Answer CCNA Security Chapter 9 Test – CCNAS v1.1

In this post, i will share the answer for CCNA Security Chapter 9 Test. The answers discussed below has been claimed to be 100% correct. All the questions are based on CCNAS v1.1. Hopefully, the questions and answers provided below will be a good reference for all of us.

 

In which phase of the system development life cycle should security requirements be addressed?

Add security requirements during the initiation phase.

Include a minimum set of security requirements at each phase.

Apply critical security requirements during the implementation phase.

Implement the majority of the security requirements at the acquisition phase.

 

Which type of analysis uses a mathematical model that assigns a monetary figure to the value of assets, the cost of threats being realized, and the cost of security implementations?

Qualitative Risk Analysis

Quantitative Risk Analysis

Qualitative Asset Analysis

Quantitative Continuity Analysis

 

Which term describes a completely redundant backup facility, with almost identical equipment to the operational facility, that is maintained in the event of a disaster?

backup site

cold site

hot site

reserve site

 

Which network security test requires a network administrator to launch an attack within the network?

network scan

password crack

penetration test

vulnerability scan

 

Which three documents comprise the hierarchical structure of a comprehensive security policy for an organization? (Choose three.)

backup policy

server policy

incident policy

governing policy

end-user policy

technical policy

 

Which three detailed documents are used by security staff for an organization to implement the security policies? (Choose three.)

asset inventory

best practices

guidelines

procedures

risk assessment

standards

 

What are the two major components of a security awareness program? (Choose two.)

awareness campaign

security policy development

security solution development

self-defending network implementation

training and education

 

When an organization implements the two-person control principle, how are tasks handled?

A task requires two individuals who review and approve the work of each other.

A task is broken down into two parts, and each part is assigned to a different individual.

A task must be completed twice by two operators who must achieve the same results.

A task is rotated among individuals within a team, each completing the entire task for a specific amount of time.

 

Which component of the security policy lists specific websites, newsgroups, or bandwidth-intensive applications that are not allowed on the company network?

remote access policies

acceptable use policies

incident handling procedures

identification and authentication policies

 

Which security document includes implementation details, usually with step-by-step instructions and graphics?

guideline document

standard document

procedure document

overview document

 

Which option describes ethics?

Ethics is a standard that is higher than the law.

Ethics involves government agencies enforcing regulations.

Ethics compliance is the basis for setting security policies.

Ethics deals with criminal law and monetary compensation.

 

In the Cisco SecureX architecture, which component is considered the workhorse of policy enforcement?

next-generation endpoint

policy management console

scanning engine

Security Intelligence Operations

 

Which development has contributed most to the growing demand for a borderless network?

consumer endpoints

DMZ services

corporate managed laptops

personal firewall software

 

Which aspect of a scanning element is able to determine a security policy to apply based on information such as the person using the device, the location of the device, and the application being used?

context awareness

perimeter awareness

centralized enforcement

perimeter deployment

 

A company is considering implementing the Cisco SecureX security architecture. What is the purpose of Cisco TrustSec?

It is a technology that implements packet tagging to allow security elements to share information from scanning elements.

It is a large cloud-based security ecosystem with global correlation.

It is a stand-alone appliance managed from a central policy console.

It is a perimeter-based, stand-alone network scanning device.

 

Which statement about network security within the SecureX architecture is true?

It is located closer to the end user.

It is implemented in the network core.

It is enforced in a highly centralized structure.

It is managed by a single policy.

 

Which Cisco SecureX product family would be primarily responsible for detecting and blocking attacks and exploits, while preventing intruder access?

secure e-mail and web

secure access

secure mobility

secure data center

secure network

 

Which SecureX product family would include Cisco AnyConnect?

secure network

secure e-mail and web

secure access

secure mobility

secure data center

 

If a web browser is to be used, and not a hardware or software-based client, which Cisco solution is best for establishing a secure VPN connection?

VPN Services for Cisco ASA Series

Cisco Adaptive Wireless IPS Software

Cisco AnyConnect Secure Mobility Solutions

Cisco Virtual Security Gateway

 

Which Cisco secure access solution can be used to determine if hosts are compliant with security policies?

Network Admission Control Appliance

Cisco Secure Access Control System

Cisco AnyConnect Secure Mobility Solutions

Cisco Adaptive Wireless IPS Software

 

What protocol is used by SCP for secure transport?

IPSec

HTTPS

SSH

Telnet

TFTP

 

If you unable to achieve 100% mark for this CCNA Security Chapter 9 Test following all questions and answers given above please leave your comment below. We do appreciate any correction you provided or any new and updated questions. With all the knowledge that we shared, hopefully it will benefits all of us.

