Modules 1-4: Network Protection Group Exam Answers - Cisco Exams (2023)

1. An administrator has defined a local user account with a secret password on router R1 for use with SSH. What three additional steps are required to configure R1 to accept only encrypted SSH connections? (Choose three.)

• Configure DNS on the router.
• Set the IP domain name on the router.
• Generate bi-directional pre-shared keys.
• Set a hostname other than "Router".
• Enable incoming Telnet vty sessions.
• Generate cryptographic keys.

Explanation:There are three steps to configure SSH support on a Cisco router:
Step 1 – Set up a hostname.
Step 2: Set up a domain name.
Step 3: Generate cryptographic keys.

2. Which command will block login attempts to RouterA for a period of 30 seconds if there are 2 failed login attempts within 10 seconds?

• RouterA(config)# login block: for 10 attempts 2 within 30
• RouterA(config)# login block: for 30 attempts 2 within 10
• RouterA(config)# login block: for 2 attempts 30 within 10
• RouterA(config)# login block: for 30 attempts 10 within 2

Explanation:The correct syntax is RouterA(config)#login lock for(number of seconds)Attempts(Number of attemps)inside(number of seconds).

3. Which two practices are associated with protecting the features and performance of router operating systems? (Choose two.)

• Instale a SAI.
• Keep a safe copy of the router's operating system images.
• Configure the router with the maximum amount of memory possible.
• Disable unneeded default router services.
• Reduce the number of ports that can be used to access the router.

Explanation:Configuring a router with the maximum available memory allows for compatibility with the widest range of security services and can help protect against certain DoS attacks. Secure copies of the router's operating system images and configuration files provide the backups necessary for device recovery. Installing a UPS device provides physical security for network devices, but does not affect the security of their operating systems. Disabling unnecessary ports and services is part of the router hardening process and does not specifically involve the router's operating system.

4. Passwords can be used to restrict access to all or part of the Cisco IOS. Select the modes and interfaces that can be protected with passwords. (Choose three.)

• VTY interface
• console interface
• interfaz ethernet
• IOS boot mode
• privileged EXEC mode
• router configuration mode

Explanation:Access to the console and VTY interfaces can be restricted by passwords. Out-of-band management of the router can be restricted in User EXEC and Privileged EXEC modes.

5. A network administrator enters the service password encryption command in the configuration mode of a router. What does this mandate accomplish?

• This command encrypts passwords as they are transmitted over serial WAN links.
• This command prevents anyone from seeing the running configuration passwords.
• This command enables a strong encryption algorithm for the enable secret password command.
• This command automatically encrypts passwords in configuration files that are currently stored in NVRAM.
• This command provides a unique encrypted password for outside service personnel who must perform maintenance on the router.

Explanation:The startup-config and running-config files display most passwords in plain text. Use the service password-encryption global configuration command to encrypt all plaintext passwords in these files.

6. On which two interfaces or ports can security be improved by configuring executive timeouts? (Choose two.)

• Fast Ethernet interfaces
• console ports
• serial interfaces
• vty ports
• loopback interfaces

Explanation:Executive timeouts allow the Cisco device to automatically log users out after they have been inactive for the specified amount of time. Console, vty, and auxiliary ports can be configured with executive timeouts.

7. A security services company is conducting an audit on several risk areas within a large corporation. Which statement describes an attack vector?

• data loss through access to personal or corporate instant messaging and social networking sites
• the route by which a threat actor can gain access to a server, host, or network
• intercepted emails revealing sensitive corporate or personal information
• the unauthorized transfer of data containing valuable corporate information to a USB drive

8. What is the purpose of mobile device management (MDM) software?

• It is used to create a security policy.
• It is used to implement security policies, settings, and software configurations on mobile devices.
• It is used to identify potential mobile device vulnerabilities.
• It is used by threat actors to penetrate the system.

