














































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A practice exam for the cisco certified network professional (ccnp) security certification. It includes multiple-choice questions covering various security topics such as dos attacks, sql injection, rootkits, buffer overflows, cryptography, vpns, and network security best practices. Each question is followed by a correct answer and a brief explanation, making it a valuable resource for exam preparation and understanding key security concepts. The practice exam covers topics such as security intelligence authoring, phishing attack prevention, sdn architecture, firewalls, netflow, dhcp snooping, arp spoofing prevention, device hardening, aaa protocols, snmpv3, ntp authentication, and cloud security.
Typology: Exams
1 / 86
This page cannot be seen from the preview
Don't miss anything!















































































Question 1. Which of the following attacks involves the attacker sending an overwhelming amount of traffic to a target to render it unavailable? A) Phishing B) DoS C) Rootkit D) Malware Answer: B Explanation: A Denial of Service (DoS) attack floods a target with traffic, exhausting resources and making services unavailable to legitimate users. Question 2. Which threat exploits vulnerabilities in Web applications by injecting malicious SQL statements? A) Cross-site scripting B) SQL injection C) Man-in-the-middle D) Buffer overflow Answer: B Explanation: SQL injection is an attack where malicious SQL code is inserted into an input field for execution, potentially exposing or altering database contents. Question 3. What type of malware allows unauthorized access and control over a computer, often remaining undetected? A) Virus B) Rootkit C) Worm D) Trojan
Answer: B Explanation: Rootkits are designed to hide their presence and allow attackers to maintain privileged access to a compromised system. Question 4. Which commonly exploited vulnerability results from a program writing more data to a buffer than it can hold? A) Path traversal B) Buffer overflow C) Cross-site scripting D) Missing encryption cipher Answer: B Explanation: Buffer overflows can lead to arbitrary code execution, crashes, or data corruption by overwriting adjacent memory locations. Question 5. Which cryptographic function ensures data integrity by creating a fixed-size output from variable input data? A) Encryption B) Hashing C) Digital signature D) Public Key Infrastructure Answer: B Explanation: Hashing produces a unique, fixed-length output (hash) for given input, ensuring data integrity. Question 6. What is the main purpose of Public Key Infrastructure (PKI)? A) Encrypting data at rest
Question 9. What feature enables high availability in a Cisco FlexVPN deployment? A) Hot Standby Router Protocol (HSRP) B) Dynamic Multipoint VPN (DMVPN) C) Dual-hub topology D) Static routing Answer: C Explanation: High availability can be achieved by using dual-hub topologies, allowing failover in case one hub is unavailable. Question 10. What is the main difference between site-to-site VPN and remote access VPN? A) Encryption algorithms used B) Number of endpoints C) Site-to-site connects networks, remote access connects individual users D) Authentication method Answer: C Explanation: Site-to-site VPN connects entire networks, while remote access VPN allows individual user devices to connect securely. Question 11. Which Cisco solution is specifically designed for remote access VPNs? A) Cisco Secure Client (AnyConnect) B) DMVPN C) FlexVPN D) VTI Answer: A
Explanation: Cisco Secure Client, formerly AnyConnect, is optimized for remote access VPN, providing secure connections for users. Question 12. What does the term "security intelligence authoring" refer to? A) Blocking malware B) Creating, updating, and sharing information about threats C) Encrypting user data D) Configuring firewalls Answer: B Explanation: Security intelligence authoring involves generating and disseminating information on threats for better proactive defense. Question 13. Which control is most effective against phishing attacks? A) URL filtering B) Hashing C) Strong password policy D) Disabling USB ports Answer: A Explanation: URL filtering helps prevent users from accessing known phishing sites, reducing successful phishing attempts. Question 14. What does a northbound API in SDN architecture typically interact with? A) End-user applications B) Network hardware directly C) Physical security systems
B) Transparent C) Edge or perimeter D) Distributed Answer: C Explanation: Perimeter deployment positions firewalls at the network boundary to filter external traffic. Question 18. What is the benefit of Flexible NetFlow compared to traditional NetFlow? A) Fixed set of fields B) Customizable flow records and templates C) Only for IPv D) No support for sampling Answer: B Explanation: Flexible NetFlow allows for customized collection of flow data, improving traffic visibility and analysis. Question 19. Which Layer 2 security method mitigates rogue DHCP server attacks? A) Port security B) DHCP snooping C) DAI D) Storm control Answer: B Explanation: DHCP snooping filters untrusted DHCP messages and prevents rogue DHCP servers from assigning IP addresses. Question 20. Which method verifies ARP packets to prevent spoofing?
A) Port security B) VRF-lite C) DAI D) PVLANs Answer: C Explanation: Dynamic ARP Inspection (DAI) validates ARP packets to prevent ARP spoofing and poisoning attacks. Question 21. What device hardening technique helps protect the management plane? A) Disable unused interfaces B) Use SNMPv C) Implement AAA D) Enable HTTP access Answer: C Explanation: AAA (Authentication, Authorization, and Accounting) secures device management access and tracks user actions. Question 22. Which policy implementation method is used to control application visibility? A) AVC B) URL filtering C) Malware protection D) Segmentation Answer: A Explanation: Application Visibility and Control (AVC) identifies and manages application traffic for better policy enforcement.
