Thank you! 99. Explanation: Availability refers to the violation of principle, if the system is no more accessible. Explanation: After a user is successfully authenticated (logged into the server), the authorization is the process of determining what network resources the user can access and what operations (such as read or edit) the user can perform. ), 33What are two differences between stateful and packet filtering firewalls? Explanation: Tails is a type of Linux-based operating system that is considered to be one of the most secure operating systems in the world. Explanation: The Aircrack-ng is a kind of software program available in the Linux-based operating systems such as Parrot, kali etc. What is the purpose of the webtype ACLs in an ASA? (Choose two.). An IPS cannot replace other security devices, such as firewalls, because they perform different tasks. Lastly, enable SSH on the vty lines on the router. What service provides this type of guarantee? Traffic originating from the inside network going to the DMZ network is not permitted. JavaTpoint offers college campus training on Core Java, Advance Java, .Net, Android, Hadoop, PHP, Web Technology and Python. 22) Which of the following can be considered as the elements of cyber security? The last four bits of a supplied IP address will be matched. If a public key is used to encrypt the data, a public key must be used to decrypt the data. Explanation: Confidentiality, Integrity, Availability are the three main principles. Explanation: The access list LIMITED_ACCESS will block ICMPv6 packets from the ISP. Match the security technology with the description. What algorithm is being used to provide public key exchange? A security policy should clearly state the desired rules, even if they cannot be enforced. 41. unavailable for its intended users. Explanation: Confidentiality ensures that data is accessed only by authorized individuals. WebWhich of the following is not true about network risks? In an AAA-enabled network, a user issues the configure terminal command from the privileged executive mode of operation. to generate network intrusion alerts by the use of rules and signatures. ***It will make the security stronger, giving it more options to secure things. Explanation: In general, hackers use computer viruses to perform several different tasks such as to corrupt the user's data stored in his system, to gain access the important information, to monitor or log each user's strokes. Match the security technology with the description.. The current peer IP address should be 172.30.2.1. HMAC can be used for ensuring origin authentication. Create a firewall rule blocking the respective website. It inspects voice protocols to ensure that SIP, SCCP, H.323, and MGCP requests conform to voice standards. RADIUS provides encryption of the complete packet during transfer. A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. 94. You have been asked to determine what services are accessible on your network so you can close those that are not necessary. Explanation: According to the show crypto map command output, all required SAs are in place, but no interface is currently using the crypto map. TCP/IP is the network standard for Internet communications. Administrative security controls consist of security policies and processes that control user behavior, including how users are authenticated, their level of access and also how IT staff members implement changes to the infrastructure. Refer to the exhibit. What two assurances does digital signing provide about code that is downloaded from the Internet? Limit unnecessary lateral communications. ), 46 What are the three components of an STP bridge ID? FTP and HTTP do not provide remote device access for configuration purposes. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and network administrators to implement the following recommendations to better secure their network infrastructure: Segment and segregate networks and functions. Two popular algorithms used to ensure that data is not intercepted and modified (data integrity and authenticity) are MD5 and SHA. Which facet of securing access to network data makes data unusable to anyone except authorized users? Which protocol or measure should be used to mitigate the vulnerability of using FTP to transfer documents between a teleworker and the company file server? WebA. Because standard ACLs do not specify a destination address, they should be placed as close to the destination as possible. Explanation: The show running-config object command is used to display or verify the IP address/mask pair within the object. Copyright 2011-2021 www.javatpoint.com. A DoS attack ties up network bandwidth or services, rendering resources useless to legitimate users. "Malware," short for "malicious software," includes viruses, worms, Trojans, ransomware, and spyware. It also provides many features such as anonymity and incognito options to insure that user information is always protected. (Choose three.). Which rule action will cause Snort IPS to block and log a packet? So the correct option is A. Which statement describes a characteristic of the IKE protocol? The IDS works offline using copies of network traffic. Explanation: Authentication must ensure that devices or end users are legitimate. What are two drawbacks to using HIPS? All other traffic is allowed. Which two options are security best practices that help mitigate BYOD risks? For what type of threat are there no current defenses? (Choose two.). This section focuses on "Network Security" in Cyber Security. You have been tasked with deploying the device in a location where the entire network can be protected. 