Cisco Certified Internetwork Expert – CCIE – Part 18

CCIE MCQ Techhyme

The CCIE Certification is the highest level of achievement for network professionals, certifying an individual as an expert or master. Cisco Systems has since become an unrivaled worldwide leader in networking for the Internet. Its networking solutions can easily connect users who work from diverse devices on disparate networks. Cisco products make it simple for people to access and transfer information without regard to differences in time, place, or platform.

The below listed questions are intended to help you continue on your exciting path toward obtaining your CCIE (Cisco Certified Internetwork Expert) certification. Before looking these questions, it is important to know the basic concepts of CCNA and CCNP.

  1. Cisco Certified Internetwork Expert – CCIE – Part 1
  2. Cisco Certified Internetwork Expert – CCIE – Part 2
  3. Cisco Certified Internetwork Expert – CCIE – Part 3
  4. Cisco Certified Internetwork Expert – CCIE – Part 4
  5. Cisco Certified Internetwork Expert – CCIE – Part 5
  6. Cisco Certified Internetwork Expert – CCIE – Part 6
  7. Cisco Certified Internetwork Expert – CCIE – Part 7
  8. Cisco Certified Internetwork Expert – CCIE – Part 8
  9. Cisco Certified Internetwork Expert – CCIE – Part 9
  10. Cisco Certified Internetwork Expert – CCIE – Part 10
  11. Cisco Certified Internetwork Expert – CCIE – Part 11
  12. Cisco Certified Internetwork Expert – CCIE – Part 12
  13. Cisco Certified Internetwork Expert – CCIE – Part 13
  14. Cisco Certified Internetwork Expert – CCIE – Part 14
  15. Cisco Certified Internetwork Expert – CCIE – Part 15
  16. Cisco Certified Internetwork Expert – CCIE – Part 16
  17. Cisco Certified Internetwork Expert – CCIE – Part 17
  18. Cisco Certified Internetwork Expert – CCIE – Part 18
  19. Cisco Certified Internetwork Expert – CCIE – Part 19

These articles covers everything you need to pass the CCIE Routing and Switching written exam. Each article contains a set of testing questions along with their answer and explanation.

This article covers: AAA authentication, Cisco PIX, and other advanced security information needed to secure your network.

1. Which component of AAA provides for the identification of users?

  1. Accounting
  2. Authorization
  3. Authentication
  4. Administration

Answer – C
Explanation – Authentication identifies a user, including login, password, messaging, and encryption.

2. Which of the following can AAA use for authenticating a user?

  1. NDS
  2. Primary domain controller
  3. SQL
  4. RADIUS

Answer – D
Explanation – RADIUS provides authentication for users.

3. What protocol does a Cisco router use for sending logging information?

  1. TCP
  2. UDP
  3. SYSLOG
  4. IPX
  5. LAT

Answer – B and C
Explanation – SYSLOG is a protocol defined for UDP on port 514.

4. Which of the following severity levels for logging is the most critical?

  1. Emergencies
  2. Alerts
  3. Critical
  4. Errors
  5. Abend

Answer – A
Explanation – An Emergency message indicates the system is unusable.

5. Which of the following products uses the Adaptive Security Algorithm (ASA)?

  1. Enterprise feature set for Cisco IOS
  2. Firewall feature set for Cisco IOS
  3. IP SEC feature set for Cisco IOS
  4. CiscoWorks 2000
  5. Cisco Secure PIX Firewall

Answer – E
Explanation – The Cisco Secure PIX Firewall (PIX) uses the ASA algorithm.

6. Which of the following provide URL filtering?

  1. Enterprise feature set for Cisco IOS
  2. Firewall feature set for Cisco IOS
  3. IP SEC feature set for Cisco IOS
  4. CiscoWorks 2000
  5. Cisco Secure PIX Firewall

Answer – E
Explanation – PIX provides URL filtering, network address translation, and user authentication.

7. Which component of AAA controls the privileges a user is granted?

  1. Accounting
  2. Authorization
  3. Authentication
  4. Administration

Answer – B
Explanation – Authorization determines what a user is permitted to do after logging on.

8. On which product is context-based access control (CBAC) implemented?

  1. Enterprise feature set for Cisco IOS
  2. Firewall feature set for Cisco IOS
  3. IP SEC feature set for Cisco IOS
  4. CiscoWorks 2000
  5. Private Internet Exchange

Answer – B
Explanation – The firewall feature set provides control of network traffic by using CBAC.

9. Which of the following access lists can filter on source IP address only?

  1. Standard access lists
  2. Extended access lists
  3. Dynamic access lists
  4. Reflexive access lists
  5. Enhanced access lists

Answer – A
Explanation – Standard access lists filter exclusively on the source IP address.

