An attacker configures an access point to
broadcast the same SSID that is used at a public hot- spot, and launches a
deauthentication attack against the clients that are connected to the hot-spot,
with the hope that the clients will then associate to the AP of the attacker. In
addition to the deauthentication attack, what attack has been launched?
B. MAC spoofing
C. Layer 1
D. disassociation attack
Which statement best describes the concepts of
rootkits and privilege escalation?
A. Rootkits propagate themselves.
escalation is the result of a rootkit.
C. Rootkits are a result of a
D. Both of these require a TCP port to gain
Which multicast capability is not supported by
the Cisco ASA appliance?
A. ASA configured as a rendezvous point
multicast traffic across a VPN tunnel
C. NAT of multicast traffic
D. IGMP forwarding (stub) mode
Which method of output queuing is supported on
the Cisco ASA appliance?
B. priority queuing
E. custom queuing
Which four values can be used by the Cisco IPS
appliance in the risk rating calculation? (Choose four.)
A. attack severity rating
B. target value
C. signature fidelity rating
D. promiscuous delta
E. threat rating
F. alert rating
Which three authentication methods does the
Cisco IBNS Flexible Authentication feature support? (Choose three.)
A. cut-through proxy
E. web authentication
Troubleshooting the web authentication fallback
feature on a Cisco Catalyst switch shows that clients with the 802.1X supplicant
are able to authenticate, but clients without the supplicant are not able to use
web authentication. Which configuration option will correct this issue?
A. switch(config)# aaa accounting auth-proxy default
start-stop group radius
B. switch(config-if)# authentication host-mode
C. switch(config-if)# webauth
D. switch(config)# ip http
E. switch(config-if)# authentication priority webauth dot1x
Which option on the Cisco ASA appliance must be
enabled when implementing botnet traffic filtering?
A. HTTP inspection
B. static entries in the botnet
blacklist and whitelist
C. global ACL
inspection and DNS snooping
Which signature engine is used to create a
custom IPS signature on a Cisco IPS appliance that triggers when a vulnerable
web application identified by the “/runscript.php” URI is run?
A. AIC HTTP
B. Service HTTP
D. Atomic IP
With the Cisco FlexVPN solution, which four VPN
deployments are supported? (Choose four.)
A. site-to-site IPsec tunnels?
spoke-to-spoke IPSec tunnels? (partial mesh)
C. remote access from
software or hardware IPsec clients?
D. distributed full mesh IPsec
E. IPsec group encryption using GDOI?
Which four techniques can you use for IP
management plane security? (Choose four.)
A. Management Plane Protection
E. SNMP security measures
Which three statements about remotely triggered
black hole filtering are true? (Choose three.)
A. It filters undesirable traffic.
B. It uses BGP or
OSPF to trigger a network-wide remotely controlled response to attacks.
C. It provides a rapid-response technique that can be used in handling
security-related events and incidents.
D. It requires uRPF.
Which three statements about Cisco Flexible
NetFlow are true? (Choose three.)
A. The packet information used to create flows is not
configurable by the user.
B. It supports IPv4 and IPv6 packet
C. It tracks all fields of an IPv4 header as well as sections of
the data payload.
D. It uses two types of flow cache, normal and
E. It can be a useful tool in monitoring the network for
During a computer security forensic
investigation, a laptop computer is retrieved that requires content analysis and
information retrieval. Which file system is on it, assuming it has the default
installation of Microsoft Windows Vista operating system?
Which three statements about the IANA are true?
A. IANA is a department that is operated by the
B. IANA oversees global IP address allocation.
C. IANA managed
the root zone in the DNS.
D. IANA is administered by the ICANN.
E. IANA defines URI schemes for use on the Internet.
What does the Common Criteria (CC) standard
A. The current list of Common Vulnerabilities and Exposures
B. The U.S standards for encryption export regulations
C. Tools to support the development of pivotal, forward-looking information system
D. The international standards for evaluating trust in
information systems and products
E. The international standards for
F. The standards for establishing a security incident
Which three types of information could be used
during the incident response investigation phase? (Choose three.)
A. netflow data
B. SNMP alerts
D. syslog output
E. IT compliance reports
Which of the following best describes Chain of
Evidence in the context of security forensics?
A. Evidence is locked down, but not necessarily
B. Evidence is controlled and accounted for to maintain its
authenticity and integrity.
C. The general whereabouts of evidence is
D. Someone knows where the evidence is and can say who had it if it
is not logged.
Which option is a benefit of implementing RFC
A. prevents DoS from legitimate, non-hostile end
B. prevents disruption of special services such as Mobile
C. defeats DoS attacks which employ IP source address spoofing
D. restricts directed broadcasts at the ingress router
E. allows DHCP or
BOOTP packets to reach the relay agents as appropriate
Which of the following provides the features of
route summarization, assignment of contiguous blocks of addresses, and combining
routes for multiple classful networks into a single route?
A. classless interdomain routing
D. private IP addressing