SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CCNA Security
Start Test
Study First
Subjects
:
cisco
,
it-skills
,
ccna
Instructions:
Answer 30 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. SDLC: Disposition
1. Hot site: completely redundant site 2. Warm site: similar - but outdated equipment 3. Cold site: network needs to be built from scratch
Application that provides IPS services on a host.
Analyze inline traffic for malicious activity. IPS can drop offending traffic - instruct appliances to block specific host - send alerts etc.
1. Information preservation 2. Media sanitation 3. Hardware and software disposal
2. What are two types of risk mitigation
1. Inspection of security system 2. System integration 3. Security certification 4. Security accreditation
Cisco 5500 Adaptive Security Appliances (ASA) offers a wide variety of security solutions such as firewall - IPS - VPN - anti-spyware - antivirus - and anti-phishing.
An attempt to secure hardware - software - and various media while investigating anomalous network behavior.
Risk Management: keeping damange to a minimum - Risk Avoidance: preventing risk from occuring
3. SDLC: Implementation
Host-based Intrusion Prevention System (HIPS) - Example Cisco Security Agent
1. Inspection of security system 2. System integration 3. Security certification 4. Security accreditation
1. Emergency Response 2. Recovery 3. Return to Normal Operations
4. Cisco Security Products: IOS Router
1. Inspection of security system 2. System integration 3. Security certification 4. Security accreditation
Analyze inline traffic for malicious activity. IPS can drop offending traffic - instruct appliances to block specific host - send alerts etc.
Consists of a collection of security solutions to identify - prevent and adapt to emerging threats.
Many Cisco IOS routers can be configured with Intrusion Prevention System (IPS) - virtual private network (VPN) and firewall features.
5. What are two primary goals of business continuity planning?
Cisco PIX 500 series of security appliances offer firewall and VPN-termination features.
1. Formalized risk assessment 2. Security functional requirements 3. Security assurance/legal requirements 4. Cost considerations 5. Security planning (security controls in use) 6. Design and development of security controls 7. Basic testing
1. Relocating operations to another facility while the original facility is under repair 2. Using alternative forms of internal and external communication
1. Configuration management and control 2. Continuous monitoring
6. Cisco Security Products: ASA 5500
Integrated - Collaborative - Adaptive
1. Emergency Response 2. Recovery 3. Return to Normal Operations
Cisco 5500 Adaptive Security Appliances (ASA) offers a wide variety of security solutions such as firewall - IPS - VPN - anti-spyware - antivirus - and anti-phishing.
1. Relocating operations to another facility while the original facility is under repair 2. Using alternative forms of internal and external communication
7. What are the 3 phases of disaster recovery?
ALE = Monetary value to justify expense of security solutions AV = total cost of an asset EF = % representing percentage of loss that an asset experiences ARO = How many times per year a threat occurs
Integrated - Collaborative - Adaptive
Application that provides IPS services on a host.
1. Emergency Response 2. Recovery 3. Return to Normal Operations
8. What is the Cisco Security Manager?
Monitors security devices and applications: Uses event correlation to collect events from multiple devices - reducing the number of false positives - Identified appropriate mitigation strategies - Uses Cisco NetFlow technology to more readily identif
Application that provides IPS services on a host.
An application used to configure security features on a variety of IOS-based routers - ASA 5500 - PIX 500 - IPS 4200 - Catalyst 6500 through a graphical interface. Also provides a centralized policy and inter-operates with Cisco ACS.
Qualitative mathematically models the probability and severity of a risk while Quantitative uses a scenario model (better for big deployments)
9. Cisco Security Products: SDM
Application that provides AAA funtionality
1. Separate duties (dual operator - two-man control) 2. Rotate duties (allows peer review) 3. System failure preparation (Trusted recovery) 4. Multiple personnel oversee configuration changes to anticipate issues
Many Cisco IOS routers can be configured with Intrusion Prevention System (IPS) - virtual private network (VPN) and firewall features.
Security Device Manager provides GUI for configuring security features (e.g. IPS - IPSec site-site VPN - firewall features)
10. What is MARS?
Monitors security devices and applications: Uses event correlation to collect events from multiple devices - reducing the number of false positives - Identified appropriate mitigation strategies - Uses Cisco NetFlow technology to more readily identif
Application that provides IPS services on a host.
ALE = Monetary value to justify expense of security solutions AV = total cost of an asset EF = % representing percentage of loss that an asset experiences ARO = How many times per year a threat occurs
11. SDLC: Operations and Maintenance Phase
1. Configuration management and control 2. Continuous monitoring
Many Cisco IOS routers can be configured with Intrusion Prevention System (IPS) - virtual private network (VPN) and firewall features.
