The Ultimate Network Security Exam Practice Test

Approved & Edited by ProProfs Editorial Team
At ProProfs Quizzes, our dedicated in-house team of experts takes pride in their work. With a sharp eye for detail, they meticulously review each quiz. This ensures that every quiz, taken by over 100 million users, meets our standards of accuracy, clarity, and engagement.
Learn about Our Editorial Process
| Written by Napoleon.chavarri
N
Napoleon.chavarri
Community Contributor
Quizzes Created: 1 | Total Attempts: 99
Questions: 289 | Attempts: 99

SettingsSettingsSettings
Network Quizzes & Trivia

Do you know anything about network security, and do you think you can pass this quiz? Network security consists of the rules, activities, and practices adopted to prevent, detect, and monitor your PC so that no one else can gain access to it. Network security involves the authorization of information in a network, which the network administrator regulates. If you intend to learn more about network security, this is the quiz for you.


Questions and Answers
  • 1. 

    What security feature allows a private IP address to access the Internet by translating it to a public address?

    • A. 

      NAT

    • B. 

      Bhairpinnig

    • C. 

      Trusted Network Detection

    • D. 

      Certification Authority

    Correct Answer
    A. NAT
    Explanation
    NAT (Network Address Translation) is a security feature that allows a private IP address to access the Internet by translating it to a public address. It works by modifying the source and/or destination IP addresses in IP packets as they pass through a router or firewall, allowing multiple devices with private IP addresses to share a single public IP address. This helps to hide the private IP addresses from the public network, providing an additional layer of security.

    Rate this question:

  • 2. 

    You have configured R1 and R2 as shown, but the routers are unable to establish a site-to-site VPN tunnel. What action can you take to correct the problem?

    • A. 

      Edit the crypto keys on R1 and R2 to match

    • B. 

      Edit the ISAKMP policy sequence numbers on R1 and R2 to match.

    • C. 

      Set a valid value for the crypto key lifetime on each router

    • D. 

      Edit the crypto isakmp key command on each router with the address value of its own interface

    Correct Answer
    A. Edit the crypto keys on R1 and R2 to match
  • 3. 

    What is the effect of the given command?

    • A. 

      It merges authentication and encryption methods to protect traffic that matches an ACL.

    • B. 

      It configures the network to use a different transform set between peers

    • C. 

      It configures encryption for MD5 HMAC.

    • D. 

      It configures authentication as AES 256

    Correct Answer
    A. It merges authentication and encryption methods to protect traffic that matches an ACL.
    Explanation
    The effect of the given command is that it merges authentication and encryption methods to protect traffic that matches an ACL. This means that the command combines both authentication and encryption techniques to secure the data traffic that meets the criteria specified in the ACL.

    Rate this question:

  • 4. 

    While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?

    • A. 

      IPSec Phase 1 is established between 10.10.10.2 and 10.1.1.5.

    • B. 

      IPSec Phase 2 is established between 10.10.10.2 and 10.1.1.5.

    • C. 

      IPSec Phase 1 is down due to a QM_IDLE state.

    • D. 

      IPSec Phase 2 is down due to a QM_IDLE state.

    Correct Answer
    A. IPSec Phase 1 is established between 10.10.10.2 and 10.1.1.5.
    Explanation
    The given output shows that IPSec Phase 1 is established between the IP addresses 10.10.10.2 and 10.1.1.5. This means that the initial negotiation and authentication process for the VPN tunnel has been successfully completed between the two endpoints. However, the output does not provide any information about the status of IPSec Phase 2.

    Rate this question:

  • 5. 

    While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?

    • A. 

      IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2.

    • B. 

      IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10.10.2.

    • C. 

      IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2

    • D. 

      IKE Phase 1 aggressive mode has successfully negotiated between 10.1.1.5 and 10.10.10.2.

    Correct Answer
    A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2.
    Explanation
    The given output indicates that the IKE Phase 1 main mode was initiated on 10.1.1.5, but it failed to negotiate with 10.10.10.2. This means that there was a problem in establishing the secure channel between the two VPN endpoints.

    Rate this question:

  • 6. 

    Which statement about IOS privilege levels is true?

    • A. 

      Each privilege level supports the commands at its own level and all levels below it.

    • B. 

      Each privilege level supports the commands at its own level and all levels above it.

    • C. 

      Privilege-level commands are set explicitly for each user

    • D. 

      Each privilege level is independent of all other privilege levels

    Correct Answer
    A. Each privilege level supports the commands at its own level and all levels below it.
    Explanation
    Each privilege level supports the commands at its own level and all levels below it. This means that a user with a higher privilege level can access and execute commands at their own level as well as all lower privilege levels.

