The SAFE Implementation Exam is based on the principles and technologies contained in the “SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks” (SMR) white paper. This document is available as a PDF that can be downloaded from www.cisco.com/go/safe.
The exam topics provide an overview that can be used to guide the study process while the skills required for a successful exam can be used as a checklist to measure progress.
The following questions are based on the PDFs from the chapter. The actual exam can also include anything from the other four exams.
1.? |
Which one of the following is not one of the Cisco SAFE Axioms?
|
|
2.? |
Why must IDS be tuned when deployed?
|
|
3.? |
To reduce the chances of DoS attacks, filtering should be configured on which two of the following RFCs?
|
|
4.? |
OTP mitigates which of the following common attacks?
|
|
5.? |
What are the correct first initials for the Cisco Security Wheel?
|
|
6.? |
The SAFE document considers which of the following architectures to be most secure?
|
|
7.? |
SAFE as a security policy template for company networks provides which one of the following?
|
|
8.? |
According to SAFE, what two reasons account for the increasing threat hackers pose to networks?
|
|
9.? |
VPN remote users using split tunneling to connect to the Internet outside the VPN tunnel should use which of the following technologies to protect access to the local network?
|
|
10.? |
Which of the following can’t mitigate the threat of packet sniffers in the network?
|
|
11.? |
The central theme of Cisco AVVID and Cisco AVVID Network Infrastructure can be split into four general layers of emphasis. Which of the following doesn’t belong?
|
|
12.? |
Which is not one of the five primary concerns of network deployment addressed by Cisco AVVID Network Infrastructure?
|
|
13.? |
According to AVVID, Cisco’s security suite emphasizes three key areas. Which of the following is not one of them?
|
|
14.? |
What is frequently the only way to thwart a DoS attack?
|
|
15.? |
Which two of the following are advantages of using a VPN hardware client device?
|
|
Answers
1.? |
B. VPNs Are Targets |
2.? |
C. To reduce false positives |
3.? |
A. and D. 2827 and 1918 |
4.? |
C. Brute force password attacks |
5.? |
A. SMTI—Secure, Monitor, Test, Improve |
6.? |
D. Out-of-Band |
7.? |
D. The original statement is false, SAFE is not a security policy template |
8.? |
B. and C. Ubiquity of the Internet, and pervasiveness of easy-to-use operating systems and development environments |
9.? |
D. Personal firewall |
10.? |
C. Use only static routes in the LAN routers |
11.? |
C. Hardware resilience |
12.? |
D. Interoperability |
13.? |
B. Device Security |
14.? |
B. Cooperation with the Internet service provider (ISP) |
15.? |
B. and D. Access and authentication can be centrally administered, and individual PCs on the remote-site network do not need VPN client software |