A network analyst wants to monitor the activity of all new interns. Which type of security testing would track when the interns sign on and sign off the network?
a) Vulnerability scanning
b) Password cracking
c) Network scanning
d) Integrity checker
Answer:
d) Integrity checker
Explanation:
Integrity checkers track changes in user or system state — including logins, logouts, and file changes.
Cisco Explanation:
An integrity checking system can report login and logout activities. Network scanning detects usernames and resources; password cracking tests weak credentials; vulnerability scanning identifies system weaknesses.
What are three characteristics of SIEM? (Choose three.)
a) Can be implemented as software or as a service
b) Microsoft port scanning tool designed for Windows
c) Examines logs and events from systems and applications to detect security threats
d) Consolidates duplicate event data to minimize the volume of gathered data
e) Uses penetration testing to determine most network vulnerabilities
f) Provides real-time reporting for short-term security event analysis
Answer:
a) Can be implemented as software or as a service
c) Examines logs and events from systems and applications to detect security threats
d) Consolidates duplicate event data to minimize the volume of gathered data
Explanation:
SIEM tools collect, normalize, and analyze data from multiple sources to detect anomalies and provide centralized monitoring.
Cisco Explanation:
Security Information Event Management (SIEM) provides real-time reporting and long-term event analysis. It consolidates duplicate data and detects threats by examining log patterns.
What testing tool is available for network administrators who need a GUI version of Nmap?
a) SuperScan
b) SIEM
c) Nessus
d) Zenmap
Answer:
d) Zenmap
Explanation:
Zenmap is the graphical user interface (GUI) version of the Nmap scanner.
Cisco Explanation:
Nmap and Zenmap are low-level network scanners. Zenmap is the GUI version. SuperScan is a Windows port scanner; Nessus scans for software vulnerabilities.
What is the goal of network penetration testing?
a) Determining the feasibility and potential consequences of a successful attack
b) Detecting potential weaknesses in systems
c) Detecting configuration changes on network systems
d) Detecting weak passwords
Answer:
a) Determining the feasibility and potential consequences of a successful attack
Explanation:
Penetration testing evaluates the impact of successful cyberattacks through simulated exploits.
Cisco Explanation:
Penetration testing determines the possible consequences of attacks. Vulnerability scanning detects weaknesses; password cracking identifies weak credentials.
How does network scanning help assess operations security?
a) It can detect open TCP ports on network systems.
b) It can detect weak or blank passwords.
c) It can simulate attacks from malicious sources.
d) It can log abnormal activity.
Answer:
a) It can detect open TCP ports on network systems.
Explanation:
Network scanning reveals which services and ports are exposed and could be exploited.
Cisco Explanation:
Network scanning detects open TCP and UDP ports, helping administrators identify and secure potential entry points.
What are three characteristics of the ASA routed mode? (Choose three.)
a) This mode is referred to as a “bump in the wire.”
b) In this mode, the ASA is invisible to an attacker.
c) The interfaces of the ASA separate Layer 3 networks and require different IP addresses in different subnets.
d) It is the traditional firewall deployment mode.
e) This mode does not support VPNs, QoS, or DHCP Relay.
f) NAT can be implemented between connected networks.
Answer:
c) Interfaces separate Layer 3 networks and require different IPs.
d) It is the traditional firewall deployment mode.
f) NAT can be implemented between connected networks.
Explanation:
In routed mode, the ASA acts as a router, separating subnets and supporting NAT between them.
Cisco Explanation:
Routed mode uses separate Layer 3 networks with unique IPs. ASA acts as a router hop, supports NAT, and multiple interfaces.
In which two instances will traffic be denied as it crosses the ASA 5505 device? (Choose two.)
a) Traffic originating from the inside network going to the DMZ network
b) Traffic originating from the inside network going to the outside network
c) Traffic originating from the outside network going to the DMZ network
d) Traffic originating from the DMZ network going to the inside network
e) Traffic originating from the outside network going to the inside network
Answer:
d) Traffic originating from the DMZ network going to the inside network
e) Traffic originating from the outside network going to the inside network
Explanation:
The ASA blocks traffic moving from a lower to higher security level by default.
