You are on page 1of 8

Assessment - Chapter 10 CCNA SECURITY

1. In what three ways do the 5505 and 5510 Adaptive Security Appliances differ? (Choose three.) in the maximum traffic throughput supported in the number of interfaces in types of interfaces

Which three security features do ASA models 5505 and 5510 support by default? (Choose three.) intrusion prevention system stateful firewall VPN concentrator

3.

Which option lists the ASA adaptive security algorithm session management tasks in the correct order? 1) performing the access list checks 2) performing route lookups 3) allocating NAT translations (xlates) 4) establishing sessions in the fast path

4.

When the ASA recognizes that the incoming packets are part of an already established connection, which three fast path tasks are executed? (Choose three.) adjusting Layer 3 and Layer 4 headers performing IP checksum verification performing TCP sequence number checks

5.

What are three characteristics of ASA transparent mode? (Choose three.) This mode does not support VPNs, QoS, or DHCP Relay. This mode is referred to as a bump in the wire. In this mode the ASA is invisible to an attacker.

6.

Refer to the exhibit. Which three sets of configuration commands were entered on the ASA 5505? (Choose three.) interface e0/0 switchport access vlan 2 no shut exit interface vlan 2 nameif outside security-level 0 ip address 209.165.200.226 255.255.255.248 route outside 0.0.0.0 0.0.0.0 209.165.200.225

7.

Refer to the exhibit. According to the exhibited command output, which three statements are true about the DHCP options entered on the ASA 5505? (Choose three.) The dhcpd auto-config outside command was issued to enable the DHCP client. The dhcpd address [start-of-pool]-[end-of-pool] inside command was issued to enable the DHCP server. The dhcpd enable inside command was issued to enable the DHCP server.

8.

Which three wizards are included in Cisco ASDM 6.4? (Choose three.) High Availability and Scalability wizard Startup wizard VPN wizard

8.

Refer to the exhibit. What will be displayed in the output of the show runningconfig object command after the exhibited configuration commands are entered on an ASA 5505?

range 192.168.1.10 192.168.1.20

9.

Refer to the exhibit. Which ASDM menu sequence would be required to configure Telnet or SSH AAA authentication using a TACACS server first or the local device user database if the TACACS server authentication is unavailable? Configuration > Device Management > Users/AAA > AAA Access

10.

Which option lists the four steps to configure the Modular Policy Framework on an ASA? 1) Configure extended ACLs to identify specific granular traffic. This step may be optional. 2) Configure the class map to define interesting traffic. 3) Configure a policy map to apply actions to the identified traffic. 4) Configure a service policy to identify which interface should be activated for the service.

11.

Which three types of remote access VPNs are supported on ASA devices? (Choose three.) Clientless SSL VPN using a web browser IPsec (IKEv1) VPN using the Cisco VPN Client SSL or IPsec (IKEv2) VPN using the Cisco AnyConnect Client

12.

Which three components must be configured when implementing a clientless SSL VPN on an ASA 5505 device? (Choose three.) bookmark lists connection profile name group policy

13.

Which three components must be configured when implementing a client-based SSL VPN client address assignment client image SSL or IPsec

14.

Refer to the exhibit. A remote host is connecting to an ASA 5505 via a VPN connection. Once authenticated, the host displays the highlighted system tray icon. On the basis of the information that is presented, what three assumptions can be made? (Choose three.) The host has connected to the ASA via a client-based SSL VPN connection. The host is connected via the AnyConnect VPN client. Using the ipconfig command on the host displays an IP address from the originating network and an IP address for the VPN connection.

15.

Refer to the exhibit. An administrator has entered the indicated commands on an ASA 5505. Based on the information presented, what type of remote access VPN has the administrator configured? a clientless SSL VPN via a web browser

16.

Which Cisco ASDM menu sequence would be used to edit a client-based AnyConnect SSL VPN configuration? Configuration > Remote Access VPN > Network (Client) Access

17.

Which three components must be configured when using the Site-to-Site VPN Connection Setup wizard in ASDM? (Choose three.) authentication method encryption algorithms IKE version

18.

An administrator has successfully configured a site-to-site VPN on an ASA 5505. Which ASDM menu sequence displays the number of packets encrypted, decrypted, and security association requests? Monitoring > VPN > VPN Statistics > Crypto Statistics

19.

Which two statements correctly describe the ASA as an advanced stateful firewall? (Choose two.) In routed mode, an ASA can support two or more Layer 3 interfaces. The first packet of a flow examined by an ASA goes through the session management path.

You might also like