CISCO CCNA Security Test

50 Questions | Total Attempts: 1115

SettingsSettingsSettings
CISCO CCNA Security Test

.


Questions and Answers
  • 1. 
    Which VPN component ensures that data cannot be read while in transit?Select one:
    • A. 

      Key exchange

    • B. 

      Authentication

    • C. 

      Encryption

    • D. 

      Data integrity

  • 2. 
    Which two places are valid logging destinations?Select one:
    • A. 

      Syslog Server, NVRAM

    • B. 

      Syslog Server, FTP Server

    • C. 

      NVRAM, FTP Server

    • D. 

      Secure Web Server, FTP Server

  • 3. 
    Review the following code snippet:      aaa new-model      aaa authentication login default group tacacs+ enable      tacacs-server host 192.168.1.20      tacacs-server key [email protected]@[email protected]!What is the password the TACACS server must use to establish a valid connection to the router?Select one:
    • A. 

      Not enough information is provided.

    • B. 
    • C. 

      No password is required with TACACS

    • D. 

      The password is configured using the username command and is not shown in this configuration.

  • 4. 
    Which plane is used to access, configure and manage a router?Select one:
    • A. 

      Data plane

    • B. 

      Network plane

    • C. 

      Management plane

    • D. 

      Control plane

  • 5. 
    Which option will disable the Daytime service on a Cisco router?Select one:
    • A. 

      R1>no service daytime

    • B. 

      R1(config)#no service udp-small-servers

    • C. 

      R1(config)#no service daytime

    • D. 

      R1(config)#no service tcp-small-servers

  • 6. 
    Which of the following IP addresses are considered private?  Choose all correct answers.Select one or more:
    • A. 

      10.10.30.1

    • B. 

      203.193.193.222

    • C. 

      172.32.254.1

    • D. 

      192.167.23.11

  • 7. 
    Which of the following is NOT considered best security practice when hardening Cisco IOS devices?Select one:
    • A. 

      Use SSH only for remote management

    • B. 

      Use SNMP v1 for management

    • C. 

      Shutdown unused ports

    • D. 

      Disable CDP

  • 8. 
    In a security context what does CIA stand for?Select one:
    • A. 

      Central Intelligence Agency

    • B. 

      Confidentiality, Integrity, Avoidance

    • C. 

      Confidentiality, Integrity, Availability

    • D. 

      Contextual Internet Availability

  • 9. 
    What would be the end result if the management plane of your router was compromised?Select one:
    • A. 

      SNMP traps would not be received by the syslog server.

    • B. 

      All management access to the router would be lost.

    • C. 

      Packets would be dropped at increasing rates until the memory buffers overflowed.

    • D. 

      CPU cycles would be wasted.

  • 10. 
    Review the following code snippet and answer the statement at the bottom:            line aux 0             transport input none             transport output none             no exec            exec-timeout 0 1            no passwordThis code will result in the console port being disabled.Select one:
    • A. 

      True

    • B. 

      False

  • 11. 
    Consider the following code and answer the question below:interface ethernet 0ip access-group no_web outip access-list extended no_webdeny host 172.20.3.85 any eq httpdeny host 172.20.3.13 any eq httppermit 172.20.0.0 0.0.255.255 any eq httpIn what direction is the access-list applied?Select one:
    • A. 

      Inbound on ethernet 0

    • B. 

      Outbound on ethernet 0

    • C. 

      Outbound on ethernet 1

    • D. 

      Direction is not specified

  • 12. 
    Consider the following code and answer the question below:ip access-list extended no_webdeny host 172.20.3.85 any eq httpdeny host 172.20.3.13 any eq httppermit 172.20.0.0 0.0.255.255 any eq httpHow would you modify the bolded code to deny all hosts on the subnet 172.20.4.0 from accessing via secure web?Select one:
    • A. 

      Deny 172.20.4.0 0.0.0.255 any eq http

    • B. 

      Deny 172.20.4.0 0.0.0.255 any eq secure

    • C. 

      Deny 172.20.4.0 0.0.0.255 any eq https

    • D. 

      Deny 172.20.4.0 0.0.0.255 any eq ssh

  • 13. 
    Which one of the following wildcard masks will match exactly all hosts on the 172.16.0.0/24 and 172.16.1.0/24 subnets?Select one:
    • A. 

