1. What causes a buffer overflow?

o attempting to write more data to a memory location than that

location can hold*
2. What commonly motivates cybercriminals to attack networks as compared
to hactivists or state-sponsored hackers?
o financial gain*
3. Which two network security solutions can be used to mitigate DoS attacks?
(Choose two.)
o intrusion protection systems*
4. Which two statements characterize DoS attacks? (Choose two.)
o Examples include smurf attacks and ping of death attacks.*
o They attempt to compromise the availability of a network, host, or
application*
5. An attacker is using a laptop as a rogue access point to capture all network
traffic from a targeted user. Which type of attack is this?
o man in the middle*
6. What functional area of the Cisco Network Foundation Protection
framework is responsible for device-generated packets required for network
operation, such as ARP message exchanges and routing advertisements?
o control plane*
7. What method can be used to mitigate ping sweeps?
o blocking ICMP echo and echo-replies at the network edge*
8. What are the three major components of a worm attack? (Choose three.)
o a payload*
o an enabling vulnerability*
o a propagation mechanism*
9. Which statement accurately characterizes the evolution of threats to
network security?
o Internal threats can cause even greater damage than external
threats.*
10. What are the three components of information security ensured by
cryptography? (Choose three.)
o confidentiality*
o integrity*
o availability*
11. What is the primary method for mitigating malware?
o installing antivirus software on all hosts*
12. What is an objective of a state-sponsored attack?
o to right a perceived wrong*
13. What role does the Security Intelligence Operations (SIO) play in the Cisco
SecureX architecture?
o identifying and stopping malicious traffic*
14. What worm mitigation phase involves actively disinfecting infected systems?
o Treatment*
15. How is a smurf attack conducted?
o by sending a large number of ICMP requests to directed broadcast
addresses from a spoofed source address on the same network*
16. Which two statements describe access attacks? (Choose two.)
o Buffer overflow attacks write data beyond the hallocated buffer
memory to overwrite valid data or to exploit systems to execute
malicious code.*
o Password attacks can be implemented by the use os brute-force attack
methods, Trojan horse, or packet sniffers.*
17. What is a ping sweep?
o a network scanning technique that indicates the live hosts in a range
of IP addresses.
18. Fill in the blank.
As a dedicated network security tool, an intrusion Prevention system can
provide detection and blocking of attacks in real time.
19. What is a characteristic of a Trojan horse as it relates to network security?
o Malware is contained in a seemingly legitimate executable program.*
20. What is the first step in the risk management process specified by the
ISO/IEC?.
o Conduct a risk assessment.*
21. What is the significant characteristic of worm malware?
o A worm can execute independently of the host system.*
22. Which condition describes the potential threat created by Instant On in a
data center?
o when a VM that may have outdated security policies is brought online
after a long period of inactivity.*
23. What are the three core components of the Cisco Secure Data Center
solution? (Choose three.)
o secure segmentation*
o visibility*
o threat defense*
24. A disgruntled employee is using Wireshark to discover administrative
Telnet usernames and passwords. What type of network attack does this
describe?
o reconnaissance*
25. What is the role of an IPS?
o detecting and blocking of attacks in real time*

1. Which three areas of router security must be maintained to secure an edge

router at the network perimeter? (Choose three.)
o router hardening*
o operating system security*
o physical security*
2. Which recommended security practice prevents attackers from performing
password recovery on a Cisco IOS router for the purpose of gaining access
to the privileged EXEC mode?
o Locate the router in a secure locked room that is accessible only to
authorized personnel.*
3. Refer to the exhibit. Based on the output of the show running-config
command, which type of view is SUPPORT?

o superview, containing SHOWVIEW and VERIFYVIEW views*

4. Which two characteristics apply to role-based CLI access superviews?
(Choose two.)
o A specific superview cannot have commands added to it directly.*
o Users logged in to a superview can access all commands specified
within the associated CLI views.*
5. Which three types of views are available when configuring the role-based
CLI access feature? (Choose three.)
o superview*
o root view*
o CLI view*
6. If AAA is already enabled, which three CLI steps are required to configure
a router with a specific view? (Choose three.)
o Create a view using the parser view view-name command.*
o Assign a secret password to the view.*
o Assign commands to the view.*
7. What occurs after RSA keys are generated on a Cisco router to prepare for
secure device management?
o The generated keys can be used by SSH.*
8. Which three statements describe limitations in using privilege levels for
assigning command authorization? (Choose three.)
o Creating a user account that needs access to most but not all
commands can be a tedious process.*
o Commands set on a higher privilege level are not available for lower
privilege users.*
o There is no access control to specific interfaces on a router.*
9. What command must be issued to enable login enhancements on a Cisco
router?
o login block-for*
10. An administrator defined a local user account with a secret password on
router R1 for use with SSH. Which three additional steps are required to
configure R1 to accept only encrypted SSH connections? (Choose three.)
o Enable inbound vty SSH sessions.*
o Configure the IP domain name on the router.*
o Generate the SSH keys.*
11. Which set of commands are required to create a username of admin, hash
the password using MD5, and force the router to access the internal
username database when a user attempts to access the console?
o R1(config)# username admin secret Admin01pa55
R1(config)# line con 0
R1(config-line)# login local*
12. Refer to the exhibit. Which statement about the JR-Admin account is true?

o JR-Admin can issue ping and reload commands*

13. What is the default privilege level of user accounts created on Cisco routers?
o 1*
14. A network administrator notices that unsuccessful login attempts have
caused a router to enter quiet mode. How can the administrator maintain
remote access to the networks even during quiet mode?
o Quiet mode behavior can be overridden for specific networks by
using an ACL.*
15. What is a characteristic of the Cisco IOS Resilient Configuration feature?
o A snapshot of the router running configuration can be taken and
securely archived in persistent storage.*
16. What are two reasons to enable OSPF routing protocol authentication on a
network? (Choose two.)
o to prevent data traffic from being redirected and then discarded*
o to prevent redirection of data traffic to an insecure link*
17. Which two options can be configured by Cisco AutoSecure? (Choose two.)
o enable secret password*
o security banner*
18. Which three functions are provided by the syslog logging service? (Choose
three.)
o specifying where captured information is stored*
o gathering logging information*
o distinguishing between information to be captured and information to
be ignored*
19. What is the Control Plane Policing (CoPP) feature designed to accomplish?
o prevent unnecessary traffic from overwhelming the route processor*
20. What is a requirement to use the Secure Copy Protocol feature?
o A command must be issued to enable the SCP server side
functionality.*
21. What is a characteristic of the MIB?
o The OIDs are organized in a hierarchical structure.*
22. Which three items are prompted for a user response during interactive
AutoSecure setup? (Choose three.)
o content of a security banner*
o enable secret password*
o enable password*
23. security on all company routers. Which two commands must be issued to
force authentication via the password 1A2b3C for all OSPF-enabled
interfaces in the backbone area of the company network? (Choose two.)
o area 0 authentication message-digest*
o ip ospf message-digest-key 1 md5 1A2b3C*
24. What is the purpose of using the ip ospf message-digest-key key md5
password command and the area area-id authentication message-digest
command on a router?
o to configure OSPF MD5 authentication globally on the router*
25. Which three actions are produced by adding Cisco IOS login enhancements
to the router login process? (Choose three.)
o create syslog messages*
o slow down an active attack*
o disable logins from specified hosts*

1. Refer to the exhibit. Router R1 has been configured as shown, with the
resulting log message. On the basis of the information that is presented,
which two statements describe the result of AAA authentication operation?
(Choose two.)

