Question 1mediummultiple choice
Read the full VPN explanation →CISSP Communication and Network Security • Complete Question Bank
Complete CISSP Communication and Network Security question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. interface GigabitEthernet0/1 description DMZ to Web Server ip address 10.0.0.1 255.255.255.0 ! interface GigabitEthernet0/2 description Inside to Corp Network ip address 192.168.1.1 255.255.255.0 ! access-list 100 permit tcp any host 10.0.0.10 eq 80 access-list 100 permit tcp host 10.0.0.10 any established access-list 100 deny ip any any ! interface GigabitEthernet0/1 ip access-group 100 in
Refer to the exhibit. $$$ START CONFIG crypto isakmp policy 10 encryption aes 256 hash sha256 authentication pre-share group 14 lifetime 86400 crypto isakmp key cisco123 address 203.0.113.1 ! crypto ipsec transform-set TSET esp-aes 256 esp-sha256-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 203.0.113.1 set transform-set TSET match address 101 ! interface Tunnel0 ip address 10.0.0.1 255.255.255.252 tunnel source GigabitEthernet0/0 tunnel destination 203.0.113.1 crypto map CMAP $$$ END CONFIG
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Fraudulent emails to obtain sensitive info
Targeted phishing at specific individuals
Phishing targeting senior executives
Voice phishing over phone
Phishing via SMS
interface GigabitEthernet0/1 switchport mode trunk switchport trunk native vlan 10 switchport trunk allowed vlan 1-100,110-200
access-list outside_in extended permit tcp any host 192.168.1.10 eq 443 access-list outside_in extended permit tcp any host 192.168.1.10 eq 80 access-list outside_in extended deny ip any any
{
"network": "vpc-12345",
"inbound_rules": [
{"protocol": "tcp", "port": 22, "source": "10.0.0.0/8"},
{"protocol": "tcp", "port": 3389, "source": "192.168.1.0/24"}
],
"outbound_rules": [
{"protocol": "all", "destination": "0.0.0.0/0"}
]
}Refer to the exhibit. The following output is from a Cisco router: crypto isakmp policy 10 hash sha256 authentication pre-share group 14 lifetime 3600
Refer to the exhibit. The following firewall log entry shows a denied packet: Deny tcp 203.0.113.5 52314 10.0.0.10 443 The firewall has the following ACL applied inbound on the external interface: ip access-list extended INSIDE-IN permit tcp host 203.0.113.2 host 10.0.0.10 eq 443 deny ip any any log
Refer to the exhibit. The following is a configuration snippet from a network device: interface GigabitEthernet0/1 switchport mode private-vlan host switchport private-vlan host-association 100 200
Router# show crypto ipsec sa peer 203.0.113.10 interface outside
interface: outside
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 0x12345678(305419896)
inbound esp sas:
spi: 0x87654321(2271560481)
transform: esp-aes-256 esp-sha-hmac
inbound ah sas:
outbound esp sas:
spi: 0x12345678(305419896)
transform: esp-aes-256 esp-sha-hmac
outbound ah sas:{
"InboundRules": [
{
"RuleNumber": 100,
"Protocol": "6",
"PortRange": {
"From": 80,
"To": 80
},
"Source": "0.0.0.0/0",
"Action": "allow"
},
{
"RuleNumber": 200,
"Protocol": "6",
"PortRange": {
"From": 22,
"To": 22
},
"Source": "10.0.0.0/8",
"Action": "allow"
}
]
}access-list 101 permit tcp any host 192.168.1.10 eq 443 access-list 101 permit udp any host 192.168.1.10 eq 500 access-list 101 permit udp any host 192.168.1.10 eq 4500 access-list 101 deny ip any any
R1# show ip bgp neighbors 10.1.1.2 received-routes
BGP table version is 5, local router ID is 192.168.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.10.0.0/16 10.1.1.2 0 0 65001 65002 i
*> 10.20.0.0/16 10.1.1.2 0 0 65001 65003 65004 i
*> 10.30.0.0/16 10.1.1.2 0 0 65001 i
R1# show ip route 10.30.0.0
Routing entry for 10.30.0.0/16
Known via "bgp", distance 20, metric 0
Tag 65001, type external
Last update from 10.1.1.2 00:00:12 ago
Routing Descriptor Blocks:
* 10.1.1.2, from 10.1.1.2, 00:00:12 ago
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 65001
MPLS label: noneASA1# show conn 21 in use, 52 most used TCP outside 203.0.113.5:443 inside 10.0.0.10:49152, idle 0:00:02, bytes 10240, flags UIO UDP outside 198.51.100.2:53 inside 10.0.0.5:12345, idle 0:00:15, bytes 512, flags - TCP outside 203.0.113.10:80 inside 10.0.0.20:49153, idle 0:00:05, bytes 2048, flags UIO ASA1# show access-list outside_in access-list outside_in line 1 extended permit tcp any host 203.0.113.5 eq 443 (hitcnt=0) access-list outside_in line 2 extended permit udp any host 198.51.100.2 eq 53 (hitcnt=0) access-list outside_in line 3 extended deny ip any any (hitcnt=0)
hostname R1 ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside no shutdown ! interface Serial0/0 ip address 203.0.113.1 255.255.255.252 ip nat outside no shutdown ! access-list 1 permit 192.168.1.0 0.0.0.255 ! ip nat inside source list 1 interface Serial0/0 overload ! ip route 0.0.0.0 0.0.0.0 Serial0/0
WLC# show client summary Number of Clients................................ 3 MAC Address AP Name Status WLAN Auth Algorithm IP Address 00:11:22:33:44:55 AP01 Associated 1 Open 10.0.0.10 66:77:88:99:aa:bb AP01 Associated 2 802.1X 10.0.0.11 cc:dd:ee:ff:00:11 AP02 Associated 1 Open 10.0.0.12 WLC# show wlan 1 WLAN Identifier.................................. 1 Profile Name..................................... Guest Status........................................... Enabled Security Policies................................ None (Open) WLC# show wlan 2 WLAN Identifier.................................. 2 Profile Name..................................... Corporate Status........................................... Enabled Security Policies................................ 802.1X (WPA2)
Jan 15 10:30:15 router1 sshd[1234]: Failed password for admin from 192.0.2.100 port 22 ssh2 Jan 15 10:30:20 router1 sshd[1234]: Failed password for admin from 192.0.2.100 port 22 ssh2 Jan 15 10:30:25 router1 sshd[1234]: Failed password for admin from 192.0.2.100 port 22 ssh2 Jan 15 10:30:30 router1 sshd[1234]: Connection closed by 192.0.2.100 [preauth] Jan 15 10:30:35 router1 sshd[1235]: Failed password for admin from 198.51.100.50 port 22 ssh2 Jan 15 10:30:40 router1 sshd[1235]: Failed password for admin from 198.51.100.50 port 22 ssh2 Jan 15 10:30:45 router1 sshd[1235]: Failed password for admin from 198.51.100.50 port 22 ssh2 Jan 15 10:30:50 router1 sshd[1235]: Connection closed by 198.51.100.50 [preauth]