Exam: Title : VPN/Security Ver : 03.20.04
QUESTION 1 A customer needs to connect smaller branch office locations to its central site and desires a more which solution should you recommend? A. V3PN solution B. Site-to-site VPN solution C. Remote access VPN solution D. Redundant Services Termination solution QUESTION 2 Which is a cost effective VPN solution? A. VPN concentrators B. VPN modules for the routers C. VPN modules for the firewalls D. VPN modules for the switches QUESTION 3 What is the main function of the Cisco VPN Client? A. Initiates V3PN connection with Cisco VPN routers. B. Sets up Secure Socket Layer connection to the web host. C. Provides application layer connection to the remote web server. D. Establishes encrypted tunnels with a remote access VPN concentrator. QUESTION 4 VPN-enabled routers connect branch and regional offices. They deliver single-box solutions that offer an integrated package of routing, firewall, intrusion detection, and VPN functions. What is this type of VPN solution called? A. Site to site VPN B. VPN encryption C. SSL termination D. Remote access VPN QUESTION 5 What are the defensible boundaries within a network that allow a security policy to be strategically enforced? A. Firewalls B. Perimeter networks C. Cisco IOS Firewalls D. Network integrity points QUESTION 6 Small and medium business often cannot afford dedicated, redundant firewall options. What is the most economical way for them to achieve firewall functionality? A. Use the Cisco IOS software firewall features. B. Depend on router access lists for network security. C. Activate firewall services provided by their service provider.
D. Rely on security features included in their applications software. QUESTION 7 Firewalls can be implemented on which three devices? (Choose three) A. Routers B. Software C. Content engines D. Web appliances E. Dedicated hardware devices, B, E QUESTION 8 What functionality can be used in conjunction with the Cisco PIX Firewall to manage access to Internet sites and selectively block individual of groups of Internet sites? A. 3 DES B. URL filtering C. Centralized configurations D. Access Control List (ACLs) QUESTION 9 Businesses must be able to define and protect sensitive portions of their networks and guard against intrusive access form potentially harmful applications. The first line of defense that most organizations implement is. A. Firewall security B. User accounting C. A Virtual Private Network. D. An Intrusion Protection system QUESTION10 Cisco PIX Firewalls utilize transparent identity verification at the firewall and make smart decisions for access or denial. After authentication, the Cisco PIX shifts session flows so that all subsequent traffic receives more rapid routing than proxy servers enable. What is this process called? A. LEAP B. RADIUS C. Cut-Through Proxy D. Cut-Through Switching QUESTION 11 The IT group in an organization would be in favor of centralized Security Management tools because they. (Choose three) A. Provide convenient billing services. B. Help them identify new threats more quickly. C. Make their job easier installing and monitoring security functions. D. Provide assurance that the security policy is being applied uniformly., C, D
QUESTION 12 Which technology allows companies to securely transport data across the Internet? A. Data encryption B. Intrusion Detection C. High-speed switching D. Quality of Service (QoS) QUESTION 13 A is a set of hardware and software that is implemented at a particular spot on a network infrastructure to enforce the security policy of an organization. A. Router B. Switch C. VPN concentrator D. Cisco PIX Firewall E. Cisco Intrusion Detection (IDS) System Answer: E QUESTION 14 Which feature hides Internet network IP addresses from the outside? A. Host Standby Protocol B. Advanced Quality of Service C. Network Address Translation D. Context-based Access Control QUESTION 15 Establishing two Cisco PIX Firewalls that run parallel ensures that if one firewall malfunctions, the second automatically maintains security operations. Implementing this feature assures that the firewall is always on. What is this configuration called? A. URL filtering B. Hot Standby C. Standards-based VPN D. Centralized Configuration Builder QUESTION 16 What is a company's last means of perimeter defense between the intellectual assets of an organization and the Internet if they choose not to implement a firewall solution? A. Their routers B. Their service provider C. The Intrusion Protection System D. The Security Management System QUESTION 17 What are three security functions that Host IDS performs? (Choose three) A. Protection of critical servers within the network. B. Secure session encryption using industry standards. C. Facilitation of client changes and updates to their passwords. D. Proactive event notification that is sent to network administration.