o The locked-out user stays locked out until the clear aaa local user
lockout username Admin command is issued.*
o The locked-out user failed authentication.*
2. A user complains about being locked out of a device after too many
unsuccessful AAA login attempts. What could be used by the network
administrator to provide a secure authentication access method without
locking a user out of a device?
o Use the login delay command for authentication attempts.*
3. A user complains about not being able to gain access to a network device
configured with AAA. How would the network administrator determine if
login access for the user account is disabled?
o Use the show aaa local user lockout command.*
4. When a method list for AAA authentication is being configured, what is the
effect of the keyword local?
o It accepts a locally configured username, regardless of case*
o It defaults to the vty line password for authentication.
5. Which solution supports AAA for both RADIUS and TACACS+ servers?
o Implement Cisco Secure Access Control System (ACS) only.*
6. What difference exists when using Windows Server as an AAA server,
rather than Cisco Secure ACS?
o Windows Server uses its own Active Directory (AD) controller for
authentication and authorization.*
7. What is a characteristic of TACACS+?
o TACACS+ provides authorization of router commands on a per-user
or per-group basis.*
8. Which debug command is used to focus on the status of a TCP connection
when using TACACS+ for authentication?
o debug tacacs events*
9. Which characteristic is an important aspect of authorization in an AAA-
enabled network device?
o User access is restricted to certain services.*
10. What is the result of entering the aaa accounting network command on a
router?
o The router collects and reports usage data related to network-related
service requests.*
11. What is a characteristic of AAA accounting?
o Possible triggers for the aaa accounting exec default command
include start-stop and stop-only.*
12. When using 802.1X authentication, what device controls physical access to
the network, based on the authentication status of the client?
o the switch that the client is connected to*
13. Because of implemented security controls, a user can only access a server
with FTP. Which AAA component accomplishes this?
o authorization*
14. Why is authentication with AAA preferred over a local database method?
o It provides a fallback authentication method if the administrator
forgets the username or password.*
15. Which authentication method stores usernames and passwords in ther
router and is ideal for small networks.
o local AAA*
16. Which component of AAA allows an administrator to track individuals who
access network resources and any changes that are made to those resources?
o accounting*
17. Which two features are included by both TACACS+ and RADIUS
protocols? (Choose two.)
o password encryption*
o utilization of transport layer protocols*
18. Which server-based authentication protocol would be best for an
organization that wants to apply authorization policies on a per-group
basis?
o TACACS+*
19. Refer to the exhibit. Which statement describes the configuration of the
ports for Server1?

o The ports configured for Server1 on the router must be identical to

those configured on the RADIUS server.*
20. True or False?
The single-connection keyword prevents the configuration of multiple
TACACS+ servers on a AAA-enabled router.
o false*
21. Why would a network administrator include a local username
configuration, when the AAA-enabled router is also configured to
authenticate using several ACS servers?
o The local username database will provide a backup for authentication
in the event the ACS servers become unreachable.*
22. Which authentication method stores usernames and passwords in the router
and is ideal for small networks?
o local AAA*
23. What device is considered a supplicant during the 802.1X authentication
process?
o the client that is requesting authentication*
24. What protocol is used to encapsulate the EAP data between the
authenticator and authentication server performing 802.1X authentication?
o RADIUS*

1. Which statement describes a typical security policy for a DMZ firewall

configuration?
o Traffic that originates from the DMZ interface is selectively
permitted to the outside interface.*
2. Refer to the exhibit. Which statement describes the function of the ACEs?

o These ACEs allow for IPv6 neighbor discovery traffic.*

3. When an inbound Internet-traffic ACL is being implemented, what should
be included to prevent the spoofing of internal networks?
o ACEs to prevent traffic from private address spaces*
4. In addition to the criteria used by extended ACLs, what conditions are used
by a classic firewall to filter traffic?
o application layer protocol session information*
5. A router has been configured as a classic firewall and an inbound ACL
applied to the external interface. Which action does the router take after
inbound-to-outbound traffic is inspected and a new entry is created in the
state table?
o A dynamic ACL entry is added to the external interface in the
inbound direction.*
6. Refer to the exhibit. If a hacker on the outside network sends an IP packet
with source address 172.30.1.50, destination address 10.0.0.3, source port 23,
and destination port 2447, what does the Cisco IOS firewall do with the
packet?

o The packet is dropped.*

7. What is one benefit of using a stateful firewall instead of a proxy server?
o better performance*
8. What is one limitation of a stateful firewall?
o not as effective with UDP- or ICMP-based traffic*
9. To facilitate the troubleshooting process, which inbound ICMP message
should be permitted on an outside interface?
o echo reply*
10. Which command is used to activate an IPv6 ACL named ENG_ACL on an
interface so that the router filters traffic prior to accessing the routing
table?
o ipv6 traffic-filter ENG_ACL in*
11. If the provided ACEs are in the same ACL, which ACE should be listed first
in the ACL according to best practice?
o permit udp 172.16.0.0 0.0.255.255 host 172.16.1.5 eq snmptrap*
12. Which security tool monitors network traffic as it flows into and out of the
organization and determines whether packets belong to an existing
connection or are from an unauthorized source?
o stateful firewall*
13. A company is deploying a new network design in which the border router
has three interfaces. Interface Serial0/0/0 connects to the ISP,
GigabitEthernet0/0 connects to the DMZ, and GigabitEthernet/01 connects
to the internal private network. Which type of traffic would receive the least
amount of inspection (have the most freedom of travel)?
o traffic that is going from the private network to the DMZ*
14. Refer to the exhibit. The ACL statement is the only one explicitly configured
on the router. Based on this information, which two conclusions can be
drawn regarding remote access network connections? (Choose two.)

o Telnet connections from the 192.168.1.0/24 network to the

192.168.2.0/24 network are blocked.*
o SSH connections from the 192.168.1.0/24 network to the
192.168.2.0/24 network are allowed.*
15. Consider the following access list.
access list.access-list 100 permit ip host 192.168.10.1 any
access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo
access-list 100 permit ip any any
Which two actions are taken if the access list is placed inbound on a router
Gigabit Ethernet port that has the IP address 192.168.10.254 assigned?
(Choose two.)
o Devices on the 192.168.10.0/24 network are not allowed to ping other
devices on the 192.168.11.0 network.*
o A Telnet or SSH session is allowed from any device on the
192.168.10.0 into the router with this access list assigned.*
16. What is the function of the pass action on a Cisco IOS Zone-Based Policy
Firewall?
o orwarding traffic from one zone to another*
17. When a Cisco IOS Zone-Based Policy Firewall is being configured via CLI,
which step must be taken after zones have been created?
o Establish policies between zones.*
18. A network administrator is implementing a Classic Firewall and a Zone-
Based Firewall concurrently on a router. Which statement best describes
this implementation?
o The two models cannot be implemented on a single interface.*
19. Which two rules about interfaces are valid when implementing a Zone-
Based Policy Firewall? (Choose two.)
o If neither interface is a zone member, then the action is to pass
traffic.*
o If both interfaces are members of the same zone, all traffic will be
passed.*
20. Which command will verify a Zone-Based Policy Firewall configuration?
o show running-config*
21. Refer to the exhibit. The network “A” contains multiple corporate servers that
are accessed by hosts from the Internet for information about the corporation.
What term is used to describe the network marked as “A”?

o DMZ*
22. Which type of packet is unable to be filtered by an outbound ACL?
o router-generated packet*
23. When a Cisco IOS Zone-Based Policy Firewall is being configured, which
two actions can be applied to a traffic class? (Choose two.)
o drop*
o inspect*
24. Fill in the blank.
A stateful firewall monitors the state of connections as network traffic flows into
and out of the organization.
25. Fill in the blank.
The pass action in a Cisco IOS Zone-Based Policy Firewall is similar to a permit
statement in an ACL.

