Cisco CCNP Enterprise BOARD
EVALUATION 2026 GUARANTEED PASS
ANSWERS GRADED A+
● What is the third step of the five-step threat intelligence process for
evaluating threat intelligence sources and information? Answer:
Processing
● Vulnerabilities are typically identified by a ___________.? Answer:
CVE (Common Vulnerability & Exposures)
● Which organization maintains the CVE list and its public website,
manages the CVE Compatibility Program, oversees the CVE Naming
Authorities (CNAs), and provides impartial technical guidance to the
CVE Editorial Board throughout the process to ensure that CVE serves
the public interest? Answer: MITRE
● Software and hardware vendors may have separate teams that handle
the investigation, resolution, and disclosure of security vulnerabilities in
their products and services. Typically, these teams are called ________.
Answer: PSIRT
● Which of the following statements accurately describes the
Stakeholder-Specific Vulnerability Categorization (SSVC) system
developed by Carnegie Mellon University's Software Engineering
,Institute (SEI) and the Cybersecurity and Infrastructure Security Agency
(CISA)? Answer: SSVC provides a methodology for vulnerability
analysis, considering aspects like the prevalence of the affected product,
impacts on safety, and the exploitation status of the vulnerability.
● TCSEC (Trusted Computer System Evaluation Criteria) divides
covert channel attacks into two broad categories, including: Answer:
Covert storage channel attacks
Covert timing channel attacks
● Which of the following ISO standard is the specification for an
Information Security Management System (ISMS)? Answer: 27001
● With ___ SQL injection, the attacker obtains the data by using the
same channel that is used to inject the SQL code. Answer: In-band SQL
injection
● Which of the following is an algorithm that allows two devices to
negotiate and establish shared secret keying material (keys) over an
untrusted network? Answer: Diffie-Hellman
● ___ is a method used to verify data integrity. Answer: hashing
● SHA512 checksum (512 bits) output is represented by a _____
hexadecimal number, whereas MD5 produces a 128-bit (16-byte) hash
, value, typically expressed in text format as a 32-digit hexadecimal
number. Answer: 128
● Cisco's _____ services also provide support for validating digital
certificates, including a check to see whether a certificate has been
revoked. Answer: AAA
● Which of the following implementations use a key pair? Answer:
Digital certificates on a web server running TLS
S/MIME
PGP
● Which of the following are examples of hashes? Answer: SHA-1
SHA-2
MD5
● What does OU stand for in the following: CN=Thor,
OU=engineering, O=cisco.com Answer: Organizational Unit
● _____ is a set of identities, roles, policies, and actions for the
creation, use, management, distribution, and revocation of public and
private keys. Answer: PKI
EVALUATION 2026 GUARANTEED PASS
ANSWERS GRADED A+
● What is the third step of the five-step threat intelligence process for
evaluating threat intelligence sources and information? Answer:
Processing
● Vulnerabilities are typically identified by a ___________.? Answer:
CVE (Common Vulnerability & Exposures)
● Which organization maintains the CVE list and its public website,
manages the CVE Compatibility Program, oversees the CVE Naming
Authorities (CNAs), and provides impartial technical guidance to the
CVE Editorial Board throughout the process to ensure that CVE serves
the public interest? Answer: MITRE
● Software and hardware vendors may have separate teams that handle
the investigation, resolution, and disclosure of security vulnerabilities in
their products and services. Typically, these teams are called ________.
Answer: PSIRT
● Which of the following statements accurately describes the
Stakeholder-Specific Vulnerability Categorization (SSVC) system
developed by Carnegie Mellon University's Software Engineering
,Institute (SEI) and the Cybersecurity and Infrastructure Security Agency
(CISA)? Answer: SSVC provides a methodology for vulnerability
analysis, considering aspects like the prevalence of the affected product,
impacts on safety, and the exploitation status of the vulnerability.
● TCSEC (Trusted Computer System Evaluation Criteria) divides
covert channel attacks into two broad categories, including: Answer:
Covert storage channel attacks
Covert timing channel attacks
● Which of the following ISO standard is the specification for an
Information Security Management System (ISMS)? Answer: 27001
● With ___ SQL injection, the attacker obtains the data by using the
same channel that is used to inject the SQL code. Answer: In-band SQL
injection
● Which of the following is an algorithm that allows two devices to
negotiate and establish shared secret keying material (keys) over an
untrusted network? Answer: Diffie-Hellman
● ___ is a method used to verify data integrity. Answer: hashing
● SHA512 checksum (512 bits) output is represented by a _____
hexadecimal number, whereas MD5 produces a 128-bit (16-byte) hash
, value, typically expressed in text format as a 32-digit hexadecimal
number. Answer: 128
● Cisco's _____ services also provide support for validating digital
certificates, including a check to see whether a certificate has been
revoked. Answer: AAA
● Which of the following implementations use a key pair? Answer:
Digital certificates on a web server running TLS
S/MIME
PGP
● Which of the following are examples of hashes? Answer: SHA-1
SHA-2
MD5
● What does OU stand for in the following: CN=Thor,
OU=engineering, O=cisco.com Answer: Organizational Unit
● _____ is a set of identities, roles, policies, and actions for the
creation, use, management, distribution, and revocation of public and
private keys. Answer: PKI
