1. Refer to the exhibit.

A network administrator configures a named ACL on

the router. Why is there no output displayed when the show command is
issued?
a) No packets have matched the ACL statements yet
b) The ACL is not activated
c) The ACL has not been applied to an interface
d) The ACL name is case sensitive

2. Match each SNMP operation to the corresponding description

a) Get-next-request
b) Get-bulk-request
c) Get-response

3. Refer to the exhibit. A network administrator configures AAA

authentication on R1. Which statement describes the effect of the keyword
single-connection in the configuration ?
a) The TACACS+ server only accepts one successful try for a user to
authenticate with it
b) R1 will open a separate connection to the TACACS server on a per
source IP address basis for each authentication session
c) R1 will open a separate connection to the TACACS+ server for each user
authentication session
d) The authentication performance is enhanced by keeping the connection to
the TACACS+ server open

4. If AAA is already enabled, which three CLI steps are required to configure a
router with a specific view? (choose three)
a) Assign commands to the view
b) Associate the view with the root view
c) Create a superview using the parser view command
d) Assign a secret password to the view
e) Create a view using the parser view command
f) Assign users who can use the view

5. Which two tasks are associated with router hardening? (choose two)
 a) Placing the router in a secure room
b) Installing the maximum amount of memory passible
c) Securing administrative access
d) Disabling unused ports and interfaces
e) Using uninterruptible power supplies

6. Refer to the exhibit. Which statement is true about the effect of the cisco
IOS zone-based policy firewall configuration ?
a) The firewall will automatically allow HTTP, HTTPS, and FTP traffic
from g0/0 to s0/0/0 and will track the connections. Tracking the
connection allows only return traffic to be permitted through the firewall
in the opposite direction
b) The firewall will automatically allow HTTP, HTTPS, and FTP traffic
form g0/0 to s0/0/0, but will not track the state of connections, a
corresponding policy must be applied to allow return traffic be to
permitted through the firewall in the opposite direction
c) The firewall will automatically drop all HTTP, HTTPS, and FTP traffic
d) The firewall eill automatically allow HTTP, HTTPS, and FTP traffic
from s0/0/0 to g0/0 and will track the connections. Tracking the
connection allows only return traffic to be permitted through the firewall
in the opposite direction
e) The firewall eill automatically allow HTTP, HTTPS, and FTP traffic
from s0/0/0 to g0/0 but will not track the state of connections. A
corresponding policy must be applied to allow return traffic to be
permitted through the firewall in the opposite direction

7. Place the steps for configuring zone-based policy (ZPF) firewalls in order
from first to last
a) 2nd
b) 1st
c) 5th

8. What is the best way to prevent a VLAN hopping attack?

a) Use ISL encapsulation on all truk links
 b) Disable trunk negotiation for trunk ports and statically set nontrunk ports
as a access ports
c) Disable STP on all nontrunk ports
d) Use VLAN 1 as the native VLAN on trunk ports

9. Refer to the exhibit. Based on the security levels of the interfaces on ASA1,
what traffic will be allowed on the interfaces?
a) Traffic from the internet and LAN can access the DMZ
b) Traffic from the internet and DMZ can access the LAN
c) Traffic from the LAN and DMZ can access the internet
d) Traffic from the internet can access both the DMZ and the LAN

10. What function is provided by the RADIUS protocol?

a) RADIUS provides encryption of the complete packet during transfer
b) RADIUS provides separate ports for authorization and accounting
c) RADIUS provides secure communication using TCP port 49
d) RADIUS provides separate AAA services

11. How do modern cryptographers defend against brute-force attacks?

a) Use an algorithm that requires the attacker to have both ciphertext and
plaintext to conduct a successful attack
b) Use statistical analysis to eliminate the most common encryption keys
c) Use frequency analysis to ensure that the most popular latters used in the
language are not used in the cipher message
d) Use a keyspace large enough that it takes too much money and too much
time to conduct a successful attack

12. Which action do IPsec peers take during the IKE phase 2 exchange ?
a) Negotiation of IPsec policy
b) Exchange of DH keys
c) Negotiation of IKE policy sets
d) Verification of peer identity

