CCNP ENCOR 5. Security

1. _____ is an architectural framework through which the network access policy is enforced on network devices .
2. _____ enables you to collect information about the activity and resource consumption for a user.
3. (True / False ) Authentication can be valid without authorization and accounting.
Authorization and accounting, however, cannot be performed without authentication.
4. (True / False ) It is not possible to specify multiple servers when configuring an authentication option on the method list combining them in a server group.
5. It is the process of identifying a user before they are given network access
6. Choose the correct statement below that specifies the authentication options. (choose 2).
7. From the options below, which are the common type of AAA protocols. (Choose 2)
8. When comparing RADIUS and TACACs+ , TACACs+ encrypt only the password in the packet however RADIUS encrypts the entire packet.
9. What happens when you configure the the "aaa new-model" command on a cisco router or switch?
10. This type of Access-list allows you to specify both the source and destination packet addresses.
11. __________________ includes the hardware and software on a network device that supports routing and some other types of processing.
12. It refers to packets that are always handled by the route processor.
13. It is a Cisco IOS feature which is designed to allow administrators to specify controls over traffic that is directed to a device’s control plane
14. CoPP not only allows you to specify what traffic is allowed and what traffic is denied on the control plane interfaces, however it does NOT support rate limiting of allowed traffic for the control plane.
15. After you configured the class-map and policy-map to match traffic for COPP, what will be the last step to ensure that the MQC config is applied.
16. In terms of Wireless Security, WEP is considered strong compared to WPA. (True/False)
17. In WLAN security, it is considered as the most secured and flexible method for authenticating Guest user access.
18. In WLAN security, it is considered as the most secured and flexible method for authenticating Corporate users and managed devices.
19. In WLAN security, it can only authenticate devices and not users.
20. _____________________ authentication uses symmetric encryption, meaning that the same algorithm and key that are used to encrypt the credentials are used, in reverse, to decrypt the message.
With this authentication, a common password is configured on both sides. Symmetric key encoding is relatively simple, however it is not recommended for strong user authentication because it is not very resistant to a key attack.
21. __________________ is a general protocol for authentication that also supports multiple authentication methods, such as token cards, Kerberos, one-time passwords, certificates, public key authentication, and smart cards.
22. From the options below, choose which authentication types are considered as commonly used EAP types. (Choose 3)
23. This EAP Authentication type requires a certificate on both the client and the server.
24. This EAP Authentication type only requires a certificate on the server side and none from the client side.
25. ___________ is a secure solution for enterprises that cannot enforce a strong password policy and do not want to deploy certificates for authentication.
26. _____________ can be seen as a compromise between EAP-TLS, which relies entirely on a certificate-based infrastructure, and EAP-FAST, which does not require any certificate exchange between the client and the authentication server.

27. To achieve adequate security in EAP-FAST, the same authentication server on which authentication occurs also generates a unique shared credential that is used to mutually authenticate client and server, this is called _____________?

28. ___________ is a process which allows users, typically guests, to authenticate to the network through a web portal via a browser interface.
29. It is a Web Authentication approach that is designed for small businesses that need to provide local guest access.
The VLAN that is used will be defined in the switch and routed to the Internet via the router and firewall at the network edge.
30. ____________ is a feature of mobility to restrict a WLAN to a single subnet, regardless of a client entry point into the network.
It is also called as Guest Tunneling.

31. In Local Web Authentication with Auto-anchor, which device maps the SSID to the guest VLAN and provides the web portal splash page?
32. In a Local Web Portal with External Authentication approach, which device provides the web portal splash page?
33. In a Local Web Portal with External Authentication approach, which devices maintains the guest user accounts?
34. In Network Security , it refers to a weakness that compromises either the security or the functionality of a system . An example of this is weak or easily guessed passwords.
35. Which network security attack attempts to consume all a critical computer or network resource to make it unavailable for valid use.
36. Which network security attack attempts to learn more about the intended victim before attempting a more intrusive attack
37. Which options below are commonly used for endpoint security? (Choose 3)
38. _____________________ uses integrated controls and a continuous process to detect, confirm, track, analyze, and remediate threats before, during, and after an attack.
39. This feature is the most commonly used proxy server function into the firewall itself, and may take advantage of website classification and reputation scores.
40. This feature recognizes applications by analyzing data streams instead of looking at transport layer port numbers. For example, applications like Skype that are capable of hopping from one port to another can be recognized. Another example is not only recognizing Facebook, but recognizing gaming within Facebook
41. Cisco _______ simplifies the provisioning and management of secure access to network services and applications. Compared to access control mechanisms that are based on network topology, it also defines policies using logical policy groupings, so secure access is consistently maintained even as resources are moved in mobile and virtualized networks .
42. ______________ provides secure communication on wired LANs. When it is used to secure the communication between endpoints on a LAN, each packet on the wire is encrypted using symmetric key cryptography, so that communication cannot be monitored or altered on the wire.
43. _______________________ is an alternate authentication method that can be used when devices do not support other authentication methods.
44. What are three modes of deployment when implementing 802.1x . (Choose 3)
45. In 802.1x phased implementation, it allows you to enable authentication across the wired infrastructure, without affecting wired users or devices. It can be thought of as an audit mode
46. In 802.1X port-based authentication,  it controls access to the network, based on client authentication status.
The objective here is for endpoints to authenticate to the Authentication server via the Extensible Authentication Protocol (EAP).
47. In 802.1X Authorization , the authentication server associates an ACL with a particular user or group.
It then instructs the NAD to dynamically assign the ACL to the user session. This mechanism provides very granular access control, right down to the port level.
48. ________________ can provide different levels of access to 802.1X-authenticated users. The RADIUS server authenticates 802.1X-connected users. Based on user identity, it retrieves ACL attributes and sends them to the switch. The switch applies attributes to the 802.1X port during the user session.
49. ________________ mode allows an IP phone, and a single host behind the IP phone, to authenticate independently via 802.1X, MAB, or (for the host only) web-based authentication. In this application, multidomain refers to two domains (data and voice VLAN). Only one MAC address is allowed per domain.
50. 802.1X can be configured on Etherchannels and Trunk ports. (True/False)


Leave a comment