cisco ccna security exam

CCNA Security, Final Exam

  1.     What will be disabled as a result of the no service password-recovery command ?
  • aaa new-model global configuration command.
  • change to the configuration register.
  • password encryption service.
     ability to access ROMmon.
  1.     What occurs after RSA keys are generated on a Cisco router to prepare for secure device management?
  • All vty ports are automatically configured for SSH to provide secure management.
  • The general-purpose key size must be specified for authentication with the crypto key generate rsa general-keys mo command.
  • The keys must be zeroized to reset secure shell before configuring other parameters.
    – The generated keys can be used by SSH. Read more about CCNA Security, Final Exam
cisco ccna security exam

CCNA Security, chapter 9 Exam

Questions and answers above 90% correct.

  1.     Which three statements describe ethics in network security? (Choose three.)
  • principles put into action in place of laws
  • foundations for current laws
    set of moral principles that govern civil behavior
    standard that is higher than the law
  • set of regulations established by the judiciary system
  • set of legal standards that specify enforceable actions when the law is broken
  1.     Which component of the security policy lists specific websites, newsgroups, or bandwidth-intensive applications that are not allowed on the company network?
cisco ccna security exam

CCNA Security, chapter 8 Exam

Questions and answers above 90% correct.
  1. What are two benefits of an SSL VPN? (Choose two.)
  • It supports all client/server applications.
  • It supports the same level of cryptographic security as an IPsec VPN.
    It has the option of only requiring an SSL-enabled web browser.
  • The thin client mode functions without requiring any downloads or software.
    It is compatible with DMVPNs, Cisco IOS Firewall, IPsec, IPS, Cisco Easy VPN, and NAT.
  1. When verifying IPsec configurations, which show command displays the encryption algorithm, hash algorithm, authentication method, and Diffie-Hellman group configured, as well as default settings?
cisco ccna security exam

CCNA Security, chapter 7 Exam

Questions and answers above 90% correct.
  1.     Which symmetrical encryption algorithm is the most difficult to crack?
    –  3DES
    AES
    -DES
    -RSA
    -SHA
  2.     What is the basic method used by 3DES to encrypt plaintext?
    -The data is encrypted three times with three different keys.
    The data is encrypted, decrypted, and encrypted using three different keys.
    -The data is divided into three blocks of equal length for encryption.
    -The data is encrypted using a key length that is three times longer than the key used for DES. Read more about CCNA Security, chapter 7 Exam

cisco ccna security exam

CCNA Security, chapter 6 Exam

Questions and answers above 90% correct.
  1.     Which two measures are recommended to mitigate VLAN hopping attacks? (Choose two.)
    –  Use a dedicated native VLAN for all trunk ports.
    Place all unused ports in a separate guest VLAN.
    Disable trunk negotiation on all ports connecting to workstations.
    Enable DTP on all trunk ports.
    Ensure that the native VLAN is used for management traffic.
  2.     As a recommended practice for Layer 2 security, how should VLAN 1 be treated?
    All access ports should be assigned to VLAN 1.
    All trunk ports should be assigned to VLAN 1.
    VLAN 1 should be used for management traffic.
    VLAN 1 should not be used. Read more about CCNA Security, chapter 6 Exam

cisco ccna security exam

CCNA Security, chapter 5 Exam

Questions and answers above 90% correct.
  1.     An IPS sensor has detected the string confidential across multiple packets in a TCP session. Which type of signature trigger and signature type does this describe?

–  Trigger: Anomaly-based detection
Type: Atomic signature

-Trigger: Anomaly-based detection
Type: Composite signature

-Trigger: Pattern-based detection
Type: Atomic signature

Trigger: Pattern-based detection
Type: Composite signature

-Trigger: Policy-based detection
Type: Atomic signature

-Trigger: Policy-based detection
Type: Composite signature

  1.     A network administrator tunes a signature to detect abnormal activity that might be malicious and likely to be an immediate threat. What is the perceived severity of the signature?

-high
medium
-low
-informational Read more about CCNA Security, chapter 5 Exam

cisco ccna security exam

CCNA Security, chapter 4 Exam

Questions and answers above 90% correct.
  1.     Which statement accurately describes Cisco IOS zone-based policy firewall operation?

The pass action works in only one direction.
– A router interface can belong to multiple zones.
– Service policies are applied in interface configuration mode.
– Router management interfaces must be manually assigned to the self zone.

  1.     Which location is recommended for extended numbered or extended named ACLs?

– a location as close to the destination of traffic as possible
a location as close to the source of traffic as possible
– a location centered between traffic destinations and sources to filter as much traffic as possible
– if using the established keyword, a location close to the destination to ensure that return traffic is allowed Read more about CCNA Security, chapter 4 Exam

cisco ccna security exam

CCNA Security, chapter 3 Exam

Questions and answers above 90% correct.
  1.     Why is local database authentication preferred over a password-only login?

– It specifies a different password for each line or port.
It provides for authentication and accountability.
– It requires a login and password combination on console, vty lines, and aux ports.
– It is more efficient for users who only need to enter a password to gain entry to a device.

  1.     What is a characteristic of AAA?
    Authorization can only be implemented after a user is authenticated.

– Accounting services are implemented prior to authenticating a user.
– Accounting services determine which resources the user can access and which operations the user is allowed to perform.
– Authorization records what the user does, including what is accessed, the amount of time the resource is accessed, and any changes that were made. Read more about CCNA Security, chapter 3 Exam

cisco ccna security exam

CCNA Security, chapter 2 Exam

Questions and answers above 90% correct.
  1.    ccna_exam_chapter_2_soal1
    Refer to the exhibit. What two pieces of information can be gathered from the generated message? (Choose two.)
    This message is a level five notification message.

– This message appeared because a minor error occurred requiring further investigation.
– This message appeared because a major error occurred requiring immediate action.
This message indicates that service timestamps have been globally enabled.
– This message indicates that enhanced security was configured on the vty ports.

  1.     By default, how many seconds of delay between virtual login attempts is invoked when the login block-for command is configured?
    one

– two
– three
– four
– five Read more about CCNA Security, chapter 2 Exam

cisco ccna security exam

CCNA Security, chapter 1 Exam.

Questions and answers above 90% correct. 1.     What are the basic phases of attack that can be used by a virus or worm in sequential order? – paralyze, probe, penetrate, persist, and propagate – probe, penetrate, persist, propagate, and paralyze – penetrate, persist, propagate, paralyze, and probe – persist, propagate, paralyze, probe, and penetrate […]