Question 1
For the following attempts, which one is to ensure that no employee becomes a pervasive security threat, that data can be recovered from backups, and that information system changes do not compromise a system’s security?
A. Disaster recovery
B. Strategic security planning
C. Implementation security
D. Operations security
Answer: D
Note:
Operations security: day-to-day security operations entail responding to an incident, monitoring and maintaining a system, and auditing a system (to ensure compliance with an organization’s security policy).
Question 2
Which three options are network evaluation techniques? (Choose three)
A. Scanning a network for active IP addresses and open ports on those IP addresses
B. Using password-cracking utilities
C. Performing end-user training on the use of antispyware software
D. Performing virus scans
Answer: A B D
Question 3
Which is the main difference between host-based and network-based intrusion prevention?
A. Network-based IPS is better suited for inspection of SSL and TLS encrypted data flows.
B. Host-based IPS can work in promiscuous mode or inline mode.
C. Network-based IPS can provide protection to desktops and servers without the need of installing specialized software on the end hosts and servers.
D. Host-based IPS deployment requires less planning than network-based IPS.
Answer: C
Question 4
The enable secret password appears as an MD5 hash in a router’s configuration file, whereas the enable password is not hashed (or encrypted, if the password-encryption service is not enabled). What is the reason that Cisco still support the use of both enable secret and enable passwords in a router’s configuration?
A. The enable password is used for IKE Phase I, whereas the enable secret password is used for IKE Phase II.
B. The enable password is considered to be a router’s public key, whereas the enable secret password is considered to be a router’s private key.
C. Because the enable secret password is a hash, it cannot be decrypted. Therefore, the enable password is used to match the password that was entered, and the enable secret is used to verify that the enable password has not been modified since the hash was generated.
D. The enable password is present for backward compatibility.
Answer: D
Question 5
Which type of MAC address is dynamically learned by a switch port and then added to the switch’s running configuration?
A. Pervasive secure MAC address
B. Static secure MAC address
C. Sticky secure MAC address
D. Dynamic secure MAC address
Answer: C
Question 6
Which are the best practices for attack mitigations?
1 | Store sensitive data on stand-alone devices |
2 | Keep patches up to date |
3 | Use password that cannot be broken |
4 | Develop a static tested security policy |
5 | Inform users about social engineering |
6 | Develop a dynamic security policy |
7 | Log everything to a syslog server for forensic purposes |
8 | Disable unnecessary services |
A. 1, 2, 3 and 5
B. 2, 5, 6 and 8
C. 2, 5, 6 and 7
D. 2, 3, 6 and 8
E. 3, 4, 6 and 7
Answer: B
Question 7
Which one of the Cisco IOS commands can be used to verify that either the Cisco IOS image, the configuration files, or both have been properly backed up and secured?
A. show flash
B. show secure bootset
C. show archive
D. show file systems
Answer: B
Explanation
We use secure boot-image command to protect the IOS image, and the command secure boot-config to protect
the running configuration. These protected files will not even appear in a dir listing of flash. To see these protected files, use the show secure bootset command.
Question 8
Which name is of the e-mail traffic monitoring service that underlies that architecture of IronPort?
A. IronPort M-Series
B. E-Base
C. TrafMon
D. SenderBase
Answer: D
Question 9
Based on the username global configuration mode command displayed in the exhibit. What does the option secret 5 indicate about the enable secret password?
Router# show run | include username Username test secret 5 $1$knm. $GOGQBIL8TK77POLWxvX400 |
A. It is encrypted using DH group 5.
B. It is hashed using SHA.
C. It is hashed using MD5.
D. It is encrypted using a proprietary Cisco encryption algorithm.
Answer: C
Question 10
What will be disabled as a result of the no service password-recovery command?
A. password encryption service
B. ROMMON
C. changes to the config-register setting
D. the xmodem privilege EXEC mode command to recover the Cisco IOS image
Answer: B