CCNA Security 210-260 IINS - Exam 2

Access

Control

Availability

Confidentiality

SDEE

CSM

Syslog

SNMP

Review the IPS log

Review the IPS console

Use a third-party to audit the next-generation firewall rules

Use a third-party system to perform penetration testing

View the alert on the IPS

Malware is tools and applications that remove unwanted programs

Malware is software used by nation states to commit cyber crimes

Malware is unwanted software that is harmful or destructive

Malware is a collection of worms, viruses, and Trojan horses that is distributed as a single package

It forwards email requrests to an external signature engine.

It scans inbound email messages for known bad URLs

It send an alert to the administrator to verify suspicious email messages

It send the traffic through a file policy

Instruct the user to reconnect to the VPN gateway

Ensure that the RDP plug-in is installed on the VPN gateway

Reboot the VPN gateway

Ensure that the RDP2 plug-in is installed on the VPN gateway

It defines IKE policy for traffic sourced from the 10.100.100.0/24 with a destination of 10.10.10.0/24

It defines IPsec policy for traffic sourced from the 10.100.100.0/24 with a destination of 10.10.10.0/24

It defines IPsec policy for traffic sourced from the 10.10.10.0/24 with a destination of 10.100.100.0/24

It defines IKE policy for traffic sourced from the 10.10.10.0/24 with a destination of 10.100.100.0/24

Health and Performance monitor

Device Manager

FlexConfig

Report Manager

Enable URL filtering and create a whitelist to block websites that violate company policy.

Enable URL filtering and use URL categorization to block the websites that violate company policy.

Enable URL filtering and use URL categorization to allow only the websites that company policy allows users to access

Enable URL filtering and create a blacklist to block the websites that violate company policy

Enable URL filtering and create a whitelist to allow only the websites that company policy allows users to access

Allow with inspection

Block

Allow without inspection

Monitor

Trust

Create a user based access control rule to allow the traffic

Create a custom blacklist to allow the traffic

Create a whitelist and add the appropriate IP address to allow the traffic

Create a network based access control rule to allow the traffic

Create a rule to bypass inspection to allow the traffic

The authentication attempt will time out and the switch will place the port into unauthorized state.

The switch will cycle through the configured authentication methods indefinitely.

The authentication attempt will time out and the switch will place the port into VLAN 101.

The supplicant will fail to advance beyond the webauth method

Covering tracks

Maintaining access

Gaining access

Reconnaissance

They can protect a system by denying probing requests.

They can protect the network against attacks.

They can protect email messages and private documents in a similar way to a VPN.

They are resilient against kernel attacks.

The router is already running the latest operating system

The command is invalid on the target device

The router is a new device on which the aaa new-model command must be applied before continuing

The command syntax requires a space after the word "server"

crypto key unlock rsa

crypto key lock rsa

crypto key generate rsa

crypto key zeorize rsa

blocking, listening, learning, forwarding, disabled

forwarding, listening, learning, blocking, disabled

listening, learning, blocking, forwarding, disabled

listening, blocking, learning, forwarding, disabled

Community for hosts in the PVLAN

Span for hosts in the PVLAN

Isolated for hosts in the PVLAN

Promiscuous for hosts in the PVLAN

5 seconds

10 seconds

15 seconds

20 seconds

The time is not authoritative

NTP is configured incorrectly

The clock is out of sync

The time is authoritative because the clock is in sync

The time is authoritative, but the NTP process has lost contact with its servers

204.2.134.164

192.168.10.7

209.114.111.1

132.163.4.103

241.199.164.101

108.61.73.243

To provide redundancy and high availability within the organization.

To enable the use of VRFs on routers that are adjacently connected

To separate different departments and business units

To enable the use of multicast routing and QoS through the firewall

file-level

software

hardware

middleware

Botnet mitigation

Overt and covert channels

Threat mitigation

Risk analysis

Deny the connection inline

Deploy an antimalware system

Perform a Layer 6 reset

Enable bypass mode

Inline Normalization

IP Defragmentation

Rate-Based Prevention

Portscan Detection

The CAM might be overloaded, effectively turning the switch into a hub.

Gratititous ARPs might be able to conduct a man-in-the-middle attack.

It may be susceptible to a VLAN hopping attack.

VLAN 1 might be vulnerable to IP Address spoofing.

Unicast Reverse Path Forwarding

Unidirectional Link Detection

IP Source Guard

TrustSec

EtherChannel guard

Loop guard

PortFast

BPDU Guard

It send the username and password to retrieve an ACCEPT or REJECT message from the Active Directory server

It queries the Active Directory server for a specific attribute for the specified user

It downloads and stores the Active Directory database to query for future authorization requests

It redirects requests to the Active Directory server defined for the VPN group.

show ip dhcp snooping database

show ip dhcp snooping statistics

show ip dhcp pool

show ip dhcp source binding

show ip dhcp snooping binding

show ip dhcp snooping