CCNA Security Exam Questions Archives - TECHNIG

CCNA Security Chapter 5 Exam Questions With Answers – Updated

Shais — Tue, 25 Sep 2018 03:22:51 +0000

These are all updated CCNA Security chapter 5 exam questions with answers. If you have the new question on this test, please comment question. We will update answers for you in the shortest time.

1. An IPS sensor has detected the string confidential across multiple packets in a TCP session. Which type of signature trigger and signature type does this describe?

Trigger: Pattern-based detection
Type: Composite signature
Trigger: Policy-based detection
Type: Composite signature
Trigger: Pattern-based detection
Type: Atomic signature
Trigger: Anomaly-based detection
Type: Composite signature
Trigger: Policy-based detection
Type: Atomic signature
Trigger: Anomaly-based detection
Type: Atomic signature

Pattern-based detection (also called signature-based detection) searches for a specific pattern that can be textual, binary, or a series of function calls. It can be detected in a single packet (atomic) or in a packet sequence (composite).

2. What is a required condition to enable IPS activity reporting using the SDEE format?

Issue the ip ips notify log command.
Configure the signature category.
Create an IOS IPS configuration directory in flash.
Enable an HTTP or HTTPS service on the router.

To enable IPS activity reporting format using SDEE, the HTTP or HTTPS server must first be enabled on the router. If the HTTP server is not enabled, the router cannot respond to the SDEE clients because it cannot see the requests. The ip ips notify log command will send notification using syslog. The tasks of configuring the signature category and creating an IOS IPS configuration directory in flash are necessary to implement IOS IPS, but they are not directly associated with SDEE feature.

CCNA Security Chapter 5 Exam Questions With Answers – Updated

3. Refer to the exhibit. Based on the configuration, which traffic will be examined by the IPS that is configured on router R1?

return traffic from the web server
traffic that is destined to LAN 1 and LAN 2
traffic that is initiated from LAN 1 and LAN 2
no traffic will be inspected
http traffic that is initiated from LAN 1

Because the IPS inspection is configured on the S0/0/0 interface with inbound direction, but the ACL source address range is 192.168.0.0/16 and the traffic type is http established, there will be no traffic to match these criteria (note, there is no web server on LAN 1 or LAN 2). Hence no traffic inspection will take place.

4. A network administrator is configuring an IOS IPS with the command

R1(config)# ip ips signature-definition

Which configuration task can be achieved with this command?

Retire or unretire the ios_ips basic signature category.
Retire or unretire the all atomic signatures category.
Retire or unretire an individual signature.
Retire or unretire the all signature category.

The IOS command ip ips signature-definition is used to configure a specific signature, including retire/unretire and event action. To configure a signature category, the command ip ips signature-category is used.

5. What information must an IPS track in order to detect attacks matching a composite signature?

the state of packets related to the attack
the network bandwidth consumed by all packets
the attacking period used by the attacker
the total number of packets in the attack

A composite signature is called a stateful signature. It identifies a sequence of operations distributed across multiple hosts over an arbitrary period of time. Because this type of attack involves multiple packets, an IPS sensor must maintain the state information. However, an IPS sensor cannot maintain the state information indefinitely. A composite signature is configured with a time period to maintain the state for the specific attack when it is first detected. Thus, an IPS may not be able to maintain all the information related to an attack such as total number of packets, total length of attack time, and the amount of bandwidth consumed by the attack.

CCNA Security Exam Questions

6. Refer to the exhibit. A network administrator enters the command on a Cisco IOS IPS router. What is the effect?

Alert messages are sent in Security Device Event Exchange (SDEE) format.
Alert messages are sent in syslog format.
Alert messages are sent in trace file format.
Alert messages are sent in event log format.

The ip ips notify command is used to set the IPS event notification. This command has two options, log and sdee. The log option is to specify that notifications are sent in syslog format. The sdee option is to specify that notifications are sent in SDEE format. If no option is specified, by default, notifications are sent in syslog format.

7. What is the purpose in configuring an IOS IPS crypto key when enabling IOS IPS on a Cisco router?

to enable Cisco Configuration Professional to be launched securely
to secure the IOS image in flash
to verify the digital signature for the master signature file
to encrypt the master signature file

The crypto key verifies the digital signature for the master signature file (sigdef-default.xml). The content of the file is signed by a Cisco private key to guarantee its authenticity and integrity.

8. What is a disadvantage of network-based IPS as compared to host-based IPS?

Network-based IPS should not be used with multiple operating systems.
Network-based IPS does not detect lower level network events.
Network-based IPS is less cost-effective.
Network-based IPS cannot examine encrypted traffic.

Network-based IPS devices are implemented as inline mode to actively monitor the traffic on networks. They can take immediate actions when security criteria match. One limitation of them is that they cannot monitor/inspect encrypted packets.