Monitors security devices and applications: Uses event correlation to collect events from multiple devices - reducing the number of false positives - Identified appropriate mitigation strategies - Uses Cisco NetFlow technology to more readily identif
1. Emergency Response 2. Recovery 3. Return to Normal Operations
12. What are the 3 types of backup sites?
1. Formalized risk assessment 2. Security functional requirements 3. Security assurance/legal requirements 4. Cost considerations 5. Security planning (security controls in use) 6. Design and development of security controls 7. Basic testing
1. Hot site: completely redundant site 2. Warm site: similar - but outdated equipment 3. Cold site: network needs to be built from scratch
Module that goes in a Catalyst 6500 or similar to provide firewall services between VLANs.
1. Categorize severity of a security breach 2. Preliminary (high-level) risk assessment
13. What are the characteristics of the Cisco Self-Defending Network?
Integrated - Collaborative - Adaptive
Application that provides IPS services on a host.
Risk Management: keeping damange to a minimum - Risk Avoidance: preventing risk from occuring
1. Relocating operations to another facility while the original facility is under repair 2. Using alternative forms of internal and external communication
14. What is the Cisco Self-Defending Network?
1. Emergency Response 2. Recovery 3. Return to Normal Operations
ALE = Monetary value to justify expense of security solutions AV = total cost of an asset EF = % representing percentage of loss that an asset experiences ARO = How many times per year a threat occurs
Consists of a collection of security solutions to identify - prevent and adapt to emerging threats.
1. Formalized risk assessment 2. Security functional requirements 3. Security assurance/legal requirements 4. Cost considerations 5. Security planning (security controls in use) 6. Design and development of security controls 7. Basic testing
15. What is the ALE and how is it calculated?
ALE = Monetary value to justify expense of security solutions AV = total cost of an asset EF = % representing percentage of loss that an asset experiences ARO = How many times per year a threat occurs
1. Non-disaster: Brief interruption 2. Disaster: Interruption 1-7 days 3. Catastrophe: Move to alternative site - all resources destroyed.
Many Cisco IOS routers can be configured with Intrusion Prevention System (IPS) - virtual private network (VPN) and firewall features.
An attempt to secure hardware - software - and various media while investigating anomalous network behavior.
16. What are the components of a Security Policy?
Consists of a collection of security solutions to identify - prevent and adapt to emerging threats.
1. Categorize severity of a security breach 2. Preliminary (high-level) risk assessment
Cisco 5500 Adaptive Security Appliances (ASA) offers a wide variety of security solutions such as firewall - IPS - VPN - anti-spyware - antivirus - and anti-phishing.
17. Cisco Security Products: Firewall Services Module (FWSM)
Qualitative mathematically models the probability and severity of a risk while Quantitative uses a scenario model (better for big deployments)
An application used to configure security features on a variety of IOS-based routers - ASA 5500 - PIX 500 - IPS 4200 - Catalyst 6500 through a graphical interface. Also provides a centralized policy and inter-operates with Cisco ACS.
Module that goes in a Catalyst 6500 or similar to provide firewall services between VLANs.
Risk Management: keeping damange to a minimum - Risk Avoidance: preventing risk from occuring
18. What is 'Operations Security?'
Application that provides AAA funtionality
Risk Management: keeping damange to a minimum - Risk Avoidance: preventing risk from occuring
1. Formalized risk assessment 2. Security functional requirements 3. Security assurance/legal requirements 4. Cost considerations 5. Security planning (security controls in use) 6. Design and development of security controls 7. Basic testing
An attempt to secure hardware - software - and various media while investigating anomalous network behavior.
19. Cisco Security Products: Cisco Secure Access Control Server (ACS)
An attempt to secure hardware - software - and various media while investigating anomalous network behavior.
Cisco 5500 Adaptive Security Appliances (ASA) offers a wide variety of security solutions such as firewall - IPS - VPN - anti-spyware - antivirus - and anti-phishing.
Risk Management: keeping damange to a minimum - Risk Avoidance: preventing risk from occuring
Application that provides AAA funtionality
20. Cisco Security Products: HIPS
Qualitative mathematically models the probability and severity of a risk while Quantitative uses a scenario model (better for big deployments)
1. Non-disaster: Brief interruption 2. Disaster: Interruption 1-7 days 3. Catastrophe: Move to alternative site - all resources destroyed.
