Scribd
Upload
82 views

CCNA Security v2.0 Chapter 9 Exam Answers

Uploaded by

Ibrahim Elghawil
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
82 views

CCNA Security v2.0 Chapter 9 Exam Answers

Uploaded by

Ibrahim Elghawil
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 13

CCNA v6.

0 2018
Cisco CCNA Exam Answers for students

 Home
 CCNA v6.0 2018
 CCNA 200-125
 IT essentials v6.0
 CCNA Security v2.0
 Other Courses

Home
CCNA Security v2.0
CCNA Security v2.0 Chapter 9 Exam Answers
CCNA Security v2.0

CCNA Security v2.0 Chapter 9 Exam


Answers
CCNA5.NET October 21, 2016
Rate this post

1. Refer to the exhibit. An administrator creates three zones (A, B, and C) in an


ASA that filters traffic. Traffic originating from Zone A going to Zone C is
denied, and traffic originating from Zone B going to Zone C is denied. What is a
possible scenario for Zones A, B, and C?

A – DMZ, B – Inside, C – Outside

A – Inside, B – DMZ, C – Outside

A – Outside, B – Inside, C – DMZ

A – DMZ, B – Outside, C – Inside*

2. What is one of the drawbacks to using transparent mode operation on an ASA


device?
no support for IP addressing

no support for management

no support for using an ASA as a Layer 2 switch

no support for QoS*

3. What is a characteristic of ASA security levels?

An ACL needs to be configured to explicitly permit traffic from an interface with a lower
security level to an interface with a higher security level.*

Each operational interface must have a name and be assigned a security level from 0 to 200.

The lower the security level on an interface, the more trusted the interface.

Inbound traffic is identified as the traffic moving from an interface with a higher security level to
an interface with a lower security level.

4. Refer to the exhibit. Two types of VLAN interfaces were configured on an


ASA 5505 with a Base license. The administrator wants to configure a third
VLAN interface with limited functionality. Which action should be taken by the
administrator to configure the third interface?

Because the ASA 5505 does not support the configuration of a third interface, the administrator
cannot configure the third VLAN.

The administrator must enter the no forward interface vlan command before the nameif
command on the third interface.*

The administrator configures the third VLAN interface the same way the other two were
configured, because the Base license supports the proposed action.

The administrator needs to acquire the Security Plus license, because the Base license does not
support the proposed action.

 
5. What command defines a DHCP pool that uses the maximum number of
DHCP client addresses available on an ASA 5505 that is using the Base license?

CCNAS-ASA(config)# dhcpd address 192.168.1.20-192.168.1.50 inside

CCNAS-ASA(config)# dhcpd address 192.168.1.10-192.168.1.100 inside

CCNAS-ASA(config)# dhcpd address 192.168.1.25-192.168.1.56 inside*

CCNAS-ASA(config)# dhcpd address 192.168.1.30-192.168.1.79 inside

6. Which two statements are true about ASA standard ACLs? (Choose two.)

They are the most common type of ACL.

They are applied to interfaces to control traffic.

They are typically only used for OSPF routes.*

They specify both the source and destination MAC address.

They identify only the destination IP address.*

7. Refer to the exhibit. A network administrator is configuring the security level


for the ASA. What is a best practice for assigning the security level on the three
interfaces?

Outside 40, Inside 100, DMZ 0

Outside 0, Inside 35, DMZ 90

Outside 100, Inside 10, DMZ 40

Outside 0, Inside 100, DMZ 50*

8. Refer to the exhibit. A network administrator is configuring the security level


for the ASA. Which statement describes the default result if the administrator
tries to assign the Inside interface with the same security level as the DMZ
interface?

The ASA allows inbound traffic initiated on the Internet to the DMZ, but not to the Inside
interface.

The ASA console will display an error message.

The ASA will not allow traffic in either direction between the Inside interface and the
DMZ.*

The ASA allows traffic from the Inside to the DMZ, but blocks traffic initiated on the DMZ to
the Inside interface.

9. What is a difference between ASA IPv4 ACLs and IOS IPv4 ACLs?

ASA ACLs are always named, whereas IOS ACLs are always numbered.

Multiple ASA ACLs can be applied on an interface in the ingress direction, whereas only one
IOS ACL can be applied.

ASA ACLs use the subnet mask in defining a network, whereas IOS ACLs use the wildcard
mask.*

ASA ACLs do not have an implicit deny any at the end, whereas IOS ACLs do.

ASA ACLs use forward and drop ACEs, whereas IOS ACLs use permit and deny ACEs.

10. What is the purpose of the webtype ACLs in an ASA?

to inspect outbound traffic headed towards certain web sites

to restrict traffic that is destined to an ASDM

to monitor return traffic that is in response to web server requests that are initiated from the
inside interface

to filter traffic for clientless SSL VPN users*

 
11. Refer to the exhibit. A network administrator has configured NAT on an
ASA device. What type of NAT is used?

inside NAT*

static NAT

bidirectional NAT

outside NAT

12. Refer to the exhibit. A network administrator is configuring an object group


on an ASA device. Which configuration keyword should be used after the object
group name SERVICE1?

icmp

ip

udp

tcp*

13. When dynamic NAT on an ASA is being configured, what two parameters
must be specified by network objects? (Choose two.)

a range of private addresses that will be translated*

the interface security level

the pool of public global addresses*

the inside NAT interface

the outside NAT interface

 
14. What function is performed by the class maps configuration object in the
Cisco modular policy framework?

identifying interesting traffic*

applying a policy to an interface

applying a policy to interesting traffic

restricting traffic through an interface

15. Refer to the exhibit. Based on the security levels of the interfaces on ASA1,
what traffic will be allowed on the interfaces?

