Skip to content

Follow Us:

Email: [email protected]

IPS Blogs
Free Resources
Member Login

Course Catalogue
Bundles
Books
About IPS
Subscription
Contact Us

QUIZ: CCNA Security Second Edition Part 2

Home > Dashboard > QUIZ: CCNA Security Second Edition Part 2 > QUIZ: CCNA Security Second Edition Part 2

Practice Exam Instructions

The exam comprises of the following types of questions;

Multiple Choice Single Response
Multiple Choice Multiple Response
There is no negative marking.

Attempt History: 0

Total Questions: 50

Time limit: 0

Quiz Summary

0 of 50 Questions completed

Questions:

Information

You have already completed the quiz before. Hence you can not start it again.

Quiz is loading…

You must sign in or sign up to start the quiz.

You must first complete the following:

Results

Quiz complete. Results are being recorded.

Results

0 of 50 Questions answered correctly

Your time:

Time has elapsed

You have reached 0 of 0 point(s), (0)

Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)

Categories

Not categorized 0%

Current
Review
Answered
Correct
Incorrect

Question 1 of 50

1. Question
1 point(s)
When one of the following is supposed to be the best time to perform an anti-virus signature update?
- When the local scanner has detected a new virus.
- When a new virus is discovered in the wild.
- When the system detects a browser hook.
- Every time a new update is available.
Correct

Incorrect
Question 2 of 50

2. Question
1 point(s)
Which of the following statement is true about application blocking?
- It blocks access to files with specific extensions.
- It blocks access to specific network addresses.
- It blocks access to specific programs.
- It blocks access to specific network services.
Correct

Incorrect
Question 3 of 50

3. Question
1 point(s)
What action would you take to block users from accidentally visiting the URL and becoming infected with malware if a specific URL has been identified as containing malware?
- Enable URL filtering on the perimeter firewall and add the URLs you want to allow to the router’s local URL list.
- Enable URL filtering on the perimeter router and add the URLs you want to allow to the firewall’s local URL list.
- Create a blacklist that contains the URL you want to block and activate the blacklist on the perimeter router
- Enable URL filtering on the perimeter router and add the URLs you want to block to the router’s local URL list.
- Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router.
Correct

Incorrect
Question 4 of 50

4. Question
1 point(s)
Which of the following three features can protect the data plane? (Choose three.)
- QoS
- DHCP-snooping
- Anti-spoofing
- ACLs
- policing
- IPS
Correct

Incorrect
Question 5 of 50

5. Question
1 point(s)
In How many numbers can you apply crypto map sets to a router interface?
- 4
- 1
- 3
- 2
Correct

Incorrect
Question 6 of 50

6. Question
1 point(s)
Which of the following represents the correct transition order of STP states on a Layer 2 switch interface?
- blocking, listening, learning, forwarding, disabled
- listening, learning, blocking, forwarding, disabled
- forwarding, listening, learning, blocking, disabled
- listening, blocking, learning, forwarding, disabled
Correct

Incorrect
Question 7 of 50

7. Question
1 point(s)
What is the effect on the company’s business, when a company puts a security policy in place?
- Minimizing total cost of ownership
- Minimizing liability
- Minimizing risk
- Maximizing compliance
Correct

Incorrect
Question 8 of 50

8. Question
1 point(s)
Which of the following statements are true about reflexive access lists? (Choose any three.)
- Reflexive access lists support UDP sessions.
- Reflexive access lists support TCP sessions
- Reflexive access lists can be attached to extended named IP ACLs
- Reflexive access lists create a permanent ACE
- Reflexive access lists approximate session filtering using the established keyword Reflexive access lists can be attached to standard named IP ACLs
Correct

Incorrect
Question 9 of 50

9. Question
1 point(s)
Which three of the following actions can a promiscuous IPS take to mitigate an attack? (Choose any three.)
- Modifying packets
- Resetting the TCP connection
- Requesting host blocking
- Requesting connection blocking
- Denying packets
- Denying frames
Correct