Explanation: SNMPv3 introduces encryption and authentication for secure management traffic. Question 26. How does NTP with authentication improve device security? A) Reduces network latency B) Prevents time spoofing attacks C) Encrypts all management traffic D) Increases device uptime Answer: B Explanation: NTP authentication ensures time updates are from trusted sources, preventing malicious time changes. Question 27. Which command helps troubleshoot IPsec VPN tunnel establishment in Cisco IOS? A) show ntp status B) debug crypto isakmp C) show vlan brief D) show running-config Answer: B Explanation: debug crypto isakmp provides detailed information on IPsec tunnel negotiations. Question 28. What distinguishes a public cloud from a private cloud? A) Only private clouds use virtualization B) Public clouds share resources among multiple tenants C) Private clouds are always off-premises D) Public clouds require no security
Answer: B Explanation: Public clouds are multi-tenant, while private clouds are dedicated to one organization. Question 29. According to NIST, what is the main characteristic of SaaS? A) User manages the underlying infrastructure B) User accesses software hosted by the provider C) User configures the hardware D) User develops the application Answer: B Explanation: SaaS delivers provider-hosted applications accessible over the internet. Question 30. Who is primarily responsible for patch management in an IaaS model? A) Cloud provider only B) Customer C) Government D) Internet Service Provider Answer: B Explanation: In IaaS, the customer manages the OS, applications, and patching; the provider handles the underlying hardware. Question 31. What does DevSecOps emphasize in the CI/CD pipeline? A) Security is applied only at the end B) Security integration throughout development and operations C) No security controls
B) Centralized logging and monitoring C) No logging required D) Manual log review Answer: B Explanation: Centralized logging enables efficient monitoring and threat detection across distributed cloud resources. Question 35. What is a key feature of Cisco Secure Email Gateway? A) Provides antivirus only B) Blocks spam, phishing, and malware in email traffic C) Scans only outgoing emails D) Only available as a cloud service Answer: B Explanation: Cisco Secure Email Gateway protects against spam, phishing, and malware in email communications. Question 36. In Cisco Secure Web Appliance, what is TLS decryption used for? A) Increasing bandwidth B) Inspecting encrypted web traffic for threats C) Blocking HTTP traffic D) Creating VPN tunnels Answer: B Explanation: TLS decryption allows the appliance to analyze encrypted traffic and detect hidden threats. Question 37. What does Cisco Umbrella primarily provide?
A) Endpoint antivirus B) Secure internet gateway with DNS-layer protection C) Wi-Fi authentication D) STP protection Answer: B Explanation: Cisco Umbrella is a secure internet gateway that uses DNS to block malicious destinations. Question 38. Which feature of Cisco Umbrella allows blocking access to specific URLs? A) Malware scanning B) URL filtering C) Port security D) VLAN hopping Answer: B Explanation: URL filtering blocks access to specified websites based on policy or threat intelligence. Question 39. What distinguishes EPP from EDR solutions? A) EDR only provides anti-malware B) EPP focuses on prevention, EDR on detection and response C) EPP is cloud-based only D) EDR cannot analyze files Answer: B Explanation: EPP prevents known threats; EDR detects, investigates, and responds to advanced threats. Question 40. What is an Indication of Compromise (IOC)?
A) Assigning traceable IPs B) Identifying devices and users by analyzing magnitudes of network traffic C) Configuring VLANs D) Disabling AAA Answer: B Explanation: Profiling detects and classifies devices/users based on observed network behavior. Question 44. What does 802.1X provide in secure network access? A) Guest VLAN assignment B) Port-based authentication for network devices C) Assigns public IPs D) Disables encryption Answer: B Explanation: 802.1X authenticates devices before granting network access at the port level. Question 45. How does Change of Authorization (CoA) enhance network security? A) Disables user access B) Dynamically changes user access permissions based on policy C) Removes encryption D) Assigns VLANs statically Answer: B Explanation: CoA allows real-time adjustment of user permissions, improving security and compliance. Question 46. What is the benefit of device compliance checks?
A) Increases unauthorized access B) Ensures devices meet security requirements before network access C) Reduces encryption D) Disables firewalls Answer: B Explanation: Compliance checks verify endpoint security posture, preventing vulnerable devices from connecting. Question 47. What does Cisco Secure Network Analytics (Stealthwatch) primarily provide? A) Endpoint antivirus B) Network traffic analysis and threat detection C) Firewall management D) URL filtering Answer: B Explanation: Stealthwatch analyzes network traffic for anomalies and potential threats. Question 48. What is Cisco pxGrid? A) A routing protocol B) A platform for sharing security context information across solutions C) A type of firewall D) An endpoint antivirus Answer: B Explanation: pxGrid enables security products to share context and threat information for coordinated defense.
Question 52. Which OWASP Top 10 vulnerability involves tricking a user into executing unwanted actions? A) SQL Injection B) Cross-site request forgery C) Cross-site scripting D) Buffer overflow Answer: B Explanation: Cross-site request forgery (CSRF) tricks users into submitting requests they did not intend. Question 53. What is the risk of weak or hardcoded passwords in network devices? A) Improved performance B) Makes unauthorized access much easier C) No impact D) Increases encryption strength Answer: B Explanation: Weak/hardcoded passwords are easily guessed by attackers, compromising device security. Question 54. Which technology provides secure, remote access to the corporate network for mobile users? A) DMVPN B) Site-to-site VPN C) Remote access VPN D) VRF-lite Answer: C
Explanation: Remote access VPNs enable individual users to securely connect to enterprise resources from any location. Question 55. What is the main function of a hash in digital signatures? A) Encrypt data B) Provide data integrity by creating a unique digest C) Assign IP addresses D) Block malware Answer: B Explanation: Hashes verify data integrity; any modification changes the hash value, alerting to tampering. Question 56. What is Network Address Translation-Traversal (NAT-T) used for with IPsec? A) Encrypting data B) Allowing IPsec traffic to pass through NAT devices C) Assigning public IPs D) Blocking malware Answer: B Explanation: NAT-T encapsulates IPsec traffic, enabling it to traverse devices performing NAT. Question 57. Which deployment model is used for Cisco Secure Web Appliance in organizations wanting full control over their web security infrastructure? A) Cloud-based B) Hybrid C) On-premises