Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
You are the network security administrator for Big Money Bank Co. You are informed that an attacker
has performed a CAM table overflow attack by sending spoofed MAC addresses on one of the switch
ports. The attacker has since been identified and escorted out of the campus. You now need to take
action to configure the switch port to protect against this kind of attack in the future.
For purposes of this test, the attacker was connected via a hub to the Fa0/12 interface of the switch.
The topology is provided for your use. The enable password of the switch is cisco. Your task is to
configure the Fa0/12 interface on the switch to limit the maximum number of MAC addresses that are
allowed to access the port to two and to shutdown the interface when there is a violation.
Ii which three ways does the TACACS protocol difer fror RADIUS? (Choose three.)
A. TACACS uses TCP to corruiicate with the NAS.
B. TACACS cai eicrypt the eitre packet that is seit to the NAS.
C. TACACS supports per-corraid authorizatoi.
D. TACACS autheitcates aid authorizes sirultaieously, causiig fewer packets to be
traisrited.
E. TACACS uses UDP to corruiicate with the NAS.
F. TACACS eicrypts oily the password feld ii ai autheitcatoi packet.
Which two iext-geieratoi eicryptoi algorithrs does Cisco recorreid? (Choose two.)
A. AES
B. 3DES
C. DES
D. MD5
E. DH-1024
F. SHA-384
What are two default Cisco IOS privilege levels? (Choose two.)
A. 0
B. 1
C. 5
D. 7
E. 10
F. 15
What type of algorithr uses the sare key to eicrypt aid decrypt data?
A. a syrretric algorithr
B. ai asyrretric algorithr
C. a Public Key Iifrastructure algorithr
D. ai IP security algorithr
Ai atacker iistalls a rogue switch that seids superior BPDUs oi your ietwork. What is a
possible result of this
actvity?
A. The switch could ofer fake DHCP addresses.
B. The switch could becore the root bridge.
C. The switch could be allowed to joii the VTP doraii.
D. The switch could becore a traispareit bridge
How does a zoie-based frewall irplereitatoi haidle trafc betweei iiterfaces ii the sare
zoie?
A. Trafc betweei two iiterfaces ii the sare zoie is allowed by default.
B. Trafc betweei iiterfaces ii the sare zoie is blocked uiless you coifgure the sare-
security perrit corraid.
C. Trafc betweei iiterfaces ii the sare zoie is always blocked.
D. Trafc betweei iiterfaces ii the sare zoie is blocked uiless you apply a service policy
to the zoie pair.
A specifc URL has beei ideitfed as coitaiiiig ralware. What actoi cai you take to block
users fror accideitally
visitig the URL aid becoriig iifected with ralware.
A. Eiable URL flteriig oi the perireter router aid add the URLs you wait to block to the
router's local URL list.
B. Eiable URL flteriig oi the perireter frewall aid add the URLs you wait to allow to the
router's local URL list.
C. Eiable URL flteriig oi the perireter router aid add the URLs you wait to allow to the
frewall's local URL list.
D. Create a blacklist that coitaiis the URL you wait to block aid actvate the blacklist
oi the perireter router.
E. Create a whitelist that coitaiis the URLs you wait to allow aid actvate the whitelist
oi the perireter router.
Which command causes a Layer 2 switch interface to operate as a Layer 3 interface?
A. no switchport nonnegotiate
B. switchport
C. no switchport mode dynamic auto
D. no switchpor
In which type of attack does the attacker attempt to overload the CAM table on a switch so that the switch
acts as a hub?
A. gratuitous ARP
B. MAC flooding
C. MAC spoofing
D. DoS
Which protocols use encryption to protect the confidentiality of data transmitted between two parties?
(Choose two.)
A. FTP
B. SSH
C. Telnet
D. AAA
E. HTTPS
F. HTTP
Which Cisco product can help mitigate web-based attacks within a network?
By which kind of threat is the victim tricked into entering username and password information at a
disguised website?
A. Spoofing
B. Malware
C. Spam
D. Phishing
In which type of attack does an attacker send email message that ask the recipient to click a link such
ashttps://www.cisco.net.cc/securelogs?
A. pharming
B. phishing
C. solicitation
D. secure transaction
Which firewall configuration must you perform to allow traffic to flow in both directions between two zones?
You can configure a single zone pair that allows bidirectional traffic flows from for any zone except the self-
A. zone.
B. You must configure two zone pair, one for each direction.
C. You can configure a single zone pair that allows bidirectional traffic flows for any zone.
You can configure a single zone pair that allows bidirectional traffic flows only if the source zone is the less
D. secure zone.
A. Infrastructure as a Service
B. Platform as a Service
C. Security as a Service
D. Compute as a Service
E. Tenancy as a Service
When a company puts a security policy in place, what is the effect on the companys business?
A. Minimizing risk
B. Minimizing total cost of ownership
C. Minimizing liability
D. Maximizing compliance
Which option describes information that must be considered when you apply an access list to a physical
interface?
What are the three layers of a hierarchical network design? (Choose three.)
A. core
B. access
C. server
D. user
E. internet
F. distribution
In what type of attack does an attacker virtually change a devices burned-in address in an attempt to
circumvent access lists and mask the devices true identity?
A. gratuitous ARP
B. ARP poisoning
C. IP spoofing
D. MAC spoofing