ISC2 CC Network Security • Complete Question Bank
Complete ISC2 CC Network Security question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip access-group OUTBOUND out ! interface GigabitEthernet0/2 ip address 10.0.0.1 255.255.255.0 ip access-group INBOUND in ! access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80 access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 443 access-list 100 deny ip any any ! access-list 110 permit tcp any host 10.0.0.10 eq 22 access-list 110 permit icmp any host 10.0.0.10 echo-reply access-list 110 deny ip any any
Refer to the exhibit. [IDS Alert Log] Timestamp: 2024-03-15 10:23:45 Signature: ET POLICY Outgoing SSLv3 Handshake (Possible SSL Stripping) Source IP: 10.1.1.50 Destination IP: 203.0.113.10 Protocol: TCP Port: 443 Payload: [Hex dump of ClientHello with version 3.0]
Refer to the exhibit. Router# show running-config | section interface GigabitEthernet0/1 interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip access-group BLOCK_HTTP in ! ip access-list extended BLOCK_HTTP deny tcp any any eq 80 permit ip any any A client at 192.168.1.100 attempts to access a web server at 10.0.0.1. The router's interface IP is 192.168.1.1.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Filters traffic based on rules
Segments public-facing servers
Maps private to public IPs
Encrypts data over public networks
Monitors for suspicious activity
Drag a concept onto its matching description — or click a concept then click the description.
Weakness in a system
Potential cause of harm
Likelihood and impact of a threat exploiting a vulnerability
Control to mitigate risk
interface GigabitEthernet0/1 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security violation shutdown switchport port-security mac-address sticky
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::company-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/16"
}
}
},
{
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"NotIpAddress": {
"aws:SourceIp": "10.0.0.0/16"
}
}
}
]
}access-list 100 deny ip 10.0.1.0 0.0.0.255 any log access-list 100 permit tcp any host 192.168.1.100 eq 80 access-list 100 deny ip any any
Mar 15 14:23:45 192.168.1.1 %FW-3-DENY: deny tcp 10.0.0.10:12345 -> 203.0.113.5:80 due to access-group INTERNET_IN
{
"Effect": "Allow",
"Action": "ec2:DescribeInstances",
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/16"
}
}
}rule id=10 action=deny source=any destination=any service=http,https rule id=20 action=allow source=internal_network destination=any service=http,https rule id=30 action=allow source=any destination=dmz service=http
ip nat inside source static tcp 192.168.1.10 80 200.100.50.1 80 ip nat pool POOL 200.100.50.1 200.100.50.10 netmask 255.255.255.0 ip nat inside source list 1 pool POOL overload access-list 1 permit 192.168.1.0 0.0.0.255 interface GigabitEthernet0/0 ip address 200.100.50.1 255.255.255.0 ip nat outside interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip nat inside