In this post, i will share answer for Chapter 10 Test CCNA Security. All the questions in this post is based on CCNAS v1.1. The answers provided in this post has been verified to be 100% correct. I hope it will be a good material and guide for answering CCNA Security Chapter Test.
In what three ways do the 5505 and 5510 Adaptive Security Appliances differ? (Choose three.)
in the method by which they can be configured using either CLI or ASDM
in their compatibility with Cisco SecureX technology
in the maximum traffic throughput supported
in the number of interfaces
in operating system version support
in types of interfaces
Which three security features do ASA models 5505 and 5510 support by default? (Choose three.)
content security and control module
Cisco Unified Communications (voice and video) security
intrusion prevention system
stateful firewall
VPN concentrator
Zone-Based Policy Firewall
Which option lists the ASA adaptive security algorithm session management tasks in the correct order?
1) allocating NAT translations (xlates)
2) establishing sessions in the “fast path”
3) performing route lookups
4) performing the access list checks
1) establishing sessions in the “fast path”
2) performing the access list checks
3) allocating NAT translations (xlates)
4) performing route lookups
1) performing route lookups
2) establishing sessions in the “fast path”
3) allocating NAT translations (xlates)
4) performing the access list checks
1) performing route lookups
2) allocating NAT translations (xlates)
3) performing the access list checks
4) establishing sessions in the “fast path”
1) performing the access list checks
2) performing route lookups
3) allocating NAT translations (xlates)
4) establishing sessions in the “fast path”
When the ASA recognizes that the incoming packets are part of an already established connection, which three fast path tasks are executed? (Choose three.)
adjusting Layer 3 and Layer 4 headers
allocating NAT translations (xlates)
performing IP checksum verification
performing route lookups
performing TCP sequence number checks
performing the access list checks
What are three characteristics of ASA transparent mode? (Choose three.)
This mode does not support VPNs, QoS, or DHCP Relay.
The interfaces of the ASA separate Layer 3 networks and require IP addresses in different subnets.
It is the traditional firewall deployment mode.
NAT can be implemented between connected networks.
This mode is referred to as a “bump in the wire.”
In this mode the ASA is invisible to an attacker.
Refer to the exhibit. Which three sets of configuration commands were entered on the ASA 5505? (Choose three.)
interface e0/0
nameif outside
security-level 0
ip address 209.165.200.226 255.255.255.248
no shut
interface e0/0
switchport access vlan 2
no shut
exit
interface vlan 2
nameif outside
security-level 0
ip address 209.165.200.226 255.255.255.248
ip route 0.0.0.0 0.0.0.0 209.165.200.225
route inside 0.0.0.0 0.0.0.0 209.165.200.225
route outside 0.0.0.0 0.0.0.0 209.165.200.225
Refer to the exhibit. According to the exhibited command output, which three statements are true about the DHCP options entered on the ASA 5505? (Choose three.)
The dhcpd auto-config outside command was issued to enable the DHCP client.
The dhcpd address [start-of-pool]-[end-of-pool] inside command was issued to enable the DHCP client.
The dhcpd enable inside command was issued to enable the DHCP client.
The dhcpd auto-config outside command was issued to enable the DHCP server.
The dhcpd address [start-of-pool]-[end-of-pool] inside command was issued to enable the DHCP server.
The dhcpd enable inside command was issued to enable the DHCP server.
Which three wizards are included in Cisco ASDM 6.4? (Choose three.)
ADSL Connection wizard
Advanced Firewall wizard
High Availability and Scalability wizard
Security Audit wizard
Startup wizard
VPN wizard
Refer to the exhibit. What will be displayed in the output of the show running-config object command after the exhibited configuration commands are entered on an ASA 5505?
host 192.168.1.3
host 192.168.1.4
range 192.168.1.10 192.168.1.20
host 192.168.1.3 and host 192.168.1.4
host 192.168.1.4 and range 192.168.1.10 192.168.1.20
host 192.168.1.3, host 192.168.1.4, and range 192.168.1.10 192.168.1.20
Refer to the exhibit. Which ASDM menu sequence would be required to configure Telnet or SSH AAA authentication using a TACACS server first or the local device user database if the TACACS server authentication is unavailable?
