Having the proper certifications means better employment opportunities and better partnerships with vendors. This certification series, courtesy of Kaplan’s Transcender IT Certification Success, will test your knowledge of various certification exams, including an in-depth tutorial explaining each answer. The tutorial also includes further reading and relevant information.
In our first exam, we’ll be testing your knowledge of the Implementing Cisco IOS Network Security (IINS) exam, which is part of the Cisco CCNA Security certification.
Interested in other IT certifications? Transcender offers practice exams on many certifications, ranging from CompTIA to CISSP. For a limited time, ChannelPro-SMB.com readers get an exclusive discount to these practice exams. Use offer code CPSMB10P for 10 percent off of any practice exam. Offer excludes CD and Voucher purchase options. This offer code expires on October 26, 2011.
The Cisco CCNA Security certification is a testing program that certifies the required skill set for specialized job roles in security technologies, such as installation and troubleshooting of devices to maintain the integrity and confidentiality of data. The Implementing Cisco IOS Network Security (IINS) exam tests your knowledge of securing Cisco routers and switches.
The NetCert: Implementing Cisco IOS Network Security (IINS) practice test is designed to prepare you to pass the CCNA (640-460) exam given by Cisco. By first reviewing the suggested materials and then practicing with NetCert: Implementing Cisco IOS Network Security (IINS) you should be fully prepared to pass the actual exam given by Cisco.
Review the Implementing Cisco IOS Network Security (IINS 640-553) information page. This site contains the authoritative list of information about the CCNA Security exam and includes a link to other available references.
Cisco, Cisco Systems, CCDA, CCNA, CCDP, CCNP, CCIE, CCSI, and the Cisco Systems logo and the CCIE logo are trademarks or registered trademarks of Cisco Systems, Inc. in the United States and certain other countries. All other trademarks belong to their respective owners.
Which of the following are the three key principles of Cisco’s Self-Defending Network (SDN)? (Choose three.)
a.) Preventative
b.) Integrated
c.) Isolated
d.) Collaborative
e.) Adaptive
Which of the following best describes the purpose of implementing a Cisco NAC solution?
a.) Cisco NAC allows only authorized and compliant systems to access the network.
b.) Cisco NAC appliances protect enterprises against Internet threats.
c.) Cisco NAC provides endpoint security by enabling threat protection capabilities for servers and desktops.
d.) Cisco NAC prevents system downtime by intercepting communications between applications and the underlying operating system.
Which of the following Cisco IOS commands will activate a session inactivity timeout of 15 minutes?
a.) inactivity-timeout 15 0
b.) inactivity-timeout 0 15
c.) exec-timeout 0 15
d.) exec-timeout 15 0
Which of the following statements most accurately describe the effect of the following configuration? (Choose two.)
Router(config)# line vty 0 4
Router(config-line)# login
Router(config-line)# password sEcR3T
a.) Users attempting to Telnet to the router will be required to enter the password sEcR3T before they can access user mode.
b.) Users attempting to Telnet the router will be required to enter the password sEcR3T before they can access enable mode.
c.) The password will be automatically encrypted.
d.) The password will not be automatically encrypted.
You have implemented the following AAA configuration on your router. Which of the following describes this configuration’s effect on future Telnet connections?
Router(config)# aaa new-model
Router(config)# aaa authentication login default local none
Router(config)# username admin password S3cREt
Router(config)# line vty 0 4
Router(config-line)# login authentication default
Router(config-line)# privilege level 15
a.) Telnet connections will be unable to log in.
b.) Telnet connections will be given privileged EXEC mode after logging in.
c.) Telnet connections will not require a username or password.
d.) Telnet connections will not be able to access privileged EXEC mode.
Which of the following are the three key principles of Cisco’s Self-Defending Network (SDN)? (Choose three.)
a.) Preventative
b.) Integrated
c.) Isolated
d.) Collaborative
e.) Adaptive
Answer:
b.) Integrated
d.) Collaborative
e.) Adaptive
The Cisco Self-Defending Network (SDN) is a vision for a network that can recognize, prevent, and adapt to threats. Network security is integrated into network components, which are services and devices throughout the network collaborating with a common goal of providing network-wide security policy enforcement, and into security technologies that can detect and automatically adapt to emerging threats. The three key principles in the Cisco Self-Defending Network are:
Integrated: Security is embedded into network components, making each device part of both defense and policy enforcement.
Collaborative: Services and devices collaborate with each other to provide end-to-end network security.
Adaptive: Security solutions can adapt to evolving threats and provide proactive threat defense.
Preventative and isolated are not key principles in Cisco’s Self Defending Network.
Reference:
CCNA Security Official Exam Certification Guide, Chapter 2: Developing a Secure Network, p. 67.