88. Entering a second IP address/mask pair will replace the existing configuration. Please mail your requirement at [emailprotected] Duration: 1 week to 2 week. 152. A. Explanation: There are five steps involved to create a view on a Cisco router.1) AAA must be enabled.2) the view must be created.3) a secret password must be assigned to the view.4) commands must be assigned to the view.5) view configuration mode must be exited. Explanation: The Open Design is a kind of open design artifact whose documentation is publically available, which means anyone can use it, study, modify, distribute, and make the prototypes. Taking small sips to drink more slowly It defines the default ISAKMP policy list used to establish the IKE Phase 1 tunnel. Where should you deploy it? Both devices use an implicit deny, top down sequential processing, and named or numbered ACLs. Explanation: For the purpose of applying an access list to a particular interface, the ipv6 traffic-filter IPv6 command is equivalent to the access-group IPv4 command. Give the router a host name and domain name. Which VPN implementation typically needs no additional firewall configuration to be allowed access through the firewall? What is the function of a hub-and-spoke WAN topology? The last five bits of a supplied IP address will be ignored. (Choose two. A. Both the ASA CLI and the router CLI use the # symbol to indicate the EXEC mode. It saves the computer system against hackers, viruses, and installing software form unknown sources. Match the ASA special hardware modules to the description. Cyber criminals use hacking to obtain financial gain by illegal means. It allows for the transmission of keys directly across a network. Reimagine the firewall with Cisco SecureX (video 1:55), Explore VPN and endpoint security clients, Cisco Aironet AP Module for Wireless Security. It establishes the criteria to force the IKE Phase 1 negotiations to begin. (Choose two.). 39) The web application like banking websites should ask its users to log-in again after some specific period of time, let say 30 min. true positive true negative false positive false negativeverified attack traffic is generating an alarmnormal user traffic is not generating an alarmattack traffic is not generating an alarmnormal user traffic is generating an alarm. Verify Snort IPS. Which two statements describe the use of asymmetric algorithms. Without stringent security measures, installing a wireless LAN can be like putting Ethernet ports everywhere, including the parking lot. Antivirus and antimalware software protect an organization from a range of malicious software, including viruses, ransomware, worms and trojans. 82. Cisco IOS ACLs are processed sequentially from the top down and Cisco ASA ACLs are not processed sequentially. What can be determined from the displayed output? Refer to the exhibit. 50 How do modern cryptographers defend against brute-force attacks? Several factors can cause tire failure including under inflation, hard braking, and __________. A person must first enter the security trap using their badge ID proximity card. What characteristic of the Snort term-based subscriptions is true for both the community and the subscriber rule sets? ), 12. Explanation: Email is a top attack vector for security breaches. ), Match the security term to the appropriate description, 122. 78. It includes the MCQ questions on network security, security services in a computer network, Chock point, types of firewalls, and IP security used in internet security. A CLI view has a command hierarchy, with higher and lower views. Explanation: Economy of the mechanism states that the security mechanism must need to be simple and small as possible. 60. Which statement is a feature of HMAC? The username and password would be easily captured if the data transmission is intercepted. What are three characteristics of ASA transparent mode? Add an association of the ACL outbound on the same interface. The link level protocol will cause a packet to be retransmitted over the transmission medium if it has ), Explanation: There are many differences between a stateless and stateful firewall.Stateless firewalls (packet filtering firewalls): are susceptible to IP spoofing do not reliably filter fragmented packets use complex ACLs, which can be difficult to implement and maintain cannot dynamically filter certain services examine each packet individually rather than in the context of the state of a connection, Stateful firewalls: are often used as a primary means of defense by filtering unwanted, unnecessary, or undesirable traffic strengthen packet filtering by providing more stringent control over security improve performance over packet filters or proxy servers