Answer CCNA Security Chapter 10 Test – CCNAS v1.2

CCNAS Chapter 10 Test v1.2 Q25

This post will share answer for Chapter 10 Test CCNA Security v1.2. All questions is based on CCNAS v1.2 contributed by Correo Temporal. I hope that the questions and answers for this CCNA Security Chapter 10 Test will benefits all of us. Please do leave comment if you encounter any new questions or you want to correct any answers in this post.

 

1. A network security manager has been tasked with supporting some staff to work from home on a part time basis. What Cisco Secure access product will allow this manager to provide secure, manageable voice and video services to this group of personnel?

Cisco Secure Access Control System

Cisco AnyConnect

Cisco NAC Appliance

Cisco Virtual Office

Cisco Identity Services Engine

 

2. Which two security features must be implemented when SCP is a part of a company security plan? (Choose two.)

AAA authorization

AES

encrypted Cisco IOS File System

SSH

TCP/IP-based VPN

 

3. What are two attributes of a qualitative risk analysis? (Choose two.) It is measurable.

It assigns values to assets.

It is exploratory.

It is descriptive.

It uses a mathematical model.

 

4. Why would an organization perform a quantitative risk analysis for network security threats?

so that management can determine the number of network devices needed to inspect, analyze, and protect the corporate resources

so that management has documentation about the number of security attacks that have occurred within a particular time period

so that the organization can focus resources where they are most needed

so that the organization knows the top areas where network security holes exist

 

5. What is the purpose of the Tripwire network testing tool?

to perform vulnerability scanning

to assess configuration against established policies, recommended best practices, and compliance standards

to detect unauthorized wired network access

to provide password auditing and recovery

to provide information about vulnerabilities and aid in penetration testing and IDS signature development

 

6. A network manager has presented to upper management that the threat of fire in the data center has an exposure factor of 70 percent. What does this mean?

70 percent of the devices in the data center do not have fire resistance coverage.

70 percent of the data center area has a high risk of fire.

There is a 70 percent chance of a fire in the data center.

70 percent of all data center equipment would be destroyed if there were a fire.

 

7. What operations security principle is intended to ensure that a single individual does not control two or more phases of an operation?

change control

separation of duties

rotation of duties

trusted recovery

 

8. Which security test is appropriate for detecting system weaknesses such as misconfiguration, default passwords, and potential DoS targets?

integrity checkers

penetration testing

vulnerability scanning

network scanning

 

9. What situations are addressed by a business continuity plan?

the continued operations of an organization in the event of a disaster or service interruption

the roles and responsibilities of personnel responding to security breaches

the threats that corporate systems are subjected to in a particular environment

the day-to-day operations necessary to deploy and maintain secure systems

 

10. What is the main purpose of the Cisco SIO?

to guarantee every connection coming on or off the endpoint

to provide a method of introducing scanning elements into the network

to enable a single point of policy definition that spans multiple enforcement points

to identify malicious traffic and develop rules to stop it

 

11. Fill in the blank. risk analysis is used to estimate the probability and severity of threats to a system.

 

12. How does network scanning help assess operations security?

It can simulate attacks from malicious sources.

It can log abnormal activity.

It can detect open TCP ports on network systems.

It can detect weak or blank passwords.

 

13. In quantitative risk analysis, what term is used to represent the degree of destruction that would occur if an event took place?

single loss expectancy

exposure factor

annualized loss expectancy

annualized rate of occurrence

 

14. What security task is relevant in the disposition phase of the SDLC?

defining the levels of potential impact on an organization from a security breach

identifying the protection requirements for systems through a formal risk assessment process

ensuring that security plans are designed, developed, and implemented

ensuring that data is deleted, erased, or overwritten

 

15. What should be the primary objective of a contingency and disaster recovery plan?

eliminate risk by avoiding threats to the network altogether

identify acceptable methods of recovery on events most likely to happen

address every possible disaster scenario and assumption

implement protection mechanisms in an attempt to reduce risks to acceptable levels

 

16. Using quantitative risk analysis, what is the annualized loss expectancy to an organization of an event that has single loss expectancy of $500,000 and a annualized rate of occurrence of .03?

$1500

$6000

$15,000

$1,500,000

 

17. What component of the Cisco SecureX architecture automatically deploys security rules to Cisco devices?

policy management console

SIO

delivery mechanism

scanning engine

 

18. Which security policy component defines what users are allowed and not allowed to do on company systems?

authentication policy

governing policy

acceptable use policy

application policy

 

19. A new network manager at a small company is presented with a list from the technician who is responsible for server backups. The technician provides the following list of current practices.

  • Blank media is always used.
  • Server backups are performed on a weekly basis.
  • Only three people (the technician, a peer, and the supervisor of the technician) have rights to perform the backups.
  • The technician stores the backups in a fire-proof safe in the wiring closet.
  • Twice a month, the technician and supervisor take a separate backup copy to a secure off-site location.

