Author: CCNA Security

CCNA Security Practice Skills Assesement Part 1 CCNA Security 2.0 PT Practice SA – Part 1 A few things to keep in mind while completing this activity: Do not use the browser Back button or close or reload any exam windows during the exam. Do not close Packet Tracer when you are done. It will close automatically. Click the Submit Assessment button to submit your work. Introduction In this practice Packet Tracer Skills Based Assessment, you will: configure basic device hardening and secure network management configure port security and disable unused switch ports configure an IOS IPS configure a Zone-based Policy Firewall (ZPF) to implement security policies…

CCNA Security Final Exam Answers Why are DES keys considered weak keys? They are more resource intensive. DES weak keys use very long key sizes. They produce identical subkeys.* DES weak keys are difficult to manage. What is a benefit of using a next-generation firewall rather than a stateful firewall? reactive protection against Internet attacks granularity control within applications* support of TCP-based packet filtering support for logging A network administrator enters the single-connection command. What effect does this command have on AAA operation? allows a new TCP session to be established for every authorization request authorizes connections based on a…

CCNA Security Practice Final Exam Answers What ports can receive forwarded traffic from an isolated port that is part of a PVLAN? other isolated ports and community ports only promiscuous ports* all other ports within the same community only isolated ports PVLANs are used to provide Layer 2 isolation between ports within the same broadcast domain. The level of isolation can be specified with three types of PVLAN ports: Promiscuous ports that can forward traffic to all other ports Isolated ports that can only forward traffic to promiscuous ports Community ports that can forward traffic to other community ports and…

CCNA Security Chapter 11 Exam Answers Which type of security policy document is it that includes implementation details that usually contain step-by-step instructions and graphics? best practices document procedure document* standards document guideline document There are three security policy documents: the standards document, which helps to maintain consistency in network operations the guidelines document, which gives suggestions on how to operate more securely and efficiently the procedures document, which gives detailed standards and guidelines that include step-by-step instructions What is the purpose of a security awareness campaign? to teach skills so employees can perform security tasks to focus the attention…

CCNA Security Chapter 10 Exam Answers What must be configured on an ASA before it can be accessed by ASDM? web server access* Telnet or SSH an Ethernet port other than 0/0 Ethernet 0/0 IP address Before an ASA can be accessed using ASDM, the ASA must have access permissions and the ASA web server enabled. Furthermore, a management interface must be configured. On an ASA 5505, a logical VLAN interface and Ethernet port other than 0/0 must be configured. All other ASAs must have a dedicated Layer 3 management interface that is assigned an IP address and appropriate security…

CCNA Security Chapter 9 Exam Answers What command defines a DHCP pool that uses the maximum number of DHCP client addresses available on an ASA 5505 that is using the Base license? CCNAS-ASA(config)# dhcpd address 192.168.1.20-192.168.1.50 inside CCNAS-ASA(config)# dhcpd address 192.168.1.10-192.168.1.100 inside CCNAS-ASA(config)# dhcpd address 192.168.1.25-192.168.1.56 inside* CCNAS-ASA(config)# dhcpd address 192.168.1.30-192.168.1.79 inside The ASA 5505 Base license is a 10-user license and therefore the maximum number of DHCP clients supported is 32. The only pool that contains 32 addresses is the pool with range 192.168.1.25-192.168.1.56 Refer to the exhibit. An administrator creates three zones (A, B, and C) in an…

CCNA Security Chapter 8 Exam Answers Which transform set provides the best protection? crypto ipsec transform-set ESP-DES-SHA esp-aes-256 esp-sha-hmac* crypto ipsec transform-set ESP-DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-SHA esp-aes esp-des esp-sha-hmac DES uses 56-bit keys. 3DES uses 56-bit keys, but encrypts three times. AES uses 128-bit keys. AES-256 uses 256-bit keys and is the strongest. Which three ports must be open to verify that an IPsec VPN tunnel is operating properly? (Choose three.) 168 50* 169 501 500* 51* Refer to the exhibit. How will traffic that does not match that defined by…

CCNA Security Chapter 7 Exam Answers An online retailer needs a service to support the nonrepudiation of the transaction. Which component is used for this service? the private key of the retailer the unique shared secret known only by the retailer and the customer the public key of the retailer the digital signatures* Digital signatures, generated by hash function, can provide the service for nonrepudiation of the transaction. Both public and private keys are used to encrypt data during the transaction. Shared secrets between the retailer and customers are not used. In which situation is an asymmetric key algorithm used?…

CCNA Security Chapter 6 Exam Answers In what situation would a network administrator most likely implement root guard? on all switch ports (used or unused) on all switch ports that connect to a Layer 3 device on all switch ports that connect to host devices on all switch ports that connect to another switch on all switch ports that connect to another switch that is not the root bridge* Root guard in conjunction with PortFast, and BPDU guard is used to prevent an STP manipulation attack. Refer to the exhibit. The Fa0/2 interface on switch S1 has been configured with…