Assessment - Chapter 10 CCNA SECURITY
Assessment - Chapter 10 CCNA SECURITY
1.1. In what three ways do the 5505 and 5510 In what three ways do the 5505 and 5510 Adaptive Security ApplianceAdaptive Security Appliances differ?s differ? (Choose three.)
(Choose three.) in the
in the maximum traffic throughput supportedmaximum traffic throughput supported in the number of interfaces
in the number of interfaces in types of interfaces
in types of interfaces
2
2 Which Which three three security security features features do do ASA ASA models models 5505 5505 and and 5510 5510 support support byby default? (Choose three.)
default? (Choose three.) intrusion prevention system intrusion prevention system stateful firewall
stateful firewall VPN concentrator VPN concentrator
3.
3. Which Which option option lists lists the the ASA ASA adaptive adaptive security security algorithm algorithm session session managementmanagement tasks in the correct order?
tasks in the correct order?
1) performing the access list checks 1) performing the access list checks 2) performing route lookups
2) performing route lookups
3) allocating NAT translations (xlates) 3) allocating NAT translations (xlates) 4) establishing sessions in the “fast path”
4.
4. When When the the ASA ASA recognizes recognizes that that the the incoming incoming packets packets are are part part of of an an alreadyalready established connection, which three fast path tasks are executed? (Choose established connection, which three fast path tasks are executed? (Choose three.)
three.)
adjusting Layer 3 and Layer 4 headers adjusting Layer 3 and Layer 4 headers performing IP checksum verification performing IP checksum verification performing TCP sequence number checks performing TCP sequence number checks
5.
5. What What are are three three characteristiccharacteristics s of of ASA ASA transparentransparent t mode? mode? (Choose (Choose three.)three.) This mode does not support VPNs, QoS, or DHCP Relay.
This mode does not support VPNs, QoS, or DHCP Relay. This mode is referred to as a “bump in the wire.”
This mode is referred to as a “bump in the wire.”
In this mode the ASA is invisible to an attacker. In this mode the ASA is invisible to an attacker.
6.
6. Refer Refer to to the the exhibit. exhibit. Which Which three three sets sets of of configuration configuration commands commands werewere entered on the ASA 5505? (Choose three.)
entered on the ASA 5505? (Choose three.) interface e0/0
interface e0/0
switchport access vlan 2 switchport access vlan 2 no shut no shut exit exit interface vlan 2 interface vlan 2 nameif outside nameif outside security-level 0 security-level 0 ip address ip address 209.165.200.226 255.255.255.248209.165.200.226 255.255.255.248 route outside 0.0.0.0 0.0.0.0 209.165.200.225 route outside 0.0.0.0 0.0.0.0 209.165.200.225
7.
7. Refer to Refer to the the exhibit. exhibit. According According to to the the exhibited exhibited command command output, output, which which threethree statements are true about the DHCP options entered on the A
statements are true about the DHCP options entered on the ASA 5505?SA 5505? (Choose three.)
(Choose three.)
The dhcpd auto-config outside command was issued to enable the DHCP The dhcpd auto-config outside command was issued to enable the DHCP client.
client.
The dhcpd address [start-of-pool]-[end-of-pool] inside command was issued The dhcpd address [start-of-pool]-[end-of-pool] inside command was issued to enable the DHCP server.
to enable the DHCP server.
The dhcpd enable inside command was issued to
The dhcpd enable inside command was issued to enable the DHCP server.enable the DHCP server.
8.
8. Which Which three three wizards wizards are are included included in in Cisco Cisco ASDM ASDM 6.4? 6.4? (Choose (Choose three.)three.) High Availability and Scalability wizard
High Availability and Scalability wizard Startup wizard
Startup wizard VPN wizard VPN wizard
8.
8. Refer Refer to to the the exhibit. exhibit. What What will will be be displayed displayed in in the the output output of of the the show show running- running-config object command after the exhibited running-configuration commands are config object command after the exhibited configuration commands are entered on an ASA 5505?
entered on an ASA 5505? range 192.168.1.10 192.168.1.20 range 192.168.1.10 192.168.1.20
9.
9. Refer Refer to to the the exhibit. exhibit. Which Which ASDM ASDM menu menu sequence sequence would would be be required required toto configure Telnet or SSH AAA authentication using a TACACS server first or configure Telnet or SSH AAA authentication using a TACACS server first or the local device user database if the TACACS server authentication is the local device user database if the TACACS server authentication is unavailable?
unavailable?
