CCNA Security v2.0 Chapter 10 Exam


1. Which statement describes the function provided to a network administratorwho uses the Cisco Adaptive Security Device Manager (ASDM) GUI that runs as a Java Web Start application?

The administrator can connect to and manage a single ASA.*

The administrator can connect to and manage multiple ASA devices.

The administrator can connect to and manage multiple ASA devices and Cisco routers.

The administrator can connect to and manage multiple ASA devices, Cisco routers, and Cisco switches.

 

2. What is one benefit of using ASDM compared to using the CLI to configure the Cisco ASA?

It does not require any initial device configuration.

It hides the complexity of security commands.*

ASDM provides increased configuration security.

It does not require a remote connection to a Cisco device.

 

3. Which type of security is required for initial access to the Cisco ASDM by using the local application option?

SSL*

WPA2 corporate

biometric

AES

 

4. Which minimum configuration is required on most ASAs before ASDM can be used?

SSH

a dedicated Layer 3 management interface*

a logical VLAN interface and an Ethernet port other than 0/0

Ethernet 0/0

 

5. What must be configured on an ASA before it can be accessed by ASDM?

web server access*

Telnet or SSH

an Ethernet port other than 0/0

Ethernet 0/0 IP address

 

6. How is an ASA interface configured as an outside interface when using ASDM?

Select a check box from the Interface Type option that shows inside, outside, and DMZ.

Select outside from the Interface Type drop-down menu.

Enter the name “outside” in the Interface Name text box.*

Drag the interface to the port labeled “outside” in the ASA drawing.

 

7. Refer to the exhibit. Which Device Management menu item would be used to access theASA command line from within Cisco ASDM?

Licensing

System Image/Configuration

Management Access*

Advanced

 

8. Which ASDM configuration option is used to configure the ASA enable secret password?

Device Setup*

Monitoring

Interfaces

Device Management

 

9. Refer to the exhibit. Which Device Setup ASDM menu option would be used to configure the ASA for an NTP server?

Startup Wizard

Device Name/Password

Routing

Interfaces

System Time*

 

10. True or False?

The ASA can be configured through ASDM as a DHCP server.

false

true*

 

11. Which ASDM interface option would be used to configure an ASA as a DHCP server for local corporate devices?

DMZ

outside

local

inside*

 

12. Which ASDM configuration option re-encrypts all shared keys and passwords on an ASA?

security master

super encryption

master passphrase*

device protection

 

13. Which type of encryption is applied to shared keys and passwords when the master passphrase option is enabled through ASDM for an ASA?

3DES

public/private key

AES*

128-bit

 

14. When the CLI is used to configure an ISR for a site-to-site VPN connection, which two items must be specified to enable a crypto map policy? (Choose two.)

the hash

the peer*

encryption

the ISAKMP policy

a valid access list*

IP addresses on all active interfaces

 

15. What is the purpose of the ACL in the configuration of an ISR site-to-site VPN connection?

to permit only secure protocols

to log denied traffic

to identify the peer

to define interesting traffic*

 

16. When ASDM is used to configure an ASA site-to-site VPN, what can be customized to secure traffic?

ISAKMP

IKE

IKE and ISAKMP*

preshared key

 

17. Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA?

clientless SSL*

site-to-site using an ACL

site-to-site using a preshared key

client-based SSL

 

18. Which remote-access VPN connection allows the user to connect by using a web browser?

IPsec (IKEv2) VPN

site-to-site VPN

clientless SSL VPN*

IPsec (IKEv1) VPN

 

19. Which remote-access VPN connection allows the user to connect using Cisco AnyConnect?

IPsec (IKEv2) VPN*

site-to-site VPN

clientless SSL VPN

IPsec (IKEv1) VPN

 

20. Which statement describes available user authentication methods when using an ASA 5505 device?

The ASA 5505 can use either a AAA server or a local database.*

The ASA 5505 only uses a AAA server for authentication.

The ASA 5505 only uses a local database for authentication.

The ASA 5505 must use both a AAA server and a local database.

 

21. Which remote-access VPN connection needs a bookmark list?

IPsec (IKEv1) VPN

IPsec (IKEv2) VPN

site-to-site VPN

clientless SSL VPN*

 

22. What occurs when a user logs out of the web portal on a clientless SSL VPN connection?

The browser cache is cleared.

Downloaded files are deleted.

The user no longer has access to the VPN.*

The web portal times out.

 

23. If an outside host does not have the Cisco AnyConnect client preinstalled, how would the host gain access to the client image?

The host initiates a clientless connection to a TFTP server to download the client.

The host initiates a clientless VPN connection using a compliant web browser to download the client.*

The Cisco AnyConnect client is installed by default on most major operating systems.

The host initiates a clientless connection to an FTP server to download the client.

 

24. What is an optional feature that is performed during the Cisco AnyConnect Secure Mobility Client VPN establishment phase?

security optimization

host-based ACL installation

posture assessment*

quality of service security

 

25. Which item describes secure protocol support provided by Cisco AnyConnect?

neither SSL nor IPsec

SSL only

both SSL and IPsec*

IPsec only

 

26. What is the purpose of configuring an IP address pool to be used for client-based SSL VPN connections?

to assign addresses to the interfaces on the ASA

to identify which users are allowed to download the client image

to assign IP addresses to clients when they connect*

to identify which clients are allowed to connect


Comments

Time limit is exhausted. Please reload the CAPTCHA.