CISCO CCNA Security Test

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Achmad Sagaf
A
Achmad Sagaf
Community Contributor
Quizzes Created: 3 | Total Attempts: 19,997
| Attempts: 2,654 | Questions: 50
Please wait...
Question 1 / 50
0 %
0/100
Score 0/100
1. In a security context what does CIA stand for? Select one:

Explanation

The correct answer is: Confidentiality, Integrity, Availabilit

Submit
Please wait...
About This Quiz
CISCO CCNA Security Test - Quiz

This Cisco CCNA Security Test assesses knowledge on network security concepts, focusing on VPNs, logging, TACACS server configurations, and router management. It ensures readiness for managing Cisco network... see moresecurity effectively. see less

2. What is the term for tricking a user into revealing sensitive or confidential information, including information about user credentials? Select one:

Explanation

The correct answer is: Social engineering

Submit
3. Which one of the following follows best practices for a secure password? Select one:

Explanation

The correct answer is: SlE3peR1#

Submit
4. Which type of VPN technology is likely to be used in a site-to-site VPN? Select one:

Explanation

The correct answer is: IPsec

Submit
5. Which device can analyze network traffic in real time, generate alerts, and even prevent the first malicious packet from entering the network? Select one:

Explanation

The correct answer is: IPS

Submit
6. Which method should you implement when it is not acceptable for an attack to reach its intended victim? Select one:

Explanation

The correct answer is: IPS

Submit
7. Review the following code snippet:       aaa new-model       aaa authentication login default group tacacs+ enable       tacacs-server host 192.168.1.20       tacacs-server key T@C@c$P@ssW0rd! What is the password the TACACS server must use to establish a valid connection to the router? Select one:

Explanation

The correct answer is: The password is - T@C@c$P@ssW0rd!

Submit
8. Which VPN component ensures that data cannot be read while in transit?Select one:

Explanation

The correct answer is: encryption

Submit
9. Which of the following IP addresses are considered private?  Choose all correct answers. Select one or more:

Explanation

The correct answer is: 10.10.30.1

Submit
10. Why is the public key in a typical public-private key pair referred to as public? Select one:

Explanation

The correct answer is: Because it is shared publicly.

Submit
11. Which plane is used to access, configure and manage a router? Select one:

Explanation

The correct answer is: Management plane

Submit
12. What element in a VPN provides the Privacy? Select one:

Explanation

The correct answer is: Confidentiality

Submit
13. What term refers to the internal IP address of a client using NAT as seen from other devices on the same internal network as the client? Select one:

Explanation

The correct answer is: Inside local

Submit
14. Why is it that the return traffic, from previously inspected sessions, is allowed back to the user, in spite of not having a zone pair explicitly configured that matches on the return traffic? Select one:

Explanation

The correct answer is: Stateful entries (from the initial flow) are matched, which dynamically allows return traffic.

Submit
15. Which of the following is NOT considered best security practice when hardening Cisco IOS devices? Select one:

Explanation

The correct answer is: Use SNMP v1 for management

Submit
16. Which of the following answers describes CBAC? Select one:

Explanation

The correct answer is: A feature of firewall software which intelligently filters TCP and UDP packets based on application layer protocol session information.

Submit
17. Which item represents the standard IP ACL? Select one:

Explanation

The correct answer is: access-list 50 deny 192.168.1.1 0.0.0.255

Submit
18. Which of the following is enabled when RSA keys are generated?  Select one:

Explanation

The correct answer is: SSH

Submit
19. What would be the end result if the management plane of your router was compromised? Select one:

Explanation

The correct answer is: All management access to the router would be lost.

Submit
20. Review the following code snippet and answer the statement at the bottom:             line aux 0              transport input none              transport output none              no exec             exec-timeout 0 1             no password This code will result in the console port being disabled. Select one:

Explanation

This code will disabled the AUX port not the console port
The correct answer is 'False'.

Submit
21. What happens when an access list has 100 lines and a match occurs on line 14? Select one:

Explanation

The correct answer is: The ACL acts on the packet, and no further list processing is done for that packet.

