SCNS Tactical Perimeter Defense v6.1

Page:    1 / 16   
Exam contains 232 questions

You are configuring your new Intrusion Detection System, and studying the true-false matrix. You read about the different types of alarms and events. Which of the following defines an event where an alarm does not occur when an actual intrusion is carried out?

  • A. True-negative
  • B. False-positive
  • C. True-positive
  • D. False-negative
  • E. Absolute-positive


Answer : D

You have recently taken over the security of a mid-sized network. You are reviewing the current configuration of the IPTables firewall, and notice the following rule: ipchains -A output -p TCP -d ! 172.168.35.40 www
What is the function of this rule?

  • A. This rule for the output chain states that all www traffic on 172.168.35.40 from any IP address is allowed.
  • B. This rule for the input chain states that all TCP packets are able to get to the www service on any IP address except for 172.168.35.40.
  • C. This rule for the input chain states that all TCP packets are allowed to the 172.168.35.40 IP address to any port other than 80.
  • D. This rule for the output chain states that all TCP packets are able to get to the www service on any IP address except for 172.168.35.40.
  • E. This rule for the output chain states that all TCP packets are allowed to the 172.168.35.40 IP address to any port other than 80.


Answer : D

The organization you work for has recently decided to have a greater focus on security issues. You run the network, and are called in the meeting to discuss these changes. After the initial meeting you are asked to research and summarize the major issues of network security that you believe the organization should address. What are Network Securitys five major issues?

  • A. Authorization and Availability
  • B. Administration
  • C. Integrity
  • D. Confidentiality
  • E. Encapsulation
  • F. Encryption
  • G. Non-Repudiation
  • H. Authentication


Answer : A,C,D,G,H

To increase the security of the network, you have decided to implement a solution using authentication tokens. You are explaining this to a coworker who is not familiar with tokens.
What are Authentication Tokens?

  • A. An authentication token is a software program that is installed on each user computer. Upon execution of the program, each user will be authenticated into the network.
  • B. An authentication token is a hardware device that is to be installed, either via a parallel or serial port. Once the user has installed the token, he or she will be able to access the resources on the network that they have been granted access.
  • C. An authentication token is a portable device, such as a handheld computer, that stores an authenticating sequence, that the user will enter after logging into the system to gain access to network resources.
  • D. An authentication token is a software program that is installed on the main server of the network. As the user is logging in, the server will instruct the user for username and password.
  • E. An authentication token is a portable device used for authenticating a user, thereby allowing authorized access into a network system.


Answer : E

You are configuring your new Intrusion Detection System, and studying the true-false matrix. You read about the different types of alarms and events. Which of the following defines an event where an alarm does not occur and there is no actual intrusion?

  • A. True-negative
  • B. False-positive
  • C. True-positive
  • D. False-negative
  • E. Absolute-positive


Answer : A

You were recently hired as the security administrator of a small business. You are reviewing the current state of security in the network and find that the current logging system must be immediately modified. As the system is currently configured, auditing has no practical value. Which of the following are the reasons that the current auditing has little value?

  • A. The logs go unchecked.
  • B. The logs are automatically deleted after three months.
  • C. The logs are deleted using FIFO and capped at 500Kb.
  • D. The only auditing is successful file access events.
  • E. The logs are deleted using FIFO and capped at 5000Kb.


Answer : A,D

The main reason you have been hired at a company is to bring the network security of the organization up to current standards. A high priority is to have a full security audit of the network as soon as possible. You have chosen an Operational Audit and are describing it to your coworkers. Which of the following best describes an Operational audit?

  • A. This type of audit is typically done by a contracted external team of security experts who check for policy compliance.
  • B. This type of audit is usually done by internal resources to examine the current daily and on-going activities within a network system for compliance with an established security policy.
  • C. This type of audit is typically done by an internal team who ensures the security measures are up to international standards.
  • D. This type of audit is usually done by the current network administrators who ensure the security measures are up to international standards.
  • E. This type of audit is usually conducted by external resources and may be a review or audit of detailed audit logs.


Answer : B

The main reason you have been hired at a company is to bring the network security of the organization up to current standards. A high priority is to have a full security audit of the network as soon as possible. You have chosen an Independent Audit and are describing it to your coworkers. Which of the following best describes an Independent Audit?

  • A. An independent audit is usually conducted by external or outside resources and may be a review or audit of detailed audit logs.
  • B. The independent audit is usually done by the current network administrators who ensure the security measures are up to international standards.
  • C. The independent audit is typically done by an internal team who ensures the security measures are up to international standards.
  • D. The independent audit is usually done by internal resources to examine the current daily and on-going activities within a network system for compliance with an established security policy.
  • E. The independent audit is typically done by a contracted outside team of security experts who check for policy compliance.


Answer : A

You have been hired at a large company to manage network security issues. Prior to your arrival, there was no one dedicated to security, so you are starting at the beginning. You hold a meeting and are discussing the main functions and features of network security.
One of your assistants asks what the function of Authentication in network security is.
Which of the following best describes Authentication?