10. Which of the following can help prevent a TCP SYN attack?

  1. TCP Intercept
  2. NAT
  3. Access list
  4. PIX Firewall

Answer – A, B, C, and D
Explanation – All of these mechanisms can be used to help prevent a TCP SYN attack.

11. When a hacker starts a large number of conversations using TCP, this s known as which of the following?

  1. IP spoofing
  2. Smurf attack
  3. SYN-flooding
  4. NAT attack
  5. Enable attack

Answer – C
Explanation – TCP SYN-flooding opens up a large number of conversations with a server.

12. Which of the following will best prevent a TCP SYN-flooding attack?

  1. Standard access list
  2. Extended access list
  3. NAT
  4. TCP Intercept
  5. AAA

Answer – D
Explanation – TCP Intercept is specifically designed to prevent SYN-flooding attacks.

13. Which of the following can be used to control telnet logins into the router?

  1. Logging
  2. PIX
  3. Reverse telnet
  4. AAA

Answer – D
Explanation – The Authentication portion of AAA can control access to the router.

14. A company wishes to bill clients based on network usage. Which technology would be the best solution?

  1. Authentication
  2. Authorization
  3. Accounting
  4. Logging
  5. NDS

Answer – C
Explanation – Accounting allows for collecting information such as network usage.

15. Which of the following can provide authentication services?

  1. PIX
  2. Logging
  3. RADIUS
  4. TACACS+
  5. Firewall feature set

Answer – C and D
Explanation – RADIUS and TACACS+ provide the authentication services that others use.

16. An administrator wishes to allow SYSLOG messages to pass through the router. Which of the following lines should be added to the access list to allow this to happen?

  1. Access-list 100 permit ip any any eq 514
  2. Access-list 100 permit tcp any any eq 514
  3. Access-list 100 permit udp any any eq 514
  4. Access-list 10 permit tcp any any eq 514
  5. Access-list 100 permit tcp any any eq SYSLOG

Answer – C
Explanation – SYSLOG uses UDP.

17. Which of the following static access lists can filter on source address, destination address, protocol and port?

  1. Standard access lists
  2. Extended access lists
  3. Dynamic access lists
  4. Reflexive access lists
  5. Enhanced access lists

Answer – B
Explanation – Standard and extended are the only static access lists shown. Extended access lists can filter on the listed attributes.

18. Which of the following is a piece of hardware?

  1. IOS firewall feature set
  2. CiscoWorks 2000
  3. CBAC
  4. AAA
  5. PIX

Answer – E
Explanation – PIX is a hardware/software security solution.

19. Which of the following encryption mechanisms can be implemented on a Cisco router?

  1. DSS
  2. DES
  3. IPSec
  4. IKE
  5. Certificate Authority

Answer – A, B, C, D, and E
Explanation – Cisco routers can support all of the technologies listed.

20. Which of the following access lists require the user to login before the access list is active?

  1. Standard access lists
  2. Extended access lists
  3. Dynamic access lists
  4. Reflexive access lists
  5. Enhanced access lists

Answer – C
Explanation – Dynamic access lists (lock-and-key) require authentication before the access list is temporarily activated.

21. Which of the following is technology that can be implemented on a Cisco router to provide the strongest encryption?

  1. DSS
  2. DES
  3. RADIUS
  4. TACACS+
  5. 3DES

Answer – E
Explanation – Triple DES provides 168 bit encryption.

22. In an encrypted environment, what is the name of the trusted entity that stores digital signatures?

  1. Certificate Authority
  2. RADIUS
  3. TACACS+
  4. Kerberos
  5. DES

Answer – A
Explanation – A Certificate Authority (CA) stores digital signatures that include public keys.

23. Which component of AAA collects security information?

  1. Accounting
  2. Authorization
  3. Authentication
  4. Administration

Answer – A
Explanation – Accounting collects security information that can be used for reporting, auditing, and billing.

24. Which of the following can provide an encrypted telnet session?

  1. RADIUS
  2. Kerberos
  3. TACACS+
  4. Local

Answer – B
Explanation – Kerberos can provide for encrypted logins and encrypted services such as telnet and rsh.

25. Which of the following access lists dynamically create a reciprocal inbound access list based on outbound traffic?

  1. Standard access lists
  2. Extended access lists
  3. Dynamic access lists
  4. Reflexive access lists
  5. Enhanced access lists

Answer – D
Explanation – Reflexive access lists monitor outbound traffic and create a corresponding inbound access list.

Leave a Reply