13. What are three characteristics of ASA transparent mode? (choose three)
a) This mode does not support VPNs, QoS, or DHCP relay
 b) The interfaces of the ASA separate layer 3 networks and require IP
addresses in different subnets
c) In this mode the ASA is invisible to an attacker
d) This mode is referred to as a “bump in the wire”
e) It is the traditional firewall deployment mode
f) NAT can be implemented between connected networks

14. What two ICMPv6 message types must be permitted through IPv6 access
control lists to allow resolution of layer 3 addresses to layer 2 MAC
addresses? (choose two)
a) Neighbor advertisements
b) Echo requests
c) Echo replies
d) Router advertisements
e) Neighbor solicitations
f) Router solicitations

15. What are the three core components of the cisco secure data center
solution?(choose three)
a) Secure segmentation
b) Threat defense
c) Visibility
d) Mesh network
e) Servers
f) Infrastructure

16. What are two reasons to enable OSPF routing protocol authentication on a
network ? (choose two)
a) To prevent data traffic from being redirected and then discareded
b) To provide data security through encryption
c) To ensure faster network convergence
d) To ensure more efficient routing
e) To prevent redirection of data traffic to an insecure link
17. Device after too many unsuccessful AAA login attempts. What could be
used by the network administrator to provide a secure authentication access
method withod whithout locking a user out of a device?
a) Use the aaa local authentication attempts max-fail global configuration
mode command with a higher number of acceptable failures
b) Use the login delay command for authentication attempts
c) Use the none keyword when configuring the authentication method list
d) Use the login local command for authenticating user access

18. What tool is available through the cisco IOS CLI to initiate security audits
and to make recommended configuration changes with or without
administrator input?
a) Simple network management protocol
b) Cisco autosecure
c) Cisco ACS
d) Control plane policing

19. What security countermeasure is effective for preventing CAM table

overflow attacks?
a) Port security
b) IP source guard
c) DHCP snooping
d) Dynamic ARP inspection

20. That ports can receive forwarded traffic from an isolated port that is part of
a PVLAN?
a) All other ports within the same community
b) Only isolated ports
c) Only promiscuous ports
d) Other isolated ports and community ports

21. Which statement describes a difference between the cisco ASA IOS CLI
feature and the router IOS CLI feature?
 a) To use a show command in a general configuration mode, ASA can use
the command directly whereas a router eill need to enter the do command
befor issuing the show command
b) ASA users the ? command whereas a router uses the help command to
receive help on a brief description and the syntax of a command
c) To complete a partially typed command, ASA uses the ctrl+tab key
combination whereas a rotuer uses to tab key
d) To indicate the CLI EXEC mode , ASA uses the % symbol whereas a
router uses the # symbol

22. Match the type of ASA ACLs to the description

a) Webtype access lists
b) Standard access lists
c) Ethertype access lists

23. Refer to the exhibit. A network administrator is configuring AAA

implementation on an ASA device. What does the option link3 indicate?
a) The sequence of servers in the AAA server group
b) The interface name
c) The network name where the AAA server resides
d) The specific AAA server name

24. What are two hashing algorithms used with IPsec AH to guarantee
authenticity ? (choose two )
a) AES
b) MD5
c) RSA
d) DH
e) SHA

25. Which two statements describe the use of asymmetric algorithms? (choose
two)
a) If a private key is used to encrypt the data, a private key must be used to
decrypt the data
 b) If a public key is used to encrypt the data , a private key must be used to
decrypt the data
c) Public and private keys may be used interchangeabley
d) If a private key is use to encrypt the data, a public key must be used to
decrypt the data
e) If a public key is used to encrypt the data, a public key must be used to
decrypt the data

26. What provides both secure segmentation and threat defense in a secure data
center solution?
a) AAA server
b) Cisco security manager software
c) Adaptive security appliance
d) Intrusion prevention system

27. Which two types of hackers are typically classified as grey hat
hackers?(choose two)
a) Hacktivists
b) State-sponsored hackers
c) Script kiddies
d) Cyber criminals
e) Vulnerability brokers