Explanation:Mobile device management (MDM) software is used with mobile devices so that corporate IT staff can track the devices, implement security settings, and control software settings.

9. Which security implementation will provide management plane protection for a network device?

• identity fraud
• routing protocol authentication
• role-based access control
• access control lists

Explanation:Management plane processes typically use protocols such as Telnet and SSH. Role-based access control ensures that only authorized users have administrative privileges. ACLs perform packet filtering and antispoofing functions in the data plane to protect user-generated packets. Routing protocol authentication in the control plane ensures that a router does not accept bogus routing updates from neighboring routers.

10. A security services company is conducting an audit on several risk areas within a major corporation. Which statement describes the risk of accessing cloud storage devices?

• intercepted emails revealing sensitive corporate or personal information
• gain illegal access to corporate data by stealing passwords or cracking weak passwords
• sensitive data lost through cloud access that has been compromised due to weak security settings
• recovering sensitive or personal information from a lost or stolen device that was not configured to use encryption software

11. Which security measure is best used to limit the success of a reconnaissance attack from within a campus area network?

• Implement restrictions on the use of ICMP echo reply messages.
• Implement a firewall at the edge of the network.
• Implement access lists on the border router.
• Implement encryption for sensitive traffic.

Explanation:Implementing an access list can provide additional security by allowing a traffic flow to be denied, but will not provide a direct response to limit the success of the attack. Deploying a firewall at the network perimeter can prevent reconnaissance attacks from the Internet, but attacks inside the local network are not prevented. By implementing restrictions on the sending of ICMP Echo Replies within a local network, devices may not respond to ping messages, but port scans and clear text data sent on the network are not prevented. they are still vulnerable. The best security measure is to encrypt as much network traffic as possible, both user data and network management.

12. What are two evasion methods used by hackers? (Choose two.)

• exploration
• access attack
• depletion of resources
• identity fraud
• encryption

Explanation:Hackers use the following methods to avoid detection: Encryption and tunneling – Concealing or scrambling malware content.
Resource exhaustion: keep the host device too busy to detect the invasion
Traffic fragmentation: split malware into multiple packages
Misunderstanding at the protocol level: sneaking through the firewall
Pivot: Use a compromised network device to try to access another device
Rootkit – Allows the hacker to avoid detection and hide software installed by the hacker.

13. Match the concept of security with the description.

14. Which attack involves threat actors standing between a source and a destination with the intent to transparently monitor, capture, and control communication?

• man in the middle attack
• SYN flood attack
• DOS attack
• ataque ICMP

Explanation:The man-in-the-middle attack is a common IP-related attack in which threat actors position themselves between a source and a destination to transparently monitor, capture, and control communication.

15. What is the motivation of a white hat attacker?

• fine tuning network devices to improve their performance and efficiency
• exploit any vulnerability for illegal personal gain
• study operating systems of various platforms to develop a new system
• discover weaknesses in networks and systems to improve the level of security of these systems

Explanation:White hat attackers break into networks or computer systems to discover weaknesses in order to improve the security of these systems. These raids are done with the permission of the owner or organization. All results are reported to the owner or organization.

16. A user is curious about how someone could know that a computer has been infected with malware. What are two common malware behaviors? (Choose two.)

• The computer beeps every time the pencil sharpener is used.
• The computer beeps during the boot process.
• The computer becomes slower and slower to respond.
• No sound is output when playing an audio CD.
• The computer freezes and requires reboots.

Explanation:Common symptoms of computers infected with malware:
Appearance of files, applications or desktop icons
Security tools such as antivirus software or firewalls turned off or changed
system crash
Emails sent spontaneously to others
Modified or missing files
Slow system or browser response
Unknown processes or services running
Unknown open TCP or UDP ports
Connections made to unknown remote devices

17. Which security feature or device would be more likely to be used within a CAN than in a SOHO or data center?

• security trap
• ESA/WSA
• virtual security gateway
• Wireless router
• exit sensors

Explanation:A Cisco Email Security Appliance (ESA) and Web Security Appliance (WSA) provide advanced threat defense, application visibility and control, reporting, and secure mobility to secure and control email and web traffic within a campus area network (CAN). A wireless router is a common defense mechanism used in a SOHO. Exit sensors and a security trap are features used within a data center. A virtual security gateway is built into Cisco Nexus switches and is used for security between virtual machines.

