Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Docsity AI
Docsity AI
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search for your university

Find the specific documents for your university's exams

Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

CCNA Security Exam With Questions And Answers, Exams of Computer Science

Harvard UniversityComputer Science

Which two services define cloud networks Correct Answer: Infrastructure as a Service and Platform as a Service In which two situations should you use out-of-band management Correct Answer: when a network device fails to forward packets and when you require ROMMON access In which three ways does the TACACS protocol differ from RADIUS Correct Answer: TACACS uses TCP to communicate with the NAS, TACACS can encrypt the entire packet that is sent to the NAS and TACACS supports per-command authorization. According to Cisco best practices, which three protocols should the default ACL allow on an access port to enable wired BYOD devices to supply valid credentials and connect to the network Correct Answer: BOOTP, TFTP and DNS Which two next-generation encryption algorithms does Cisco recommend Correct Answer: AES and SHA-384 Which three ESP fields can be encrypted during transmission Correct Answer: Padding, Pad Length and Next Header

Typology: Exams

2024/2025

Available from 10/18/2024

Academician
Academician 🇺🇸

3.8

(21)

5K documents

1 / 8

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CCNA Security Exam With Questions And Answers 2022
Which two services define cloud networks Correct Answer: Infrastructure as a Service and Platform
as a Service
In which two situations should you use out-of-band management Correct Answer: when a network
device fails to forward packets and when you require ROMMON access
In which three ways does the TACACS protocol differ from RADIUS Correct Answer: TACACS uses
TCP to communicate with the NAS, TACACS can encrypt the entire packet that is sent to the NAS
and TACACS supports per-command authorization.
According to Cisco best practices, which three protocols should the default ACL allow on an access
port to enable wired BYOD devices to supply valid credentials and connect to the network Correct
Answer: BOOTP, TFTP and DNS
Which two next-generation encryption algorithms does Cisco recommend Correct Answer: AES and
SHA-384
Which three ESP fields can be encrypted during transmission Correct Answer: Padding, Pad Length
and Next Header
What are two default Cisco IOS privilege levels Correct Answer: 1 and 15
Which two authentication types does OSPF support Correct Answer: Plaintext and MD5
Which two features do CoPP and CPPr use to protect the control plane Correct Answer: QoS and
traffic classification
Which two statements about stateless firewalls are true Correct Answer: They compare the 5-tuple of
each incoming packet against configurable rules and They cannot track connections.
Which three statements about host-based IPS are true Correct Answer: It can view encrypted files, It
can have more restrictive policies than network-based IPS and It can generate alerts based on
behavior at the desktop level.
What three actions are limitations when running IPS in promiscuous mode Correct Answer: deny
attacker, deny packet and modify packet
When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading
Correct Answer: Deny the connection inline.
What is an advantage of implementing a Trusted Platform Module for disk encryption Correct Answer:
It provides hardware authentication.
What is the purpose of the Integrity component of the CIA triad Correct Answer: to ensure that only
authorized parties can modify data
pf3
pf4
pf5
pf8

Partial preview of the text

Download CCNA Security Exam With Questions And Answers and more Exams Computer Science in PDF only on Docsity!

CCNA Security Exam With Questions And Answers 2022

Which two services define cloud networks Correct Answer: Infrastructure as a Service and Platform as a Service In which two situations should you use out-of-band management Correct Answer: when a network device fails to forward packets and when you require ROMMON access In which three ways does the TACACS protocol differ from RADIUS Correct Answer: TACACS uses TCP to communicate with the NAS, TACACS can encrypt the entire packet that is sent to the NAS and TACACS supports per-command authorization. According to Cisco best practices, which three protocols should the default ACL allow on an access port to enable wired BYOD devices to supply valid credentials and connect to the network Correct Answer: BOOTP, TFTP and DNS Which two next-generation encryption algorithms does Cisco recommend Correct Answer: AES and SHA- 384 Which three ESP fields can be encrypted during transmission Correct Answer: Padding, Pad Length and Next Header What are two default Cisco IOS privilege levels Correct Answer: 1 and 15 Which two authentication types does OSPF support Correct Answer: Plaintext and MD Which two features do CoPP and CPPr use to protect the control plane Correct Answer: QoS and traffic classification Which two statements about stateless firewalls are true Correct Answer: They compare the 5-tuple of each incoming packet against configurable rules and They cannot track connections. Which three statements about host-based IPS are true Correct Answer: It can view encrypted files, It can have more restrictive policies than network-based IPS and It can generate alerts based on behavior at the desktop level. What three actions are limitations when running IPS in promiscuous mode Correct Answer: deny attacker, deny packet and modify packet When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading Correct Answer: Deny the connection inline. What is an advantage of implementing a Trusted Platform Module for disk encryption Correct Answer: It provides hardware authentication. What is the purpose of the Integrity component of the CIA triad Correct Answer: to ensure that only authorized parties can modify data