  • A. Data communications as well as emails need to be protected for privacy and Authentication. Authentication ensures the privacy of data on the network system.
  • B. Authentication is a security principle that ensures the continuous accuracy of data and information stored within network systems. Data must be kept from unauthorized modification, forgery, or any other form of corruption either from malicious threats or corruption that is accidental in nature. Upon receiving the email or data communication, authentication must be verified to ensure that the message has not been altered, modified, or added to or subtracted from in transit by unauthorized users.
  • C. The security must limit user privileges to minimize the risk of unauthorized access to sensitive information and areas of the network that only authorized users should only be allowed to access.
  • D. Security must be established to prevent parties in a data transaction from denying their participation after the business transaction has occurred. This establishes authentication for the transaction itself for all parties involved in the transaction.
  • E. Authentication verifies users to be who they say they are. In data communications, authenticating the sender is necessary to verify that the data came from the right source. The receiver is authenticated as well to verify that the data is going to the right destination.


Answer : E

You have been hired at a large company to manage network security issues. Prior to your arrival, there was no one dedicated to security, so you are starting at the beginning. You hold a meeting and are discussing the main functions and features of network security.
One of your assistants asks what the function of Confidentiality in network security is.
Which of the following best describes Confidentiality?

  • A. Confidentiality verifies users to be who they say they are. In data communications, authenticating the sender is necessary to verify that the data came from the right source.
  • B. Data communications as well as emails need to be protected for privacy and confidentiality. Network security must provide a secure channel for the transmission of data and email that does not allow eavesdropping by unauthorized users. Data confidentiality ensures the privacy of data on the network system.
  • C. The security must limit user privileges to minimize the risk of unauthorized access to sensitive information and areas of the network that only authorized users should only be allowed to access.
  • D. Security must be established to prevent parties in a data transaction from denying their participation after the business transaction has occurred. This establishes Confidentiality for the transaction itself for all parties involved in the transaction.
  • E. Confidentiality is a security principle that ensures the continuous accuracy of data and information stored within network systems. Data must be kept from unauthorized modification, forgery, or any other form of corruption either from malicious threats or corruption that is accidental in nature.


Answer : B

You have been hired at a large company to manage network security issues. Prior to your arrival, there was no one dedicated to security, so you are starting at the beginning. You hold a meeting and are discussing the main functions and features of network security.
One of your assistants asks what the function of Integrity in network security is. Which of the following best describes Integrity?

  • A. The security must limit user privileges to minimize the risk of unauthorized access to sensitive information and areas of the network that only authorized users should only be allowed to access.
  • B. Integrity verifies users to be who they say they are. In data communications, the integrity of the sender is necessary to verify that the data came from the right source. The receiver is authenticated as well to verify that the data is going to the right destination.
  • C. Data communications as well as emails need to be protected for privacy and Integrity. Network security must provide a secure channel for the transmission of data and email that does not allow eavesdropping by unauthorized users. Integrity ensures the privacy of data on the network system.
  • D. Integrity is a security principle that ensures the continuous accuracy of data and information stored within network systems. Data must be kept from unauthorized modification, forgery, or any other form of corruption either from malicious threats or corruption that is accidental in nature. Upon receiving the email or data communication, integrity must be verified to ensure that the message has not been altered, modified, or added to or subtracted from in transit by unauthorized users.
  • E. Security must be established to prevent parties in a data transaction from denying their participation after the business transaction has occurred. This establishes integrity for the transaction itself for all parties involved in the transaction.


Answer : D

You have been chosen to manage the new security system that is to be implemented next month in your network. You are determining the type of access control to use. What are the two types of Access Control that may be implemented in a network?

  • A. Regulatory Access Control
  • B. Mandatory Access Control
  • C. Discretionary Access Control
  • D. Centralized Access Control
  • E. Distributed Access Control


Answer : B,C

You have decided to implement SSH for communicating to your router. What does SSH use to establish a secure channel of communication?

  • A. RSA Public Key Cryptography
  • B. DES Public Key Cryptography
  • C. MD5 Private Key Cryptography
  • D. MD5 Public Key Cryptography
  • E. RSA Private Key Cryptography


Answer : A

You wish to configure a new Cisco router, which will take advantage of the AutoSecure feature. The AutoSecure security features are divided into which two planes?

  • A. Critical Plane
  • B. Management Plane
  • C. Recursive Plane
  • D. Non-Critical Plane
  • E. Forwarding Plane
  • F. Responsive Plane


Answer : B,E

You are configuring the Access Lists for your new Cisco Router. The following are the commands that are entered into the router for the list configuration.
Router(config)#access-list 13 deny 10.10.10.0 0.0.0.255
Router(config)#access-list 13 permit 10.10.11.0 0.0.0.255
Router(config)#access-list 15 deny 10.10.12.0 0.0.0.255
Router(config)#access-list 15 permit 10.10.11.0 0.0.0.255
Router(config)#interface Ethernet 0
Router(config-if)#ip access-group 15 out
Router(config-if)#interface Ethernet 2
Router(config-if)#ip access-group 15 out
Based on this configuration, and using the exhibit, select the answers that identify what the list will accomplish.

  • A. Deny network 10.10.10.0 from accessing network 10.10.11.0
  • B. Deny network 10.10.12.0 from accessing network 10.10.10.0
  • C. Permit network 10.10.10.0 access to all other networks
  • D. Deny network 10.10.12.0 from accessing network 10.10.11.0
  • E. Permit network 10.10.11.0 access to all other networks


Answer : B,E

Page:    1 / 16   
Exam contains 232 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.