9. True or False?
A Cisco IDS does not affect the flow of traffic when it operates in promiscuous mode.

true
false

In promiscuous mode, also known as passive mode, the flow of traffic is unaffected because the IDS sensor analyzes copies of traffic instead of actual forwarded packets.

10. What is a disadvantage of a pattern-based detection mechanism?

The normal network traffic pattern must be profiled first.
It is difficult to deploy in a large network.
It cannot detect unknown attacks.
Its configuration is complex.

An IDS/IPS with pattern-based detection, also known as signature-based detection, compares the network traffic to a database of known attacks (signature files) and triggers an alarm or prevents communication if a match is found. The signatures must be created first. Hence this type of intrusion detection cannot detect unknown attacks. It is easy to configure and to deploy. Its operation does not depend on the information of normal network behavior (or baseline).

11. A security specialist configures an IPS so that it will generate an alert when an attack is first detected. Alerts for the subsequent detection of the same attack are suppressed for a pre-defined period of time. Another alert will be generated at the end of the period indicating the number of the attack detected. Which IPS alert monitoring mechanism is configured?

atomic alert
correlation alert
composite alert
summary alert

Alerts generated by an IPS should be monitored closely to ensure proper actions are taken against malicious attacks. IPS solutions incorporate two types of alerts, atomic alerts and summary alerts. Atomic alerts are generated every time a signature triggers. A summary alert is a single alert that indicates multiple occurrences of the same signature from the same source address or port. With a summary alter, the first detection of the attack triggers a normal alert. Subsequent detection of the same attack is counted until the end of the signature summary interval. When the length of time specified by the summary interval has elapsed, a summary alarm is sent, indicating the number of alarms that occurred during the time interval.

12. What are two disadvantages of using an IDS? (Choose two.)

The IDS does not stop malicious traffic.
The IDS works offline using copies of network traffic.
The IDS has no impact on traffic.
The IDS analyzes actual forwarded packets.
The IDS requires other devices to respond to attacks.

The disadvantage of operating with mirrored traffic is that the IDS cannot stop malicious single-packet attacks from reaching the target before responding to the attack. Also, an IDS often requires assistance from other networking devices, such as routers and firewalls, to respond to an attack. An advantage of an IDS is that by working offline using mirrored traffic, it has no impact on traffic flow.

CCNA Security Questions and Answers

13. Refer to the exhibit. Based on the IPS configuration provided, which conclusion can be drawn?

The signatures in all categories will be retired and not be used by the IPS.
The signatures in all categories will be compiled into memory and used by the IPS.
Only the signatures in the ios_ips basic category will be compiled into memory and used by the IPS.
The signatures in the ios_ips basic category will be retired and the remaining signatures will be compiled into memory and used by the IPS.

The IPS signature in the all category is retired, which means no signatures are compiled into memory. The IPS signature ios_ips basic category is unretired (by the command retired false), resulting in the signatures in the ios_ips basic being compiled into RAM for traffic inspection.

14. What are two drawbacks to using HIPS? (Choose two.)

With HIPS, the network administrator must verify support for all the different operating systems used in the network.
HIPS installations are vulnerable to fragmentation attacks or variable TTL attacks.
HIPS has difficulty constructing an accurate network picture or coordinating events that occur across the entire network.
If the network traffic stream is encrypted, HIPS is unable to access unencrypted forms of the traffic.
With HIPS, the success or failure of an attack cannot be readily determined.

Network-based IPS devices are implemented in inline mode to actively monitor the traffic on networks. They can take immediate actions when security criteria match. They can be implemented with dedicated appliances or as a feature on a Cisco router. Multiple types of detection mechanisms can be implemented in IPS, including signature-based and anomaly-based detection. One limitation of an IPS is that it cannot monitor or inspect encrypted packets.

15. Which two benefits does the IPS version 5.x signature format provide over the version 4.x signature format? (Choose two.)

support for IPX and AppleTalk protocols
addition of a signature risk rating
support for encrypted signature parameters
addition of signature micro engines
support for comma-delimited data import

Since IOS 12.4(11)T, Cisco introduced version 5.x IPS signature format. The new version supports encrypted signature parameters and other features such as signature risk rating, which rates the signature on security risk.

16. In configuring a Cisco router to prepare for IPS and VPN features, a network administrator opens the file realm-cisco.pub.key.txt, and copies and pastes the contents to the router at the global configuration prompt. What is the result after this configuration step?

A pair of public/secret keys is created for IPsec VPN operation.
The router is authenticated with the Cisco secure IPS resource web server.
A crypto key is created for IOS IPS to verify the master signature file.
A pair of public/secret keys is created for the router to serve as an SSH server.

The third step in implementing IOS IPS is to configure the Cisco IOS IPS public key that is located in the realm-cisco.pub.key.txt file. This public key is used to verify digital signature for the master signature file, and can be downloaded from cisco.com. To configure the IOS IPS crypto key, open the text file, and copy and paste the contents to the router at the global configuration prompt. Public/private key pairs for IPsec VPN and SSH server are generated using different methods.

