EX0-106 - SCNS Tactical Perimeter Defense

Go back to EXIN

Example Questions

You have been hired at a large company to manage network security issues. Prior to your arrival, there was no one dedicated to security, so you are starting at the beginning. You hold a meeting and are discussing the main functions and features of network security. One of your assistants asks what the function of Confidentiality in network security is. Which of the following best describes Confidentiality? You are configuring a new custom IPSec policy on your Windows Server 2003 machine. On the rules tab, you find the three default options under the IP Filter List. What are these three default options? In 802.1x, what allows for the multiple methods of user authentication? You are configuring your new IDS machine, where you have recently installed Snort. While you are working with this machine, you wish to create some basic rules to test the ability to log traffic as you desire. Which of the following Snort rules will log any tcp traffic from any IP address to any port between 1 and 1024 on any host in the 10.0.10.0/24 network? If you wish to implement IPSec between two branch offices of your organization, and wish for this to include the encryption of the full packet, which implementation would meet your needs? To increase the security of the network, you have decided to implement a solution using authentication tokens. You are explaining this to a coworker who is not familiar with tokens. What are Authentication Tokens? You are building the rules for your newly installed ISA Server 2006. There are three basic rule types: Access rules, Publishing rules, and Network rules. Which of the following best describes Access rules and Publishing rules? If you configure an access-list to block the following networks, what are you trying to protect against? Network 127.0.0.0/8, Network 0.0.0.0/0 Network 10.0.0.0/8 Network 172.16.0.0/16, and Network 168.0.0/16. You are the firewall administrator for your company and you have just learned that the Server administrators are gearing up support an L2TP based VPN solution. You are told to be sure that your firewall rule sets will not hinder the performance of the VPN. Which port, from the following list, will you have to allow through the firewall? You are configuring your new IDS machine, and are creating new rules. You enter the following rule: Alert tcp any any -> 10.0.10.0/24 any (msg: "NULL scan detected"; flags: 0;) What is the effect of this rule? During a network packet capture in Wireshark, you capture ICMP traffic, and are analyzing this capture. In an ICMP Message, what is the function of the first eight bits? You have been given the task of establishing a new wireless network in your office. What are the two primary types of wireless LAN topologies? You are building the rules of your new firewall. You wish to allow only (Internal) access to secure www sites on the Internet (External). You wish for all other traffic to be disallowed. Which of the following rules will you have to implement to make this happen? You have been given the task of building the new wireless networks for your office. What wireless standard allows for up to 54 Mbps transmission rates, but is not compatible with 802.11b? You are concerned about attacks against your network, and have decided to implement some defensive measure on your routers. If you have 3 interfaces, S1, S0, and E0, and you implement the following configuration, what attack will you be defending against? Router#config terminal Router(config)# Interface Ethernet 0 Router(config-if)#no ip directed broadcast Router(config-if)#Interface Serial 0 Router(config-if)#no ip directed broadcast Router(config-if)#Interface Serial 1 Router(config-if)#no ip directed broadcast Router(config)#^Z Router# You are a host in a network segment that has IP addresses in the range of 168.16.1~192.168.31.254. You need to create an access control list that will filter your segment of addresses. Which of the following is the wildcard mask that will be used to filter your network segment? During the configuration of your newly installed ISA Server 2006, you are creating new rules. Which three of the following answers are used to create a protocol rule in ISA Server 2006? You have just installed a new ISA Server 2006, and are monitoring the new deployment. In the Monitoring Details pane, which tab will provide you with visual displays of current monitoring information? You have been given the task of building the new wireless networks for your office, and you need to verify that your equipment will not interfere with other wireless equipment frequencies. What wireless standard allows for up to 11 Mbps transmission rates and operates in the 2.4GHz range? If you wish to create a new rule in ISA Server 2006 so that all file attachments with an .exe extension that come through the firewall are dropped, what would you select in the Toolbox to create this rule? During your review of the logs of your Cisco router, you see the following line. What is the meaning of this line? %SYS-5-CONFIG_I: Configured from console by vty1 (172.16.10.1) You are introducing a co-worker to the security systems in place in your organization. During the discussion you begin talking about the network, and how it is implemented. You mention something in RFC 791, and are asked what that is. What does RFC 791 specify the standards for? You are configuring your new Intrusion Detection System, and studying the true-false matrix. You read about the different types of alarms and events. Which of the following defines an event where an alarm does not occur when an actual intrusion is carried out? After you implemented your IPSec solution, you wish to run some tests to verify functionality. Which of the following provides confidentiality and authentication when implementing IPSec? When performing wireless network traffic analysis, what is the type and subtype for an 802.11 authentication packet? You are evaluating the security of different wireless media, and are considering an infrared solution. If an attacker is trying to gain access to an infrared transmission, what will the attacker need? You are configuring the Snort Rules for your new IDS. You are creating the rules, and wish to avoid the Snort Rule IDs that are reserved for Snorts use. Which of the following is the range of Snort Rule IDs that are reserved for Snorts use? You have just installed a new network-based IDS for your organization. You