Could You Pass This Basic CCNA Security Exam?
This quiz follows the IINS 640-553 exam curriculum from Cisco. It also tries to explain the answers so it can be used as an additional learning tool. DO NOT SCRAMBLE THE ANSWERS ORDER, otherwise, the explanations will not make sense. So, let's try out this quiz. All the best!
- 1.
What actions of a hacker can affect data integrity?
- A.
Flood the network with pings
- B.
Use somebody else's credentials
- C.
Decrypt data
- D.
Intercepting and altering an electronic transaction.
Correct Answer
D. Intercepting and altering an electronic transaction.Explanation
A is a Availability attack,
B, C are Confidentiality attacks
D alters data integrity.Rate this question:
-
- 2.
What are some roles of a Custodian in regard to data protection? (choose two)
- A.
Accesses data following the company's policy
- B.
Creates backups and verifies the integrity of the backups
- C.
Reviews procedures and policies for protecting data
- D.
Initially determines the classification for data
- E.
Follows the policies to maintain data
Correct Answer(s)
B. Creates backups and verifies the integrity of the backups
E. Follows the policies to maintain dataExplanation
A is User's role
C, D are Owner's rolesRate this question:
-
- 3.
According to Cisco, what type of control is properly screening potential employees?
- A.
Administrative
- B.
Physical
- C.
Audit
- D.
Technical
Correct Answer
A. AdministrativeExplanation
Employment is an administrative task. Audit is not a control according to Cisco.Rate this question:
-
- 4.
What does a Deterrent control do?
- A.
Attempts to prevent access to data
- B.
Attempts to influence the attacker not to launch an attack
- C.
Detects when data has been accessed
- D.
Detects when data has been modified
Correct Answer
B. Attempts to influence the attacker not to launch an attackExplanation
A is Preventive control
C,D are Detective controlsRate this question:
-
- 5.
What type of attacker uses his skills on data networks for unethical purposes only?
- A.
Script kiddy
- B.
White hat hacker
- C.
Black hat hacker
- D.
Gray hat hacker
- E.
Phreaker
Correct Answer
C. Black hat hackerExplanation
A - uses scripts not of his own
B - uses his skill to help improving network security
D - uses skills for ethical and unethical purposes
E - hacks telecommunication systemsRate this question:
-
- 6.
What category of attack is launched using legitimate credentials?
- A.
Passive
- B.
Active
- C.
Close-in
- D.
Insider
- E.
Distribution
Correct Answer
D. InsiderExplanation
An attack launched using legitimate credentials is categorized as an "Insider" attack. This type of attack occurs when someone within an organization, such as an employee or contractor, misuses their authorized access to compromise the system's security. The individual may use their legitimate credentials to gain unauthorized access, steal sensitive information, or carry out malicious activities without raising suspicion. Insider attacks can be challenging to detect and prevent as the attacker already has the necessary permissions and access privileges.Rate this question:
-
- 7.
What pair of actions can prevent a Distribution class attack?
- A.
Encryption / Applications with integrated security
- B.
Firewall at the network edge / HIPS
- C.
Protecting against unauthorized physical access / Authentication
- D.
Protecting against unauthorized physical access / Video monitoring systems
- E.
Secured software distribution system / Real-time software integrity checking
Correct Answer
E. Secured software distribution system / Real-time software integrity checkingExplanation
Distribution class attacks refer to "back doors" in hardware or software at the point of manufacture. They are then distributed and used against legitimate usersRate this question:
-
- 8.
What security solution concept has multiple layers of protection to provide redundancy and is recommended by Cisco?
- A.
Intrusion Detection System
- B.
Intrusion Prevention System
- C.
Distributed Layer Protection
- D.
Public Key Infrastructure
- E.
Defense in Depth
Correct Answer
E. Defense in DepthExplanation
Defense in Depth is a security solution concept that involves implementing multiple layers of protection to provide redundancy. It is recommended by Cisco because it helps to enhance the overall security posture by adding layers of defense to mitigate potential risks and threats. This approach ensures that even if one layer of security is breached, there are additional layers in place to prevent unauthorized access or damage to the system.Rate this question:
-
- 9.
What type of spoofing is placed from the same subnet as the victim?
- A.
IP Spoofing
- B.
Nonblind Spoofing
- C.
Blind Spoofing
- D.
SYN Spoofing
Correct Answer
B. Nonblind SpoofingExplanation
A - can be done either from same subnet or another subnet
C - this is placed from a different subnet
D - no such spoofingRate this question:
-
- 10.
How can a network be protected from IP spoofing attacks? (choose three)
- A.
Use of access control lists (ACL)
- B.
Strong password policy
- C.
Encrypt traffic
- D.
Cryptografic authentication
- E.
Open only needed ports
Correct Answer(s)
A. Use of access control lists (ACL)
C. Encrypt traffic
D. Cryptografic authenticationExplanation
B,E - these will not prevent IP Spoofing attacksRate this question:
-
- 11.
Which of the following is NOT considered an integrity attack?
- A.
Salami attack
- B.
Data diddling
- C.
ICMP attack
- D.
Password attack (through trojan horses, brute force attacks etc)
- E.
Hijacking a TCP session
Correct Answer
C. ICMP attackExplanation
ICMP attacks are considered availability attacks (DoS or DDos)Rate this question:
-
Back to top