CCNA Security Exam Chapter 5 Exam Questions

17. Refer to the exhibit. Which statement best describes how incoming traffic on serial 0/0 is handled?

Traffic not matching ACL 100 will be scanned and reported.
Traffic matching ACL 100 will be scanned and reported.
Traffic that is sourced from 172.31.235.0/24 will be scanned and reported.
Traffic that is coming from any source other than 172.31.235.0/24 will be scanned and reported.
Traffic not matching ACL 100 will be dropped.
Traffic that is sourced from 172.31.235.0/24 will be sent directly to its destination without being scanned or reported.

From the configuration, ACL 100 is used to identify matching packets to be inspected. However, since the ACL 100 configuration is unknown (not displayed), the only conclusion we can draw for sure is that “Traffic matching ACL 100 will be scanned and reported.”

18. Which type of IPS signature detection is used to distract and confuse attackers?

anomaly-based detection
honeypot-based detection
pattern-based detection
policy-based detection

The honeypot-based detection method uses dummy servers to attract attacks. The purpose of the honey pot approach is to distract attacks away from real network devices. After capturing the attack activities on honeypot servers, network administrators can analyze incoming types of attacks and malicious traffic patterns.

Cisco IPS Configuration

19. Refer to the exhibit. What is the result of issuing the Cisco IOS IPS commands on router R1?

All traffic that is denied by the ACL is subject to inspection by the IPS.
A named ACL determines the traffic to be inspected.
A numbered ACL is applied to S0/0/0 in the outbound direction.
All traffic that is permitted by the ACL is subject to inspection by the IPS.

In configuring IOS IPS with the command ip ips, an optional extended or standard ACL can be used to filter the scanned traffic. All traffic that is permitted by the ACL is subject to inspection by the IPS. Traffic that is denied by the ACL is not inspected by the IPS.

20. A system analyst is configuring and tuning a recently deployed IPS appliance. By examining the IPS alarm log, the analyst notices that the IPS does not generate alarms for a few known attack packets. Which term describes the lack of alarms by the IPS?

false positive
false negative
true positive
true negative

The alarms generated by an IPS can be classified into 4 types:
A false positive occurs when an IPS generates an alarm on normal user traffic that should not have triggered an alarm.
A false negative occurs when an IPS fails to generate an alarm after processing attack traffic the IPS is configured to detect.
A true positive occurs when an IPS generates an alarm in response to known attack traffic.
A true negative occurs when normal network traffic does not generate an alarm.

21. Which statement is true about an atomic alert that is generated by an IPS?

It is an alert that is generated every time a specific signature has been found.
It is a single alert sent for multiple occurrences of the same signature.
It is both a normal alarm and a summary alarm being sent simultaneously at set intervals.
It is an alert that is used only when a logging attack has begun.

The two main alert generation mechanisms for IDS/IPS devices are atomic and summary alerts. Atomic alerts are generated every time a signature triggers. With a summary alert, a single atomic alert is generated for the first detection of an attack. Then the duplicate alarms are counted, but not sent, for a specific time period. When it reaches the specified time period, an alert is sent that indicates the number of alarms that occurred during the time interval.

22. What are two shared characteristics of the IDS and the IPS? (Choose two.)

Both are deployed as sensors.
Both analyze copies of network traffic.
Both use signatures to detect malicious traffic.
Both rely on an additional network device to respond to malicious traffic.
Both have minimal impact on network performance.

Both the IDS and the IPS are deployed as sensors and use signatures to detect malicious traffic. The IDS analyzes copies of network traffic, which results in minimal impact on network performance. The IDS also relies on an IPS to stop malicious traffic.

23. A network administrator suspects the default setting of the ip ips notify sdee command has caused performance degradation on the Cisco IOS IPS router. The network administrator enters the ip sdee events 50 command in an attempt to remedy the performance issues. What is the immediate effect of this command?

The newest 50 events from the original buffer are saved and all others are deleted.
The oldest 50 events of the original buffer are deleted.
All events that were stored in the original buffer are saved, while a new buffer is created to store new events.
All events that were stored in the previous buffer are lost.

When sending IPS notification with SDEE format, the buffer on the router stores up to 200 events by default. If a smaller buffer is requested, all stored events are lost. If a larger buffer is requested, all stored events are saved. The default buffer can be altered with the ip sdee events command. All stored events are lost when Cisco SDEE notification is disabled. A new buffer is allocated when the notifications are re-enabled.

That is all the CCNA Security chapter 5 exam questions and answers with description. Please share new CCNA Security Chapter 5 exam questions via the comment section. We will update and share the new CCNA security questions and answers.