28. What network testing tool is used for password auditing and recovery?
a) Metasploit
b) Superscan
c) Nessus
d) L0phtcrack

29. Refer to the exhibit. Which conclusion can be made from the show crypto
map command output that is shown on R1?
a) The current peer IP address should be 172.30.2.1
b) The tunnel configuration was established and can be tested with extended
pings
c) There is a mismatch between the transform sets
 d) The crypto map has not yet been applied to an interface

30. What network testing tool would an administrator use to assess and validate
system configurations against security policies and compliance standards?
a) Tripwire
b) Metasploit
c) L0phtcrack
d) Nessus

31. What network security testing tool has the ability to provide details on the
source of suspicious network activity?
a) Tripwire
b) Superscan
c) SIEM
d) Zenmap

32. Refer to the exhibit. A network administrator is configuring a VPN between

routers R1 and R2. Which commands would correctly configure a pre shared
key for the two rotuers?
a) R1(config)# crypto isakmp key 5tayout! Hostname R1 R2(config)#
crypto isakmp key 5tayout! Hostname R2
b) R1(config-if)# ppp pap sent username R1 password 5tayout! R2(config-
if) ppp pap sent username R2 password 5tayout!
c) R1(config)# username R2 password 5tayout! R2(config)# username R1
password 5tayout!
d) R1(config)# crypto isakmp key 5tayout! Address 64.100.0.2
R2(config)#crypto isakmp key 5tayout! Address 64.100.0.1

33. What are two drawbacks to using HIPS? (choose two)

a) If the network traffic stream is encrypted, HIPS is unable to access
unencrypted forms of the traffic
b) HIPS has difficulty constructing an accurate network picture or
coordinating events that occur across the entire network
c) HIPS installation are vulnerable to fragmentation attacks ore variable
TTL attacks
 d) With HIPS, the success or failure of an attack cannot be readily
determined
e) With HIPS, the network administrator must verify support for all the
different operating systems used in the network

34. What will be the result of failed login attempts if the following command is
entered into a router?
Login black-for 150 attempts 4 within 90
a) All login attempts will be blacked for 4 hours if there are 90 failed
attempts within 150 seconds
b) All login attempts eill be blacked for 1.5 hours if there are 4 failed
attempts within 150 seconds
c) All login attempts will be blocked for 90 seconds if there are 4 failed
attempts within 150 seconds
d) All login attempt will be blocked for 150 seconds if there are 4 failed
attempts within 90 seconds

35. When describing malware, what is a difference between a virus and a

worm?
a) A virus focuses on gaining privileged access to a device , whereas a
worm does not
b) A virus replicates itself by attaching to another file, whereas a worm can
replicate itself independently
c) A virus can be used to deliver advertisements without user consent,
whereas a worm cannot
d) A virus can be used to launch a Dos attack (but not a DDos), but a worm
can be used to launch both Dos and DDos attacks

36. A web server administrator is configuring access setting to require users to

authenticate first before accessing certain web pages. Which requirement of
information security is addressed through the configuration ?
a) Scalability
b) Integrity
c) Confidentiality
d) Availability
37. What are two methods to maintain certificate revocation status? (choose
two)
a) CRL
b) OCSP
c) DNS
d) Subordinate CA
e) LDAP

38. Which measure can a security analyst take to perform effective security
monitoring against network traffic encrypted by SSL technology?
a) Deploy a cisco ASA
b) Require remote access connections through IPsec VPN
c) Deploy a cisco SSL appliance
d) Use a syslog server to capture network traffic

39. Which two statements describe the characteristics of symmetric

algorithms?(choose two)
a) They are referred to as a pre shared key or secret key
b) They are commonly implemented in the SSL and SSH protocols
c) They use a pair of a public key and a private key
d) They provide confidentiality integrity, and availability
e) They are commonly use with VPN traffic

40. What is the function of the pass action on a cisco IOS zone based policy
firewall ?
a) Logging of rejected or dropped packets
b) Forwarding traffic from one zone to another
c) Inspecting traffic between zones for traffic control
d) Tracking the state of connection between zones

