Module 2 Practice Questions

This covers chapters 3 & 4 from the SCOR cert guide

Which of the following are the three different “planes” in traditional networking?

The management, control, and data planes

Which of the following is true about Cisco ACI?

All of these answers are correct

Which of the following is used to create network overlays?

VXLAN

Which of the following is an identifier or a tag that represents a logical segment?

VXLAN Network Identifier (VNID)

Which of the following is network traffic between servers (virtual servers or physical servers), containers and so on?

East-west traffic

which of the following is an HTTP status code message range related to successful HTTP transactions?

Messages in the 200 range

Which of the following is a Python package that can be used to interact with REST APIs?

requests

Which of the following is a type of API that exclusively uses XML

SOAP

Which of the following is a modern framework of API documentation and is now the basis of the OpenAPI Specification (OAS)?

swagger

Which of the following can be used to retrieve a network device configuration?

All of these answers are correct

The RESTCONF interface is built around a small number of standardized requests. Which of the following are requests supported by RESTCONF?

All of these answers are correct

NETCONF messages are encoded in a(n) ____ structure defined by the NETCONF standard

XML

Which of the following is a Cisco resource where you can learn about network programmability and obtain sample code?

DevNet

A YANG-based server publishes a set of YANG modules which taken together form the system’s ____

YANG model

Which of the following HTTP methods sends data to the server typically used in HTML forms and API requests

POST

Which of the following is a solution that allows you to detect security threats in encrypted traffic without decrypting the packets

ETA

Which of the following is an open-source project that allows you to deploy micro-segmentation policy-based services in container environments?

Contiv

NFV nodes such as virtual routers and firewall need which of the following components as an underlying infrastructure?

All of these answers are correct

There have been multiple IP tunneling mechanism introduced throughout the years. Which of the following are examples of IP tunneling mechanisms?

All of these answers are correct

Which of the following is true about SDN?

All of these answers are correct

You were hires to configure AAA services in an organization and are asked to make sure that users in the engineering department do not have access to resource that are only meant for the finance department. What authorization principle addresses this scenario?

The principle of least privilege and separation of duties

Which of the following describes the type of authentication where the user provides a secret that is only known by them.

Authentication by knowledge

Which of the following is a set of characteristics that can be used to prove a subject’s identity one time and one time only?

One-time passcode (OTP)

Which of the following is an open standard for exchanging authentication and authorization data between identity providers, and is used in many single sign-on (SSO) implementations?

SAML

Which of the following defines how access rights and permission are granted. Examples of that model include object capability, security labels, and ACLs?

An authorization model

An authorization policy should always implement which of the following concepts? (Select all that apply.)

Implicit deny & Need to know

Which of the following is the process of auditing and monitoring what a user does once a specific resource is accessed?

Accounting

Access control lists classify packets by inspecting Layer 2 through Layer 7 headers for a number of parameters, including which of the following?

All of these options are correct.

Which of the following statements are true?

All of these answers are correct.

Network access devices (such as network switches and wireless access points) can use an IEEE protocol than when enabled, will allow traffic on the port only after the device has been authenticated and authorized. Which of the following is an IEEE standard that is used to implement port-based access control?

802.1X

Which of the following provides a cross-platform integration capability between security monitoring applications, threat detection systems, asset management platforms, network policy systems, and practically any other IT operations platform?

pxGrid

Which of the following are examples of some of the more popular policy attributes supported by Cisco ISE?

All of these options are correct

Which of the following commands enables AAA services on a Cisco router?

aaa new-model

Which of the following is the default behavior ofan 802.1X-enabled port?

To authorize only a single MAC address per port

Which of the following are Cisco ISE distributed node types?

All of these options are correct.

Which of the following is a security model created by Google that is similar to the zero-trust concept

BeyondCorp

Which of the following are technologies used in SSO implementations

All of these options are correct.

Which of the following is true about delegation in SSO implementations? (Select all that apply.)

a. SSO implementations use delegation to call

external APIs to authenticate and authorize

users.

b. Delegation is used to make sure that

applications and services do not store passwords

and user information on-premise

Which of the following statements are true about discretionary access controls (DACs)?

All of these options are correct.

RADIUS accounting runs over what protocol and port

UDP port 1813

Which of the following is one primary difference between a malicious hacker and an ethical hacker

Ethical hackers use the same methods but strive to do no harm.

You were hired to configure RADIUS authentication in a VPN implementation. You start RADIUS debugs in the VPN device and notice ACCESS-CHALLENGE messages. What do those messages mean?

ACCESS-CHALLENGE messages are sent if

additional information is needed. The RADIUS

server needs to send an additional challenge to

the access server before authenticating the user.

The ACCESS-CHALLENGE will be followed by a

new ACCESS-REQUEST message.

Which of the following are TACACS+ exchange packets used during the authentication process?

All of these options are correct.

Which of the following is an entity that seeks to be authenticated by an authenticator (switch, wireless access point, and so on)? This entity could use software such as the Cisco AnyConnect Secure Mobility Client.

Supplicant

802.1x uses which of the following protocols?

All of these options are correct.

Which of the following statements is true about

CoA?

RADIUS CoA is a feature that allows a RADIUS

server to adjust the authentication and

authorization state of an active client session.

The _________________ is a structured

replacement for feature-specific configuration

commands. This concept allows you to create

traffic policies based on events, conditions, and

actions.

Cisco Common Classification Policy Language

(C3PL)