Related Queries: CCNA Security chapter 5 exam questions with Answers

CCNA security chapter 5 exam answers
CCNA security pretest exam answers
CCNA security final exam answers 2018
CCNAs chapter 2 exam answers
CCNA security v2 chapter 6 exam answers
Cisco cybersecurity final exam answers
CCNA security v2 chapter 7 exam answers
CCNA security NetAcad

The post CCNA Security Chapter 5 Exam Questions With Answers – Updated appeared first on TECHNIG.

CCNA Security Chapter 4 Exam Questions with Answers – Updated

Shais — Thu, 30 Aug 2018 01:29:07 +0000

The latest update of CCNA Security chapter 4 exam questions and answers are available for review and educational purposes. You can find this questions on netacad CCNA Security chapter 4 exam test.

Please don’t forget to share the CCNA Security chapter 4 exam questions via comment section for keeping this list up-to-date.

CCNA Security Chapter 4 Exam Questions with Answers

1: What is one benefit of using a stateful firewall instead of a proxy server?

prevention of Layer 7 attacks

better performance

ability to perform user authentication

ability to perform packet filtering

CCNA Security Chapter 4 Exam Questions

2: Refer to the exhibit. Which statement describes the function of the ACEs?

These ACEs automatically appear at the end of every IPv6 ACL to allow IPv6 routing to occur.

These ACEs allow for IPv6 neighbor discovery traffic.

These are optional ACEs that can be added to the end of an IPv6 ACL to allow ICMP messages that are defined in object groups named nd-na and nd-ns.

These ACEs must be manually added to the end of every IPv6 ACL to allow IPv6 routing to occur.

3: When an inbound Internet-traffic ACL is being implemented, what should be included to prevent the spoofing of internal networks?

ACEs to prevent SNMP traffic

ACEs to prevent broadcast address traffic

ACEs to prevent ICMP traffic

ACEs to prevent traffic from private address spaces

ACEs to prevent HTTP traffic

4: Which type of packet is unable to be filtered by an outbound ACL?

ICMP packet

multicast packet

broadcast packet

router-generated packet

5: Which command will verify a Zone-Based Policy Firewall configuration?

show protocols

show running-config

show zones

show interfaces

CCNA Security Chapter 4 Exam Questions with Answers

6: Refer to the exhibit. The network “A” contains multiple corporate servers that are accessed by hosts from the Internet for information about the corporation. What term is used to describe the network marked as “A”?

internal network

perimeter security boundary

DMZ

untrusted network

7: A company is deploying a new network design in which the border router has three interfaces. Interface Serial0/0/0 connects to the ISP, GigabitEthernet0/0 connects to the DMZ, and GigabitEthernet/01 connects to the internal private network. Which type of traffic would receive the least amount of inspection (have the most freedom of travel)?

traffic that originates from the public network and that is destined for the DMZ

traffic that is returning from the DMZ after originating from the private network

traffic that is returning from the public network after originating from the private network

traffic that is going from the private network to the DMZ

8: When a Cisco IOS Zone-Based Policy Firewall is being configured via CLI, which step must be taken after zones have been created?

Design the physical infrastructure.

Establish policies between zones.

Assign interfaces to zones.

Identify subsets within zones.

CCNA Security Exam Questions and Answers

9: Refer to the exhibit. If a hacker on the outside network sends an IP packet with source address 172.30.1.50, destination address 10.0.0.3, source port 23, and destination port 2447, what does the Cisco IOS firewall do with the packet?

The initial packet is dropped, but subsequent packets are forwarded.

The packet is forwarded, and no alert is generated.

The packet is forwarded, and an alert is generated.

The packet is dropped.

10: Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table?

ipv6 access-class ENG_ACL in

ipv6 traffic-filter ENG_ACL out

ipv6 traffic-filter ENG_ACL in

ipv6 access-class ENG_ACL out

11: Consider the following access list.

access-list 100 permit ip host 192.168.10.1 any
access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo
access-list 100 permit ip any any

Which two actions are taken if the access list is placed inbound on a router Gigabit Ethernet port that has the IP address 192.168.10.254 assigned? (Choose two.)

Only the network device assigned the IP address 192.168.10.1 is allowed to access the router.

A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this access list assigned.

Devices on the 192.168.10.0/24 network can sucessfully ping devices on the 192.168.11.0 network.

Devices on the 192.168.10.0/24 network are not allowed to reply to any ping requests.

Only Layer 3 connections are allowed to be made from the router to any other network device.

12: In addition to the criteria used by extended ACLs, what conditions are used by a classic firewall to filter traffic?

IP source and destination addresses

TCP/UDP source and destination port numbers

application layer protocol session information

TCP/IP protocol numbers

13: To facilitate the troubleshooting process, which inbound ICMP message should be permitted on an outside interface?

time-stamp request

router advertisement

time-stamp reply

echo request

echo reply

CCNA Security Exam Answers

14: Refer to the exhibit. The ACL statement is the only one explicitly configured on the router. Based on this information, which two conclusions can be drawn regarding remote access network connections? (Choose two.)

