|
Question 1. You are a technician at ITCertkeys. You tell your newly appointed ITCertkeys trainee that Cisco PIX Firewalls utilize transparent identity verification at the firewall, and that it makes smart decisions for access or denial. After authentication, the Cisco PIX shifts session flows so that all subsequent traffic receives more rapid routing than proxy servers enable. Your trainee now wants to know what this process is called. What would your reply be? A. LEAP B. RADIUS C. Cut-Through Proxy D. Cut-Through Switching Answer: C Question 2. The IT group in an organization would be in favor of centralized Security Management tools because they _________. (Choose three) A. Provide convenient billing services. B. Help them identify new threats more quickly. C. Make their job easier installing and monitoring security functions. D. Provide assurance that the security policy is being applied uniformly. Answer: B, C, D Question 3. Which technology allows companies to securely transport data across the Internet? A. Data encryption B. Intrusion Detection C. High-speed switching D. Quality of Service (QoS) Answer: A Question 4. A _____ is a set of hardware and software that is implemented at a particular spot on a network infrastructure to enforce the security policy of an organization. A. Router B. Switch C. VPN concentrator D. Cisco PIX Firewall E. Cisco Intrusion Detection (IDS) System Answer: E Question 5. Which feature hides Internet network IP addresses from the outside? A. Host Standby Protocol B. Advanced Quality of Service C. Network Address Translation D. Context-based Access Control Answer: C Question 6. A customer needs to connect smaller branch office locations to its central site and desires a more which solution should you recommend? A. V3PN solution B. Site-to-site VPN solution C. Remote access VPN solution D. Redundant Services Termination solution Answer: C Question 7. Which is a cost effective VPN solution? A. VPN concentrators B. VPN modules for the routers C. VPN modules for the firewalls D. VPN modules for the switches Answer: B Question 8. What is the main function of the Cisco VPN Client? A. Initiates V3PN connection with Cisco VPN routers. B. Sets up Secure Socket Layer connection to the web host. C. Provides application layer connection to the remote web server. D. Establishes encrypted tunnels with a remote access VPN concentrator. Answer: D Question 9. VPN-enabled routers connect branch and regional offices. They deliver single-box solutions that offer an integrated package of routing, firewall, intrusion detection, and VPN functions. What is this type of VPN solution called? A. Site to site VPN B. VPN encryption C. SSL termination D. Remote access VPN Answer: A Question 10. What are the defensible boundaries within a network that allow a security policy to be strategically enforced? A. Firewalls B. Perimeter networks C. Cisco IOS Firewalls D. Network integrity points Answer: B Explanation: A network security policy focuses on controlling the network traffic and usage. It identifies a network's resources and threats, defines network use and responsibilities, and details action plans for when the security policy is violated. When you deploy a network security policy, you want it to be strategically enforced at defensible boundaries within your network. These strategic boundaries are called perimeter networks. Reference: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/security.htm#xtocid3 Question 11. Small and medium business often cannot afford dedicated, redundant firewall options. What is the most economical way for them to achieve firewall functionality? A. Use the Cisco IOS software firewall features. B. Depend on router access lists for network security. C. Activate firewall services provided by their service provider. D. Rely on security features included in their applications software. Answer: A Question 12. Firewalls can be implemented on which three devices? (Choose three) A. Routers B. Software C. Content engines D. Web appliances E. Dedicated hardware devices Answer: A, B, E Question 13. What functionality can be used in conjunction with the Cisco PIX Firewall to manage access to Internet sites and selectively block individual of groups of Internet sites? A. 3 DES B. URL filtering C. Centralized configurations D. Access Control List (ACLs) Answer: B Question 14. Businesses must be able to define and protect sensitive portions of their networks and guard against intrusive access form potentially harmful applications. The first line of defense that most organizations implement is _______. A. Firewall security B. User accounting C. A Virtual Private Network. D. An Intrusion Protection system Answer: A Question 15. Establishing two Cisco PIX Firewalls that run parallel ensures that if one firewall malfunctions, the second automatically maintains security operations. Implementing this feature assures that the firewall is always on. What is this configuration called? A. URL filtering B. Hot Standby C. Standards-based VPN D. Centralized Configuration Builder Answer: B Question 16. What is a company's last means of perimeter defense between the intellectual assets of an organization and the Internet if they choose not to implement a firewall solution? A. Their routers B. Their service provider C. The Intrusion Protection System D. The Security Management System Answer: A Question 17. What are three security functions that Host IDS performs? (Choose three) A. Protection of critical servers within the network. B. Secure session encryption using industry standards. C. Facilitation of client