| ]

Here you will find answers to Implementing Intrusion Prevention Questions

Question 1:

When configuring Cisco IOS login enhancements for virtual connections, what is the “quiet period”?

A. A period of time when no one is attempting to log in
B. The period of time in which virtual logins are blocked as security services fully initialize
C. The period of time in which virtual login attempts are blocked, following repeated failed login attempts
D. The period of time between successive login attempts

Answer: C

Explanation

If the configured number of connection attempts fails within a specified time period, the Cisco IOS device does not accept any additional connections for a period of time that is called the quiet period. This feature is not enabled by default, we can enable its default settings, issue the login block-for command in global configuration mode. Administrators can use this feature to protect from DoS and/or dictionary attacks.

Question 2:

Which result is of securing the Cisco IOS image by use of the Cisco IOS image resilience feature?

A. When the router boots up, the Cisco IOS image will be loaded from a secured FTP location.
B. The Cisco IOS image file will not be visible in the output from the show flash command.
C. The show version command will not show the Cisco IOS image file location.
D. The running Cisco IOS image will be encrypted and then automatically backed up to a TFTP server.


Answer: B

Explanation

We can enable this feature with the secure boot-image command in the global configuration mode to secure the Cisco IOS image. The running image is secured and the image file is not included in any directory listing of the disk.

Question 3:

Which description is true about the show login command output displayed in the exhibit?

Router# show login

A default login delay of 1 seconds is applied.
No Quiet-Mode access list has been configured.
All successful login is logged and generate SNMP traps.
All failed login is logged and generate SNMP traps.
Router enabled to watch for login Attacks.
If more than 2 login failures occur in 100 seconds or less, logins will be disabled
for 100 seconds.
Router presently in Quiet-Mode, will remain in Quiet-Mode for 93 seconds.
Denying logins from all sources.

A. All logins from any sources are blocked for another 193 seconds.
B. The login block-for command is configured to block login hosts for 93 seconds.
C. When the router goes into quiet mode, any host is permitted to access the router via Telnet, SSH, and HTTP, since the quiet-mode access list has not been configured.
D. Three or more login requests have failed within the last 100 seconds.


Answer: D

Question 4:

After enabling port security on a Cisco Catalyst switch, what is the default action when the configured maximum of allowed MAC addresses value is exceeded?

A. The port is shut down.
B. The port’s violation mode is set to restrict.
C. The MAC address table is cleared and the new MAC address is entered into the table.
D. The port remains enabled, but bandwidth is throttled until old MAC addresses are aged out.


Answer: A

Question 5:

When configuring SSH, which is the Cisco minimum recommended modulus value?

A. 2048 bits
B. 256 bits
C. 1024 bits
D. 512 bits

Answer: C

Question 6:

Examine the following options , which Spanning Tree Protocol (STP) protection mechanism disables a switch port if the port receives a Bridge Protocol Data Unit (BPDU)?

A. PortFast
B. BPDU Guard
C. UplinkFast
D. Root Guard


Answer: B

Question 7:

For the following options, which feature is the foundation of Cisco Self-Defending Network technology?

A. policy management
B. secure connectivity
C. threat control and containment
D. secure network platform


Answer: D

Question 8:

Which type of intrusion prevention technology will be primarily used by the Cisco IPS security appliances?

A. rule-based
B. protocol analysis-based
C. signature-based
D. profile-based


Answer: C

Question 9:

What will be enabled by the scanning technology – The Dynamic Vector Streaming (DVS)?

A. Firmware-level virus detection
B. Layer 4 virus detection
C. Signature-based spyware filtering
D. Signature-based virus filtering


Answer: C

Explanation

The DVS engine is a new scanning technology that enables signature-based spyware filtering. This solution is complemented by a comprehensive set of management and reporting tools that provide ease of administration and complete visibility into threat-related activities.

Question 10:

Which statement is not a reason for an organization to incorporate a SAN in its enterprise infrastructure?

A. To increase the performance of long-distance replication, backup, and recovery
B. To decrease the threat of viruses and worm attacks against data storage devices
C. To decrease both capital and operating expenses associated with data storage
D. To meet changing business priorities, applications, and revenue growth


Answer: B

Question 11:

Which two functions are required for IPsec operation? (Choose two)

A. using AH protocols for encryption and authentication
B. using SHA for encryption
C. using DifTie-Hellman to establish a shared-secret key
D. using PKI for pre-shared-key authentication
E. using IKE to negotiate the SA


Answer: C E

Question 12:

In your company’s network, an attacker who has configured a rogue layer 2 device is intercepting traffic from multiple VLANS to capture potentially sensitive data. How to solve this problem? (Choose two)

A. Secure the native VLAN, VLAN 1 with encryption
B. Disable DTP on ports that require trunking
C. Place unused active ports in an unused VLAN
D. Set the native VLAN on the trunk ports to an unused VLAN


Answer: B D