Security Solutions for Systems Engineers
my paper, It was bcuz of www.exams.ws . All the questions
in the exam are from their material.
Goodluck to u too.
Q: 1 Which attack method is typically used by Pharming
attacks that are used to fool users into submitting
sensitive information to malicious servers?
A. DHCP exhaustion
B. DNS cache poisoning
C. DHCP server spoofing
D. IP spoofing
2 Open Shortest Path First (OSPF) is a dynamic routing
protocol for use in Internet Protocol (IP) networks.
An OSPF router on the network is running at an abnormally
high CPU rate. By use of different OSPF debug commands
on Router, the network administrator determines that
router is receiving many OSPF link state packets from
an unknown OSPF neighbor, thus forcing many OSPF path
recalculations and affecting router's CPU usage. Which
OSPF configuration should the administrator enable to
preent this kind of attack on the Router?
A. Multi-Area OSPF
B. OSPF stub Area
C. OSPF MD5 Authentication
D. OSPF not-so-stubby Area
3 Which one of the following Cisco Security Management
products is able to perform (syslog) events normalization?
A. Cisco IME
B. Cisco Security Manager
C. Cisco ASDM
D. Cisco Security MARS
4 Can you tell me which one of the following platforms
has the highest IPSec throughput and can support the
highest number of tunnels?
A. Cisco 6500/7600 + VPN SPA
B. Cisco ASR 1000-5G
C. Cisco 7200 NPE-GE+VSA
D. Cisco 7200 NPE-GE+VAM2+
5 Which function can be implemented by the Cisco Security
Agent data access control feature?
A. Enables trustedQoS marking at the end host
B. Detects changes to system files by examining the
C. Detects attempts to modify the file registry
D. Detects malformed HTTP requests by examining the
URI in the HTTP request
6 Cisco Security Agent is the first endpoint security
solution that combines zero-update attack protection,
data loss prevention and signature-based antivirus in
a single agent. This unique blend of capabilities defends
servers and desktops against sophisticated day-zero
attacks and enforces acceptable-use and compliance policies
within a simple management infrastructure. What are
three functions of CSA in helping to secure customer
A. Control of executable content
B. Identification of vulnerabilities
C. Application Control
D. System hardening
7 Cisco Secure Access Control Server (ACS) is an access
policy control platform that helps you comply with growing
regulatory and corporate requirements. Which three of
these items are features of the Cisco Secure Access
B. RSA Certificates
8 Observe the following protocols carefully, which one
is used to allow the utilization of Cisco Wide Area
Application Engines or Cisco IronPort S-Series web security
appliances to localize web traffic patterns I the network
and to enable the local fulfillment of content requests?
9 Which one is not the factor can affect the risk rating
of an IPS alert?
B. Attacker location
C. Event severity
D. Signature fidelity
10 For the following items, which two are differences
between symmetric and asymmetric encryption algorithms?
A. Asymmetric encryption is slower than symmetric encryption
B. Asymmetric encryption is more suitable than symmetric
encryption for real-time bulk encryption
C. Symmetric encryption is used in digital signatures
and asymmetric encryption is used in HMACs
D. Asymmetric encryption requires a much larger key
size to achieve the same level of protection as asymmetric
11 Which VPN technology can not be used over the internet?
B. GRE overIPsec
C. IPsec direct encapsulation
D. GET VPN