    Rate this question:

  • 7. 

    Which line in this configuration prevents the HelpDesk user from modifying the interface configuration?

    • A. 

      Privilege exec level 9 configure terminal

    • B. 

      Privilege exec level 10 interface

    • C. 

      Username HelpDesk privilege 6 password help

    • D. 

      Privilege exec level 7 show start-up

    Correct Answer
    A. Privilege exec level 9 configure terminal
    Explanation
    The line "Privilege exec level 9 configure terminal" prevents the HelpDesk user from modifying the interface configuration because it sets the privilege level required for the user to access the "configure terminal" command to 9. Since the HelpDesk user has a privilege level of 6 (as indicated by the line "Username HelpDesk privilege 6 password help"), they do not have the necessary privilege level to execute the "configure terminal" command.

    Rate this question:

  • 8. 

    In the router ospf 200 command, what does the value 200 stand for?

    • A. 

      Process ID

    • B. 

      Area ID

    • C. 

      Administrative distance value

    • D. 

      ABR ID

    Correct Answer
    A. Process ID
    Explanation
    The value 200 in the "router ospf 200" command stands for the process ID. OSPF (Open Shortest Path First) is a routing protocol that uses process IDs to identify different instances of OSPF running on a router. Each OSPF process is assigned a unique process ID, and the router ospf command is used to enable OSPF routing and specify the process ID for that instance.

    Rate this question:

  • 9. 

    Which feature filters CoPP packets?

    • A. 

      Access control lists

    • B. 

      Class maps

    • C. 

      Policy maps

    • D. 

      Route maps

    Correct Answer
    A. Access control lists
    Explanation
    Access control lists (ACLs) are used to filter CoPP (Control Plane Policing) packets. ACLs allow network administrators to define rules that determine which packets are allowed to pass through a network device and which ones are dropped. In the case of CoPP, ACLs are used to filter and control the traffic that is destined for the control plane of a network device, ensuring that only authorized packets are allowed to reach the control plane and protecting it from potential attacks or excessive traffic.

    Rate this question:

  • 10. 

    The Admin user is unable to enter configuration mode on a device with the given configuration

    • A. 

      Remove the autocommand keyword and arguments from the username admin privilege line.

    • B. 

      Change the Privilege exec level value to 15

    • C. 

      Remove the two Username Admin lines.

    • D. 

      Remove the Privilege exec line

    Correct Answer
    A. Remove the autocommand keyword and arguments from the username admin privilege line.
    Explanation
    The Admin user is unable to enter configuration mode on a device because there is an autocommand keyword and arguments present in the username admin privilege line. This autocommand is preventing the user from accessing the configuration mode. By removing the autocommand keyword and arguments from the username admin privilege line, the issue will be resolved and the Admin user will be able to enter configuration mode on the device.

    Rate this question:

  • 11. 

    In which type of attack does the attacker attempt to overload the CAM table on a switch so that the switch acts as a hub?

    • A. 

      MAC spoofing

    • B. 

      Gratuitous ARP

    • C. 

      MAC flooding

    • D. 

      DoS

    Correct Answer
    C. MAC flooding
    Explanation
    MAC flooding is the correct answer because in this type of attack, the attacker floods the switch's CAM table with fake MAC addresses, causing it to become full. When the CAM table is full, the switch is unable to determine the correct port to forward network traffic to, and it starts acting like a hub, broadcasting all incoming traffic to all ports. This allows the attacker to intercept and analyze network traffic, compromising the security and performance of the network.

    Rate this question:

  • 12. 

    Which type of PVLAN port allows hosts in the same VLAN to communicate directly with each other?

    • A. 

      Community for hosts in the PVLAN

    • B. 

      Promiscuous for hosts in the PVLAN

    • C. 

      Isolated for hosts in the PVLAN

    • D. 

      Span for hosts in the PVLAN

    Correct Answer
    A. Community for hosts in the PVLAN
    Explanation
    A community PVLAN port allows hosts in the same PVLAN to communicate directly with each other. This means that hosts within the community PVLAN can send and receive traffic among themselves without any restriction.

    Rate this question:

  • 13. 

    What is a potential drawback to leaving VLAN 1 as the native VLAN?

    • A. 

      It may be susceptible to a VLAN hoping attack.

    • B. 

      Gratuitous ARPs might be able to conduct a man-in-the-middle attack.

    • C. 

      The CAM might be overloaded, effectively turning the switch into a hub.

    • D. 