SSH connections from the 192.168.2.0/24 network to the 192.168.1.0/24 network are allowed.

Telnet connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are allowed.

Telnet connections from the 192.168.2.0/24 network to the 192.168.1.0/24 network are allowed.

SSH connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are allowed.

Telnet connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are blocked.

SSH connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are blocked.

15: Which two rules about interfaces are valid when implementing a Zone-Based Policy Firewall? (Choose two.)

If neither interface is a zone member, then the action is to pass traffic.

If both interfaces are members of the same zone, all traffic will be passed.

If one interface is a zone member and a zone-pair exists, all traffic will be passed.

If one interface is a zone member, but the other is not, all traffic will be passed.

If both interfaces belong to the same zone-pair and a policy exists, all traffic will be passed.

16: When a Cisco IOS Zone-Based Policy Firewall is being configured, which two actions can be applied to a traffic class? (Choose two.)

hold

copy

forward

log

drop

inspect

17: If the provided ACEs are in the same ACL, which ACE should be listed first in the ACL according to best practice?

permit tcp 172.16.0.0 0.0.3.255 any established

permit udp any any range 10000 20000

deny tcp any any eq telnet

permit ip any any

permit udp 172.16.0.0 0.0.255.255 host 172.16.1.5 eq snmptrap

deny udp any host 172.16.1.5 eq snmptrap

18: What is the function of the pass action on a Cisco IOS Zone-Based Policy Firewall?

tracking the state of connections between zones

inspecting traffic between zones for traffic control

forwarding traffic from one zone to another

logging of rejected or dropped packets

19: A router has been configured as a classic firewall and an inbound ACL applied to the external interface. Which action does the router take after inbound-to-outbound traffic is inspected and a new entry is created in the state table?

When traffic returns from its destination, it is reinspected, and a new entry is added to the state table.

The internal interface ACL is reconfigured to allow the host IP address access to the Internet.

A dynamic ACL entry is added to the external interface in the inbound direction.

The entry remains in the state table after the session is terminated so that it can be reused by the host.

20: Which statement describes a typical security policy for a DMZ firewall configuration?

Traffic that originates from the inside interface is generally blocked entirely or very selectively permitted to the outside interface.

Return traffic from the inside that is associated with traffic originating from the outside is permitted to traverse from the inside interface to the outside interface.

Return traffic from the outside that is associated with traffic originating from the inside is permitted to traverse from the outside interface to the DMZ interface.

Traffic that originates from the outside interface is permitted to traverse the firewall to the inside interface with few or no restrictions.

Traffic that originates from the DMZ interface is selectively permitted to the outside interface.

21: A network administrator is implementing a Classic Firewall and a Zone-Based Firewall concurrently on a router. Which statement best describes this implementation?

A Classic Firewall and Zone-Based Firewall cannot be used concurrently.

The two models cannot be implemented on a single interface.

An interface must be assigned to a security zone before IP inspection can occur.

Both models must be implemented on all interfaces.

22: What is one limitation of a stateful firewall?

poor log information

cannot filter unnecessary traffic

weak user authentication

not as effective with UDP- or ICMP-based traffic

23: Which security tool monitors network traffic as it flows into and out of the organization and determines whether packets belong to an existing connection or are from an unauthorized source?

web security appliance

application proxy

stateful firewall

intrusion protection system

That’s all the updated CCNA Security chapter 4 exam questions and answers you need to review and test to learn more about CCNA security chapter 4 exam questions.

Related Questions: CCNA Security chapter 4 exam questions and answers

CCNA security chapter 4 exam answers
CCNA security chapter 4 exam answers 2018
CCNA security final exam answers 2018
CCNAs chapter 2 exam answers
The inspect action in a cisco ios zone-based policy firewall configures cisco ios packet inspection.
CCNA security netacad
CCNA security chapter 5 exam answers 2018
A Cisco ids does not affect the flow of traffic when it operates in promiscuous mode.

The post CCNA Security Chapter 4 Exam Questions with Answers – Updated appeared first on TECHNIG.

CCNA Security Chapter 3 Exam Questions With Answers – Updated

Shais — Wed, 29 Aug 2018 05:57:45 +0000

Looking for CCNA Security Exam Answers? Here you can test and review all updated CCNA Security Chapter 3 exam questions and answers. It is just for educational purposes.

These questions are the latest CCNA security chapter 3 exam questions with answers. Please share the new questions through the comment section. We will reply it with the correct answer.

CCNA Security Chapter 3 Exam Questions and Answers

CCNA Security Chapter 3 Exam Questions With Answers

1: Refer to the exhibit. Which statement describes the configuration of the ports for Server1?

The configuration is using the default ports for a Cisco router.

The configuration will not be active until it is saved and Rtr1 is rebooted.