Which practice would it be best to modify in order to improve this process so it is in accordance with recommended best practices for a secure backup program?

More people should have rights to perform the backups.

Only one person is needed to store the off-site copy.

Two people should securely store the on-site backup media.

Media can be rotated.

Backups should be done on a more frequent basis.

 

20. A new person has joined the security operations team for a manufacturing plant. What is a common scope of responsibility for this person?

physical and logical security of all business personnel

managing redundancy operations for all systems

day-to-day maintenance of network security

data security on host devices

 

21. What is the objective of the governing policy in the security policy hierarchy structure?

It defines system and issue-specific policies that describe what the technical staff does.

It outlines the company’s overall security goals for managers and technical staff.

It covers all rules pertaining to information security that end users should know about and follow.

It provides general policies on how the technical staff should perform security functions.

 

22. Which type of security policy document is it that includes implementation details that usually contain step-by-step instructions and graphics?

standards document

procedure document

best practices document

guideline document

 

23. What are the three security tasks related to the disposition phase of the system development life cycle? (Choose three.)

media sanitation

preliminary risk assessment

continuous monitoring

hardware and software disposal

security cost considerations

information preservation

 

24. What is the purpose of a security awareness campaign?

to integrate all the security skills and competencies into a single body of knowledge

to teach skills so employees can perform security tasks

to focus the attention of employees on security issues

to provide users with a training curriculum that can ultimately lead to a formal degree

 

25.

CCNAS Chapter 10 Test v1.2 Q25

Place the options in the following order:

[jarod08]

applies policy-based control
delivers network services to remote employees
provides access in accordance with rule-based policies
enforces security policies by updating non-compliant machines

[Aey / Ranya]

applies policy-based access control
enforces security policies by updating noncompliant machines
provides access in accordance with rule-based policies
delivers network services to remote employees

 

 

The numbering system just to make it easier for us to refer particular questions for discussion purposes. Leave comment for updated questions or correction to any answers in this post. Thank you

 

Acknowledgement

Correo Temporal – Questions and answers contributor

jarod08, Aey – Answer contributor

Sharing is Caring

16 thoughts on “Answer CCNA Security Chapter 10 Test – CCNAS v1.2”

  1. A network security manager has been tasked with supporting some staff to work from home on a part time basis. What Cisco Secure access product will allow this manager to provide secure, manageable voice and video services to this group of personnel?

    right answer — Cisco Virtual Office

  2. Which security policy component defines what users are allowed and not allowed to do on company systems?

    Right answer — acceptable use policy

  3. #25 read and find answer:

    Cisco Identity Services Engine:

    •Apply policy-based access control

    •Support greater flexibility to use devices and applications of choice

    •Provide a single IT interface for policy creation and enforcement

    •Deploy in active standby mode to help ensure high availability

    Network Admission Control Appliance, as shown in the figure:

    •Recognize users, their devices, and their roles in the network

    •Evaluate whether machines are compliant with security policies

    •Enforce security policies by blocking, isolating, and repairing noncompliant machines

    •Provide easy and secure guest access

    •Simplify non-authenticating device access

    •Audit and report whom is on the network

    Cisco Secure Access Control System:

    •Controls network access based on dynamic conditions and attributes

    •Meets evolving access requirements with rule-based policies

    •Increases compliance with integrated monitoring, reporting, and troubleshooting capabilities

    •Takes advantage of built-in integration capabilities and distributed deployment

    Cisco Virtual Office:

    •Extends highly secure, and manageable network services to remote employees

    •Cost-effectively scales through standard or express versions

    •Includes Cisco and approved partner services, remote site aggregation and head-end systems

    •Delivers full IP phone, wireless, data, and video services

  4. 2 applies policy-based access control

    5 delivers network services to remote employees

    4 provides access in accordance with rule-based policies

    3 enforces security policies by updating noncompliant machines

  5. Question 25 is wrong
    1.applies policy-based control
    2. enforces security policies by updating non-compliant machines
    3. provides access in accordance with rule-based policies
    4. delivers network services to remote employees
    Should be
    1.applies policy-based control
    2. delivers network services to remote employees
    3. provides access in accordance with rule-based policies
    4. enforces security policies by updating non-compliant machines

  6. I just took this quiz. Number 25 is incorrect. The answer is:

    Place the options in the following order:
    – not scored –
    applies policy-based access control
    enforces security policies by updating noncompliant machines
    provides access in accordance with rule-based policies
    delivers network services to remote employees

  7. I took this exam today 2d december 2015

    the correct answer is
    -not scored- (Cisco AnyConnect)
    applies policy-based access control (Cisco Identity Services Engine)
    enforces security policies by updating noncompliant machines(Cisco NAC Appliance)
    provides access in accordance with rule-based policies (Cisco Secure Access Control System)
    delivers network services to remote employees (Cisco Virtual Office)

    email me to have the screen print of Cisco’s right answer

Leave a Reply

Your email address will not be published. Required fields are marked *