      VLAN 1 might be vulnerable to IP address spoofing

    Correct Answer
    A. It may be susceptible to a VLAN hoping attack.
    Explanation
    Leaving VLAN 1 as the native VLAN can be a potential drawback because it may make the network susceptible to a VLAN hopping attack. In a VLAN hopping attack, an attacker can gain unauthorized access to VLANs other than the native VLAN by exploiting the way VLAN trunking protocols work. By leaving VLAN 1 as the native VLAN, the attacker can potentially bypass security measures and gain access to sensitive information or resources in other VLANs. Therefore, it is recommended to change the native VLAN to a different VLAN number to mitigate the risk of VLAN hopping attacks.

    Rate this question:

  • 14. 

    In which three cases does the ASA firewall permit inbound HTTP GET requests during normal operations? (Choose three).

    • A. 

      When matching NAT entries are configured

    • B. 

      When matching ACL entries are configured

    • C. 

      When the firewall receives a SYN-ACK packet

    • D. 

      When the firewall receives a SYN packet

    • E. 

      When the firewall requires HTTP inspection

    • F. 

      When the firewall requires strict HTTP inspection

    Correct Answer(s)
    A. When matching NAT entries are configured
    B. When matching ACL entries are configured
    D. When the firewall receives a SYN packet
    Explanation
    The ASA firewall permits inbound HTTP GET requests during normal operations when matching NAT entries are configured, when matching ACL entries are configured, and when the firewall receives a SYN packet.

    Rate this question:

  • 15. 

    Which firewall configuration must you perform to allow traffic to flow in both directions between two zones?

    • A. 

      You must configure two zone pairs, one for each direction

    • B. 

      You can configure a single zone pair that allows bidirectional traffic flows for any zone

    • C. 

      You can configure a single zone pair that allows bidirectional traffic flows for any zone except the self zone.

    • D. 

      You can configure a single zone pair that allows bidirectional traffic flows only if the source zone is the less secure zone.

    Correct Answer
    A. You must configure two zone pairs, one for each direction
    Explanation
    The correct answer states that you must configure two zone pairs, one for each direction. This means that in order to allow traffic to flow in both directions between two zones, you need to create separate zone pairs for traffic going from Zone A to Zone B and for traffic going from Zone B to Zone A. This ensures that bidirectional traffic flows are allowed between the two zones.

    Rate this question:

  • 16. 

    What is a valid implicit permit rule for traffic that is traversing the ASA firewall?

    • A. 

      ARPs in both directions are permitted in transparent mode only

    • B. 

      Unicast IPv4 traffic from a higher security interface to a lower security interface is permitted in routed mode only

    • C. 

      Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in transparent mode only.

    • D. 

      Only BPDUs from a higher security interface to a lower security interface are permitted in routed mode.

    Correct Answer
    A. ARPs in both directions are permitted in transparent mode only
    Explanation
    In a transparent mode ASA firewall, ARPs in both directions are permitted. This means that Address Resolution Protocol (ARP) requests and replies are allowed to pass through the firewall. Transparent mode allows the firewall to act as a bridge, forwarding traffic between interfaces without performing any network address translation (NAT) or IP routing. In this mode, the firewall does not inspect or modify the IP packets, but it still allows the necessary ARP traffic for proper communication between devices on different networks.

    Rate this question:

  • 17. 

    Which statement about the communication between interfaces on the same security level is true?

    • A. 

      Interfaces on the same security level require additional configuration to permit inter-interface communication 

    • B. 

      Configuring interfaces on the same security level can cause asymmetric routing.

    • C. 

      All traffic is allowed by default between interfaces on the same security level

    • D. 

      You can configure only one interface on an individual security level

    Correct Answer
    A. Interfaces on the same security level require additional configuration to permit inter-interface communication 
    Explanation
    Interfaces on the same security level require additional configuration to permit inter-interface communication. This means that by default, communication between interfaces on the same security level is not allowed. Therefore, additional configuration is necessary to explicitly permit this type of communication.

    Rate this question:

  • 18. 

    Which IPS mode provides the maximum number of actions?

    • A. 

      Inline

    • B. 

      Promiscuous

    • C. 

      Span

    • D. 

      Failover

    • E. 

      Bypass

    Correct Answer
    A. Inline
    Explanation
    The inline IPS mode provides the maximum number of actions because it operates directly in the network traffic path and can actively block or allow traffic in real-time. This mode allows for the most granular control and flexibility in terms of taking actions on detected threats.

    Rate this question:

  • 19. 

    How can you detect a false negative on an IPS?

    • A. 

      View the alert on the IPS

    • B. 

      . Review the IPS log

    • C. 

      Review the IPS console.

    • D. 

      Use a third-party system to perform penetration testing

    • E. 