Incorrect
Question 10 of 50

10. Question
1 point(s)
Which of the following Cisco Security Manager application collects information about device status and uses it to generate notifications and alerts?
- FlexConfig
- Health and Performance Monitor
- Report Manager
- Device Manager
Correct

Incorrect
Question 11 of 50

11. Question
1 point(s)
Which two of the following accounting notices are used to send a failed authentication attempt record to a AAA server? (Choose any two.)
- stop-record
- start-stop
- stop-only
- stop
Correct

Incorrect
Question 12 of 50

12. Question
1 point(s)
Which of the following command is used to enable SSH support on a Cisco Router?
- crypto key lock rsa
- crypto key zeroize rsa
- crypto key generate rsa
- crypto key unlock rsa
Correct

Incorrect
Question 13 of 50

13. Question
1 point(s)
Which of the following protocol provides security to Secure Copy?
- IPsec
- HTTPS
- SSH
- ESP
- SCP
Correct

Incorrect
Question 14 of 50

14. Question
1 point(s)
Which of the following security zone is automatically defined by the system?
- The source zone
- The destination zone
- The self-zone
- The inside zone
Correct

Incorrect
Question 15 of 50

15. Question
1 point(s)
What purpose does Internet Key Exchange in an IPsec VPN serves? (Choose any two.)
- The Internet Key Exchange protocol provides data confidentiality
- The Internet Key Exchange protocol provides replay detection
- The Internet Key Exchange protocol establishes security associations
- The Internet Key Exchange protocol is responsible for mutual authentication
Correct

Incorrect
Question 16 of 50

16. Question
1 point(s)
Which of the following address block is reserved for locally assigned unique local addresses?
- 2002::/16
- 2001::/32
- FD00::/8
- FB00::/8
Correct

Incorrect
Question 17 of 50

17. Question
1 point(s)
For which of the following reason the error message Router(config)#aaa server?% Unrecognized command occurs?
- The router is a new device on which the aaa new-model command must be applied before continuing–
- The command syntax requires a space after the word “server”
- The command is invalid on the target device
- The router is already running the latest operating system
Correct

Incorrect
Question 18 of 50

18. Question
1 point(s)
What will be the potential consequence, if the native VLAN on a trunk is different on each end of the link?
- The interface on both switches may shut down
- The switch with the higher native VLAN may shut down
- STP loops may occur
- The interface with the lower native VLAN may shut down
Correct

Incorrect
Question 19 of 50

19. Question
1 point(s)
When you apply an access list to a physical interface, which of the following option describes information that must be considered?
- Direction of the access class
- Direction of the access group —
- Protocol used for filtering
- Direction of the access list
Correct

Incorrect
Question 20 of 50

20. Question
1 point(s)
Which one of the following source port does IKE use when NAT has been detected between two VPN gateways?
- UDP 4500
- TCP 4500
- TCP 500
- UDP 500
Correct

Incorrect
Question 21 of 50

21. Question
1 point(s)
Which three of the following features are of IPsec transport mode? (Choose any three.)
- IPsec transport mode supports unicast
- IPsec transport mode encrypts only the payload
- IPsec transport mode is used between end stations
- IPsec transport mode is used between gateways
- IPsec transport mode supports multicast
- IPsec transport mode encrypts the entire packet
Correct

Incorrect
Question 22 of 50

22. Question
1 point(s)
Which of the following command makes a Layer 2 switch interface to operate as a Layer 3 interface?
- no switchport
- no switchport nonnegotiate
- switchport
- no switchport mode dynamic auto
Correct

Incorrect
Question 23 of 50

23. Question
1 point(s)
Which of the following security term refers to a person, property, or data of value to a company?
- Risk
- Asset
- Threat prevention
- Mitigation technique
Correct

