Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Cisco SAFE Implementation Questions and Answers

Cisco SAFE Implementation Questions and Answers

Mar 24,2010 by alperen

small font medium font large font
image

The SAFE Implementation Exam is based on the principles and technologies contained in the “SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks” (SMR) white paper. This document is available as a PDF that can be downloaded from www.cisco.com/go/safe.

The exam topics provide an overview that can be used to guide the study process while the skills required for a successful exam can be used as a checklist to measure progress.

Questions

The following questions are based on the PDFs from the chapter. The actual exam can also include anything from the other four exams.

1. 

Which one of the following is not one of the Cisco SAFE Axioms?

  1. Switches Are Targets

  2. VPNs Are Targets

  3. Routers Are Targets

  4. Hosts Are Targets

  5. Networks Are Targets

  6. Applications Are Targets

2. 

Why must IDS be tuned when deployed?

  1. To learn the network devices

  2. To learn the protocols running in the network

  3. To reduce false positives

  4. To ensure compatibility with other security devices

3. 

To reduce the chances of DoS attacks, filtering should be configured on which two of the following RFCs?

  1. 2827

  2. 1518

  3. 1814

  4. 1918

4. 

OTP mitigates which of the following common attacks?

  1. Man-in-the-middle attacks

  2. Network reconnaissance attacks

  3. Brute force password attacks

  4. Trojan horse attacks

5. 

What are the correct first initials for the Cisco Security Wheel?

  1. SMTI

  2. PITR

  3. ISPB

  4. BPIM

6. 

The SAFE document considers which of the following architectures to be most secure?

  1. In-Band

  2. SSL

  3. HTTPS

  4. Out-of-Band

7. 

SAFE as a security policy template for company networks provides which one of the following?

  1. An all-encompassing design for providing full security for corporate networks

  2. A materials list for security purchases

  3. A single-vendor approach to end-to-end network security designs

  4. The original statement is false; SAFE is not a security policy template

8. 

According to SAFE, what two reasons account for the increasing threat hackers pose to networks?

  1. Computers and networking devices continually becoming less complex

  2. Ubiquity of the Internet

  3. Pervasiveness of easy-to-use operating systems and development environments

  4. Darwin’s theory of evolution and natural selection

9. 

VPN remote users using split tunneling to connect to the Internet outside the VPN tunnel should use which of the following technologies to protect access to the local network?

  1. Access lists

  2. Layer 2 tunneling

  3. PIX failover

  4. Personal firewall

10. 

Which of the following can’t mitigate the threat of packet sniffers in the network?

  1. Replacing hubs with Layer 2 switches

  2. Cryptography

  3. Using only static routes in the LAN routers

  4. Strong authentication

11. 

The central theme of Cisco AVVID and Cisco AVVID Network Infrastructure can be split into four general layers of emphasis. Which of the following doesn’t belong?

  1. Applications resilience

  2. Business resilience

  3. Hardware resilience

  4. Network resilience

  5. Communications resilience

12. 

Which is not one of the five primary concerns of network deployment addressed by Cisco AVVID Network Infrastructure?

  1. Quality of service (QoS)

  2. Security

  3. Mobility

  4. Interoperability

  5. High availability

  6. Scalability

13. 

According to AVVID, Cisco’s security suite emphasizes three key areas. Which of the following is not one of them?

  1. External Network Security

  2. Device Security

  3. Internal Network Security

  4. Network Identity

14. 

What is frequently the only way to thwart a DoS attack?

  1. A strong perimeter router backed up by a firewall

  2. Cooperation with the Internet service provider (ISP)

  3. A strong perimeter firewall backed up by a router

  4. Running TCP Intercept on the perimeter router

15. 

Which two of the following are advantages of using a VPN hardware client device?

  1. Lower cost than a router

  2. Access and authentication centrally administered

  3. More secure than a firewall device

  4. Individual PCs on the remote-site network do not need VPN client software

Answers

1. 

B. VPNs Are Targets

2. 

C. To reduce false positives

3. 

A. and D. 2827 and 1918

4. 

C. Brute force password attacks

5. 

A. SMTI—Secure, Monitor, Test, Improve

6. 

D. Out-of-Band

7. 

D. The original statement is false, SAFE is not a security policy template

8. 

B. and C. Ubiquity of the Internet, and pervasiveness of easy-to-use operating systems and development environments

9. 

D. Personal firewall

10. 

C. Use only static routes in the LAN routers

11. 

C. Hardware resilience

12. 

D. Interoperability

13. 

B. Device Security

14. 

B. Cooperation with the Internet service provider (ISP)

15. 

B. and D. Access and authentication can be centrally administered, and individual PCs on the remote-site network do not need VPN client software


2229 times read

Related news
» Deploying Cisco IDS Sensors
by admin posted on Nov 24,2008
» Preparation Documents
by alperen posted on Mar 24,2010
» Identifying the Critical Infrastructure and Services
by admin posted on Nov 24,2008
» EAP Message Digest 5 (EAP-MD5) and EAP Transport LAN Services (EAP-TLS)
by alperen posted on Jul 18,2009
» Cisco Intrusion Detection
by admin posted on Nov 24,2008
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

alperen

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.