      Use a third-party to audit the next-generation firewall rules

    Correct Answer
    D. Use a third-party system to perform penetration testing
    Explanation
    To detect a false negative on an IPS (Intrusion Prevention System), one can use a third-party system to perform penetration testing. This involves simulating attacks on the system to identify any vulnerabilities or weaknesses that the IPS may have missed. By conducting penetration testing with a third-party system, it helps validate the effectiveness of the IPS and identify any false negatives where the system failed to detect or block an actual attack. This allows for improvements to be made to the IPS configuration or rules to enhance its security capabilities.

    Rate this question:

  • 20. 

    What is the primary purpose of a defined rule in an IPS?

    • A. 

      To configure an event action that takes place when a signature is triggered

    • B. 

      To define a set of actions that occur when a specific user logs in to the system

    • C. 

      To configure an event action that is pre-defined by the system administrator

    • D. 

      To detect internal attacks

    Correct Answer
    A. To configure an event action that takes place when a signature is triggered
    Explanation
    A defined rule in an IPS is used to configure an event action that takes place when a signature is triggered. This means that when a specific behavior or pattern is detected by the IPS, it will initiate a pre-defined action such as blocking the traffic, sending an alert, or logging the event. The purpose of this is to provide an automated response to potential security threats and ensure that appropriate actions are taken in real-time to protect the system from attacks.

    Rate this question:

  • 21. 

    How can FirePOWER block malicious email attachments?

    • A. 

      It forwards email requests to an external signature engine

    • B. 

      It scans inbound email messages for known bad URLs

    • C. 

      It sends the traffic through a file policy

    • D. 

      It sends an alert to the administrator to verify suspicious email messages

    Correct Answer
    C. It sends the traffic through a file policy
    Explanation
    FirePOWER can block malicious email attachments by sending the traffic through a file policy. This means that when an email with an attachment is received, FirePOWER will analyze the file based on predefined rules and policies. If the file is identified as malicious or suspicious, FirePOWER will block the attachment from being delivered to the recipient. This helps to prevent potential malware or other harmful content from entering the network through email attachments.

    Rate this question:

  • 22. 

    You have been tasked with blocking user access to websites that violate company policy, but the sites use dynamic IP addresses. What is the best practice for URL filtering to solve the problem?

    • A. 

      Enable URL filtering and use URL categorization to block the websites that violate company policy

    • B. 

      Enable URL filtering and create a blacklist to block the websites that violate company policy

    • C. 

      Enable URL filtering and create a whitelist to block the websites that violate company policy.

    • D. 

      Enable URL filtering and use URL categorization to allow only the websites that company policy  allows users to access.

    Correct Answer
    A. Enable URL filtering and use URL categorization to block the websites that violate company policy
    Explanation
    The best practice for URL filtering to solve the problem of blocking user access to websites that violate company policy is to enable URL filtering and use URL categorization to block the websites. This approach allows for a more efficient and effective filtering process as it categorizes the websites based on their content or purpose and blocks the ones that violate the company policy. This ensures that only the websites that comply with the policy are accessible to the users. Using a blacklist or whitelist may not be as comprehensive or flexible in addressing the dynamic IP addresses of the websites.

    Rate this question:

  • 23. 

    Which technology can be used to rate data fidelity and to provide an authenticated hash for data?

    • A. 

      File reputation

    • B. 

      File analysis

    • C. 

      Signature updates

    • D. 

      Network blocking

    Correct Answer
    A. File reputation
    Explanation
    File reputation technology can be used to rate data fidelity and provide an authenticated hash for data. This technology assesses the reputation of files based on their behavior and characteristics, determining whether they are trustworthy or potentially malicious. By analyzing the reputation of files, it can help ensure data fidelity by identifying and flagging any files that may be compromised or tampered with. Additionally, file reputation technology can generate authenticated hashes for data, allowing for verification and integrity checks to ensure the data has not been altered.

    Rate this question:

  • 24. 

    Which type of encryption technology has the broadest platform support to protect operating systems?

    • A. 

      Software

    • B. 

      Hardware

    • C. 

      Middleware

    • D. 

      File-level

    Correct Answer
    A. Software
    Explanation
    Software encryption technology has the broadest platform support to protect operating systems. This is because software encryption can be implemented on any operating system regardless of the underlying hardware or middleware. It provides a versatile and flexible solution that can be easily integrated into different software applications and platforms. Hardware encryption, on the other hand, is limited to specific hardware devices, while middleware and file-level encryption are more specific to certain applications or file types. Therefore, software encryption is the most widely supported option for protecting operating systems.

