1. What is the main technology that comprises Identity Based Networking Services (IBNS)?

2. Describe CSA's reliance on signatures.

3. After an ACL is created, what is the next step to place it into production?

4. What is Cisco's recommendation for securing trunks?

5. Which AAA protocol encrypts the client to server password but not the AAA payload?

6. What type of an attack involves an intruder attempting to discover and map systems, services, and vulnerabilities?

7. What system layers are protected by CSA’s defense-in-depth approach?

8. On what layer of the OSI model do packet filtering firewalls operate?

9. Which IPSec mode of operation does not require the host to perform any encryption?

10. What services does IPSec provide?

1. IBNS technology operates at Layer 2 on both wired and wireless networks by utilizing 802.1x/EAP, the IEEE standard for port-level strong user authentication.

2. CSA does not rely on signatures and does not inspect content but rather analyzes system behavior for abnormal activity.

3. Apply it to an interface with the "ip access-group" interface configuration command or the "access-class" line configuration command.

4. Only allow the VLANs that must traverse the trunk should be configured on the trunk. Prune all other VLANs from the trunk. Assign dedicated VLAN numbers as the native VLAN number.

5. RADIUS

6. Reconnaissance attacks.

7. The system layers are:

• Network
• File system
• Configuration
• Execution space

8. Packet filtering firewalls operate on the network or transport layer (OSI model layers 3 and 4).

9. Tunnel mode is typically implemented between two VPN devices that perform encryption and decryption tasks, eliminating the need for the host to perform such operations.

10. The services IPSec provides are:

• Data confidentiality - Packets are encrypted before transmission across network.
• Data integrity - IPSec receiver authenticates IPSec peers and packets sent by the IPSec sender to ensure that the data has not been altered during transmission.
• Data origin authentication - IPSec receiver authenticates the source of the IPSec packets sent. This service depends on the data integrity service.
• Anti-replay - IPSec receiver can detect and reject replayed packets, helping prevent spoofing and man-in-the-middle attacks.

Questions and answers provided by Cisco Press. To order the full version of this exam simulation, click here.

More Pop Quiz:

• Cisco Exam #642-871: ARCH Exam (MeasureUp, set 2)
• Cisco Exam #642-811: BCMSN Exam (Whizlabs, set 2)
• Cisco Exam #642-811: BCMSN Exam (Whizlabs, set 1)
• Cisco Exam #642-871: ARCH Exam (MeasureUp, set 1)