思科网络工程师题库4.docx

思科网络工程师题库201-327Q201.AnorganizationisimplementingURLblockingusingCiscoUmbreIIA.Theusersareabletogotosomesitesbutothersitesarenotaccessibleduetoanerror.Whyistheerroroccurring?A. ClientcomputersdonothavetheCiscoUmbrellaRootCAcertificateinstalled.B. IP-LayerEnforcementisnotconfigured.C. ClientcomputersdonothaveanSSLcertificatedeployedfromaninternalCAserver.D. IntelligentproxyandSSLdecryptionisdisabledinthepolicy.Answer:AExplanation:OtherfeaturesaredependentonSSLDecryptionfunctionality,whichrequirestheCiscoUmbrellarootcertificate.HavingtheSSLDecryptionfeatureimproves:CustomURLBlocking-RequiredtoblocktheHTTPSversionofaURL.Umbrella'sBlockPageandBlockPageBypassfeaturespresentanSSLcertificatetobrowsersthatmakeconnectionstoHTTPSsites.ThisSSLcertificatematchestherequestedsitebutwillbesignedbytheCiscoUmbrellacertificateauthority(CA).IftheCAisnottrustedbyyourbrowser,anerrorpagemaybedisplayed.Typicalerrorsinclude"Thesecuritycertificatepresentedbythiswebsitewasnotissuedbyatrustedcertificateauthority"(InternetExplorer),"Thesite'ssecuritycertificateisnottrusted!"(GoogleChrome)or"ThisConnectionisUntrusted"(MozillaFirefox).Althoughtheerrorpageisexpected,themessagedisplayedcanbeconfusingandyoumaywishtopreventitfromappearing.Toavoidtheseerrorpages,installtheCiscoUmbrellarootcertificateintoyourbrowserorthebrowsersofyourusers-ifyou'reanetworkadmin.Reference:httpsdocs.umbrellA.com/deployment-umbrella/docs/rebrand-cisco-certificate-import-informationQ202.WhichtwoaspectsofthecloudPaaSmodelaremanagedbythecustomerbutnottheprovider?(Choosetwo)A. virtualizationB. middlewareC. operatingsystemsD.applicationsE.dataServiceprovidermanagesApplicatiRuntiMiddlewVirtualizaServeStoragNetworkAnswer:DEExplanation:PaaSDataO/SQ203.WhatisanattributeoftheDevSecOpsprocess?A. mandatedsecuritycontrolsandchecklistsB. securityscanningandtheoreticalvulnerabilitiesC. developmentsecurityD. isolatedsecurityteamAnswer:CExplanation:DevSecOps(development,security,andoperations)isaconceptusedinrecentyearstodescribehowtomovesecurityactivitiestothestartofthedevelopmentlifecycleandhavebuilt-insecuritypracticesinthecontinuousintegration/continuousdeployment(CICD)pipeline.ThusminimizingvulnerabilitiesandbringingsecurityclosertoITandbusinessobjectives.ThreekeythingsmakearealDevSecOpsenvironment:+Securitytestingisdonebythedevelopmentteam.+Issuesfoundduringthattestingismanagedbythedevelopmentteam.+Fixingthoseissuesstayswithinthedevelopmentteam.Q204.Anengineernoticestrafficinterruptiononthenetwork.Uponfurtherinvestigation,itislearnedthatbroadcastpacketshavebeenfloodingthenetwork.Whatmustbeconfigured,basedonapredefinedthreshold,toaddressthisissue?A. BridgeProtocolDataUnitguardB. embeddedeventmonitoringC. stormcontrolD. accesscontrollistsAnswer:CExplanation:StormcontrolpreventstrafficonaLANfrombeingdisruptedbyabroadcast,multicast,orunicaststormononeofthephysicalinterfaces.ALANstormoccurswhenpacketsfloodtheLAN,creatingexcessivetrafficanddegradingnetworkperformance.Errorsintheprotocol-stackimplementation,mistakesinnetworkconfigurations,orusersissuingadenial-of-serviceattackcancauseastorm.Byusingthe"storm-controlbroadcastlevelfalling-threshold"wecanlimitthebroadcasttrafficontheswitch.Q205.WhichtwocryptographicalgorithmsareusedwithIPsec?(Choosetwo)A. AES-BACB. AES-ABCC. HMAC-SHA1SHA2D. TripleAMC-CBCE. AES-CBCAnswer:CEExplanation:CryptographicalgorithmsdefinedforusewithIPsecinclude:+HMAC-SHA1SHA2forintegrityprotectionandauthenticity.+TripIeDES-CBCforconfidentiality+AES-CBCandAES-CTRforconfidentiality.+AES-GCMandChaCha20-Polyl305providingconfidentialityandauthenticationtogetherefficiently.Q206.lnwhichtypeofattackdoestheattackerinserttheirmachinebetweentwohoststhatarecommunicatingwitheachother?A. LDAPinjectionB. ma-i-the-middleC. cross-sitescriptingD. insecureAPIAnswer:BExplanation:NewQuestions(addedon2nd-Jan-2021)Q207.WhichDosattackusesfragmentedpacketstocrashatargetmachine?A. smurfB. MITMC. teardropD. LANDAnswer:CExplanation:Ateardropattackisadenial-of-service(DoS)attackthatinvolvessendingfragmentedpacketstoatargetmachine.SincethemachinereceivingsuchpacketscannotreassemblethemduetoabuginTCP/IPfragmentationreassembly,thepacketsoverlaponeanother,crashingthetargetnetworkdevice.ThisgenerallyhappensonolderoperatingsystemssuchasWindows3.lx,Windows95,WindowsNTandversionsoftheLinuxkernelpriorto2.1.63.Q208.Whyisitimportanttohavelogicalsecuritycontrolsonendpointseventhoughtheusersaretrainedtospotsecuritythreatsandthenetworkdevicesalreadyhelppreventthem?A.topreventtheftoftheendpointsB. becausedefense-in-depthstopsatthenetworkC. toexposetheendpointtomorethreatsD. becausehumanerrororinsiderthreatswillstillexistAnswer:DQ209.WhichtypeofAPIisbeingusedwhenasecurityapplicationnotifiesacontrollerwithinasoftware-definednetworkarchitectureabou