CCNA Security v2.0 Chapter 9 Exam Answers

Similar documents
CCNA Security v2.0 Chapter 10 Exam Answers

Packet Tracer - Skills Integration Challenge Topology

CCNA Security v2.0 Chapter 3 Exam Answers

2. What is the most cost-effective method of solving interface congestion that is caused by a high level of traffic between two switches?

CCNA Security v2.0 Chapter 2 Exam Answers

2. When logging is used, which severity level indicates that a device is unusable?

CCNA 3 Chapter 8 v5.0 Exam Answers 2015 (100%) CCNA 5 Page 1

1. What is a characteristic of Frame Relay that provides more flexibility than a dedicated line?

2. When an EIGRP-enabled router uses a password to accept routes from other EIGRP-enabled routers, which mechanism is used?

CCNA 1 Chapter v5.1 Answers 100%

CCNA 1 Chapter v5.1 Answers 100%

CCNA 3 Chapter 2 v5.0 Exam Answers 2015 (100%)

Packet Tracer - Configuring a Zone-Based Policy Firewall (ZPF)

IT Essentials (ITE v6.0) Chapter 8 Exam Answers 100% 2016

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

2. Which command can be used to view the cable type that is attached to a serial interface?

SASAC v1.0 Implementing Core Cisco ASA Security Cisco Training

CCNA 1 Chapter v5.1 Answers 100%

Questions and Answers

CCNA 1 v5.1 Practice Final Exam Answers %

Apply power, the appliance may be powered by connecting:

CCNA 1 Chapter v5.1 Answers 100%

Dolby Conference Phone Support Frequently Asked Questions

CCNA course contents:

SafeDispatch SDR Gateway for MOTOROLA TETRA

Troubleshooting of network problems is find and solve with the help of hardware and software is called troubleshooting tools.

Operational Security. Speaking Frankly The Internet is not a very safe place. A sense of false security... Firewalls*

CCNA 1 Chapter v5.1 Answers 100%

Max 8/16 and T1/E1 Gateway, Version FAQs

CounterSnipe Software Installation Guide Software Version 10.x.x. Initial Set-up- Note: An internet connection is required for installation.

PT Activity 2.6.1: Packet Tracer Skills Integration Challenge

These tasks can now be performed by a special program called FTP clients.

Launching Xacta 360 Marketplace AMI Guide June 2017

NAT Instance Configuration

DIVAR IP 3000 Field Installation Guide

CCNA 3 Practice Final v5.0 Exam Answers 2015 (100%)

CNS-222-1I: NetScaler for Apps and Desktops

Cisco Nexus Data Broker Embedded: Implementation Quick- Start Guide

1.3 Describe the impact of infrastructure components in an enterprise network

Secure Mobile Access to the Local ICS Network. Jan Vossaert Veilige industriële netwerken 29/09/2016

Telkom VPN-Lite router setup User Manual Billion 810VGTX

IT Essentials (ITE v6.0) Chapter 7 Exam Answers 100% 2016

Telkom VPN-Lite router setup User Manual Billion 800VGT

CCNA - Routing and Switching

Exercise 1: Deploying Windows Server 2012

Dear Milestone Customer,

CCNA Voice ICOMM: (4 Day Course)

Release Notes System Software

EVALUATION GUIDE - OCTOBER 2018 VMWARE CLOUD ON AWS. Evaluation Guide

ICND2 Lab Exercises Lesson Companion

IPitomy IP1000 User Guide

Please contact technical support if you have questions about the directory that your organization uses for user management.

1. Which organization certifies vendors for adherence to the standards to improve interoperability of products?

Competitor fills in. Expert fills in. Time: 6.75h 39 - IT Network Systems Administration Danny Meier, Florian Meier, Tobias Meier

Pexip Infinity Secure Mode Deployment Guide

1. Which IOS 12.4 software package integrates full features, including voice, security, and VPN capabilities, for all routing protocols?

