CCNA Security Chapter 2 Exam Questions with Answers – Updated

Latest Update CCNA Security Chapter 2 Exam Questions and Answers

Here is the all CCNA Security Chapter 2 Exam Questions with answers. It is just for review and educational purposes. You can use this to learn more about CCNA security exam questions and answers. This exam will cover material from Chapter 2 of CCNAS 2.0 of the curriculum.

This exam will be scored using the Weighted Model where each MCSA (Multiple-Choice Single-Answer) is worth two points and each MCMA (Multiple-Choice Multiple-Answer) is worth one point for each correct option. If more options are selected than required, the student will receive a score of zero.

CCNA Security Chapter 2 Exam Questions and Answers

4: A network administrator notices that unsuccessful login attempts have caused a router to enter quiet mode. How can the administrator maintain remote access to the networks even during quiet mode?

Quiet mode behavior can be overridden for specific networks by using an ACL.

Quiet mode behavior can be enabled via an ip access-group command on a physical interface.

Quiet mode behavior will only prevent specific user accounts from attempting to authenticate.

Quiet mode behavior can be disabled by an administrator by using SSH to connect.

5: What is the Control Plane Policing (CoPP) feature designed to accomplish?

manage services provided by the control plane

prevent unnecessary traffic from overwhelming the route processor

direct all excess traffic away from the route processor

disable control plane services to reduce overall traffic


6: What is a characteristic of the Cisco IOS Resilient Configuration feature?

The secure boot-image command works properly when the system is configured to run an image from a TFTP server.

A snapshot of the router running configuration can be taken and securely archived in persistent storage.

Once issued, the secure boot-config command automatically upgrades the configuration archive to a newer version after new configuration commands have been entered.

It maintains a secure working copy of the bootstrap startup program.


7: What is the purpose of using the ip ospf message-digest-key key md5 password command and the area area-id authentication message-digest command on a router?

to enable OSPF MD5 authentication on a per-interface basis

to encrypt OSPF routing updates

to facilitate the establishment of neighbor adjacencies

to configure OSPF MD5 authentication globally on the router


8: If AAA is already enabled, which three CLI steps are required to configure a router with a specific view? (Choose three.)

Assign commands to the view.

Associate the view with the root view.

Create a superview using the parser view view-name command.

Create a view using the parser view view-name command.

Assign a secret password to the view.

Assign users who can use the view.


9: Which two characteristics apply to role-based CLI access superviews? (Choose two.)

A single superview can be shared among multiple CLI views.

Users logged in to a superview can access all commands specified within the associated CLI views.

Deleting a superview deletes all associated CLI views.

A specific superview cannot have commands added to it directly.

CLI views have passwords, but superviews do not have passwords.


10: What is the default privilege level of user accounts created on Cisco routers?






11: Which three statements describe limitations in using privilege levels for assigning command authorization? (Choose three.)

Views are required to define the CLI commands that each user can access.

There is no access control to specific interfaces on a router.

The root user must be assigned to each privilege level that is defined.

It is required that all 16 privilege levels be defined, whether they are used or not.

Creating a user account that needs access to most but not all commands can be a tedious process.

Commands set on a higher privilege level are not available for lower privilege users.

12: Which three items are prompted for a user response during interactive AutoSecure setup? (Choose three.)

content of a security banner

IP addresses of interfaces

interfaces to enable

services to disable

enable password

enable secret password


13: Which three functions are provided by the syslog logging service? (Choose three.)

retaining captured messages on the router when a router is rebooted

setting the size of the logging buffer

gathering logging information

specifying where captured information is stored

distinguishing between information to be captured and information to be ignored

authenticating and encrypting data sent over the network

14: What command must be issued to enable login enhancements on a Cisco router?

banner motd

privilege exec level

login delay

login block-for


15: What is a requirement to use the Secure Copy Protocol feature?

The Telnet protocol has to be configured on the SCP server side.

A transfer can only originate from SCP clients that are routers.

A command must be issued to enable the SCP server side functionality.

At least one user with privilege level 1 has to be configured for local authentication


16: A network engineer is implementing security on all company routers. Which two commands must be issued to force authentication via the password 1A2b3C for all OSPF-enabled interfaces in the backbone area of the company network? (Choose two.)

ip ospf message-digest-key 1 md5 1A2b3C

username OSPF password 1A2b3C

area 1 authentication message-digest

area 0 authentication message-digest

enable password 1A2b3C


17: Which set of commands are required to create a username of admin, hash the password using MD5, and force the router to access the internal username database when a user attempts to access the console?

