Answer for CCNA Security Chapter 10 Test version 2.0 will be discussed in this post. I will share the questions and answers for CCNA Security version 2 Chapter 10 test. If you find any wrong answers or any new question, do drop comment at the bottom of the page. Hopefully this will benefits all of us
- What is the purpose of the ACL in the configuration of an ISR site-to-site VPN connection?
to permit only secure protocols
to identify the peer
to define interesting traffic
to log denied traffic
- True or False?
The ASA can be configured through ASDM as a DHCP server.
false
true
- What must be configured on an ASA before it can be accessed by ASDM?
Ethernet 0/0 IP address
Telnet or SSH
web server access
an Ethernet port other than 0/0
- What is an optional feature that is performed during the Cisco AnyConnect Secure Mobility Client VPN establishment phase?
host-based ACL installation
security optimization
posture assessment
quality of service security
- Which item describes secure protocol support provided by Cisco AnyConnect?
SSL only
IPsec only
neither SSL nor IPsec
both SSL and IPsec
- If an outside host does not have the Cisco AnyConnect client preinstalled, how would th host gain access to the client image?
The host initiates a clientless connection to an FTP server to download the client.
The host initiates a clientless connection to a TFTP server to download the client.
The host initiates a clientless VPN connection using a compliant web browser to download the client.
The Cisco AnyConnect client is installed by default on most major operating systems.
- Which statement describes the function provided to a network administrator who uses the Cisco Adaptive Security Device Manager (ASDM) GUI that runs as a Java Web Start application?
The administrator can connect to and manage multiple ASA devices, Cisco routers, and Cisco switches.
The administrator can connect to and manage a single ASA.
The administrator can connect to and manage multiple ASA devices.
The administrator can connect to and manage multiple ASA devices and Cisco routers.
- Which statement describes available user authentication methods when using an ASA 5 device?
The ASA 5505 only uses a AAA server for authentication.
The ASA 5505 can use either a AAA server or a local database.
The ASA 5505 only uses a local database for authentication.
The ASA 5505 must use both a AAA server and a local database.
- Refer to the exhibit. Which Device Setup ASDM menu option would be used to configure the ASA for an NTP server?
System Time
Startup Wizard
Device Name/Password
Interfaces
Routing
- Which remote-access VPN connection needs a bookmark list?
site-to-site VPN
IPsec (IKEv2) VPN
IPsec (IKEv1) VPN
clientless SSL VPN
- Which minimum configuration is required on most ASAs before ASDM can be used?
a dedicated Layer 3 management interface
a logical VLAN interface and an Ethernet port other than 0/0
SSH
Ethernet 0/0
- Which ASDM interface option would be used to configure an ASA as a DHCP server for corporate devices?
local
inside
outside
DMZ
- When ASDM is used to configure an ASA site-to-site VPN, what can be customized to secure traffic?
preshared key
IKE
IKE and ISAKMP
ISAKMP
- Which ASDM configuration option re-encrypts all shared keys and passwords on an ASA?
super encryption
security master
device protection
master passphrase
- When the CLI is used to configure an ISR for a site-to-site VPN connection, which two items must be specified to enable a crypto map policy? (Choose two.)
the peer
the hash
encryption
IP addresses on all active interfaces
a valid access list
the ISAKMP policy
- What is one benefit of using ASDM compared to using the CLI to configure the Cisco ASA?
It does not require a remote connection to a Cisco device.
ASDM provides increased configuration security.
It hides the complexity of security commands.
It does not require any initial device configuration.
- Which remote-access VPN connection allows the user to connect by using a web browser? [Careful: Similar to Q26. Please read both questions]
IPsec (IKEv1) VPN
site-to-site VPN
IPsec (IKEv2) VPN
clientless SSL VPN
- What is the purpose of configuring an IP address pool to be used for client-based SSL VPN connections?
to identify which clients are allowed to connect
to assign addresses to the interfaces on the ASA
to identify which users are allowed to download the client image
to assign IP addresses to clients when they connect
- Which ASDM configuration option is used to configure the ASA enable secret password
Device Management
Monitoring
Device Setup
Interfaces
- Which type of encryption is applied to shared keys and passwords when the master passphrase option is enabled through ASDM for an ASA?
public/private key
3DES
AES
128-bit
- Refer to the exhibit. Which Device Management menu item would be used to access the ASA command line from within Cisco ASDM?
Advanced
Management Access
Licensing
System Image/Configuration
- Which type of security is required for initial access to the Cisco ASDM by using the local application option?
biometric
AES
SSL
WPA2 corporate
- How is an ASA interface configured as an outside interface when using ASDM?
Drag the interface to the port labeled “outside” in the ASA drawing.
Enter the name “outside” in the Interface Name text box.
Select outside from the Interface Type drop-down menu.
Select a check box from the Interface Type option that shows inside, outside, and DMZ.
- Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA?
clientless SSL
site-to-site using a preshared key
site-to-site using an ACL
client-based SSL
- What occurs when a user logs out of the web portal on a clientless SSL VPN connection?
Downloaded files are deleted.
The user no longer has access to the VPN.
The browser cache is cleared.
The web portal times out.
- Which remote-access VPN connection allows the user to connect using Cisco AnyConnect? [Careful: Similar to Q17. Please read both questions]
site-to-site VPN
IPsec (IKEv2) VPN
clientless SSL VPN
IPsec (IKEv1) VPN
Do drop comment below if you have new questions or you can email to [email protected]. Thank you
will you upload the final exam of network security soon?
Final exam in progress. I still working with InviAlgo contributor. Wish a lot more people can contribute
well i have the exam in 11 days so i can’t contribute yet sorry :s
Can you contribute now? 😀
When do you think that will be available FINAL ?
help answer the question 10 test
Which remote-access VPN connection allows the user to connect using Cisco AnyConnect?
clientless SSL VPN
site-to-site VPN
IPsec (IKEv2) VPN
IPsec (IKEv1) VPN
Which remote-access VPN connection allows the user to connect using Cisco AnyConnect?
clientless SSL VPN
site-to-site VPN
* IPsec (IKEv2) VPN
IPsec (IKEv1) VPN
No… It’s the Clientless SSL VPN
Thank you. Updated. I think the answer is IPsec (IKEv2) VPN. If anyone can confirm with reference?
I can confirm the answer is IPsec (IKEv2). I just completed the test and took a screen shot of the feedback on items for which I didn’t receive full credit and it shows that IPsec (IKEv2) VPN is the correct response.
This item references content from the following areas:
CCNA Security: Implementing Network Security
10.2.4 Configuring AnyConnect SSL VPN
Thanks for the confirmation. For others, please be careful there are 2 similar question.
1. …. to connect by using a web browser
2. …. to connect using Cisco AnyConnect
Which remote-access VPN connection needs a bookmark list?
site-to-site VPN
IPsec (IKEv2) VPN
IPsec (IKEv1) VPN
* clientless SSL VPN
Thanks for the correction.
Which remote-access VPN connection allows the user to connect by using a web browser?
IPsec (IKEv1) VPN
site-to-site VPN
IPsec (IKEv2) VPN **** THIS IS THE CORRECT ANSWER
clientless SSL VPN
Hi, can anyone confirm? i think the answer Clientless SSL VPN
you’re right, Clientless SSL VPN is correct
What occurs when a user logs out of the web portal on a clientless SSL VPN connection?
The web portal times out.
The browser cache is cleared.
Downloaded files are deleted.
The user no longer has access to the VPN. **** THIS IS THE CORRECT ANSWER
Thank you. Updated
Which ASDM configuration option is used to configure the ASA enable secret password?
Device Setup <<< Correct Answer
Monitoring
Device Management
Interfaces
What is the purpose of configuring an IP address pool to be used for client-based SSL VPN connections?
to identify which users are allowed to download the client image
to assign addresses to the interfaces on the ASA
to assign IP addresses to clients when they connect <<< Correct Answer
to identify which clients are allowed to connect
Thanks. The first question is number 19 question. the answer is correct, only the order of the answer is different. 2nd question is number 18, but i miss some part of the words, so can’t find. Corrected it. TQVM
New Question
14
When the CLI is used to configure an ISR for a site-to-site VPN connection, which two items must be specified to enable a crypto map policy? (Choose two.)
IP addresses on all active interfaces
the peer
a valid access list
the hash
encryption
the ISAKMP policy
Hi Reza. Thanks. but the question same as question 15 in this post. TQ
Which remote-access VPN connection allows the user to connect by using a web browser?
Correct *clientless SSL VPN
Just finished the test.
Thanks Radu for your confirmation. i think most people confuse Q17 with Q26.
18. Which remote-access VPN connection allows the user to connect by using a web browser?
clientless SSL VPN
IPsec (IKEv2) VPN
IPsec (IKEv1) VPN
site-to-site VPN
When a web browser is used to securely access the corporate network, the browser must use a secure version of HTTP to provide SSL encryption. A VPN client is not required to be installed on the remote host, so a clientless SSL connection is used.
26. What is the purpose of configuring an IP address pool to be used for client-based SSL VPN connections?
to identify which clients are allowed to connect
to assign IP addresses to clients when they connect
to identify which users are allowed to download the client image
to assign addresses to the interfaces on the ASA
Answer:
The IP address pool is assigned to clients when they connect. The IP address pool configuration is required for successful client-based SSL VPN connectivity. Without an available IP address pool, the connection to the security appliance fails.
Thanks Sara for your confirmation and explanation provided. For readers, Q18 in Sara comment = Q17 in the post and Q26=Q18