+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 39
  1. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #1

    Default 642-552 SND practice questions

    This is not a question of the day thing, consider them beta as long as I haven't moved them to our test engine yet.

    Here's the first one:

    1. Which of the following commands configure a router to send syslog messages with a severity of 3 and lower to a syslog server with the IP address 192.168.220.40?

    a. Router(config)# logging on 192.168.220.40
    Router(config)# logging trap warnings

    b. Router(config)# logging on
    Router(config)# syslog 192.168.220.40
    Router(config)# logging trap errors

    c. Router(config)# logging 192.168.220.40
    Router(config)# logging trap errors

    d. Router(config)# syslog 192.168.220.40
    Router(config)# logging trap warnings

    I'll post the answer and the next question tomorrow.
    Reply With Quote Quote  

  2. SS -->
  3. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #2
    Answer: C

    Explanation: Syslog messages have a severity level ranging from 0 to 7, where 0 is the most severe. When you log to the console, all events (up to level 7) are logged, and when you log to a syslog server, events up to level 6 are logged. The following table shows the severity levels and their names:

    Code:
    Level	Level name	Description
    0		Emergencies	Router unusable
    1		Alerts		Immediate action needed
    2		Critical		Critical conditions
    3		Errors		Error conditions
    4		Warnings		Warning conditions
    5		Notifications	Normal but important conditions
    6		Informational	Informational messages
    7		Debugging		Debugging messages
    Higher level events, thus less critical, are not always interesting and logging them all may use up too many system and network resources. When you configure syslogging, you can specify the severity level. The default is informational (level 6), which means level 7 debugging messages are ignored. Use the following commands to configure a router to use syslogging to send messages to a central syslog server.

    Enable logging to syslog server:
    Router(config)# logging ip address

    Configure the severity level for syslog messages:
    Router(config)# logging trap level
    Reply With Quote Quote  

  4. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #3
    Question nr. 2

    You are the network administrator at a small company. You just used AutoSecure to configure a router. Which of the following commands should you use to change the minimum password length to 8 characters?

    a. security passwords min-length 8
    b. passwords min-length 8
    c. auto secure passwords-length 8
    d. security passwords length 8
    e. None of the above, AutoSecure configures the minimum password length of 8 by default.

    Answer + Explanation + new question tomorrow...
    Reply With Quote Quote  

  5. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #4
    Answer: A

    Explanation: AutoSecure configures a minimum password length of six characters. This affects user passwords, enable passwords and secrets, and line passwords. The minimum length can be increased by using the following command in global config mode:
    Router(config)# security passwords min-length length
    Reply With Quote Quote  

  6. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #5
    3. Which of the following features can be configured during the forwarding plane portion of AutoSecure?

    a. ICMP redirects
    b. SSH and SCP
    c. Maintenance Operations Protocol (MOP)
    d. Unicast Reverse Path Forwarding (uRPF)

    Anyone?
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Nov 2003
    Location
    Denton, Texas
    Posts
    170

    Certifications
    B.S Electrical Engineering, B.S. Computer Information Systems, A+, N+, CCNA, CCSP, CCIE Security Written 04/18/10
    #6
    Well Johan,

    Next time you might want to specify that you want someone to answer those questions...LOL!

    Anyway...I will take a shot at it......

    My answer would be A but I am not sure on this. I researched it a little and maybe I am reading the question wrong but it could be both answers.

    ENLIGHTEN ME

    Cisco AutoSecure-Configuring Interface Specific Services - IP Redirect

    -An ICMP redirect message instructs hosts on a network to use a specific router as its path to a particular destination. In a properly functioning IP network, a router will send redirects only to hosts on its own local subnets, no host will ever send a redirect, and no redirect will ever be sent more than one network hop away. These messages are useful for diagnosis. An attacker may use this as a method to map the network.

    -It can be beneficial to filter out incoming ICMP redirects messages at the input interfaces of any router that lies at an untrusted border. For better security, disable these messages at all interfaces.

    -Cisco AutoSecure disables IP redirects on each interface using the no ip redirect interface configuration command.

    Cisco AutoSecure-Configuring Ingress Filtering - Unicast RFP

    -Unicast Reverse Path Forwarding (RPF) is an input function on an interface that can be set to check if the source address is reachable by the interface that received it, or is reachable by any interface. Unicast RFP is a defense against spoofing and DoS attacks.