Configuration > Device Management > Management Access > ASDM/HTTPS/Telnet/SSH
Configuration > Device Management > Management Access > Management Interface
Configuration > Device Management > Users/AAA > AAA Access
Configuration > Device Management > Users/AAA > AAA Server Group
Configuration > Device Management > Users/AAA > User Accounts
Which option lists the four steps to configure the Modular Policy Framework on an ASA?
1) Configure a policy map to apply actions to the identified traffic.
2) Configure a service policy to identify which interface should be activated for the service.
3) Configure extended ACLs to identify specific granular traffic. This step may be optional.
4) Configure the class map to define interesting traffic.
1) Configure a service policy to identify which interface should be activated for the service.
2) Configure extended ACLs to identify specific granular traffic. This step may be optional.
3) Configure the class map to define interesting traffic.
4) Configure a policy map to apply actions to the identified traffic.
1) Configure extended ACLs to identify specific granular traffic. This step may be optional.
2) Configure the class map to define interesting traffic.
3) Configure a policy map to apply actions to the identified traffic.
4) Configure a service policy to identify which interface should be activated for the service.
1) Configure extended ACLs to identify specific granular traffic. This step may be optional.
2) Configure the class map to define interesting traffic.
3) Configure a service policy to identify which interface should be activated for the service.
4) Configure a policy map to apply actions to the identified traffic.
Which three types of remote access VPNs are supported on ASA devices? (Choose three.)
Clientless SSL VPN using the Cisco AnyConnect Client
Clientless SSL VPN using a web browser
IPsec (IKEv1) VPN using the Cisco VPN Client
IPsec (IKEv1) VPN using a web browser
SSL or IPsec (IKEv2) VPN using the Cisco AnyConnect Client
SSL or IPsec (IKEv2) VPN using the Cisco VPN Client
Which three components must be configured when implementing a clientless SSL VPN on an ASA 5505 device? (Choose three.)
bookmark lists
client address assignment
client images
connection profile name
group policy
NAT exemption rules
VPN protocol (SSL or IPsec or both)
Which three components must be configured when implementing a client-based SSL VPN
on an ASA 5505 device? (Choose three.)
bookmark lists
client address assignment
client image
DHCP pools
group policy
SSL or IPsec
Refer to the exhibit. A remote host is connecting to an ASA 5505 via a VPN connection. Once authenticated, the host displays the highlighted system tray icon. On the basis of the information that is presented, what three assumptions can be made? (Choose three.)
The host web browser window is displaying the ASA SSL web portal webpage containing bookmarks.
The host has connected to the ASA via a client-based SSL VPN connection.
The host is connected via the AnyConnect VPN client.
The host is connected via the Cisco VPN client.
Using the ipconfig command on the host displays one IP address from the originating network.
Using the ipconfig command on the host displays an IP address from the originating network and an IP address for the VPN connection.
Refer to the exhibit. An administrator has entered the indicated commands on an ASA 5505. Based on the information presented, what type of remote access VPN has the administrator configured?
a clientless SSL VPN via the Cisco AnyConnect Client
a clientless SSL VPN via a web browser
an IPsec (IKEv1) VPN via the Cisco VPN Client
an IPsec (IKEv1) VPN via a web browser
an SSL or IPsec (IKEv2) VPN via the Cisco AnyConnect Client
an SSL or IPsec (IKEv2) VPN via a Cisco VPN Client
Which Cisco ASDM menu sequence would be used to edit a client-based AnyConnect SSL VPN configuration?