1. What is the purpose in configuring an IOS IPS crypto key when enabling
IOS IPS on a Cisco router?
o to verify the digital signature for the master signature file*
2. Refer to the exhibit. What is the result of issuing the Cisco IOS IPS
commands on router R1?

o All traffic that is permitted by the ACL is subject to inspection by the

IPS.*
3. A system analyst is configuring and tuning a recently deployed IPS
appliance. By examining the IPS alarm log, the analyst notices that the IPS
does not generate alarms for a few known attack packets. Which term
describes the lack of alarms by the IPS?
o false negative*
4. A security specialist configures an IPS so that it will generate an alert when
an attack is first detected. Alerts for the subsequent detection of the same
attack are suppressed for a pre-defined period of time. Another alert will be
generated at the end of the period indicating the number of the attack
detected. Which IPS alert monitoring mechanism is configured?
o summary alert*
5. In configuring a Cisco router to prepare for IPS and VPN features, a
network administrator opens the file realm-cisco.pub.key.txt, and copies
and pastes the contents to the router at the global configuration prompt.
What is the result after this configuration step?
o A crypto key is created for IOS IPS to verify the master signature
file.*
6. Which two benefits does the IPS version 5.x signature format provide over
the version 4.x signature format? (Choose two.)
o support for encrypted signature parameters*
o addition of a signature risk rating*
7. What information must an IPS track in order to detect attacks matching a
composite signature?
o the state of packets related to the attack*
8. What is a disadvantage of a pattern-based detection mechanism?
o It cannot detect unknown attacks.*
9. Which type of IPS signature detection is used to distract and confuse
attackers?
o honeypot-based detection*
10. Which statement is true about an atomic alert that is generated by an IPS?
o It is an alert that is generated every time a specific signature has been
found.*
11. Refer to the exhibit. Based on the configuration, which traffic will be
examined by the IPS that is configured on router R1?

o no traffic will be inspected*

12. A network administrator suspects the default setting of the ip ips notify sdee
command has caused performance degradation on the Cisco IOS IPS
router. The network administrator enters the ip sdee events 50 command in
an attempt to remedy the performance issues. What is the immediate effect
of this command?
o All events that were stored in the previous buffer are lost.*
13. True or False?
A Cisco IDS does not affect the flow of traffic when it operates in
promiscuous mode
o true*
14. What is a required condition to enable IPS activity reporting using the
SDEE format?
o Enable an HTTP or HTTPS service on the router.*
15. Refer to the exhibit. Which statement best describes how incoming traffic on
serial 0/0 is handled?

o Traffic matching ACL 100 will be scanned and reported.*

16. Refer to the exhibit. Based on the IPS configuration provided, which
conclusion can be drawn?

o Only the signatures in the ios_ips basic category will be compiled into
memory and used by the IPS.*
17. A network administrator is configuring an IOS IPS with the command
R1(config)# ip ips signature-definition
Which configuration task can be achieved with this command?
o Retire or unretire an individual signature.*
18. What are two disadvantages of using an IDS? (Choose two.)
o The IDS does not stop malicious traffic.*
o The IDS requires other devices to respond to attacks.*
19. What are two shared characteristics of the IDS and the IPS? (Choose two.)
o Both use signatures to detect malicious traffic.*
o Both are deployed as sensors.*
20. Refer to the exhibit. A network administrator enters the command on a
Cisco IOS IPS router. What is the effect?

o Alert messages are sent in syslog format.*

21. What is a disadvantage of network-based IPS as compared to host-based
IPS?
o Network-based IPS cannot examine encrypted traffic.*
22. An IPS sensor has detected the string confidential across multiple packets in
a TCP session. Which type of signature trigger and signature type does this
describe?
o Trigger: Pattern-based detection
Type: Composite signature*
23. What are two drawbacks to using HIPS? (Choose two.)
o With HIPS, the network administrator must verify support for all the
different operating systems used inthe network.*
o HIPS has difficulty constructing an accurate network picture or
coordinating events that occur across the entire network.*

1. In what situation would a network administrator most likely implement root

guard?
o on all switch ports that connect to another switch that is not the root
bridge*
2. Refer to the exhibit. The Fa0/2 interface on switch S1 has been configured
with the switchport port-security mac-address 0023.189d.6456 command
and a workstation has been connected. What could be the reason that the
Fa0/2 interface is shutdown?

o The MAC address of PC1 that connects to the Fa0/2 interface is not
the configured MAC address.*
3. Two devices that are connected to the same switch need to be totally isolated
from one another. Which Cisco switch security feature will provide this
isolation?
o PVLAN Edge*
4. Which type of VLAN-hopping attack may be prevented by designating an
unused VLAN as the native VLAN?
o VLAN double-tagging*
5. What component of Cisco NAC is responsible for performing deep
inspection of device security profiles?
o Cisco NAC Agent*
6. Which three functions are provided under Cisco NAC framework solution?
(Choose three.)
o AAA services*
o scanning for policy compliance*
o remediation for noncompliant devices*
7. Which feature is part of the Antimalware Protection security solution?
o file retrospection*
8. What protocol should be disabled to help mitigate VLAN hopping attacks?
o DTP*
9. What network attack seeks to create a DoS for clients by preventing them
from being able to obtain a DHCP lease?
o DHCP starvation*
10. What is the only type of port that an isolated port can forward traffic to on
a private VLAN?
o a promiscuous port*
11. What security countermeasure is effective for preventing CAM table
overflow attacks?
o port security*
12. Which two functions are provided by Network Admission Control? (Choose
two.)
o enforcing network security policy for hosts that connect to the
network*
o ensuring that only authenticated hosts can access the network*
13. Which spanning-tree enhancement prevents the spanning-tree topology
from changing by blocking a port that receives a superior BPDU?
o root guard*
14. What is the role of the Cisco NAC Manager in implementing a secure
networking infrastructure?
o to define role-based user access and endpoint security policies*
15. What is the role of the Cisco NAC Server within the Cisco Secure Borderless
Network Architecture?
o assessing and enforcing security policy compliance in the NAC
environment*
16. What is the role of the Cisco NAC Guest Server within the Cisco Borderless
Network architecture?
o It provides the ability for creation and reporting of guest accounts.*
17. Which security feature should be enabled in order to prevent an attacker
from overflowing the MAC address table of a switch?
o port security*
18. What is the behavior of a switch as a result of a successful CAM table
attack?
o The switch will forward all received frames to all other ports.*
19. What additional security measure must be enabled along with IP Source
Guard to protect against address spoofing?
o DHCP snooping*
20. Which mitigation technique would prevent rogue servers from providing
false IP configuration parameters to clients?
o implementing port security*
21. What are three techniques for mitigating VLAN hopping attacks? (Choose
three.)
o Set the native VLAN to an unused VLAN.*
o Disable DTP.*
o Enable trunking manually.*
22. What two mechanisms are used by Dynamic ARP inspection to validate
ARP packets for IP addresses that are dynamically assigned or IP addresses
that are static? (Choose two.)
o MAC-address-to-IP-address bindings*
o ARP ACLs*
23. Which STP stability mechanism is used to prevent a rogue switch from
becoming the root switch?
o root guard*
24. How can a user connect to the Cisco Cloud Web Security service directly?
o by using a proxy autoconfiguration file in the end device*
25. What security benefit is gained from enabling BPDU guard on PortFast
enabled interfaces?
o preventing rogue switches from being added to the network*
26. Fill in the blank.
DHCP snooping is a mitigation technique to prevent rogue DHCP servers from
providing false IP configuration parameters.

