Question 1mediummatching
Full question →Match each security principle or control to its most accurate meaning.
Answer choices are not available in this preview. Open the full question page for the complete review.
mediummatchingObjective-mapped
Match each security principle or control to its most accurate meaning.
Common exam trap
Common exam trap: answer the scenario, not the keyword
A frequent exam trap is mixing up the security principles of confidentiality and integrity. Candidates often think encryption alone guarantees integrity, but encryption primarily protects confidentiality by hiding data from unauthorized viewers. Integrity involves ensuring data is not altered without authorization, which requires mechanisms like hashing or digital signatures. Another trap is assuming that SSH only provides confidentiality; it also ensures integrity by detecting tampering during transmission. Additionally, some may overlook least privilege, mistakenly believing that broad access is acceptable if encryption is used, which exposes the network to insider threats or accidental misconfigurations.
Technical deep dive
How to think about this question
Security principles in networking form the foundation for protecting data, devices, and communications. Least privilege limits access rights to only what is necessary, preventing users or processes from performing unauthorized actions. Integrity ensures that data and configurations remain unaltered except by authorized entities, which is crucial for maintaining reliable network operations. Confidentiality protects information from unauthorized disclosure, often through encryption methods. SSH is a protocol that provides encrypted remote access to network devices, ensuring confidentiality and integrity of administrative sessions. In Cisco network environments, these principles are implemented through specific controls. Least privilege is enforced by configuring user roles and privilege levels on IOS devices, ensuring users can only execute commands necessary for their role. Integrity is maintained by using cryptographic checksums and secure boot features to verify IOS images and configurations have not been tampered with. Confidentiality is achieved by using SSH instead of Telnet for remote management, encrypting all session data to prevent interception. These controls collectively reduce the risk of unauthorized access, configuration changes, and data leaks. A common exam trap is confusing confidentiality with integrity or assuming that encryption alone guarantees integrity. For example, SSH encrypts data to maintain confidentiality but also ensures integrity by detecting tampering during transmission. Another trap is overlooking the importance of least privilege, which is often neglected but critical to limiting damage from compromised accounts. Practically, Cisco network administrators must balance these principles by applying role-based access control, using secure protocols like SSH, and verifying device integrity regularly to maintain a secure network environment.
KKey Concepts to Remember
- The principle of least privilege restricts user and process access rights to the minimum necessary to perform their tasks, reducing attack surfaces in network security.
- Integrity in security ensures that data and configurations are protected from unauthorized modification, preserving trustworthiness in network communications and device settings.
- Confidentiality protects sensitive information from unauthorized disclosure by using encryption and access controls, which is critical for secure network management.
- SSH (Secure Shell) provides encrypted remote administration, preventing eavesdropping and man-in-the-middle attacks on network device management sessions.
- Security principles such as least privilege, integrity, and confidentiality work together to form a comprehensive defense-in-depth strategy in Cisco network environments.
- Applying least privilege in Cisco devices involves configuring role-based access control (RBAC) and limiting command privileges to reduce risk of accidental or malicious changes.
- Integrity verification in Cisco networks can be supported by cryptographic hashes and digital signatures to detect unauthorized changes to IOS images or configuration files.
- Confidentiality in Cisco network management is enforced by protocols like SSH and by using access control lists (ACLs) to restrict sensitive traffic.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Related practice questions
Related 200-301 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
CCNA subnetting practice questions
Practise IPv4 subnetting, CIDR, masks, host ranges and subnet selection.
CCNA OSPF practice questions
Practise OSPF neighbours, router IDs, metrics, areas and routing-table interpretation.
CCNA VLAN practice questions
Practise VLANs, access ports, trunks, allowed VLANs and switching scenarios.
CCNA STP practice questions
Practise spanning tree, root bridge election, port roles and STP troubleshooting.
CCNA EtherChannel practice questions
Practise LACP, PAgP, port-channel behaviour and bundle requirements.
CCNA ACL practice questions
Practise standard and extended ACLs, permit/deny logic and traffic filtering.
CCNA NAT practice questions
Practise static NAT, dynamic NAT, PAT and inside/outside address translation.
CCNA DHCP practice questions
Practise DHCP scopes, relay, leases and troubleshooting.
CCNA show ip route practice questions
Practise routing-table output, longest-prefix match, AD and route selection.
CCNA show interfaces trunk practice questions
Practise trunk verification and VLAN forwarding across switches.
CCNA wireless security practice questions
Practise WLAN security, authentication and wireless architecture concepts.
CCNA IPv6 practice questions
Practise IPv6 addressing, routes, neighbour discovery and common IPv6 exam traps.
More questions from this exam
Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.
Question 1
A router learns the same prefix from both OSPF and EIGRP. Which route is installed by default?
Question 2
A router shows this output: R1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.1.1.2 1 FULL/DR 00:00:34 192.168.12.2 GigabitEthernet0/0 10.1.1.3 1 2WAY/DROTHER 00:00:39 192.168.12.3 GigabitEthernet0/0 Which statement is correct?
Question 3
What is the OSPF metric called?
Question 4
A non-root switch has two uplinks toward the root bridge. One path has a lower total STP cost than the other. What role will the lower-cost uplink have?
Question 5
A router interface applies this ACL inbound: 10 deny tcp any any eq 80 20 permit ip any any A user reports that web browsing to a server by IP address fails, but ping works. Which statement best explains the behavior?
Question 6
A router learns route 198.51.100.0/24 from OSPF with AD 110 and also has a static route to the same prefix configured with AD 150. Which route is installed?
FAQ
Questions learners often ask
What does this 200-301 question test?
The principle of least privilege restricts user and process access rights to the minimum necessary to perform their tasks, reducing attack surfaces in network security.
What exam trap should I watch out for?
Common exam trap: answer the scenario, not the keyword: A frequent exam trap is mixing up the security principles of confidentiality and integrity. Candidates often think encryption alone guarantees integrity, but encryption primarily protects confidentiality by hiding data from unauthorized viewers. Integrity involves ensuring data is not altered without authorization, which requires mechanisms like hashing or digital signatures. Another trap is assuming that SSH only provides confidentiality; it also ensures integrity by detecting tampering during transmission. Additionally, some may overlook least privilege, mistakenly believing that broad access is acceptable if encryption is used, which exposes the network to insider threats or accidental misconfigurations.
What should I do if I get this 200-301 question wrong?
Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.
Discussion
Loading comments…
Sign in to join the discussion.