CCNA Security Chapter 10 Exam Answers Which minimum configuration is required on most ASAs before ASDM can be used? SSH a dedicated Layer 3 management interface* a logical VLAN interface and an Ethernet port other than 0/0 Ethernet 0/0 What must be configured on an ASA before it can be accessed by ASDM? web server access* Telnet or SSH an Ethernet port other than 0/0 Ethernet 0/0 IP address How is an ASA interface configured as an outside interface when using ASDM? Select a check box from the Interface Type option that shows inside, outside, and DMZ. Select outside from…
Author: adminccna
CCNA Security Chapter 9 Exam Answers What are two factory default configurations on an ASA 5505? (Choose two.) VLAN 2 is configured with the name inside. The internal web server is disabled. DHCP service is enabled for internal hosts to obtain an IP address and a default gateway from the upstream device. PAT is configured to allow internal hosts to access remote networks through an Ethernet interface.* VLAN 1 is assigned a security level of 100.* Which type of NAT would be used on an ASA where 10.0.1.0/24 inside addresses are to be translated only if traffic from these addresses…
CCNA Security Chapter 8 Exam Answers Which three statements describe the IPsec protocol framework? (Choose three.) AH provides integrity and authentication.* ESP provides encryption, authentication, and integrity.* AH uses IP protocol 51.* AH provides encryption and integrity. ESP uses UDP protocol 50. ESP requires both authentication and encryption. Which statement accurately describes a characteristic of IPsec? IPsec works at the application layer and protects all application data. IPsec is a framework of standards developed by Cisco that relies on OSI algorithms. IPsec is a framework of proprietary standards that depend on Cisco specific algorithms. IPsec works at the transport layer…
CCNA Security Chapter 7 Exam Answers Which encryption algorithm is an asymmetric algorithm? DH* SEAL 3DES AES An online retailer needs a service to support the nonrepudiation of the transaction. Which component is used for this service? the private key of the retailer the unique shared secret known only by the retailer and the customer the public key of the retailer the digital signatures* In which situation is an asymmetric key algorithm used? Two Cisco routers authenticate each other with CHAP. User data is transmitted across the network after a VPN is established. An office manager encrypts confidential files before…
CCNA Security Chapter 6 Exam Answers Two devices that are connected to the same switch need to be totally isolated from one another. Which Cisco switch security feature will provide this isolation? PVLAN Edge* DTP SPAN BPDU guard What component of Cisco NAC is responsible for performing deep inspection of device security profiles? Cisco NAC Profiler Cisco NAC Agent* Cisco NAC Manager Cisco NAC Server Which three functions are provided under Cisco NAC framework solution? (Choose three.) VPN connection AAA services* intrusion prevention scanning for policy compliance* secure connection to servers remediation for noncompliant devices* Which feature is part of…
CCNA Security Chapter 5 Exam Answers Which two benefits does the IPS version 5.x signature format provide over the version 4.x signature format? (Choose two.) support for IPX and AppleTalk protocols addition of signature micro engines support for comma-delimited data import support for encrypted signature parameters* addition of a signature risk rating* Which type of IPS signature detection is used to distract and confuse attackers? honeypot-based detection* policy-based detection pattern-based detection anomaly-based detection Which statement is true about an atomic alert that is generated by an IPS? It is an alert that is used only when a logging attack has…
CCNA Security Chapter 4 Exam Answers Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table? ipv6 access-class ENG_ACL in ipv6 traffic-filter ENG_ACL out ipv6 traffic-filter ENG_ACL in* ipv6 access-class ENG_ACL out Which statement describes a typical security policy for a DMZ firewall configuration? Traffic that originates from the inside interface is generally blocked entirely or very selectively permitted to the outside interface. Traffic that originates from the DMZ interface is selectively permitted to the outside interface.* Traffic that originates from the outside interface…
CCNA Security Chapter 3 Exam Answers Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this? accounting accessibility auditing authorization* authentication Why is authentication with AAA preferred over a local database method? It provides a fallback authentication method if the administrator forgets the username or password.* It uses less network bandwidth. It specifies a different password for each line or port. It requires a login and password combination on the console, vty lines, and aux ports. Which authentication method stores usernames and passwords in ther router and is ideal for small…
CCNA Security Chapter 2 Exam Answers What command must be issued to enable login enhancements on a Cisco router? privilege exec level login delay login block-for* banner motd What is the default privilege level of user accounts created on Cisco routers? 0 1 15* 16 A network administrator notices that unsuccessful login attempts have caused a router to enter quiet mode. How can the administrator maintain remote access to the networks even during quiet mode? Quiet mode behavior can be enabled via an ip access-group command on a physical interface. Quiet mode behavior will only prevent specific user accounts from…
CCNA Security Chapter 1 Exam Answers Which statement accurately characterizes the evolution of threats to network security? Internal threats can cause even greater damage than external threats.* Threats have become less sophisticated while the technical knowledge needed by an attacker has grown. Early Internet users often engaged in activities that would harm other users. Internet architects planned for network security from the beginning. An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this? trust exploitation buffer overflow man in the middle* port redirection What…
The Cisco Networking Academy® CCNA Routing and Switching curriculum is designed for students who are seeking entry-level ICT jobs or plan to pursue more specialized ICT skills. CCNA Routing and Switching provides comprehensive coverage of networking topics, from fundamentals to advanced applications and services, with opportunities for hands-on practical experience and career skills development Cisco Certifications Students will be prepared to take the Cisco CCENT® certification exam after completing a set of two courses and the CCNA® Routing and Switching certification exam after completing a set of four courses. Features and Benefits The CCNA Routing and Switching curriculum offers the…
CCNA 2 Practice Final Exam Answers The buffers for packet processing and the running configuration file are temporarily stored in which type of router memory? flash NVRAM RAM* ROM Refer to the exhibit. A company has an internal network of 192.168.10.0/24 for their employee workstations and a DMZ network of 192.168.3.0/24 to host servers. The company uses NAT when inside hosts connect to outside network. A network administrator issues the show ip nat translations command to check the NAT configurations. Which one of source IPv4 addresses is translated by R1 with PAT? 10.0.0.31 192.168.3.5 192.168.3.33 192.168.10.35* 172.16.20.5 Refer to the…