Managing a Secure Network
Here you will find answers to Managing a Secure Network Questions
Question 1
For the following attempts, which one is to ensure that no employee becomes a pervasive security threat, that data can be recovered from backups, and that information system changes do not compromise a system’s security?
A. Disaster recovery
B. Strategic security planning
C. Implementation security
D. Operations security
Answer: D
Note:
Operations security: day-to-day security operations entail responding to an incident, monitoring and maintaining a system, and auditing a system (to ensure compliance with an organization’s security policy).
Question 2
Which three options are network evaluation techniques? (Choose three)
A. Scanning a network for active IP addresses and open ports on those IP addresses
B. Using password-cracking utilities
C. Performing end-user training on the use of antispyware software
D. Performing virus scans
Answer: A B D
Question 3
Which is the main difference between host-based and network-based intrusion prevention?
A. Network-based IPS is better suited for inspection of SSL and TLS encrypted data flows.
B. Host-based IPS can work in promiscuous mode or inline mode.
C. Network-based IPS can provide protection to desktops and servers without the need of installing specialized software on the end hosts and servers.
D. Host-based IPS deployment requires less planning than network-based IPS.
Answer: C
Question 4
The enable secret password appears as an MD5 hash in a router’s configuration file, whereas the enable password is not hashed (or encrypted, if the password-encryption service is not enabled). What is the reason that Cisco still support the use of both enable secret and enable passwords in a router’s configuration?
A. The enable password is used for IKE Phase I, whereas the enable secret password is used for IKE Phase II.
B. The enable password is considered to be a router’s public key, whereas the enable secret password is considered to be a router’s private key.
C. Because the enable secret password is a hash, it cannot be decrypted. Therefore, the enable password is used to match the password that was entered, and the enable secret is used to verify that the enable password has not been modified since the hash was generated.
D. The enable password is present for backward compatibility.
Answer: D
Question 5
Which type of MAC address is dynamically learned by a switch port and then added to the switch’s running configuration?
A. Pervasive secure MAC address
B. Static secure MAC address
C. Sticky secure MAC address
D. Dynamic secure MAC address
Answer: C
Question 6
Which are the best practices for attack mitigations?
| 1 | Store sensitive data on stand-alone devices |
| 2 | Keep patches up to date |
| 3 | Use password that cannot be broken |
| 4 | Develop a static tested security policy |
| 5 | Inform users about social engineering |
| 6 | Develop a dynamic security policy |
| 7 | Log everything to a syslog server for forensic purposes |
| 8 | Disable unnecessary services |
A. 1, 2, 3 and 5
B. 2, 5, 6 and 8
C. 2, 5, 6 and 7
D. 2, 3, 6 and 8
E. 3, 4, 6 and 7
Answer: B
Question 7
Which one of the Cisco IOS commands can be used to verify that either the Cisco IOS image, the configuration files, or both have been properly backed up and secured?
A. show flash
B. show secure bootset
C. show archive
D. show file systems
Answer: B
Explanation
We use secure boot-image command to protect the IOS image, and the command secure boot-config to protect
the running configuration. These protected files will not even appear in a dir listing of flash. To see these protected files, use the show secure bootset command.
Question 8
Which name is of the e-mail traffic monitoring service that underlies that architecture of IronPort?
A. IronPort M-Series
B. E-Base
C. TrafMon
D. SenderBase
Answer: D
Question 9
Based on the username global configuration mode command displayed in the exhibit. What does the option secret 5 indicate about the enable secret password?
| Router# show run | include username Username test secret 5 $1$knm. $GOGQBIL8TK77POLWxvX400 |
A. It is encrypted using DH group 5.
B. It is hashed using SHA.
C. It is hashed using MD5.
D. It is encrypted using a proprietary Cisco encryption algorithm.
Answer: C
Question 10
What will be disabled as a result of the no service password-recovery command?
A. password encryption service
B. ROMMON
C. changes to the config-register setting
D. the xmodem privilege EXEC mode command to recover the Cisco IOS image
Answer: B
Hi all, my question is about question 6 .Some websites and exam guides, the answer is not the same with here.
Store sensitive data on stand-alone devices –> why this is not true?
Log everything to a syslog server for forensic purposes–> and this one
also i agree with the answer but i confused about above two option.
Thanks for your interest.
stand-alone device would have access to nothing.
Log everything is not best practice and would have too much info.
Oh my goodness! a tremendous article dude. Thanks Nonetheless I am experiencing challenge with ur rss . Don’t know why Unable to subscribe to it. Is there anybody getting identical rss problem? Anyone who knows kindly respond. Thnkx
Some call Oprah Winfrey, 57, the most influential woman in the world, yet she was born into poverty. Her uber-successful talk show wasn’t enough for Winfrey — in 2011
WDPUOL
Can anyone tell me, do i nedd a valid ccna cert for pathing CCNA Security ?
Flipper, yes you do!
I just can not imagine with strong your blog greatly that saved me! Thank you “No change of circumstances can repair a defect of character.” – Ralph Waldo Emerson
I just can not imagine with strong your blog greatly that helped me! God bless you “You can’t win unless you learn how to lose.” – Kareem Abdul-Jabbar
I am totally delighted with strong your blog greatly that saved me. Thank you “Wear a smile and have friends; wear a scowl and have wrinkles.” – George Eliot
can anybody tells me how much it is to take the ccna security?
$250
$250 + VAT if you are taken the exam in Europe
i want to write CCNA Security exam tomorrow(06.08.2011). please any one confirm CCNA sec dumps has changed or not?
hey sakthivel please comment after your exam if this dumps is valid yet
and good luck!
hi wrote exam last saturday(06.08.2011). still the same CCNA secuirty dump is valid.
i’m reading Cisco.TestKing.640-553.v2011-07-23.by.RAMKIRAN.137q.vce , that i download from http://www.examcollection.com. But question about SDM i can’t see it.
Hi, I’ve my exam on 19th august 2011. Is P4S 4.38 still valid? Questions shown here are still valid? Has anyone given exam recently?
Thx for this great information that you are sharing with us!!!
Thank you so much for this great webite! It is very informative.
Thank you so much for this great webite! It is very informative.
Programs, reviews of new products, reviews of software http://bestsoftwarehere.com/
@ flipper and Russo
flipper on March 1st, 2011
Can anyone tell me, do i nedd a valid ccna cert for pathing CCNA Security ?
Russo on March 1st, 2011
Flipper, yes you do!
————————
No. Although it’s recommended to go the Route/Switch way first and attain CCNA first, it’s not mandatory to do CCNA before taking the CCNA Security, CCNA VoIP, or CCNA Wireless exams. Doing CCNA first eases things a lot in the long run. But you’d need a CCNA before a CCDA.
People please be very very sure about the accuracy of information that you put on educational sites. Thanks a lot.
CCNA Security Prerequisites
Valid Cisco CCNA or any CCIE Certification can act as a prerequisite.
-Cisco.com(http://www.cisco.com/web/learning/le3/le2/le0/le1/learning_certification_type_home.html)
please be very very sure about the accuracy of information that you put on educational sites.
Jesus you are wrong twice. You DO NOT need a CCNA for CCDA test.
CCDA Prerequisites
There are no prerequisite certifications for CCDA, however knowledge at the CCNA level and the CCNP level for switching is recommended to pass the CCDA exam.
http://www.cisco.com/web/learning/le3/le2/le0/le4/learning_certification_type_home.html
Get with the program