    Rate this question:

  • 25. 

    A proxy firewall protects against which type of attack?

    • A. 

      Cross-site scripting attack

    • B. 

      Worm traffic

    • C. 

      Port scanning

    • D. 

      DDoS attacks

    Correct Answer
    A. Cross-site scripting attack
    Explanation
    A proxy firewall protects against cross-site scripting attacks, which are a type of security vulnerability where an attacker injects malicious scripts into trusted websites. These scripts can then be executed by unsuspecting users, leading to unauthorized access, data theft, or other malicious activities. By acting as an intermediary between clients and servers, a proxy firewall can inspect and filter incoming web traffic, identifying and blocking any attempts to exploit cross-site scripting vulnerabilities. This helps to prevent attackers from compromising websites and compromising user data.

    Rate this question:

  • 26. 

    What is a benefit of a web application firewall?

    • A. 

      It blocks known vulnerabilities without patching applications

    • B. 

      It simplifies troubleshooting

    • C. 

      It accelerates web traffic.

    • D. 

      It supports all networking protocols

    Correct Answer
    A. It blocks known vulnerabilities without patching applications
    Explanation
    A web application firewall provides a benefit by blocking known vulnerabilities without requiring the patching of applications. This means that even if there are vulnerabilities in the applications being used, the web application firewall can still prevent attacks and unauthorized access. This is advantageous as it adds an extra layer of security and reduces the risk of exploitation.

    Rate this question:

  • 27. 

    Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attacks?

    • A. 

      Contextual analysis

    • B. 

      Holistic understanding of threats

    • C. 

      Graymail management and filtering

    • D. 

      Signature-based IPS

    Correct Answer
    A. Contextual analysis
    Explanation
    Contextual analysis is the feature of the Cisco Email Security Appliance that can mitigate the impact of snowshoe spam and sophisticated phishing attacks. Contextual analysis involves examining the content, context, and behavior of emails to determine if they are legitimate or malicious. By analyzing various factors such as the sender's reputation, email content, and attachment behavior, the appliance can identify and block suspicious emails, reducing the risk of snowshoe spam and sophisticated phishing attacks. This feature provides a more advanced and comprehensive approach to email security compared to traditional signature-based IPS or graymail management and filtering.

    Rate this question:

  • 28. 

    What do you use when you have a network object or group and want to use an IP address?

    • A. 

      Static NAT

    • B. 

      Dynamic NAT

    • C. 

      Identity NAT

    • D. 

      Static PAT

    Correct Answer
    B. Dynamic NAT
    Explanation
    Dynamic NAT is used when you have a network object or group and want to use an IP address. Dynamic NAT allows multiple private IP addresses to be translated to a smaller pool of public IP addresses. This allows for more efficient use of IP addresses and allows multiple devices to share a limited number of public IP addresses.

    Rate this question:

  • 29. 

    Which three statements are characteristics of DHCP Spoofing? (choose three)

    • A. 

      Arp Poisoning

    • B. 

      Modify Traffic in transit

    • C. 

      Used to perform man-in-the-middle attack

    • D. 

      Protect the identity of the attacker by masking the DHCP address

    • E. 

      Can access most network devices

    • F. 

      Physically modify the network gateway

    Correct Answer(s)
    A. Arp Poisoning
    B. Modify Traffic in transit
    C. Used to perform man-in-the-middle attack
    Explanation
    DHCP Spoofing is a technique used to perform a man-in-the-middle attack. It involves ARP poisoning, where the attacker modifies the ARP tables of the target devices to redirect their traffic through the attacker's machine. This allows the attacker to modify the traffic in transit, potentially intercepting sensitive information. By masking the DHCP address, the attacker can protect their identity. However, DHCP spoofing does not grant the attacker access to most network devices, nor does it require physically modifying the network gateway.

    Rate this question:

  • 30. 

    Which feature allow from dynamic NAT pool to choose next IP address and not a port on a used IP address?

    • A. 

      Next IP

    • B. 

      Round robin

    • C. 

      Dynamic rotation

    • D. 

      Dynamic PAT rotation

    Correct Answer
    B. Round robin
    Explanation
    The feature that allows the dynamic NAT pool to choose the next IP address instead of a port on a used IP address is round robin. In round robin, the NAT pool assigns IP addresses in sequential order, ensuring that each IP address is used before repeating the cycle. This allows for efficient utilization of IP addresses without the need for port-based selection.

    Rate this question:

  • 31. 

    Which NAT option is executed first during in case of multiple nat translations?

    • A. 

      Dynamic nat with shortest prefix

    • B. 

      Dynamic nat with longest prefix

    • C. 