Cisco > Solutions > Security > Characteristics of a Self-Defending Network
Which of the following best describes the purpose of implementing a Cisco NAC solution?
a.) Cisco NAC allows only authorized and compliant systems to access the network.
b.) Cisco NAC appliances protect enterprises against Internet threats.
c.) Cisco NAC provides endpoint security by enabling threat protection capabilities for servers and desktops.
d.) Cisco NAC prevents system downtime by intercepting communications between applications and the underlying operating system.
Answer:
a.) Cisco NAC allows only authorized and compliant systems to access the network.
Cisco Network Admission Control (NAC) allows only authorized and compliant systems to access the network. When noncompliant hosts or devices (patches, virus protection, etc.) are introduced to the network, Cisco NAC can place them into a private, quarantined part of the network (such as a private VLAN), with limited or no access to production data. Once the devices are brought into compliance through the Cisco NAC architecture, they are then automatically moved back into the production network.
Cisco IronPort security appliance protect enterprises against Internet threats, with a focus on e-mail and Web security products.
The Cisco Security Agent (CSA) provides endpoint security by enabling threat protection capabilities for servers and desktops, and prevents downtime by intercepting communications between applications and the underlying operating system.
Reference:
CCNA Security Official Exam Certification Guide, Chapter 7: Implementing Endpoint Security, p. 254, pp. 266-268.
Which of the following Cisco IOS commands will activate a session inactivity timeout of 15 minutes?
a.) inactivity-timeout 15 0
b.) inactivity-timeout 0 15
c.) exec-timeout 0 15
d.) exec-timeout 15 0
Answer:
d.) exec-timeout 15 0
The exec-timeout 15 0 command will activate a session inactivity timeout of 15 minutes and 0 seconds. The syntax of the command is:
exec-timeoutminutes [seconds]
The exec-timeout command allows the administrator to specify the number of idle minutes and seconds before the session will time out and log out. A session timeout of two to three minutes is considered a best practice for a high security environment. The exec-timeout 0 0 command disables session timeouts, which is not recommended.
The exec-timeout 0 15 command is incorrect because it will activate a session inactivity timeout of 0 minutes and 15 seconds.
The inactivity-timeout 15 0 and inactivity-timeout 0 15 commands are incorrect because they are not valid Cisco IOS commands.
Reference:
CCNA Security Official Exam Certification Guide, Chapter 3: Defending the Perimeter, pp. 92-93.
Cisco > Cisco IOS Configuration Fundamentals Command Reference > exec-timeout
Which of the following statements most accurately describe the effect of the following configuration? (Choose two.)
Router(config)# line vty 0 4
Router(config-line)# login
Router(config-line)# password sEcR3T
a.) Users attempting to Telnet to the router will be required to enter the password sEcR3T before they can access user mode.
b.) Users attempting to Telnet the router will be required to enter the password sEcR3T before they can access enable mode.
c.) The password will be automatically encrypted.
d.) The password will not be automatically encrypted.
Answer:
a.) Users attempting to Telnet to the router will be required to enter the password sEcR3T before they can access user mode.
d.) The password will not be automatically encrypted.
Users attempting to Telnet to the router will be required to enter the password sEcR3T before they can access user mode. The password will not be automatically encrypted in the router configuration.
Passwords configured on VTY lines protect access to the user mode prompt. Once the user accesses user mode, a separate enable password must be entered to access enable (privileged EXEC) mode.
Line passwords are not encrypted by default. The service password-encryption global configuration command can be used to encrypt all future clear-text passwords. The only password that will be encrypted by default is the enable secret password.
Reference:
CCNA Security Official Exam Certification Guide, Chapter 3: Defending the Perimeter, p. 87.
You have implemented the following AAA configuration on your router. Which of the following describes this configuration’s effect on future Telnet connections?
Router(config)# aaa new-model
Router(config)# aaa authentication login default local none
Router(config)# username admin password S3cREt
Router(config)# line vty 0 4
Router(config-line)# login authentication default
Router(config-line)# privilege level 15
a.) Telnet connections will be unable to log in.
b.) Telnet connections will be given privileged EXEC mode after logging in.
c.) Telnet connections will not require a username or password.
d.) Telnet connections will not be able to access privileged EXEC mode.
Answer:
b.) Telnet connections will be given privileged EXEC mode after logging in.
The output shows that Telnet connections will be given access to privileged EXEC mode after logging in. The line Router(config-line)# privilege level 15 indicates that level 15, the highest level of access, will be assigned.
Telnet connections will not be prevented from logging in. The privilege level 15 command configured for the VTY lines will allow Telnet connections to completely bypass the user EXEC mode prompt (Router>) after logging in with a local username and password.
Telnet connections will be allowed, and they will require a local username and password to gain access. This is indicated in the line Router(config)# aaa authentication login default local none, where local indicates a local account and password on the device.
Telnet connections will be able to access privileged EXEC mode immediately after authentication.
Reference:
CCNA Security Official Exam Certification Guide, Chapter 3: Defending the Perimeter, p. 93.
