CCNA Security Chapter 10 Exam v2

CCNA Security Chapter 10 Exam Answer v2

  1. Which statement describes the function provided to a network administratorwho uses the Cisco Adaptive Security Device Manager (ASDM) GUI that runs as a Java Web Start application?

    • The administrator can connect to and manage a single ASA.
    • The administrator can connect to and manage multiple ASA devices.
    • The administrator can connect to and manage multiple ASA devices and Cisco routers.
    • The administrator can connect to and manage multiple ASA devices, Cisco routers, and Cisco switches.
  2. What is one benefit of using ASDM compared to using the CLI to configure the Cisco ASA?

    • It does not require any initial device configuration.
    • It hides the complexity of security commands.
    • ASDM provides increased configuration security.
    • It does not require a remote connection to a Cisco device.
  3. Which type of security is required for initial access to the Cisco ASDM by using the local application option?

    • SSL
    • WPA2 corporate
    • biometric
    • AES
  4. Which minimum configuration is required on most ASAs before ASDM can be used?

    • SSH
    • a dedicated Layer 3 management interface
    • a logical VLAN interface and an Ethernet port other than 0/0
    • Ethernet 0/0
  5. What must be configured on an ASA before it can be accessed by ASDM?

    • web server access
    • Telnet or SSH
    • an Ethernet port other than 0/0
    • Ethernet 0/0 IP address
  6. How is an ASA interface configured as an outside interface when using ASDM?

    • Select a check box from the Interface Type option that shows inside, outside, and DMZ.
    • Select outside from the Interface Type drop-down menu.
    • Enter the name “outside” in the Interface Name text box.
    • Drag the interface to the port labeled “outside” in the ASA drawing.
  7. Refer to the exhibit. Which Device Management menu item would be used to access theASA command line from within Cisco ASDM?

    CCNA Security Chapter 10 Exam Answer v2 001

    CCNA Security Chapter 10 Exam Answer v2 001

    • Licensing
    • System Image/Configuration
    • Management Access
    • Advanced
  8. Which ASDM configuration option is used to configure the ASA enable secret password?

    • Device Setup
    • Monitoring
    • Interfaces
    • Device Management
  9. Refer to the exhibit. Which Device Setup ASDM menu option would be used to configure the ASA for an NTP server?

    CCNA Security Chapter 10 Exam Answer v2 002

    CCNA Security Chapter 10 Exam Answer v2 002

    • Startup Wizard
    • Device Name/Password
    • Routing
    • Interfaces
    • System Time
  10. True or False?

    The ASA can be configured through ASDM as a DHCP server.

    • false
    • true
  11. Which ASDM interface option would be used to configure an ASA as a DHCP server for local corporate devices?

    • DMZ
    • outside
    • local
    • inside
  12. Which ASDM configuration option re-encrypts all shared keys and passwords on an ASA?

    • security master
    • super encryption
    • master passphrase
    • device protection
  13. Which type of encryption is applied to shared keys and passwords when the master passphrase option is enabled through ASDM for an ASA?

    • 3DES
    • public/private key
    • AES
    • 128-bit
  14. When the CLI is used to configure an ISR for a site-to-site VPN connection, which two items must be specified to enable a crypto map policy? (Choose two.)

    • the hash
    • the peer
    • encryption
    • the ISAKMP policy
    • a valid access list
    • IP addresses on all active interfaces
  15. What is the purpose of the ACL in the configuration of an ISR site-to-site VPN connection?

    • to permit only secure protocols
    • to log denied traffic
    • to identify the peer
    • to define interesting traffic
  16. When ASDM is used to configure an ASA site-to-site VPN, what can be customized to secure traffic?

    • ISAKMP
    • IKE
    • IKE and ISAKMP
    • preshared key
  17. Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA?

    • clientless SSL
    • site-to-site using an ACL
    • site-to-site using a preshared key
    • client-based SSL
  18. Which remote-access VPN connection allows the user to connect by using a web browser?

    • IPsec (IKEv2) VPN
    • site-to-site VPN
    • clientless SSL VPN
    • IPsec (IKEv1) VPN
  19. Which remote-access VPN connection allows the user to connect using Cisco AnyConnect?

    • IPsec (IKEv2) VPN
    • site-to-site VPN
    • clientless SSL VPN
    • IPsec (IKEv1) VPN
  20. Which statement describes available user authentication methods when using an ASA 5505 device?

    • The ASA 5505 can use either a AAA server or a local database.
    • The ASA 5505 only uses a AAA server for authentication.
    • The ASA 5505 only uses a local database for authentication.
    • The ASA 5505 must use both a AAA server and a local database.
  21. Which remote-access VPN connection needs a bookmark list?

    • IPsec (IKEv1) VPN
    • IPsec (IKEv2) VPN
    • site-to-site VPN
    • clientless SSL VPN
  22. What occurs when a user logs out of the web portal on a clientless SSL VPN connection?

    • The browser cache is cleared.
    • Downloaded files are deleted.
    • The user no longer has access to the VPN.
    • The web portal times out.
  23. If an outside host does not have the Cisco AnyConnect client preinstalled, how would the host gain access to the client image?

    • The host initiates a clientless connection to a TFTP server to download the client.
    • The host initiates a clientless VPN connection using a compliant web browser to download the client.
    • The Cisco AnyConnect client is installed by default on most major operating systems.
    • The host initiates a clientless connection to an FTP server to download the client.
  24. What is an optional feature that is performed during the Cisco AnyConnect Secure Mobility Client VPN establishment phase?

    • security optimization
    • host-based ACL installation
    • posture assessment
    • quality of service security
  25. Which item describes secure protocol support provided by Cisco AnyConnect?

    • neither SSL nor IPsec
    • SSL only
    • both SSL and IPsec
    • IPsec only
  26. What is the purpose of configuring an IP address pool to be used for client-based SSL VPN connections?

    • to assign addresses to the interfaces on the ASA
    • to identify which users are allowed to download the client image
    • to assign IP addresses to clients when they connect
    • to identify which clients are allowed to connect

Comments

comments