      0.0.0.255

    • B. 

      0.0.3.255

    • C. 

      0.0.1.255

    • D. 

      0.0.16.255

  • 14. 
    What type of access list allows IP packets to be filtered based on upper-layer session information?Select one:
    • A. 

      Standard

    • B. 

      Extended

    • C. 

      Reflexive

    • D. 

      Dynamic

  • 15. 
    What is another name for Lock & Key access lists?Select one:
    • A. 

      Dynamic Access List

    • B. 

      Standard Access List

    • C. 

      Reflexive Access List

    • D. 

      Time-Based Access List

  • 16. 
    Which of the following answers describes CBAC?Select one:
    • A. 

      A feature of firewall software which intelligently filters TCP and UDP packets based on application layer protocol session information.

    • B. 

      A feature of router software that detects abnormal traffic patterns.

    • C. 

      A feature of router software that controls authentication processes on the local router.

    • D. 

      A feature of router software that blocks traffic based on specific patterns of behavior.

  • 17. 
    Which item represents the standard IP ACL?Select one:
    • A. 

      Access-list 50 deny 192.168.1.1 0.0.0.255

    • B. 

      Access-list 110 permit ip any any

    • C. 

      Access-list 2500 deny tcp any host 192.168.1.1 eq 22

    • D. 

      Access-list 101 deny tcp any host 192.168.1.1

  • 18. 
    A network administrator is configuring ACLs on a Cisco router, to allow traffic from hosts on networks 172.17.146.0, 172.17.147.0, 172.17.148.0, and 172.17.149.0 only. Which two ACL statements, when combined, would you use to accomplish this task? (Choose two)Select one or more:
    • A. 

      Access-list 10 permit ip 172.17.146.0 0.0.1.255

    • B. 

      Access-list 10 permit ip 172.17.147.0 0.0.255.255

    • C. 

      Access-list 10 permit ip 172.17.148.0 0.0.1.255

    • D. 

      Access-list 10 permit ip 172.17.149.0 0.0.255.255

    • E. 

      Access-list 10 permit ip 172.17.146.0 0.0.0.255

    • F. 

      Access-list 10 permit ip 172.17.146.0 255.255.255.0

  • 19. 
    Which statement about access lists that are applied to an interface is true?Select one:
    • A. 

      You can apply only one access list on any interface

    • B. 

      You can configure one access list, per direction, per layer 3 protocol

    • C. 

      You can place as many access lists as you want on any interface

    • D. 

      You can configure one access list, per direction, per layer 2 protocol

  • 20. 
    You want to allow a temporary entry for a remote user with a specific username and password so that the user can access the entire network over the internet. Which ACL can be used?Select one:
    • A. 

      Reflexive

    • B. 

      Extended

    • C. 

      Standard

    • D. 

      Dynamic

  • 21. 
    What is the first step you should take when trying to secure your network?Select one:
    • A. 

      Install a firewall

    • B. 

      Install an IPS

    • C. 

      Update servers and PCs with the latest patches & AV signatures

    • D. 

      Develop a security policy

  • 22. 
    Which of the following is enabled when RSA keys are generated? Select one:
    • A. 

      The password encryptions service

    • B. 

      Telnet access with the password "password

    • C. 

      SSL

    • D. 

      SSH

  • 23. 
    If you're using an extended ACL to block traffic to a server located on the remote side of your WAN, where should you place the ACL?  Choose the two best answers.Select one or more:
    • A. 

      Remote side of the WAN

    • B. 

      As close to the source as possible

    • C. 

      On the local side of the WAN

    • D. 

      As close to the destination as possible

  • 24. 
    Which technology dynamically builds a table for the purpose of permitting thereturn traffic from an outside server, back to the client, in spite of a default securitypolicy that says no traffic is allowed to initiate from the outside networks?Select one:
    • A. 

      Proxy

    • B. 

      NAT

    • C. 

      Packet filtering

    • D. 

      Stateful filtering

  • 25. 
    What term refers to the internal IP address of a client using NAT as seen from other devices on the same internal network as the client?Select one:
    • A. 

      Inside local

    • B. 

      Inside global

    • C. 

      Outside local

    • D. 

      Outside global

Related Topics
Back to Top Back to top