Model 86A00-2 Home Theater Extender 2 (HTX2)

Felix Rohrer. Lab 5.5.3: Troubleshooting Access Control Lists. Topology Diagram

Frequently Asked Questions

Cisco Companion Topics

Smart Collector Embedded Assistant User Guide

NiceLabel LMS. Installation Guide for Single Server Deployment. Rev-1702 NiceLabel

IPv6 Foundations: Protocols, Services and Migration

Moving packets. Moving datagrams. Suppose host A want to send IP to host B. Host A wants to send to host E. Generalized forwarding and SDN

Gemini Intercom Quick Start Guide

Network Layer. Internet Control Message Protocol (ICMP)

FIREWALL RULE SET OPTIMIZATION

ASM Educational Center (ASM) Est Authorized SCNS Security Certified Network Specialist Boot Camp

USER MANUAL. RoomWizard Administrative Console

BMC Remedyforce Integration with Remote Support

Web Application Security Version 13.0 Training Course

Pexip Infinity Secure Mode Deployment Guide

MAP-2000 / MAP-2000R MAP-2100

The VMs in the CIS VLab (Virtual Lab) We will be using a number of different Virtual Machines (VMs) in VLab for this course.

Remove AD DS using the Remove Roles Wizard in Server Manager

Secure File Transfer Protocol (SFTP) Interface for Data Intake User Guide

USER GUIDE. Thanks for purchasing the igate! You ll need to follow these five Configuration Steps to get your igate up and running:

1. What are two disadvantages of employing teleworkers in an organization? (Choose two.)

Lecture 6 -.NET Remoting

Chapter 4. IP Addresses: Classful Addressing. PDF created with FinePrint pdffactory Pro trial version

TSHOOT v2.0 Troubleshooting and Maintaining Cisco IP Networks

Cisco Smart Software Manager satellite

Enterprise Installation

TRENDnet User s Guide. Cover Page

Chapter 6 Delivery and Routing of IP Packets. PDF created with FinePrint pdffactory Pro trial version

Configuring Database & SQL Query Monitoring With Sentry-go Quick & Plus! monitors

WDBWL v1.2 Cisco Deploying Basic Wireless LANs

Campuses that access the SFS nvision Windows-based client need to allow outbound traffic to:

Model WM100. Product Manual

Power365. Quick Start Guide

File Share Navigator Online

Software Defined Networking and OpenFlow. Jeffrey Dalla Tezza and Nate Schloss

DocAve 6 Replicator. User Guide. Service Pack 2, Cumulative Update 2. Revision F Issued June DocAve 6: Archiver

BMC Remedyforce Integration with Bomgar Remote Support

Understanding Active Directory Domain Services (AD DS) Functional Levels

IDEAL ADMINISTRATION 2018

TCG Compliance_TNC IF-PEP Compliance Test Plan

Amazon Lab: Deploying applications on AWS

DNS (Domain Name Service)

SIEM Use Cases 45 use cases for Security Monitoring

Transcription:

CCNA Security v2.0 Chapter 9 Exam Answers 1. Refer t the exhibit. An administratr creates three znes (A, B, and C) in an ASA that filters traffic. Traffic riginating frm Zne A ging t Zne C is denied, and traffic riginating frm Zne B ging t Zne C is denied. What is a pssible scenari fr Znes A, B, and C? CCNA Security Chapter 9 Exam Answer v2 001 A DMZ, B Inside, C Outside A Inside, B DMZ, C Outside A Outside, B Inside, C DMZ A DMZ, B Outside, C Inside 2. What is ne f the drawbacks t using transparent mde peratin n an ASA device? n supprt fr IP addressing n supprt fr management n supprt fr using an ASA as a Layer 2 switch n supprt fr QS 3. What is a characteristic f ASA security levels? An ACL needs t be cnfigured t explicitly permit traffic frm an interface with a lwer security level t an interface with a higher security level. CCNA 5 Page 1

Each peratinal interface must have a name and be assigned a security level frm 0 t 200. The lwer the security level n an interface, the mre trusted the interface. Inbund traffic is identified as the traffic mving frm an interface with a higher security level t an interface with a lwer security level. 4. Refer t the exhibit. Tw types f VLAN interfaces were cnfigured n an ASA 5505 with a Base license. The administratr wants t cnfigure a third VLAN interface with limited functinality. Which actin shuld be taken by the administratr t cnfigure the third interface? CCNA Security Chapter 9 Exam Answer v2 002 Because the ASA 5505 des nt supprt the cnfiguratin f a third interface, the administratr cannt cnfigure the third VLAN. The administratr must enter the n frward interface vlan cmmand befre the nameif cmmand n the third interface. The administratr cnfigures the third VLAN interface the same way the ther tw were cnfigured, because the Base license supprts the prpsed actin. The administratr needs t acquire the Security Plus license, because the Base license des nt supprt the prpsed actin. 5. What cmmand defines a DHCP pl that uses the maximum number f DHCP client addresses available n an ASA 5505 that is using the Base license? CCNA 5 Page 2