Configuration > Device Management > Users/AAA > AAA Access Configuration > Device Management > Users/AAA > AAA Access
10.
10. Which Which option option lists lists the the four four steps steps to to configure configure the the Modular Modular Policy Policy Framework Framework onon an ASA?
an ASA?
1) Configure extended ACLs to identify specific granular traffic. This step 1) Configure extended ACLs to identify specific granular traffic. This step may be optional.
may be optional.
2) Configure the class map
2) Configure the class map to define interesting traffic.to define interesting traffic. 3) Configure a policy map
3) Configure a policy map to apply actions to the to apply actions to the identified traffic.identified traffic. 4) Configure a service policy to identify which
4) Configure a service policy to identify which interface should be activatedinterface should be activated for the service.
11.
11. Which Which three three types types of of remote remote access access VPNs VPNs are are supported supported on on ASA ASA devices?devices? (Choose three.)
(Choose three.)
Clientless SSL VPN using a web browser Clientless SSL VPN using a web browser
IPsec (IKEv1) VPN using the Cisco VPN Client IPsec (IKEv1) VPN using the Cisco VPN Client
SSL or IPsec (IKEv2) VPN using the Cisco AnyConnect Client SSL or IPsec (IKEv2) VPN using the Cisco AnyConnect Client
12.
12. Which Which three three componentcomponents s must must be be configured configured when when implementing implementing a a clientlessclientless SSL VPN on an
SSL VPN on an ASA 5505 device? (Choose three.)ASA 5505 device? (Choose three.) bookmark lists
bookmark lists connectio
connection profile n profile namename group policy
group policy
13.
13. Which Which three three components components must must be be configured configured when when implementing implementing a a client-basedclient-based SSL VPN
SSL VPN
client address assignment client address assignment client image
client image SSL or IPsec SSL or IPsec
14.
14. Refer Refer to to the the exhibit. exhibit. A A remote remote host host is is connecting connecting to to an an ASA ASA 5505 5505 via via a a VPNVPN connection. Once authenticated, the host displays the highlighted system tray connection. Once authenticated, the host displays the highlighted system tray icon. On the basis of the
icon. On the basis of the information that is presented, what three assumptionsinformation that is presented, what three assumptions can be made? (Choose three.)
can be made? (Choose three.) The host has connected to
The host has connected to the ASA via a the ASA via a client-based SSL VPN connection.client-based SSL VPN connection. The host is connected via the
The host is connected via the AnyConnecAnyConnect VPN client.t VPN client.
Using the ipconfig command on the host displays an IP address from the Using the ipconfig command on the host displays an IP address from the originating network and an IP a
originating network and an IP address for the VPN connection.ddress for the VPN connection.
15.
15. Refer Refer to to the the exhibit. exhibit. An An administrator administrator has has entered entered the the indicated indicated commands commands onon an ASA 5505. Based on the information presented, what type of remote access an ASA 5505. Based on the information presented, what type of remote access VPN has the
VPN has the administratadministrator configured?or configured? a clientless SSL VPN via a
a clientless SSL VPN via a web browserweb browser
16.
16. Which Which Cisco Cisco ASDM ASDM menu menu sequence sequence would would be be used used to to edit edit a a client-basedclient-based AnyConnect SSL VPN configuration?
AnyConnect SSL VPN configuration? Configuratio
17.
17. Which Which three three componencomponents ts must must be be configured configured when when using using the the Site-to-Site Site-to-Site VPNVPN Connection Setup wizard in ASDM? (Choose three.)
Connection Setup wizard in ASDM? (Choose three.) authentication method authentication method encryption algorithms encryption algorithms IKE version IKE version 18.
18. An An administrator administrator has has successfully successfully configured configured a a site-to-site site-to-site VPN VPN on on an an ASAASA 5505. Which ASDM menu sequence displays the number of packets encrypted, 5505. Which ASDM menu sequence displays the number of packets encrypted, decrypted, and security
decrypted, and security association requests?association requests? Monitoring > VPN > VPN Statistics >
Monitoring > VPN > VPN Statistics > Crypto StatisticsCrypto Statistics
19.
19. Which Which two two statements statements correctly correctly describe describe the the ASA ASA as as an an advanced advanced statefulstateful firewall? (Choose two.)
firewall? (Choose two.)
In routed mode, an ASA can
In routed mode, an ASA can support two or more Layer 3 support two or more Layer 3 interfaces.interfaces.
The first packet of a flow examined by an ASA goes through the session The first packet of a flow examined by an ASA goes through the session management path.
