Answer CCNA Security Chapter 10 Test – CCNAS v2.0

Question 21 Chapter 10 Test v2.0

Answer for CCNA Security Chapter 10 Test version 2.0 will be discussed in this post. I will share the questions and answers for CCNA Security version 2 Chapter 10 test. If you find any wrong answers or any new question, do drop comment at the bottom of the page. Hopefully this will benefits all of us

 

  1. What is the purpose of the ACL in the configuration of an ISR site-to-site VPN connection?

to permit only secure protocols

to identify the peer

to define interesting traffic

to log denied traffic

 

  1. True or False?

The ASA can be configured through ASDM as a DHCP server.

false

true

 

  1. What must be configured on an ASA before it can be accessed by ASDM?

Ethernet 0/0 IP address

Telnet or SSH

web server access

an Ethernet port other than 0/0

 

  1. What is an optional feature that is performed during the Cisco AnyConnect Secure Mobility Client VPN establishment phase?

host-based ACL installation

security optimization

posture assessment          

quality of service security

 

  1. Which item describes secure protocol support provided by Cisco AnyConnect?

SSL only

IPsec only

neither SSL nor IPsec

both SSL and IPsec

 

  1. If an outside host does not have the Cisco AnyConnect client preinstalled, how would th host gain access to the client image?

The host initiates a clientless connection to an FTP server to download the client.

The host initiates a clientless connection to a TFTP server to download the client.

The host initiates a clientless VPN connection using a compliant web browser to download the client.

The Cisco AnyConnect client is installed by default on most major operating systems.

 

  1. Which statement describes the function provided to a network administrator who uses the Cisco Adaptive Security Device Manager (ASDM) GUI that runs as a Java Web Start application?

The administrator can connect to and manage multiple ASA devices, Cisco routers, and Cisco switches.

The administrator can connect to and manage a single ASA.

The administrator can connect to and manage multiple ASA devices.

The administrator can connect to and manage multiple ASA devices and Cisco routers.

 

  1. Which statement describes available user authentication methods when using an ASA 5 device?

The ASA 5505 only uses a AAA server for authentication.

The ASA 5505 can use either a AAA server or a local database.

The ASA 5505 only uses a local database for authentication.

The ASA 5505 must use both a AAA server and a local database.

 

Question 9 Chapter 10 Test v2.0

  1. Refer to the exhibit. Which Device Setup ASDM menu option would be used to configure the ASA for an NTP server?

System Time

Startup Wizard

Device Name/Password

Interfaces

Routing

 

  1. Which remote-access VPN connection needs a bookmark list?

site-to-site VPN

IPsec (IKEv2) VPN

IPsec (IKEv1) VPN

clientless SSL VPN

 

  1. Which minimum configuration is required on most ASAs before ASDM can be used?

a dedicated Layer 3 management interface

a logical VLAN interface and an Ethernet port other than 0/0

SSH

Ethernet 0/0

 

  1. Which ASDM interface option would be used to configure an ASA as a DHCP server for corporate devices?

local

inside

outside

DMZ

 

  1. When ASDM is used to configure an ASA site-to-site VPN, what can be customized to secure traffic?

preshared key

IKE

IKE and ISAKMP

ISAKMP

 

  1. Which ASDM configuration option re-encrypts all shared keys and passwords on an ASA?

super encryption

security master

device protection

master passphrase

 

  1. When the CLI is used to configure an ISR for a site-to-site VPN connection, which two items must be specified to enable a crypto map policy? (Choose two.)

the peer

the hash

encryption

IP addresses on all active interfaces

a valid access list

the ISAKMP policy

 

  1. What is one benefit of using ASDM compared to using the CLI to configure the Cisco ASA?

It does not require a remote connection to a Cisco device.

ASDM provides increased configuration security.

It hides the complexity of security commands.

It does not require any initial device configuration.

 

  1. Which remote-access VPN connection allows the user to connect by using a web browser? [Careful: Similar to Q26. Please read both questions]

IPsec (IKEv1) VPN

site-to-site VPN

IPsec (IKEv2) VPN

clientless SSL VPN

 

  1. What is the purpose of configuring an IP address pool to be used for client-based SSL VPN connections?

to identify which clients are allowed to connect

to assign addresses to the interfaces on the ASA

to identify which users are allowed to download the client image

to assign IP addresses to clients when they connect

 

  1. Which ASDM configuration option is used to configure the ASA enable secret password

Device Management

Monitoring

Device Setup

Interfaces

 

  1. Which type of encryption is applied to shared keys and passwords when the master passphrase option is enabled through ASDM for an ASA?

public/private key

3DES

AES

128-bit

 

Question 21 Chapter 10 Test v2.0

  1. Refer to the exhibit. Which Device Management menu item would be used to access the ASA command line from within Cisco ASDM?

