CCNA Security+ Questions

Started by certforumz, January 10, 2015, 08:37:19 PM

Previous topic - Next topic

certforumz

1.   "Security Planning" is part of which phase of Cisco's Security Life Cycle?
A.   Initiation
B.   Acquisition and development
C.   Implementation
D.   Operations and maintenance
E.   Disposition
Ans. B

Explanation:
The Acquisition and Development phase consists of the following sub-phases:
i.   Risk assessment: Specifies formal protection requirements for the system. Not to be confused with Risk assessment carried out during planning phase, which is preliminary in nature.
ii.   Security functional requirement analysis: This analysis identifies what is required to properly secure a system.
iii.   Security assurance requirements analysis: Assures that the system is secured at the required level.
iv.   Cost considerations and reporting
v.   Security planning Security controls planning
vi.   Security control development: Report on how the security controls are to be designed, developed, and implemented
vii.   Developmental security test and evaluation: Testing is performed to validate the operation of the implemented security controls.


1.   Which of the following are different types of Backup sites as per Cisco?
A.   Cold site
B.   Trusted site
C.   Warm site
D.   Duplicate site
E.   Hot site
Ans. A,c,e
Explanation:
Cisco has classified backup sites into 3 classes. These are:
Hot site: Equipment and data are current in both sites. If the primary site becomes unavailable, the backup site will take its place immediately.
Warm site: Usually, the equirepment is same as that of the current site, but data may not be updated concurrently. May require few hours to bring the site to operational state.
Cold site: A cold site may not have complete redundancy. You may need to re-use some equipment from the current site, and build data from backups.

Trusted site and duplicate site are not relevant options.

1.   Operations security ensures that no one employee poses a threat to information system's security. Which of the following are the recommendations of Operations security? (Choose 4 best answers)
A.   Separation of duties
B.   Rotation of duties
C.   Off-site storage
D.   Trusted recovery
E.   Configuration and change control

Ans. A,b,d,e

Explanation:
Following are the recommendations for Operations security:

a.   Separation of duties
b.   Rotation of duties
c.   Trusted recovery
d.   Configuration and change control

Off-site storage may be a part of Trusted recovery.

1.   Which of the following are the components of a security policy? (Choose 4 best options)
A.   Governing policy
B.   End-user policy
C.   Email policy
D.   Technical policies
E.   Standards, procedures and guidelines
F.   Remote access policy
Ans. A,b,c, d,e

Explanation:
An organizations security policy may consist of the following:
1.   Governing policy – targeted at managerial and technical employees
2.   End-user policy – targeted at end users, example: end-user policy (EUP)
3.   Technical policies – aimed at technical people working in IT infrastructure. Include policies toward email, remote access, and wireless network access.
4.   Standards, instructions and guidelines
a.   Standards – specifies the applicable standards, such as Operating Systems to be supported, hardware to be used, etc.
b.   Guidelines – suggests recommended practices
c.   Procedures – Provides step by step instructions as to how to implement the suggested security mechanisms. For example, a procedure may include configuring a switch in the access layer.

1.   Which of the following are the components of Cisco security awareness program? (Choose 3 best answers)
A.   Awareness
B.   Preparedness
C.   Training
D.   Education
E.   Field trials
Ans. A, c,d
Explanation:
Cisco has divided the security awareness program into three phases:
1.   Awareness – Provides awareness in employees about the importance of security within organization.
2.   Training – provides necessary training to employees in practicing security
3.   Education – Offers more advanced skills with a degree or certification to the employees.