      Static nat with shortest prefix

    • D. 

      Static nat with longest pre

    Correct Answer
    D. Static nat with longest pre
    Explanation
    Static NAT with longest prefix is executed first during multiple NAT translations. This means that when there are multiple translations available, the system will prioritize the static NAT translation with the longest prefix match. This allows for more specific mappings to be applied before more general ones, ensuring that the correct translation is chosen for a given packet.

    Rate this question:

  • 32. 

    If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?

    • A. 

      STP BPDU guard

    • B. 

      Loop guard

    • C. 

      STP Root guard

    • D. 

      EtherChannel guard

    Correct Answer
    A. STP BPDU guard
    Explanation
    The correct answer is STP BPDU guard. This mechanism is used to prevent the receipt of superior BPDUs on a switch port. When a superior BPDU is received, the switch port is immediately put into a blocked state to avoid any potential loops in the network. This feature is commonly used to protect against misconfigurations or unauthorized switches being connected to the network.

    Rate this question:

  • 33. 

    What are two effects of the given command? (Choose two.)

    • A. 

      It configures authentication to use AES 256

    • B. 

      It configures authentication to use MD5 HMAC

    • C. 

      . It configures authorization use AES 256

    • D. 

      It configures encryption to use MD5 HMAC

    • E. 

      It configures encryption to use AES 256

    Correct Answer(s)
    B. It configures authentication to use MD5 HMAC
    E. It configures encryption to use AES 256
    Explanation
    The given command configures authentication to use MD5 HMAC, which is a type of cryptographic hash function that provides message integrity and authentication. It also configures encryption to use AES 256, which is a symmetric encryption algorithm that provides confidentiality and data protection.

    Rate this question:

  • 34. 

    Which feature allows a dynamic PAT pool to select the next address in the PAT pool instead of the next port of an existing address?

    • A. 

      Next IP

    • B. 

      Round robin

    • C. 

      Dynamic rotation

    • D. 

      NAT address rotation

    Correct Answer
    B. Round robin
    Explanation
    Round robin is a feature that allows a dynamic PAT pool to select the next address in the pool instead of the next port of an existing address. This means that instead of using the next available port on the same address, the PAT pool will cycle through the available addresses in a circular manner, distributing the traffic evenly among them. This helps to balance the load and prevent overutilization of a single address in the pool.

    Rate this question:

  • 35. 

    Which 2 NAT type allows only objects or groups to reference an IP address?

    • A. 

      Dynamic NAT

    • B. 

      Dynamic PAT

    • C. 

      Static NAT

    • D. 

      Identity NAT

    Correct Answer(s)
    A. Dynamic NAT
    C. Static NAT
    Explanation
    Dynamic NAT and static NAT are the two NAT types that allow only objects or groups to reference an IP address. Dynamic NAT is a type of NAT where a pool of public IP addresses is used to translate private IP addresses. It allows multiple private IP addresses to share a smaller pool of public IP addresses. Static NAT, on the other hand, is a one-to-one mapping of private IP addresses to public IP addresses. It allows specific private IP addresses to be permanently associated with specific public IP addresses. Both of these NAT types restrict access to the IP address by allowing only objects or groups to reference them.

    Rate this question:

  • 36. 

    Which security term refers to a person, property, or data of value to a company?

    • A. 

      Risk

    • B. 

      Asset

    • C. 

      Threat prevention

    • D. 

      Mitigation technique

    Correct Answer
    A. Risk
    Explanation
    The term "risk" refers to a potential harm or loss that could occur to a person, property, or data of value to a company. It involves the possibility of negative consequences and the likelihood of those consequences happening. In the context of security, identifying and managing risks is crucial to protect assets and ensure the safety and integrity of valuable resources.

    Rate this question:

  • 37. 

    What’s the technology that you can use to prevent non malicious program to run in the computer that is disconnected from the network?

    • A. 

      Firewall

    • B. 

      Software Antivirus

    • C. 

      Network IPS

    • D. 

      Host IPS

    Correct Answer
    D. Host IPS
    Explanation
    Host IPS (Intrusion Prevention System) is a technology that can be used to prevent non-malicious programs from running on a computer that is disconnected from the network. It monitors the activities and behavior of programs running on the host computer, and if it detects any suspicious or unauthorized behavior, it blocks or prevents those programs from executing. This helps to protect the computer from potential threats or malicious activities even when it is not connected to the network.

    Rate this question:

  • 38. 

    What command could you implement in the firewall to conceal internal IP address?

    • A. 

      No source-route

    • B. 

      No cdp run

    • C. 

      No broadcast...

    • D. 