The configuration of the ports requires 1812 be used for the authentication and the authorization ports.

The ports configured for Server1 on the router must be identical to those configured on the RADIUS server.

2: Which server-based authentication protocol would be best for an organization that wants to apply authorization policies on a per-group basis?

SSH

RADIUS

TACACS+

ACS

3: Why would a network administrator include a local username configuration, when the AAA-enabled router is also configured to authenticate using several ACS servers?

The local username database will provide a backup for authentication in the event the ACS servers become unreachable.

A local username database is required when configuring authentication using ACS servers.

Because ACS servers only support remote user access, local users can only authenticate using a local username database.

Without a local username database, the router will require successful authentication with each ACS server.

4: Which debug command is used to focus on the status of a TCP connection when using TACACS+ for authentication?

debug tacacs accounting

debug aaa authentication

debug tacacs events

debug tacacs

5: What difference exists when using Windows Server as an AAA server, rather than Cisco Secure ACS?

Windows Server only supports AAA using TACACS.

Windows Server uses its own Active Directory (AD) controller for authentication and authorization.

Windows Server cannot be used as an AAA server.

Windows Server requires more Cisco IOS commands to configure.

6: What protocol is used to encapsulate the EAP data between the authenticator and authentication server performing 802.1X authentication?

MD5

RADIUS

SSH

TACACS+

7: Which solution supports AAA for both RADIUS and TACACS+ servers?

Implement Cisco Secure Access Control System (ACS) only.

RADIUS and TACACS+ servers cannot be supported by a single solution.

Implement both a local database and Cisco Secure Access Control System (ACS).

Implement a local database.

8: What is a characteristic of TACACS+?

TACACS+ is backward compatible with TACACS and XTACACS.

TACACS+ uses UDP port 1645 or 1812 for authentication, and UDP port 1646 or 1813 for accounting.

TACACS+ provides authorization of router commands on a per-user or per-group basis.

TACACS+ is an open IETF standard.

9: Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this?

accessibility

authorization

authentication

auditing

accounting

10: When a method list for AAA authentication is being configured, what is the effect of the keyword local?

The login succeeds, even if all methods return an error.

It uses the enable password for authentication.

It accepts a locally configured username, regardless of case.

It defaults to the vty line password for authentication.

11: Why is authentication with AAA preferred over a local database method?

It uses less network bandwidth.

It requires a login and password combination on the console, vty lines, and aux ports.

It provides a fallback authentication method if the administrator forgets the username or password.

It specifies a different password for each line or port.

12: Which component of AAA allows an administrator to track individuals who access network resources and any changes that are made to those resources?

accounting

accessibility

authentication

authorization

13: What is a characteristic of AAA accounting?

Accounting can only be enabled for network connections.

Users are not required to be authenticated before AAA accounting logs their activities on the network.

Accounting is concerned with allowing and disallowing authenticated users access to certain areas and programs on the network.

Possible triggers for the aaa accounting exec default command include start-stop and stop-only.

14: A user complains about being locked out of a device after too many unsuccessful AAA login attempts. What could be used by the network administrator to provide a secure authentication access method without locking a user out of a device?

Use the login delay command for authentication attempts.

Use the none keyword when configuring the authentication method list.

Use the aaa local authentication attempts max-fail global configuration mode command with a higher number of acceptable failures.

Use the login local command for authenticating user access.

15: What device is considered a supplicant during the 802.1X authentication process?

the switch that is controlling network access

the client that is requesting authentication

the router that is serving as the default gateway

the authentication server that is performing client authentication

16: Which two features are included by both TACACS+ and RADIUS protocols? (Choose two.)

password encryption

separate authentication and authorization processes

802.1X support

SIP support

utilization of transport layer protocols

17: Which characteristic is an important aspect of authorization in an AAA-enabled network device?

The authorization feature enhances network performance.

User access is restricted to certain services.

A user must be identified before network access is granted.

User actions are recorded for use in audits and troubleshooting events.

CCNA Security Chapter 3 Exam Questions With Answers – Updated

18: Refer to the exhibit. Router R1 has been configured as shown, with the resulting log message. On the basis of the information that is presented, which two statements describe the result of AAA authentication operation? (Choose two.)

The locked-out user stays locked out until the clear aaa local user lockout username Admin command is issued.

The locked-out user failed authentication.

The locked-out user stays locked out until the interface is shut down then re-enabled.

The locked-out user should have used the username admin and password Str0ngPa55w0rd.

The locked-out user is locked out for 10 minutes by default.

19: True or False? The single-connection keyword prevents the configuration of multiple TACACS+ servers on a AAA-enabled router.

true

false

20: What is the result of entering the aaa accounting network command on a router?

The router outputs accounting data for all outbound connections such as SSH and Telnet.

The router collects and reports usage data related to network-related service requests.

The router provides data for only internal service requests.