Cisco Explanation:
When traffic flows from a low-security (outside or DMZ) to a high-security zone (inside), it’s denied unless explicitly permitted.
Refer to the exhibit. Based on the security levels of the interfaces on the ASA, what statement correctly describes the flow of traffic allowed on the interfaces?
a) The ASA allows inbound traffic initiated on the Internet to the DMZ, but not to the Inside interface.
b) The ASA console will display an error message.
c) The ASA will not allow traffic in either direction between the Inside interface and the DMZ.
d) The ASA allows traffic from the Inside to the DMZ, but blocks traffic initiated on the DMZ to the Inside interface.
c) The ASA will not allow traffic in either direction between the Inside interface and the DMZ.
Cisco Explanation:
Multiple interfaces in an ASA can be assigned the same security level. To allow connectivity between interfaces with the same security levels, the same-security-traffic permit inter-interface global configuration command is required.
Traffic from the higher level network to the lower level network is allowed by default. However, traffic initiated on the lower level network is denied access to the higher level network by default.
Refer to the exhibit. A network administrator is configuring the security level for the ASA. Which statement describes the default result if the administrator tries to assign the Inside interface with the same security level as the DMZ interface?
a) The ASA allows inbound traffic from Internet to DMZ but not to Inside.
b) The ASA console displays an error.
c) The ASA blocks all traffic between Inside and DMZ.
d) The ASA allows Inside to DMZ traffic but blocks DMZ-initiated traffic to Inside.
Answer:
d) The ASA allows Inside to DMZ traffic but blocks DMZ-initiated traffic to Inside.
Explanation:
Same-level security interfaces are allowed but not bidirectional without additional configuration.
Cisco Explanation:
Interfaces can share security levels. To allow full communication, use same-security-traffic permit inter-interface.
What can be configured as part of a network object?
a) Interface type
b) IP address and mask
c) Upper-layer protocol
d) Source and destination MAC address
Answer:
b) IP address and mask
Explanation:
Network objects define IP information; service objects define ports or protocols.
Cisco Explanation:
Network objects contain IP address/mask. Service objects define protocols or port ranges.
What is the function of a policy map configuration when an ASA firewall is being configured?
a) Binding a service policy to an interface
b) Binding class maps with actions
c) Identifying interesting traffic
d) Using ACLs to match traffic
Answer:
b) Binding class maps with actions
Explanation:
A policy map links class maps (traffic types) to actions or inspection rules.
Cisco Explanation:
Policy maps associate class maps with actions. Service policies attach policy maps to interfaces.
What is the purpose of configuring an IP address on an ASA device in transparent mode?
a) Management
b) Routing
c) NAT
d) VPN connectivity
Answer:
a) Management
Explanation:
In transparent mode, the ASA acts as a Layer 2 bridge; IP is only used for management.
Cisco Explanation:
Transparent mode operates at Layer 2, using an IP address solely for management purposes.
Which license provides up to 50 IPsec VPN users on an ASA 5506-X device?
a) The most commonly pre-installed Base license
b) A purchased Security Plus upgrade license
c) A purchased Base license
d) A purchased AnyConnect Premium license
Answer:
b) A purchased Security Plus upgrade license
Explanation:
The Security Plus license expands VPN capacity and other ASA resources.
Cisco Explanation:
The ASA 5506-X typically includes a Base license with an optional upgrade to Security Plus, enabling up to 50 IPsec VPN users.
What mechanism is used by an ASA device to allow inspected outbound traffic to return to the sender on the inside network?
a) Access control lists
b) Network Address Translation
c) Security zones
d) Stateful packet inspection
Answer:
d) Stateful packet inspection
Explanation:
SPI maintains a session table to track outbound connections, allowing corresponding return traffic.
Cisco Explanation:
Stateful packet inspection enables return traffic from outside sources to reach the initiating internal host.
When configuring interfaces on an ASA, which two pieces of information must be included? (Choose two.)
a) Group association
b) Service level
c) FirePower version
d) Security level
e) Access list
f) Name
Answer:
d) Security level
f) Name
Explanation:
Each ASA interface must have a unique name and a security level (0–100).