1. An online retailer needs a service to support the nonrepudiation of the

transaction. Which component is used for this service?
o the digital signatures*
2. In which situation is an asymmetric key algorithm used?
o A network administrator connects to a Cisco router with SSH.*
3. What is the purpose of a nonrepudiation service in secure communications?
o to ensure that the source of the communications is confirmed*
4. Which objective of secure communications is achieved by encrypting data?
o confidentiality*
5. Which encryption protocol provides network layer confidentiality?
o IPsec protocol suite*
6. Refer to the exhibit. Which encryption algorithm is described in the exhibit?

o 3DES*
7. Why is the 3DES algorithm often preferred over the AES algorithm?
o 3DES is more trusted because it has been proven secure for a longer
period than AES.*
8. What is the most common use of the Diffie-Helman algorithm in
communications security?
o to secure the exchange of keys used to encrypt data*
9. What is the focus of cryptanalysis?
o developing secret codes*
10. How many bits does the Data Encryption Standard (DES) use for data
encryption?
o 56 bits*
11. Which statement describes the Software-Optimized Encryption Algorithm
(SEAL)?
o SEAL is a stream cipher.*
12. Which encryption algorithm is an asymmetric algorithm?
o DH*
13. Which type of encryption algorithm uses public and private keys to provide
authentication, integrity, and confidentiality?
o asymmetric*
14. How do modern cryptographers defend against brute-force attacks?
o Use a keyspace large enough that it takes too much money and too
much time to conduct a successful attack.*
15. Which statement describes asymmetric encryption algorithms?
o They are relatively slow because they are based on difficult
computational algorithms.*
16. Which two non-secret numbers are initially agreed upon when the Diffie-
Hellman algorithm is used? (Choose two.)
o generator*
o prime modulus*
17. What type of encryption algorithm uses the same key to encrypt and
decrypt data?
o Shared-secret*
18. How many bits does the Data Encryption Standard (DES) use for data
encryption?
o 56 bits*
19. In what situation would an asymmetric algorithm most likely be used?
o making an online purchase*
20. Why is asymmetric algorithm key management simpler than symmetric
algorithm key management?
o One of the keys can be made public.*
21. What is the purpose of code signing?
o integrity of source .EXE files*
22. Which algorithm can ensure data confidentiality?
o AES*
23. What is the purpose of a digital certificate?
o It authenticates a website and establishes a secure connection to
exchange confidential data.*
24. Fill in the blank.
A shared secret is a symmetric key used in a encryption algorithm.

1. Which transform set provides the best protection?

o crypto ipsec transform-set ESP-DES-SHA esp-aes-256 esp-sha-hmac*
2. Which three ports must be open to verify that an IPsec VPN tunnel is
operating properly? (Choose three.)
o 50*
o 500*
o 51*
3. Refer to the exhibit. How will traffic that does not match that defined by
access list 101 be treated by the router?

o It will be sent unencrypted.*

4. What three protocols must be permitted through the company firewall for
establishment of IPsec site-to-site VPNs? (Choose three.)
o AH*
o ISAKMP*
o ESP*
5. When is a security association (SA) created if an IPsec VPN tunnel is used to
connect between two sites?
o during both Phase 1 and 2*
6. In which situation would the Cisco Discovery Protocol be disabled?
o when a PC with Cisco IP Communicator installed connects to a Cisco
switch*
7. Which two statements accurately describe characteristics of IPsec? (Choose
two.)
o IPsec is a framework of open standards that relies on existing
algorithms.*
o IPsec works at the network layer and operates over all Layer 2
protocols.*
8. Which action do IPsec peers take during the IKE Phase 2 exchange?
o negotiation of IPsec policy*
9. Which statement describes the effect of key length in deterring an attacker
from hacking through an encryption key?
o The longer the key, the more key possibilities exist.*
10. What is the purpose of configuring multiple crypto ACLs when building a
VPN connection between remote sites?
o When multiple combinations of IPsec protection are being chosen,
multiple crypto ACLs can define different traffic types.*
11. Consider the following configuration on a Cisco ASA:
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
What is the purpose of this command?
o to define the encryption and integrity algorithms that are used to
build the IPsec tunnel*
12. Which technique is necessary to ensure a private transfer of data using a
VPN?
o encryption*
13. Which statement describes a VPN?
o VPNs use virtual connections to create a private network through a
public network.*
14. Which protocol provides authentication, integrity, and confidentiality
services and is a type of VPN?
o IPsec*
15. Which three statements describe the IPsec protocol framework? (Choose
three.)
o AH provides integrity and authentication.*
o ESP provides encryption, authentication, and integrity.*
o AH uses IP protocol 51.*
16. Which statement accurately describes a characteristic of IPsec?
o IPsec is a framework of open standards that relies on existing
algorithms.*
17. Which two IPsec protocols are used to provide data integrity?
o SHA*
o MD5*
18. What is the function of the Diffie-Hellman algorithm within the IPsec
framework?
o allows peers to exchange shared keys*
19. Refer to the exhibit. What HMAC algorithm is being used to provide data
integrity?

o SHA*
20. What is needed to define interesting traffic in the creation of an IPsec
tunnel?
o access list*
21. Refer to the exhibit. What algorithm will be used for providing
confidentiality?

o AES*
22. Which two protocols must be allowed for an IPsec VPN tunnel is operate
properly? (Choose two.)
o 51*
o 50*
23. What is the purpose of NAT-T?
o permits VPN to work when NAT is being used on one or both ends of
the VPN*
24. Which term describes a situation where VPN traffic that is is received by an
interface is routed back out that same interface?
o hairpinning*
25. What is an important characteristic of remote-access VPNs?
o The VPN connection is initiated by the remote user.*
26. Which type of site-to-site VPN uses trusted group members to eliminate
point-to-point IPsec tunnels between the members of a group?
o GETVPN*
27. Refer to the exhibit. Which pair of crypto isakmp key commands would
correctly configure PSK on the two routers?

o R1(config)# crypto isakmp key cisco123 address 209.165.200.227

R2(config)# crypto isakmp key cisco123 address 209.165.200.226*

1. What command defines a DHCP pool that uses the maximum number of
DHCP client addresses available on an ASA 5505 that is using the Base
license?
o CCNAS-ASA(config)# dhcpd address 192.168.1.25-192.168.1.56
inside*
2. Refer to the exhibit. An administrator creates three zones (A, B, and C) in
an ASA that filters traffic. Traffic originating from Zone A going to Zone C
is denied, and traffic originating from Zone B going to Zone C is denied.
What is a possible scenario for Zones A, B, and C?

o A – DMZ, B – Outside, C – Inside*

3. Which two statements are true about ASA standard ACLs? (Choose two.)
o They are typically only used for OSPF routes.*
o They identify only the destination IP address.*
4. Refer to the exhibit. A network administrator is configuring the security
level for the ASA. What is a best practice for assigning the security level on
the three interfaces?

o Outside 0, Inside 100, DMZ 50*

5. Refer to the exhibit. A network administrator is configuring the security
level for the ASA. Which statement describes the default result if the
administrator tries to assign the Inside interface with the same security level
as the DMZ interface?

o The ASA will not allow traffic in either direction between the Inside
interface and the DMZ.*
6. What is a difference between ASA IPv4 ACLs and IOS IPv4 ACLs?
o ASA ACLs use the subnet mask in defining a network, whereas IOS
ACLs use the wildcard mask.*
7. What is one of the drawbacks to using transparent mode operation on an
ASA device?
o no support for QoS*
8. What is a characteristic of ASA security levels?
o An ACL needs to be configured to explicitly permit traffic from an
interface with a lower security level to an interface with a higher
security level.
9. What must be configured on a Cisco ASA device to support local
authentication?
o AAA*
10. Which statement describes a difference between the Cisco ASA IOS CLI
feature and the router IOS CLI feature?
o To use a show command in a general configuration mode, ASA can
use the command directly whereas a router will need to enter the do
command before issuing the show command.*
11. What are two factory default configurations on an ASA 5505? (Choose two.)
o PAT is configured to allow internal hosts to access remote networks
through an Ethernet interface.*
o VLAN 1 is assigned a security level of 100.*
12. Refer to the exhibit. Two types of VLAN interfaces were configured on an
ASA 5505 with a Base license. The administrator wants to configure a third
VLAN interface with limited functionality. Which action should be taken by
the administrator to configure the third interface?