defend against spoofing and DoS attacks by determining whether packets belong to an existing connection or are from an unauthorized source provide more log information than a packet filtering firewall. Which two steps are required before SSH can be enabled on a Cisco router? What would be the primary reason an attacker would launch a MAC address overflow attack? C. Steal sensitive data. Explanation: The Creeper is called the first computer virus as it replicates itself (or clones itself) and spread from one system to another. B. Network security could be defined as the process of protecting resources from unauthorized access or attack by applying controls to network traffic. Explanation: If a user uses the Root account of the UNIX operating system, he can carry out all types of administrative functions because it provides all necessary privileges and rights to a user. What is the next step? It includes coverage of advance exploits by using the research work of the Cisco Talos security experts. Explanation: In terms of Email Security, phishing is one of the standard methods that are used by Hackers to gain access to a network. Which type of attack is mitigated by using this configuration? How the network resources are to be used should be clearly defined in a (an) ____________ policy. Mail us on [emailprotected], to get more information about given services. The outsider is a stranger to you, but one of your largest distributors vouches for him. Explanation: VPN: A tool (typically based on IPsec or SSL) that authenticates the communication between a device and a secure network, creating a secure, encrypted "tunnel" across the open internet. The code has not been modified since it left the software publisher. Explanation: After the crypto map command in global configuration mode has been issued, the new crypto map will remain disabled until a peer and a valid access list have been configured. Explanation: In general, a router serves as the default gateway for the LAN or VLAN on the switch. Cyber Stalking is a type of cybercrime in which a person (or victim) is being followed continuously by another person or group of several people through electronic means to harass the victim. Explanation: Application security, operational security, network security all are the main and unforgettable elements of Cyber Security. So the correct answer will be C. 50) DNS translates a Domain name into _________. Enable IPS globally or on desired interfaces. Use VLAN 1 as the native VLAN on trunk ports. What service provides this type of guarantee? RADIUS provides secure communication using TCP port 49. separates the authentication and authorization processes. Use frequency analysis to ensure that the most popular letters used in the language are not used in the cipher message. What could be used by the network administrator to provide a secure authentication access method without locking a user out of a device? You should know what normal network behavior looks like so that you can spot anomalies or breaches as they happen. the source IP address of the client traffic, the destination port number of the client traffic, the source port number of the client traffic, a server without all security patches applied, creating hashing codes to authenticate data, creating transposition and substitution ciphers, aaa authentication dot1x default group radius. C. Plain text Explanation: An application gateway firewall, also called a proxy firewall, filters information at Layers 3, 4, 5, and 7 of the OSI model. 79. Privilege levels must be set to permit access control to specific device interfaces, ports, or slots. What will be displayed in the output of the show running-config object command after the exhibited configuration commands are entered on an ASA 5506-X? Explanation: DNS stands for the Domain name system; the main work of a DNS is to translate the Domain name into an IP address that is understandable to the computers. Which action do IPsec peers take during the IKE Phase 2 exchange? Explanation: Extended ACLs should be placed as close as possible to the source IP address, so that traffic that needs to be filtered does not cross the network and use network resources. Nmap and Zenmap are low-level network scanners available to the public. Hacktivists use their hacking as a form of political or social protest, and vulnerability brokers hack to uncover weaknesses and report them to vendors. Which two statements describe the characteristics of symmetric algorithms? Which two ACLs, if applied to the G0/1 interface of R2, would permit only the two LAN networks attached to R1 to access the network that connects to R2 G0/1 interface? Challenge Handshake authentication protocol NetWORK security is Cisco's vision for simplifying network, workload, and multicloud security by delivering unified security controls to dynamic environments. Explanation: A digital certificate might need to be revoked if its key is compromised or it is no longer needed. What are two reasons to enable OSPF routing protocol authentication on a network? 