CCNA v6.0 Routing and Switching

CCNA Security Final Exam v1.2 Exam Answers

  • 29/08/2017 09:48
  • /
  • 29

CCNA Security Final Exam v1.2 Questions and Answers CCNAS 1. Which statement is true about the One-Step lockdown feature of the CCP Security Audit wizard? It sets an access class ACL on VTY lines.* It enables TCP intercepts. It provides an option for configuring SNMPv3 on all routers. It enables the Secure Copy Protocol (SCP). It supports AAA configuration. _______________________________________________________________ 2. With the Cisco AnyConnect VPN wizard, which two protocols can be used for tunnel group configuration? (Choose two.) MPLS SSH* PPTP ESP IPsec* _______________________________________________________________ 3. What are two disadvantages of using network IPS? (Choose two.) Network IPS is operating system-dependent and must be customized for each platform. Network IPS is incapable of examining encrypted traffic.* Network IPS is unable to provide a clear indication of the extent to which the network is being attacked. Network IPS sensors are difficult to deploy when new

CCNA Security Chapter 10 Answers v1.2

  • 29/08/2017 09:47
  • /
  • 12

CCNA Security Chapter 10 Answers v1.2 CCNAS Questions 1. A network security manager has been tasked with supporting some staff to work from home on a part time basis. What Cisco Secure access product will allow this manager to provide secure, manageable voice and video services to this group of personnel? Cisco Secure Access Control System Cisco AnyConnect Cisco NAC Appliance Cisco Virtual Office* Cisco Identity Services Engine _______________________________________________________________ 2. Which two security features must be implemented when SCP is a part of a company security plan? (Choose two.) AAA authorization* AES encrypted Cisco IOS File System SSH* TCP/IP-based VPN _______________________________________________________________ 3. What are two attributes of a qualitative risk analysis? (Choose two.) It is measurable. It assigns values to assets. It is exploratory.* It is descriptive.* It uses a mathematical model. _____________________________________________________________

CCNA Security Chapter 4 Answers v1.2

  • 29/08/2017 09:47
  • /
  • 22

CCNA Security Chapter 4 Answers v1.2 Quiz Test CCNAS Questions Cisco 1. Refer to the exhibit. The ACL statement is the only one explicitly configured on the router. Based on this information, which two conclusions can be drawn regarding remote access network connections? (Choose two.) SSH connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are allowed.* Telnet connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are allowed. SSH connections from the 192.168.2.0/24 network to the 192.168.1.0/24 network are allowed. Telnet connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are blocked.* SSH connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are blocked. Telnet connections from the 192.168.2.0/24 network to the 192.168.1.0/24 network are allowed. _______________________________________________________________ 2. Which two are characteristics of ACLs? (Choose two.) Extended ACLs can filter on

CCNA Security Chapter 3 Answers v1.2

  • 29/08/2017 09:47
  • /
  • 19

CCNA Security Chapter 3 Answers v1.2 CCNAS Questions Cisco 1. Why is local database authentication preferred over a password-only login? It specifies a different password for each line or port. It provides for authentication and accountability.* It requires a login and password combination on console, vty lines, and aux ports. It is more efficient for users who only need to enter a password to gain entry to a device. _______________________________________________________________ 2. Which authentication method stores usernames and passwords in the router and is ideal for small networks? local AAA* local AAA over RADIUS local AAA over TACACS+ server-based AAA server-based AAA over RADIUS server-based AAA over TACACS+ _______________________________________________________________ 3. In regards to Cisco Secure ACS, what is a client device? a web server, email server, or FTP server the computer used by a network administrator network users who must access privileged EXEC commands a router

CCNA Security Chapter 2 Answers v1.2

  • 29/08/2017 09:47
  • /
  • 19

CCNA Security Chapter 2 Answers v1.2 CCNAS Questions 1. Refer to the exhibit. What two pieces of information can be gathered from the generated message? (Choose two. ) This message is a level five notification message.* This message appeared because a minor error occurred requiring further investigation. This message appeared because a major error occurred requiring immediate action. This message indicates that service timestamps have been globally enabled.* This message indicates that enhanced security was configured on the vty ports. _______________________________________________________________ 2. By default, how many seconds of delay between virtual login attempts is invoked when the login block-for command is configured? one* two three four five _______________________________________________________________ 3. Refer to the exhibit. Routers R1 and R2 are connected via a serial link. One router is configured as the NTP master, and the other is an NTP client. Which two pieces of