o The administrator must enter the no forward interface vlan command

before the nameif command on the third interface.
13. What is the purpose of the webtype ACLs in an ASA?
o to filter traffic for clientless SSL VPN users*.
14. Refer to the exhibit. A network administrator has configured NAT on an
ASA device. What type of NAT is used?

o inside NAT*
15. Refer to the exhibit. A network administrator is configuring an object group
on an ASA device. Which configuration keyword should be used after the
object group name SERVICE1?

o tcp*
16. When dynamic NAT on an ASA is being configured, what two parameters
must be specified by network objects? (Choose two.)
o a range of private addresses that will be translated*
o the pool of public global addresses*
17. What function is performed by the class maps configuration object in the
Cisco modular policy framework?
o identifying interesting traffic*
18. Refer to the exhibit. Based on the security levels of the interfaces on ASA1,
what traffic will be allowed on the interfaces?

o Traffic from the LAN and DMZ can access the Internet.*
19. What are three characteristics of the ASA routed mode? (Choose three.)
o The interfaces of the ASA separate Layer 3 networks and require
different IP addresses in different subnets.*
o It is the traditional firewall deployment mode.*
o NAT can be implemented between connected networks.*
20. Refer to the exhibit. An administrator has configured an ASA 5505 as
indicated but is still unable to ping the inside interface from an inside host.
What is the cause of this problem?

o The no shutdown command should be entered on interface Ethernet

0/1.*
21. Refer to the exhibit. According to the command output, which three
statements are true about the DHCP options entered on the ASA 5505?
(Choose three.)

o The dhcpd address [start-of-pool]-[end-of-pool] inside command was

issued to enable the DHCP server.*
o The dhcpd auto-config outside command was issued to enable the
DHCP client.*
o The dhcpd enable inside command was issued to enable the DHCP
server.*
22. Refer to the exhibit. What will be displayed in the output of the show
running-config object command after the exhibited configuration
commands are entered on an ASA 5505?

o range 192.168.1.10 192.168.1.20*

23. Which type of NAT would be used on an ASA where 10.0.1.0/24 inside
addresses are to be translated only if traffic from these addresses is destined
for the 198.133.219.0/24 network?
o policy NAT*
24. Which statement describes a feature of AAA in an ASA device?
o Accounting can be used alone.*
25. A network administrator is working on the implementation of the Cisco
Modular Policy Framework on an ASA device. The administrator issues a
clear service-policy command. What is the effect after this command is
entered?
o All service policy statistics data are removed.*.
26. What is needed to allow specific traffic that is sourced on the outside
network of an ASA firewall to reach an internal network?
o ACL*

1. What must be configured on an ASA before it can be accessed by ASDM?

o web server access*
2. How is an ASA interface configured as an outside interface when using
ASDM?
o Enter the name “outside” in the Interface Name text box.*
3. Refer to the exhibit. Which Device Management menu item would be used
to access the ASA command line from within Cisco ASDM?

o Management Access*
4. Which ASDM configuration option is used to configure the ASA enable
secret password?
o Device Setup*
5. Refer to the exhibit. Which Device Setup ASDM menu option would be used
to configure the ASA for an NTP server?

o System Time*
6. True or False?
The ASA can be configured through ASDM as a DHCP server.
o true*
7. Which ASDM interface option would be used to configure an ASA as a
DHCP server for local corporate devices?
o inside*
8. When ASDM is used to configure an ASA site-to-site VPN, what can be
customized to secure traffic?
o IKE and ISAKMP*
9. Which VPN solution allows the use of a web browser to establish a secure,
remote-access VPN tunnel to the ASA?
o clientless SSL*
10. Which remote-access VPN connection allows the user to connect by using a
web browser?
o clientless SSL VPN*
11. Which ASDM configuration option re-encrypts all shared keys and
passwords on an ASA?
o master passphrase*
12. Which type of encryption is applied to shared keys and passwords when the
master passphrase option is enabled through ASDM for an ASA?
o AES*
13. Which statement describes the function provided to a network
administrator who uses the Cisco Adaptive Security Device Manager
(ASDM) GUI that runs as a Java Web Start application?
o The administrator can connect to and manage a single ASA.*
14. What is one benefit of using ASDM compared to using the CLI to configure
the Cisco ASA?
o It hides the complexity of security commands.*
15. Which type of security is required for initial access to the Cisco ASDM by
using the local application option?
o SSL*
16. Which minimum configuration is required on most ASAs before ASDM can
be used?
o a dedicated Layer 3 management interface*
17. When the CLI is used to configure an ISR for a site-to-site VPN connection,
which two items must be specified to enable a crypto map policy? (Choose
two.)
o the peer*
o a valid access list*
18. What is the purpose of the ACL in the configuration of an ISR site-to-site
VPN connection?
o to define interesting traffic*
19. Which remote-access VPN connection allows the user to connect using Cisco
AnyConnect?
o IPsec (IKEv2) VPN*
20. Which statement describes available user authentication methods when
using an ASA 5505 device?
o The ASA 5505 can use either a AAA server or a local database.*
21. Which remote-access VPN connection needs a bookmark list?
o clientless SSL VPN*
22. What occurs when a user logs out of the web portal on a clientless SSL VPN
connection?
o The user no longer has access to the VPN.*
23. If an outside host does not have the Cisco AnyConnect client preinstalled,
how would the host gain access to the client image?
o The host initiates a clientless VPN connection using a compliant web
browser to download the client.*
24. What is an optional feature that is performed during the Cisco AnyConnect
Secure Mobility Client VPN establishment phase?
o posture assessment*
25. Which item describes secure protocol support provided by Cisco
AnyConnect?
o both SSL and IPsec*
26. What is the purpose of configuring an IP address pool to be used for client-
based SSL VPN connections?
o to assign IP addresses to clients when they connect*

1. Which type of security policy document is it that includes implementation

details that usually contain step-by-step instructions and graphics?
o procedure document*
2. What is the purpose of a security awareness campaign?
o to focus the attention of employees on security issues*
3. What is the goal of network penetration testing?
o determining the feasibility and the potential consequences of a
successful attack*
4. What network security testing tool has the ability to provide details on the
source of suspicious network activity?
o SIEM*
5. What network scanning tool has advanced features that allows it to use
decoy hosts to mask the source of the scan?
o Nmap*
6. What network testing tool can be used to identify network layer protocols
running on a host?
o Nmap*
7. What type of network security test would be used by network
administrators for detection and reporting of changes to network systems?
o integrity checking*
8. What testing tool is available for network administrators who need a GUI
version of Nmap?
o Zenmap*
9. What are two major components of a security awareness program? (Choose
two.)
o awareness campaigns*
o education and training*
10. Which type of documents include implementation details that usually
contain step-by-step instructions and graphics?
o procedure documents*
11. Which initial step should be followed when a security breach is found on a
corporate system?
o Isolate the infected system.*
12. Which security test is appropriate for detecting system weaknesses such as
misconfiguration, default passwords, and potential DoS targets?
o vulnerability scanning*
13. How does network scanning help assess operations security?
o It can detect open TCP ports on network systems.*
14. What is the objective of the governing policy in the security policy hierarchy
structure?
o It outlines the company’s overall security goals for managers and
technical staff.*
15. What step should be taken after data is collected, but before equipment is
disconnected, if a security breach is found on a system?
o Photograph the system.*
16. Which security program is aimed at all levels of an organization, including
end users and executive staff?
o awareness campaigns*
17. What is implemented by administration to instruct end users in how to
effectively conduct business safely within an organization?
o security awareness program*
18. Which type of documents help an organization establish consistency in the
operations of the network by specifying criteria that must be followed?
o standards*
19. Which policy outlines the overall security goals for managers and technical
staff within a company?
o governing policy*
20. Which type of security policy includes network access standards and server
security policies?
o technical policy*
21. Which type of security policy includes acceptable encryption methods?
o technical policy*
22. What is the determining factor in the content of a security policy within an
organization?
o the audience*
23. Which executive position is ultimately responsible for the success of an
organization?
o Chief Executive Officer*
24. Match the network security testing tool with the correct function. (Not all
options are used.)
o Answer
1. Why are DES keys considered weak keys?
o They produce identical subkeys.*
2. What is a benefit of using a next-generation firewall rather than a stateful
firewall?
o granularity control within applications*
3. A network administrator enters the single-connection command. What
effect does this command have on AAA operation?
o allows a Cisco ACS server to minimize delay by establishing
persistent TCP connections*
4. Which two practices are associated with securing the features and
performance of router operating systems? (Choose two.)
o Keep a secure copy of router operating system images.*
o Configure the router with the maximum amount of memory
possible.*
5. Which statement describes a characteristic of the IKE protocol?
o It uses UDP port 500 to exchange IKE information between the
security gateways.*
6. Refer to the exhibit. If a network administrator is using ASDM to configure
a site-to-site VPN between the CCNAS-ASA and R3, which IP address
would the administrator use for the peer IP address textbox on the ASA if
data traffic is to be encrypted between the two remote LANs?

