Class Activity 01 (Multiple Choice Questions)
Date: 20 April 2025
What method can be used to mitigate ping sweeps?
a) using encrypted or hashed authentication protocols
b) installing antivirus software on hosts
c) deploying antisniffer software on all network devices
d) blocking ICMP echo and echo-replies at the network edge
Answer: D
What are the three major components of a worm attack? (Choose three.)
a) a penetration mechanism
b) an infecting vulnerability
c) a payload
d) an enabling vulnerability
e) a probing mechanism
f) a propagation mechanism
Answer: A,C,F
Which statement accurately characterizes the evolution of threats to network
security?
a) Internal threats can cause even greater damage than external threats.
b) Threats have become less sophisticated while the technical knowledge needed
by an attacker has grown.
c) Early Internet users often engaged in activities that would harm other users.
d) Internet architects planned for network security from the beginning
Answer: A
What causes a buffer overflow?
a) launching a security countermeasure to mitigate a Trojan horse
b) sending repeated connections such as Telnet to a particular device, thus denying
other data sources.
c) downloading and installing too many software updates at one time
d) attempting to write more data to a memory location than that location can hold
e) sending too much information to two or more interfaces of the same device,
thereby causing dropped packets
Answer: D
What commonly motivates cybercriminals to attack networks as compared to
hactivists or state-sponsored hackers?
a) status among peers
b) fame seeking
c) financial gain
d) political reasons
Answer: C
Which two network security solutions can be used to mitigate DoS attacks?
(Choose two.)
a) virus scanning
b) intrusion protection systems
c) applying user authentication
d) antispoofing technologies
e) data encryption
Answer: B,D
Which two statements characterize DoS attacks? (Choose two.)
a) Examples include smurf attacks and ping of death attacks.
b) They attempt to compromise the availability of a network, host, or application
c) They are difficult to conduct and are initiated only by very skilled attackers.
d) They are commonly launched with a tool called L0phtCrack.
e) They always precede access attacks.
Answer: A,B
What functional area of the Cisco Network Foundation Protection framework is
responsible for device-generated packets required for network operation, such as
ARP message exchanges and routing advertisements?
a) data plane
b) control plane
c) management plane
d) forwarding plane
Answer: B
What are the three components of information security ensured by cryptography?
(Choose three.)
a) threat prevention
b) authorization
c) confidentiality
d) countermeasures
e) integrity
f) availability
Answer: C,E,F
What is the primary method for mitigating malware?
a) using encrypted or hashed authentication protocols
b) installing antivirus software on all hosts
c) blocking ICMP echo and echo-replies at the network edge
d) deploying intrusion prevention systems throughout the network
Answer: B
What is an objective of a state-sponsored attack?
a) to gain financial prosperity
b) to sell operation system vulnerabilities to other hackers
c) to gain attention
d) to right a perceived wrong
e) Spy on citizens, disrupt foreign government
Answer: E
What role does the Security Intelligence Operations (SIO) play in the Cisco SecureX
architecture?
a) identifying and stopping malicious traffic
b) authenticating users
c) enforcing policy
d) identifying applications
Answer: A
What worm mitigation phase involves actively disinfecting infected systems?
a) Treatment
b) containment
c) inoculation
d) quarantine
Answer: A
How is a smurf attack conducted?
a) by sending a large number of packets to overflow the allocated buffer memory of
the target device
b) by sending a large number of ICMP requests to directed broadcast addresses
from a spoofed source address on the same network
c) by sending a large number of TCP SYN packets to a target device from a spoofed
source address
d) by sending an echo request in an IP packet larger than the maximum packet size
of 65,535 bytes
Answer: B
What is a characteristic of a Trojan horse as it relates to network security?
a) Malware is contained in a seemingly legitimate executable program.
b) Extreme quantities of data are sent to a particular network device interface.
c) An electronic dictionary is used to obtain a password to be used to infiltrate a key
network device.
d) Too much information is destined for a particular memory block causing
additional memory areas to be affected
Answer: A
What is the first step in the risk management process specified by the ISO/IEC?
a) Create a security policy.
b) Conduct a risk assessment.
c) Inventory and classify IT assets.
d) Create a security governance model
Answer: C
What is the significant characteristic of worm malware?
a) A worm can execute independently of the host system.
b) A worm must be triggered by an event on the host system.
c) Worm malware disguises itself as legitimate software
d) Once installed on a host system, a worm does not replicate itself
Answer: A
Which condition describes the potential threat created by Instant On in a data
center?
a) when the primary firewall in the data center crashes
b) when an attacker hijacks a VM hypervisor and then launches attacks against
other devices in the data center
c) when the primary IPS appliance is malfunctioning
d) when a VM that may have outdated security policies is brought online after a long
period of inactivity
Answer: D
What are the three core components of the Cisco Secure Data Center solution?
(Choose three.)
a) mesh network
b) secure segmentation
c) visibility
d) threat defense
e) servers
f) infrastructure
Answer: B,C,D
A disgruntled employee is using Wireshark to discover administrative Telnet
usernames and passwords. What type of network attack does this describe?
a) trust exploitation
b) denial of service
c) reconnaissance
d) port redirection
Answer: C
What is the role of an IPS?
a) connecting global threat information to Cisco network security devices
b) authenticating and validating traffic
c) detecting and blocking of attacks in real time
d) filtering of nefarious websites
Answer: C
Which two statements describe access attacks? (Choose two.)
a) Trust exploitation attacks often involve the use of a laptop to act as a rogue
access point to capture and copy all network traffic in a public location, such as
a wireless hotspot.
b) To detect listening services, port scanning attacks scan a range of TCP or UDP
port numbers on a host
c) Buffer overflow attacks write data beyond the hallocated buffer memory to
overwrite valid data or to exploit systems to execute malicious code.
d) Password attacks can be implemented by the use os brute-force attack
methods, Trojan horse, or packet sniffers.
e) Port redirection attacks use a network adapter card in promiscuous mode to
capture all network packets that are sent across a LAN
Answer: A
What is a ping sweep?
a) a scanning technique that examines a range of TCP or UDP port numbers on a
host to detect listening services.
b) a software application that enables the capture of all network packets that are
sent across a LAN.
c) a query and response protocol that identifies information about a domain,
including the addresses that are assigned to that domain
d) a network scanning technique that indicates the live hosts in a range of IP
addresses.
Answer:D