Incorrect
Question 24 of 50

24. Question
1 point(s)
Which of the following technology you can use to prevent non malicious program to run in the computer that is disconnected from the network?
- Firewall
- Software Antivirus
- Network IP
- Host IPS.
Correct

Incorrect
Question 25 of 50

25. Question
1 point(s)
Which of the following command enable ospf authentication?
- ip ospf authentication message-digest
- network 192.168.10.0 0.0.0.255 area 0
- area 20 authentication message-digest
- ip ospf message-digest-key 1 md5 CCNA
Correct

Incorrect
Question 26 of 50

26. Question
1 point(s)
Which of the following command help user1 to use enable, disable, exit commands?
- catalyst1(config)#username user1 privilege 1 secret us1pass
- catalyst1(config)#username user1 privilege 0 secret us1pass
- catalyst1(config)#username user1 privilege 5 secret us1pass
- catalyst1(config)#username user1 privilege 2 secret us1pass
Correct

Incorrect
Question 27 of 50

27. Question
1 point(s)
Which of the following two NAT types allows only objects or groups to reference an IP address? (choose two)
- dynamic PAT
- static NAT
- dynamic NAT
- identity NAT
Correct

Incorrect
Question 28 of 50

28. Question
1 point(s)
Which of the following port in a PVLAN can communicate with every other ports?
- Promiscuous mode
- Isolated mode
- Community mode
- None of the above
Correct

Incorrect
Question 29 of 50

29. Question
1 point(s)
Which two of the following given commands result in a secure bootset? (Choose any two.)
- secure boot-set
- secure boot-files
- secure boot-image
- secure boot-config
Correct

Incorrect
Question 30 of 50

30. Question
1 point(s)
What one of the following is an example of social engineering?
- gaining access to server room by posing as IT
- Watching other user put in username and password (something around there)
- Gaining access to a building through an unlocked door.
- Access to a computer using USB drive.
Correct

Incorrect
Question 31 of 50

31. Question
1 point(s)
Which of the following prevent the company data from modification even when the data is in transit?
- Confidentiality
- Integrity
- Availability
- All of the above
Correct

Incorrect
Question 32 of 50

32. Question
1 point(s)
Which one is an example of SYN flood attack?
- Man in the middle attack
- Denial of Service attack
- Spoofing attack
- Reconnaissance attack
Correct

Incorrect
Question 33 of 50

33. Question
1 point(s)
Which of the following type of an IPS can identify worms that are propagating in a network?
- Anomaly-based IPS
- Reputation-based IPS
- Signature-based IPS
- None of the above
Correct

Incorrect
Question 34 of 50

34. Question
1 point(s)
Which of the following command verifies phase 1 of an IPsec VPN on a Cisco router?
- show crypto map
- show crypto isakmp sa
- show crypto ipsec sa
- show crypto engine connection active
Correct

Incorrect
Question 35 of 50

35. Question
1 point(s)
Which of the following type of firewall can act on the behalf of the end device?
- Proxy
- Stateful packet
- Application
- Packet
Correct

Incorrect
Question 36 of 50

36. Question
1 point(s)
In which of the following threat, the victim tricked into entering username and password information at a disguised website?
- Phishing
- Spoofing
- Malware
- Spam
Correct

Incorrect
Question 37 of 50

37. Question
1 point(s)
Which of the following type of mirroring does SPAN technology perform?
- Local mirroring over Layer 2
- Remote mirroring over Layer 2
- Remote mirroring over Layer 3
- Local mirroring over Layer 3
Correct

Incorrect
Question 38 of 50

38. Question
1 point(s)
Which of the following network device does NTP authenticate?
- Only the client device
- The firewall and the client device
- Only the time source
- The client device and the time source
Correct

Incorrect
Question 39 of 50

39. Question
1 point(s)
Which of the following Cisco product can help mitigate web-based attacks within a network?
- Adaptive Security Appliance
- Email Security Appliance
- Web Security Appliance
- Identity Services Engine
Correct

