Cisco CCNA Security Practice Exam Questions - The Cisco ...

Cisco CCN A S e cu r it y P r a ct ice E x a m Q u e st ion s 

Implementing Cisco IOS Network Security (IINS) v1.0 

Th e follow ing Cisco® CCNA S ecurity practice ex am q uestions are based on th e course I m p l e m e n t i n g C i s c o 

I O S N e t w o r k S e c u r i t y ( I I N S ) v 1 . 0 . Th e answ er k ey is on th e last pag e of th is d ocum ent. 

1. W h at is th e g oal of an ov erall security ch alleng e w h en planning a security strateg y ? 

A ) to h ard en all ex terior-facing netw ork com ponents 

B ) to install firew alls at all critical points in th e netw ork 

C) to find a balance betw een th e need to open netw ork s to support ev olv ing business req uirem ents 

and th e need to inform 

D ) to ed ucate em ploy ees to be on th e look out for suspicious beh av ior 

2. W h ich th reats are th e m ost serious? 

A ) insid e th reats 

B ) outsid e th reats 

C) unk now n th reats 

D ) reconnaissance th reats 

3. Netw ork security aim s to prov id e w h ich th ree k ey serv ices? ( Ch oose th ree.) 

A ) d ata integ rity 

B ) d ata strateg y 

C) d ata and sy stem av ailability 

D ) d ata m ining 

E ) d ata storag e 

F ) d ata confid entiality 

4. W h ich option is th e term for a w eak ness in a sy stem or its d esig n th at can be ex ploited by a th reat? 

A ) a v ulnerability 

B ) a risk 

C) an ex ploit 

D ) an attack 

1 C i s c o C C N A S e c u r i t y P r a c t i c e E x a m Q u e s t i o n s © 20 0 9 C i s c o S y s t e m s , I n c .

5. W h ich option is th e term for th e lik elih ood th at a particular th reat using a specific attack w ill ex ploit a 

particular v ulnerability of a sy stem th at results in an und esirable conseq uence? 


B ) a risk 


D ) an attack 

6. W h ich option is th e term for w h at h appens w h en com puter cod e is d ev eloped to tak e ad v antag e of a 

v ulnerability ? F or ex am ple, suppose th at a v ulnerability ex ists in a piece of softw are, but nobod y k now s 

about th is v ulnerability . 


B ) a risk 


D ) an attack 

7. W h at is th e first step y ou sh ould tak e w h en consid ering securing y our netw ork ? 

A ) I nstall a firew all. 

B ) I nstall an intrusion prev ention sy stem . 

C) U pd ate serv ers and user PCs w ith th e latest patch es. 

D ) D ev elop a security policy . 

8. W h ich option is a k ey principle of th e Cisco S elf-D efend ing Netw ork strateg y ? 

A ) S ecurity is static and sh ould prev ent m ost k now n attack s on th e netw ork . 

B ) Th e self-d efend ing netw ork sh ould be th e k ey point of y our security policy . 

C) I nteg rate security th roug h out th e ex isting infrastructure. 

D ) U pper m anag em ent is ultim ately responsible for policy im plem entation. 

9. W h ich th ree options are areas of router security ? ( Ch oose th ree.) 

A ) ph y sical security 

B ) access control list security 

C) zone-based firew all security 

D ) operating sy stem security 

E ) router h ard ening 

F ) Cisco I O S -I PS security 


10 . Y ou h av e sev eral operating g roups in y our enterprise th at req uire d iffering access restrictions to th e 

routers to perform th eir j ob roles. Th ese g roups rang e from H elp D esk personnel to ad v anced 

troublesh ooters. W h at is one m eth od olog y for controlling access rig h ts to th e routers in th ese situations? 

A ) config ure A CL s to control access for th e d ifferent g roups 

B ) config ure m ultiple priv ileg e lev el access 

C) im plem ent sy slog g ing to m onitor th e activ ities of th e g roups 

D ) config ure TA CA CS + to perform scalable auth entication 

11. W h ich of th ese options is a G U I tool for perform ing security config urations on Cisco routers? 

A ) S ecurity A ppliance D ev ice M anag er 

B ) Cisco CL I Config uration M anag em ent Tool 

C) Cisco S ecurity D ev ice M anag er 

D ) Cisco S ecurity M anag er 

12. W h en im plem enting netw ork security , w h at is an im portant config uration task th at y ou sh ould perform 

to assist in correlating netw ork and security ev ents? 

