, and do you think you can pass this quiz? Network security consists of the rules, activities, and practices adopted to prevent, detect, and monitor your PC so that no one else can gain access to it. Network security involves the authorization of information in a network, which the network administrator regulates. If you intend to learn more about network security, this is the quiz for you.


Questions and Answers
  • 1. 
    What security feature allows a private IP address to access the Internet by translating it to a public address?
    • A. 

      NAT

    • B. 

      Bhairpinnig

    • C. 

      Trusted Network Detection

    • D. 

      Certification Authority

  • 2. 
    You have configured R1 and R2 as shown, but the routers are unable to establish a site-to-site VPN tunnel. What action can you take to correct the problem?
    • A. 

      Edit the crypto keys on R1 and R2 to match

    • B. 

      Edit the ISAKMP policy sequence numbers on R1 and R2 to match.

    • C. 

      Set a valid value for the crypto key lifetime on each router

    • D. 

      Edit the crypto isakmp key command on each router with the address value of its own interface

  • 3. 
    What is the effect of the given command?
    • A. 

      It merges authentication and encryption methods to protect traffic that matches an ACL.

    • B. 

      It configures the network to use a different transform set between peers

    • C. 

      It configures encryption for MD5 HMAC.

    • D. 

      It configures authentication as AES 256

  • 4. 
    While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?
    • A. 

      IPSec Phase 1 is established between 10.10.10.2 and 10.1.1.5.

    • B. 

      IPSec Phase 2 is established between 10.10.10.2 and 10.1.1.5.

    • C. 

      IPSec Phase 1 is down due to a QM_IDLE state.

    • D. 

      IPSec Phase 2 is down due to a QM_IDLE state.

  • 5. 
    While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?
    • A. 

      IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2.

    • B. 

      IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10.10.2.

    • C. 

      IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2

    • D. 

      IKE Phase 1 aggressive mode has successfully negotiated between 10.1.1.5 and 10.10.10.2.

  • 6. 
    Which statement about IOS privilege levels is true?
    • A. 

      Each privilege level supports the commands at its own level and all levels below it.

    • B. 

      Each privilege level supports the commands at its own level and all levels above it.

    • C. 

      Privilege-level commands are set explicitly for each user

    • D. 

      Each privilege level is independent of all other privilege levels

  • 7. 
    Which line in this configuration prevents the HelpDesk user from modifying the interface configuration?
    • A. 

      Privilege exec level 9 configure terminal

    • B. 

      Privilege exec level 10 interface

    • C. 

      Username HelpDesk privilege 6 password help

    • D. 

      Privilege exec level 7 show start-up

  • 8. 
    In the router ospf 200 command, what does the value 200 stand for?
    • A. 

      Process ID

    • B. 

      Area ID

    • C. 

      Administrative distance value

    • D. 

      ABR ID

  • 9. 
    Which feature filters CoPP packets?
    • A. 

      Access control lists

    • B. 

      Class maps

    • C. 

      Policy maps

    • D. 

      Route maps

  • 10. 
    The Admin user is unable to enter configuration mode on a device with the given configuration
    • A. 

      Remove the autocommand keyword and arguments from the username admin privilege line.

    • B. 

      Change the Privilege exec level value to 15

    • C. 

      Remove the two Username Admin lines.

    • D. 

      Remove the Privilege exec line

  • 11. 
    In which type of attack does the attacker attempt to overload the CAM table on a switch so that the switch acts as a hub?
    • A. 

      MAC spoofing

    • B. 

      Gratuitous ARP

    • C. 

      MAC flooding

    • D. 

      DoS

  • 12. 
    Which type of PVLAN port allows hosts in the same VLAN to communicate directly with each other?
    • A. 

      Community for hosts in the PVLAN

    • B. 

      Promiscuous for hosts in the PVLAN

    • C. 

      Isolated for hosts in the PVLAN

    • D. 

      Span for hosts in the PVLAN

  • 13. 
    What is a potential drawback to leaving VLAN 1 as the native VLAN?
    • A. 

      It may be susceptible to a VLAN hoping attack.

    • B. 

      Gratuitous ARPs might be able to conduct a man-in-the-middle attack.

    • C. 

