1. IBNS technology operates at Layer 2 on both wired and wireless networks by utilizing 802.1x/EAP, the IEEE standard for port-level strong user authentication.

2. CSA does not rely on signatures and does not inspect content but rather analyzes system behavior for abnormal activity.

3. Apply it to an interface with the "ip access-group" interface configuration command or the "access-class" line configuration command.

4. Only allow the VLANs that must traverse the trunk should be configured on the trunk. Prune all other VLANs from the trunk. Assign dedicated VLAN numbers as the native VLAN number.

5. RADIUS

6. Reconnaissance attacks.

7. The system layers are:

• Network
• File system
• Configuration
• Execution space

8. Packet filtering firewalls operate on the network or transport layer (OSI model layers 3 and 4).

9. Tunnel mode is typically implemented between two VPN devices that perform encryption and decryption tasks, eliminating the need for the host to perform such operations.

10. The services IPSec provides are:

• Data confidentiality - Packets are encrypted before transmission across network.
• Data integrity - IPSec receiver authenticates IPSec peers and packets sent by the IPSec sender to ensure that the data has not been altered during transmission.
• Data origin authentication - IPSec receiver authenticates the source of the IPSec packets sent. This service depends on the data integrity service.
• Anti-replay - IPSec receiver can detect and reject replayed packets, helping prevent spoofing and man-in-the-middle attacks.

Questions and answers provided by Cisco Press. To order the full version of this exam simulation, click here.

More Pop Quiz:

• Cisco Exam #642-871: ARCH Exam (MeasureUp, set 2)
• Cisco Exam #642-811: BCMSN Exam (Whizlabs, set 2)
• Cisco Exam #642-811: BCMSN Exam (Whizlabs, set 1)
• Cisco Exam #642-871: ARCH Exam (MeasureUp, set 1)