CCNA Security Chapter 1 Answers v1.2

  • 29/08/2017 09:47
  • /
  • 36

CCNA Security Chapter 1 Answers v1.2 CCNAS Questions 1. What are the basic phases of attack that can be used by a virus or worm in sequential order? paralyze, probe, penetrate, persist, and propagate probe, penetrate, persist, propagate, and paralyze* penetrate, persist, propagate, paralyze, and probe persist, propagate, paralyze, probe, and penetrate _______________________________________________________________ 2. Which two are characteristics of DoS attacks? (Choose two.) They always precede access attacks. They attempt to compromise the availability of a network, host, or application.* They are difficult to conduct and are initiated only by very skilled attackers. They are commonly launched with a tool called L0phtCrack. Examples include smurf attacks and ping of death attacks.* _______________________________________________________________ 3. Users report to the helpdesk that icons usually seen on the menu bar are randomly appearing on their computer screens. What could be a

CCNA Security 2.0 PT Practice SA Part 1

  • 29/08/2017 09:45
  • /
  • 15

A few things to keep in mind while completing this activity: Do not use the browser Back button or close or reload any exam windows during the exam. Do not close Packet Tracer when you are done. It will close automatically. Click the Submit Assessment button to submit your work. Introduction In this practice Packet Tracer Skills Based Assessment, you will: configure basic device hardening and secure network management configure port security and disable unused switch ports configure an IOS IPS configure a Zone-based Policy Firewall (ZPF) to implement security policies Addressing Table Device Interface IP Address Subnet Mask Gateway DNS server Internet S0/0/0 209.165.200.225 255.255.255.252 n/a S0/0/1 192.31.7.1 255.255.255.252 n/a G0/0 192.135.250.1 255.255.255.0 n/a Public Svr NIC 192.135.250.5 255.255.255.0 192.135.250.1 External S0/0/0 192.31.7.2 255.255.255.252 n/a G0/0 192.31.7.62 255.255.255.224 n/a External Web Svr NIC 192.31.7.35 255.255.255.224

CCNA Security v2.0 Chapter 11 Exam

  • 29/08/2017 09:45
  • /
  • 40

1. Which security test is appropriate for detecting system weaknesses such as misconfiguration, default passwords, and potential DoS targets? vulnerability scanning* network scanning integrity checkers penetration testing   2. How does network scanning help assess operations security? It can simulate attacks from malicious sources. It can log abnormal activity. It can detect open TCP ports on network systems.* It can detect weak or blank passwords.   3. What is the objective of the governing policy in the security policy hierarchy structure? It covers all rules pertaining to information security that end users should know about and follow. It outlines the company’s overall security goals for managers and technical staff.* It provides general policies on how the technical staff should perform security functions. It defines system…Read More...

CCNA Security v2.0 Chapter 10 Exam

  • 29/08/2017 09:45
  • /
  • 16

1. Which statement describes the function provided to a network administratorwho uses the Cisco Adaptive Security Device Manager (ASDM) GUI that runs as a Java Web Start application? The administrator can connect to and manage a single ASA.* The administrator can connect to and manage multiple ASA devices. The administrator can connect to and manage multiple ASA devices and Cisco routers. The administrator can connect to and manage multiple ASA devices, Cisco routers, and Cisco switches.   2. What is one benefit of using ASDM compared to using the CLI to configure the Cisco ASA? It does not require any initial device configuration. It hides the complexity of security commands.* ASDM provides increased configuration security. It does not require a remote connection to a Cisco…Read More...

CCNA Security v2.0 Chapter 9 Exam

  • 29/08/2017 09:45
  • /
  • 35

1. Refer to the exhibit. An administrator creates three zones (A, B, and C) in an ASA that filters traffic. Traffic originating from Zone A going to Zone C is denied, and traffic originating from Zone B going to Zone C is denied. What is a possible scenario for Zones A, B, and C?   A – DMZ, B – Inside, C – Outside A – Inside, B – DMZ, C – Outside A – Outside, B – Inside, C – DMZ A – DMZ, B – Outside, C – Inside*   2. What is one of the drawbacks to using transparent mode operation on an ASA device? no support for IP addressing no support for management no support for using an ASA as a…Read More...

CCNA Security v2.0 Chapter 8 Exam

  • 29/08/2017 09:45
  • /
  • 13

1. Refer to the exhibit. How will traffic that does not match that defined by access list 101 be treated by the router?   It will be sent unencrypted.* It will be sent encrypted. It will be blocked. It will be discarded.   2. What three protocols must be permitted through the company firewall for establishment of IPsec site-to-site VPNs? (Choose three.) HTTPS SSH AH* ISAKMP* NTP ESP*   3. Which statement describes the effect of key length in deterring an attacker from hacking through an encryption key? The length of a key does not affect the degree of security. The shorter the key, the harder it is to break. The length of a key will not vary between encryption algorithms. The longer the key,…Read More...

CCNA Security v2.0 Chapter 7 Exam

  • 29/08/2017 09:45
  • /
  • 16

1. What is the focus of cryptanalysis? hiding secret codes developing secret codes breaking encrypted codes* implementing encrypted codes   2. How many bits does the Data Encryption Standard (DES) use for data encryption? 40 bits 56 bits* 64 bits 72 bits   3. Which statement describes the Software-Optimized Encryption Algorithm (SEAL)? SEAL is a stream cipher.* It uses a 112-bit encryption key. It is an example of an asymmetric algorithm. It requires more CPU resources than software-based AES does.   4. Which encryption algorithm is an asymmetric algorithm? DH* SEAL 3DES AES   5. An online retailer needs a service to support the nonrepudiation of the transaction. Which component is used for this service? the private key of the retailer the unique shared secret…Read More...

