CCNA Security v3.0

Mohamed Yuosef
Quiz by Mohamed Yuosef, updated more than 1 year ago
Mohamed Yuosef
Created by Mohamed Yuosef almost 4 years ago
307
0

Description

Some of the new questions

Resource summary

Question 1

Question
1.Which NAT type allows only objects or groups to reference an IP address?
Answer
  • A. Dynamic NAT
  • B. Dynamic PAT
  • C. Identity NAT
  • D. Static NAT

Question 2

Question
2. Which of these are characteristics of DHCP spoofing? (Choose three)
Answer
  • A. ARP poisoning
  • B. Physically modify the network gateway
  • C. Can access most network devices
  • D. Protect the identity of the attacker by masking their DHCP address
  • E. Man-in-the-middle attack
  • F. Modify traffic in transit

Question 3

Question
3. Which NAT option is executed first in the case of multiple NAT translations?
Answer
  • A. Static NAT with shortest prefix
  • B. Static NAT with longest prefix
  • C. Dynamic NAT with shortest prefix
  • D. Dynamic NAT with longest prefix

Question 4

Question
4. How can firepower block malicious email attachments?
Answer
  • A. It forwards email requests to an external signature engine
  • B. It scans inbound email messages for known bad URLs
  • C. It sends an alert to the administrator to verify suspicious email messages
  • D. It sends the traffic through a file policy

Question 5

Question
5. Which firewall configuration must you perform to allow traffic to flow in both directions between two zones?
Answer
  • A. Configure a single zone pair that allows bidirectional traffic flows from any zone except the self-zone
  • B. Configure two zone pairs, one for each direction
  • C. Configure a single zone pair that allows bidirectional traffic flows from any zone
  • D. Configure a single zone pair that allows bidirectional traffic flows only if the source zone is the less secure zone

Question 6

Question
6. What mechanism does asymmetric cryptography use to secure data?
Answer
  • A. An MD5 hash
  • B. A public/private key pair
  • C. An RSA nonce
  • D. Shared secret keys

Question 7

Question
7. Which statement about IOS privilege levels is true?
Answer
  • A. Each privilege level is independent of all other privilege levels
  • B. Each privilege level supports the commands at its own level and all levels above it
  • C. Privilege-level commands are set explicitly for each user
  • D. Each privilege level supports the commands at its own level and all levels below it

Question 8

Question
8. Your security team has discovered a malicious program that has been harvesting the CEO's email messages and the company's user database for the last 6 months. What type of attack did your team discover? (Choose two)
Answer
  • A. Social activism
  • B. Targeted malware
  • C. Drive-by spyware
  • D. Polymorphic virus
  • E. Advanced persistent threat

Question 9

Question
9. What is a valid implicit permit rule for traffic that is traversing the ASA firewall?
Answer
  • A. Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in transparent mode only
  • B. Only BPDUs from a higher security interface to a lower security interface are permitted in routed mode
  • C. Unicast IPv4 traffic from a higher security interface to a lower security interface is permitted in routed mode only
  • D. Only BPDUs from a higher security interface to a lower security interface are permitted in transparent mode
  • E. ARPs in both directions are permitted in transparent mode only

Question 10

Question
10. What is the effect of the following command: “Crypto ipsec transform-set my set esp-md5-hmac esp-aes-256”
Answer
  • A. It configures encryption to use MD5 HMAC
  • B. It configures authentication to use MD5 HMAC
  • C. It configures encryption to use AES-256
  • D. It configured authentication to use AES-256
  • E. It configures authorization to use AES-256

Question 11

Question
11. Which of the following statements about access lists are true? (Choose three)
Answer
  • A. Extended access lists should be placed as near as possible to the destination
  • B. Standard access lists should be placed as near as possible to the source
  • C. Extended access lists should be placed as near as possible to the source
  • D. Standard access lists should be placed as near as possible to the destination
  • E. Standard access lists filter on the source address
  • F. Standard access lists filter on the destination address

Question 12

Question
12. In which two situations should you use in-band management? (Choose two)
Answer
  • A. When a network device fails to forward packets
  • B. When management applications need concurrent access to the device
  • C. When you require administrator access from multiple locations
  • D. When you require ROMMON access
  • E. When the control plane fails to respond

Question 13

Question
13. In which two situations should you use out-of-band management? (Choose two)
Answer
  • A. When a network device fails to forward packets
  • B. When management applications need concurrent access to the device
  • C. When you require administrator access from multiple locations
  • D. When you require ROMMON access
  • E. When the control plane fails to respond

Question 14

Question
14. Which command enable ospf authentication?
Answer
  • A. ip ospf authentication message-digest
  • B. network 192.168.10.0 0.0.0.255 area 0
  • C. area 20 authentication message-digest
  • D. ip ospf message-digest-key 1 md5 CCNA

Question 15

Question
15.Which command help user1 to use enable,disable,exit&etc commands?
Answer
  • A. catalyst1(config)#username user1 privilege 0 secret us1pass
  • B. catalyst1(config)#username user1 privilege 1 secret us1pass
  • C. catalyst1(config)#username user1 privilege 2 secret us1pass
  • D. catalyst1(config)#username user1 privilege 5 secret us1pass

Question 16

Question
16. Command ip ospf authentication key 1 is implemented in which level?
Answer
  • A. Interface
  • B. process
  • C. global
  • D. enable

Question 17

Question
17. Which line in the following OSPF configuration will not be required for MD5 authentication to work? ip address 192.168.10.1 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 CCNA ! router ospf 65000 router-id 192.168.10.1 area 20 authentication message-digest network 10.1.1.0 0.0.0.255 area 10 network 192.168.10.0 0.0.0.255 area 0
Answer
  • A. ip ospf authentication message-digest
  • B. network 192.168.10.0 0.0.0.255 area 0
  • C. area 20 authentication message-digest
  • D. ip ospf message-digest-key 1 md5 CCNA

Question 18

Question
18. Which of the following pairs of statements is true in terms of configuring MD authentication?
Answer
  • A. Interface statements (OSPF, EIGRP) must be configured; use of key chain in OSPF
  • B. Router process (OSPF, EIGRP) must be configured; key chain in EIGRP
  • C. Router process (only for OSPF) must be configured; key chain in EIGRP
  • D. Router process (only for OSPF) must be configured; key chain in OSPF

Question 19

Question
19. which are two valid TCP connection states (pick 2) is the gist of the question?
Answer
  • A. SYN-RCVD
  • B. Closed
  • C. SYN-WAIT
  • D. RCVD
  • E. SENT

Question 20

Question
20. What is example of social engineering?
Answer
  • A. Gaining access to a building through an unlocked door.
  • B. something about inserting a random flash drive.
  • C. gaining access to server room by posing as IT
  • D. Watching other user put in username and password (something around there)
Show full summary Hide full summary

Similar

English Vocabulary
Niat Habtemariam
Command Words
Mr Mckinlay
AQA GCSE Physics Unit 2.2
Matthew T
LA INICIACION LITERARIA
Monica Violeta Toro López
Organigramas
Erick Plata
NICRA (Northern Ireland Civil Rights Association
Ian Downey
MAPA MENTAL NEUROMARKETING
jerson agudelo
Cáncer de Páncreas
Rodolfo Luna Banenelli
Resúmenes 3er Parcial.- Embriología, Histología y Anatomía
Mariana Quevedo
Primera a Segunda Guerra Mundial
Brandon Zuñiga