Submit
22. Consider the following code and answer the question below: ip access-list extended no_webdeny host 172.20.3.85 any eq httpdeny host 172.20.3.13 any eq httppermit 172.20.0.0 0.0.255.255 any eq http How would you modify the bolded code to deny all hosts on the subnet 172.20.4.0 from accessing via secure web? Select one:

Explanation

The correct answer is: deny 172.20.4.0 0.0.0.255 any eq https

Submit
23. Which method of IPS uses a baseline of normal network behaviour and looks for deviations from that baseline? Select one:

Explanation

The correct answer is: Anomaly-based IPS

Submit
24. Which of the following is not a best practice to protect the management plane? (Choose all that apply.) Select one or more:

Explanation

The correct answer is: HTTP, Telnet

Submit
25. Consider the following code and answer the question below: interface ethernet 0ip access-group no_web outip access-list extended no_webdeny host 172.20.3.85 any eq httpdeny host 172.20.3.13 any eq httppermit 172.20.0.0 0.0.255.255 any eq http In what direction is the access-list applied? Select one:

Explanation

The correct answer is: Outbound on ethernet 0

Submit
26. Which one of the following wildcard masks will match exactly all hosts on the 172.16.0.0/24 and 172.16.1.0/24 subnets? Select one:

Explanation

The correct answer is: 0.0.1.255

Submit
27. Which statement about access lists that are applied to an interface is true? Select one:

Explanation

The correct answer is: you can configure one access list, per direction, per layer 3 protocol

Submit
28. If interface number 1 is in zone A, and interface number 2 is in zone B, and there is no policy or service commands applied yet to the configuration, what is the status of transit traffic that is being routed between these two interfaces? Select one:

Explanation

The correct answer is: Denied

Submit
29. What is the default policy between an administratively created zone and the self zone? Select one:

Explanation

The correct answer is: Permit

Submit
30. How does IPS have the ability to prevent an ICMP-based attack from reaching the intended victim? Select one:

Explanation

The correct answer is: The IPS is inline with the traffic.

Submit
31. You want to allow a temporary entry for a remote user with a specific username and password so that the user can access the entire network over the internet. Which ACL can be used? Select one:

Explanation

The correct answer is: dynamic

Submit
32. What is the first step you should take when trying to secure your network? Select one:

Explanation

The correct answer is: Develop a security policy

Submit
33. Which two places are valid logging destinations?Select one:

Explanation

The correct answer is: Syslog Server, NVRAM

Submit
34. Because of how a router operates, which IPS/IDS mode does it operate in? Select one:

Explanation

The correct answer is: IPS

Submit
35. Which of the following are defense-in-depth approaches? (Choose all that apply.) Select one or more:

Explanation

The correct answer is: Performing filtering at the router and the firewall, Requiring authentication for the administrator to connect

Submit
36. Which technology dynamically builds a table for the purpose of permitting the return traffic from an outside server, back to the client, in spite of a default security policy that says no traffic is allowed to initiate from the outside networks? Select one:

Explanation

The correct answer is: Stateful filtering

Submit
37. How is the negotiation of the IPsec (IKE Phase 2) tunnel done securely? Select one:

Explanation

The correct answer is: Uses the IKE Phase 1 tunnel

Submit
38. What is another name for Lock & Key access lists? Select one:

Explanation

The correct answer is: Dynamic Access List

Submit
39. What type of access list allows IP packets to be filtered based on upper-layer session information? Select one:

Explanation

The correct answer is: Reflexive

Submit
40. Which option will disable the Daytime service on a Cisco router? Select one:

Explanation

The correct answer is: R1(config)#no service tcp-small-servers

Submit
41. Why is it considered a best practice to avoid compiling, enabling, and running all available signatures? (Choose all that apply.) Select one or more:

Explanation

The correct answer is: CPU utilization, Memory utilization

Submit
42. What algorithms in a VPN provide the confidentiality? (Choose all that apply.) Select one or more:

Explanation

The correct answer is: AES, 3DES

Submit
43. Which of the following would cause a VPN tunnel using IPsec to never initialize or work correctly? (Choose all that apply.) Select one or more:

Explanation

The correct answer is: Incompatible IKE Phase 2 transform sets, Incorrect pre-shared keys or missing digital certificates, Incorrect routing

Submit
44. Which of the following is NOT a core security principle?

Explanation

The three core security principles are confidentiality, integrity, and availability (often referred to as the CIA triad). Confidentiality ensures that information is accessible only to authorized individuals. Integrity ensures that information remains accurate and unaltered. Availability ensures that information and resources are accessible to authorized users when needed. Obscurity, while sometimes considered a security measure, is not a core principle and can create a false sense of security.  

Submit
45. How is it possible that a packet with a private Layer 3 destination address is forwarded over the Internet? Select one:

Explanation

The correct answer is: The Internet does not filter private addresses, only some public addresses, based on policy.

Submit
46. A network administrator is configuring ACLs on a Cisco router, to allow traffic from hosts on networks 172.17.146.0, 172.17.147.0, 172.17.148.0, and 172.17.149.0 only. Which two ACL statements, when combined, would you use to accomplish this task? (Choose two)

Explanation

To accomplish the task of allowing traffic from hosts on networks 172.17.146.0, 172.17.147.0, 172.17.148.0, and 172.17.149.0 only, we need to use two ACL statements that cover all these networks while denying all other traffic.

