+
Related Flashcards
Cards In This Set
| Front | Back |
|
What two options are advantages of an application layer firewall?
|
Makes DoS attacks difficultauthenticates individuals
|
|
Which two protocols enable CCP to pull IPS alerts from a Cisco ISR router
|
SDEEHTTPS
|
|
Which two functions are required for IPSec operation?
|
Using IKE to negotiate the SAusing Diffie-Hellman to establish a shared secret key
|
|
On Cisco ISR routers, for what purpose is the realm-cisco.pub public encryption key used?
|
Used to verify the digitial signature of the IPS signature file
|
|
Which four tasks are required when you configure Cisco IOS IPS using the CCP IPS wizard
|
1. Select the interfaces to apply the IPS rule
2. Select the traffic flow direction that should be applied to the IPS rule. 3. Specify the signature file and the Cisco public key. 4. Specify the configuraton location and select the category of signatures to be applied to the selected interfaces |
|
Which statement is a benefit of using Cisco IOS IPS?
|
It uses the undelying routing infrastructure to provide an additional layer of security.
|
|
Which statement about an access control list that is applied to a router interface is true?
|
It only filters traffic that passes through the router.
|
|
Which two considerations about secure network management are important?
|
Log tamperingaccurate time stamping
|
|
Which router management feature provides for the ability to configure multiple administrative views?
|
Role-based CLI
|
|
You suspect that an attacker in your network has configured a rogue Layer 2 device to intercept traffic from multiple VLANs, which allows the attacker to capture potentially sensitive data. Which two methods will help to mitigate this type of activity?
|
Set the native VLAN on the trunk ports to an unused VLAN
Disable DTP on ports that require trunking |
|
Which statement describes a best practice when configuring trunking on a switch port?
|
Configure an unused VLAN as the native VLAN.
|
|
What is the best way to prevent a VLAN hopping attack?
|
Disable DTP negotiations
|
|
If you are implementing VLAN trunking, which additional configuration parameter should be added to the trunking configuration?
|
Switchport nonnegotiate
|
|
Where in the network would be the best place to deploy Cisco IOS IPS?
|
At remote branch offices
|
|
Which IPS technique commonly is used to improve accuracy and context awareness, aiming to detect and respond to relevant incidents only and therefore, to reduce noise?
|
Risk rating
|
