1. What is the purpose of a personal firewall on a computer?

  • A. To filter the traffic that is moving in and out of the PC
  • B. To protect the hardware against fire hazard
  • C. To increase the speed of the Internet connection
  • D. To protect the computer from viruses and malware

The purpose of a firewall is to filter the traffic that is moving in and out of the PC. A computer firewall cannot deny all illegal traffic from a computer or increase the speed of any connection. It is also not able to protect hardware against fire hazards.

2. What is the main difference between the implementation of IDS and IPS devices?

  • A. An IDS needs to be deployed together with a firewall device, whereas an IPS can replace a firewall.
  • B. An IDS can negatively impact the packet flow, whereas an IPS can not.
  • C. An IDS would allow malicious traffic to pass before it is addressed, whereas an IPS stops it immediately.
  • D. An IDS uses signature-based technology to detect malicious packets, whereas an IPS uses profile-based technology.

An IPS is deployed in inline mode and will not allow malicious traffic to enter the internal network without first analyzing it. An advantage of this is that it can stop an attack immediately. An IDS is deployed in promiscuous mode. It copies the traffic patterns and analyzes them offline, thus it cannot stop the attack immediately and it relies on another device to take further actions once it detects an attack. Being deployed in inline mode, an IPS can negatively impact the traffic flow. Both IDS and IPS can use signature-based technology to detect malicious packets. An IPS cannot replace other security devices, such as firewalls, because they perform different tasks.

3. Which two pieces of information should be included in a logical topology diagram of a network? (Choose two.)

  • A. OS/IOS version
  • B. Cable type and identifier
  • C. Cable specification
  • D. Interface identifier
  • E. Device type
  • E. Connection type

The interface identifier and connection type should be included in a logical topology diagram because they indicate which interface is connected to other devices in the network with a specific type such as LAN, WAN, point-to-point, etc. The OS/IOS version, device type, cable type and identifier, and cable specification are typically included in a physical topology diagram.

4. What is a characteristic of a WAN?

  • A. It is typically owned and managed by a single home or business.
  • B. It spans across a campus or city to enable sharing of regional resources.
  • C. It requires a wireless access point to connect users to the network.
  • D. It connects multiple networks that are geographically separated.

A WAN (wide-area network) is used to connect networks that are geographically separated and is typically owned by a service provider. The service provider contracts out WAN services to individuals and organizations.

5. What network monitoring technology enables a switch to copy and forward traffic sent and received on multiple interfaces out another interface toward a network analysis device?

  • A. NetFlow
  • B. Network tap
  • C. SNMP
  • D. Port mirroring

When enabled on a switch, port mirroring copies frames sent and recieved by the switch and forwards them to another port, which has a analysis device attached.

6. What is a function of a proxy firewall?

  • A. Connects to remote servers on behalf of clients
  • B. Uses signatures to detect patterns in network traffic
  • C. Drops or forwards traffic based on packet header information
  • D. Filters IP traffic between bridged interfaces

Proxy firewalls filter traffic through the application layer of the TPC/IP model and shield client information by connecting to remote servers on behalf of clients.

7. Which technology is used by Cisco Advanced Malware Protection (AMP) in defending and protecting against known and emerging threats?

  • A. Network admission control
  • B. Website filtering and blacklisting
  • C. Threat intelligence
  • D. Network profiling

Cisco AMP uses threat intelligence along with known file signatures to identify and block policy-violating file types and exploitations.

8. How is a source IP address used in a standard ACL?

  • A. It is the address to be used by a router to determine the best path to forward packets.
  • B. It is the address that is unknown, so the ACL must be placed on the interface closest to the source address.
  • C. It is used to determine the default gateway of the router that has the ACL applied.
  • D. It is the criterion that is used to filter traffic.

The only filter that can be applied with a standard ACL is the source IP address. An extended ACL is used to filter on such traffic as the source IP address, destination IP address, type of traffic, and type of message.

9. Which statement describes the Cisco Cloud Web Security?

  • A. It is a secure web server specifically designed for cloud computing.
  • B. It is a security appliance that provides an all-in-one solution for securing and controlling web traffic.
  • C. It is an advanced firewall solution to guard web servers against security threats.
  • D. It is a cloud-based security service to scan traffic for malware and policy enforcement.

The Cisco Cloud Web Security (CWS) is a cloud-based security service that uses web proxies in the Cisco cloud environment to scan traffic for malware and policy enforcement. It is not a firewall or web server solution. The Cisco Web Security Appliance (WSA) combines multiple security solutions to provide an all-in-one solution on a single platform to address the challenges of securing and controlling web traffic.

10. Refer to the exhibit. The network "A" contains multiple corporate servers that are accessed by hosts from the Internet for information about the corporation. What term is used to describe the network marked as "A"?

  • A. DMZ
  • B. Perimeter security boundary
  • C. Untrusted network
  • D. Internal network

A demilitarized zone or DMZ is a network area protected by one or more firewalls. The DMZ typically contains servers that are commonly accessed by external users. A web server is commonly contained in a DMZ.

11. Which network service allows administrators to monitor and manage network devices?

  • A. NTP
  • B. Syslog
  • C. SNMP
  • D. NetFlow

SNMP is an application layer protocol that allows administrators to manage and monitor devices on the network such as routers, switches, and servers.

12. Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?

  • A. ESP
  • B. IPsec
  • C. MD5
  • D. AES

IPsec services allow for authentication, integrity, access control, and confidentiality. With IPsec, the information exchanged between remote sites can be encrypted and verified. Both remote-access and site-to-site VPNs can be deployed using IPsec.

13. What is a feature of the TACACS+ protocol?

  • A. It combines authentication and authorization as one process.
  • B. It utilizes UDP to provide more efficient packet transfer.
  • C. It encrypts the entire body of the packet for more secure communications.
  • D. It hides passwords during transmission using PAP and sends the rest of the packet in plaintext.

TACACS+ has the following features:

  • separates authentication and authorization
  • encrypts all communication
  • uses TCP port 49

14. Which layer of the hierarchical design model is a control boundary between the other layers?

  • A. Access
  • B. Core
  • C. Network
  • D. Distribution

The three design layers from lowest to highest are access, distribution, and core. The distribution layer commonly provides policy-based connectivity which permits or denies traffic based on predefined parameters. The distribution layer also acts as a control boundary between the access and core layers.