CCNAS-ASA(cnfig)# dhcpd address 192.168.1.20-192.168.1.50 inside CCNAS-ASA(cnfig)# dhcpd address 192.168.1.10-192.168.1.100 inside CCNAS-ASA(cnfig)# dhcpd address 192.168.1.25-192.168.1.56 inside CCNAS-ASA(cnfig)# dhcpd address 192.168.1.30-192.168.1.79 inside 6. Which tw statements are true abut ASA standard ACLs? (Chse tw.) They are the mst cmmn type f ACL. They are applied t interfaces t cntrl traffic. They are typically nly used fr OSPF rutes. They specify bth the surce and destinatin MAC address. They identify nly the destinatin IP address. 7. Refer t the exhibit. A netwrk administratr is cnfiguring the security level fr the ASA. What is a best practice fr assigning the security level n the three interfaces? CCNA Security Chapter 9 Exam Answer v2 003 Outside 40, Inside 100, DMZ 0 Outside 0, Inside 35, DMZ 90 Outside 100, Inside 10, DMZ 40 Outside 0, Inside 100, DMZ 50 CCNA 5 Page 3

8. Refer t the exhibit. A netwrk administratr is cnfiguring the security level fr the ASA. Which statement describes the default result if the administratr tries t assign the Inside interface with the same security level as the DMZ interface? CCNA Security Chapter 9 Exam Answer v2 004 The ASA allws inbund traffic initiated n the Internet t the DMZ, but nt t the Inside interface. The ASA cnsle will display an errr message. The ASA will nt allw traffic in either directin between the Inside interface and the DMZ. The ASA allws traffic frm the Inside t the DMZ, but blcks traffic initiated n the DMZ t the Inside interface. 9. What is a difference between ASA IPv4 ACLs and IOS IPv4 ACLs? ASA ACLs are always named, whereas IOS ACLs are always numbered. Multiple ASA ACLs can be applied n an interface in the ingress directin, whereas nly ne IOS ACL can be applied. ASA ACLs use the subnet mask in defining a netwrk, whereas IOS ACLs use the wildcard mask. ASA ACLs d nt have an implicit deny any at the end, whereas IOS ACLs d. ASA ACLs use frward and drp ACEs, whereas IOS ACLs use permit and deny ACEs. 10. What is the purpse f the webtype ACLs in an ASA? CCNA 5 Page 4

t inspect utbund traffic headed twards certain web sites t restrict traffic that is destined t an ASDM t mnitr return traffic that is in respnse t web server requests that are initiated frm the inside interface t filter traffic fr clientless SSL VPN users 11. Refer t the exhibit. A netwrk administratr has cnfigured NAT n an ASA device. What type f NAT is used? CCNA Security Chapter 9 Exam Answer v2 005 inside NAT static NAT bidirectinal NAT utside NAT 12. Refer t the exhibit. A netwrk administratr is cnfiguring an bject grup n an ASA device. Which cnfiguratin keywrd shuld be used after the bject grup name SERVICE1? CCNA Security Chapter 9 Exam Answer v2 006 icmp ip udp tcp 13. When dynamic NAT n an ASA is being cnfigured, what tw parameters must be specified by netwrk bjects? (Chse tw.) a range f private addresses that will be translated the interface security level CCNA 5 Page 5

the pl f public glbal addresses the inside NAT interface the utside NAT interface 14. What functin is perfrmed by the class maps cnfiguratin bject in the Cisc mdular plicy framewrk? identifying interesting traffic applying a plicy t an interface applying a plicy t interesting traffic restricting traffic thrugh an interface 15. Refer t the exhibit. Based n the security levels f the interfaces n ASA1, what traffic will be allwed n the interfaces? CCNA Security Chapter 9 Exam Answer v2 007 Traffic frm the Internet and DMZ can access the LAN. Traffic frm the Internet and LAN can access the DMZ. Traffic frm the Internet can access bth the DMZ and the LAN. Traffic frm the LAN and DMZ can access the Internet. 16. What are three characteristics f the ASA ruted mde? (Chse three.) This mde is referred t as a bump in the wire. In this mde, the ASA is invisible t an attacker. The interfaces f the ASA separate Layer 3 netwrks and require different IP addresses in different subnets. CCNA 5 Page 6