A ) Config ure Netw ork Tim e Protocol. 

B ) Config ure sy nch ronized sy slog reporting . 

C) Config ure a com m on repository of all netw ork ev ents for ease of m onitoring . 

D ) Config ure an autom ated netw ork m onitoring sy stem for ev ent correlation. 

13. W h ich of th ese options is a Cisco I O S feature th at lets y ou m ore easily config ure security features on 

y our router? 

A ) Cisco S elf-D efend ing Netw ork 

B ) im plem enting A A A com m and auth orization 

C) th e a u t o s e c u r e CL I com m and 

D ) perform ing a security aud it v ia S D M 

14. W h ich th ree of th ese options are som e of th e best practices w h en y ou im plem ent an effectiv e firew all 

security policy ? ( Ch oose th ree.) 

A ) Position firew alls at strateg ic insid e locations to h elp m itig ate insid e nontech nical attack s. 

B ) Config ure log g ing to capture all ev ents for forensic purposes. 

C) U se firew alls as a prim ary security d efense; oth er security m easures and d ev ices sh ould be 

im plem ented to enh ance y our netw ork security . 

D ) Position firew alls at k ey security bound aries. 

E ) D eny all traffic by d efault and perm it only necessary serv ices. 


15. W h ich statem ent is true w h en config uring access control lists ( A CL s) on a Cisco router? 

A ) A CL s filter all traffic th roug h and sourced from th e router. 

B ) A pply th e A CL to th e interface prior to config uring access control entries to ensure th at controls are 

applied im m ed iately upon config uration. 

C) A n “ im plicit d eny ” is applied to th e start of th e A CL entry by d efault. 

D ) O nly one A CL per protocol, per d irection, and per interface is allow ed . 

16. W h ich option correctly d efines asy m m etric encry ption? 

A ) uses th e sam e k ey s to encry pt and d ecry pt d ata 

B ) uses M D 5 h ash ing alg orith m s for d ig ital sig nag e encry ption 

C) uses d ifferent k ey s to encry pt and d ecry pt d ata 

D ) uses S H A -1 h ash ing alg orith m s for d ig ital sig nag e encry ption 

17. W h ich option is a d esirable feature of using sy m m etric encry ption alg orith m s? 

A ) Th ey are often used for w ire-speed encry ption in d ata netw ork s. 

B ) Th ey are based on com plex m ath em atical operations and can easily be accelerated by h ard w are. 

C) Th ey offer sim ple k ey m anag em ent properties. 

D ) Th ey are best used for one-tim e encry ption need s. 

18. W h ich option is true of using cry ptog raph ic h ash es? 

A ) Th ey are easily rev ersed to d eciph er th e m essag e contex t. 

B ) Th ey conv ert arbitrary d ata into a fix ed -leng th d ig est. 

C) Th ey are based on a tw o-w ay m ath em atical function. 

D ) Th ey are used for encry pting bulk d ata com m unications. 

19. W h ich option is true of intrusion prev ention sy stem s? 

A ) Th ey operate in prom iscuous m od e. 

B ) Th ey operate in inline m od e. 

C) Th ey h av e no potential im pact on th e d ata seg m ent being m onitored . 

D ) Th ey are m ore v ulnerable to ev asion tech niq ues th an I D S . 

20 . W h ich statem ent is true w h en using zone-based firew alls on a Cisco router? 

A ) Policies are applied to traffic m ov ing betw een zones, not betw een interfaces. 

B ) Th e firew alls can be config ured sim ultaneously on th e sam e interface as classic CB A C using th e i p 

i n s p e c t CL I com m and . 

C) I nterface A CL s are applied before zone-based policy firew alls w h en th ey are applied outbound . 

D ) W h en config ured w ith th e “ PA S S ” action, stateful inspection is applied to all traffic passing betw een 

th e config ured zones. 


C C N A S e c u r i t y P r a c t i c e Q u e s t i o n s A n s w e r K e y 

1. C 

2. A 

3. A , C, F 

4. A 

5. B 

6. C 

7. D 

8. C 

9. A , D , E 

10 . B 

11. C 

12. A 

13. C 

14. C, D , E 

15. D 

16. C 

17. A 

18. B 

19. B 

20 . A

Cisco CCNA Security Practice Exam Questions - The Cisco ...

Create successful ePaper yourself

Delete template?

Save as template?