CCNA Security v2.0 Chapter 10 Exam Answers 1. Which statement describes the functin prvided t a netwrk administratrwh uses the Cisc Adaptive Security Device Manager (ASDM) GUI that runs as a Java Web Start applicatin? The administratr can cnnect t and manage a single ASA. The administratr can cnnect t and manage multiple ASA devices. The administratr can cnnect t and manage multiple ASA devices and Cisc ruters. The administratr can cnnect t and manage multiple ASA devices, Cisc ruters, and Cisc switches. 2. What is ne benefit f using ASDM cmpared t using the CLI t cnfigure the Cisc ASA? It des nt require any initial device cnfiguratin. It hides the cmplexity f security cmmands. ASDM prvides increased cnfiguratin security. It des nt require a remte cnnectin t a Cisc device. 3. Which type f security is required fr initial access t the Cisc ASDM by using the lcal applicatin ptin? SSL WPA2 crprate bimetric AES 4. Which minimum cnfiguratin is required n mst ASAs befre ASDM can be used? SSH a dedicated Layer 3 management interface a lgical VLAN interface and an Ethernet prt ther than 0/0 Ethernet 0/0 5. What must be cnfigured n an ASA befre it can be accessed by ASDM? web server access Telnet r SSH an Ethernet prt ther than 0/0 Ethernet 0/0 IP address CCNA 5 Page 1
6. Hw is an ASA interface cnfigured as an utside interface when using ASDM? Select a check bx frm the Interface Type ptin that shws inside, utside, and DMZ. Select utside frm the Interface Type drp-dwn menu. Enter the name utside in the Interface Name text bx. Drag the interface t the prt labeled utside in the ASA drawing. 7. Refer t the exhibit. Which Device Management menu item wuld be used t access theasa cmmand line frm within Cisc ASDM? CCNA Security Chapter 10 Exam Answer v2 001 Licensing System Image/Cnfiguratin Management Access Advanced 8. Which ASDM cnfiguratin ptin is used t cnfigure the ASA enable secret passwrd? Device Setup Mnitring Interfaces Device Management CCNA 5 Page 2
9. Refer t the exhibit. Which Device Setup ASDM menu ptin wuld be used t cnfigure the ASA fr an NTP server? CCNA Security Chapter 10 Exam Answer v2 002 Startup Wizard Device Name/Passwrd Ruting Interfaces System Time 10. True r False? The ASA can be cnfigured thrugh ASDM as a DHCP server. false true 11. Which ASDM interface ptin wuld be used t cnfigure an ASA as a DHCP server fr lcal crprate devices? DMZ utside lcal inside 12. Which ASDM cnfiguratin ptin re-encrypts all shared keys and passwrds n an ASA? security master super encryptin master passphrase device prtectin CCNA 5 Page 3
13. Which type f encryptin is applied t shared keys and passwrds when the master passphrase ptin is enabled thrugh ASDM fr an ASA? 3DES public/private key AES 128-bit 14. When the CLI is used t cnfigure an ISR fr a site-t-site VPN cnnectin, which tw items must be specified t enable a crypt map plicy? (Chse tw.) the hash the peer encryptin the ISAKMP plicy a valid access list IP addresses n all active interfaces 15. What is the purpse f the ACL in the cnfiguratin f an ISR site-t-site VPN cnnectin? t permit nly secure prtcls t lg denied traffic t identify the peer t define interesting traffic 16. When ASDM is used t cnfigure an ASA site-t-site VPN, what can be custmized t secure traffic? ISAKMP IKE IKE and ISAKMP preshared key 17. Which VPN slutin allws the use f a web brwser t establish a secure, remte-access VPN tunnel t the ASA? clientless SSL site-t-site using an ACL site-t-site using a preshared key client-based SSL 18. Which remte-access VPN cnnectin allws the user t cnnect by using a web brwser? CCNA 5 Page 4
IPsec (IKEv2) VPN site-t-site VPN clientless SSL VPN IPsec (IKEv1) VPN 19. Which remte-access VPN cnnectin allws the user t cnnect using Cisc AnyCnnect? IPsec (IKEv2) VPN site-t-site VPN clientless SSL VPN IPsec (IKEv1) VPN 20. Which statement describes available user authenticatin methds when using an ASA 5505 device? The ASA 5505 can use either a AAA server r a lcal database. The ASA 5505 nly uses a AAA server fr authenticatin. The ASA 5505 nly uses a lcal database fr authenticatin. The ASA 5505 must use bth a AAA server and a lcal database. 21. Which remte-access VPN cnnectin needs a bkmark list? IPsec (IKEv1) VPN IPsec (IKEv2) VPN site-t-site VPN clientless SSL VPN 22. What ccurs when a user lgs ut f the web prtal n a clientless SSL VPN cnnectin? The brwser cache is cleared. Dwnladed files are deleted. The user n lnger has access t the VPN. The web prtal times ut. 23. If an utside hst des nt have the Cisc AnyCnnect client preinstalled, hw wuld the hst gain access t the client image? The hst initiates a clientless cnnectin t a TFTP server t dwnlad the client. The hst initiates a clientless VPN cnnectin using a cmpliant web brwser t dwnlad the client. The Cisc AnyCnnect client is installed by default n mst majr perating systems. The hst initiates a clientless cnnectin t an FTP server t dwnlad the client. CCNA 5 Page 5
24. What is an ptinal feature that is perfrmed during the Cisc AnyCnnect Secure Mbility Client VPN establishment phase? security ptimizatin hst-based ACL installatin psture assessment quality f service security 25. Which item describes secure prtcl supprt prvided by Cisc AnyCnnect? neither SSL nr IPsec SSL nly bth SSL and IPsec IPsec nly 26. What is the purpse f cnfiguring an IP address pl t be used fr clientbased SSL VPN cnnectins? t assign addresses t the interfaces n the ASA t identify which users are allwed t dwnlad the client image t assign IP addresses t clients when they cnnect t identify which clients are allwed t cnnect CCNA 5 Page 6