18. A company has several sales offices distributed within a city. Each sales office has a SOHO network. What are two security features commonly found in such a network setup? (Choose two.)

• biometric verifications
• WPA2
• Virtual security gateway inside Cisco Nexus switches
• Cisco ASA Firewall
• port security on user-facing ports

Explanation:Small office and home office (SOHO) networks are typically protected by a consumer-grade wireless router that includes both wired and wireless connections. WPA2 is commonly used for wireless encryption and port security is used to ensure that non-business devices do not connect to the wired network.

19. What are the two data protection features provided by MDM? (Choose two.)

• remote cleaning
• PIN lock
• inoculation
• quarantine
• physical security

Explanation:Data protection features include PIN lock, encryption and remote data wipe. By contrast, data loss prevention prevents authorized users from doing malicious or careless things with data important to the organization.

20. Which condition describes the potential threat created by Instant On in a data center?

• when the main data center firewall fails
• when an attacker hijacks a VM hypervisor and then launches attacks against other devices in the data center
• when the primary IPS device is not working properly
• when a virtual machine that may have outdated security policies comes online after a long period of inactivity.

Explanation:The phrase Instant On describes a potential threat to a virtual machine when it comes online after it has not been used for a period of time. Because you are offline for a while, you may have outdated security policies that deviate from baseline security and may present security vulnerabilities.

21. Which functional area of ​​the Cisco Network Foundation Protection framework is responsible for device-generated packets necessary for network operation, such as ARP message exchanges and routing advertisements?

• data plane
• control plane
• management aircraft
• forwarding plane

Explanation:There are three functional areas of the Cisco Network Foundation Protection (NFP) framework:
Control Plane: Responsible for routing functions. It consists of the traffic generated by network devices to operate the network.
Management Plane: Responsible for managing network devices.
Data Plane (Forwarding): Responsible for forwarding user data.

22. A security services company is conducting an audit on several risk areas within a major corporation. Which statement describes the risk of using social media?

• sensitive data lost through cloud access that has been compromised due to weak security settings
• gain illegal access to corporate data by stealing passwords or cracking weak passwords
• data loss through access to personal or corporate instant messaging and social networking sites
• recovering sensitive or personal information from a lost or stolen device that was not configured to use encryption software

23. A security services company is conducting an audit on several risk areas within a major corporation. Which statement describes the risk of access to removable media?

• the potential to cause extensive damage due to direct access to the building and its infrastructure devices
• intercepted emails revealing sensitive corporate or personal information
• the unauthorized transfer of data containing valuable corporate information to a USB drive
• data loss through access to personal or corporate instant messaging and social networking sites

24. What is the purpose of a reconnaissance attack on a computer network?

• to collect information about the network and target system
• to redirect data traffic so that it can be monitored
• to prevent users from accessing network resources
• to steal data from network servers

Explanation:Curriculum Reference: Module 1.1
This article is based on the information contained in the presentation.
Preventing users from accessing network resources is a denial of service attack. Being able to steal data from network servers can be the goal after a reconnaissance attack collects information about the network and the target system. Redirecting data traffic so that it can be monitored is a man-in-the-middle attack.

25. A security services company is conducting an audit on several risk areas within a major corporation. Which statement describes an insider threat?

• data loss through access to personal or corporate instant messaging and social networking sites
• the unauthorized transfer of data containing valuable corporate information to a USB drive
• the potential to cause extensive damage due to direct access to the building and its infrastructure devices
• gain illegal access to corporate data by stealing passwords or cracking weak passwords