DRAG DROP
Drag and drop the Cisco IOS attack mitigation features from the left onto the types of network attack they mitigate on the right.
Select and Place:

Which enhancement is implemented in WPA3?

A. employs PKI to identify access points
B. applies 802.1x authentication
C. uses TKIP
D. protects against brute force attacks

Refer to the exhibit. What are the two steps an engineer must take to provide the highest encryption and authentication using domain credentials from LDAP? (Choose two.)

A. Select PSK under Authentication Key Management.
B. Select Static-WEP + 802.1X on Layer 2 Security.
C. Select WPA+WPA2 on Layer 2 Security.
D. Select 802.1X from under Authentication Key Management.
E. Select WPA Policy with TKIP Encryption.

Which management security process is invoked when a user logs in to a network device using their username and password?

A. authentication
B. auditing
C. accounting
D. authorization

In an SDN architecture, which function of a network node is centralized on a controller?

A. Creates the IP routing table
B. Discards a message due filtering
C. Makes a routing decision
D. Provides protocol access for remote access devices

An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain name, crypto keys, and SSH have been configured. Which configuration enables the traffic on the destination router?

A. line vty 0 15
access-class 120 in
!
ip access-list extended 120
permit tcp 10.139.58.0 0.0.0.15 any eq 22
B. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.252
ip access-group 10 in
!
ip access-list standard 10
permit udp 10.139.58.0 0.0.0.7 host 10.122.49.1 eq 22
C. interface FastEthernet0/0
ip address 10.122.49.1 255.255.255.252
ip access-group 110 in
!
ip access-list standard 110
permit tcp 10.139.58.0 0.0.0.15 eq 22 host 10.122.49.1
D. line vty 0 15
access-group 120 in
!
ip access-list extended 120
permit tcp 10.139.58.0 0.0.0.15 any eq 22

When a site-to-site VPN is configured which IPsec mode provides encapsulation and encryption of the entire original IP packet?

A. IPsec transport mode with AH
B. IPsec tunnel mode with AH
C. IPsec transport mode with ESP
D. IPsec tunnel mode with ESP

Which enhancements were implemented as part of WPA3?

A. Forward secrecy and SAE in personal mode for secure initial key exchange
B. 802.1x authentication and AES-128 encryption
C. AES-64 in personal mode and AES-128 in enterprise mode
D. TKIP encryption improving WEP and per-packet keying

How are VLAN hopping attacks mitigated?

A. manually implement trunk ports and disable DTP
B. configure extended VLANs
C. activate all ports and place in the default VLAN
D. enable dynamic ARP inspection

Which device separates networks by security domains?

A. intrusion protection system
B. firewall
C. wireless controller
D. access point