Incorrect
Question 40 of 50

40. Question
1 point(s)
Which of the following statement correctly describes the function of a private VLAN?
- A private VLAN partitions the Layer 3 broadcast domain of a VLAN into subdomains
- A private VLAN partitions the Layer 2 broadcast domain of a VLAN into subdomains-
- A private VLAN enables the creation of multiple VLANs using one broadcast domain
- A private VLAN combines the Layer 2 broadcast domains of many VLANs into one major broadcast domain
Correct

Incorrect
Question 41 of 50

41. Question
1 point(s)
Which of the following hash type does Cisco use to validate the integrity of downloaded images?
- Sha1
- Md5
- Sha2
- Md1
Correct

Incorrect
Question 42 of 50

42. Question
1 point(s)
Which of the following Cisco feature can help us to mitigate spoofing attacks by verifying symmetry of the traffic path?
- Unidirectional Link Detection
- TrustSec
- Unicast Reverse Path Forwarding
- IP Source Guard
Correct

Incorrect
Question 43 of 50

43. Question
1 point(s)
Which one the following is the most common Cisco Discovery Protocol version 1 attack?
- MAC-address spoofing
- Denial of Service
- CAM-table overflow
- VLAN hopping
Correct

Incorrect
Question 44 of 50

44. Question
1 point(s)
Which of the following is the Cisco preferred countermeasure to mitigate CAM overflows?
- Port security
- IP source guard
- Dynamic port security
- Root guard
Correct

Incorrect
Question 45 of 50

45. Question
1 point(s)
Which one of the following option is the most effective placement of an IPS device within the infrastructure?
- Inline, before the internet router and firewall
- Inline, behind the internet router and firewall
- Promiscuously, after the Internet router and before the firewall
- Promiscuously, before the Internet router and the firewall
Correct

Incorrect
Question 46 of 50

46. Question
1 point(s)
Which of the following events will occur when the TACACS+ server returns an error, if a router configuration includes the line aaa authentication login default group tacacs+ enable? (Choose anytwo.)
- The user will be prompted to authenticate using the enable password
- Authentication attempts to the router will be denied
- Authentication will use the router`s local database
- Authentication attempts will be sent to the TACACS+ server
Correct

Incorrect
Question 47 of 50

47. Question
1 point(s)
Which of the following alert protocol is used with Cisco IPS Manager Express to support up to 10 sensors?
- SDEE
- Syslog
- SNMP
- CSM
Correct

Incorrect
Question 48 of 50

48. Question
1 point(s)
What is the first step that STP takes to prevent loops, when a switch has multiple links connected to a downstream switch?
- STP selectsthe root port
- STP elects the root bridge
- STP selects the designated port
- STP blocks one of the ports
Correct

Incorrect
Question 49 of 50

49. Question
1 point(s)
Which of the following type of network address translation should be used when a Cisco ASA is in transparent mode?
- Dynamic NAT
- Static NAT
- Overload
- Dynamic PAT
Correct

Incorrect
Question 50 of 50

50. Question
1 point(s)
Which of the following components does HMAC use to determine the authenticity and integrity of a message? (Choose any two.)
- The password
- The transform set
- The hash
- The key
Correct

Incorrect

Accelerating your career by providing a proven learning platform and producing qualified engineers in the field of Cloud Computing, Cybersecurity, IP Network by offering extremely focused training content with a case study-based approach.

Facebook-f Twitter Linkedin Instagram

Navigation

About IPS
Course Catalogue
Hands-on Labs
Career Planner
Subscription
Members Login
Contact Us
Support

About IPS
Course Catalogue
Career Planner
Subscription

Members Login
Contact Us
Support

Newsletter

We take Data Privacy and GDPR very seriously. Any information you provide will not be used for other commercial purposes and will not be sold, rented, leased or forwarded to any third party.

© 2022 All rights reserved | Privacy Policy | Terms and Conditions | Sitemap

Scroll to Top