The correct ACL statements to accomplish this task are:

access-list 10 permit ip 172.17.146.0 0.0.1.255

This statement permits traffic from the network 172.17.146.0 with a wildcard mask of 0.0.1.255, covering both the 172.17.146.0 and 172.17.147.0 networks.

access-list 10 permit ip 172.17.148.0 0.0.1.255

This statement permits traffic from the network 172.17.148.0 with a wildcard mask of 0.0.1.255, covering both the 172.17.148.0 and 172.17.149.0 networks.

Combining these two ACL statements will allow traffic from all specified networks while denying traffic from any other networks. Therefore, the correct options are:

access-list 10 permit ip 172.17.146.0 0.0.1.255

access-list 10 permit ip 172.17.148.0 0.0.1.255

Submit
47. Which of the following are examples of tuning a signature? (Choose all that apply.) Select one or more:

Explanation

The correct answer is: Changing the default severity level, Disabling it if it was enabled by default, Changing the default action

Submit
48. How can you implement role-based access control (RBAC)? (Choose all that apply.) Select one or more:

Explanation

The correct answer is: Provide the password for a custom privilege level to users in a given role, Associate user accounts with specific views,

Use AAA to authorize specific users for specific sets of permissions

Submit
49. Which of the following are negotiated during IKE Phase 1? (Choose all that apply.) Select one or more:

Explanation

The correct answer is: Hashing, DH group, Authentication method

Submit
50. If you're using an extended ACL to block traffic to a server located on the remote side of your WAN, where should you place the ACL?  Choose the two best answers. Select one or more:

Explanation

The correct answer is: As close to the source as possible, On the local side of the WAN

Submit
View My Results

Quiz Review Timeline (Updated): Jan 9, 2025 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Jan 09, 2025
    Quiz Edited by
    ProProfs Editorial Team
  • Dec 13, 2014
    Quiz Created by
    Achmad Sagaf
Cancel
  • All
    All (50)
  • Unanswered
    Unanswered ()
  • Answered
    Answered ()
In a security context what does CIA stand for? Select one:
What is the term for tricking a user into revealing sensitive or...
Which one of the following follows best practices for a secure...
Which type of VPN technology is likely to be used in a site-to-site...
Which device can analyze network traffic in real time, generate...
Which method should you implement when it is not acceptable for an...
Review the following code snippet:       aaa...
Which VPN component ensures that data cannot be read while in...
Which of the following IP addresses are considered private? ...
Why is the public key in a typical public-private key pair referred to...
Which plane is used to access, configure and manage a router? Select...
What element in a VPN provides the Privacy? Select one:
What term refers to the internal IP address of a client using NAT as...
Why is it that the return traffic, from previously inspected sessions,...
Which of the following is NOT considered best security practice when...
Which of the following answers describes CBAC? Select one:
Which item represents the standard IP ACL? Select one:
Which of the following is enabled when RSA keys are generated? ...
What would be the end result if the management plane of your router...
Review the following code snippet and answer the statement at the...
What happens when an access list has 100 lines and a match occurs on...
Consider the following code and answer the question below: ip...
Which method of IPS uses a baseline of normal network behaviour and...
Which of the following is not a best practice to protect the...
Consider the following code and answer the question below: interface...
Which one of the following wildcard masks will match exactly all hosts...
Which statement about access lists that are applied to an interface is...
If interface number 1 is in zone A, and interface number 2 is in zone...
What is the default policy between an administratively created zone...
How does IPS have the ability to prevent an ICMP-based attack from...
You want to allow a temporary entry for a remote user with a specific...
What is the first step you should take when trying to secure your...
Which two places are valid logging destinations?Select one:
Because of how a router operates, which IPS/IDS mode does it operate...
Which of the following are defense-in-depth approaches? (Choose all...
Which technology dynamically builds a table for the purpose of...
How is the negotiation of the IPsec (IKE Phase 2) tunnel done...
What is another name for Lock & Key access lists? Select one:
What type of access list allows IP packets to be filtered based on...
Which option will disable the Daytime service on a Cisco router?...
Why is it considered a best practice to avoid compiling, enabling, and...
What algorithms in a VPN provide the confidentiality? (Choose all that...
Which of the following would cause a VPN tunnel using IPsec to never...
Which of the following is NOT a core security principle?
How is it possible that a packet with a private Layer 3 destination...
A network administrator is configuring ACLs on a Cisco router, to...
Which of the following are examples of tuning a signature? (Choose all...
How can you implement role-based access control (RBAC)? (Choose all...
Which of the following are negotiated during IKE Phase 1? (Choose all...
If you're using an extended ACL to block traffic to a server...
Alert!

Advertisement