FEDVTE CISCO CCNA SECURITY SELF-STUDY
PREP 2026 FINAL PAPER SOLVED ITEMS
ACCURATE MARKING
◉ If you configure a zone-based firewall that includes a policy for
traffic directed to and from the self zone, which of the following
could create a denial of service? Answer: Not allowing specific
routing protocol traffic
◉ Which of the following password methods features the strongest
encryption? Answer: Enable secret password
◉ Which one of the following commands reveal the ACLs, transform
sets, and peer information and indicate which interface is being used
to connect to the remote IPsec VPN peer? Answer: show crypto map
◉ When you connect for the first time to the console port on a new
router, which privilege level are you using initially when presented
with the command-line interface? Answer: 1
◉ What does application layer inspection provide? Answer: Enables
a firewall to listen on a client/server communication, looking for
information regarding communication channels
,◉ What does the Diffie-Helman exchange create as a result of it
running? Answer: Symmetrical keys
◉ SNMPv3 provides advantages over its previous versions. Which of
the following is a feature in SNMPv3 whose function is not available
in SNMPv1? Answer: Scrambling of the content of the SNMP packets
◉ R1(config)#enable secret level 10 cisco
What does this command accomplish? Answer: Assigns a password
for a custom privilege level
◉ What is the primary motivation for most attacks against networks
today? Answer: Financial
◉ When is traffic allowed to be routed and forwarded if the source
of the traffic is from a device located off of a low-security interface if
the destination device is located off of a high-security interface?
(Choose all that apply.) Answer: If there is an access list that is
permitting this traffic.
This traffic is allowed if the initial traffic was inspected and this
traffic is the return traffic.
,◉ How does a switch know about parallel Layer 2 paths? Answer:
BPDU
◉ R1(config)#aaa new-model
R1(config)#aaa authentication login default enable
R1(config)#enable secret cisco123
R1(config)#username admin secret cisco123
R1(config)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#debug aaa authentication
AAA Authentication debugging is on
R1#
R1#
AAA/BIND(00000003): Bind i/f
AAA/AUTHEN/LOGIN (00000003): Pick method list 'default'
AAA/AUTHEN/ENABLE(00000003): Processing request action
LOGIN
AAA/AUTHEN/ENABLE(00000003): Done status GET_PASSWORD
R1#
AAA/AUTHEN/ENABLE(00000003): Processing request action
LOGIN
, AAA/AUTHEN/ENABLE(00000003): Done status PASS
R1#
Review the output shown here and select the correct statement.
Answer: a user has connected and correctly provided the enable
secret
◉ Which of the following are protocols that are most likely used for
authentication? (Choose all that apply.) Answer: RADIUS
TACACS+
◉ How many zones can an interface be a member of at the same
time in a Zoned-Based IOS Firewall? Answer: 1
◉ Which best practices apply to networks that run both IPv4 and
IPv6? Answer: Routing protocol authentication
Physical security
Written security policy
Authorization of administrators
◉ Why is the public key in a typical public-private key pair referred
to as public? Answer: Because it is shared publicly
PREP 2026 FINAL PAPER SOLVED ITEMS
ACCURATE MARKING
◉ If you configure a zone-based firewall that includes a policy for
traffic directed to and from the self zone, which of the following
could create a denial of service? Answer: Not allowing specific
routing protocol traffic
◉ Which of the following password methods features the strongest
encryption? Answer: Enable secret password
◉ Which one of the following commands reveal the ACLs, transform
sets, and peer information and indicate which interface is being used
to connect to the remote IPsec VPN peer? Answer: show crypto map
◉ When you connect for the first time to the console port on a new
router, which privilege level are you using initially when presented
with the command-line interface? Answer: 1
◉ What does application layer inspection provide? Answer: Enables
a firewall to listen on a client/server communication, looking for
information regarding communication channels
,◉ What does the Diffie-Helman exchange create as a result of it
running? Answer: Symmetrical keys
◉ SNMPv3 provides advantages over its previous versions. Which of
the following is a feature in SNMPv3 whose function is not available
in SNMPv1? Answer: Scrambling of the content of the SNMP packets
◉ R1(config)#enable secret level 10 cisco
What does this command accomplish? Answer: Assigns a password
for a custom privilege level
◉ What is the primary motivation for most attacks against networks
today? Answer: Financial
◉ When is traffic allowed to be routed and forwarded if the source
of the traffic is from a device located off of a low-security interface if
the destination device is located off of a high-security interface?
(Choose all that apply.) Answer: If there is an access list that is
permitting this traffic.
This traffic is allowed if the initial traffic was inspected and this
traffic is the return traffic.
,◉ How does a switch know about parallel Layer 2 paths? Answer:
BPDU
◉ R1(config)#aaa new-model
R1(config)#aaa authentication login default enable
R1(config)#enable secret cisco123
R1(config)#username admin secret cisco123
R1(config)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#debug aaa authentication
AAA Authentication debugging is on
R1#
R1#
AAA/BIND(00000003): Bind i/f
AAA/AUTHEN/LOGIN (00000003): Pick method list 'default'
AAA/AUTHEN/ENABLE(00000003): Processing request action
LOGIN
AAA/AUTHEN/ENABLE(00000003): Done status GET_PASSWORD
R1#
AAA/AUTHEN/ENABLE(00000003): Processing request action
LOGIN
, AAA/AUTHEN/ENABLE(00000003): Done status PASS
R1#
Review the output shown here and select the correct statement.
Answer: a user has connected and correctly provided the enable
secret
◉ Which of the following are protocols that are most likely used for
authentication? (Choose all that apply.) Answer: RADIUS
TACACS+
◉ How many zones can an interface be a member of at the same
time in a Zoned-Based IOS Firewall? Answer: 1
◉ Which best practices apply to networks that run both IPv4 and
IPv6? Answer: Routing protocol authentication
Physical security
Written security policy
Authorization of administrators
◉ Why is the public key in a typical public-private key pair referred
to as public? Answer: Because it is shared publicly
