CCNA Security Practice Exam Training Questions

10 Questions On Network Attacks And Defenses

By Chris Bryant, CCIE #12933

To help you prepare for success on your Cisco CCNA Security exam, here's another set of practice exam questions for you!

Visit my CCNA Security Exam Resource Page for more practice exams and exclusive tutorials you'll see nowhere else!

I'm Paying It Forward - To You.

Get CCNA Security Certified Today - For $20.

Here are today's questions...answers are at the bottom of the page. Enjoy!

1. Which RFC refers to all of the following network address ranges, and how do these ranges relate to network security?

0.0.0.0 /8

10.0.0.0 /8

127.0.0.0 /8

172.16.0.0 /12

192.168.0.0 /16

224.0.0.0 /4

240.0.0.0 /4

2. Which of the following are considered reconnaissance attacks, and which are access attacks?

A. ping sweep

B. port scan

C. password attack

D. trust exploitation

E. DSL query

3. The term "port redirection" refers to which type of network attack mentioned in Question 2?

4. Which of the following statements referring to Superviews and Views are true?

A. IOS Commands can be contained in multiple views on the same router.

B. A single view can be contained in more than one Superview.

C. Deleting a Superview results in all Views contained in that Superview to be deleted as well.

D. Logging into a Superview allows the user to execute all commands in all Views that are part of that Superview.

5. Which of the following are disabled by default when you run Autosecure?

A. PAD

B. UDP and TCP Small Servers

C. BootP

D. CDP

E. NTP

6. Which of the following are enabled by default when you run Autosecure on a Cisco router?

A. Password encryption service

B. TCP keepalives (inbound only)

C. TCP keepalives (outbound only)

D. TCP keepalives (both inbound and outbound)

E. IP source routing

F. HTTP services

7. Which of the following will be enabled by default when you run Autosecure?

A. logging timestamps and sequence numbers

B. logging console critical

C. logging buffered

D. logging trap disabled

8. You're configuring one-step lockdown via SDM. According to SDM, can you undo any of the lockdown settings once you run the lockdown feature?

A. No, the lockdown is irreversible.

B. Yes, by running Security Audit Wizard and selecting "Undo Security Configurations".

C. Yes, by running the Additional Tasks option.

D. Yes, by choosing "Undo Lockdown".

9. You're running Autosecure at the CLI and decide about halfway through the prompts that you'd like to stop without saving any of your Autosecure configuration. Can you do this, and if so, how? (Unplugging the router is not acceptable.)

10. As it relates to how they are spread, what is the major difference between a worm and a virus?

Answers right after the jump! And if you're already CCNA certified, let's get started on your CCNA Security certification right now!

I'm Paying It Forward - To You.

Get CCNA Security Certified Today - For $20.

And here are the answers....

1. RFC 3704 (an updated version of RFC 2827) recommends that packets sourced from those address ranges not be allowed to enter your network.

Blocking these address ranges for incoming traffic on your network's perimeter routers is sometimes called "2827 filtering" or "3704 filtering", referring to the original and updated RFCs that discuss this topic in a great deal of detail.

2. Recon attacks: ping sweeps, port scans, DSL queries.

Access attacks: password attacks and trust exploitation.

3. Port redirections are a type of trust exploitation.

4. A, B, D. The only false statement is that deleting a Superview results in the deletion of all of the Views it contain. Deleting a Superview does not result in the deletion of its Views.

5. A, B, C, D, E.

By default, the following will be globally disabled by AutoSecure:

Finger - recon attack possibility

PAD - known vulnerabilities

UDP and TCP Small Servers - attacker can request large number of UDP diagnostics

BootP - known vulnerabilities

HTTP services, Identification Service (queries TCP port), CDP, NTP and IP source routing are also disabled globally.

6. A, D. Both the password encryption service and TCP keepalives (inbound and outbound) will be enabled by AutoSecure.

7. A, B, C, D. All of those will be enabled by AutoSecure.

8. B, C. . You can change some or all of the lockdown settings by using the Undo Security Configurations section of the Security Audit Wizard or by using Additional Tasks, as shown below :

9. Our old friend ctrl-c will do the job, as shown in the prompts you're shown after running the auto secure command. Note the disclaimer shown at the top of this output!

R1#auto secure
                --- AutoSecure Configuration ---

*** AutoSecure configuration enhances the security of
the router, but it will not make it absolutely resistant
to all security attacks ***

AutoSecure will modify the configuration of your device.
All configuration changes will be shown. For a detailed
explanation of how the configuration changes enhance security
and any possible side effects, please refer to Cisco.com for
Autosecure documentation.
At any prompt you may enter '?' for help.
Use ctrl-c to abort this session at any prompt.

10. The terms virus and worm are often used interchangeably, but they're not quite the same thing.  A major difference between the two is that a worm can spread from its entry point to the rest of your network without the "help" of a human being. 

A common worm attack is carried out by the worm finding your email address book and then sending a copy of itself to every recipient in that book.  The worm executes its code and then continues to send copies of itself.

A virus can't be spread without an end user helping out, generally by forwarding an infected file or attachment.

I'm Paying It Forward - To You.

Get CCNA Security Certified Today - For $20.

Look for other CCNA Security, CCNA Wireless, and CCNA Voice questions and fully-illustrated tutorials on those exclusive Resource Pages!

To your success,

Chris Bryant

CCIE #12933

chris@thebryantadvantage.com