642-552 - SND - Securing Cisco Network Devices Exam

Go back to Cisco

Example Questions

Which of these two ways does Cisco recommend that you use to mitigate maintenance-related threats? (Choose two.) Why does PAT fail with ESP packets? Which method of mitigating packet-sniffer attacks is the most effective? What is a potential security weakness of traditional stateful firewall? Using a stateful firewall, which information is stored in the stateful session flow table? How does an application-layer firewall work? Which method does a Cisco router use for protocol type IP packet filtering? Which security log messaging method is the most common message logging facility and why? What is the primary type of intrusion prevention technology used by Cisco IPS security appliances? Router A can not establish a standard IPsec VPN tunnel with router B. An analysis reveals one or more NAT points in the delivery path of each IPsec packet being sent to router B. What is the problem and what is the solution? What are two ways of preventing VLAN hopping attacks? (Choose two.) What is a syslog configuration oversight that makes system event logs hard to interpret and what can be done to fix this oversight? Which feature is available only in the Cisco SDM Advanced Firewall Wizard? What is the key function of a comprehensive security policy? What is the first step you need to perform on a router when configuring role-based CLI? What does the secure boot-config global configuration accomplish? What two tasks should be done before configuring SSH server operations on Cisco routers? (Choose two.) Which two encryption algorithms are commonly used to encrypt the contents of a message? (Choose two.) A mission critical server application embeds a private IP address and port number in the payload of packets that is used by the client to reply to the server. Why is implementing NAT over the Internet supporting this type of application an issue? What are two security risks on 802.11 WLANs that implement WEP using a static 40-bit key with open authentication? (Choose two.) By default, what will a router do with incoming network traffic when the Cisco IOS IPS software fails to build a SME? What is the difference between the attack-drop.sdf file and the 128MB.sdf and the 256MB.sdf files? What does the MD5 algorithm do? Referring to the partial router configuration shown, which can represent the highest security risk? Which SDM feature(s) can be used to audit and secure a Cisco router? Which building blocks make up the Adaptive Threat Defense phase of Cisco SDN strategy? A client wants their web server on the DMZ to use a private IP address and to be reachable over the Internet with a fixed outside public IP address. Which type of technology will be effective in this scenario? How can you recover a Cisco IOS image from a router whose password you have lost and on which the no service password-recovery Cisco IOS command has been configured? Network administrators have just configured SSH on their target router and have now discovered that an intruder has been using this router to perform a variety of malicious attacks. What have they most likely forgotten to do and which Cisco IOS commands do they need to use to fix this problem on their target router? Using 802.1x authentication on a WLAN offers which advantage? Which IKE function is optional? Why was the Diffie-Hellman key agreement protocol created? On Cisco routers, which two methods can be used to secure privileged mode access? (Choose two.) What is a secure way of providing clock synchronization between network routers? Which of these two functions are required for IPsec operation? (Choose two.) To verify role-based CLI configurations, which Cisco IOS CLI commands do you need use to verify a view? Remote users are having a problem using their Cisco VPN Client software to connect to a Cisco Easy VPN Server. Which of the following could be causing the problem? A malicious program is disguised as another useful program; consequently, when the user executes the program, files get erased and then the malicious program spreads itself using emails as the delivery mechanism. Which type of attack best describes how this scenario got started? Which of these is true regarding IKE Phase 2?