changes and updates to their passwords. D. Proactive event notification that is sent to network administration. E. Real-time monitoring of network traffic at pre-determined points in the network. Answer: A, D, E Question 18. What is a benefit of implementing BOTH Network IDS and Host IDS? A. Network IDS can protect a network from probes and Host IDS can protect vulnerable servers. B. Wireless LANs become more secure with the additional LEAP and encryption provided by Network and Host IDS. C. Router performance can be increased by offloading Network and Host IDS functions to security appliances and servers. D. Private VLAN security provided through Network and Host IDS decreases propagation of attacks by isolating critical servers. Answer: A Question 19. How does Cisco Intrusion Protection address the financial impact of a possible network outage? (Choose two) A. Allows simplified network management. B. Identifies and reacts to known or suspected network intrusion and anomalies. C. Reduces additional financial losses by shutting down the network on intrusion. D. Prevents losses that are due to both hacker attacks and internal violations of security policy. Answer: B, D Question 20. Which product is best for real-time monitoring and protecting a network (from unauthorized activities, denial of service attacks, port sweeps) and is able to take actions against these attacks? A. Cisco Security Agent B. Cisco IDS 4200 family C. Cisco VPN Concentrator D. Cisco PIX Firewall Appliances Answer: B
|
Question 1. Javier copies a file named "secret" from a folder named "restricted" to a folder named "open". Both folders reside on the same NTFS partition. What happens to the permissions on the file named "secret"? A. The file inherits the target directory's permissions B. The file loses its permissions and is assigned to the Everyone group C. The retains the permissions it has before it was copied D. The file is copied into the new directory and the old file is deleted, all permissions are retained. Answer: A Explanation: On a copy, permissions are inherited from the target folder. However, if it was a move, then the permissions move with the file, as long as it is on the same partition. Incorrect Answers: B: The new permissions are inherited from the target folder. It is not assigned to the everyone group unless that is what the target folder permissions were set at. C: Permissions are retained on a MOVE, not a COPY. D: This is really a move operation, not a copy. Question 2. Which of the following steps is necessary to add a new device driver to a Linux machine? A. Copy the device driver to the device driver directory. B. Extend the Linux kernel by incorporating the device code. C. Insert the device into the Linux system and allow the system to choose the device files from its device directory. D. Insert the cd-rom with the device driver into the machine Linux will detect it and prompt you through installation. Answer: B Explanation: The process of adding the device driver is done by extending the Linux kernel. Incorrect Answers: A: There are directories on Linux for source and executables, but moving code to these directories does not automatically install the device driver. C: Linux does not currently provide this plug-n-play type of operation, the drivers must be explicitly added through commands to extend the kernel and make the device driver part of that extension. D: Linux does not currently provide this plug-n-play type of operation, the drivers must be explicitly added through commands to extend the kernel and make the device driver part of that extension. Question 3. Nora is a site administrator for a large e-commerce site. She notices that the site is running slower and taking longer to process transactions. What should Nora first do to trouble shoot the problem? A. Identify any bottlenecks in the current system by using the site diagnostic tools such as web trends. B. Apply any necessary patches to the software running the site. C. Monitor the CPU usage of the server running the site by using Windows NT performance monitor. D. Test the site using different connection speeds to verify whether the connection is running more slowly. Answer: C Explanation: The first thing to do is see what tasks are using the most CPU resources. In Windows NT, the Performance Monitor is the tool that will provide this monitoring. Incorrect Answers: A: The site diagnostic tools do not provide enough detail information for troubleshooting this problem. Since CPU processing performance needs to be monitored, a Operating System level tool ill b required. B: Applying the patches may fix the problem, or make it worse. The first thing that should be done is to analyze the problem, and not just throw on fixes and other code HOPING that the problem may go away. Getting to know the problem helps to identify what is really wrong, and to apply the correct fix or course of action. D: The observation that the site is running lower implied that the CPU had bottlenecks. Running at different communications speeds would only detect network bottlenecks, not CPU bottlenecks. There I no indication in this question that the network was being congested. Question 4. Ingrid is a Red Hat Linux system administrator. She is installing apache on her Linux server. Which command should Ingrid execute to determine whether apache is already installed? A. ps aus|grep apache B. lynx apache C. rpm -q apache D. rpm -i apache Answer: C Explanation: Red Hat Packet Manager (RPM) commands are used on Red Hat Linux. A query is issued to determine if apache is already there. Incorrect