Cisco Network Security Final Exam
Questions and Answers (Latest Update
2024)
Which statement describes a difference between the Cisco
ASA IOS CLI feature and the router IOS CLI feature? - Correct
Answer ✅To use a show command in a general
configuration mode, ASA can use the command directly
whereas a router will need to enter the do command before
issuing the show command.
What provides both secure segmentation and threat defense
in a Secure Data Center solution? - Correct Answer
✅Adaptive Security Appliance
What are the three core components of the Cisco Secure Data
Center solution? (Choose three.) - Correct Answer ✅secure
segmentation,
visibility,
threat defense
What are three characteristics of ASA transparent mode?
(Choose three.) - Correct Answer ✅This mode does not
support VPNs, QoS, or DHCP Relay.
This mode is referred to as a "bump in the wire."
,Cisco Network Security Final Exam
Questions and Answers (Latest Update
2024)
In this mode the ASA is invisible to an attacker.
What is needed to allow specific traffic that is sourced on the
outside network of an ASA firewall to reach an internal
network? - Correct Answer ✅ACL
What will be the result of failed login attempts if the following
command is entered into a router?
login block-for 150 attempts 4 within 90 - Correct Answer
✅All login attempts will be blocked for 150 seconds if there
are 4 failed attempts within 90 seconds.
Which two tasks are associated with router hardening?
(Choose two.) - Correct Answer ✅disabling unused ports
and interfaces,
securing administrative access
Which threat protection capability is provided by Cisco ESA? -
Correct Answer ✅spam protection
,Cisco Network Security Final Exam
Questions and Answers (Latest Update
2024)
What are two security measures used to protect endpoints in
the borderless network? (Choose two.) - Correct Answer
✅denylisting,
DLP
Which three types of traffic are allowed when the
authentication port-control auto command has been issued
and the client has not yet been authenticated? (Choose
three.) - Correct Answer ✅CDP, STP, EAPOL
Which statement describes a characteristic of the IKE
protocol? - Correct Answer ✅It uses UDP port 500 to
exchange IKE information between the security gateways.
Which action do IPsec peers take during the IKE Phase 2
exchange? - Correct Answer ✅negotiation of IPsec policy
What are two hashing algorithms used with IPsec AH to
guarantee authenticity? (Choose two.) - Correct Answer
✅SHA, MD5
, Cisco Network Security Final Exam
Questions and Answers (Latest Update
2024)
Which command raises the privilege level of the ping
command to 7? - Correct Answer ✅privilege exec level 7
ping
What is a characteristic of a role-based CLI view of router
configuration? - Correct Answer ✅A single CLI view can be
shared within multiple superviews.
What is a limitation to using OOB management on a large
enterprise network? - Correct Answer ✅All devices appear
to be attached to a single management network.
Which two types of hackers are typically classified as grey hat
hackers? (Choose two.) - Correct Answer ✅hacktivists,
vulnerability brokers
When describing malware, what is a difference between a
virus and a worm? - Correct Answer ✅A virus replicates
itself by attaching to another file, whereas a worm can
replicate itself independently.
Questions and Answers (Latest Update
2024)
Which statement describes a difference between the Cisco
ASA IOS CLI feature and the router IOS CLI feature? - Correct
Answer ✅To use a show command in a general
configuration mode, ASA can use the command directly
whereas a router will need to enter the do command before
issuing the show command.
What provides both secure segmentation and threat defense
in a Secure Data Center solution? - Correct Answer
✅Adaptive Security Appliance
What are the three core components of the Cisco Secure Data
Center solution? (Choose three.) - Correct Answer ✅secure
segmentation,
visibility,
threat defense
What are three characteristics of ASA transparent mode?
(Choose three.) - Correct Answer ✅This mode does not
support VPNs, QoS, or DHCP Relay.
This mode is referred to as a "bump in the wire."
,Cisco Network Security Final Exam
Questions and Answers (Latest Update
2024)
In this mode the ASA is invisible to an attacker.
What is needed to allow specific traffic that is sourced on the
outside network of an ASA firewall to reach an internal
network? - Correct Answer ✅ACL
What will be the result of failed login attempts if the following
command is entered into a router?
login block-for 150 attempts 4 within 90 - Correct Answer
✅All login attempts will be blocked for 150 seconds if there
are 4 failed attempts within 90 seconds.
Which two tasks are associated with router hardening?
(Choose two.) - Correct Answer ✅disabling unused ports
and interfaces,
securing administrative access
Which threat protection capability is provided by Cisco ESA? -
Correct Answer ✅spam protection
,Cisco Network Security Final Exam
Questions and Answers (Latest Update
2024)
What are two security measures used to protect endpoints in
the borderless network? (Choose two.) - Correct Answer
✅denylisting,
DLP
Which three types of traffic are allowed when the
authentication port-control auto command has been issued
and the client has not yet been authenticated? (Choose
three.) - Correct Answer ✅CDP, STP, EAPOL
Which statement describes a characteristic of the IKE
protocol? - Correct Answer ✅It uses UDP port 500 to
exchange IKE information between the security gateways.
Which action do IPsec peers take during the IKE Phase 2
exchange? - Correct Answer ✅negotiation of IPsec policy
What are two hashing algorithms used with IPsec AH to
guarantee authenticity? (Choose two.) - Correct Answer
✅SHA, MD5
, Cisco Network Security Final Exam
Questions and Answers (Latest Update
2024)
Which command raises the privilege level of the ping
command to 7? - Correct Answer ✅privilege exec level 7
ping
What is a characteristic of a role-based CLI view of router
configuration? - Correct Answer ✅A single CLI view can be
shared within multiple superviews.
What is a limitation to using OOB management on a large
enterprise network? - Correct Answer ✅All devices appear
to be attached to a single management network.
Which two types of hackers are typically classified as grey hat
hackers? (Choose two.) - Correct Answer ✅hacktivists,
vulnerability brokers
When describing malware, what is a difference between a
virus and a worm? - Correct Answer ✅A virus replicates
itself by attaching to another file, whereas a worm can
replicate itself independently.