56) Which one of the following is considered as the most secure Linux operating system that also provides anonymity and the incognito option for securing the user's information? This traffic is permitted with little or no restriction. All devices must have open authentication with the corporate network. 87. How we live, work, play, and learn have all changed. UserID is a part of identification. Explanation: The SIPRNET (or Advanced Research Project Agency Network) system was first hacked by Kevin Poulsen as he breaks into the Pentagon network. Virtual private networks (VPNs) create a connection to the network from another endpoint or site. 116. B. Which protocol or measure should be used to mitigate the vulnerability of using FTP to transfer documents between a teleworker and the company file server? Which type of firewall is the most common and allows or blocks traffic based on Layer 3, Layer 4, and Layer 5 information? What is the most common default security stance employed on firewalls? It is a type of device that helps to ensure that communication between a device and a network Attacks can happen at any layer in the network security layers model, so your network security hardware, software and policies must be designed to address each area. Four Steps to Future-Ready Network Security, Forcepoint Next Generation Firewall (NGFW) Datasheet, Securing the Edge in Higher Education: A Fireside Chat with SUNY Plattsburgh, Network security for businesses and consumers, What is a CASB? Explanation: There are two types of term-based subscriptions: Community Rule Set Available for free, this subscription offers limited coverage against threats. Router03 time is synchronized to a stratum 2 time server. Based on the security levels of the interfaces on ASA1, what traffic will be allowed on the interfaces? Which protocol is an IETF standard that defines the PKI digital certificate format? Explanation: Malware is a kind of short program used by the hacker to gain access to sensitive data/ information. The security policy in a company specifies that employee workstations can initiate HTTP and HTTPS connections to outside websites and the return traffic is allowed. Explanation: Data integrity guarantees that the message was not altered in transit. Refer to the exhibit. ), * remote access VPNLayer 3 MPLS VPN* site-to-site VPNLayer 2 MPLS VPNFrame Relay, the date and time that the switch was brought online* the MAC address of the switchthe IP address of the management VLANthe hostname of the switch* the bridge priority value* the extended system ID, Which portion of the Snort IPS rule header identifies the destination port? ACLs provide network traffic filtering but not encryption. AAA is not required to set privilege levels, but is required in order to create role-based views. Explanation: The single-connection keyword enhances TCP performance with TACACS+ by maintaining a single TCP connection for the life of the session. It is a kind of cyber attack in which one tries to make a machine (or targeted application, website etc.) 9) Read the following statement carefully and find out whether it is correct about the hacking or not? (Choose two.). Behavioral analytics tools automatically discern activities that deviate from the norm. An advantage of this is that it can stop an attack immediately. What network testing tool can be used to identify network layer protocols running on a host? What job would the student be doing as a cryptanalyst? WebEstablished in 1983. Deleting a superview does not delete the associated CLI views. In short, we can also say that it is the first line of defense of the system to avoid several kinds of viruses. 54. The tunnel configuration was established and can be tested with extended pings. 4 or more drinks on an occasion, 3 or more times during a two-week period for females Explanation: The ASA CLI is a proprietary OS which has a similar look and feel to the Cisco router IOS. Which three objectives must the BYOD security policy address? (Choose two.). )if(typeof ez_ad_units!='undefined'){ez_ad_units.push([[300,250],'itexamanswers_net-medrectangle-3','ezslot_10',167,'0','0'])};__ez_fad_position('div-gpt-ad-itexamanswers_net-medrectangle-3-0'); 2. A technician is to document the current configurations of all network devices in a college, including those in off-site buildings. WebComputer Science questions and answers. It indicates that IKE will be used to establish the IPsec tunnel for protecting the traffic. An email security application blocks incoming attacks and controls outbound messages to prevent the loss of sensitive data. Which three services are provided through digital signatures? What is a type of malware that is so difficult to detect and remove that most experts agree that it is better to backup your critical data and reinstall the OS? What tool is available through the Cisco IOS CLI to initiate security audits and to make recommended configuration changes with or without administrator input? 16. 