      No proxy-arp

    Correct Answer
    D. No proxy-arp
    Explanation
    The "no proxy-arp" command can be implemented in the firewall to conceal internal IP addresses. Proxy ARP is a technique used by routers to respond to ARP requests on behalf of other devices. By disabling proxy ARP with the "no proxy-arp" command, the firewall will not respond to ARP requests for internal IP addresses, effectively concealing them from external networks. This helps to enhance network security by preventing potential attackers from gathering information about the internal network topology.

    Rate this question:

  • 39. 

    Which statement about college campus is true?

    • A. 

      College campus has geographical position

    • B. 

      College campus Hasn`t got internet access

    • C. 

      College campus Has multiple subdomains

    • D. 

      College campus Has very beautiful gir

    Correct Answer
    A. College campus has geographical position
    Explanation
    The statement "College campus has geographical position" is true because a college campus is a physical location that exists in a specific geographic area. It can be identified by its coordinates on a map and can be located within a city, town, or rural area. The geographical position of a college campus is important for various purposes such as navigation, transportation, and understanding its surroundings.

    Rate this question:

  • 40. 

    Which firepower preprocessor block traffic based on IP?

    • A. 

      Signature-Based

    • B. 

      Policy-Based

    • C. 

      Anomaly-Based

    • D. 

      Reputation-Based

    Correct Answer
    D. Reputation-Based
    Explanation
    The Reputation-Based firepower preprocessor is designed to block traffic based on the IP address. It evaluates the reputation of the source IP address and determines whether it is trustworthy or not. This preprocessor uses reputation data to make decisions about allowing or blocking traffic from specific IP addresses. It helps to identify and block traffic from known malicious sources, improving the overall security of the network.

    Rate this question:

  • 41. 

    Which Sourcefire event action should you choose if you want to block only malicious traffic from a particular end user?

    • A. 

      Allow with inspection

    • B. 

      Allow without inspection

    • C. 

      Block

    • D. 

      Trust

    • E. 

      Monitor

    Correct Answer
    A. Allow with inspection
    Explanation
    Choosing the "Allow with inspection" event action allows you to inspect the traffic from a particular end user while still allowing it to pass through. This means that the traffic will be analyzed for any malicious content or behavior, and if any is detected, appropriate actions can be taken to block or mitigate the threat. This option provides a balance between allowing legitimate traffic and ensuring that any malicious activity is detected and dealt with effectively.

    Rate this question:

  • 42. 

    Which command do you enter to enable authentication for OSPF on an interface?

    • A. 

      Router(config-if)#ip ospf message-digest-key 1 md5 CISCOPASS

    • B. 

      Router(config-router)#area 0 authentication message-digest

    • C. 

      Router(config-router)#ip ospf authentication-key CISCOPASS

    • D. 

      Router(config-if)#ip ospf authentication message-digest

    Correct Answer
    A. Router(config-if)#ip ospf message-digest-key 1 md5 CISCOPASS
    Explanation
    To enable authentication for OSPF on an interface, the correct command to enter is "router(config-if)#ip ospf message-digest-key 1 md5 CISCOPASS". This command configures OSPF to use message digest authentication on the specified interface with a key ID of 1 and a password of "CISCOPASS" using the MD5 algorithm.

    Rate this question:

  • 43. 

    Which term best describes the concept of preventing the modification of data in transit and in storage?

    • A. 

      Confidentiality

    • B. 

      Integrity

    • C. 

      Availability

    • D. 

      Fidelity

    Correct Answer
    B. Integrity
    Explanation
    Integrity is the best term to describe the concept of preventing the modification of data in transit and in storage. This concept ensures that data remains accurate, consistent, and unaltered throughout its lifecycle. It involves implementing measures such as encryption, digital signatures, and access controls to protect data from unauthorized modifications or tampering. By maintaining data integrity, organizations can trust the reliability and authenticity of their data, ensuring its accuracy and preventing any unauthorized changes.

    Rate this question:

  • 44. 

    Which command help user1 to use enable,disable,exit&etc commands?

    • A. 

      Catalyst1(config)#username user1 privilege 0 secret us1pass

    • B. 

      Catalyst1(config)#username user1 privilege 1 secret us1pass

    • C. 

      Catalyst1(config)#username user1 privilege 2 secret us1pass

    • D. 

      Catalyst1(config)#username user1 privilege 5 secret us1pass

    Correct Answer
    A. Catalyst1(config)#username user1 privilege 0 secret us1pass
    Explanation
    The correct answer is "catalyst1(config)#username user1 privilege 0 secret us1pass" because setting the privilege level to 0 allows the user to use basic commands such as enable, disable, and exit. Higher privilege levels (1, 2, and 5) provide additional commands and capabilities, but for the given question, privilege level 0 is sufficient.