    -Unicast RFP depends on Cisco Express Forwarding. If the router does not support Cisco Express Forwarding, then you cannot use Unicast RFP. Unicast RFP is best suited for routers that act as a boundary between two networks (i.e filtering edge router between a LAN and the Internet). When used properly, it can provide a better performance than an access list for ingress and egress filtering.
    -Cisco AutoSecure automatically configures strict Unicast RPF if the router platform supports this function. It configures all interfaces connected to the Internet by using the ip verify source reachable-via interface command. This helps drop any source-spoofed packets.
    Reply With Quote Quote  

  8. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #7
    Yes, thank you, that is the general idea of these questions, it's no fun if I have to answer them all myself , and mainly to catch mistakes before I add them to our test engine. Which is the case with this one, you are not reading it wrong, I wrote it wrong. I reworded this one right before posting, which I shouldn't have done. The question should read:

    Which of the following features can be configured during the forwarding plane portion of AutoSecure?

    http://www.techexams.net/technotes/c...tosecure.shtml
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Nov 2003
    Location
    Denton, Texas
    Posts
    170

    Certifications
    B.S Electrical Engineering, B.S. Computer Information Systems, A+, N+, CCNA, CCSP, CCIE Security Written 04/18/10
    #8
    There ya go......keep them coming Johan...keep them coming.....!
    Reply With Quote Quote  

  10. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #9
    Ok so, the answer was D. The others can be configured/disabled during the management plane portion.

    Explanation: Unicast Reverse Path Forwarding (uRPF) can be configured during the forwarding plane portion of AutoSecure to help mitigate spoofing attacks. uRPF blocks all IP packets that don’t have a verifiable IP source address. ICMP redirects and MOP are disabled for each interface, and if available, SSH and SCP are enabled for secure access and file transport, during the management plane portion of AutoSecure.

    New one coming up!
    Reply With Quote Quote  

  11. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #10
    4. Which of the following best describes a structured threat?

    a. A student using an automatic scanning tool to find known vulnerabilities.
    b. A disgruntled employee abusing his access privileges to destroy company data.
    c. A worm terrorizing the Internet creating a DoS situation for internal users.
    d. A hacker is hired by a competitor to gain unauthorized access and steal company secrets.

    Take your best shot, and feel free to join in even if you are not studying for this exam.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Nov 2003
    Location
    Denton, Texas
    Posts
    170

    Certifications
    B.S Electrical Engineering, B.S. Computer Information Systems, A+, N+, CCNA, CCSP, CCIE Security Written 04/18/10
    #11
    Answer: D

    Cisco's SAFE Implementation categorizes external threats as structured or unstructured. "Structure," in this context, refers to the degree of organization and planning, or the amount of method applied in the attack, as opposed to haphazard efforts that might seem almost random to an observer. Note that both structured and unstructured threats can be malicious in intent or can be the result of human clumsiness or error.



    GO GERMANY

    GO ORANJE
    Reply With Quote Quote  

  13. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #12
    Answer D indeed.

    Explanation: Structured threats refer to skilled hackers who have the motivation, the tools and the skills to write new tools, the technical knowledge, and a reason to attack a network. Common reasons are money, recognition, and hate. Unstructured refers to unskilled attackers, the “script kiddies”, who usually do not have a lot of resources nor knowledge about the target, nor advanced hacking skills, but can be disastrous nevertheless. Especially when they play with the tools written by more knowledgeable hackers.
    Reply With Quote Quote  

  14. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #13
    Here's the next one:

    5. Which of the following security configuration task does AutoSecure perform to mitigate spoofing attacks? (Choose all that apply)

    a. Denies all IANA reserved IP address blocks
    b. Denies RFC 1918 private IP address blocks
    c. Enables Unicast Reverse Path Forwarding (uRPF)
    d. Denies multicast, class-E addresses as the source address
    e. Disables IP directed broadcasts on all interfaces
    Reply With Quote Quote  

  15. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #14
    Answers: A, B, C, and D

    Explanation: Cisco AutoSecure builds the following three extended-named ACLs for ingress filtering (anti-spoofing):
    - autosec_iana_reserved_block – Denies all IANA reserved IP address blocks.
    - autosec_private_block – Denies RFC 1918 private IP address blocks.
    - autosec_complete_block – Denies multicast, class-E, and other reserved IP addresses prohibited for source address
    Although the Cisco AutoSecure user interface refers to the third ACL as "autosec_complete_block", in reality, the router creates it as "autosec_complete_bogon".

    uRPF blocks all IP packets that don’t have a verifiable IP source address. Disabling IP directed broadcasts does not necessarily prevent spoofing attack but is essential to prevent Smurf DoS attacks.
    Reply With Quote Quote  

  16. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #15
    The following may be a bit on the easy side, but essential info nevertheless:

    6. Which of the following commands disables the auxiliary port on a Cisco IOS router?

    a. Router(config-line)# no exec
    b. Router(config-line)# no login
    c. Router(config)# no aux
    d. Router(config)# no line aux 0
    Reply With Quote Quote  

  17. Junior Member
    Join Date
    Jul 2006
    Location
    West Yorkshire, UK
    Posts
    10

    Certifications
    Bsc, CCNA, CCSA, CCSE, MCP, CQS- Cisco Firewall Specialist (SNPA, SND)
    #16
    a. Router(config-line)# no exec


    Quote Originally Posted by Webmaster
    The following may be a bit on the easy side, but essential info nevertheless:

    6. Which of the following commands disables the auxiliary port on a Cisco IOS router?

    a. Router(config-line)# no exec
    b. Router(config-line)# no login
    c. Router(config)# no aux
    d. Router(config)# no line aux 0
    Reply With Quote Quote  

  18. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #17
    Didn't realize I didn't post the answer yet...