o 209.165.201.1*
7. Refer to the exhibit. Based on the security levels of the interfaces on the
ASA, what statement correctly describes the flow of traffic allowed on the
interfaces?

o Traffic that is sent from the DMZ and the LAN to the Internet is
considered outbound.*
8. What two assurances does digital signing provide about code that is
downloaded from the Internet? (Choose two.)
o The code has not been modified since it left the software publisher.*
o The code is authentic and is actually sourced by the publisher.*
9. What is a result of securing the Cisco IOS image using the Cisco IOS
Resilient Configuration feature?
o The Cisco IOS image file is not visible in the output of the show flash
command.*
10. The corporate security policy dictates that the traffic from the remote-
access VPN clients must be separated between trusted traffic that is destined
for the corporate subnets and untrusted traffic destined for the public
Internet. Which VPN solution should be implemented to ensure compliance
with the corporate policy?
o split tunneling*
11. Which two conditions must be met in order for a network administrator to
be able to remotely manage multiple ASAs with Cisco ASDM? (Choose two.)
o The ASAs must all be running the same ASDM version.*
o ASDM must be run as a local application.*
12. What is negotiated in the establishment of an IPsec tunnel between two
IPsec hosts during IKE Phase 1?
o ISAKMP SA policy*
13. What are two benefits of using a ZPF rather than a Classic Firewall?
(Choose two.)
o The ZPF is not dependent on ACLs.*
o ZPF policies are easy to read and troubleshoot.*
14. Which security policy characteristic defines the purpose of standards?
o required steps to ensure consistent configuration of all company
switches*
15. What algorithm is used to provide data integrity of a message through the
use of a calculated hash value?
o HMAC*
16. On which port should Dynamic ARP Inspection (DAI) be configured on a
switch?
o an uplink port to another switch*
17. What is a feature of a Cisco IOS Zone-Based Policy Firewall?
o A router interface can belong to only one zone at a time.*
18. Which security implementation will provide control plane protection for a
network device?
o routing protocol authentication*
19. What is the one major difference between local AAA authentication and
using the login local command when configuring device access
authentication?
o Local AAA authentication provides a way to configure backup
methods of authentication, but login local does not.*
20. Refer to the exhibit. A network administrator configures AAA
authentication on R1. The administrator then tests the configuration by
telneting to R1. The ACS servers are configured and running. What will
happen if the authentication fails?

o The authentication process stops.*

21. What are two tasks that can be accomplished with the Nmap and Zenmap
network tools? (Choose two.)
o identification of Layer 3 protocol support on hosts*
o TCP and UDP port scanning*
22. Which Cisco IOS subcommand is used to compile an IPS signature into
memory?
o retired false*
23. Refer to the exhibit. The administrator can ping the S0/0/1 interface of
RouterB but is unable to gain Telnet access to the router by using the
password cisco123. What is a possible cause of the problem?

o The password cisco123 is wrong.*

24. Refer to the exhibit. The ip verify source command is applied on untrusted
interfaces. Which type of attack is mitigated by using this configuration?

o MAC and IP address spoofing*

25. Refer to the exhibit. Which conclusion can be made from the show crypto
map command output that is shown on R1?

o The crypto map has not yet been applied to an interface.*

26. What type of algorithms require sender and receiver to exchange a secret
key that is used to ensure the confidentiality of messages?
o symmetric algorithms*
27. What is an advantage in using a packet filtering firewall versus a high-end
firewall appliance?
o Packet filters perform almost all the tasks of a high-end firewall at a
fraction of the cost.*
28. Refer to the exhibit. In the network that is shown, which AAA command
logs the use of EXEC session commands?

o aaa accounting exec start-stop group tacacs+*

29. Which interface option could be set through ASDM for a Cisco ASA?
o VLAN ID*
30. What are two characteristics of a stateful firewall? (Choose two.)
o uses connection information maintained in a state table*
o analyzes traffic at Layers 3, 4 and 5 of the OSI model*
31. What are three characteristics of SIEM? (Choose three.)
o can be implemented as software or as a service*
o examines logs and events from systems and applications to detect
security threats*
o consolidates duplicate event data to minimize the volume of gathered
data*
32. Which type of traffic is subject to filtering on an ASA 5505 device?
o inside to DMZ*
33. Which IDS/IPS signature alarm will look for packets that are destined to or
from a particular port?
o signature-based*
34. Which three actions can the Cisco IOS Firewall IPS feature be configured to
take when an intrusion activity is detected? (Choose three.)
o reset TCP connection*
o alert*
o drop*
35. Which two protocols can be selected using the Cisco AnyConnect VPN
Wizard to protect the traffic inside a VPN tunnel? (Choose two.)
o SSL*
o IPsec*
36. What is a characteristic of a role-based CLI view of router configuration?
o A single CLI view can be shared within multiple superviews.*
37. Match the network security testing technique with how it is used to test
network security. (Not all options are used)?
o Penetration testing = used to determine the possible consequences of
successful attacks on the network*.
o Vulnerability scanning = used to find weaknesses and
misconfigurations on network systems*.
o Network scanning = used to discover available resources on the
network*.
38. Which statement describes the use of certificate classes in the PKI?
o A class 5 certificate is more trustworthy than a class 4 certificate.*
39. Refer to the exhibit. An administrator issues these IOS login enhancement
commands to increase the security for login connections. What can be
concluded about them?

o The hosts that are identified in the ACL will have access to the
device.*
40. A company deploys a Cisco ASA with the Cisco CWS connector enabled as
the firewall on the border of corporate network. An employee on the
internal network is accessing a public website. What should the employee do
in order to make sure the web traffic is protected by the Cisco CWS?
o Use a web browser to visit the destination website.*
41. An administrator assigned a level of router access to the user ADMIN using
the commands below.?
Router(config)# privilege exec level 14 show ip route
Router(config)# enable algorithm-type scrypt secret level 14 cisco-level-10
Router(config)# username ADMIN privilege 14 algorithm-type scrypt secret
cisco-level-10
Which two actions are permitted to the user ADMIN? (Choose two.)
o The user can issue the show version command.*
o The user can only execute the subcommands under the show ip route
command.*
42. What mechanism is used by an ASA 5505 device to allow inspected
outbound traffic to return to the originating sender who is on an inside
network?
o stateful packet inspection*
43. Which two end points can be on the other side of an ASA site-to-site VPN
configured using ASDM? (Choose two.)
o ISR router*
o another ASA*
44. What Layer 2 attack is mitigated by disabling Dynamic Trunking Protocol?
o VLAN hopping*
45. In an AAA-enabled network, a user issues the configure terminal command
from the privileged executive mode of operation. What AAA function is at
work if this command is rejected?
o authorization*
46. An organization has configured an IPS solution to use atomic alerts. What
type of response will occur when a signature is detected?
o An alert is triggered each time a signature is detected.*
47. What two algorithms can be part of an IPsec policy to provide encryption
and hashing to protect interesting traffic? (Choose two.)
o AES*
o SHA*
48. Fill in the blank.?
A stateful signature is also known as a Composite? signature.
49. Why is hashing cryptographically stronger compared to a cyclical
redundancy check (CRC)?
o It is virtually impossible for two different sets of data to calculate the
same hash output.*
50. A network analyst wants to monitor the activity of all new interns. Which
type of security testing would track when the interns sign on and sign off the
network?
o integrity checker*
51. Refer to the exhibit. What two pieces of information can be gathered from
the generated message? (Choose two.)