    Rate this question:

  • 45. 

    In which configuration mode do you configure the ip ospf authentication-key 1 command?

    • A. 

      Interface

    • B. 

      Routing process

    • C. 

      Global

    • D. 

      Privileged

    Correct Answer
    A. Interface
    Explanation
    In the interface configuration mode, you can configure the "ip ospf authentication-key 1" command. This command is used to set the authentication key for OSPF on a specific interface. By configuring this command in the interface mode, you can specify the authentication key for OSPF on a particular interface, ensuring secure communication between OSPF routers.

    Rate this question:

  • 46. 

    Which line in the following OSPF configuration will not be required for MD5 authentication to work? interface GigabitEthernet0/1 ip address 192.168.10.1 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 CCNA ! router ospf 65000 router-id 192.168.10.1 area 20 authentication message-digest network 10.1.1.0 0.0.0.255 area 10 network 192.168.10.0 0.0.0.255 area 0 !

    • A. 

      Ip ospf authentication message-digest

    • B. 

      Network 192.168.10.0 0.0.0.255 area 0

    • C. 

      Area 20 authentication message-digest

    • D. 

      Ip ospf message-digest-key 1 md5 CCNA

    Correct Answer
    C. Area 20 authentication message-digest
    Explanation
    The line "area 20 authentication message-digest" will not be required for MD5 authentication to work. This is because MD5 authentication is configured at the interface level using the "ip ospf authentication message-digest" command, not at the area level. Therefore, the "area 20 authentication message-digest" line is unnecessary for MD5 authentication to function properly.

    Rate this question:

  • 47. 

    Which of the following pairs of statements is true in terms of configuring MD authentication?

    • A. 

      Interface statements (OSPF, EIGRP) must be configured; use of key chain in OSPF

    • B. 

      Router process (OSPF, EIGRP) must be configured; key chain in EIGRP

    • C. 

      Router process (only for OSPF) must be configured; key chain in EIGRP

    • D. 

      Router process (only for OSPF) must be configured; key chain in OSPF

    Correct Answer
    C. Router process (only for OSPF) must be configured; key chain in EIGRP
    Explanation
    The correct answer is "Router process (only for OSPF) must be configured; key chain in EIGRP." This means that when configuring MD authentication, the router process for OSPF must be configured, while the key chain should be configured for EIGRP.

    Rate this question:

  • 48. 

    Which two NAT types allows only objects or groups to reference an IP address? (choose two)

    • A. 

      Dynamic NAT

    • B. 

      Dynamic PAT

    • C. 

      Static NAT

    • D. 

      Identity NAT

    Correct Answer(s)
    A. Dynamic NAT
    C. Static NAT
    Explanation
    Dynamic NAT and Static NAT both allow only objects or groups to reference an IP address. In Dynamic NAT, a pool of public IP addresses is configured and dynamically assigned to internal private IP addresses. This allows multiple internal devices to share a limited number of public IP addresses. In Static NAT, a one-to-one mapping is created between an internal private IP address and a specific public IP address, allowing for a direct and fixed translation. Both types restrict the referencing of IP addresses to specific objects or groups, providing control and security.

    Rate this question:

  • 49. 

    What port option in a PVLAN that can communicate with every other port?

    • A. 

      Promiscuous ports

    • B. 

      Community ports

    • C. 

      Ethernet ports

    • D. 

      Isolate ports

    Correct Answer
    A. Promiscuous ports
    Explanation
    Promiscuous ports in a PVLAN can communicate with every other port. In a PVLAN, there are three types of ports: promiscuous, community, and isolated. Promiscuous ports can communicate with all other ports within the PVLAN, including community and isolated ports. Community ports can communicate with other community ports and promiscuous ports, while isolated ports can only communicate with promiscuous ports. Therefore, the correct answer is promiscuous ports.

    Rate this question:

  • 50. 

    Which are two valid TCP connection states (pick 2) is the gist of the question.

    • A. 

      SYN-RCVD

    • B. 

      Closed

    • C. 

      SYN-WAIT

    • D. 

      RCVD

    • E. 

      SENT

    Correct Answer(s)
    A. SYN-RCVD
    B. Closed
    Explanation
    The correct answer is SYN-RCVD and Closed. SYN-RCVD is a valid TCP connection state that occurs when a TCP connection request has been received and acknowledged by the server. Closed is also a valid state that indicates that the TCP connection has been terminated or has not been established yet.

    Rate this question:

Back to Top Back to top
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.