Network Security (Version1.0) – Final Exam Questions
& Answers Full
Standard access list ✔️Ans - ASA ACL used to identify the destination IP
addresses only
Extended access list ✔️Ans - ASA ACL used to specify source and
destination address and protocol, ports, or the ICMP type
EtherType Access list ✔️Ans - ASA ACL used only if the security
appliance is running in transparent mode
webtype access list ✔️Ans - ASA ACL used to support filtering for
clientless SSL VPN
Which statement describes a difference between the Cisco ASA IOS CLI
feature and the router IOS CLI feature? ✔️Ans - To use a show command
in a general configuration mode, ASA can use the command directly
whereas a router will need to enter the do command before issuing the
show command.
Refer to the exhibit. A network administrator is configuring AAA
implementation on an ASA device. What does the option link3 indicate?
✔️Ans - the interface name
What provides both secure segmentation and threat defense in a Secure
Data Center solution? ✔️Ans - Adaptive Security Appliance
What are the three core components of the Cisco Secure Data Center
solution? (Choose three.) ✔️Ans - secure segmentation
visibility
threat defense
What are three characteristics of ASA transparent mode? (Choose three.)
✔️Ans - This mode does not support VPNs, QoS, or DHCP Relay.
This mode is referred to as a "bump in the wire."
In this mode the ASA is invisible to an attacker.
, What is needed to allow specific traffic that is sourced on the outside
network of an ASA firewall to reach an internal network? ✔️Ans - ACL
What will be the result of failed login attempts if the following command is
entered into a router?
login block-for 150 attempts 4 within 90 ✔️Ans -
Which two tasks are associated with router hardening? (Choose two.)
✔️Ans - Disabling unused ports and interfaces.
Securing administrative access.
Which threat protection capability is provided by Cisco ESA? ✔️Ans -
spam protection
What are two security measures used to protect endpoints in the
borderless network? (Choose two.) ✔️Ans - Denylisting and DLP.
Which three types of traffic are allowed when the authentication port-
control auto command has been issued and the client has not yet been
authenticated? (Choose three.) ✔️Ans - CDP, STP, EAPOL
Which statement describes a characteristic of the IKE protocol? ✔️Ans -
It uses UDP port 500 to exchange IKE information between the security
gateways.
Which action do IPsec peers take during the IKE Phase 2 exchange?
✔️Ans - negotiation of IPsec policy
What are two hashing algorithms used with IPsec AH to guarantee
authenticity? (Choose two.) ✔️Ans - SHA and MD5
Which command raises the privilege level of the ping command to 7?
✔️Ans - privilege exec level 7 ping
What is a characteristic of a role-based CLI view of router configuration?
✔️Ans - A single CLI view can be shared within multiple superviews.
& Answers Full
Standard access list ✔️Ans - ASA ACL used to identify the destination IP
addresses only
Extended access list ✔️Ans - ASA ACL used to specify source and
destination address and protocol, ports, or the ICMP type
EtherType Access list ✔️Ans - ASA ACL used only if the security
appliance is running in transparent mode
webtype access list ✔️Ans - ASA ACL used to support filtering for
clientless SSL VPN
Which statement describes a difference between the Cisco ASA IOS CLI
feature and the router IOS CLI feature? ✔️Ans - To use a show command
in a general configuration mode, ASA can use the command directly
whereas a router will need to enter the do command before issuing the
show command.
Refer to the exhibit. A network administrator is configuring AAA
implementation on an ASA device. What does the option link3 indicate?
✔️Ans - the interface name
What provides both secure segmentation and threat defense in a Secure
Data Center solution? ✔️Ans - Adaptive Security Appliance
What are the three core components of the Cisco Secure Data Center
solution? (Choose three.) ✔️Ans - secure segmentation
visibility
threat defense
What are three characteristics of ASA transparent mode? (Choose three.)
✔️Ans - This mode does not support VPNs, QoS, or DHCP Relay.
This mode is referred to as a "bump in the wire."
In this mode the ASA is invisible to an attacker.
, What is needed to allow specific traffic that is sourced on the outside
network of an ASA firewall to reach an internal network? ✔️Ans - ACL
What will be the result of failed login attempts if the following command is
entered into a router?
login block-for 150 attempts 4 within 90 ✔️Ans -
Which two tasks are associated with router hardening? (Choose two.)
✔️Ans - Disabling unused ports and interfaces.
Securing administrative access.
Which threat protection capability is provided by Cisco ESA? ✔️Ans -
spam protection
What are two security measures used to protect endpoints in the
borderless network? (Choose two.) ✔️Ans - Denylisting and DLP.
Which three types of traffic are allowed when the authentication port-
control auto command has been issued and the client has not yet been
authenticated? (Choose three.) ✔️Ans - CDP, STP, EAPOL
Which statement describes a characteristic of the IKE protocol? ✔️Ans -
It uses UDP port 500 to exchange IKE information between the security
gateways.
Which action do IPsec peers take during the IKE Phase 2 exchange?
✔️Ans - negotiation of IPsec policy
What are two hashing algorithms used with IPsec AH to guarantee
authenticity? (Choose two.) ✔️Ans - SHA and MD5
Which command raises the privilege level of the ping command to 7?
✔️Ans - privilege exec level 7 ping
What is a characteristic of a role-based CLI view of router configuration?
✔️Ans - A single CLI view can be shared within multiple superviews.