Credit: All questions and answers for CCNA Security Chapter 9 provided by Xase. All credits goes to him.

 

CCNA Security Chapter 9 v1.2

 

[by John]

A network engineer is using a Cisco ASA as a proxy device to provide remote secure access to a company web server. What technology is being used?

Cisco AnyConnect Secure Mobility Client with SSL

Cisco Secure Mobility Clientless SSL VPN

Cisco VPN Client

generic routing encapsulation tunnel using Ipsec

 

What is a characteristic of ASA security levels?​

The lower the security level on an interface, the more trusted the interface.

An ACL needs to be configured to explicitly permit traffic from an interface with a lower security level to an interface with a higher security level.

Each operational interface must have a name and be assigned a security level from 0 to 200.

Inbound traffic is identified as the traffic moving from an interface with a higher security level to an interface with a lower security level.

 

Refer to the exhibit. Two types of VLAN interfaces were configured on an ASA 5505 with a Base license. The administrator wants to configure a third VLAN interface with limited functionality. Which action should be taken by the administrator to configure the third interface?

The administrator needs to acquire the Security Plus license, because the Base license does not support the proposed action.

The administrator configures the third VLAN interface the same way the other two were configured, because the Base license supports the proposed action.​

The administrator must enter the no forward interface vlan command before the nameif command on the third interface.

Because the ASA 5505 does not support the configuration of a third interface, the administrator cannot configure the third VLAN.​

 

What command defines a DHCP pool that uses the maximum number of DHCP client addresses available on an ASA 5505 that is using the Base license?

CCNAS-ASA(config)# dhcpd address 192.168.1.10-192.168.1.100 inside​

CCNAS-ASA(config)# dhcpd address 192.168.1.25-192.168.1.56 inside

CCNAS-ASA(config)# dhcpd address 192.168.1.20-192.168.1.50 inside​

CCNAS-ASA(config)# dhcpd address 192.168.1.30-192.168.1.79 inside

 

Which statement describes the function provided to a network administrator who uses the Cisco Adaptive Security Device Manager (ASDM) GUI that runs as a Java Web Start application?

The administrator can connect to and manage multiple ASA devices, Cisco routers, and Cisco switches.

The administrator can connect to and manage multiple ASA devices.

The administrator can connect to and manage multiple ASA devices and Cisco routers.

The administrator can connect to and manage a single ASA.

 

Which two statements are true about ASA standard ACLs? (Choose two.)​

They identify only the destination IP address.

They are the most common type of ACL.

They are typically only used for OSPF routes.

They are applied to interfaces to control traffic.

They specify both the source and destination MAC address.

 

What is the purpose of the webtype ACLs in an ASA?

to inspect outbound traffic headed towards certain web sites

to restrict traffic that is destined to an ASDM

to filter traffic for clientless SSL VPN users

to monitor return traffic that is in response to web server requests that are initiated from the inside interface

 

Refer to the exhibit. A network administrator is configuring PAT on an ASA device to enable internal workstations to access the Internet. Which configuration command should be used next?

nat (inside,outside) dynamic NET1

nat (outside,inside) dynamic interface

nat (inside,outside) dynamic interface

nat (outside,inside) dynamic NET1

 

[by Jaime]

Which Cisco VPN solution provides limited access to internal network resources by utilizing a Cisco ASA and provides browser-based access only?

SSL

clientless SSL VPN

IPsec

client-based SSL VPN

 

The following Questions has been answered on CCNA Security Chapter 10 Test v1.1

Which three security features do ASA models 5505 and 5510 support by default? (Choose three.)

Which three components must be configured when implementing a clientless SSL VPN on an ASA 5505 device? (Choose three.)

When the ASA recognizes that the incoming packets are part of an already established connection, which three fast path tasks are executed? (Choose three.)

Refer to the exhibit. Which three sets of configuration commands were entered on the ASA 5505? (Choose three.)

Which option lists the ASA adaptive security algorithm session management tasks in the correct order?

 

The following questions has been answered on CCNA Security Final Exam v1.1

Refer to the exhibit. The indicated window has appeared in the web browser of a remote user. What is the cause of this message?

Sales representatives of an organization use computers in hotel business centers to occasionally access corporate e-mail and the inventory database. What would be the best VPN solution to implement on an ASA to support these users?