are in the middle of your initial configuration of the system, and are now configuring the response. What is the most common response of an IDS when an event happens? You are configuring your new IDS machine, and are creating new rules. You enter the following rule: Alert tcp any any -> 10.0.10.0/24 any (msg: "SYN-FIN scan detected"; flags: SF;) What is the effect of this rule? During your packet capture of traffic to check if your network is getting hit by a Denial of Service attack, you analyze TCP headers. You notice there are many headers that seem to have the same SEQ number, with the responding computer using different SEQ and ACK numbers in response. If you are analyzing a normal three-way handshake between two Windows 2000 nodes, and the first packet has a SEQ of 0xD36077AF, what will the responding computer use as an ACK? Your office branch has been assigned the network address of 10.10.0.0/16 by the Corporate HQ. Presently your network addressing scheme has these addresses split into eight networks as shown below: 1: 10.10.0.0/19 2: 10.10.32.0/19 3: 10.10.64.0/19 4: 10.10.96.0/19 5: 10.10.128.0/19 6: 10.10.160.0/19 7: 10.10.192.0/19 8: 10.10.224.0/19 You need to take the currently unused block of network 10.10.160.0/19 and further divide it into eight networks for use by a satellite branch that is being designed on the fourth floor of your building. What will the new subnet mask be for these new networks? If you are configuring your WLAN for security, and you configure the access points with a security feature that the clients do not support, what can you add to the clients to have them participate in the WLAN? You have been given the task of implementing the wireless solution for your organizations campus. Which two antenna types are best suited for bridge applications connecting two buildings? You are configuring the new Intrusion Detection System at your office. Your CEO asks you what the IDS will do for the organization. You tell the CEO about the three main components of Network Security and explain how an IDS can be used to meet two of those components. What are the two major components of network security that an IDS can meet? Your network traffic has increased substantially over the last year, and you are looking into your caching options for frequently visited websites. What are the two types of caching that ISA Server 2006 supports? You have recently taken over the security of a mid-sized network. You are reviewing the current configuration of the IPTables firewall, and notice the following rule: ipchains -A output -p TCP -d 172.168.35.40 ! www What is the function of this rule? The main reason you have been hired at a company is to bring the network security of the organization up to current standards. A high priority is to have a full security audit of the network as soon as possible. You have chosen an Independent Audit and are describing it to your coworkers. Which of the following best describes an Independent audit? You are configuring the Intrusion Detection System in your network, and a significant part of the strategy is to use custom Snort rules. When setting rules for Snort, what rule option keyword would you use to match a defined value in the packets payload? You are monitoring the network traffic on your Frame-Relay Internet connection. You notice a large amount of unauthorized traffic on port 21. You examine the packets, and notice there are no files being transferred. Traffic on what other port must be examined to view any file contents? You are a host in a network segment that has IP addresses in the range of 10.0.16.1~10.0.31.254. You need to create an access control list that will filter your segment of addresses. Which of the following is the wildcard mask that will be used to filter your network segment? During your packet capture of traffic to check if your network is getting hit by a Denial of Service attack, you analyze TCP headers. You notice there are many headers that seem to have the same SEQ number, with the responding computer using different SEQ and ACK numbers in response. If you are analyzing a normal three-way handshake between two Windows Server 2003 nodes, and the first packet has a SEQ of 0xBD90FBFF, what will the responding computer use as an ACK? You are configuring your new Cisco router. During your configuration you wish to eliminate any security risks you can, as based on your organizational security policy. The policy states that the Cisco Discovery Protocol is not to be used on any interface on any of the routers. What is the command to turn off CDP for the entire router? When using IPTables, the ability to specify all possible IP addresses in a rule is included; which of the following are correct syntax for specifying all possible IP addresses? You are building the rules of your new firewall. You wish to allow only (Internal) access to smtp email on the Internet (External). You wish for all other traffic to be disallowed. Which of the following rules will you have to implement to make this happen? There are several options available to you for your new wireless networking technologies, and you are examining how different systems function. What transmission system uses multiple frequencies combined together as a band? During a network capture in Network Monitor, you capture some UDP traffic. In a UDP Header, what is the function of the first sixteen bits? You are configuring your new IDS machine, where you have recently installed Snort. While you are working with this machine, you wish to create some basic rules to test the ability to log traffic as you desire. Which of the following Snort rules will log any tcp traffic from any host other than 172.16.40.50 using any port, to any host in the 10.0.10.0/24 network using any port? In order to perform promiscuous mode captures using the Wireshark capture tool on a Windows Server 2003 machine, what must first be installed? ISA Server 2006 features extensive rule matching abilities. Which of the following lists has the proper order for how ISA Server 2006 checks rule elements that make up an Access rule? You have been hired at a large company to manage network. Prior to your arrival, there was no one dedicated to security, so you are starting at the beginning. You hold a meeting and are discussing the main functions and features of network security. One of your assistants asks what the function of Integrity in network security is. Which of the following best describes Integrity?