CCNA Security Chapter 10 Exam Answers
-
Which minimum configuration is required on most ASAs before ASDM can be used?
- SSH
- a dedicated Layer 3 management interface*
- a logical VLAN interface and an Ethernet port other than 0/0
- Ethernet 0/0
-
What must be configured on an ASA before it can be accessed by ASDM?
- web server access*
- Telnet or SSH
- an Ethernet port other than 0/0
- Ethernet 0/0 IP address
-
How is an ASA interface configured as an outside interface when using ASDM?
- Select a check box from the Interface Type option that shows inside, outside, and DMZ.
- Select outside from the Interface Type drop-down menu.
- Enter the name “outside” in the Interface Name text box.*
- Drag the interface to the port labeled “outside” in the ASA drawing.
-
Refer to the exhibit. Which Device Management menu item would be used to access theASA command line from within Cisco ASDM?
- Licensing
- System Image/Configuration
- Management Access*
- Advanced
-
Which ASDM configuration option is used to configure the ASA enable secret password?
- Device Setup*
- Monitoring
- Interfaces
- Device Management
-
Refer to the exhibit. Which Device Setup ASDM menu option would be used to configure the ASA for an NTP server?
- Startup Wizard
- Device Name/Password
- Routing
- Interfaces
- System Time*
-
Which statement describes the function provided to a network administratorwho uses the Cisco Adaptive Security Device Manager (ASDM) GUI that runs as a Java Web Start application?
- The administrator can connect to and manage a single ASA.*
- The administrator can connect to and manage multiple ASA devices.
- The administrator can connect to and manage multiple ASA devices and Cisco routers.
- The administrator can connect to and manage multiple ASA devices, Cisco routers, and Cisco switches.
-
What is one benefit of using ASDM compared to using the CLI to configure the Cisco ASA?
- It does not require any initial device configuration.
- It hides the complexity of security commands.*
- ASDM provides increased configuration security.
- It does not require a remote connection to a Cisco device.
-
Which type of security is required for initial access to the Cisco ASDM by using the local application option?
- SSL*
- WPA2 corporate
- biometric
- AES
-
True or False?
The ASA can be configured through ASDM as a DHCP server.
- false
- true*
-
Which ASDM interface option would be used to configure an ASA as a DHCP server for local corporate devices?
- DMZ
- outside
- local
- inside*
-
Which ASDM configuration option re-encrypts all shared keys and passwords on an ASA?
- security master
- super encryption
- master passphrase*
- device protection
-
Which type of encryption is applied to shared keys and passwords when the master passphrase option is enabled through ASDM for an ASA?
- 3DES
- public/private key
- AES*
- 128-bit
-
When the CLI is used to configure an ISR for a site-to-site VPN connection, which two items must be specified to enable a crypto map policy? (Choose two.)
- the hash
- the peer*
- encryption
- the ISAKMP policy
- a valid access list*
- IP addresses on all active interfaces
-
Which remote-access VPN connection allows the user to connect by using a web browser?
- IPsec (IKEv2) VPN
- site-to-site VPN
- clientless SSL VPN*
- IPsec (IKEv1) VPN
-
Which remote-access VPN connection allows the user to connect using Cisco AnyConnect?
- IPsec (IKEv2) VPN*
- site-to-site VPN
- clientless SSL VPN
- IPsec (IKEv1) VPN
-
Which statement describes available user authentication methods when using an ASA 5505 device?
- The ASA 5505 can use either a AAA server or a local database.*
- The ASA 5505 only uses a AAA server for authentication.
- The ASA 5505 only uses a local database for authentication.
- The ASA 5505 must use both a AAA server and a local database.
-
Which remote-access VPN connection needs a bookmark list?
- IPsec (IKEv1) VPN
- IPsec (IKEv2) VPN
- site-to-site VPN
- clientless SSL VPN*
-
What occurs when a user logs out of the web portal on a clientless SSL VPN connection?
- The browser cache is cleared.
- Downloaded files are deleted.
- The user no longer has access to the VPN.*
- The web portal times out.
-
If an outside host does not have the Cisco AnyConnect client preinstalled, how would the host gain access to the client image?
- The host initiates a clientless connection to a TFTP server to download the client.
- The host initiates a clientless VPN connection using a compliant web browser to download the client.*
- The Cisco AnyConnect client is installed by default on most major operating systems.
- The host initiates a clientless connection to an FTP server to download the client.
-
What is an optional feature that is performed during the Cisco AnyConnect Secure Mobility Client VPN establishment phase?
- security optimization
- host-based ACL installation
- posture assessment*
- quality of service security
-
Which item describes secure protocol support provided by Cisco AnyConnect?
- neither SSL nor IPsec
- SSL only
- both SSL and IPsec*
- IPsec only
-
What is the purpose of configuring an IP address pool to be used for client-based SSL VPN connections?
- to assign addresses to the interfaces on the ASA
- to identify which users are allowed to download the client image
- to assign IP addresses to clients when they connect*
- to identify which clients are allowed to connect
-
What is the purpose of the ACL in the configuration of an ISR site-to-site VPN connection?
- to permit only secure protocols
- to log denied traffic
- to identify the peer
- to define interesting traffic*
-
When ASDM is used to configure an ASA site-to-site VPN, what can be customized to secure traffic?
- ISAKMP
- IKE
- IKE and ISAKMP*
- preshared key
-
Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA?
- clientless SSL*
- site-to-site using an ACL
- site-to-site using a preshared key
- client-based SSL