R1(config)# username admin password Admin01pa55
R1(config)# line con 0
R1(config-line)# login local

R1(config)# username admin Admin01pa55 encr md5
R1(config)# line con 0
R1(config-line)# login local

R1(config)# username admin secret Admin01pa55
R1(config)# line con 0
R1(config-line)# login

R1(config)# username admin password Admin01pa55
R1(config)# line con 0
R1(config-line)# login

R1(config)# username admin secret Admin01pa55
R1(config)# line con 0
R1(config-line)# login local


18: Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode?

Disable all unused ports and interfaces to reduce the number of ways that the router can be accessed.

Provision the router with the maximum amount of memory possible.

Locate the router in a secure locked room that is accessible only to authorized personnel.

Keep a secure copy of the router Cisco IOS image and router configuration file as a backup.

Configure secure administrative control to ensure that only authorized personnel can access the router.

19: Refer to the exhibit. Which statement about the JR-Admin account is true?

JR-Admin can issue debug and reload commands.

JR-Admin can issue show, ping, and reload commands.

JR-Admin can issue ping and reload commands.

JR-Admin can issue only ping commands.

JR-Admin cannot issue any command because the privilege level does not match one of those defined.

20: Which two options can be configured by Cisco AutoSecure? (Choose two.)

security banner


enable secret password

interface IP address



21: The exhibit displays a router prompt, the command show running-config, and the following partial output:
<ouput omitted>
Parser view SUPPORT superview
secret 5 $1$Vp10$BBB1N68Z2ekr/aLH1edts.

Refer to the exhibit. Based on the output of the show running-config command, which type of view is SUPPORT?

superview, containing SHOWVIEW and VERIFYVIEW views

secret view, with a level 5 encrypted password

CLI view, containing SHOWVIEW and VERIFYVIEW commands

root view, with a level 5 encrypted secret password

22: What occurs after RSA keys are generated on a Cisco router to prepare for secure device management?

The generated keys can be used by SSH.

The general-purpose key size must be specified for authentication with the crypto key generate rsa general-keys moduluscommand.

All vty ports are automatically configured for SSH to provide secure management.

The keys must be zeroized to reset Secure Shell before configuring other parameters.

23: What are two reasons to enable OSPF routing protocol authentication on a network? (Choose two.)

to ensure more efficient routing

to prevent redirection of data traffic to an insecure link

to provide data security through encryption

to prevent data traffic from being redirected and then discarded

to ensure faster network convergence

24: Which three types of views are available when configuring the role-based CLI access feature? (Choose three.)

superuser view


CLI view

admin view

root view

config view


25: An administrator defined a local user account with a secret password on router R1 for use with SSH. Which three additional steps are required to configure R1 to accept only encrypted SSH connections? (Choose three.)

Enable inbound vty Telnet sessions.

Enable inbound vty SSH sessions.

Configure the IP domain name on the router.

Generate two-way pre-shared keys.

Configure DNS on the router.

Generate the SSH keys.


26: What is a characteristic of the MIB?

Information is organized in a flat manner so that SNMP can access it quickly.

The OIDs are organized in a hierarchical structure.

A separate MIB tree exists for any given device in the network.

Information in the MIB cannot be changed.

27: Which three actions are produced by adding Cisco IOS login enhancements to the router login process? (Choose three.)

disable logins from specified hosts

slow down an active attack

automatically provide AAA authentication

create password authentication

permit only secure console access

create syslog messages


28: Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.)

flash security

zone isolation

router hardening

remote access security

operating system security

physical security

Related search:

CCNA security final exam answers 2018
CCNA security chapter 2 exam answers
CCNA security chapter 3 exam answers 2018
CCNA security final exam packet tracer
CCNA security v2.0 skills assessment – b
Cisco cybersecurity final exam answers
What is the default privilege level of user accounts created on Cisco routers?

CCNA SecurityCCNA Security Chapter 2 Exam AnswersCCNA Security Exam QuestionsData SecurityHow toInformation SecurityQuestions and Answers
Comments (0)
Add Comment