Simulado CCNA Security - Cisco IINS 640-553 Security Device Manager SDM Parte 8

de 16
Por Tchne Digitus (https://technedigitus.blogspot.com.br) Fonte: http://www.securitytut.com
Verso Ingls
Question 1
For the following options, which one accurately matches the CU command(s) to the equivalent SDM wizard that performs similar configuration functions?
A. setup exec command and the SDM Security Audit wizard
B. auto secure exec command and the SDM One-Step Lockdown wizard
C. aaa configuration commands and the SDM Basic Firewall wizard
D. Cisco Common Classification Policy Language configuration commands and the SDM Site-to-Site VPN wizard
Question 2
Which three statements are valid SDM configuration wizards? (Choose three)
A. Security Audit
B. VPN
C. STP
D. NAT
Question 3
Which two protocols enable Cisco SDM to pull IPS alerts from a Cisco ISR router? (Choose two)
A. FTP
B. HTTPS
C. TFTP
D. SSH
E. Syslog
F. SDEE
Question 4
When using the Cisco SDM Quick Setup Site-to-Site VPN wizard, which three parameters do you configure? (Choose three)
A. Interface for the VPN connection
B. IP address for the remote peer
C. Transform set for the IPSec tunnel
D. Source interface where encrypted traffic originates
Question 5
If you click the Configure button along the top of Cisco SDMs graphical interface, which Tasks button permits you to configure such features as SSH, NTP, SNMP and
syslog?
A. Additional Tasks
B. Security Audit
C. Intrusion Prevention
D. Interfaces and Connections
Question 6
Cisco SDM (Security Device Manager) is a Web-based device management tool for Cisco routers that can simplify router deployments and reduce ownership costs.
Select two protocols from the following to enable Cisco SDM to pull IPS alerts from a Cisco ISR router. (Choose two)
A. TFTP
B. SDEE
C. SSH
D. HTTPS
Question 7
Refer to the exhibit. You are the network security administrator responsible for router security. Your network uses internal IP addressing according to RFC 1918
specifications. From the default rules shown, which access control list would prevent IP address spoofing of these internal networks?

A. SDM_Default_196
B. SDM_Default_197
C. SDM_Default_198
D. SDM_Default_199

Simulado CCNA Security - Cisco IINS 640-553 Security Device Manager SDM Parte 8
de 16
Por Tchne Digitus (https://technedigitus.blogspot.com.br) Fonte: http://www.securitytut.com
Verso Ingls
Question 8
Refer to the exhibit. Based on the VPN connection shown, which statement is true?

A. Traffic that matches access list 103 will be protected.

B. This VPN configuration will not work because the tunnel IP and peer IP are the same.
C. The tunnel is down as result of being a static rule. It should be configured as a Dynamic IPSec policy.
D. The tunnel is down because the transform set needs to Include the Authentication Header parameter.

Simulado CCNA Security - Cisco IINS 640-553 Security Device Manager SDM Parte 8
de 16
Por Tchne Digitus (https://technedigitus.blogspot.com.br) Fonte: http://www.securitytut.com
Verso Ingls

GABARITO DE RESPOSTAS
Question 1 - Answer: B
Question 2 - Answer: A B D
Question 3 - Answer: B F
Question 4 - Answer: A B D
Explanation
The image below shows parameters when using Cisco SDM Quick Setup Site-to-Site VPN wizard

Question 5 - Answer: A
Question 6 - Answer: B D
Explanation
We must also enable HTTP or HTTPS on the router when we enable SDEE. The use of HTTPS ensures that data is secured as it traverses the network.
Qustion 7 - Answer: C
Explanation
Click on each access-list, in the SDM_DEFAULT_198 you will see something like this

To mitigate IP address spoong, do not allow any IP packets containing the source address of any internal hosts or networks inbound to our private network. The
SDM_DEFAULT_198 denies all packets containing the following IP addresses in their source field:
+ Current network 0.0.0.0/8 (only valid as source address)
+ Any local host addresses (127.0.0.0/8)

Simulado CCNA Security - Cisco IINS 640-553 Security Device Manager SDM Parte 8
de 16
Por Tchne Digitus (https://technedigitus.blogspot.com.br) Fonte: http://www.securitytut.com
Verso Ingls
+ Any reserved private addresses (RFC 1918, Address Allocation for Private Internets)
+ Any addresses in the IP multicast address range (224.0.0.0/4)
Note: 0.0.0.0/8: addresses in this block refer to source hosts on this network.
For your information, we will apply this access list to the external interface of the router.
Question 8 - Answer: A