2.   Which of the following are the core characteristics of Cisco's self defending network?
A.   Integrated
B.   Collaborative
C.   Adaptive
D.   Destructive
Ans. A,b,c

Explanation:
The goal of Cisco's Self-Defending Network (SDN) is to identify, heal, and adapt to threats that appear over a period of time. The core characteristics of SDN are:
a.   Integrated – built into the network rather than introduced as additional  components
b.   Collaborative – IT personnel working on security collaborate with other employees in evolving a robust security mechanism on a continual basis
c.   Adaptive – security mechanisms adapt to evolving threats

1.   Cisco has formulated five phases for Security Life Cycle. System integration is part of which phase of Security Life Cycle?
A.   Initiation
B.   Acquisition and development
C.   Implementation
D.   Operations and maintenance
E.   Disposition
Ans. C
Explanation:
The following are the sub-phases of implementation phase:
1.   Inspection and acceptance: The components of the system are inspected and accepted.
2.    System integration: The system is integrated with all required components and its operation is verified.
3.   Security certification: After the integration process, the system verified against security policies laid down by the organization and is provided with a security certificate.
4.   Security accreditation: The system is given appropriate administrative privileges to store, and/or process information.

Q
1.   Which US act makes it compulsory that annual audits be conducted for network security within US government and affiliate firms?
A.   PATRIOT Act
B.   HIPAA
C.   FISMA
D.   Computer Fraud and Abuse Act
E.   SAFE Act
F.   SOX Act of 2002
Ans. C
Explanation:
Given below are some of the U.S. government regulations that pertain to information security:
i.   Computer Fraud and Abuse Act: Aimed at reducing malicious computer hacking and fraud.
ii.   Economic Espionage Act of 1996: States that the misuse of trade secrets is a federal crime.
iii.   Federal Information Security Management Act (FISMA) of 2002: Requires annual audits of network security within the U.S. government and affiliated parties
iv.   Gramm-Leach-Bliley Act (GLBA) of 1999: Removed the antitrust laws that disallowed banks, insurance companies, etc from sharing their information.
v.   Health Insurance Portability and Accountability Act (HIPAA) of 2000: Stipulates that electronic transfer of confidential patient information be as secure as the transfer of paper-based patient records.
vi.   Privacy Act of 1974: Assures the privacy of individuals and asks firms to get written permission for their information to be released.
vii.   Sarbanes-Oxley (SOX) Act of 2002: This act provides for stricter accounting practices, and transparency to prevent any corporate scandals and improve public trust in corporates.
viii.   Security and Freedom through Encryption (SAFE) Act: Permits any form of encryption to be used by people in the U.S.
Obj - Common Security Threats

Q
1.   Which US law asserts that that electronic transfer of patient information should not be less secure than the transfer of paper-based information transfer?
A.   Computer Fraud and Abuse Act:
B.   Health Insurance Portability and Accountability Act (HIPAA) of 2000:
C.   Security and Freedom through Encryption (SAFE) Act
D.   Federal Information Security Management Act (FISMA) of 2002
E.   Sarbanes-Oxley (SOX) Act of 2002

Ans. B
Explanation:
Given below are some of the U.S. government regulations that pertain to information security:
i.   Computer Fraud and Abuse Act: Aimed at reducing malicious computer hacking and fraud.
ii.   Economic Espionage Act of 1996: States that the misuse of trade secrets is a federal crime.
iii.   Federal Information Security Management Act (FISMA) of 2002: Requires annual audits of network security within the U.S. government and affiliated parties
iv.   Gramm-Leach-Bliley Act (GLBA) of 1999: Removed the antitrust laws that disallowed banks, insurance companies, etc from sharing their information.
v.   Health Insurance Portability and Accountability Act (HIPAA) of 2000: Stipulates that electronic transfer of confidential patient information be as secure as the transfer of paper-based patient records.
vi.   Privacy Act of 1974: Assures the privacy of individuals and asks firms to get written permission for their information to be released.
vii.   Sarbanes-Oxley (SOX) Act of 2002: This act provides for stricter accounting practices, and transparency to prevent any corporate scandals and improve public trust in corporates.
viii.   Security and Freedom through Encryption (SAFE) Act: Permits any form of encryption to be used by people in the U.S.
Obj - Common Security Threats