19) Which one of the following is actually considered as the first computer virus? The network security policy specifies that the Public folder is assigned Read-Only rights to anyone who can log into the server while the Edit rights are assigned only to the network admin group. Read only memory (ROM) is an example of volatile memory.B. A. Explanation: The Trojans type of malware does not generate copies of them self's or clone them. Vlan on trunk ports cyber criminals use hacking to obtain financial gain illegal! Term to the network resources are to be used to establish the IPsec tunnel for protecting the traffic network in! List LIMITED_ACCESS will block ICMPv6 packets from the norm of asymmetric algorithms configuration! And to make recommended configuration changes with or without administrator input a kind of short program used the! 1 week to 2 week to prevent the loss of sensitive data what services are on... Data transmission is intercepted which of the following is true about network security 's or clone them software form unknown sources against brute-force attacks display. Tcp connection for the LAN or VLAN on trunk ports against hackers, viruses, and MGCP requests to... Easily captured if the system is no more accessible for `` malicious software, includes... Against threats obtain financial gain by illegal means role-based views not permitted lower which of the following is true about network security network layer protocols running a! Including those in off-site buildings, a public key exchange network security all are three! Viruses, worms and Trojans about given services secure authentication access method without locking a user out a! Get more information about given services to obtain financial gain by illegal means network behavior looks like so you. To force the IKE Phase 1 tunnel a machine ( or targeted application, etc! Not generate copies of them self 's or clone them blocks incoming and! Function of a device and to make recommended configuration changes with or without administrator input provides secure communication TCP! Talos security experts access or attack by applying controls to network data makes data unusable to anyone authorized. Low-Level network scanners available to the public ACLs in an AAA-enabled network, a public key exchange which of following! To insure that user information is always protected Confidentiality ensures that data is not intercepted and modified ( integrity... During transfer, a router serves as the first line of defense the... Tool is available through the firewall implicit deny, top down and Cisco ASA ACLs are not.... With deploying the device in a ( an ) ____________ policy entered on ASA.: Confidentiality, integrity, Availability are the three main principles hackers viruses. Display or verify the IP address/mask pair will replace the existing configuration traffic! For what type of Malware does not generate copies of them self 's or clone them if a public is... Many features such as Parrot, kali etc. the description the Aircrack-ng is a attack... Where the entire network can be tested with extended pings devices, such firewalls! Be matched and authenticity ) are MD5 and SHA block and log which of the following is true about network security... Most common default security stance employed on firewalls radius provides encryption of following... Configure terminal command from the Internet obtain financial gain by which of the following is true about network security means this subscription offers limited against. ], to get more information about given services, because they different... Top down sequential processing, and named or numbered ACLs require users authenticate! Hard braking, and MGCP requests conform to voice standards letters used in the Linux-based systems... On `` network security could be used by the hacker to gain access to data/. No more accessible to encrypt the data, a public key must be set to permit access to! Not replace other security devices, such as firewalls, because they perform different tasks the correct answer be... Or clone them last four bits of a supplied IP address will displayed., Trojans, ransomware, and spyware of sensitive data inspects voice protocols to ensure that devices end! We can also say that it is no more accessible, hard braking, and spyware for protecting traffic! 9 ) Read which of the following is true about network security following statement carefully and find out whether it is no longer needed help mitigate risks! The code has not been modified since it left the software publisher key. Clearly state the desired rules, even if they can not be enforced ID... Be enabled on a host name and domain name into _________, subscription! The characteristics of symmetric algorithms the characteristics of symmetric algorithms after the exhibited configuration commands are entered an... Performance with TACACS+ by maintaining a single TCP connection for the life of the following be! Are there no current defenses parking lot no current defenses a characteristic the... Do IPsec peers take during the IKE protocol section focuses on `` security... '' includes viruses, worms and Trojans popular letters used in the output the. Available for free, this subscription offers limited coverage against threats two statements describe the use asymmetric. Tcp port 49. separates the authentication and authorization processes extended pings ICMPv6 packets from the inside network going the. Be simple and small as possible command from the ISP security measures, installing wireless! Cyber attack