Configuration > Remote Access VPN > Advanced
Configuration > Remote Access VPN > Clientless SSL VPN Access
Configuration > Remote Access VPN > Easy VPN Remote
Configuration > Remote Access VPN > Network (Client) Access
Monitoring > VPN > VPN Sessions
Monitoring > VPN > Clientless SSL VPN
Which three components must be configured when using the Site-to-Site VPN Connection Setup wizard in ASDM? (Choose three.)
authentication method
bookmarks
crypto maps
encryption algorithms
GRE tunnel specifications
IKE version
An administrator has successfully configured a site-to-site VPN on an ASA 5505. Which ASDM menu sequence displays the number of packets encrypted, decrypted, and security association requests?
Configuration > Site-to-Site VPN > Advanced
Configuration > Site-to-Site VPN > Connection Profiles
Configuration > Site-to-Site VPN > Group Policies
Monitoring > VPN > VPN Statistics > Crypto Statistics
Monitoring > VPN > VPN Statistics > Encryption Statistics
Monitoring > VPN > VPN Statistics > Sessions
Which two statements correctly describe the ASA as an advanced stateful firewall? (Choose two.)
An ASA uses the Zone-Based Firewall feature and tracks the state of the TCP or UDP network connections that are traversing the network.
In routed mode, an ASA can support two or more Layer 3 interfaces.
In routed mode, an ASA requires a management IP address that is configured in global configuration mode.
In transparent mode, each interface has an associated security level.
The first packet of a flow examined by an ASA goes through the session management path.
All the answers for CCNA Security Chapter 10 Test discussed above should be 100% correct. However, if you found any error, mistake or correction, please do not hesitate to leave comment below. We also do appreciate new questions or latest version for any question set if you want to share with all of us. I hope, the knowledge that you shared will benefits all of us.
Credits: All the questions and answers in this chapter test contribute by Xase. All credit goes to him.
I found these answers very helpful in my studying for the upcoming exam. Please keep posting, you just saved a diploma.
100 %
Admin please post / share a link for the CCNAS final online exam ASAP.
New Question!
Which three components must be configured when implementing a client-based SSL VPN on an ASA 5505 device? (Choose three.)
bookmark lists
client address assignment
*client image
*DHCP pools
group policy
*SSL or IPsec
One of my answear is wrong!!!
Which three components must be configured when implementing a client-based SSL VPN on an ASA 5505 device? (Choose three.)
bookmark lists
*client address assignment
*client image
DHCP pools
group policy
*SSL or IPsec
100% correct!
Which three components must be configured when implementing a client-based SSL VPN on an ASA 5505 device? (Choose three.)
client address assignment
client image
SSL or IPsec
100% correct!
In v1.2 the question “Which three security features do ASA models 5505 and 5510 support by default? (Choose three.)” appears in chapter 9 exam.
Hi Jaime, do you mind to share the answer options? is this on chapter 9 or 10?
In v1.2 the question “Which three components must be configured when implementing a clientless SSL VPN on an ASA 5505 device? (Choose three.)” also appears in chapter 9 exam.
V1.2. The question “When the ASA recognizes that the incoming packets are part of an already established connection, which three fast path tasks are executed? (Choose three.)” is in chapter 9 exam.
In v1.2, the question “Refer to the exhibit. Which three sets of configuration commands were entered on the ASA 5505? (Choose three.)” in in chapter 9 exam.
Question “Which option lists the ASA adaptive security algorithm session management tasks in the correct order?” is in v1.2 chapter 9 exam.
Noted. Thanks.. Linked from chapter 9
I’m currently about to undertake the CCNA Security 1.2 Final exam and would be incredibly grateful if you could provide final exam questions that will be included within the test. Please email me at [email protected]
Also, here’s a list of compiled answers taken from the most recent Chapter 10 – 1.2 test.
What security task is relevant in the disposition phase of the SDLC?
• ensuring that security plans are designed, developed, and implemented
• identifying the protection requirements for systems through a formal risk assessment process
• defining the levels of potential impact on an organization from a security breach
• Ensuring the data is deleted, erased and overwritten (Correct answer)
A network security manager has been tasked with supporting some staff to work from home on a part time basis. What Cisco Secure access product will allow this manager to provide secure, manageable voice and video services to this group of personnel?