E. Real-time monitoring of network traffic at pre-determined points in the network., D, E QUESTION 18 What is a benefit of implementing BOTH Network IDS and Host IDS? A. Network IDS can protect a network from probes and Host IDS can protect vulnerable servers. B. Wireless LANs become more secure with the additional LEAP and encryption provided by Network and Host IDS. C. Router performance can be increased by offloading Network and Host IDS functions to security appliances and servers. D. Private VLAN security provided through Network and Host IDS decreases propagation of attacks by isolating critical servers. QUESTION 19 How does Cisco Intrusion Protection address the financial impact of a possible network outage? (Choose two) A. Allows simplified network management. B. Identifies and reacts to known or suspected network intrusion and anomalies. C. Reduces additional financial losses by shutting down the network on intrusion. D. Prevents losses that are due to both hacker attacks and internal violations of security policy., D QUESTION 20 Which product is best for real-time monitoring and protecting a network (from unauthorized activities, denial of service attacks, port sweeps) and is able to take actions against these attacks? A. Cisco Security Agent B. Cisco IDS 4200 family C. Cisco VPN Concentrator D. Cisco PIX Firewall Appliances QUESTION 21 How does Network Intrusion Detection work? A. Operating system and application calls are intercepted and analyzed based on a security policy definition. B. Encrypted data are decrypted by a sensor and passed on to a management console for monitoring and interpretation. C. Real-time monitoring detects possible attacks which are inspected by a sensor and compared with a signature database for further action. D. Servers are protected from worms and other harmful attacks by monitoring normal application behavior and cuttings off request that do not fit the normal behavior pattern. QUESTION 22 Intrusion Protection systems can be managed from remote sites via management solution. Who would most value this as a benefit? A. Data Center Manager B. Chief Financial Officer C. Chief Executive Officer D. Chief Information Officer
QUESTION 23 The IT director is not familiar with VPN technology but is familiar with the terminology. His biggest concern is making sure the company's e-commerce transactions are secure. What should you discuss with the director. A. The difference between SSL and IPSec. B. The difference between LEAP and IPSec. C. The effectiveness of router based firewalls. D. The availability of hacking tools on the Internet. QUESTION 24 What does the Cisco Security Agent do? A. Protects networks from unauthorized activities, port sweeps, and denial of service attacks. B. Provides host intrusion prevention, distributed firewalls, and malicious code protection for servers and desktops. C. Increases server security by providing tools for automatically applying new patch updates to all critical servers on the network. D. Protects servers and desktops by monitoring each packet and comparing the contents with a database of attack signatures. QUESTION 25 What are three functions of the Cisco Security Agent? (Choose three) A. Provide zero-updates for the network administrator. B. Provide preventive protection against entire classes of attacks. C. Is scalable to thousands of agents per manager to support large and deployments. D. Provides real-time monitoring of network traffic at pre-defined points in the network., C, D QUESTION 26 A chief concern many IT professionals have about Intrusion Protection solutions is that that generate too many false alarms. Which Cisco technology addresses this issue? A. Cisco Security Agent B. Cisco Threat Response C. Host Intrusion Detection System D. Network Intrusion Detection System QUESTION 27 How does Cisco Threat Response (CTR) help make Intrusion Protection more efficient? A. CTR increases performance on the sensors for better price performance. B. CTR performs intelligent investigation of potential attacks to reduce false positives up to 95%. C. CTR automatically modifies security policies based on the types of attacks that are detected and can customize responses to those attacks. D. CTR gives network managers additional access to Quality of Service parameters so that voice traffic can be securely transported across the network. QUESTION 28 What is a function of the Cisco Threat Response technology? A. Eliminates false alarms.
