QUIZ: CCNA Security Second Edition Part 6

Which class of Cisco Common Classification Policy Language (C3PL) filters out the traffic that needs to be inspected?

Which class of Cisco Common Classification Policy Language (C3PL) inspects (Stateful inspection of traffic), permit (permit the traffic but no Stateful inspection), drop the traffic or generate log of it?

Which of the following two actions can be applied to a traffic class when a Cisco IOS Zone-Based Policy Firewall is being configured? (Choose any three)

Which of the followings are the techniques of accessing firewall for management? (Choose any three)

Which of the following actions in a Cisco IOS Zone-Based Policy Firewall is similar to a permit statement in an ACL?

In a Cisco IOS Zone-Based Policy Firewall, what is the main function of the permit or pass action?

In which mode of firewall deployment does ASA work as layer 2 bridge and traffic flows through it without adding itself as routing hop between communicating peers?

Which two of the followings are the modes of ASA deployment?

In which method of High availability does one device act as primary firewall or active firewall while the second stay in standby mode?

The concept of implementing multiple virtual firewalls is known as ____________.

Security level 100-is the highest possible and most trusted level. By default, on which of the following interface it is used?

Which policy specifies the rules for the data traffic inbound or outbound passing through an interface?

Which of the following algorithm can ensure data confidentiality?

Why is asymmetric algorithm key management simpler than symmetric algorithm key management?

Data Encryption Standard (DES) uses ________ bits for data encryption

Which of the following attacks exploits the weakness of any software that are unknown to the software vendor/developer?

What are the two common characteristics of the IDS and the IPS? (Choose any two)

Which of the followings are two limitations of an IDS? (Choose any two)

Where can an IDS/IPS be placed?

Which of the followings is the limitation of network-based IPS as compared to host-based IPS?

In which of the following terminologies is a sensor that generates an alert about the traffic, which is not malicious, but requires serious attention as long as security is concerned?

In which of the following terminologies is a malicious activity that is detected by the IPS module or sensor and for which an alert will be generated?

Which one of the followings is the characteristic of Reputation Based IDS/IPS?

Which of the following actions or responses are commonly used in IDS technology? (Choose any two)

Which of the following actions define actions or responses that are commonly used in IPS technology?

Which of the following micro-engines designs a signature to analyze a single packet instead of stream of packets?

Which of the followings is a part of digital signature and determines the critical level of an attack?

What is a disadvantage of a pattern-based detection mechanism?

Which of the following features of an IPS provides regular threat updates from the Cisco Network database?

In which mode of deployment will a copy of every data packet be sent to the sensor to analyze if there is any malicious activity?

In which of the following configured modes will the whole IP traffic be dropped, in case of sensor failure?

Which of the following options helps you to create a blacklist, with the help of Cisco Collective Security Intelligence Team “Talos”?

The technique in which you allow or permit IP address or traffic of your own choice is referred to as ______________.

Which of the followings is a limitation of an IPS?

Which of the following techniques does IPS provide for network protection by preventing an attack to reach its destination?

Which of the followings are E-mail based threats?

Which of the following attacks tries to get login credentials by manipulating the end-user by presenting different links, which look legitimate?

Which of the followings are the features of Cisco’s E-mail Security Appliance (ESA)? (Choose any three)

Which of the followings is a feature of Anti-malware Protection Security Solution?

Which of the following features of Anti-malware protection analyzes file’s behavior to determine the threat level and then updates the treat and its mitigations globally?

Which of the followings is a type of spam filtering that identifies spam messages without blocking the legitimate E-mail?

Which of the followings provides continuous analysis of data to detect, analyze, track, confirm and mitigate threats before, during and after an attack?

Which of the followings is a characteristic of the Data Loss Prevention (DLP)?

Which of the followings is the most widely used E-mail encryption standard?

Which of the followings controls the user access to specific website category?

Which of the followings protects your web or mobile applications from being compromised and prevents data from breaching?

What purposes does SSL/TLS decryption serve? (Choose any three)

Which of the followings are the mitigation techniques of Web based threats? (Choose any three)

Which of the following ASA series is suitable for small to medium sized enterprise environment?

Which of the followings is a web based attack?