1. Home
  2. Networking
  3. CCSP Cisco Certified Security Professional Certification

Chapter Review

Chapter Review

The SAFE Implementation Exam is based on the principles and technologies contained in the “SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks” (SMR) white paper. This document is available as a PDF that can be downloaded from www.cisco.com/go/safe.

The exam topics provide an overview that can be used to guide the study process while the skills required for a successful exam can be used as a checklist to measure progress.

Questions

The following questions are based on the PDFs from the chapter. The actual exam can also include anything from the other four exams.

1.?

Which one of the following is not one of the Cisco SAFE Axioms?

  1. Switches Are Targets

  2. VPNs Are Targets

  3. Routers Are Targets

  4. Hosts Are Targets

  5. Networks Are Targets

  6. Applications Are Targets

B. VPNs Are Targets

2.?

Why must IDS be tuned when deployed?

  1. To learn the network devices

  2. To learn the protocols running in the network

  3. To reduce false positives

  4. To ensure compatibility with other security devices

C. To reduce false positives

3.?

To reduce the chances of DoS attacks, filtering should be configured on which two of the following RFCs?

  1. 2827

  2. 1518

  3. 1814

  4. 1918

A. and D. 2827 and 1918

4.?

OTP mitigates which of the following common attacks?

  1. Man-in-the-middle attacks

  2. Network reconnaissance attacks

  3. Brute force password attacks

  4. Trojan horse attacks

C. Brute force password attacks

5.?

What are the correct first initials for the Cisco Security Wheel?

  1. SMTI

  2. PITR

  3. ISPB

  4. BPIM

A. SMTI-Secure, Monitor, Test, Improve

6.?

The SAFE document considers which of the following architectures to be most secure?

  1. In-Band

  2. SSL

  3. HTTPS

  4. Out-of-Band

D. Out-of-Band

7.?

SAFE as a security policy template for company networks provides which one of the following?

  1. An all-encompassing design for providing full security for corporate networks

  2. A materials list for security purchases

  3. A single-vendor approach to end-to-end network security designs

  4. The original statement is false; SAFE is not a security policy template

D. The original statement is false, SAFE is not a security policy template

8.?

According to SAFE, what two reasons account for the increasing threat hackers pose to networks?

  1. Computers and networking devices continually becoming less complex

  2. Ubiquity of the Internet

  3. Pervasiveness of easy-to-use operating systems and development environments

  4. Darwin’s theory of evolution and natural selection

B. and C. Ubiquity of the Internet, and pervasiveness of easy-to-use operating systems and development environments

9.?

VPN remote users using split tunneling to connect to the Internet outside the VPN tunnel should use which of the following technologies to protect access to the local network?

  1. Access lists

  2. Layer 2 tunneling

  3. PIX failover

  4. Personal firewall

D. Personal firewall

10.?

Which of the following can’t mitigate the threat of packet sniffers in the network?

  1. Replacing hubs with Layer 2 switches

  2. Cryptography

  3. Using only static routes in the LAN routers

  4. Strong authentication

C. Use only static routes in the LAN routers

11.?

The central theme of Cisco AVVID and Cisco AVVID Network Infrastructure can be split into four general layers of emphasis. Which of the following doesn’t belong?

  1. Applications resilience

  2. Business resilience

  3. Hardware resilience

  4. Network resilience

  5. Communications resilience

C. Hardware resilience

12.?

Which is not one of the five primary concerns of network deployment addressed by Cisco AVVID Network Infrastructure?

  1. Quality of service (QoS)

  2. Security

  3. Mobility

  4. Interoperability

  5. High availability

  6. Scalability

D. Interoperability

13.?

According to AVVID, Cisco’s security suite emphasizes three key areas. Which of the following is not one of them?

  1. External Network Security

  2. Device Security

  3. Internal Network Security

  4. Network Identity

B. Device Security

14.?

What is frequently the only way to thwart a DoS attack?

  1. A strong perimeter router backed up by a firewall

  2. Cooperation with the Internet service provider (ISP)

  3. A strong perimeter firewall backed up by a router

  4. Running TCP Intercept on the perimeter router

B. Cooperation with the Internet service provider (ISP)

15.?

Which two of the following are advantages of using a VPN hardware client device?

  1. Lower cost than a router

  2. Access and authentication centrally administered

  3. More secure than a firewall device

  4. Individual PCs on the remote-site network do not need VPN client software

B. and D. Access and authentication can be centrally administered, and individual PCs on the remote-site network do not need VPN client software

Answers

1.?

B. VPNs Are Targets

2.?

C. To reduce false positives

3.?

A. and D. 2827 and 1918

4.?

C. Brute force password attacks

5.?

A. SMTI—Secure, Monitor, Test, Improve

6.?

D. Out-of-Band

7.?

D. The original statement is false, SAFE is not a security policy template

8.?

B. and C. Ubiquity of the Internet, and pervasiveness of easy-to-use operating systems and development environments

9.?

D. Personal firewall

10.?

C. Use only static routes in the LAN routers

11.?

C. Hardware resilience

12.?

D. Interoperability

13.?

B. Device Security

14.?

B. Cooperation with the Internet service provider (ISP)

15.?

B. and D. Access and authentication can be centrally administered, and individual PCs on the remote-site network do not need VPN client software



BackCover
CCSP - Cisco Certified Security Professional Certification All-in-One Exam Guide
Introduction
Part I: Introduction to Network Security
Part II: Securing the Network Perimeter
Part III: Virtual Private Networks (VPNs)
Part IV: PIX Firewalls
Part V: Intrusion Detection Systems (IDS)
Part VI: Cisco SAFE Implementation
Chapter 27: Cisco SAFE Implementation
Preparation Documents
Exam Topics
Skills Required for the Exam
Chapter Review
Appendix A: Access Control Lists
Appendix B: About the CD
List of Figures
List of Tables
List of Sidebars