• If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.
Xin chào ! Nếu đây là lần đầu tiên bạn đến với diễn đàn, xin vui lòng danh ra một phút bấm vào đây để đăng kí và tham gia thảo luận cùng VnPro.

Announcement

Collapse
No announcement yet.

CCDA: Security in Design

Collapse
This is a sticky topic.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • CCDA: Security in Design

    Question 1

    Which Cisco security solution offers protection against “day zero” attacks?
    A. Cisco Adaptive Security Appliance
    B. Cisco Security Agent
    C. Cisco IOS Firewall
    D. Cisco IOS IPS
    E. Cisco Traffic Anomaly Detector


    Answer: B

    Explanation

    The Cisco Security Agent (CSA) software protects server and desktop endpoints from the latest threats caused by malicious network attacks. CSA can identify and prevent network attacks that are considered unknown or “Day Zero”-type threats. CSAs are packed with many features, including firewall capabilities, intrusion prevention, malicious mobile code protection, operating-system integrity assurance, and audit log consolidation.

    Question 2

    Which two solutions are parts of the Cisco Security Management Suite? (Choose two)
    A. ASA
    B. Cisco Security Agent
    C. NAC Appliance
    D. CSM
    E. PIX
    F. Cisco Security MARS



    Answer: D F

    Explanation

    Solutions of the Cisco Security Management Suite are:
    + Cisco Security Manager (CSM) is an integrated solution for configuration management of firewall, VPN, router, switch module, and IPS devices.
    + Cisco Secure Access Control Server (ACS) provides centralized control for administrative access to Cisco devices and security applications.
    + Cisco Security Monitoring, Analysis, and Response System (MARS) is an appliance-based solution for network security administrators to monitor, identify, isolate, and respond to security threats.
    + Management Center for CSA (CSA MC) is an SSL web-based tool for managing Cisco Security Agent configurations.
    + Cisco Router and Security Device Manager (SDM) is a web-based tool for routers and supports a wide range of IOS software.
    + Cisco Adaptive Security Device Manager (ASDM) is a web-based tool for managing Cisco ASA 5500 series appliances, PIX 500 series appliances (version 7.0 or higher), and Cisco Catalyst 6500 Firewall Services Modules (FWSM version 3.1 or higher).
    + Cisco Intrusion Prevention System Device Manager (IDM) is a web-based application that configures and manages IPS sensors.


    Question 3

    A manufacturing company has decided to add a website to enhance sales. The web seivers in the E-Commerce module must be accessible without compromising network security. Which two design recommendations can be made to meet these requirements? (Choose two)
    A. Use private and public key encryption.
    B. Move the E-Commerce seivers to the WAN module.
    C. Use intrusion detection on the E-Commerce setverfarm.
    D. Limit the number of incoming connections to the E-Commerce module.
    E. Place E-Commerce seivers and application seivers on isolated LANs (DMZs).



    Answer: C E


    Question 4

    Which Cisco security solution can quarantine and prevent non-compliant end stations from accessing the network until they achieve security policy compliance?
    A. Cisco Secure Connectivity
    B. Adaptive Security Appliance
    C. Access Control Server
    D. Network Admission Control
    E. Network Intrusion Prevention System
    F. Cisco Security Monitoring, Analysis, and Response System



    Answer: D

    Explanation

    The Network Admission Control protects the network from threats by enforcing security compliance on all devices attempting to access the network. It only allows access to endpoints only after they have passed authentication based on security policies.

    Question 5

    A Cisco Self-Defending Network has been installed, but DoS attacks are still being directed at e-commerce hosts. The connection rate at the Internet firewall was limited, but the problem persists. What more can be done?
    A. Move the seivers to the DMZ.
    B. Install all relevant operating system patches.
    C. Block the servers’ TCP traffic at the Internet firewall.
    D. Block the servers’ UDP traffic at the Internet firewall.


    Answer: B


    Question 6

    Which three security measures can be used to mitigate DoS attacks that are directed at exposed hosts within the E-Commerce module? (Choose three)
    A. Partition the exposed hosts into a separate LAN or VLAN.
    B. Use firewalls to block all unnecessary connections to the exposed hosts.
    C. Use a VPN concentrator (IPSec) to protect and verify each connection to the exposed host or hosts.
    D. Use LAN switch VTP pruning to separate hosts on the same segment.
    E. Use NIDSs and HIPSs to detect signs of attack and to identify potentially successful breaches.


    Answer: A B E


    Question 7

    Which Cisco security management solution provides the means to identify, isolate, and counter security threats to the network?
    A. Adaptive Security Device Manager
    B. Intrusion Prevention Device Manager
    C. Security Device Manager
    D. Cisco Security Manager
    E. Cisco Security Monitoring, Analysis, and Response System


    Answer: E

    Explanation

    Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) is an appliance-based solution for network security administrators to monitor, identify, isolate, and respond to security threats. MARS understands the network topology and device configurations from routers, switches, firewalls, and IPS devices. MARS also can model
    packet flows on the network.

    Question 8

    A large enterprise requires sensitive information be transmitted over a public infrastructure. It requires confidentiality, integrity, and authenticity. Which security solution best meets these requirements?
    A. Cisco IOS Firewall
    B. Intrusion Prevention
    C. Secure Connectivity
    D. AAA
    E. Traffic Guard Protector


    Answer: C


    Question 9

    Which technology can ensure data confidentiality, data integrity, and authentication across a public IP network?
    A. GRE
    B. IPsec
    C. VLANs
    D. VSANs
    E. VPDNs


    Answer: B


    Question 10

    For which technology is IPsec required for a site-to-site enterprise WAN/MAN architecture?

    A. ATM
    B. ISP Service
    C. Frame Relay
    D. SP MPLS VPN
    E. self-deployed MPLS



    Answer: B


    Question 11

    A Cisco security mechanism has the following attributes:
    it is a sensor appliance
    it searches for potential attacks by capturing and analyzing traffic
    it is a “purpose-built device”
    it is installed passively
    it introduces no delay or overhead
    Which Cisco security mechanism is this?
    A. IKE
    B. PIX
    C. HIPS
    D. NIDS
    E. HMAC


    Answer: D


    Question 12

    Which of these domain-of-trust security statements is correct?
    A. Segments within a network should have the same trust models.
    B. An administrator should apply consistent security controls between segments.
    C. Communication between trusted entities needs to be carefully managed and controlled.
    D. Segment security policy decisions are based on trust.


    Answer: D
Working...
X