Topic 2: Exam Pool B
Which algorithm provides asymmetric encryption?
A.
RC4
B.
AES
C.
RSA
D.
3DES
RSA
Which two cryptographic algorithms are used with IPsec? (Choose two)
A.
AES-BAC
B.
AES-ABC
C.
HMAC-SHA1/SHA2
D.
Triple AMC-CBC
E.
AES-CBC
HMAC-SHA1/SHA2
AES-CBC
Cryptographic algorithms defined for use with
IPsec include:+ HMAC-SHA1/SHA2 for integrity protection and authenticity.+ TripleDESCBC
for confidentiality+ AES-CBC and AES-CTR for confidentiality.+ AES-GCM and
ChaCha20-Poly1305 providing confidentiality and authentication together efficiently.
Which two behavioral patterns characterize a ping of death attack? (Choose two)
A.
The attack is fragmented into groups of 16 octets before transmission.
B.
The attack is fragmented into groups of 8 octets before transmission.
C.
Short synchronized bursts of traffic are used to disrupt TCP connections.
D.
Malformed packets are used to crash systems.
E.
Publicly accessible DNS servers are typically used to execute the attack.
The attack is fragmented into groups of 8 octets before transmission.
Malformed packets are used to crash systems.
ExplanationPing of Death (PoD) is a type of Denial of Service (DoS) attack in
which an attacker attempts to crash,destabilize, or freeze the targeted computer or service
by sending malformed or oversized packets using a simple ping command.A correctlyformed
ping packet is typically 56 bytes in size, or 64 bytes when the ICMP header is
considered,and 84 including Internet Protocol version 4 header. However, any IPv4 packet
(including pings) may be as large as 65,535 bytes. Some computer systems were never
designed to properly handle a ping packet larger than the maximum packet size because it
violates the Internet Protocol documentedLike other large but well-formed packets, a ping
of death is fragmented into groups of 8 octets beforetransmission. However, when the
target computer reassembles the malformed packet, a buffer overflow can occur, causing a
system crash and potentially allowing the injection of malicious code.
An engineer is configuring 802.1X authentication on Cisco switches in the network and is using CoA as a mechanism. Which port on the firewall must be opened to allow the CoA traffic to traverse the network?
A.
TCP 6514
B.
UDP 1700
C.
TCP 49
D.
UDP 1812
UDP 1700
CoA Messages are sent on two different udp ports depending on the platform. Cisco standardizes on UDP port1700, while the actual RFC calls out using UDP port 3799.
What is the function of SDN southbound API protocols?
A.
to allow for the dynamic configuration of control plane applications
B.
to enable the controller to make changes
C.
to enable the controller to use REST
D.
to allow for the static configuration of control plane applications
to enable the controller to make changes
https://www.ciscopress.com/articles/article.asp?p=3004581&seqNum=2
Note: Southbound APIs helps us communicate with data plane (not control plane)
applications
When web policies are configured in Cisco Umbrella, what provides the ability to ensure that domains are blocked when they host malware, command and control, phishing, and more threats?
A.
Application Control
B.
Security Category Blocking
C.
Content Category Blocking
D.
File Analysis
Security Category Blocking
Drag and drop the common security threats from the left onto the definitions on the right.
Refer to the exhibit.
An organization is using DHCP Snooping within their network. A user on VLAN 41 on a
new switch is
complaining that an IP address is not being obtained. Which command should be
configured on the switch
interface in order to provide the user with network connectivity?
A.
ip dhcp snooping verify mac-address
B.
ip dhcp snooping limit 41
C.
ip dhcp snooping vlan 41
D.
ip dhcp snooping trust
ip dhcp snooping trust
ExplanationExplanationTo understand DHCP snooping we need to learn
about DHCP spoofing attack first.
DHCP spoofing is a type of attack in that the attacker listens for DHCP Requests from
clients and answers them with fake DHCP Response before the authorized DHCP
Response comes to the clients. The fake DHCP Response often gives its IP address as the
client default gateway -> all the traffic sent from the client will go through the attacker
computer, the attacker becomes a “man-in-the-middle”.The attacker can have some ways
to make sure its fake DHCP Response arrives first. In fact, if the attacker is “closer” than
the DHCP Server then he doesn’t need to do anything. Or he can DoS the DHCP Server so
that it can’t send the DHCP Response.DHCP snooping can prevent DHCP spoofing
attacks. DHCP snooping is a Cisco Catalyst feature thatdetermines which switch ports can
respond to DHCP requests. Ports are identified as trusted and untrusted.
Only ports that connect to an authorized DHCP server are trusted, and allowed to send all
types of DHCP
messages. All other ports on the switch are untrusted and can send only DHCP requests. If
a DHCP response is seen on an untrusted port, the port is shut down.
The port connected to a DHCP server should be configured as trusted port with the “ip dhcp snooping trust” command. Other ports connecting to hosts are untrusted ports by
default.
In this question, we need to configure the uplink to “trust” (under interface Gi1/0/1).
What is a characteristic of Cisco ASA Netflow v9 Secure Event Logging?
A.
It tracks flow-create, flow-teardown, and flow-denied events.
B.
It provides stateless IP flow tracking that exports all records of a specific flow.
C.
It tracks the flow continuously and provides updates every 10 seconds.
D.
Its events match all traffic classes in parallel.
It tracks flow-create, flow-teardown, and flow-denied events.
An engineer has enabled LDAP accept queries on a listener. Malicious actors must be
prevented from quickly
identifying all valid recipients. What must be done on the Cisco ESA to accomplish this
goal?
A.
Configure incoming content filters
B.
Use Bounce Verification
C.
Configure Directory Harvest Attack Prevention
D.
Bypass LDAP access queries in the recipient access table
Configure Directory Harvest Attack Prevention
A Directory Harvest Attack (DHA) is a technique
used by spammers to find valid/existent email addresses at a domain either by using Brute
force or by guessing valid e-mail addresses at a domain using differentpermutations of
common username. Its easy for attackers to get hold of a valid email address if
yourorganization uses standard format for official e-mail alias (for example:
jsmith@example.com). We canconfigure DHA Prevention to prevent malicious actors from
quickly identifying valid recipients.Note: Lightweight Directory Access Protocol (LDAP) is an
Internet protocol that email programs use to look up contact information from a server, such
as ClickMail Central Directory. For example, here’s an LDAP search translated into plain
English: “Search for all people located in Chicago who’s name contains “Fred” that have an
email address. Please return their full name, email, title, and description.
Which group within Cisco writes and publishes a weekly newsletter to help cybersecurity
professionals remain
aware of the ongoing and most prevalent threats?
A.
PSIRT
B.
Talos
C.
CSIRT
D.
DEVNET
Talos
Which feature within Cisco Umbrella allows for the ability to inspect secure HTTP traffic?
A.
File Analysis
B.
SafeSearch
C.
SSL Decryption
D.
Destination Lists
SSL Decryption
https://support.umbrella.com/hc/en-us/articles/115004564126-SSL-Decryptionin-
the-IntelligentProxy
| Page 4 out of 53 Pages |
| Previous |