Advanced

Management Access

Licensing

System Image/Configuration

 

  1. Which type of security is required for initial access to the Cisco ASDM by using the local application option?

biometric

AES

SSL

WPA2 corporate

 

  1. How is an ASA interface configured as an outside interface when using ASDM?

Drag the interface to the port labeled “outside” in the ASA drawing.

Enter the name “outside” in the Interface Name text box.

Select outside from the Interface Type drop-down menu.

Select a check box from the Interface Type option that shows inside, outside, and DMZ.

 

  1. Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA?

clientless SSL

site-to-site using a preshared key

site-to-site using an ACL

client-based SSL

 

  1. What occurs when a user logs out of the web portal on a clientless SSL VPN connection?

Downloaded files are deleted.

The user no longer has access to the VPN.

The browser cache is cleared.

The web portal times out.

 

  1. Which remote-access VPN connection allows the user to connect using Cisco AnyConnect? [Careful: Similar to Q17. Please read both questions]

site-to-site VPN

IPsec (IKEv2) VPN

clientless SSL VPN

IPsec (IKEv1) VPN

 

Do drop comment below if you have new questions or you can email to [email protected]. Thank you

Sharing is Caring

26 thoughts on “Answer CCNA Security Chapter 10 Test – CCNAS v2.0”

  1. help answer the question 10 test
    Which remote-access VPN connection allows the user to connect using Cisco AnyConnect?
    clientless SSL VPN
    site-to-site VPN
    IPsec (IKEv2) VPN
    IPsec (IKEv1) VPN

    1. Which remote-access VPN connection allows the user to connect using Cisco AnyConnect?
      clientless SSL VPN
      site-to-site VPN
      * IPsec (IKEv2) VPN
      IPsec (IKEv1) VPN

        1. I can confirm the answer is IPsec (IKEv2). I just completed the test and took a screen shot of the feedback on items for which I didn’t receive full credit and it shows that IPsec (IKEv2) VPN is the correct response.

          This item references content from the following areas:
          CCNA Security: Implementing Network Security
          10.2.4 Configuring AnyConnect SSL VPN

          1. Thanks for the confirmation. For others, please be careful there are 2 similar question.
            1. …. to connect by using a web browser
            2. …. to connect using Cisco AnyConnect

  2. Which remote-access VPN connection needs a bookmark list?
    site-to-site VPN

    IPsec (IKEv2) VPN

    IPsec (IKEv1) VPN

    * clientless SSL VPN

  3. Which remote-access VPN connection allows the user to connect by using a web browser?
    IPsec (IKEv1) VPN

    site-to-site VPN

    IPsec (IKEv2) VPN **** THIS IS THE CORRECT ANSWER

    clientless SSL VPN

  4. What occurs when a user logs out of the web portal on a clientless SSL VPN connection?

    The web portal times out.

    The browser cache is cleared.

    Downloaded files are deleted.

    The user no longer has access to the VPN. **** THIS IS THE CORRECT ANSWER

  5. Which ASDM configuration option is used to configure the ASA enable secret password?

    Device Setup <<< Correct Answer
    Monitoring
    Device Management
    Interfaces

    What is the purpose of configuring an IP address pool to be used for client-based SSL VPN connections?
    to identify which users are allowed to download the client image
    to assign addresses to the interfaces on the ASA
    to assign IP addresses to clients when they connect <<< Correct Answer
    to identify which clients are allowed to connect

    1. Thanks. The first question is number 19 question. the answer is correct, only the order of the answer is different. 2nd question is number 18, but i miss some part of the words, so can’t find. Corrected it. TQVM

  6. New Question
    14
    When the CLI is used to configure an ISR for a site-to-site VPN connection, which two items must be specified to enable a crypto map policy? (Choose two.)

    IP addresses on all active interfaces

    the peer

    a valid access list

    the hash

    encryption

    the ISAKMP policy

  7. Which remote-access VPN connection allows the user to connect by using a web browser?
    Correct *clientless SSL VPN
    Just finished the test.

  8. 18. Which remote-access VPN connection allows the user to connect by using a web browser?
    clientless SSL VPN
    IPsec (IKEv2) VPN
    IPsec (IKEv1) VPN
    site-to-site VPN
    When a web browser is used to securely access the corporate network, the browser must use a secure version of HTTP to provide SSL encryption. A VPN client is not required to be installed on the remote host, so a clientless SSL connection is used.

    26. What is the purpose of configuring an IP address pool to be used for client-based SSL VPN connections?
    to identify which clients are allowed to connect
    to assign IP addresses to clients when they connect
    to identify which users are allowed to download the client image
    to assign addresses to the interfaces on the ASA
    Answer:
    The IP address pool is assigned to clients when they connect. The IP address pool configuration is required for successful client-based SSL VPN connectivity. Without an available IP address pool, the connection to the security appliance fails.

Leave a Reply

Your email address will not be published. Required fields are marked *