642-501 - SECUR - Securing Cisco IOS Networks

Go back to Cisco

Example Questions

In which of the following ways will the proxy respond to HTTP if no valid authentication entry exists in the authentication? Which command will deny the perimeter router the ability to divulge topology information by telling external hosts which subnets are not configured? What is the default mode TCP Intercept operates in? Which of the following commands can debug communications between an IOS router, and a CA server? What are the ACL number ranges for IP standard ACL's? Select all that apply. What OSI layers can CBAC filter on? Select all that apply. Which of the following router commands will allow all users to be authenticated, even if the TACACS+ server fails? Johnand Kathy are working together at Inc. to find the more secure approach for pre-shared keys between peers.Which one of these answers is correct? How do you set the threshold of half-open sessions CBAC will allow per minute before deleting them? What are the two components of Cisco Easy VPN (EzVPN)? Which command can you use to disable finger replies on a perimeter router? James the security administrator for Inc. has to know which has algorithms is used to authenticate packet data before he can go any further. Which algorithm is used to authenticate packet data? Jacob at Inc. was given the assignment to secure the network from giving out unauthorized information. His first step is to prevent the perimeter router from divulging topology information by telling external hosts which subnets are not configured. Which command fits this objective? Kathy is looking for the command that deletes all of the routers RSA keys. Which command is correct? What command configures the amount of time CBAC will wait for a TCP session to become established before dropping the connection in the state table? By default how long will CBAC monitor an idle TCP session in the state table before deleting the entry? John and Kathy are working on configuring the IOS firewall together. They are figuring out what CBAC uses for inspection rules to configure on a per-application protocol basis. Which one of these is the correct one? Which of the following factors determine an IPSEC policy? Kathy is in charge of configuring a Cisco router for IKE using RSA signatures, before she initiates the crypto key generate rsa command, what should Kathy do? John is the administrator working on configuring the authentication proxy feature. He is not sure what the authentication proxy feature does on the Cisco IOS Firewall. Which of the following commands will alter the CBAC DNS timeout timer to 10 seconds? Which of the following is NOT an IOS Firewall default IKE policy parameter? How many IDS signatures can the Cisco IOS Firewall scan for? Providing end-to-end protection of message between two hosts is possible when which of the following ESP modes are used? The security team at Inc. was asked the question, what attack is most often used in social engineering. They all answered this wrong. What is the correct answer? Which of the following commands correctly references access list 120 in a crypto map? Which of the following correctly sets the IOS Firewall authentication-proxy idle timer to 20 minutes? Which of the following situations brought on by a user will trigger the authentication proxy or the Cisco firewall? Which of the following will happen during the aggressive mode of the CBAC on the Cisco IOS Firewall? Which of the following configuration register values will allow a Cisco router to go immediately into ROM mode at any time during a routers operation? How many incomplete connections must a router have by default before TCP Intercept will start dropping incomplete connections? Which of the following statements best describes a digital certificate? Which of the following cannot be configured on a router unless the IOS Firewall feature set is installed? Select all that apply. What is the maximum key size you can generate when using RSA Encrypted Nonces as your IKE authentication method? What is the range of the number of characters the IOS enable secret password can be? What operating systems can CSACS be installed on? Select all that apply. Kathy the security administrator for Inc. is working on defending the network. One of the attacks she is working to defend is SYN flooding and is looking to know which Cisco IOS feature defends against SYN flooding DoS attacks. You are the security administrator for and you need to know what CBAC does on the Cisco IOS Firewall. Which one of these is the best answer? The security team at Inc., is looking for the command that disables the chargenand echo services on an IOS router? The security team at Inc., is looking for the command that lets you view any configured CA certificates? George is the administrator at Inc. working on acquiring a position in the security department. He is studying the OSI layer model and is trying to find out which OSI layer does IPSecprovide security services? What must you change the configuration register value to, when you need to perform password recovery on a router? Johnthe administrator wants to know which type of key exchange mechanism is Diffie-Hellman. Kathy from the security department at Inc. wants to know what does a half-open TCP session on the Cisco IOS Firewall mean. Which of the following represents the aggressive mode of CBAC in Cisco IOS firewall? Which of the following commands correctly sets the IOS Firewall IDS spam threshold? Johnthe manager of the I.T. Department at Inc. wants to know, what is the purpose of the ip host global configuration command. Which of the following router commands enables the AAA process? Which of the following is the Cisco IOS command to disable finger service? Which of the following is the default login URL for CSACS 3.0?

Study Guides