CCNA Security Chapter 10 Answers v1.2 CCNAS Questions

1. A network security manager has been tasked with supporting some staff to work from home on a part time basis. What Cisco Secure access product will allow this manager to provide secure, manageable voice and video services to this group of personnel?

Cisco Secure Access Control System
Cisco AnyConnect
Cisco NAC Appliance
Cisco Virtual Office*
Cisco Identity Services Engine
_______________________________________________________________

2. Which two security features must be implemented when SCP is a part of a company security plan? (Choose two.)

AAA authorization*
AES
encrypted Cisco IOS File System
SSH*
TCP/IP-based VPN
_______________________________________________________________

3. What are two attributes of a qualitative risk analysis? (Choose two.) It is measurable.

It assigns values to assets.
It is exploratory.*
It is descriptive.*
It uses a mathematical model.
_______________________________________________________________

4. Why would an organization perform a quantitative risk analysis for network security threats?

so that management can determine the number of network devices needed to inspect, analyze, and protect the corporate resources
so that management has documentation about the number of security attacks that have occurred within a particular time period
so that the organization can focus resources where they are most needed*
so that the organization knows the top areas where network security holes exist
_______________________________________________________________

5. What is the purpose of the Tripwire network testing tool?

to perform vulnerability scanning
to assess configuration against established policies, recommended best practices, and compliance standards*
to detect unauthorized wired network access
to provide password auditing and recovery
to provide information about vulnerabilities and aid in penetration testing and IDS signature development
_______________________________________________________________

6. A network manager has presented to upper management that the threat of fire in the data center has an exposure factor of 70 percent. What does this mean?

70 percent of the devices in the data center do not have fire resistance coverage.
70 percent of the data center area has a high risk of fire.
There is a 70 percent chance of a fire in the data center.
70 percent of all data center equipment would be destroyed if there were a fire.*
_______________________________________________________________

7. What operations security principle is intended to ensure that a single individual does not control two or more phases of an operation?

change control
separation of duties*
rotation of duties
trusted recovery
_______________________________________________________________

8. Which security test is appropriate for detecting system weaknesses such as misconfiguration, default passwords, and potential DoS targets?

integrity checkers
penetration testing
vulnerability scanning*
network scanning
_______________________________________________________________

9. What situations are addressed by a business continuity plan?

the continued operations of an organization in the event of a disaster or service interruption*
the roles and responsibilities of personnel responding to security breaches
the threats that corporate systems are subjected to in a particular environment
the day-to-day operations necessary to deploy and maintain secure systems
_______________________________________________________________

10. What is the main purpose of the Cisco SIO?

to guarantee every connection coming on or off the endpoint
to provide a method of introducing scanning elements into the network
to enable a single point of policy definition that spans multiple enforcement points
to identify malicious traffic and develop rules to stop it*
_______________________________________________________________

11. Fill in the blank. risk analysis is used to estimate the probability and severity of threats to a system.
_______________________________________________________________

12. How does network scanning help assess operations security?

It can simulate attacks from malicious sources.
It can log abnormal activity.
It can detect open TCP ports on network systems.*
It can detect weak or blank passwords.
_______________________________________________________________

13. In quantitative risk analysis, what term is used to represent the degree of destruction that would occur if an event took place?

single loss expectancy
exposure factor*
annualized loss expectancy
annualized rate of occurrence
_______________________________________________________________

14. What security task is relevant in the disposition phase of the SDLC?

defining the levels of potential impact on an organization from a security breach
identifying the protection requirements for systems through a formal risk assessment process
ensuring that security plans are designed, developed, and implemented
ensuring that data is deleted, erased, or overwritten*
_______________________________________________________________

15. What should be the primary objective of a contingency and disaster recovery plan?

eliminate risk by avoiding threats to the network altogether
identify acceptable methods of recovery on events most likely to happen*
address every possible disaster scenario and assumption
implement protection mechanisms in an attempt to reduce risks to acceptable levels
_______________________________________________________________

16. Using quantitative risk analysis, what is the annualized loss expectancy to an organization of an event that has single loss expectancy of $500,000 and a annualized rate of occurrence of .03?

$1500
$6000
$15,000
$1,500,000*
_______________________________________________________________

17. What component of the Cisco SecureX architecture automatically deploys security rules to Cisco devices?

policy management console
SIO*
delivery mechanism
scanning engine
_______________________________________________________________

18. Which security policy component defines what users are allowed and not allowed to do on company systems?

authentication policy
governing policy
acceptable use policy*
application policy
_______________________________________________________________

19. A new network manager at a small company is presented with a list from the technician who is responsible for server backups. The technician provides the following list of current practices.

Blank media is always used.
Server backups are performed on a weekly basis.
Only three people (the technician, a peer, and the supervisor of the technician) have rights to perform the backups.
The technician stores the backups in a fire-proof safe in the wiring closet.
Twice a month, the technician and supervisor take a separate backup copy to a secure off-site location.

Which practice would it be best to modify in order to improve this process so it is in accordance with recommended best practices for a secure backup program?

More people should have rights to perform the backups.
Only one person is needed to store the off-site copy.
Two people should securely store the on-site backup media.*
Media can be rotated.
Backups should be done on a more frequent basis.
_______________________________________________________________

20. A new person has joined the security operations team for a manufacturing plant. What is a common scope of responsibility for this person?

physical and logical security of all business personnel
managing redundancy operations for all systems
day-to-day maintenance of network security*
data security on host devices
_______________________________________________________________

21. What is the objective of the governing policy in the security policy hierarchy structure?

It defines system and issue-specific policies that describe what the technical staff does.
It outlines the company’s overall security goals for managers and technical staff.*
It covers all rules pertaining to information security that end users should know about and follow.
It provides general policies on how the technical staff should perform security functions.
_______________________________________________________________

22. Which type of security policy document is it that includes implementation details that usually contain step-by-step instructions and graphics?

standards document
procedure document*
best practices document
guideline document
_______________________________________________________________

23. What are the three security tasks related to the disposition phase of the system development life cycle? (Choose three.)

media sanitation*
preliminary risk assessment
continuous monitoring
hardware and software disposal*
security cost considerations
information preservation*
_______________________________________________________________

24. What is the purpose of a security awareness campaign?

to integrate all the security skills and competencies into a single body of knowledge
to teach skills so employees can perform security tasks
to focus the attention of employees on security issues*
to provide users with a training curriculum that can ultimately lead to a formal degree
_______________________________________________________________

25.

Place the options in the following order:
applies policy-based access control
enforces security policies by updating noncompliant machines
provides access in accordance with rule-based policies
delivers network services to remote employees