B. Remediates costly intrusions. C. Shots down the network in the event of an attack. D. Proactively notifies network administration when common attacks are detected. QUESTION 29 What does an Identify Solution do? (Choose three) A. Validates the identity of every user. B. Tracks and reports user and accounting data. C. Utilizes OSPF technology to efficiently route authorized user traffic through the network. D. Controls access to information from many different kinds of users and a variety of access points., B,D QUESTION 30 Which question best positions the ROI advantages of an Identify Solution? A. How do you currently control access to your network? B. Do you have any concern related to the growth of your network? C. Does your current Identity Solution offer the ability to easily enable group network devices? D. Would it be valuable to you to be able to integrate and Identity Solution with your existing systems? QUESTION 31 How do Identity Solutions provide cost savings? A. They prevent email spam proliferation from unidentified users. B. They integrate with existing Cisco IOS router and VPN solutions. C. They eliminate redundant security solutions, such as Cisco Intrusion Detection. D. They eliminate network upgrades by providing more efficient user management. QUESTION 32 What is the key security vulnerability benefit of Cisco Secure ACS? A. Cisco Secure ACS has one license model with no clients/supplicant requirements. B. It offers centralized control of all user authentication, authorization, and accounting. C. Different levels of security can be concurrently used with Cisco Secure ACS for different requirements. D. It supports large networked environments with redundant servers, remote databases, and user database backup services. QUESTION 33 What is AAA? A. Analysis, Admittance, Audit B. Authentication, Access, Accounting C. Authorization, Analysis, Administration D. Authentication, Authorization, Accounting QUESTION 34 What are two functions of site-to-site VPN? (Choose two) A. Reduces reliance on the service provider. B. Eliminates the need for and expense of tool free 800 numbers. C. Extends the WAN as an extranet to business partners and suppliers.
D. Delivers Internet access and web-based applications across multiple locations., C QUESTION 35 What is the key scalability benefit of Cisco Secure ACS? A. It offers centralized control of all user authentication, authorization, and accounting. B. Cisco Secure ACS has one license model with no clients/supplicants requirements. C. Different levels of security can be concurrently used with Cisco Secure ACS for different requirements. D. It supports large networked environments with redundant servers, remote databases, and user database backup services. QUESTION 36 Security Management systems can scale to manage thousands of network devices. Why is this feature important? A. It allows for a more secure network environment. B. It allows for more efficient network bandwidth usage. C. It allows for more devices to be managed with fewer people. D. It reduces human error by eliminating the network administrators. QUESTION 37 Which two statements are true about the Cisco Security Management solution? (Choose two) A. Cisco Security Management can manage all security devices including non-cisco appliances. B. The Cisco Works Monitoring Center for Security is the flagship multi-device management solution. C. The complete network Security Management system is needed to coordinate and monitor all of the security components. D. Embedded Security Device Manager (EDSM) enables the configuration of Cisco security, D QUESTION 38 What are functions of the Cisco Security Management System? A. Layered security and defense in depth. B. Multi-site management and secure connectivity. C. Multi-device management and secure connectivity. D. Embedded device management, multiple device management, and policy management. QUESTION 39 An advantage of implementing a security policy through centralized Security Management tools is that security decisions can be made. A. Once, in advance for the whole network. B. Locally, close to where new threats appear. C. By the user, to fit their individual business needs. D. Locally, by the business manager nearest the user or customer. QUESTION 40 Cisco Security Management Centers can configure, monitor, and troubleshoot which three devices? (Choose three) A. Cisco firewalls B. Cisco Catalyst switches
C. Cisco VPN concentrators D. Cisco intrusion detection sensors E. Cisco content networking switches, C, D QUESTION 41 The IT director is concerned about updating the security software on his remote VPN devices. Which topics should you discuss? A. Hiring additional personnel to update remote sites. B. Selecting encryption algorithms for VPN implementation. C. Complying with industry standards using Cisco SAFE Blueprint. D. Implementing the Cisco SAFE Blueprint and the use of Security Management. QUESTION 42 You account team is helping a customer implement their security policy. The customer cannot afford expensive, dedicated security devices. Why is the Cisco SAFE Blueprint useful to your account team? A. It requires immediate implementation. B. It can propose alternative and modular implementations. C. It specifies only Cisco products, excluding competing products. D. It avoids the cost issue because it does not make specific recommendations. QUESTION 43 Your customer does not have a security policy for the entire enterprise. An effective account strategy would be to. A. Offer to write a security policy for the customer. B. Inform the customer about the risks to the business. C. Find a reference account that demonstrates the negative consequences of not having a security policy. D. Use the Cisco SAFE Blueprint to consult with the customer in building and implementing a security policy. QUESTION 44 Which module in the Cisco SAFE Blueprint addresses secure connectivity to ISPs and public telephone networks? A. Extranet Edge B. Enterprise Campus C. Service Provider Edge D. Service Provider Campus QUESTION 45 VPN solutions and products integrate security into the overall network architecture, which illustrates the importance of security along with that of switches and routers. Which customer executive would this benefit most appeal to? A. Chief Security Officer B. Chief Financial Officer C. Chairman of the Board D. Chief Executive Officer E. Chief Information Officer Answer: E
