The component of network security that ensures that authorized users have access to data and network resources is _____

SEC 450 Final Examination Answers

Question 1. 1. (TCO 1) The component of network security that ensures that authorized users have access to data and network resources is _____. (Points : 6)

data integrity

data confidentiality

data and system availability

data and user authentication

Question 2. 2. (TCO 1) The type of security control that makes use of firewalls is called _____. (Points : 6)





Question 3. 3. (TCO 2) To configure a role-based CLI on a Cisco router, the first command to enter in privileged mode is _____. (Points : 6)

parser view

view enable

enable view

config view

super view

Question 4. 4. (TCO 2) The show running-config output can be modified using all of the following pipes except for _____. (Points : 6)

| begin

| end

| include

| exclude

Question 5. 5. (TCO 3) Which of the following is the default number of MAC addresses allowed when you execute the switchport port-security command on a switch port? (Points : 6)





Question 6. 6. (TCO 3) Which switch feature causes a port to skip the listening and learning states, causing the port to enter the forwarding state very quickly? (Points : 6)





Question 7. 7. (TCO 4) With zone-based firewalls, which of the following is used to specify actions to be taken when traffic matches a criterion? (Points : 6)


Class maps

Policy maps

Zone pairs

Question 8. 8. (TCO 4) Which type of access list uses rules placed on the interface where allowed traffic initiates and permits return traffic for TCP, UDP, SMTP, and other protocols? (Points : 6)


Lock and key



Question 9. 9. (TCO 5) Which AAA server protocol offers support for ARAP and NETBEUI protocols as well as IP? (Points : 6)





Question 10. 10. (TCO 5) Which of the following is not considered a component of AAA? (Points : 6)





Question 11. 11. (TCO 6) The Cisco IOS command that will display all current IKE security associations (SAs) is _____. (Points : 6)

show crypto ipsec

show crypto isakmp

show crypto ipsec sa

show crypto isakmp sa

show crypto ike sa

Question 12. 12. (TCO 6) The Cisco IOS firewall crypto isakmp policy mode command that will set the isakmp security association lifetime is _____. (Points : 6)

lifetime {days}

lifetime {seconds}

set lifetime {days}

set lifetime {seconds}

Question 13. 13. (TCO 7) Cisco routers implementing IPS can save IPS events in a Syslog server by executing which of the following commands? (Points : 6)

ip ips log {IP Address}

ip ips notify syslog

ip ips notify log

ip ips notify sdee

Question 14. 14. (TCO 7) Which of the following is not an action that can be performed by the IOS firewall IDS router when a packet or packet stream matches a signature? (Points : 6)

Drop the packet immediately.

Send an alarm to the Cisco IOS designated Syslog server.

Set the packet reset flag and forward the packet through.

Block all future data from the source of the attack for a specified time.

Question 15. 15. (TCO 1) Explain how to mitigate a Smurf attack. (Points : 24)

Question 16. 16. (TCO 2) Type the global configuration mode and line configuration mode commands that are required to secure the VTY lines 0 through 15 to use the local username admin with the encrypted password adminpass for remote Telnet or SSH log-ins to the Cisco router. (Points : 24)

Question 17. 17. (TCO 3) What are at least two best practices that should be implemented for unused ports on a Layer 2 switch for switch security? (Points : 24)

Question 18. 18. (TCO 4) Given the commands shown below and assuming F0/0 is the inside interface of the network, explain what this ACL does.

access-list 100 permit tcp any any eq 80 time-range MWF

time-range MWF

periodic Monday Wednesday Friday 8:00 to 17:00


absolute start 00:00 30 Sept 2014 end 01:00 30 Sept 2014

int f0/0

ip access-group 100 in Correct Answer: (Points : 24)

Question 19. 19. (TCO 5) Type two global configuration mode commands that enable AAA authentication and configure a default log-in method list. Use a TACACS+ server first, then a local username and password, and finally the enable password. (Points : 24)

Question 20. 20. (TCO 6) Discuss the data encryption algorithms DES and 3DES. Discuss the key lengths, and rank the algorithms in order of best security. (Points : 24)

Question 21. 21. (TCO 7) Explain the two benefits of Cisco IPS version 5.x signature format over the Cisco IPS version 4.x signature format. (Points : 22)