Traffic from the Internet and DMZ can access the LAN.

Traffic from the Internet and LAN can access the DMZ.

Traffic from the Internet can access both the DMZ and the LAN.

Traffic from the LAN and DMZ can access the Internet.*

16. What are three characteristics of the ASA routed mode? (Choose three.)

This mode is referred to as a “bump in the wire.”

In this mode, the ASA is invisible to an attacker.

The interfaces of the ASA separate Layer 3 networks and require different IP addresses in
different subnets.*

It is the traditional firewall deployment mode.*

This mode does not support VPNs, QoS, or DHCP Relay.

NAT can be implemented between connected networks.*

 
17. Refer to the exhibit. An administrator has configured an ASA 5505 as
indicated but is still unable to ping the inside interface from an inside host. What
is the cause of this problem?

The no shutdown command should be entered on interface Ethernet 0/1.*

VLAN 1 should be the outside interface and VLAN 2 should be the inside interface.

VLAN 1 should be assigned to interface Ethernet 0/0 and VLAN 2 to Ethernet 0/1.

The security level of the inside interface should be 0 and the outside interface should be 100.

An IP address should be configured on the Ethernet 0/0 and 0/1 interfaces.

18. Refer to the exhibit. According to the command output, which three
statements are true about the DHCP options entered on the ASA 5505? (Choose
three.)

The dhcpd address [start-of-pool]-[end-of-pool] inside command was issued to enable the DHCP
client.

The dhcpd auto-config outside command was issued to enable the DHCP server.

The dhcpd address [start-of-pool]-[end-of-pool] inside command was issued to enable the
DHCP server.*

The dhcpd auto-config outside command was issued to enable the DHCP client.*

The dhcpd enable inside command was issued to enable the DHCP client.

The dhcpd enable inside command was issued to enable the DHCP server.*

19. Refer to the exhibit. What will be displayed in the output of the show
running-config objectcommand after the exhibited configuration commands are
entered on an ASA 5505?
host 192.168.1.4

host 192.168.1.3, host 192.168.1.4, and range 192.168.1.10 192.168.1.20

host 192.168.1.4 and range 192.168.1.10 192.168.1.20

host 192.168.1.3 and host 192.168.1.4

range 192.168.1.10 192.168.1.20*

host 192.168.1.3

20. What must be configured on a Cisco ASA device to support local


authentication?

AAA*

the IP address of the RADIUS or TACACS+ server

encrypted passwords

SSHv2

RSA keys

21. Which statement describes a difference between the Cisco ASA IOS CLI
feature and the router IOS CLI feature?

ASA uses the ? command whereas a router uses the help command to receive help on a brief
description and the syntax of a command.

To use a show command in a general configuration mode, ASA can use the command
directly whereas a router will need to enter the do command before issuing the show
command.*

To complete a partially typed command, ASA uses the Ctrl+Tab key combination whereas a
router uses the Tab key.

To indicate the CLI EXEC mode, ASA uses the % symbol whereas a router uses the # symbol.

 
22. What are two factory default configurations on an ASA 5505? (Choose two.)

VLAN 2 is configured with the name inside.

The internal web server is disabled.

DHCP service is enabled for internal hosts to obtain an IP address and a default gateway from
the upstream device.

PAT is configured to allow internal hosts to access remote networks through an Ethernet
interface.*

VLAN 1 is assigned a security level of 100.*

23. Which type of NAT would be used on an ASA where 10.0.1.0/24 inside
addresses are to be translated only if traffic from these addresses is destined for
the 198.133.219.0/24 network?

policy NAT*

dynamic NAT

static NAT

dynamic PAT

24. Which statement describes a feature of AAA in an ASA device?

Accounting can be used alone.*

Authorization is enabled by default.

If authorization is disabled, all authenticated users will have a very limited access to the
commands.

Both authorization and accounting require a user to be authenticated first.

 
25. A network administrator is working on the implementation of the Cisco
Modular Policy Framework on an ASA device. The administrator issues a clear
service-policy command. What is the effect after this command is entered?

All class map configurations are removed.

All service policy statistics data are removed.*

All service policies are removed.

All policy map configurations are removed.

26. What is needed to allow specific traffic that is sourced on the outside network
of an ASA firewall to reach an internal network?

ACL*

NAT

dynamic routing protocols

outside security zone level 0

Prev Article
Next Article

Related Articles
CCNA Security v2.0 Chapter 7 Simulator Exam OnlineRate this post …

CCNA Security v2.0 Chapter 7 Simulator Exam Online

CCNA Security 2.0 Practice Skills Assesement Packet Tracer Part 2Rate …

CCNA Security 2.0 Practice Skills Assesement Packet


Tracer Part 2
About The Author

CCNA5.NET

Leave a Reply
Time limit is exhausted. Please reload the CAPTCHA. six  +   =  fifteen

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 CCNA 1 v6.0
 CCNA 2 v6.0
 CCNA 3 v6.0
 CCNA 4 v6.0
 IT essentials v6.0
 IT essentials v5.0
 IT essentials v4.0
 CCNA Security v2.0
 Introduction to Cybersecurity 2.1
 Cybersecurity Essentials v1.1
 CCNA 1 v6.0 + v5.1 + v5 2018
 CCNA 2 v6.0 + v5.03 + v5.0 2018
 CCNA 3 v6.0 + v5.03 + v5.02 2018
 CCNA 4 v6.0 + v5.03 + v5.0 2018

CCNA v6.0 2018

Cisco CCNA Exam Answers for students


Copyright © 2018 CCNA v6.0 2018
CCNA5.NET CCNA Exam Answers v6.0
This site uses cookies: Find out more.

You might also like