QUESTION 46 Which is a characteristics of the Cisco SAFE Blueprint? A. Static design B. Modular approach C. Two fundamental areas D. Developed by an industry association QUESTION 47 A customer expect to grow their network dramatically in the near future. They are concerned bout their current security policy being adequate for the expanded network. What should the account team recommend to the customer? A. They should consult with government agencies for legal compliance. B. They should purchase the Cisco SAFE Blueprints to conduct a review of their security policy. C. The Cisco SAFE Blueprint can help them plan and verify necessary changes to their security policy. D. They should require their prospective equipment vendors to demonstrate how their equipment will comply with their security policy. QUESTION 48 The Cisco SAFE Blueprint is the most reliable and effective tool to plan for. A. Compliance with government regulation. B. The expansion and scaling of an existing network. C. The first installation ("greenfield") of a network only. D. Contracting outsourcing and service provider networking services. QUESTION 49 Which statement is true about the use of products in the Cisco SAFE Blueprint? A. You can only use Cisco security products. B. You only use network-based IDS for perimeter security. C. You should use best of breed products from any vendor. D. You can only use security products with Microsoft operating systems. E. You can only use Cisco security products with SUN operating systems. QUESTION 50 A customer is changing their contracted network services, converting to VPN services from Frame Relay. They need a checklist to ensure they have not incurred new security vulnerabilities or lost security protections. Which statement about checklists is true? A. Government agencies supply the correct checklist. B. The Cisco SAFE Blueprint is a theoretical document only. C. The Cisco SAFE Blueprint is the best and most complete checklist. D. Industry standards are the safest guides and should be used as the checklist. E. The international Common Criteria is the most complete and most widely adopted checklist. QUESTION 51 You use the Cisco SAFE Blueprint to effectively plan for. (Choose three) A. Security audits B. All types of threats and vulnerabilities.
C. Compliance with government regulations. D. Network installation, expansion, and upgrading. E. Equipment placement and capacities specifications., D, E QUESTION 52 A reseller informs you a customer is looking at e-commerce and contemplating VPN connectivity for their sales representatives. Which Cisco SAFE Blueprint module should you use? A. Enterprise Edge Module B. Enterprise Campus Module C. Extranet Connectivity Module D. Service Provider Edge Module QUESTION 53 What are three effective uses of the Cisco SAFE Blueprint? (Choose three) A. Security policy enforcement. B. Guidance for performing network security audits. C. Prevention of attacks to networks, network devices, and computers. D. Enforcement of non-disclosure agreements, background checks, and security clearances for vendors and contractors., B, C QUESTION 54 A customer organization experienced a catastrophic loss of intellectual property through a security failure. What should they do immediately? A. Take legal action. B. Outsource their security services. C. Use the Cisco SAFE Blueprint to guide a security audit. D. Rewrite their security policy, using the Cisco SAFE Blueprint. QUESTION 55 What are three affective uses of the Cisco SAFE Blueprint? (Choose three) A. Designing guidelines for implementing security policy. B. Designing guidelines for adding security functionality and features to an existing network. C. Providing performance and processing requirements and capacity and load balancing of security equipment. D. Designing guidelines for physical access by personnel to networks, plant, equipment, offices, and headquarters., B, C QUESTION 56 A customer has a Cisco PIX Firewall at the corporate site. The customer can implement the remote access VPN solution without incurring the cost of purchasing another product. How can this be accomplished? A. By upgrading to a higher level firewall. B. By using the WAN port for a VPN module. C. By installing and configuring the VPN accelerator card. D. By using the maintenance plan upgrade to the next level of Cisco PIX OS.
QUESTION 57 The Cisco SAFE Blueprints can guise a customer's planning for secure connectivity. A. Within their intranet only. B. Access to the Internet only. C. Within and between their extranet. D. Within and between any networks they use. QUESTION 58 Cisco VPNs provide protection from data interception through three means: secure connectivity, encryption, and. A. IPSec B. SSL termination C. Cut-Through Proxy D. Traffic authentication QUESTION 59 What is the most commonly used technology for VPN encryption in remote intranet environments? A. SSL B. LEAP C. IPSec D. TACAS QUESTION 60 What is the main reason a VPN is cost efficient? A. The gear to set up and run a VPN is inexpensive. B. The VPN equipment is not owned by the customer. C. The service provider can charge for access to the VPN. D. Long distance chargers and leased line fees are eliminated.