CCDA FAQ: Security Solutions

Q: What security device combines IOS firewall with VPN and IPS services?

B. Integrated Services Router (ISR) combines IOS firewall, VPN, and IPS services.

Q: What Cisco security appliance acts as an SMTP gateway for the enterprise?

B. IronPort ESA is a firewall and threat-monitoring appliance for SMTP (TCP port 25)-based traffic.

Q: What Cisco security management platform is used to control the TACACS and RADIUS protocols?

C. Cisco ACS is a security management platform for controlling administrative access for Cisco devices and security applications.

Q: Which of the following is a standards-based protocol for authenticating network clients?

C. The 802.1X protocol is a standards-based protocol for authenticating network clients by permitting or denying access to the network.

CCDA FAQ: Security Solutions

Q1. What security device combines IOS firewall with VPN and IPS services?
a. ASA
b. ISR
c. Cisco Catalyst switches
d. IPS

Answer: B. Integrated Services Router (ISR) combines IOS firewall, VPN, and IPS services.

Q2. Which of the following is a standards-based protocol for authenticating network clients?
a. NAC
b. PoE
c. 802.1X
d. CSM

Answer: C. The 802.1X protocol is a standards-based protocol for authenticating network clients by permitting or denying access to the network.

Q3. Cisco ________ Appliance is an integrated solution led by Cisco that incorporates the network infrastructure and third-party software to impose security policy on attached endpoints.
a. ASA
b. CSM
c. ISR
d. NAC

Answer: D. The Cisco NAC Appliance is an integrated solution led by Cisco that incorporates the network infrastructure and third-party software to impose security policies on the attached endpoints.

Q4. What is an appliance-based solution for network security administrators to monitor, identity, isolate, and respond to security threats? (Select the best answer.)
a. CS-MARS
b. CSA MC
c. ASDM
d. IDM

Answer: A. Cisco Security MARS (CS-MARS) is an appliance-based solution for network security administrators to monitor, identify, isolate, and respond to security threats.

Q5. Cisco IOS Trust and Identity has a set of services that include which of the following? (Select all that apply.)
a. 802.1X
b. SSL
c. AAA
d. ASDM

Answer: A, B, and C. Cisco IOS Trust and Identity is a set of services that include AAA, SSH, SSL, 802.1X, and PKI.

Q6. Cisco IOS ______________ offers data encryption at the IP packet level using a set of standards-based protocols.
a. IPS
b. IPsec
c. L2TP
d. L2F

Answer: B. Cisco IOS IPsec offers data encryption at the IP packet level using a set of standards-based protocols.

Q7. What provides hardware VPN encryption for terminating a large number of VPN tunnels for ISRs?
a. FWSM
b. IDS Network Module
c. Network Analysis Module
d. High-Performance AIM

Answer: D. High-Performance Advanced Integration Module (AIM) is a hardware module for terminating large numbers of VPN tunnels.

Q8. What are two ways to enhance VPN performance on Cisco ISR G2s?
a. SSL Network Module
b. IDS Network Module
c. Built-In Hardware VPN Acceleration
d. High-Performance AIM

Answer: C and D. Built-In Hardware VPN Acceleration is hardware-based encryption that offloads VPN processing from the router’s internal CPU to improve VPN throughput. High-Performance Advanced Integration Module (AIM) is a hardware module for terminating large numbers of VPN tunnels.

Q9. Which Cisco security solution can prevent noncompliant devices from accessing the network until they are compliant?
a. CS-MARS
b. IDS module
c. ACS
d. NAC

Answer: D. Cisco NAC can restrict access to noncompliant devices but permit access to trusted wired or wireless endpoints such as desktops, laptops, PDAs, and servers.

Q10. Which of the following service modules do Cisco Catalyst 6500 switches support? (Select all that apply.)
a. FWSM
b. IDSM2
c. IPsec VPN Shared Port Adapter (SPA)
d. ASA

Answer: A and B. Cisco Catalyst 6500 switches support FWSM and IDSM2 service modules.

Q11. What provides attack responses by blocking malicious traffic with Gbps line rates?
a. Network Analysis Module
b. Anomaly Guard Module
c. Content Switch Module
d. Traffic Anomaly Detector Module

Answer: B. The Anomaly Guard Module provides attack responses by blocking malicious traffic at Gbps line rates.

Q12. Which of the following are identity and access control protocols and mechanisms? (Select all that apply.)
a. 802.1X
b. ACLs
c. NAC
d. NetFlow

Answer: A, B, and C. Some identity and access control protocols include 802.1X, ACLs, and NAC. NetFlow collects stats on packets flowing through the router.

Q13. Which two of the following are Cisco security management tools?
a. CS-MARS
b. IDS module
c. ACS
d. NAC

Answer: A and C. Cisco Security MARS and ACS are two Cisco security management tools.

Q14. True or false: NetFlow is used for threat detection and mitigation.

Answer: True. NetFlow is used for threat detection and mitigation.

Q15. True or false: Cisco ASAs, PIX security appliances, FWSM, and IOS firewall are part of infection containment.

Answer: True. Cisco ASAs, PIX security appliances, FWSM, and IOS firewall are part of infection containment.

Q16. What IOS feature offers inline deep packet inspection to successfully diminish a wide range of network attacks?
a. IOS SSH
b. IOS SSL VPN
c. IOS IPsec
d. IOS IPS

Answer: D. The IOS Intrusion Prevention System (IPS) offers inline deep packet inspection to successfully diminish a wide range of network attacks.

Q17. The Cisco 4200 ___________ sensor appliances can identify, analyze, and block unwanted traffic from flowing on the network.

Answer: IPS. The Cisco 4200 IPS sensor appliances can identify, analyze, and block unwanted traffic on the network.

Q18. What provides centralized control for administrative access to Cisco devices and security applications?
a. CSM
b. ACS
c. CS-MARS
d. ASDM

Answer: B. Cisco Secure Access Control Server (ACS) provides centralized control for administrative access to Cisco devices and security applications.

Q19. True or false: IPS 4255 delivers 10000 Mbps of performance and can be used to protect partially utilized gigabit-connected subnets.

Answer: False. IPS 4255 delivers 650 Mbps of performance and can be used to protect partially utilized gigabit-connected subnets.

Q20. Match each protocol, mechanism, or feature with its security grouping:
i. CSM
ii. IGP/EGP MD5
iii. NetFlow
iv. NAC
a. Identity and access control
b. Threat detection and mitigation
c. Infrastructure protection
d. Security management

Answer: i = D, ii = C, iii = B, iv = A

Q21. Which of the following are benefits of using Cisco SAFE Architecture? (Select all that apply.)
a. SAFE eases the development, implementation, and management of secure networks.
b. SAFE provides for an open, modular, and expandable structure.
c. SAFE is the basis for the design of highly available secure networks.
d. SAFE provides for self-healing of network devices.

Answer: A, B, and C. SAFE Architecture does not provide self-healing of network devices.

Q22. What network security platform combines a high-performance firewall with an IPS, antivirus, IPsec, and an SSL VPN in a single unified architecture?
a. Integrated Services Routers
b. Cisco Catalyst switches
c. Adaptive Security Appliances
d. NAC

Answer: C. The Cisco ASAs provide high-performance firewall, IPS, antivirus, IPsec, and VPN services.

Q23. Which media-level access control standard developed by IEEE permits and denies access to the network and applies traffic policy based on identity?
a. AES
b. 802.1X
c. NAC
d. FWSM

Answer: B. 802.1x is an IEEE media-level access control standard that permits and denies admission to the network and applies traffic policy based on identity.

Q24. What mechanism protects networks from threats by enforcing security compliance on all devices attempting to access the network?
a. NAC
b. SNMP
c. ASDM
d. SDM

Answer: A. Network Access Control (NAC) protects the network from security threats by enforcing security compliance on all devices attempting to access the network.

Q25. Which of the following can be used to perform firewall filtering with the use of ACLs? (Select all that apply.)
a. ASA
b. IPS
c. FWSM
d. All of the above

Answer: A and C. The Cisco FWSM and ASA security appliances all support firewall filtering with ACLs.

Q26. What Cisco security appliance acts as an SMTP gateway for the enterprise?
a. Cisco NAC Appliance
b. Cisco IronPort ESA
c. Cisco ASA
d. Cisco IronPort WSA

Answer: B. IronPort ESA is a firewall and threat-monitoring appliance for SMTP (TCP port 25)-based traffic.

Q27. Which security management solution integrates the configuration management of firewalls, VPNs, routers, switch modules, and IPS devices?
a. CSM
b. SDM
c. ASDM
d. ACS

Answer: A. Cisco Security Manager (CSM) is an integrated solution for configuration management of firewall, VPN, router, switch module, and IPS devices.

Q28. When integrating security into the network, which of the following can be used? (Select all that apply.)
a. RMON
b. ASA
c. Cisco IOS IPS
d. Syslog

Answer: B and C. Cisco IOS IPS and ASA can be used to integrate security into the network.

Q29. Which of the following technologies is used to detect and mitigate threats in network traffic?
a. 802.1X
b. NetFlow
c. NAC
d. SSH

Answer: B. NetFlow provides information for detecting and mitigating threats.

Q30. What Cisco security management platform is used to control the TACACS and RADIUS protocols?
a. SSH
b. NIPS
c. ACS
d. IDM

Answer: C. Cisco ACS is a security management platform for controlling administrative access for Cisco devices and security applications.

CCDA FAQ: Security Solutions

Related