56%(96)54 out of 96 people found this document helpful
This preview shows page 33 - 36 out of 36 pages.
Question 7. 7. (TCO 4) With zone-based firewalls, which of the following is used to specify actions to be taken when traffic matches a criterion? (Points : 6)ZonesClass mapsPolicy mapsZone pairsQuestion 8. 8. (TCO 4) Which type of access list uses rules placed on the interface where allowed traffic initiates and permits return traffic for TCP, UDP, SMTP, and other protocols? (Points : 6)
Question 9. 9. (TCO 5) Which AAA server protocol offers support for ARAP and NETBEUI protocols as well as IP? (Points : 6)Question 10. 10. (TCO 5) Which of the following is not considered a component of AAA? (Points : 6)Question 11. 11. (TCO 6) The Cisco IOS command that will display all current IKE security associations (SAs) is _____. (Points : 6)show crypto ipsecshow crypto isakmpshow crypto ipsec sashow crypto isakmp sashow crypto ike saQuestion 12. 12. (TCO 6) The Cisco IOS firewall crypto isakmp policy mode command that will set the isakmp security association lifetime is _____. (Points : 6)
Question 13. 13. (TCO 7) Cisco routers implementing IPS can save IPS events in a Syslog serverby executing which of the following commands? (Points : 6)Question 14. 14. (TCO 7) Which of the following is not an action that can be performed by the IOS firewall IDS router when a packet or packet stream matches a signature? (Points : 6)Question 15. 15. (TCO 1) Explain how to mitigate a Smurf attack. (Points : 24)Question 16. 16. (TCO 2) Type the global configuration mode and line configuration mode commands that are required to secure the VTY lines 0 through 15 to use the local username admin with the encrypted password adminpass for remote Telnet or SSH log-ins to the Cisco router. (Points : 24)Question 17. 17. (TCO 3) What are at least two best practices that should be implemented for unused ports on a Layer 2 switch for switch security? (Points : 24)Question 18. 18. (TCO 4) Given the commands shown below and assuming F0/0 is the inside interface of the network, explain what this ACL does.access-list 100 permit tcp any any eq 80 time-range MWFtime-range MWFperiodic Monday Wednesday Friday 8:00 to 17:00time-range
absolute start 00:00 30 Sept 2014 end 01:00 30 Sept 2014int f0/0ip access-group 100 in Correct Answer: (Points : 24)Question 19. 19. (TCO 5) Type two global configuration mode commands that enable AAA authentication and configure a default log-in method list. Use a TACACS+ server first, then a local username and password, and finally the enable password. (Points : 24)Question 20. 20. (TCO 6) Discuss the data encryption algorithms DES and 3DES. Discuss the key lengths, and rank the algorithms in order of best security. (Points : 24)Question 21. 21. (TCO 7) Explain the two benefits of Cisco IPS version 5.x signature format over the Cisco IPS version 4.x signature format. (Points : 22)