o This message is a level five notification message.*

o This message indicates that service timestamps have been globally
enabled.*
52. What is required for auto detection and negotiation of NAT when
establishing a VPN link?
o Both VPN end devices must be NAT-T capable.*
53. Refer to the exhibit. The network administrator is configuring the port
security feature on switch SWC. The administrator issued the command
show port-security interface fa 0/2 to verify the configuration. What can be
concluded from the output that is shown? (Choose three.)

o This port is currently up.*

o Security violations will cause this port to shut down immediately.*
o There is no device currently connected to this port.*?
 o The switch port mode for this interface is access mode. [adef]
54. In which two instances will traffic be denied as it crosses the ASA 5505
device? (Choose two.)
o traffic originating from the DMZ network going to the inside
network*
o traffic originating from the outside network going to the inside
network*
55. Refer to the exhibit. Based on the configuration that is shown, which
statement is true about the IPS signature category?

o Only signatures in the ios_ips basic category will be compiled into

memory for scanning.*
56. Which two ports can send and receive Layer 2 traffic from a community
port on a PVLAN? (Choose two.)
o promiscuous ports*
o community ports belonging to the same community*
57. What is a feature of the TACACS+ protocol?
o It encrypts the entire body of the packet for more secure
communications.*
58. Which security measure is best used to limit the success of a reconnaissance
attack from within a campus area network?
o Implement encryption for sensitive traffic.*
59. What is the benefit of the network-based IPS (NIPS) over host-based IPS
(HIPS) deployment models?
o NIPS monitors all operations within an operating system.*
60. What represents a best practice concerning discovery protocols such as CDP
and LLDP on network devices?
o Disable both protocols on all interfaces where they are not required.*
61. What function is provided by the Tripwire network security tool?
o security policy compliance*
62. What is the function of a policy map configuration when an ASA firewall is
being configured?
o binding class maps with actions*
63. If a network administrator wants to track the usage of FTP services, which
keyword or keywords should be added to the aaa accounting command?
o exec*
64. What is indicated by the use of the local-case keyword in a local AAA
authentication configuration command sequence?
o That passwords and usernames are case-sensitive.?
65. What is the purpose of a local username database if multiple ACS servers
are configured to provide authentication services?
o A local username database provides redundancy if ACS servers
become unreachable. [adef]*
66. Refer to the exhibit. Based on the security levels of the interfaces on ASA1,
what traffic will be allowed on the interfaces?

o Traffic from the LAN and DMZ can access the Internet.?
67. What are two reasons to enable OSPF routing protocol authentication on a
network? (Choose two.)
o to prevent data traffic from being redirected and then discarded?
o to prevent redirection of data traffic to an insecure link?
68. A security awareness session is best suited for which topic?
o how to install and maintain virus protection?
69. What provides both secure segmentation and threat defense in a Secure
Data Center solution?
o Adaptive Security Appliance*
70. Which two features should be configured on end-user ports in order to
prevent STP manipulation attacks( Choose two.)?
o BPDU guard*
o PortFast*
71. What is a characteristic of most modern viruses?
o Email viruses are the most common type of them.*
72. Which statement describes a characteristic of the Security Device Event
Exchange (SDEE) feature supported by the Cisco IOS IPS?
o SDEE notification is disabled by default. It does not receive and
process events from the Cisco IOS IPS unless SDEE notification is
enabled.*
73. Which network security tool allows an administrator to test and detect weak
passwords?
o L0phtcrack*
74. What is an advantage of logging packets that are seen by an IPS device?
o Administrators can decide what actions can be taken in the future.*
75. Which procedure is recommended to mitigate the chances of ARP spoofing?
o Enable DAI on the management VLAN.*
76. In a server-based AAA implementation, which protocol will allow the router
to successfully communicate with the AAA server?
o RADIUS*
77. A network technician is attempting to resolve problems with the NAT
configuration on anASA. The technician generates a ping from an inside
host to an outside host. Whichcommand verifies that addresses are being
translated on the ASA?
o show xlate*
78. What are three components of a technical security policy? (Choose three.)
o acceptable use policy*
o remote access policy*
o network access policy*
79. Which security policy outlines the overall security goals for managers and
technical personnel within an organization and includes the consequences of
noncompliance with the policy?
o governing policy*
80. What is a secure configuration option for remote access to a network
device?
o Configure SSH.*
81. On what switch ports should BPDU guard be enabled to enhance STP
stability?
o all PortFast-enabled ports*
82. Which feature is specific to the Security Plus upgrade license of an ASA
5505 and provides increased availability?
o redundant ISP connections*
83. A company deploys a hub-and-spoke VPN topology where the security
appliance is the hub and the remote VPN networks are the spokes. Which
VPN method should be used in order for one spoke to communicate with
another spoke through the single public interface of the security appliance?
o Hairpinning*
84. What are two drawbacks in assigning user privilege levels on a Cisco
router? (Choose two.)
o Assigning a command with multiple keywords allows access to all
commands using those keywords.*
o Commands from a lower level are always executable at a higher
level.*
85. Which two types of hackers are typically classified as grey hat hackers?
(Choose two.)
o vulnerability brokers*
o hacktivists*
86. What is the default preconfigured interface for the outside network on a
Cisco ASA 5505?
o VLAN 2*
87. A user successfully logs in to a corporate network via a VPN connection.
Which part of the AAA process records that a certain user performed a
specific operation at a particular date and time?
o accounting*
88. What determines which switch becomes the STP root bridge for a given
VLAN?
o the lowest bridge ID*
89. What is a function of the GRE protocol?
o to encapsulate multiple OSI Layer 3 protocol packet types inside an
IP tunnel*
90. What is used to determine the root bridge when the priority of the switches
are the same?
o the layer 2 address with the lowest hexadecimal value*
91. What is algorithm-type to protect the data in transit?
Hashing algorithm*
92. What type of ACL is designed for use in the configuration of an ASA to
support filtering for clientless SSL VPN’s?
o Webtype*
93. The following authentication configuration is applied to a router.
aaa authentication login default tacacs+ local enable none
Several days later the TACACS+ server goes off-line. Which method will be
used to authenticate users?
o none*
94. A security technician is evaluating a new operations security proposal
designed to limit access to all servers. What is an advantage of using
network security testing to evaluate the new proposal?
o Network security testing proactively evaluates the effectiveness of the
proposal before any real threat occurs.*
95. Which security implementation will provide management plane protection
for a network device?
o role-based access control*