      The CAM might be overloaded, effectively turning the switch into a hub.

    • D. 

      VLAN 1 might be vulnerable to IP address spoofing

  • 14. 
    In which three cases does the ASA firewall permit inbound HTTP GET requests during normal operations? (Choose three).
    • A. 

      When matching NAT entries are configured

    • B. 

      When matching ACL entries are configured

    • C. 

      When the firewall receives a SYN-ACK packet

    • D. 

      When the firewall receives a SYN packet

    • E. 

      When the firewall requires HTTP inspection

    • F. 

      When the firewall requires strict HTTP inspection

  • 15. 
    Which firewall configuration must you perform to allow traffic to flow in both directions between two zones?
    • A. 

      You must configure two zone pairs, one for each direction

    • B. 

      You can configure a single zone pair that allows bidirectional traffic flows for any zone

    • C. 

      You can configure a single zone pair that allows bidirectional traffic flows for any zone except the self zone.

    • D. 

      You can configure a single zone pair that allows bidirectional traffic flows only if the source zone is the less secure zone.

  • 16. 
    What is a valid implicit permit rule for traffic that is traversing the ASA firewall?
    • A. 

      ARPs in both directions are permitted in transparent mode only

    • B. 

      Unicast IPv4 traffic from a higher security interface to a lower security interface is permitted in routed mode only

    • C. 

      Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in transparent mode only.

    • D. 

      Only BPDUs from a higher security interface to a lower security interface are permitted in routed mode.

  • 17. 
    Which statement about the communication between interfaces on the same security level is true?
    • A. 

      Interfaces on the same security level require additional configuration to permit inter-interface communication 

    • B. 

      Configuring interfaces on the same security level can cause asymmetric routing.

    • C. 

      All traffic is allowed by default between interfaces on the same security level

    • D. 

      You can configure only one interface on an individual security level

  • 18. 
    Which IPS mode provides the maximum number of actions?
    • A. 

      Inline

    • B. 

      Promiscuous

    • C. 

      Span

    • D. 

      Failover

    • E. 

      Bypass

  • 19. 
    How can you detect a false negative on an IPS?
    • A. 

      View the alert on the IPS

    • B. 

      . Review the IPS log

    • C. 

      Review the IPS console.

    • D. 

      Use a third-party system to perform penetration testing

    • E. 

      Use a third-party to audit the next-generation firewall rules

  • 20. 
    What is the primary purpose of a defined rule in an IPS?
    • A. 

      To configure an event action that takes place when a signature is triggered

    • B. 

      To define a set of actions that occur when a specific user logs in to the system

    • C. 

      To configure an event action that is pre-defined by the system administrator

    • D. 

      To detect internal attacks

  • 21. 
    How can FirePOWER block malicious email attachments?
    • A. 

      It forwards email requests to an external signature engine

    • B. 

      It scans inbound email messages for known bad URLs

    • C. 

      It sends the traffic through a file policy

    • D. 

      It sends an alert to the administrator to verify suspicious email messages

  • 22. 
    You have been tasked with blocking user access to websites that violate company policy, but the sites use dynamic IP addresses. What is the best practice for URL filtering to solve the problem?
    • A. 

      Enable URL filtering and use URL categorization to block the websites that violate company policy

    • B. 

      Enable URL filtering and create a blacklist to block the websites that violate company policy

    • C. 

      Enable URL filtering and create a whitelist to block the websites that violate company policy.

    • D. 

      Enable URL filtering and use URL categorization to allow only the websites that company policy  allows users to access.

  • 23. 
    Which technology can be used to rate data fidelity and to provide an authenticated hash for data?
    • A. 

      File reputation

    • B. 

      File analysis

    • C. 

      Signature updates

    • D. 

      Network blocking

  • 24. 
    Which type of encryption technology has the broadest platform support to protect operating systems?
    • A. 

      Software

    • B. 

      Hardware

    • C. 

      Middleware

    • D. 

      File-level

  • 25. 
    A proxy firewall protects against which type of attack?
    • A. 

      Cross-site scripting attack

    • B. 

      Worm traffic

    • C. 

      Port scanning

    • D. 

      DDoS attacks

Back to Top Back to top