Answers: A: Running process status and a grep command (to search the active list) will not provide the information. If the apache server is running, then you caught it, but if the apache server is installed and not running, you will miss it. B: There is no lynx command. D: Although we need to run a RPM command, the -I form of the command does not provide the information we need. Question 5. Denise is the system administrator of a Linux system. She notices that whenever a specific process is running the performance of the system declines severely. What can Denise do to learn exactly how the process affects her system? A. Use the top program to see if the program is CPU-intensive. B. Use performance monitor to monitor the process. C. Kill the process and observe the result. D. Use pine to check the process. Answer: A Explanation: The TOP program will provide an interactive screen with information similar to the ps command, and will display performance statistics. Incorrect Answers: B: Performance monitor is a Windows term, and is not used in Linux. Performance tools available in Linux are: ps, top, and vmstat. C: Killing the process will lose the necessary information on how the process degraded the system and affected it. Denise needs to see the effect, ad this has to be done while the task is running and still doing its damage. D: Pine is a mail program, and does not provide performance checking. Question 6. Nadir installed a Perl script in the cgi-bin directory of his Linux system that is running apache server. NO significant modifications have been made to Apache server. He accesses a script named test.cgi via a web browser, but the script does not execute, and Apache server returns a 500 "Internal Server Error" message. Nadir executes the command is-al on the cgi-bin directory of the problem server. He learns that the permissions on test.cgi are 700, and that the file is owned by root. Which command should Nadir enter to ensure that his Perl script will execute securely? A. Chmod 711 test.cgi B. Chmod test.cgi 100. C. Chown apache test.cgi. D. Chmod.test.cgi 711 Answer: A Explanation: The format is chmod xxx filename. 711 Allows full access to the owner, and read access to all others. Incorrect Answers: B: This is the wrong syntax of the command, and 100 would restrict the owner to read only and everyone else is still locked out. C: Change owner will not correct the situation, it is a permission issue. D: This is the wrong syntax of the command, the permission number 711 comes before the filename. Question 7. Stephen has been assigned to install two apache web servers. He only has hardware for one server. So he decides to create a virtual server to host the second site that he will host. Which file should Stephen edit to set the virtual servers attributes? A. Httpd.conf B. Linux.conf. C. Access.conf D. Magic. Answer: A Explanation: Directives for the Apache Web server are stored in the httpd.conf file. Incorrect Answers: B: Linux.conf doesn't hold virtual server attributes. C: Access.conf is used for access control, to control which directories people can access. D: Virtual server attributes are not saved in a Magic file. Question 8. Which of the following services is an example of a Mail Transfer Agent (MTA)? A. Simple Mail Transfer Protocol (SMTP) B. Post Office Protocol version3 (POP3) C. Microsoft Outlook. D. Internet Message Access Protocol (IMAP) Answer: A Explanation: The Mail Transfer Agent is responsible for transmission of mail between servers. SMTP performs that function. Incorrect Answers: B: POP3 is a protocol used by a mail client to read mail off the server. It is not used for server to server mail transfer. C: Microsoft Outlook is a Mail User Agent (MUA), which can be customized to use either POP3 or IMAP to read mail from the mail server. D: IMAP is a protocol used by a mail client to read mail off the server. It is not used for server to server mail transfer. Question 9. Jim is configuring his new mail server but he can't remember the well-known port for SMTP. What should Jim configure his mail server? A. Jim should configure the server using port 80. B. Jim should configure the server using port 25. C. Jim should configure the server using port 23. D. Jim should configure the server using port 24. Answer: B Explanation: The well known port for SMTP is 25. Incorrect Answers: A: Port 80 is the well known port for HTTP C: Port 23 is the well known port for Telnet. D: Port 24 is not assigned as a well known port. Question 10. Frank is a system administrator for a large network. His company has a large DNS structure that he does not want to reveal to outsiders. He alters the SMTP headers of all messages so that his users appear to be sending mails from a different address. What is the name of process that Frank implemented? A. Aliasing. B. Masquerading. C. Forwarding. D. Relaying. Answer: B Explanation: Masquerading is the proper technical term for the process of changing SMPT headers to make the origins of the messages appear as if they came from a different source. Incorrect Answers: A: Aliasing allows the use of nicknames, the address itself is not hidden in this process, so Frank would not be able to hide anything but user information. C: Forwarding will forward the messages, but the headers are preserved and Frank has not hidden anything. D: Relaying is when an intermediate mail server, or hub, is used to pass mail from server to server. Headers are preserved, so nothing is hidden and the original IP addresses and domain names are exposed.
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.