|
QUESTION 81 Exhibit: /etc/hosts.equiv:
/etc/passwd: user_B:x:1003:1:User B:/export/home/user_B:/bin/ksh user_C:x:1004:1:User C:/export/home/user_C:/bin/ksh with host_B having the ip 2.2.2.2 & host C having the ip 3.3.3.3 Given the files shown in the exhibit, which policy would be enforced?
A. Allow user_B on Host_B to access host_A via rlogin, rsh, rcp, & rcmd without a password.
B. Allow users to telnet from host_B to host_A but prevent users from telnetting from unlisted hosts including host_C
C. Allow users on host_A to telnet to host_B but not to unlisted hosts including host_C
D. Allow user_B to access host_A via rlogin, rsh, rcp, & rcmd with a password but to prevent access from unlisted hosts including host_C Answer: D
QUESTION 82 Given the situation where two routers have their SA lifetime configured for 86399 seconds and 2 million kilobytes. What will happen after 24 hours have passed and 500 KB of traffic have been tunneled?
A. If pre-shared keys are being used, traffic will stop until new keys are manually obtained and inputted.
B. The SA will be renegotiated.
C. The SA will not be renegotiated until 2 MB of traffic have been tunneled.
D. Unencrypted traffic will be sent. Answer: C Explanation:
more or less 86399 seconds is 23.9 hours however 86400 is 24 hours so the SA need to be renegotiated
QUESTION 83 Why would you advice the new Cisco Highway trainee technician NOT to use TFTP with authentication?
A. TFTP makes use of UDP as transport method.
B. A server initiates TFTP.
C. TFTP protocol has no hook for a username/password.
D. TFTP is already secure.
E. All of the above. Answer: C Explanation: FTP requires a username and password. TFTP does not.
QUESTION 84 The Cisco Highway network manager ascertained that security has been breached on a router or PC client and thus wants to revoke the CA certificate. What should he/she do to accomplish this?
A. type: configure terminal crypto ca revoke if there is a router involved.
B. Contact the CA administrator and be prepared to provide the challenge password chosen upon installation.
C. Uninstall the IPSec software on the PC, erase the router configuration and reconfigure the router, and request the certificate in the same way as the initial installation (Issuance of the new certificate will revoke the old one by default).
D. Send e-mail to 'sysadmin@icsa.net' with the hostname and IP of the compromised device requesting certificate revocation. Answer: B Explanation:
If you lose the password, the CA administrator may still be able to revoke the PIX Firewall's certificate, but will require further manual authentication of the PIX Firewall administrator identity.
QUESTION 85 Why do scanning tools may report a root Trojan Horse compromise when it is run against an IOS component?
A. IOS is based on BSD UNIX and is thus subject to a Root Trojan Horse compromise.
B. The scanning software is detecting the hard-coded backdoor password in IOS.
C. Some IOS versions are crash able with the telnet option vulnerability.
D. The port scanning package miss-parses the IOS error messages.
E. IOS will not respond to vulnerability scans. Answer: D
QUESTION 86 Which of the following statements regarding the RADIUS authentication protocol is valid? (Choose all that apply.)
A. UDP 1812 is specified in RFC 2138.
B. UDP 1645 is commonly used by many vendors.
C. UDP 1647 is specified in RFC 2139.
D. UDP 48 is commonly used by many vendors. Answer: A, B Explanation: Exactly one RADIUS packet is encapsulated in the UDP Data field [2], where the UDP Destination Port field indicates 1812 (decimal). When a reply is generated, the source and destination ports are reversed. This memo documents the RADIUS protocol. There has been some confusion in the assignment of port numbers for this protocol. The early deployment of RADIUS was done using the erroneously chosen port number 1645, which conflicts with the "data metrics" service. The officially assigned port number for RADIUS is 1812.
QUESTION 87 The Cisco Highway Security Manager needs to configure an IPSec connection using ISAKMP with routers from mixed vendors. Which information would be superfluous when configuring the local security device to communicate with the remote machine?
A. Remote peer address.
B. Main mode attributes.
C. Peer gateway subnet.
D. Quick mode attributes.
E. Addresses that need to be encrypted.
F. Encryption authentication method. Answer: C Explanation: The peers gateway subnet is not needed. The address is needed.
QUESTION 88 Why is an ISAKMP NOTIFY message used between IPSec endpoints?
A. ISAKMP NOTIFY message informs the other side of failures that occurred.
B. ISAKMP NOTIFY message informs the other side of the status of an attempted IPSec transaction.
C. ISAKMP NOTIFY message informs the other side when a physical link with an applied SA has been torn down.
D. ISAKMP NOTIFY message informs the other side when an SA has been bought up on an unstable physical connection; potential circuit flapping can cause problems for SPI continuity. Answer: C
QUESTION 89 Exhibit: What could be the most likely reason why Host 1 cannot ping Host 2 and Host 2 cannot ping Host 1?
A. Split horizon issue.
B. Default gateway on hosts.
C. Routing problem with RIP.
D. All of the above. Answer: D
QUESTION 90 What role does the FTP client play when building a non-passive FTP data connection?
A. The FTP client indicates the port number to be used for sending data over the command channel via the PORT command.
B. The FTP client receives all data on port 20, the same port the FTP server daemon sends data from.
C. The FTP client makes use of port 20 for establishing the command channel and port 21 for the data channel.
D. The FTP client initiates the connection from an ephemeral port to the RFC specified port of the server. Answer: D Explanation: Standard mode FTP uses two channels for communications. When a client starts an FTP connection, it opens a standard TCP channel from one of its higher-order ports to port 21 on the server. This is referred to as the command channel. Cisco Secure PIX firewall Advanced 2.0 10-5
Search and Find Anything Here
|
|
Print
this Page