Cisco Explanation:
Every operational interface requires a name identifier and security level value.
Refer to the exhibit. A network administrator is verifying the security configuration of an ASA. Which command produces the exhibited output?
a) show vlan
b) show ip interface brief
c) show interface ip brief
d) show switch vlan
Answer:
c) show interface ip brief
Explanation:
Displays ASA interface IP assignment and status summary.
Cisco Explanation:
Use the show interface ip brief command to verify IP address assignment and interface status on an ASA.
What interface configuration command is used on an ASA to request an IP address from an upstream DSL device?
a) ip address ip-address netmask
b) ip address dhcp setroute
c) dhcpd address IP_address1 [ -IP_address2 ] if_name
d) ip address pppoe
Answer:
d) ip address pppoe
Explanation:
PPPoE (Point-to-Point Protocol over Ethernet) is used to obtain an IP address from DSL providers.
Cisco Explanation:
ip address pppoe requests IP configuration from an upstream DSL device using PPPoE connectivity.
Refer to the exhibit. What kind of NAT is configured on the ASA device?
a) Dynamic NAT
b) Twice NAT
c) Dynamic PAT
d) Static NAT
Answer:
c) Dynamic PAT
Explanation:
Dynamic PAT uses the outside interface IP to translate multiple internal addresses.
Cisco Explanation:
From the configuration, the source of IP address translation is the subnet 192.168.5.0/27 and the mapped address is the outside interface. This is an example of dynamic PAT. Dynamic NAT, dynamic PAT, and static NAT are referred to as “network object NAT” because the configuration requires network objects to be configured.
Twice NAT identifies both the source and destination address in a single rule ( nat command), and it is used when configuring remote-access IPsec and SSL VPNs.
What is the purpose of the Tripwire network testing tool?
a) To perform vulnerability scanning
b) To provide information about vulnerabilities and aid in penetration testing and IDS signature development
c) To assess configuration against established policies, best practices, and compliance standards
d) To detect unauthorized wired network access
e) To provide password auditing and recovery
Answer:
c) To assess configuration against established policies, best practices, and compliance standards
Explanation:
Tripwire is used for configuration compliance and integrity validation.
Cisco Explanation:
Tripwire validates system configuration against defined policies and standards to ensure compliance.
A network analyst is testing corporate security. What tool could audit and recover passwords?
a) L0phtCrack
b) SuperScan
c) Nessus
d) Metasploit
Answer:
a) L0phtCrack
Explanation:
L0phtCrack performs password auditing and recovery.
Cisco Explanation:
L0phtCrack audits and recovers passwords. SuperScan performs port scanning; Nessus handles vulnerability scans; Metasploit aids in penetration testing and exploit simulation.
In which two instances will traffic be denied as it crosses an ASA 5506-X device? (Choose two.)
a) Traffic originating from the inside network going to the outside network
b) Traffic originating from the inside network going to the DMZ network
c) Traffic originating from the outside network going to the inside network
d) Traffic originating from the outside network going to the DMZ network
e) Traffic originating from the DMZ network going to the inside network
Answer:
c) Traffic originating from the outside network going to the inside network
e) Traffic originating from the DMZ network going to the inside network
Explanation:
ASA denies traffic from lower to higher zones by default.
Cisco Explanation:
In ASA 5506-X, only traffic from higher to lower security levels is allowed by default; lower-to-higher traffic requires explicit ACLs.
-
Questions58
-
Chapter 1 Questions24
-
Chapter 2 Questions25
-
Chapter 3 Questions23
-
Chapter 4 Questions25
-
Module 1-4 Questions73
-
Modules 5-765
-
Modules 8-1049
-
Modules 13-1452
-
Firewalls47
-
Tutorial 611
-
Modules 11-1222
-
Modules 15-1724
-
Modules 18-1922
-
Modules 20-2221
-
Network Security Practice Final64
-
Tutorial Week 913
-
Tutorial 824
-
Tutorial 710
-
Mock Theory A14
-
Internet Security Theory Exam 22/2315
-
Internet Secuirty Theory Exam 25-2615
