CBT IT Certification Training

Unlimited IT Certification Courses via Streaming Video

Login to this site requires ssl communication.
Click here to reload the page over ssl.

  • Lost your password?

  • Back to login
Loading
Login to this site requires ssl communication.
Click here to reload the page over ssl.

  • Lost your password?

  • Back to login
Loading
  • Home
  • New Courses
        • Cisco
          • Cisco CCNA Primer
          • Cisco CCNA
  • Courses
        • Amazon
          • AWS Certified Solutions Architect – Associate
          • Amazon AWS SysOps – Associate
        • Career
        • Cisco
        • NetApp
        • CompTIA
        • ITIL
        • Juniper
        • Custom menu
          • custom menu 1
          • custom menu 2
          • Custom menu 3
          • custom menu 4
        • Linux
        • Microsoft
          • Security Fundamentals
          • Windows OS
          • Windows Server
          • Microsoft MCSA – Windows Server 2012
          • Microsoft MTA – Database Administration Fundamentals
          • Microsoft MCSA – Administering Windows Server 2012
          • Microsoft MCSA Configuring Advanced Windows Server 2012 Services
        • TCP-IP
        • Wireshark
        • VMware
        • Web Development
  • Racks
    • vRack
    • Live Cisco Racks
  • Tour
  • Join
  • Join
  • Free Training
  • Meet the Trainers
  • Help
    • Helpdesk
    • FAQ
    • Contact Us
    • Privacy
  • Products
    • Books
    • Audiobooks
  • Login
  • Members
    • Account
    • Exams
    • Forum
    • Live Cisco Rack Training
    • Members Training
    • Member Bonuses
    • My Courses
  • Home
  • New Courses
        • Cisco
          • Cisco CCNA Primer
          • Cisco CCNA
  • Courses
        • Amazon
          • AWS Certified Solutions Architect – Associate
          • Amazon AWS SysOps – Associate
        • Career
        • Cisco
        • NetApp
        • CompTIA
        • ITIL
        • Juniper
        • Custom menu
          • custom menu 1
          • custom menu 2
          • Custom menu 3
          • custom menu 4
        • Linux
        • Microsoft
          • Security Fundamentals
          • Windows OS
          • Windows Server
          • Microsoft MCSA – Windows Server 2012
          • Microsoft MTA – Database Administration Fundamentals
          • Microsoft MCSA – Administering Windows Server 2012
          • Microsoft MCSA Configuring Advanced Windows Server 2012 Services
        • TCP-IP
        • Wireshark
        • VMware
        • Web Development
  • Racks
    • vRack
    • Live Cisco Racks
  • Tour
  • Join
  • Join
  • Free Training
  • Meet the Trainers
  • Help
    • Helpdesk
    • FAQ
    • Contact Us
    • Privacy
  • Products
    • Books
    • Audiobooks
  • Login
  • Members
    • Account
    • Exams
    • Forum
    • Live Cisco Rack Training
    • Members Training
    • Member Bonuses
    • My Courses

CCNA Security Exam

Back to Exams Page

1. Which of the following concepts deals with making sure that data is not altered whether in transit or in storage?
 
 
 
 

Question 1 of 50

2. Which of the following make up the CIA triad? Choose three.
 
 
 
 

Question 2 of 50

3. Security controls can be classified as physical controls, logical controls and administrative controls. A firewall is an example of a physical control. True or false?
 
 

Question 3 of 50

4. A Denial of Service (DoS) attack is an attack against which goal of security?
 
 
 
 

Question 4 of 50

5. The Advanced Encryption Standard (AES) is an example of a/an _________________.
 
 
 
 

Question 5 of 50

6. Which of the following are true about SHA-1? Choose two.
 
 
 
 

Question 6 of 50

7. When asymmetric key cryptography is used for secure communication exchange, which of the following is true?
 
 
 
 

Question 7 of 50

8. Looking at the command output below, what algorithm is being used to encrypt/hash the password of the user?

Q8
 
 
 
 

Question 8 of 50

9. Looking at the configuration snippet below, which of the following is/are true for users who connect via Telnet? Select all that apply.

Q09
 
 
 
 
 

Question 9 of 50

10. When the aaa new-model command is issued on a Cisco router, which of the following is true?
 
 
 
 

Question 10 of 50

11. How many privilege levels are available on the Cisco IOS?
 
 
 
 

Question 11 of 50

12. Which of the following are external identity sources supported by Cisco Secure ACS 5.x? Select two.
 
 
 
 

Question 12 of 50

13. Which of the following is NOT true about the RADIUS protocol?
 
 
 
 

Question 13 of 50

14. You have enabled 802.1X on your network so that users trying to connect through the LAN ports on your Cisco switches are authenticated and authorized by your Cisco Secure ACS. Which of the following terms describes the role of the Cisco switches in 802.1X?
 
 
 
 

Question 14 of 50

15. Looking at the configuration snippet on a Cisco IOS router below, what will happen if the TACACS+ server responds with a FAIL for a user who tries to connect via Telnet?

Q15
 
 
 
 

Question 15 of 50

16. You have configured the IP address and key of a TACACS+ server on a Cisco router. Which of the following options will let you verify that the Cisco router can successfully communicate with the TACACS+ server and authenticate users against that server?
 
 
 
 

Question 16 of 50

17. Which of the following are true about Internet Key Exchange version 1 (IKEv1)? Select four.
 
 
 
 
 
 

Question 17 of 50

18. Study the diagram and the two configuration snippets below. The network administrator is trying to configure a site-to-site VPN tunnel between a Cisco router and a Cisco ASA but the tunnel is not coming up. What is the problem?

