Header

Sections

Syndication

Blogroll:

||||| ALL Cisco-Network ARTICLES |||||
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Securing the Network Questions and Answers

Email to a friend email

email

Print version print

print

Securing the Network Questions and Answers

Jul 08,2009 by alperen

small font

medium font

large font

1.	Which of the following interface types is least likely to be on a firewall appliance? Fast Ethernet Serial Ethernet Token Ring
2.	Which of the following would not be considered a basic security step in a router configuration? Setting access privilege levels Setting an MOTD banner to welcome the user to the device Encrypting passwords in the configuration files Setting all passwords
3.	Which of the following is not true about numbered access lists? An ACL is made up of one or more permit or deny statements. If an ACL doesn’t have at least one permit statement, it will deny everything. All ACL statements with the same number are part of the same ACL. New statements are always added to the top of the list statements. ACL statements must be entered sequentially to be processed properly. An ACL can be added to (appended), but not edited. Any attempt to edit an item will delete the entire AC
4.	Which one of the following will deny access to a class C network? Rtr1(config)#access-list 15 deny 192.168.1.0 255.255.255.0 Rtr1(config)#access-list 15 deny 192.168.1.0 0.0.0.255 Rtr1(config-acl)#access-list 15 deny 192.168.1.0 255.255.255.0 Rtr1(config-acl)#access-list 15 deny 192.168.1.0 0.0.0.255
5.	What is the ACL line to deny the subnet 192.168.1.16 subnet mask 255.255.255.240? access-list 15 deny 192.168.1.16 0.0.0.255 access-list 15 deny 192.168.1.0 0.0.0.16 access-list 15 deny 192.168.1.16 0.0.0.15 access-list 15 deny 192.168.1.16 0.0.0.31
6.	With the Log option for ACLs, a message appears when the first match occurs, and then at what interval as long as matches continue? One minute Five minutes Ten minutes Thirty minutes
7.	When limiting access to Telnet sessions, which command would work? access-group 15 in access-group 15 out access-class 15 in access-class 15 out access-session 15 in
8.	Which two commands could be used to secure the web browser access to a device? ip http server no ip http server ip http access-class 90 ip http access-group 90
9.	Which of the following protocols uses the established option? UDP ICMP TCP IGRP
10.	Numbered extended ACLs are created in which mode? Privilege mode Global Configuration mode Local Configuration mode Access Configuration mode
11.	Which statement is not true about named access lists? Named access lists aren’t compatible with older IOS releases (pre-11.2). A standard access list and an extended access list can’t have the same name. Names must begin with an alphanumeric character and are case sensitive. All processes that use access lists can use a named ACLs
12.	Which statement will create a named extended ACL? Rtr1(config)#ip extended access-list tcp-control Rtr1(config)#ip access-list named extended tcp-control Rtr1(config)#ip access-list extended tcp-control Rtr1(config-ext-nacl)#ip access-list extended tcp-control
13.	The time-based ACL statements are relative to which one of the following? The computer clock The world clock The router clock The day, month, and year
14.	Which command will define a periodic time range? Router(config-time-range)#periodic tuesday thursday 17:00 to 22:00 Router(config-time)#periodic tuesday thursday 17:00 to 22:00 Router(config-time-range)#periodic tuesday, thursday 17:00 to 22:00 Router(config-time)#periodic tuesday, thursday 17:00 to 22:00
15.	Which statement is true about defining a time range? A time range can have either periodic or absolute times. A time range can have one periodic and multiple absolute times. A time range can have multiple periodic and one absolute time. A time range can have one periodic and one absolute time.
16.	Which one of the following is true about the Established option in a TCP access list? Outbound traffic is limited to established customers. Outbound traffic is limited to sessions originating outside the network. Inbound traffic is limited to sessions originating outside the network. Inbound traffic is limited to sessions originating inside the network.
17.	In the following ACL, what is the impact of the third statement? access-list 101 deny tcp 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 deny tcp 192.168.3.0 0.0.0.255 any eq ftp access-list 101 permit tcp 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 eq www access-list 101 deny tcp any 192.168.1.0 0.0.0.255 any eq telnet access-list 101 permit ip any any It allows network 192.168.3.0 to access 192.168.1.0 for web access. It allows network 192.168.1.0 to access 192.168.2.0 for web access. It allows network 192.168.3.0 to access any network for web access. The line does nothing at all.

Answers

1.	B. Serial. Firewall device, such as the PIX box, use LAN interfaces
2.	B. Setting a MOTD banner to welcome the user to the device
3.	D. New statements are always added to the top of the list statements (They’re actually appended to the bottom of the list.)
4.	B. Rtr1(config)#access-list 15 deny 192.168.1.0 0.0.0.255
5.	C. access-list 15 deny 192.168.1.16 0.0.0.15
6.	B. Five minutes
7.	C. access-class 15 in
8.	B. no ip http server; c. ip http access-class 90
9.	C. TCP
10.	B. Global Configuration mode
11.	D. All processes that use access lists can use a named ACL.
12.	C. Rtr1(config)#ip access-list extended tcp-control
13.	C. The router clock. If the router clock is wrong, the statements will be implemented wrong.
14.	A. Router(config-time-range)#periodic tuesday thursday 17:00 to 22:00
15.	C. A time range can have multiple periodic and one absolute time
16.	D. Inbound traffic is limited to sessions originating inside the network.
17.	D. The line does nothing at all. All TCP traffic from 192.168.3.0 to 192.168.1.0 was denied in the first statement

167 times read

Related news

» Named Access Lists
by alperen posted on Mar 24,2010
» Dynamic NAT-Use a Standard ACL to Define the Local Addresses Eligible for Translation
by alperen posted on Sep 09,2009
» Using ACLs with Named Audit Rules
by alperen posted on Sep 15,2009
» Reference the Time Range
by alperen posted on Jul 08,2009
» Using Time-Based Access-Lists
by admin posted on Jul 21,2008

Did you enjoy this article?

(total 0 votes)

comment

Comments (0 posted)

More Top News

CCSP-Cisco Certified Security Professional

Cisco SAFE Implementation

Preparation Documents

Skills Required for the Exam

Cisco SAFE Implementation Questions and Answers

Access Control Lists Cisco

Access List Basics

Standard Access Lists

Extended Access Lists

TCP Access Lists

UDP Access Lists

ICMP Access Lists

Named Access Lists

Signature and Alarm Management Review

Signature and Alarm Management Review Questions and Answers

Managing Alarms

Event Viewer Customization

Preference Settings

Sensor Installation

Connecting to Your Network Sensor Appliance

Sensor Bootstrap

Sensor Installation and Configuration Review

Sensor Installation and Configuration Questions and Answers

Signature and Alarm Management

CIDS Signatures

Signature Series

Signature Implementations

Signature Classes

Signature Types

Signature Severity

Most Popular

Privilege Levels

Managing the Router's ARP Cache

Configuring SIP on a Cisco Router

IDS Signatures Grouped by Software Release Version

Most Commented

Exploring the Navigation Bar

Site Qualification Test (SQT)

PDAs as Diagnostic Tools

Featured Author

admin