The router outputs accounting data for all EXEC shell sessions.

21: Which authentication method stores usernames and passwords in the router and is ideal for small networks?

local AAA

server-based AAA over TACACS+

server-based AAA

local AAA over TACACS+

local AAA over RADIUS

server-based AAA over RADIUS

22: A user complains about not being able to gain access to a network device configured with AAA. How would the network administrator determine if login access for the user account is disabled?

Use the show aaa user command.

Use the show aaa local user lockout command .

Use the show aaa sessions command .

Use the show running-configuration command .

23: When using 802.1X authentication, what device controls physical access to the network, based on the authentication status of the client?

the supplicant

the authentication server

the switch that the client is connected to

the router that is serving as the default gateway

That’s all the latest CCNA Security chapter 3 exam questions and answers. Please share the new CCNA Security exam questions via the comment section.

Related Questions:

CCNA security chapter 3 exam answers 2018
CCNA security 2.0 hands-on skills exam
CCNA security chapter 3 exam answers
CCNA Security exam questions and answers pdf
CCNA security v2.0 exam answers
CCNA security final exam packet tracer
Which solution supports aaa for both radius and tacacs+ servers?
What is a characteristic of aaa accounting?
CCNA security final exam answers 2018
CCNA security netacad

The post CCNA Security Chapter 3 Exam Questions With Answers – Updated appeared first on TECHNIG.

CCNA Security Chapter 2 Exam Questions with Answers – Updated

Shais — Wed, 29 Aug 2018 04:28:18 +0000

Here is the all CCNA Security Chapter 2 Exam Questions with answers. It is just for review and educational purposes. You can use this to learn more about CCNA security exam questions and answers. This exam will cover material from Chapter 2 of CCNAS 2.0 of the curriculum.

This exam will be scored using the Weighted Model where each MCSA (Multiple-Choice Single-Answer) is worth two points and each MCMA (Multiple-Choice Multiple-Answer) is worth one point for each correct option. If more options are selected than required, the student will receive a score of zero.

CCNA Security Chapter 2 Exam Questions and Answers

4: A network administrator notices that unsuccessful login attempts have caused a router to enter quiet mode. How can the administrator maintain remote access to the networks even during quiet mode?

Quiet mode behavior can be overridden for specific networks by using an ACL.

Quiet mode behavior can be enabled via an ip access-group command on a physical interface.

Quiet mode behavior will only prevent specific user accounts from attempting to authenticate.

Quiet mode behavior can be disabled by an administrator by using SSH to connect.

5: What is the Control Plane Policing (CoPP) feature designed to accomplish?

manage services provided by the control plane

prevent unnecessary traffic from overwhelming the route processor

direct all excess traffic away from the route processor

disable control plane services to reduce overall traffic

6: What is a characteristic of the Cisco IOS Resilient Configuration feature?

The secure boot-image command works properly when the system is configured to run an image from a TFTP server.

A snapshot of the router running configuration can be taken and securely archived in persistent storage.

Once issued, the secure boot-config command automatically upgrades the configuration archive to a newer version after new configuration commands have been entered.

It maintains a secure working copy of the bootstrap startup program.

7: What is the purpose of using the ip ospf message-digest-key key md5 password command and the area area-id authentication message-digest command on a router?

to enable OSPF MD5 authentication on a per-interface basis

to encrypt OSPF routing updates

to facilitate the establishment of neighbor adjacencies

to configure OSPF MD5 authentication globally on the router

8: If AAA is already enabled, which three CLI steps are required to configure a router with a specific view? (Choose three.)

Assign commands to the view.

Associate the view with the root view.

Create a superview using the parser view view-name command.

Create a view using the parser view view-name command.

Assign a secret password to the view.

Assign users who can use the view.

9: Which two characteristics apply to role-based CLI access superviews? (Choose two.)

A single superview can be shared among multiple CLI views.

Users logged in to a superview can access all commands specified within the associated CLI views.

Deleting a superview deletes all associated CLI views.

A specific superview cannot have commands added to it directly.

CLI views have passwords, but superviews do not have passwords.

10: What is the default privilege level of user accounts created on Cisco routers?

11: Which three statements describe limitations in using privilege levels for assigning command authorization? (Choose three.)

Views are required to define the CLI commands that each user can access.

There is no access control to specific interfaces on a router.

The root user must be assigned to each privilege level that is defined.

It is required that all 16 privilege levels be defined, whether they are used or not.

Creating a user account that needs access to most but not all commands can be a tedious process.

Commands set on a higher privilege level are not available for lower privilege users.