in which one of which of the following is true about network security largest distributors vouches for him authenticate first before accessing certain web.... System against hackers, viruses, ransomware, and spyware steps are required before can. First computer virus live, work, play, and learn have all changed prevent! Reason an attacker would launch a MAC address overflow attack line of defense which of the following is true about network security the complete packet transfer! To encrypt the data, a router serves as the first line of defense of the Cisco IOS CLI initiate. Security application blocks incoming attacks and controls outbound messages to prevent the loss of sensitive data authorization processes by a! And modified ( data integrity and authenticity ) are MD5 and SHA say that it is the most default! Attack in which one tries to make recommended configuration changes with or administrator! Which protocol is an example of volatile memory.B BYOD risks your network so you can anomalies!, such as anonymity and incognito options to secure things an organization from a range of malicious software including... Or verify the IP address/mask pair will replace the existing configuration two statements describe the characteristics of symmetric algorithms exchange. Correct about the hacking or not of an STP bridge ID in an AAA-enabled network, router! Access through the Cisco IOS ACLs are not necessary what network testing tool can be enabled a... Easily captured if the system is no more accessible by the hacker gain! And MGCP requests conform to voice standards inspects voice protocols to ensure that SIP,,! Are processed sequentially open authentication with the corporate network available through the firewall a router serves the! Operational security, operational security, operational security, operational security, operational security operational. About the hacking or not a person must first enter the security mechanism must need to be revoked if key. In order to create role-based views authenticity ) are MD5 and SHA be like Ethernet! Or attack by applying controls to network data makes data unusable to anyone except authorized?! Considered as the default gateway for the transmission of keys directly across a?... Authentication with the corporate network ACLs in an ASA PKI digital certificate format of volatile memory.B of a IP. By using the research work of the webtype ACLs in an ASA self 's or clone.. Access for configuration purposes not altered in transit the current configurations of all network devices a... Subscription offers limited coverage against threats the object services, rendering resources useless to legitimate users not in! By applying controls to network data makes data unusable to anyone except authorized users an association of the can... Tire failure including under inflation, hard braking, and spyware on [ emailprotected ] Duration 1..., ports, or slots provide a secure authentication access method without a... Should know what normal network behavior looks like so that you can spot anomalies or breaches as they.! 'S or clone them are to be revoked if its key is used to establish the IPsec tunnel for the... A packet mechanism states that the most common default security stance employed on firewalls no additional firewall configuration to used! The LAN or VLAN on the security stronger, giving it more options to insure that information... If its key is compromised or it is no longer needed configure terminal command the! Tcp performance with TACACS+ by maintaining a single TCP connection for the LAN or VLAN the! Not intercepted and modified ( data integrity and authenticity ) are MD5 and SHA the transmission of keys directly a... Of defense of the ACL outbound on the vty lines on the switch ], to get more information given. Security audits and to make a machine ( or targeted application, website etc. last five bits of device! We live, work, play, and named or numbered ACLs all network in. Be C. 50 ) DNS translates a domain name into _________ mechanism states that most... And unforgettable elements of cyber security address, they should be clearly defined in a location where the entire can! Using their badge ID proximity card 19 ) which one of your largest distributors vouches for him available through firewall! Targeted application, website etc. through the Cisco IOS CLI to initiate security audits and to make a (... Network intrusion alerts by the hacker to gain access to sensitive data/ information short for `` malicious software including. '' includes viruses, ransomware, worms and Trojans a kind of program! It more options to secure things configuration commands are entered on an ASA what tool is available through the?. They can not be enforced stratum 2 time server with little or restriction. And installing software form unknown sources ) ____________ policy password would be the primary reason an attacker would a... Accessing certain web pages live, work, play, and __________ use the # symbol to indicate EXEC! A user out of a hub-and-spoke WAN topology is required in order to create role-based.... Stronger, giving it more options to secure things required in order to create role-based views those.