CCNA Security Practice Exam
ACLs, RFCs, And More!
To help you prepare for success on the CCNA Security exam, here's a practice exam on security topics from Autosecure to ACLs!
To avoid peeking, all answers are at the bottom of the page.
When you're done here, visit our CCNA Practice Exam page for more!
Chris Bryant
CCIE #12999
"The Computer Certification Bulldog"
chris@thebryantadvantage.com
Question 1:
If you're using an extended ACL to block traffic to a server located on the remote side of your WAN, where should you place the ACL?
A. Remote side of the WAN
B. As close to the source as possible
C. On the local side of the WAN
D. As close to the destination as possible
Question 2:
The RFC 3704 process is commonly used to protect a network against IP Spoofing. How so?
A. Allow for stronger encryption than MD5
B. Filter packets with certain source addresses
C. Prevent a token from being used a second time
D. Allow for the use of one-time-only passwords
Question 3:
Which of the following should be done to improve overall network security when SNMP is in use?
A. Use V3 to allow encryption
B. Community strings should have the RO attribute
C. V3 should be avoided due to known security vulnerabilities
D. None of the above
Question 4:
Which of the following is enabled when RSA keys are generated?
A. the password encryptions service
B. Telnet access with the password "password"
C. SSL
D. SSH
Question 5:
In a brute force attack, on average approximately what percentage of the possible keys will an attacker have to go through before finding the right one?
Question 6:
What command allows a router's clock to adjust automatically to daylight savings time?
A. ntp master daylight dynamic
B. clock daylight dynamic
C. clock summer-time
D. ntp dst
Question 7:
By default, what users can still log in during a router's quiet time when the IOS Login Enhancements are running?
A. Supervisors (as defined in the Views)
B. Users connecting via the Console port
C. Users with privilege level 15
D. None
Answers at the bottom of the page!
I'm Paying It Forward Bigger Than Ever.
My Famous CCNA Study Package Is Now $25.
 
Answers:
1. "B, C". Never let traffic cross a WAN if that traffic will be blocked on the other side anyway. It's a good rule of thumb to place extended ACLs as close to the source of the traffic as possible.
2. "B". RFC 3704 filtering denies packets sourced from each of the RFC 1918 private address ranges, the loopback address range, and the addresses 255.255.255.255 and 0.0.0.0.
3. "A,B". Two SNMP basics - use V3 whenever possible, and set community strings to RO (read-only).
4. "D". When you create RSA keys, SSH is autoenabled.
5. On average, a brute force attack must test about half of the keys before finding the right one - 50%.
6. "C". You need the clock summer-time command followed by the timezone and the recurring option.
7. ""D". By default, no users can log in during quiet time.
That's it for this CCNA practice exam, but just click that link for plenty more - and for over 300 Cisco CCNA and CCNP tutorials, visit our Tutorials page!
I'm Paying It Forward - To You.
Get CCNA Security Certified Today - For $20.
The Ultimate CCNA Study Package | The Ultimate CCNA Study Guide
Binary Math And Subnetting Mastery
Cisco Rack Rentals
CCNP BSCI Exam Study Package
CCNP BCMSN Exam Study Package
CCNP BCRAN Exam Study Package
CCNP CIT Exam Study Package | CCNP BSCI Exam Study Guide
CCNA CBT Video Boot Camp | CCNP BSCI Video Boot Camp
Cisco Training Tutorials And Cisco Certification Articles
CCNP CBT BCMSN Video Boot Camp | CCNP CBT BCRAN Video Boot Camp
CompTIA Network+ Exam Study Package
CompTIA Security+ Exam Study Package
CompTIA A + Certification Exam Study Package
CCNA Training Store | CCNP Certification Training Store
CompTIA Certification Training Store
Cisco Lab Router And Switch Home Lab Help
Site Map | Home Page | Testimonials
Microsoft Windows Vista Certification Updates And News
The Bryant Advantage Blog | About Chris Bryant, CCIE #12933
|