    Yes, answer a is correct.

    Explanation: Configuring the no exec in line configuration mode for the AUX port (line aux 0) disables it entirely. You can also disable access to any line (TTY or VTY) by configuring it with the login and no password commands. This is the default configuration for VTYs (i.e. telnet) but not TTYs (i.e. AUX and console ports). Cisco recommends disabling any unused port.
    Reply With Quote Quote  

  19. Junior Member
    Join Date
    Jul 2006
    Location
    West Yorkshire, UK
    Posts
    10

    Certifications
    Bsc, CCNA, CCSA, CCSE, MCP, CQS- Cisco Firewall Specialist (SNPA, SND)
    #18
    Woohoo - uzi does his lil uzi woohoo dance... :P

    Quote Originally Posted by Webmaster
    Didn't realize I didn't post the answer yet...

    Yes, answer a is correct.

    Explanation: Configuring the no exec in line configuration mode for the AUX port (line aux 0) disables it entirely. You can also disable access to any line (TTY or VTY) by configuring it with the login and no password commands. This is the default configuration for VTYs (i.e. telnet) but not TTYs (i.e. AUX and console ports). Cisco recommends disabling any unused port.
    Reply With Quote Quote  

  20. Junior Member
    Join Date
    Nov 2006
    Posts
    1
    #19

    Default Any more questions???

    Hi,

    I really enjoy reading questions and answers. Please post more here.

    Thanks.
    Reply With Quote Quote  

  21. Junior Member
    Join Date
    Feb 2007
    Posts
    12
    #20

    Default Re: Any more questions???

    Quote Originally Posted by mdang
    Hi,

    I really enjoy reading questions and answers. Please post more here.

    Thanks.
    Same here!
    Reply With Quote Quote  

  22. Junior Member
    Join Date
    Mar 2007
    Posts
    3

    Certifications
    CCNA, HCNE, MCP, MCSA
    #21
    hey what is that test engine that you menctioned? is it in this web page?
    Reply With Quote Quote  

  23. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #22
    Hi,

    Yes, I was referring to our own online test engine. When I don't write a set a once I sometimes post them in the forums and then add them, per 10 to our test engine. For a complete list of our practice exams:

    www.techexams.net/pexams.php

    That list doesn't include an exam with the above questions though. I was preparing for this exam around the time I wrote the above questions (and on the TechNotes in the other Sticky), but for several reasons I stopped. But, these questions are written for the 551, not the 552 exam. I'm guessing they still all apply, but, the exam objectives changed. So, what I'll do is go over these questions, the TechNotes, and write about 20 more very soon, and get this topic started again.

    Thanks,
    Johan
    Reply With Quote Quote  

  24. Junior Member
    Join Date
    Feb 2007
    Posts
    12
    #23
    Looking forward to it!
    Reply With Quote Quote  

  25. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #24
    Ok, I've written enough now to keep this topic going for a while (1 question per day, 7 days a week). The first one is a bit easy, though the others aren't very hard either. I keep hearing the actual exam is also easy, but regardless, the exam objectives are quite clear and especially for a smaller set it's not hard for me to write questions that are at least relevant for the exam.

    7. You are the network administrator for a small company with a six Cisco routers. Your manager instructed you to lock down the routers by requiring strong passwords. You need to configure the routers to require a minimum length of 6 for all passwords and to lock access after 3 failed logon attempts. Which of the following commands produce the desired results? (Choose all that apply)

    a. security authentication 3 6 0
    b. security authentication failure rate 3
    c. security password min-length 6
    d. security passwords length min 6
    e. security authentication fail-rate 3
    f. security logon max 3


    I'll post the answer, explanation, and corrsponding exam objective somewhere within the next 24 hours.

    To follow determinedgerman's advice: I hereby specify that I would like people to post the answer to these questions Oh, and that doesn't include you Cisco gurus who already passed this exam or knew the answer before looking at them.
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Jun 2005
    Posts
    173

    Certifications
    CCNA,CCSP,CCIE Sec Written
    #25
    B,C for question 7
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks