Page: 1
/ 20
Total 308 questions
What is a difference between an XSS attack and an SQL injection attack?
- A. SQL injection is a hacking method used to attack SQL databases, whereas XSS attack can exist in many different types of applications.
- B. XSS attacks are used to steal information from databases, whereas SQL injection attacks are used to redirect users to websites where attackers can steal data from them.
- C. XSS is a hacking method used to attack SQL databases, whereas SQL injection attacks can exist in many different types of applications.
- D. SQL injection attacks are used to steal information from databases, whereas XSS attacks are used to redirect users to websites where attackers can steal data from them.
Answer : D
What is a difference between a DoS attack and DDos attack?
- A. A DoS attack is where a computer is used to flood a server with TCP packets, whereas DDoS attack is where a computer is used to flood a server with UDP packets.
- B. A DoS attack is where a computer is used to flood a server with UDP packets, whereas DDoS attack is where a computer is used to flood a server with TCP packets.
- C. A DoS attack is where a computer is used to flood a server with TCP and UDP packets, whereas DDoS attack is where a computer is used to flood multiple servers that are distributed over a LAN.
- D. A DoS attack is where a computer is used to flood a server with TCP and UDP packets, whereas DDoS attack is where multiple systems target a single system with a DoS attack.
Answer : D
What are two advantages of using Cisco AnyConnect over DMVPN? (Choose two.)
- A. It provides spoke-to-spoke communications without traversing the hub.
- B. It enables VPN access for individual users from their machines.
- C. It allows multiple sites to connect to the data center.
- D. It allows different routing protocols to work over the tunnel.
- E. It allows customization of access policies based on user identity.
Answer : BE
Explanation:
Cisco Anyconnect is a Remote access VPN client based solution where users can install the client on their machines and can connect to the respective VPN devices (ASA/FTD/Router). In order to secure connectivity for Anyconnect Users, one can also create custom access policies to ensure proper conditions are met before access is granted to the VPN user.
What is the difference between a vulnerability and an exploit?
- A. A vulnerability is a weakness that can be exploited by an attacker.
- B. A vulnerability is a hypothetical event for an attacker to exploit.
- C. An exploit is a hypothetical event that causes a vulnerability in the network.
- D. An exploit is a weakness that can cause a vulnerability in the network.
Answer : A
Reference:
https://debricked.com/blog/what-is-security-weakness/#:~:text=A%20vulnerability%20is%20a%20weakness,when%20it%20can%20be%
20exploited.&text=This%20is%20a%20%E2%80%9Ccommunity%2Ddeveloped,of%20common%20software%20security%20weaknesses%E2%80%9D
.
What is the term for having information about threats and threat actors that helps mitigate harmful events that would otherwise compromise networks or systems?
- A. threat intelligence
- B. Indicators of Compromise
- C. trusted automated exchange
- D. The Exploit Database
Answer : A
Reference:
https://en.wikipedia.org/wiki/Cyber_threat_intelligence
Refer to the exhibit. An engineer is implementing a certificate based VPN. What is the result of the existing configuration?
- A. Only an IKEv2 peer that has an OU certificate attribute set to MANGLER establishes an IKEv2 SA successfully.
- B. The OU of the IKEv2 peer certificate is used as the identity when matching an IKEv2 authorization policy.
- C. The OU of the IKEv2 peer certificate is set to MANGLER.
- D. The OU of the IKEv2 peer certificate is encrypted when the OU is set to MANGLER.
Answer : B
Which kind of API that is used with Cisco DNA Center provisions SSIDs, QoS policies, and update software versions on switches?
- A. event
- B. intent
- C. integration
- D. multivendor
Answer : B
Explanation:
Cisco is moving towards intent based networking and DNA center is a new addition to the solution offerings from Cisco.
A network engineer needs to select a VPN type that provides the most stringent security, multiple security associations for the connections, and efficient VPN establishment with the least bandwidth consumption. Why should the engineer select either FlexVPN or DMVPN for this environment?
- A. DMVPN because it uses multiple SAs and FlexVPN does not.
- B. DMVPN because it supports IKEv2 and FlexVPN does not.
- C. FlexVPN because it supports IKEv2 and DMVPN does not.
- D. FlexVPN because it uses multiple SAs and DMVPN does not.
Answer : D
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/xe-16-12/sec-flex-vpn-xe-16-12-book/sec-cfg-flex-serv.html
Refer to the exhibit. Which command was used to generate this output and to show which ports are authenticating with dot1x or mab?
- A. show authentication registrations
- B. show authentication method
- C. show dot1x all
- D. show authentication sessions
Answer : B
Refer to the exhibit. What does the number 15 represent in this configuration?
- A. privilege level for an authorized user to this router
- B. access list that identifies the SNMP devices that can access the router
- C. interval in seconds between SNMPv3 authentication attempts
- D. number of possible failed attempts until the SNMPv3 user is locked out
Answer : B
What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?
- A. authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX
- B. authenticates the IP address of the 172.16.0.0/32 peer by using the key ciscXXXXXXXX
- C. authenticates the IKEv1 peers in the 172.16.0.0/16 range by using the key ciscXXXXXXXX
- D. secures all the certificates in the IKE exchange by using the key ciscXXXXXXXX
Answer : B
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-c4.html#wp6039879000
Which command enables 802.1X globally on a Cisco switch?
- A. dot1x system-auth-control
- B. dot1x pae authenticator
- C. authentication port-control auto
- D. aaa new-model
Answer : A
Reference:
https://www.cisco.com/c/en/us/td/docs/routers/nfvis/switch_command/b-nfvis-switch-command-reference/802_1x_commands.html
What is a characteristic of Dynamic ARP Inspection?
- A. DAI determines the validity of an ARP packet based on valid IP to MAC address bindings from the DHCP snooping binding database.
- B. In a typical network, make all ports as trusted except for the ports connecting to switches, which are untrusted.
- C. DAI associates a trust state with each switch.
- D. DAI intercepts all ARP requests and responses on trusted ports only.
Answer : A
Which statement about IOS zone-based firewalls is true?
- A. An unassigned interface can communicate with assigned interfaces
- B. Only one interface can be assigned to a zone.
- C. An interface can be assigned to multiple zones.
- D. An interface can be assigned only to one zone.
Answer : D
Reference:
https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html
When wired 802.1X authentication is implemented, which two components are required? (Choose two.)
- A. authentication server: Cisco Identity Service Engine
- B. supplicant: Cisco AnyConnect ISE Posture module
- C. authenticator: Cisco Catalyst switch
- D. authenticator: Cisco Identity Services Engine
- E. authentication server: Cisco Prime Infrastructure
Answer : AC
Reference:
https://www.lookingpoint.com/blog/ise-series-802.1x