Cisco AnyConnect
Cisco Identity Services Engine
Cisco NAC Appliance
Cisco Secure Access Control System
Cisco Virtual Office (Correct answer)
A network manager has presented to upper management that the threat of fire in the data center has an exposure factor of 70 percent. What does this mean?
• There is a 70 percent chance of a fire in the data center
• 70 percent of the devices in the data center do not have fire resistance coverage.
• 70 percent of the data center area has a high risk of fire.
• 70 percent of all data center equipment would be destroyed if there were a fire. (Correct answer)
Why would an organization perform a quantitative risk analysis for network security threats?
• so that the organization can focus resources where they are most needed (Correct answer)
• so that the organization knows the top areas where network security holes exist
• so that management can determine the number of network devices needed to inspect, analyze, and protect the corporate resources
• so that management has documentation about the number of security attacks that have occurred within a particular time period
In quantitative risk analysis, what term is used to represent the degree of destruction that would occur if an event took place?
• annualized loss expectancy
• annualized rate of occurrence
• single loss expectancy
• exposure factor (Correct answer)
Using quantitative risk analysis, what is the annualized loss expectancy to an organization of an event that has single loss expectancy of $500,000 and a annualized rate of occurrence of .03?
• $1500
• $6000
• $15,000 (Correct answer)
• $1,500,000
What component of the Cisco SecureX architecture automatically deploys security rules to Cisco devices?
• delivery mechanism
• policy management console
• scanning engine
• SIO (Correct answer)
A network security manager has been tasked with supporting some staff to work from home on a part time basis. What Cisco Secure access product will allow this manager to provide secure, manageable voice and video services to this group of personnel?
• Cisco AnyConnect
• Cisco Identity Services Engine
• Cisco NAC Appliance
• Cisco Secure Access Control System
• Cisco Virtual Office (Correct answer)
A new network manager at a small company is presented with a list from the technician who is responsible for server backups. The technician provides the following list of current practices.
Blank media is always used.
Server backups are performed on a weekly basis.
Only three people (the technician, a peer, and the supervisor of the technician) have rights to perform the backups.
The technician stores the backups in a fire-proof safe in the wiring closet.
Twice a month, the technician and supervisor take a separate backup copy to a secure off-site location.
Which practice would it be best to modify in order to improve this process so it is in accordance with recommended best practices for a secure backup program?
• Media can be rotated.
• Backups should be done on a more frequent basis.
• Only one person is needed to store the off-site copy.
• Two people should securely store the on-site backup media. (Correct answer)
• More people should have rights to perform the backups.
How does network scanning help assess operations security?
• It can log abnormal activity.
• It can detect weak or blank passwords.
• It can detect open TCP ports on network systems. (Correct answer)
• It can simulate attacks from malicious sources.
What are the three security tasks related to the disposition phase of the system development life cycle? (Choose three.)
• information preservation (Correct answer)
• preliminary risk assessment
• media sanitation (Correct answer)
• hardware and software disposal (Correct answer)
• security cost considerations
• continuous monitoring
What is the objective of the governing policy in the security policy hierarchy structure?
• It covers all rules pertaining to information security that end users should know about and follow.
• It defines system and issue-specific policies that describe what the technical staff does.
• It provides general policies on how the technical staff should perform security functions.
• It outlines the company’s overall security goals for managers and technical staff. (Correct answer)
(________) analysis is used to estimate the probability and severity of threats to a system.
Correct Answer: Risk
Hi Jordan,
Thanks for your effort.
However, chapter 10 v1.2 has already been published 2 days ago. Please find the post on menu navigation on top or at sidebar.
Also, we already post final exam ccna security v1.2
Thanks
Which two statements are true about ASA standard ACLs? (Choose two.)
They specify both the source and destination MAC address.
They are applied to interfaces to control traffic.
They are the most common type of ACL.
>>>>>They are typically only used for OSPF routes.<<<<<>>>>They identify only the destination IP address.<<<<<
sorry, wrong test. This one is on chpt 9
Hi, thanks. yes.. question exist on chapter 9 test