Host-based Intrusion Prevention System (HIPS) - Example Cisco Security Agent
1. Separate duties (dual operator - two-man control) 2. Rotate duties (allows peer review) 3. System failure preparation (Trusted recovery) 4. Multiple personnel oversee configuration changes to anticipate issues
21. What are the components (hierarchy) of the Cisco Self-Defending Network?
Cisco PIX 500 series of security appliances offer firewall and VPN-termination features.
1. Formalized risk assessment 2. Security functional requirements 3. Security assurance/legal requirements 4. Cost considerations 5. Security planning (security controls in use) 6. Design and development of security controls 7. Basic testing
1. Inspection of security system 2. System integration 3. Security certification 4. Security accreditation
22. What are the 5 phases of the System Development Life Cycle (SDLC)?
Many Cisco IOS routers can be configured with Intrusion Prevention System (IPS) - virtual private network (VPN) and firewall features.
An application used to configure security features on a variety of IOS-based routers - ASA 5500 - PIX 500 - IPS 4200 - Catalyst 6500 through a graphical interface. Also provides a centralized policy and inter-operates with Cisco ACS.
1. Initiation 2. Acquisition and development 3. Implementation 4. Operations and maintenance 5. Disposition
23. SDLC Initiation Phase
Application that provides AAA funtionality
1. Categorize severity of a security breach 2. Preliminary (high-level) risk assessment
1. Inspection of security system 2. System integration 3. Security certification 4. Security accreditation
Analyze inline traffic for malicious activity. IPS can drop offending traffic - instruct appliances to block specific host - send alerts etc.
24. What are the 4 Operations Security Recommendations
1. Separate duties (dual operator - two-man control) 2. Rotate duties (allows peer review) 3. System failure preparation (Trusted recovery) 4. Multiple personnel oversee configuration changes to anticipate issues
Cisco 5500 Adaptive Security Appliances (ASA) offers a wide variety of security solutions such as firewall - IPS - VPN - anti-spyware - antivirus - and anti-phishing.
Integrated - Collaborative - Adaptive
25. What are the 3 classifications of disruptions?
Qualitative mathematically models the probability and severity of a risk while Quantitative uses a scenario model (better for big deployments)
1. Inspection of security system 2. System integration 3. Security certification 4. Security accreditation
1. Non-disaster: Brief interruption 2. Disaster: Interruption 1-7 days 3. Catastrophe: Move to alternative site - all resources destroyed.
Application that provides AAA funtionality
26. What is the difference between a Qualitative analysis and a Quantitative Analysis
Many Cisco IOS routers can be configured with Intrusion Prevention System (IPS) - virtual private network (VPN) and firewall features.
Qualitative mathematically models the probability and severity of a risk while Quantitative uses a scenario model (better for big deployments)
1. Information preservation 2. Media sanitation 3. Hardware and software disposal
Application that provides AAA funtionality
27. Cisco Security Products: Cisco Security Agent (CSA)
1. Formalized risk assessment 2. Security functional requirements 3. Security assurance/legal requirements 4. Cost considerations 5. Security planning (security controls in use) 6. Design and development of security controls 7. Basic testing
1. Initiation 2. Acquisition and development 3. Implementation 4. Operations and maintenance 5. Disposition
Many Cisco IOS routers can be configured with Intrusion Prevention System (IPS) - virtual private network (VPN) and firewall features.
Application that provides IPS services on a host.
28. SDLC Acquisition and Development Phase
An application used to configure security features on a variety of IOS-based routers - ASA 5500 - PIX 500 - IPS 4200 - Catalyst 6500 through a graphical interface. Also provides a centralized policy and inter-operates with Cisco ACS.
ALE = Monetary value to justify expense of security solutions AV = total cost of an asset EF = % representing percentage of loss that an asset experiences ARO = How many times per year a threat occurs
1. Formalized risk assessment 2. Security functional requirements 3. Security assurance/legal requirements 4. Cost considerations 5. Security planning (security controls in use) 6. Design and development of security controls 7. Basic testing
29. Cisco Security Products: PIX 500
Security Device Manager provides GUI for configuring security features (e.g. IPS - IPSec site-site VPN - firewall features)
Module that goes in a Catalyst 6500 or similar to provide firewall services between VLANs.
Application that provides AAA funtionality
Cisco PIX 500 series of security appliances offer firewall and VPN-termination features.
30. Cisco Security Products: 4200 Series IPS
Consists of a collection of security solutions to identify - prevent and adapt to emerging threats.
Analyze inline traffic for malicious activity. IPS can drop offending traffic - instruct appliances to block specific host - send alerts etc.
An attempt to secure hardware - software - and various media while investigating anomalous network behavior.
Application that provides AAA funtionality