Ads 468x60px

CCNA Security Chapter 10 Exam



CCNA Security Chapter 10 Exam






CCNA Security Chapter 10 Exam


 


1. In what three ways do the 5505 and 5510 Adaptive Security Appliances differ? (Choose three.)


in the method by which they can be configured using either CLI or ASDM


in their compatibility with Cisco SecureX technology


in the maximum traffic throughput supported


in the number of interfaces


in operating system version support


in types of interfaces



2. Which three security features do ASA models 5505 and 5510 support by default? (Choose three.)


content security and control module


Cisco Unified Communications (voice and video) security


intrusion prevention system


stateful firewall


VPN concentrator


Zone-Based Policy Firewall

3. Which option lists the ASA adaptive security algorithm session management tasks in the correct order?


1) allocating NAT translations (xlates)
2) establishing sessions in the “fast path”
3) performing route lookups
4) performing the access list checks





1) establishing sessions in the “fast path”
2) performing the access list checks
3) allocating NAT translations (xlates)
4) performing route lookups





1) performing route lookups
2) establishing sessions in the “fast path”
3) allocating NAT translations (xlates)
4) performing the access list checks





1) performing route lookups
2) allocating NAT translations (xlates)
3) performing the access list checks
4) establishing sessions in the “fast path”





1) performing the access list checks
2) performing route lookups
3) allocating NAT translations (xlates)
4) establishing sessions in the “fast path”



4. When the ASA recognizes that the incoming packets are part of an already established connection, which three fast path tasks are executed? (Choose three.)


adjusting Layer 3 and Layer 4 headers


allocating NAT translations (xlates)


performing IP checksum verification


performing route lookups


performing TCP sequence number checks


performing the access list checks



5. What are three characteristics of ASA transparent mode? (Choose three.)


This mode does not support VPNs, QoS, or DHCP Relay.


The interfaces of the ASA separate Layer 3 networks and require IP addresses in different subnets.


It is the traditional firewall deployment mode.


NAT can be implemented between connected networks.


This mode is referred to as a “bump in the wire.”


In this mode the ASA is invisible to an attacker.



6. Refer to the exhibit. Which three sets of configuration commands were entered on the ASA 5505? (Choose three.)


interface e0/0
nameif outside
security-level 0
ip address 209.165.200.226 255.255.255.248
no shut





interface e0/0
switchport access vlan 2
no shut
exit





interface vlan 2                  
nameif outside 
security-level 0                  
ip address 209.165.200.226 255.255.255.248





ip route 0.0.0.0 0.0.0.0 209.165.200.225





route inside 0.0.0.0 0.0.0.0 209.165.200.225





route outside 0.0.0.0 0.0.0.0 209.165.200.225



7. Refer to the exhibit. According to the exhibited command output, which three statements are true about the DHCP options entered on the ASA 5505? (Choose three.)


The dhcpd auto-config outside command was issued to enable the DHCP client.





The dhcpd address [start-of-pool]-[end-of-pool] inside command was issued to enable the DHCP client.





The dhcpd enable inside command was issued to enable the DHCP client.





The dhcpd auto-config outside command was issued to enable the DHCP server.





The dhcpd address [start-of-pool]-[end-of-pool] inside command was issued to enable the DHCP server.





The dhcpd enable inside command was issued to enable the DHCP server.



8. Which three wizards are included in Cisco ASDM 6.4? (Choose three.)


ADSL Connection wizard


Advanced Firewall wizard


High Availability and Scalability wizard


Security Audit wizard


Startup wizard


VPN wizard



9. Refer to the exhibit. What will be displayed in the output of the show running-config object command after the exhibited configuration commands are entered on an ASA 5505?


host 192.168.1.3


host 192.168.1.4


range 192.168.1.10 192.168.1.20


host 192.168.1.3 and host 192.168.1.4


host 192.168.1.4 and range 192.168.1.10  192.168.1.20


host 192.168.1.3, host 192.168.1.4, and range 192.168.1.10  192.168.1.20



10. Refer to the exhibit. Which ASDM menu sequence would be required to configure Telnet or SSH AAA authentication using a TACACS server first or the local device user database if the TACACS server authentication is unavailable?


Configuration > Device Management > Management Access > ASDM/HTTPS/Telnet/SSH


Configuration > Device Management > Management Access > Management Interface


Configuration > Device Management > Users/AAA > AAA Access


Configuration > Device Management > Users/AAA > AAA Server Group


Configuration > Device Management > Users/AAA > User Accounts



11. Which option lists the four steps to configure the Modular Policy Framework on an ASA?


1) Configure a policy map to apply actions to the identified traffic.
2) Configure a service policy to identify which interface should be activated for the service.
3) Configure extended ACLs to identify specific granular traffic. This step may be optional.
4) Configure the class map to define interesting traffic.