CCNA Security v2.0 Chapter 6 Exam

  • 29/08/2017 09:45
  • /
  • 16

1. Refer to the exhibit. The Fa0/2 interface on switch S1 has been configured with the switchport port-security mac-address 0023.189d.6456 command and a workstation has been connected. What could be the reason that the Fa0/2 interface is shutdown? The connection between S1 and PC1 is via a crossover cable. The Fa0/24 interface of S1 is configured with the same MAC address as the Fa0/2 interface. S1 has been configured with a switchport port-security aging command. The MAC address of PC1 that connects to the Fa0/2 interface is not the configured MAC address.*   2. Two devices that are connected to the same switch need to be totally isolated from one another. Which Cisco switch security feature will provide this isolation? PVLAN Edge* DTP SPAN BPDU…Read More...

CCNA Security v2.0 Chapter 5 Exam

  • 29/08/2017 09:45
  • /
  • 11

1. What information must an IPS track in order to detect attacks matching a composite signature? the total number of packets in the attack the attacking period used by the attacker the network bandwidth consumed by all packets the state of packets related to the attack*   2. What is a disadvantage of a pattern-based detection mechanism? The normal network traffic pattern must be profiled first. It cannot detect unknown attacks.* It is difficult to deploy in a large network. Its configuration is complex.   3. What is the purpose in configuring an IOS IPS crypto key when enabling IOS IPS on a Cisco router? to secure the IOS image in flash to enable Cisco Configuration Professional to be launched securely to encrypt the master…Read More...

CCNA Security v2.0 Chapter 4 Exam

  • 29/08/2017 09:45
  • /
  • 17

1. Refer to the exhibit. If a hacker on the outside network sends an IP packet with source address 172.30.1.50, destination address 10.0.0.3, source port 23, and destination port 2447, what does the Cisco IOS firewall do with the packet? The initial packet is dropped, but subsequent packets are forwarded. The packet is forwarded, and an alert is generated. The packet is forwarded, and no alert is generated. The packet is dropped.*   2. To facilitate the troubleshooting process, which inbound ICMP message should be permitted on an outside interface? echo request time-stamp request echo reply* time-stamp reply router advertisement   3. Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing…Read More...

CCNA Security v2.0 Chapter 3 Exam

  • 29/08/2017 09:44
  • /
  • 13

1. Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this? accounting accessibility auditing authorization* authentication   2. Why is authentication with AAA preferred over a local database method? It provides a fallback authentication method if the administrator forgets the username or password.* It uses less network bandwidth. It specifies a different password for each line or port. It requires a login and password combination on the console, vty lines, and aux ports.   3. Which authentication method stores usernames and passwords in ther router and is ideal for small networks. local AAA over TACACS+ server-based AAA over TACACS+ local AAA* local AAA over RADIUS server-based AAA over RADIUS server-based AAA   4. Which component of…Read More...

CCNA Security v2.0 Chapter 2 Exam

  • 29/08/2017 09:44
  • /
  • 20

1. An administrator defined a local user account with a secret password on router R1 for use with SSH. Which three additional steps are required to configure R1 to accept only encrypted SSH connections? (Choose three.) Enable inbound vty SSH sessions.* Generate two-way pre-shared keys. Configure DNS on the router. Configure the IP domain name on the router.* Enable inbound vty Telnet sessions. Generate the SSH keys.*   2. Which set of commands are required to create a username of admin, hash the password using MD5, and force the router to access the internal username database when a user attempts to access the console? R1(config)# username admin password Admin01pa55 R1(config)# line con 0 R1(config-line)# login local R1(config)# username admin secret Admin01pa55 R1(config)# line con 0…Read More...

CCNA Security v2.0 Chapter 1 Exam

  • 29/08/2017 09:44
  • /
  • 28

1. What method can be used to mitigate ping sweeps? using encrypted or hashed authentication protocols installing antivirus software on hosts deploying antisniffer software on all network devices blocking ICMP echo and echo-replies at the network edge*   2. What are the three major components of a worm attack? (Choose three.) a penetration mechanism an infecting vulnerability a payload* an enabling vulnerability* a probing mechanism a propagation mechanism*   3. Which statement accurately characterizes the evolution of threats to network security? Internal threats can cause even greater damage than external threats.* Threats have become less sophisticated while the technical knowledge needed by an attacker has grown. Early Internet users often engaged in activities that would harm other users. Internet architects planned for network security from…Read More...


About Us

CCNA v5 Answers, CCNA v5 Blog, CCNA 5 Blog, CCNA Blog

Articles

Our Contacts