41. Which two technologies provide enterprise managed VPN solutions?

(choose two)
a) Layer 2 MPLS VPN
b) Layer 3 MPLS VPN
c) Remote access VPN
 d) Frame Relay
e) Site to site VPN

42. Which threat protection capability is provided by cisco ESA?

a) Web filtering
b) Layer 4 traffic monitoring
c) Spam protection
d) Cloud access security

43. ACLs are used primarily to filter traffic. What are two additional uses of
ACLs? (choose two)
a) Identifying traffic for Qos
b) Filtering VTP packets
c) Reorganizing traffic into VLANs
d) Specifying internal host for NAT
e) Specifying source address for authentication

44. An administrator discovers that a user is accessing a newly established

website that may be detrimental to company security. What action should
the administrator take first in terms of the security policy?
a) Revise the AUP immediately and get all users to sing the updated AUP
b) Immediately suspend the network privileges of the user
c) Create a firewall rule blocking the respective website
d) Ask the user to stop immediately and inform the user that this constitutes
grounds for dismissal

45. Which protocol is an IETF standard that defines the PKI digital certificate
format ?
a) X.509
b) SSL/TLS
c) X.500
d) LDAP

46. Match the network monitoring technology with the description

a) Uses VLANs to monitor traffic on remote switches
 b) A passive traffic splitting debive implemented inline between a device of
interest and the network

47. Which attack is defined as an attempt to exploit software vulnerabilities that

are unknown or undisclosed by the vendor?
a) Man in the middle
b) Brute force
c) Trojan horse
d) Zero day

48. Upon completion of a network security course, a student decides to purse a

career in cryptanalysis, what job would the student be doing as a
cryptanalyst?
a) Creating hashing codes to authenticate data
b) Cracking code without access to the shared secret key
c) Making and breaking secret codes
d) Creating transposition and substitution ciphers

49. What are two security measures used to protect endpoints in the borderless
network? (choose two)
a) Denylisting
b) Snort IPS
c) DLP
d) DMZ
e) Rootkit

50. What is the main factor that ensures the security of encryption of modern
algorithms ?
a) Secrecy of the algorithm
b) Secrecy of the keys
c) The user of 3DES over AES
d) Complexity of the hashing algorithm
51.Which three types of traffic are allowed when the authentication port control
auto command has been issued and the client has not yet been authenticated
?(choose three)
a) 802.1Q
b) EAPOL
c) IPsec
d) STP
e) TACACS+
f) CDP

52. Which privilege level has the most access to the cisco IOS?
a) Level 16
b) Level 0
c) Level 15
d) Level 7
e) Level 1

53. Which type of firewall makes use of a server to connect to destination

device on behalf of clients ?
a) Packet filtering firewall
b) Stateless firewall
c) Stateful firewall
d) Proxy firewall

54. Which two protocols generate connection information within a state table
and are supported for stateful filtering? (choose two)
a) ICMP
b) UDP
c) HTTP
d) DHCP
e) TCP

55. A client connects to a web server. Which component of this HTTP

connection is not examined by a stateful firewall ?
a) The source IP address of the client traffic
 b) The source port number of the client traffic
c) The actual contents of the HTTP connection
d) The destination port number of the client traffic

56. A network analyst is configuring a site to site IPsec VPN. The analyst has
configured both the ISAKMP and IPsec policies. What is the next step?
a) Configure the hash as SHA and the authentication as pre shared
b) Issue the show crypto ipsec sa command to verify the tunnel
c) Apply the crypto map to the appropriate outbound interface
d) Verify that the security feature is enable in the IOS

57. What are the three signature levels provided by snort IPS on the 4000 series
ISR? (choose three)
a) Security
b) Drop
c) reject
d) Connectivity
e) Inspect
f) Balanced

58. Which portion of the snort IPS rule header identifies the destination port?
a) $home_net
b) Tcp
c) $http ports
d) Any

59. Which rule action will cause snort IPS to block and log a packet?
a) Alert
b) Drop
c) Sdrop
d) Log

60. Which algorithm can ensure data integrity?

a) AES
b) MD5
c) RSA
d) PKI