1) Configure a service policy to identify which interface should be activated for the service.
2) Configure extended ACLs to identify specific granular traffic. This step may be optional.
3) Configure the class map to define interesting traffic.
4) Configure a policy map to apply actions to the identified traffic.





1) Configure extended ACLs to identify specific granular traffic. This step may be optional.
2) Configure the class map to define interesting traffic.
3) Configure a policy map to apply actions to the identified traffic.
4) Configure a service policy to identify which interface should be activated for the service.





1) Configure extended ACLs to identify specific granular traffic. This step may be optional.
2) Configure the class map to define interesting traffic.
3) Configure a service policy to identify which interface should be activated for the service.
4) Configure a policy map to apply actions to the identified traffic.



12. Which three types of remote access VPNs are supported on ASA devices? (Choose three.)


Clientless SSL VPN using the Cisco AnyConnect Client


Clientless SSL VPN using a web browser


IPsec (IKEv1) VPN using the Cisco VPN Client


IPsec (IKEv1) VPN using a web browser


SSL or IPsec (IKEv2) VPN using the Cisco AnyConnect Client


SSL or IPsec (IKEv2) VPN using the Cisco VPN Client



13. Which three components must be configured when implementing a clientless SSL VPN on an ASA 5505 device? (Choose three.)


bookmark lists


client address assignment


client images


connection profile name


group policy


NAT exemption rules


VPN protocol (SSL or IPsec or both)



14. Which three components must be configured when implementing a client-based SSL VPN on an ASA 5505 device? (Choose three.)


bookmark lists


client address assignment


client image


DHCP pools


group policy


SSL or IPsec



15. Refer to the exhibit. A remote host is connecting to an ASA 5505 via a VPN connection. Once authenticated, the host displays the highlighted system tray icon. On the basis of the information that is presented, what three assumptions can be made? (Choose three.)


The host web browser window is displaying the ASA SSL web portal webpage containing bookmarks.


The host has connected to the ASA via a client-based SSL VPN connection.


The host is connected via the AnyConnect VPN client.


The host is connected via the Cisco VPN client.


Using the ipconfig command on the host displays one IP address from the originating network.


Using the ipconfig command on the host displays an IP address from the originating network and an IP address for the VPN connection.



16. Refer to the exhibit. An administrator has entered the indicated commands on an ASA 5505. Based on the information presented, what type of remote access VPN has the administrator configured?


a clientless SSL VPN via the Cisco AnyConnect Client


a clientless SSL VPN via a web browser


an IPsec (IKEv1) VPN via the Cisco VPN Client


an IPsec (IKEv1) VPN via a web browser


an SSL or IPsec (IKEv2) VPN via the Cisco AnyConnect Client


an SSL or IPsec (IKEv2) VPN via a Cisco VPN Client



17. Which Cisco ASDM menu sequence would be used to edit a client-based AnyConnect SSL VPN configuration?


Configuration > Remote Access VPN > Advanced


Configuration > Remote Access VPN > Clientless SSL VPN Access


Configuration > Remote Access VPN > Easy VPN Remote


Configuration > Remote Access VPN > Network (Client) Access


Monitoring > VPN > VPN Sessions


Monitoring > VPN > Clientless SSL VPN



18. Which three components must be configured when using the Site-to-Site VPN Connection Setup wizard in ASDM? (Choose three.)


authentication method


bookmarks


crypto maps


encryption algorithms


GRE tunnel specifications


IKE version



19. An administrator has successfully configured a site-to-site VPN on an ASA 5505. Which ASDM menu sequence displays the number of packets encrypted, decrypted, and security association requests?


Configuration > Site-to-Site VPN > Advanced


Configuration > Site-to-Site VPN > Connection Profiles


Configuration > Site-to-Site VPN > Group Policies


Monitoring > VPN > VPN Statistics > Crypto Statistics


Monitoring > VPN > VPN Statistics > Encryption Statistics


Monitoring > VPN > VPN Statistics > Sessions



20. Which two statements correctly describe the ASA as an advanced stateful firewall? (Choose two.)


An ASA uses the Zone-Based Firewall feature and tracks the state of the TCP or UDP network connections that are traversing the network.


In routed mode, an ASA can support two or more Layer 3 interfaces.


In routed mode, an ASA requires a management IP address that is configured in global configuration mode.


In transparent mode, each interface has an associated security level.


The first packet of a flow examined by an ASA goes through the session management path. 

Lebo: