CCNA Cisco Networking Study Guide Chapters 7–14:
Practice Questions, Explanations, and Exam Prep for
Certification Mastery
Question 1: All access lists presented in this chapter, except standard IP lists, should be placed
where?1
A) As close to the source as possible2
B) As close to the destination as possible3
C) As close to the serial interface as possible4
D) As close to the tftp server as possible5
Correct Answer: A) As close to the source as possible
Rationale: Extended, named, and numbered (non-standard) IP access lists are capable of
filtering based on multiple criteria, including source IP, destination IP, port numbers, and
protocols. Placing them close to the source of the traffic allows them to filter unwanted traffic
before it consumes network resources unnecessarily, improving efficiency and security.
Standard IP access lists (which only filter on source IP) are typically placed close to the
destination.
Question 2: Which command links an access list to the VTY lines?
A) ip access-group
B) ip access-class
C) vty access-class
D) access-class
Correct Answer: D) access-class
Rationale: The access-class command is used within the line vty configuration mode (e.g., line
vty 0 4) to apply a standard or named access list to control which IP addresses are permitted to
establish Telnet or SSH sessions to the router. ip access-group is used for applying ACLs to
interfaces.
,Question 3: Which SDM wizard allows you to configure a DMZ?
A) Firewall configuration wizard
B) Security configuration wizard
C) Basic firewall wizard
D) Advanced firewall wizard
Correct Answer: D) Advanced firewall wizard
Rationale: In Cisco Security Device Manager (SDM), the Advanced Firewall Wizard provides
more comprehensive and granular control over firewall settings, including the capability to set
up and configure a Demilitarized Zone (DMZ), which is a crucial component of advanced
network security architectures. Basic wizards typically cover simpler, more common firewall
configurations.
Question 4: List the three Basic Firewall security settings.
A) 1st
B) 2nd
C) 3rd
D) A) High B) Medium C) Low
Correct Answer: D) A) High B) Medium C) Low
Rationale: Cisco SDM's Basic Firewall Wizard often provides simplified, pre-defined security
levels such as High, Medium, and Low. These settings adjust the restrictiveness of the firewall
rules to offer varying degrees of security.
Question 5: The SDM cannot be used to create complex access control lists.
A) True
B) False
Correct Answer: B) False
, Rationale: Cisco SDM (Security Device Manager) is a graphical user interface (GUI) tool designed
precisely to simplify the configuration and management of Cisco routers. It allows
administrators to create and apply both basic and complex access control lists (ACLs) using
intuitive wizards and graphical representations, reducing the need for extensive command-line
knowledge.
Question 6: If you want to use CHAP authentication, which protocol would you employ?
A) Multilink
B) PAP
C) Frame Relay
D) PPP relay
Correct Answer: D) PPP relay
Rationale: CHAP (Challenge Handshake Authentication Protocol) is a more secure
authentication method often used over PPP (Point-to-Point Protocol) connections. The term
"PPP relay" in this context refers to the use of PPP as the underlying protocol for secure
authentication like CHAP. PAP (Password Authentication Protocol) is also an authentication
protocol but less secure as it sends credentials in plaintext. Multilink and Frame Relay are
related but not directly the authentication protocol itself.
Question 7: What is the default encapsulation type on serial interfaces of Cisco routers?
A) PPP
B) HDLC
C) SDLC
D) Frame Relay
Correct Answer: B) HDLC
Rationale: Cisco routers by default use a proprietary version of HDLC (High-Level Data Link
Control) for encapsulation on their serial interfaces. While PPP and Frame Relay are other
common serial encapsulation types, HDLC is the factory default for Cisco.
Practice Questions, Explanations, and Exam Prep for
Certification Mastery
Question 1: All access lists presented in this chapter, except standard IP lists, should be placed
where?1
A) As close to the source as possible2
B) As close to the destination as possible3
C) As close to the serial interface as possible4
D) As close to the tftp server as possible5
Correct Answer: A) As close to the source as possible
Rationale: Extended, named, and numbered (non-standard) IP access lists are capable of
filtering based on multiple criteria, including source IP, destination IP, port numbers, and
protocols. Placing them close to the source of the traffic allows them to filter unwanted traffic
before it consumes network resources unnecessarily, improving efficiency and security.
Standard IP access lists (which only filter on source IP) are typically placed close to the
destination.
Question 2: Which command links an access list to the VTY lines?
A) ip access-group
B) ip access-class
C) vty access-class
D) access-class
Correct Answer: D) access-class
Rationale: The access-class command is used within the line vty configuration mode (e.g., line
vty 0 4) to apply a standard or named access list to control which IP addresses are permitted to
establish Telnet or SSH sessions to the router. ip access-group is used for applying ACLs to
interfaces.
,Question 3: Which SDM wizard allows you to configure a DMZ?
A) Firewall configuration wizard
B) Security configuration wizard
C) Basic firewall wizard
D) Advanced firewall wizard
Correct Answer: D) Advanced firewall wizard
Rationale: In Cisco Security Device Manager (SDM), the Advanced Firewall Wizard provides
more comprehensive and granular control over firewall settings, including the capability to set
up and configure a Demilitarized Zone (DMZ), which is a crucial component of advanced
network security architectures. Basic wizards typically cover simpler, more common firewall
configurations.
Question 4: List the three Basic Firewall security settings.
A) 1st
B) 2nd
C) 3rd
D) A) High B) Medium C) Low
Correct Answer: D) A) High B) Medium C) Low
Rationale: Cisco SDM's Basic Firewall Wizard often provides simplified, pre-defined security
levels such as High, Medium, and Low. These settings adjust the restrictiveness of the firewall
rules to offer varying degrees of security.
Question 5: The SDM cannot be used to create complex access control lists.
A) True
B) False
Correct Answer: B) False
, Rationale: Cisco SDM (Security Device Manager) is a graphical user interface (GUI) tool designed
precisely to simplify the configuration and management of Cisco routers. It allows
administrators to create and apply both basic and complex access control lists (ACLs) using
intuitive wizards and graphical representations, reducing the need for extensive command-line
knowledge.
Question 6: If you want to use CHAP authentication, which protocol would you employ?
A) Multilink
B) PAP
C) Frame Relay
D) PPP relay
Correct Answer: D) PPP relay
Rationale: CHAP (Challenge Handshake Authentication Protocol) is a more secure
authentication method often used over PPP (Point-to-Point Protocol) connections. The term
"PPP relay" in this context refers to the use of PPP as the underlying protocol for secure
authentication like CHAP. PAP (Password Authentication Protocol) is also an authentication
protocol but less secure as it sends credentials in plaintext. Multilink and Frame Relay are
related but not directly the authentication protocol itself.
Question 7: What is the default encapsulation type on serial interfaces of Cisco routers?
A) PPP
B) HDLC
C) SDLC
D) Frame Relay
Correct Answer: B) HDLC
Rationale: Cisco routers by default use a proprietary version of HDLC (High-Level Data Link
Control) for encapsulation on their serial interfaces. While PPP and Frame Relay are other
common serial encapsulation types, HDLC is the factory default for Cisco.