In a security context, which action can you take to address compliance Correct Answer: Implement rules to prevent a vulnerability. Which type of secure connectivity does an extranet provide Correct Answer: other company networks to your company network Which tool can an attacker use to attempt a DDoS attack Correct Answer: botnet What type of security support is provided by the Open Web Application Security Project Correct Answer: Education about common Web site vulnerabilities. What type of attack was the Stuxnet virus Correct Answer: cyber warfare What type of algorithm uses the same key to encrypt and decrypt data Correct Answer: a symmetric algorithm Refer to the exhibit. How many times was a read-only string used to attempt a write operation Correct Answer: 9 Refer to the exhibit. Which statement about the device time is true Correct Answer: The time is authoritative, but the NTP process has lost contact with its servers. How does the Cisco ASA use Active Directory to authorize VPN users Correct Answer: It queries the Active Directory server for a specific attribute for the specified user. Which statement about Cisco ACS authentication and authorization is true Correct Answer: ACS servers can be clustered to provide scalability. Refer to the exhibit. If a supplicant supplies incorrect credentials for all authentication methods configured on the switch, how will the switch respond Correct Answer: The supplicant will fail to advance beyond the webauth method. Which EAP method uses Protected Access Credentials Correct Answer: EAP-FAST What VPN feature allows traffic to exit the security appliance through the same interface it entered Correct Answer: hairpinning What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network connection Correct Answer: split tunneling Refer to the exhibit. What is the effect of the given command sequence Correct Answer: It configures IKE Phase 1. Refer to the exhibit. What is the effect of the given command sequence Correct Answer: It defines IPSec policy for traffic sourced from 10.10.10.0/24 with a destination of 10.100.100.0/24. Refer to the exhibit. While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show Correct Answer: IPSec Phase 1 is established between 10.10.10.2 and 10.1.1.5.

How does a zone-based firewall implementation handle traffic between interfaces in the same zone Correct Answer: Traffic between two interfaces in the same zone is allowed by default. Which two statements about Telnet access to the ASA are true Correct Answer: You may VPN to the lowest security interface to telnet to an inside interface and Best practice is to disable Telnet and use SSH. Which statement about communication over failover interfaces is true Correct Answer: All information that is sent over the failover and stateful failover interfaces is sent as clear text by default. If a packet matches more than one class map in an individual feature type's policy map, how does the ASA handle the packet Correct Answer: The ASA will apply the actions from only the first matching class map it finds for the feature type. For what reason would you configure multiple security contexts on the ASA firewall Correct Answer: To separate different departments and business units. To enable the use of VRFs on routers that are adjacently connected. What is an advantage of placing an IPS on the inside of a network Correct Answer: It receives traffic that has already been filtered. What is the FirePOWER impact flag used for Correct Answer: A value that indicates the potential severity of an attack. Which FirePOWER preprocessor engine is used to prevent SYN attacks Correct Answer: Rate-Based Prevention Which Sourcefire logging action should you choose to record the most detail about a connection Correct Answer: Enable logging at the end of the session. What can the SMTP preprocessor in FirePOWER normalize Correct Answer: It can extract and decode email attachments in client to server traffic. You want to allow all of your company's users to access the Internet without allowing other Web servers to collect the IP addresses of individual users. What two solutions can you use Correct Answer: Configure a proxy server to hide users' local IP addresses And Configure a firewall to use Port Address Translation. You have implemented a Sourcefire IPS and configured it to block certain addresses utilizing Security Intelligence IP Address Reputation. A user calls and is not able to access a certain IP address. What action can you take to allow the user access to the IP address Correct Answer: Create a whitelist and add the appropriate IP address to allow the traffic. A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URL and becoming infected with malware Correct Answer: Enable URL filtering on the perimeter router and add the URLs you want to block to the router's local URL list. When is the best time to perform an anti-virus signature update Correct Answer: Every time a new update is available.