 

[by abu7ala1]

Refer to the exhibit. A network administrator is configuring an object group on an ASA device. Which configuration keyword should be used after the object group nameSERVICE1?

ip

tcp

udp

icmp

 

Refer to the exhibit. A network administrator has configured NAT on an ASA device. What type of NAT is used?

inside NAT

bidirectional NAT

outside NAT

static NAT

 

10 thoughts on “Answer CCNA Security Chapter 9 Test – CCNAS v1.1

  1. V1.2 new question, from CCNA 4 chapter 7

    Which Cisco VPN solution provides limited access to internal network resources by utilizing a Cisco ASA and provides browser-based access only?
    SSL
    *clientless SSL VPN*
    IPsec
    client-based SSL VPN

  2. From v1.2:

    A network engineer is using a Cisco ASA as a proxy device to provide remote secure access to a company web server. What technology is being used?
    - Cisco AnyConnect Secure Mobility Client with SSL
    - *Cisco Secure Mobility Clientless SSL VPN*
    - Cisco VPN Client
    - generic routing encapsulation tunnel using Ipsec

    What is a characteristic of ASA security levels?​
    - The lower the security level on an interface, the more trusted the interface.
    - *An ACL needs to be configured to explicitly permit traffic from an interface with a lower security level to an interface with a higher security level.*
    - Each operational interface must have a name and be assigned a security level from 0 to 200.
    - Inbound traffic is identified as the traffic moving from an interface with a higher security level to an interface with a lower security level.

    Refer to the exhibit. Two types of VLAN interfaces were configured on an ASA 5505 with a Base license. The administrator wants to configure a third VLAN interface with limited functionality. Which action should be taken by the administrator to configure the third interface?
    - The administrator needs to acquire the Security Plus license, because the Base license does not support the proposed action.
    - The administrator configures the third VLAN interface the same way the other two were configured, because the Base license supports the proposed action.​
    - *The administrator must enter the no forward interface vlan command before the nameif command on the third interface.*
    - Because the ASA 5505 does not support the configuration of a third interface, the administrator cannot configure the third VLAN.​

    What command defines a DHCP pool that uses the maximum number of DHCP client addresses available on an ASA 5505 that is using the Base license?
    - CCNAS-ASA(config)# dhcpd address 192.168.1.10-192.168.1.100 inside​
    - *CCNAS-ASA(config)# dhcpd address 192.168.1.25-192.168.1.56 inside*
    - CCNAS-ASA(config)# dhcpd address 192.168.1.20-192.168.1.50 inside​
    - CCNAS-ASA(config)# dhcpd address 192.168.1.30-192.168.1.79 inside

    Which statement describes the function provided to a network administrator who uses the Cisco Adaptive Security Device Manager (ASDM) GUI that runs as a Java Web Start application?
    - The administrator can connect to and manage multiple ASA devices, Cisco routers, and Cisco switches.
    - The administrator can connect to and manage multiple ASA devices.
    - The administrator can connect to and manage multiple ASA devices and Cisco routers.
    - *The administrator can connect to and manage a single ASA.*

    Which two statements are true about ASA standard ACLs? (Choose two.)​
    - *They identify only the destination IP address.*
    - They are the most common type of ACL.
    - *They are typically only used for OSPF routes.*
    - They are applied to interfaces to control traffic.
    - They specify both the source and destination MAC address.

    What is the purpose of the webtype ACLs in an ASA?
    - to inspect outbound traffic headed towards certain web sites
    - to restrict traffic that is destined to an ASDM
    - *to filter traffic for clientless SSL VPN users*
    - to monitor return traffic that is in response to web server requests that are initiated from the inside interface

    Refer to the exhibit. A network administrator is configuring PAT on an ASA device to enable internal workstations to access the Internet. Which configuration command should be used next?
    - nat (inside,outside) dynamic NET1
    - nat (outside,inside) dynamic interface
    - *nat (inside,outside) dynamic interface*
    - nat (outside,inside) dynamic NET1

  3. Refer to the exhibit. A network administrator is configuring an object group on an ASA device. Which configuration keyword should be used after the object group nameSERVICE1?
    ip
    **tcp** Correct Answer
    udp
    icmp

  4. Refer to the exhibit. A network administrator has configured NAT on an ASA device. What type of NAT is used?
    **inside NAT** Correct Answer
    bidirectional NAT
    outside NAT
    static NAT

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">

Search Invisible Algorithm:

ccna security chapter 9 exam answers, ccna security chapter 9, Which Cisco secure access solution can be used to determine if hosts are compliant with security policies?, ccna security chapter 9 answers, Which development has contributed most to the growing demand for a borderless network?, ccnas chapter 9, ccna security chapter 9 exam answers 100, which securex product family would include cisco anyconnect?, if a web browser is to be used and not a hardware or software-based client which cisco solution is best for establishing a secure vpn connection?, A company is considering implementing the Cisco SecureX security architecture What is the purpose of Cisco TrustSec?