1. What ports can receive forwarded traffic from an isolated port that is part
of a PVLAN?
o only promiscuous ports*
2. What is the next step in the establishment of an IPsec VPN after IKE Phase
1 is complete?
o negotiation of the IPsec SA policy*
3. What is an advantage of HIPS that is not provided by IDS?
o HIPS protects critical system resources and monitors operating
system processes.*
4. Which interface setting can be configured in ASDM through the Device
Setup tab?
o security level*
5. A security technician uses an asymmetric algorithm to encrypt messages
with a private key and then forwards that data to another technician. What
key must be used to decrypt this data?
o The public key of the sender.*
6. Which three areas of router security must be maintained to secure an edge
router at the network perimeter? (Choose three.)
o physical security*
o operating system security*
o router hardening*
7. What is the purpose of AAA accounting?
o to collect and report data usage*
8. What service or protocol does the Secure Copy Protocol rely on to ensure
that secure copy transfers are from authorized users?
o AAA*
9. Which statement accurately describes Cisco IOS Zone-Based Policy
Firewall operation?
o The pass action works in only one direction.
10. Which two statements describe the use of asymmetric algorithms? (Choose
two.)
o If a private key is used to encrypt the data, a public key must be used
to decrypt the data.*
o If a public key is used to encrypt the data, a private key must be used
to decrypt the data.*
11. Refer to the exhibit. Based on the output generated by the show monitor
session 1 command, how will SPAN operate on the switch?
o All traffic received on VLAN 10 or transmitted from VLAN 20 is
forwarded to FastEthernet 0/1.*
12. Refer to the exhibit. The ISAKMP policy for the IKE Phase 1 tunnel was
configured, but the tunnel does not yet exist. Which action should be taken
next before IKE Phase 1 negotiations can begin?
o Configure an ACL to define interesting traffic.*
13. On what switch ports should PortFast be enabled to enhance STP stability?
o all end-user ports*
14. What is the function of the Hashed Message Authentication Code (HMAC)
algorithm in setting up an IPsec VPN?
o guarantees message integrity*
15. What are three characteristics of the RADIUS protocol? (Choose three.)
o is an open IETF standard AAA protocol*
o uses UDP ports for authentication and accounting*
o is widely used in VOIP and 802.1X implementations*
16. What algorithm is used with IPsec to provide data confidentiality?
o AES*
17. When configuring SSH on a router to implement secure network
management, a network engineer has issued the login local and transport
input ssh line vty commands. What three additional configuration actions
have to be performed to complete the SSH configuration? (Choose three.)
o Create a valid local username and password database.*
o Generate the asymmetric RSA keys.*
o Configure the correct IP domain name.*
18. A network administrator is configuring an AAA server to manage
TACACS+ authentication. What are two attributes of TACACS+
authentication? (Choose two.)
o encryption for all communication*
o separate processes for authentication and authorization*
19. What technology is used to separate physical interfaces on the ASA 5505
device into different security zones?
o virtual local-area networks*
20. How are Intrusion Prevention System (IPS) and Intrusion Detection System
(IDS) components used conjunctively?
o The IDS will send alert messages about “gray area” traffic while the
IPS will block malicious traffic.*
21. What is the result of a DHCP starvation attack?
o Legitimate clients are unable to lease IP addresses.*
22. Which router component determines the number of signatures and engines
that can be supported in an IPS implementation?
o available memory*
23. What can be used as an alternative to HMAC?
o digital signatures*
24. How can DHCP spoofing attacks be mitigated?
o by implementing DHCP snooping on trusted ports*
25. A network administrator is configuring an AAA server to manage RADIUS
authentication. Which two features are included in RADIUS authentication?
(Choose two.)
o single process for authentication and authorization*
o hidden passwords during transmission*
26. A syslog server has received the message shown.
*Mar 1 00:07:18.783: %SYS-5-CONFIG_I: Configured from console by
vty0 (172.16.45.1)
What can be determined from the syslog message?
o The message informs the administrator that a user with an IP address
of 172.16.45.1 configured this device remotely.*
27. What is the default preconfigured security level for the outside network
interface on a Cisco ASA 5505?
o 0*
28. What term describes a set of rules used by an IDS or IPS to detect typical
intrusion activity?
o signature*
29. Which type of VLAN-hopping attack may be prevented by designating an
unused VLAN as the native VLAN?
o VLAN double-tagging*
30. Which statement describes the Cisco Cloud Web Security?
o It is a cloud-based security service to scan traffic for malware and
policy enforcement.*
31. Why is Diffie-Hellman algorithm typically avoided for encrypting data?
o The large numbers used by DH make it too slow for bulk data
transfers.*
32. What information does the SIEM network security management tool
provide to network administrators?
o real time reporting and analysis of security events*
33. What can be configured as part of a network object?
o IP address and mask*
34. A user complains about not being able to gain access to the network. What
command would be used by the network administrator to determine which
AAA method list is being used for this particular user as the user logs on?
o debug aaa authentication*
35. What is a limitation to using OOB management on a large enterprise
network?
o All devices appear to be attached to a single management network.*
36. A company deploys a network-based IPS. Which statement describes a false
negative alarm that is issued by the IPS sensor?
o An attack packet passes and no alarm is generated.*
37. What type of ACL offers greater flexibility and control over network
access?
o extended*
38. Which security document includes implementation details, usually with
step-by-step instructions and graphics?
o procedure document*
39. What is a characteristic of a DMZ zone?
o Traffic originating from the outside network going to the DMZ
network is selectively permitted.*
40. Which type of ASDM connection would provide secure remote access for
remote users into corporate networks?
o AnyConnect SSL VPN*
41. Which three forwarding plane services and functions are enabled by the
Cisco AutoSecure feature? (Choose three.)
o Cisco IOS firewall inspection*
o Cisco Express Forwarding (CEF)*
o traffic filtering with ACLs*
42. Which feature of the Cisco Network Foundation Protection framework
prevents a route processor from being overwhelmed by unnecessary traffic?
o Control Plane Policing*
43. What three tasks can a network administrator accomplish with the Nmap
and Zenmap security testing tools? (Choose three.)
o open UDP and TCP port detection*
o operating system fingerprinting*
o assessment of Layer 3 protocol support on hosts*
44. Which two end points can be on the other side of an ASA site-to-site VPN
configured using ASDM? (Choose two.)
o another ASA*
o ISR router*
45. A company deploys a hub-and-spoke VPN topology where the security
appliance is the hub and the remote VPN networks are the spokes. Which
VPN method should be used in order for one spoke to communicate with
another spoke through the single public interface of the security appliance?
o hairpinning*
46. Which two types of hackers are typically classified as grey hat hackers?
(Choose two.)
o hacktivists*
o vulnerability brokers*
47. Which security implementation will provide management plane protection
for a network device?
o role-based access control*
48. A security technician is evaluating a new operations security proposal
designed to limit access to all servers. What is an advantage of using
network security testing to evaluate the new proposal?
o Network security testing proactively evaluates the effectiveness of the
proposal before any real threat occurs.*
49. Which feature is specific to the Security Plus upgrade license of an ASA
5505 and provides increased availability?
o redundant ISP connections*
50. What is a characteristic of an ASA site-to-site VPN?
o The IPsec protocol protects the data transmitted through the site-to-
site tunnel.*
51. What is a result of enabling the Cisco IOS image resilience feature?
o The feature can only be disabled through a console session.*
52. What does the keyword default specify when used with the aaa
authentication login command?
o Authentication is automatically applied to the con 0, aux, and vty
lines.*
53. What are two protocols that are used by AAA to authenticate users against
a central database of usernames and password? (Choose two.)
o RADIUS*
o TACACS+*
54. Which service should be disabled on a router to prevent a malicious host
from falsely responding to ARP requests with the intent to redirect the
Ethernet frames?
o proxy ARP*
55. What is a characteristic of asymmetric algorithms?
o Very long key lengths are used.*
56. What are two drawbacks in assigning user privilege levels on a Cisco
router? (Choose two.)
o Assigning a command with multiple keywords allows access to all
commands using those keywords.*
o Commands from a lower level are always executable at a higher
level.*