Which statement about application blocking is true Correct Answer: It blocks access to specific programs. What features can protect the data plane Correct Answer: ACLs, antispoofing and DHCP-snooping How many crypto map sets can you apply to a router interface Correct Answer: 1 What is the transition order of STP states on a Layer 2 switch interface Correct Answer: blocking, listening, learning, forwarding, disabled Which sensor mode can deny attackers inline Correct Answer: IPS Which options are filtering options used to display SDEE message types Correct Answer: Error and all When a company puts a security policy in place, what is the effect on the company's business Correct Answer: Minimizing risk Which wildcard mask is associated with a subnet mask of /27 Correct Answer: 0.0.0. Which statements about reflexive access lists are true Correct Answer: Reflexive access lists support UDP sessions, Reflexive access lists can be attached to extended named IP ACLs and Reflexive access lists support TCP sessions Which actions can a promiscuous IPS take to mitigate an attack Correct Answer: Requesting connection blocking, Resetting the TCP connection and Denying frames Which command will configure a Cisco ASA firewall to authenticate users when they enter the enable syntax using the local database with no fallback method Correct Answer: aaa authentication enable console LOCAL Which Cisco Security Manager application collects information about device status and uses it to generate notifications and alerts Correct Answer: Health and Performance Monitor Which accounting notices are used to send a failed authentication attempt record to a AAA server Correct Answer: start-stop and stop-only Which command is needed to enable SSH support on a Cisco Router Correct Answer: crypto key generate rsa Which protocol provides security to Secure Copy Correct Answer: SSH A clientless SSL VPN user who is connecting on a Windows Vista computer is missing the menu option for Remote Desktop Protocol on the portal web page. Which action should you take to begin troubleshooting Correct Answer: Ensure that the RDP plug-in is installed on the VPN gateway Which security zone is automatically defined by the system Correct Answer: The self zone

Which tasks is the session management path responsible for Correct Answer: Performing route lookup, and Checking packets against the access list Which network device does NTP authenticate Correct Answer: Only the time source Which Cisco product can help mitigate web-based attacks within a network Correct Answer: Web Security Appliance Which statement correctly describes the function of a private VLAN Correct Answer: A private VLAN partitions the Layer 2 broadcast domain of a VLAN into subdomains What hash type does Cisco use to validate the integrity of downloaded images Correct Answer: Md Which Cisco feature can help mitigate spoofing attacks by verifying symmetry of the traffic path Correct Answer: Unicast Reverse Path Forwarding What is the most common Cisco Discovery Protocol version 1 attack Correct Answer: Denial of Service What is the Cisco preferred countermeasure to mitigate CAM overflows Correct Answer: Dynamic port security Which option is the most effective placement of an IPS device within the infrastructure Correct Answer: Inline, behind the internet router and firewall If a router configuration includes the line aaa authentication login default group tacacs+ enable, which events will occur when the TACACS+ server returns an error Correct Answer: The user will be prompted to authenticate using the enable password and Authentication attempts to the router will be denied Which alert protocol is used with Cisco IPS Manager Express to support up to 10 sensors Correct Answer: SDEE When a switch has multiple links connected to a downstream switch, what is the first step that STP takes to prevent loops Correct Answer: STP elects the root bridge Which type of address translation should be used when a Cisco ASA is in transparent mode Correct Answer: Static NAT Which components does HMAC use to determine the authenticity and integrity of a message Correct Answer: The hash and The key What is the default timeout interval during which a router waits for responses from a TACACS server before declaring a timeout failure Correct Answer: 5 seconds Which RADIUS server authentication protocols are supported on Cisco ASA firewalls Correct Answer: PAP, MS-CHAPv1 and MS-CHAPv

Which command initializes a lawful intercept view Correct Answer: li-view cisco user cisco1 password cisco Which countermeasures can mitigate ARP spoofing attacks Correct Answer: DHCP snooping and Dynamic ARP inspection Which of the following statements about access lists are true Correct Answer: Extended access lists should be placed as near as possible to the source, Standard access lists should be placed as near as possible to the destination and Standard access lists filter on the source address Which statement about extended access lists is true Correct Answer: Extended access lists perform filtering that is based on source and destination and are most effective when applied to the source Which security measures can protect the control plane of a Cisco router Correct Answer: CCPr and CoPP In which stage of an attack does the attacker discover devices on a target network Correct Answer: Reconnaissance Which protocols use encryption to protect the confidentiality of data transmitted between two parties Correct Answer: SSH and HTTPS What are the primary attack methods of VLAN hopping Correct Answer: Switch spoofing and Double tagging How can the administrator enable permanent client installation in a Cisco AnyConnect VPN firewall configuration Correct Answer: Issue the command anyconnect keep-installer installed under the group policy or username webvpn mode Which type of security control is defense in depth Correct Answer: Threat mitigation On which Cisco Configuration Professional screen do you enable AAA Correct Answer: AAA Summary