Q18_1 Q18_2 Q18_3
 
 
 
 

Question 18 of 50

19. When NAT Traversal is being used between two VPN peers, the packets used to encapsulate IPsec traffic use what protocol/port?
 
 
 
 

Question 19 of 50

20. ESP, an IPsec protocol, stands for?
 
 
 
 

Question 20 of 50

21. Which of the Cisco SSL VPN modes requires you to configure an IP address pool from which remote users will be assigned IP addresses?
 
 
 
 

Question 21 of 50

22. What feature will you configure on a Cisco ASA to allow only certain traffic to be tunneled through the VPN tunnel while allowing all other traffic to flow unencrypted?
 
 
 
 

Question 22 of 50

23. What effect will the “no sysopt connection permit-vpn” command have on the Cisco ASA?
 
 
 
 

Question 23 of 50

24. Take a look at the diagram below. Assuming all other VPN-related configuration are correct, will the VPN tunnel between the routers come up?

Q24
 
 
 
 

Question 24 of 50

25. Which of the following are true about the SSH protocol? Choose three.
 
 
 
 
 
 

Question 25 of 50

26. Looking at the configuration snippet below, when user “helpdesk” logs in via the VTY line, what privilege level will that user be placed in?

Q26
 
 
 
 

Question 26 of 50

27. Which of the following is/are required to configure role-based CLI access on a Cisco IOS router? Choose all that apply.
 
 
 
 

Question 27 of 50

28. Enabling routing protocol authentication is a protection feature for which plane on a Cisco IOS device?
 
 
 
 

Question 28 of 50

29. Which of the following options is/are layer 2 security best practices? Choose all that apply.
 
 
 
 

Question 29 of 50

30. Which of the following is NOT true about DHCP snooping?
 
 
 
 

Question 30 of 50

31. Which of the following is/are true about Dynamic ARP inspection (DAI)? Select two.
 
 
 
 

Question 31 of 50

32. What is the default maximum number of secure MAC addresses allowed on a switchport configured with port security?
 
 
 
 

Question 32 of 50

33. Which port security violation mode permits traffic from known MAC addresses to continue to be forwarded, restricts data from the violating MAC address but does not provide notification that a violation has occurred?
 
 
 
 

Question 33 of 50

34. Choose two correct options below.
 
 
 
 

Question 34 of 50

35. For Active/Active failover to be configured on the Cisco ASA, what mode must the ASAs be in?
 
 
 
 

Question 35 of 50

36. Network-Object NAT rules are placed in what section of the Cisco ASA NAT table?
 
 
 
 

Question 36 of 50

37. Looking at the following NAT rules configured on a Cisco ASA, traffic from source IP address 10.0.0.100 on the inside will be seen as coming from what IP address in the DMZ?

Q37
 
 
 
 

Question 37 of 50

38. Looking at the diagrams below, choose the correct option for translating the 10.0.0.0/24 network to 192.168.0.0/24 when going to the destination network 10.1.1.0/24 (which is really 192.168.1.0/24). The NAT configuration will be done on the Cisco ASA.

Q38
 
 
 
 

Question 38 of 50

39. In the diagram below, assume that there is IP routing among the different zones, no ACLs have been configured and the default MPF policy has not been edited. Which of the following is/are true? Select all that apply.

Q39
 
 
 
 

Question 39 of 50

40. Which of the following is/are correct about the Cisco IOS zone-based policy firewall? Select all that apply.
 
 
 
 

Question 40 of 50

41. What type of NAT will you configure to allow access to a web server located in the DMZ from the Internet?
 
 
 
 

Question 41 of 50

42. Look at the diagram below and study the configuration. Assume that there is proper IP routing between the zones. Which of the following is NOT true?

Q42
 
 
 
 

Question 42 of 50

43. When a malicious packet passes through an Intrusion Prevention System and the IPS does not raise any alarms, what is this called?
 
 
 
 

Question 43 of 50

44. Which IPS/IDS detection technology works by detecting malicious traffic by comparing such traffic to a generally acceptable baseline?
 
 
 
 

Question 44 of 50

45. One of the advantages of an IPS operating in inline mode versus one operating in promiscuous mode is that:
 
 
 
 

Question 45 of 50

46. Which of the following products can be used for centralized management of the Cisco FirePOWER services and appliances?
 
 
 
 

Question 46 of 50

47. OpenPGP is a protocol that can be used for email encryption. What does PGP stand for?
 
 
 
 

Question 47 of 50

48. Sam is the CEO of an organization that deals with trading diamonds. Early one morning, he receives an email from one of their suppliers addressed to him and informing him of an outstanding payment for a shipment that Sam thought he had already paid. The email includes a link for Sam to log into the supplier’s portal. Fearing the email may be malicious, Sam gets on the phone with the supplier who tells him they didn’t send any email and that his shipment is already on its way. What kind of email attack did Sam almost fall for?
 
 
 
 

Question 48 of 50

49. In what two modes can the Cisco Web Security Appliance (WSA) be configured to operate?
 
 
 
 

Question 49 of 50

50. A type of malware that disguises itself as a legitimate program but is in fact malicious is known as a?
 
 
 
 

Question 50 of 50

Loading... Loading…

 

About Us

This site has been created to help you make the best out of your IT career. Whether you are trying to get your first job, get promoted, or start your own IT business, we have a course for you.

Most Popular

Cisco ICND1 Wireshark WCNA NetApp NCSA CompTIA Network+ VMware VCA-DCV Microsoft MTA OS Fundamentals

Members

  • Account
  • Forum
  • Live Cisco Rack Training
  • Members Training
  • Member Bonuses
  • My Courses

Newsletter

Free IT Webinar Training

Secure Site

website security

Copyright 2016 Reality Press Ltd . / Paul Browning