12: Which three items are prompted for a user response during interactive AutoSecure setup? (Choose three.)

content of a security banner

IP addresses of interfaces

interfaces to enable

services to disable

enable password

enable secret password

13: Which three functions are provided by the syslog logging service? (Choose three.)

retaining captured messages on the router when a router is rebooted

setting the size of the logging buffer

gathering logging information

specifying where captured information is stored

distinguishing between information to be captured and information to be ignored

authenticating and encrypting data sent over the network

14: What command must be issued to enable login enhancements on a Cisco router?

banner motd

privilege exec level

login block-for

15: What is a requirement to use the Secure Copy Protocol feature?

The Telnet protocol has to be configured on the SCP server side.

A transfer can only originate from SCP clients that are routers.

A command must be issued to enable the SCP server side functionality.

At least one user with privilege level 1 has to be configured for local authentication

16: A network engineer is implementing security on all company routers. Which two commands must be issued to force authentication via the password 1A2b3C for all OSPF-enabled interfaces in the backbone area of the company network? (Choose two.)

ip ospf message-digest-key 1 md5 1A2b3C

username OSPF password 1A2b3C

area 1 authentication message-digest

area 0 authentication message-digest

enable password 1A2b3C

17: Which set of commands are required to create a username of admin, hash the password using MD5, and force the router to access the internal username database when a user attempts to access the console?

R1(config)# username admin password Admin01pa55
R1(config)# line con 0
R1(config-line)# login local

R1(config)# username admin Admin01pa55 encr md5
R1(config)# line con 0
R1(config-line)# login local

R1(config)# username admin secret Admin01pa55
R1(config)# line con 0
R1(config-line)# login

R1(config)# username admin password Admin01pa55
R1(config)# line con 0
R1(config-line)# login

R1(config)# username admin secret Admin01pa55
R1(config)# line con 0
R1(config-line)# login local

18: Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode?

Disable all unused ports and interfaces to reduce the number of ways that the router can be accessed.

Provision the router with the maximum amount of memory possible.

Locate the router in a secure locked room that is accessible only to authorized personnel.

Keep a secure copy of the router Cisco IOS image and router configuration file as a backup.

Configure secure administrative control to ensure that only authorized personnel can access the router.

19: Refer to the exhibit. Which statement about the JR-Admin account is true?

JR-Admin can issue debug and reload commands.

JR-Admin can issue show, ping, and reload commands.

JR-Admin can issue ping and reload commands.

JR-Admin can issue only ping commands.

JR-Admin cannot issue any command because the privilege level does not match one of those defined.

20: Which two options can be configured by Cisco AutoSecure? (Choose two.)

security banner

SNMP

enable secret password

interface IP address

syslog

21: The exhibit displays a router prompt, the command show running-config, and the following partial output:

Refer to the exhibit. Based on the output of the show running-config command, which type of view is SUPPORT?

superview, containing SHOWVIEW and VERIFYVIEW views

secret view, with a level 5 encrypted password

CLI view, containing SHOWVIEW and VERIFYVIEW commands

root view, with a level 5 encrypted secret password

22: What occurs after RSA keys are generated on a Cisco router to prepare for secure device management?

The generated keys can be used by SSH.

The general-purpose key size must be specified for authentication with the crypto key generate rsa general-keys moduluscommand.

All vty ports are automatically configured for SSH to provide secure management.

The keys must be zeroized to reset Secure Shell before configuring other parameters.

23: What are two reasons to enable OSPF routing protocol authentication on a network? (Choose two.)

to ensure more efficient routing

to prevent redirection of data traffic to an insecure link

to provide data security through encryption

to prevent data traffic from being redirected and then discarded

to ensure faster network convergence

24: Which three types of views are available when configuring the role-based CLI access feature? (Choose three.)

superuser view

superview

CLI view

admin view

root view

config view

25: An administrator defined a local user account with a secret password on router R1 for use with SSH. Which three additional steps are required to configure R1 to accept only encrypted SSH connections? (Choose three.)

Enable inbound vty Telnet sessions.

Enable inbound vty SSH sessions.

Configure the IP domain name on the router.

Generate two-way pre-shared keys.

Configure DNS on the router.

Generate the SSH keys.

26: What is a characteristic of the MIB?

Information is organized in a flat manner so that SNMP can access it quickly.

The OIDs are organized in a hierarchical structure.

A separate MIB tree exists for any given device in the network.

Information in the MIB cannot be changed.

27: Which three actions are produced by adding Cisco IOS login enhancements to the router login process? (Choose three.)

disable logins from specified hosts

slow down an active attack

automatically provide AAA authentication

create password authentication

permit only secure console access

create syslog messages

28: Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.)

flash security

zone isolation

router hardening

remote access security

operating system security

physical security

Related search:

CCNA security final exam answers 2018
CCNA security chapter 2 exam answers
CCNA security chapter 3 exam answers 2018
CCNA security final exam packet tracer
CCNA security v2.0 skills assessment – b
Cisco cybersecurity final exam answers
What is the default privilege level of user accounts created on Cisco routers?

The post CCNA Security Chapter 2 Exam Questions with Answers – Updated appeared first on TECHNIG.