It is the traditinal firewall deplyment mde. This mde des nt supprt VPNs, QS, r DHCP Relay. NAT can be implemented between cnnected netwrks. 17. Refer t the exhibit. An administratr has cnfigured an ASA 5505 as indicated but is still unable t ping the inside interface frm an inside hst. What is the cause f this prblem? CCNA Security Chapter 9 Exam Answer v2 008 The n shutdwn cmmand shuld be entered n interface Ethernet 0/1. VLAN 1 shuld be the utside interface and VLAN 2 shuld be the inside interface. VLAN 1 shuld be assigned t interface Ethernet 0/0 and VLAN 2 t Ethernet 0/1. The security level f the inside interface shuld be 0 and the utside interface shuld be 100. An IP address shuld be cnfigured n the Ethernet 0/0 and 0/1 interfaces. 18. Refer t the exhibit. Accrding t the cmmand utput, which three statements are true abut the DHCP ptins entered n the ASA 5505? (Chse three.) CCNA Security Chapter 9 Exam Answer v2 009 CCNA 5 Page 7

The dhcpd address [start-f-pl]-[end-f-pl] inside cmmand was issued t enable the DHCP client. The dhcpd aut-cnfig utside cmmand was issued t enable the DHCP server. The dhcpd address [start-f-pl]-[end-f-pl] inside cmmand was issued t enable the DHCP server. The dhcpd aut-cnfig utside cmmand was issued t enable the DHCP client. The dhcpd enable inside cmmand was issued t enable the DHCP client. The dhcpd enable inside cmmand was issued t enable the DHCP server. 19. Refer t the exhibit. What will be displayed in the utput f the shw runningcnfig bjectcmmand after the exhibited cnfiguratin cmmands are entered n an ASA 5505? CCNA Security Chapter 9 Exam Answer v2 010 hst 192.168.1.4 hst 192.168.1.3, hst 192.168.1.4, and range 192.168.1.10 192.168.1.20 hst 192.168.1.4 and range 192.168.1.10 192.168.1.20 hst 192.168.1.3 and hst 192.168.1.4 range 192.168.1.10 192.168.1.20 hst 192.168.1.3 20. What must be cnfigured n a Cisc ASA device t supprt lcal authenticatin? AAA the IP address f the RADIUS r TACACS+ server encrypted passwrds SSHv2 RSA keys 21. Which statement describes a difference between the Cisc ASA IOS CLI feature and the ruter IOS CLI feature? CCNA 5 Page 8

ASA uses the? cmmand whereas a ruter uses the help cmmand t receive help n a brief descriptin and the syntax f a cmmand. T use a shw cmmand in a general cnfiguratin mde, ASA can use the cmmand directly whereas a ruter will need t enter the d cmmand befre issuing the shw cmmand. T cmplete a partially typed cmmand, ASA uses the Ctrl+Tab key cmbinatin whereas a ruter uses the Tab key. T indicate the CLI EXEC mde, ASA uses the % symbl whereas a ruter uses the # symbl. 22. What are tw factry default cnfiguratins n an ASA 5505? (Chse tw.) VLAN 2 is cnfigured with the name inside. The internal web server is disabled. DHCP service is enabled fr internal hsts t btain an IP address and a default gateway frm the upstream device. PAT is cnfigured t allw internal hsts t access remte netwrks thrugh an Ethernet interface. VLAN 1 is assigned a security level f 100. 23. Which type f NAT wuld be used n an ASA where 10.0.1.0/24 inside addresses are t be translated nly if traffic frm these addresses is destined fr the 198.133.219.0/24 netwrk? plicy NAT dynamic NAT static NAT dynamic PAT 24. Which statement describes a feature f AAA in an ASA device? Accunting can be used alne. Authrizatin is enabled by default. If authrizatin is disabled, all authenticated users will have a very limited access t the cmmands. Bth authrizatin and accunting require a user t be authenticated first. 25. A netwrk administratr is wrking n the implementatin f the Cisc Mdular Plicy Framewrk n an ASA device. The administratr issues a clear serviceplicy cmmand. What is the effect after this cmmand is entered? All class map cnfiguratins are remved. All service plicy statistics data are remved. All service plicies are remved. CCNA 5 Page 9

All plicy map cnfiguratins are remved. 26. What is needed t allw specific traffic that is surced n the utside netwrk f an ASA firewall t reach an internal netwrk? ACL NAT dynamic ruting prtcls utside security zne level 0 CCNA 5 Page 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback