CCDA FAQ: Security Solutions
Q1. What security device combines IOS firewall with VPN and IPS services?
a. ASA
b. ISR
c. Cisco Catalyst switches
d. IPS
Q2. Which of the following is a standards-based protocol for authenticating network clients?
a. NAC
b. PoE
c. 802.1X
d. CSM
Q3. Cisco ________ Appliance is an integrated solution led by Cisco that incorporates the network infrastructure and third-party software to impose security policy on attached endpoints.
a. ASA
b. CSM
c. ISR
d. NAC
Q4. What is an appliance-based solution for network security administrators to monitor, identity, isolate, and respond to security threats? (Select the best answer.)
a. CS-MARS
b. CSA MC
c. ASDM
d. IDM
Q5. Cisco IOS Trust and Identity has a set of services that include which of the following? (Select all that apply.)
a. 802.1X
b. SSL
c. AAA
d. ASDM
Q6. Cisco IOS ______________ offers data encryption at the IP packet level using a set of standards-based protocols.
a. IPS
b. IPsec
c. L2TP
d. L2F
Q7. What provides hardware VPN encryption for terminating a large number of VPN tunnels for ISRs?
a. FWSM
b. IDS Network Module
c. Network Analysis Module
d. High-Performance AIM
Q8. What are two ways to enhance VPN performance on Cisco ISR G2s?
a. SSL Network Module
b. IDS Network Module
c. Built-In Hardware VPN Acceleration
d. High-Performance AIM
Q9. Which Cisco security solution can prevent noncompliant devices from accessing the network until they are compliant?
a. CS-MARS
b. IDS module
c. ACS
d. NAC
Q10. Which of the following service modules do Cisco Catalyst 6500 switches support? (Select all that apply.)
a. FWSM
b. IDSM2
c. IPsec VPN Shared Port Adapter (SPA)
d. ASA
Q11. What provides attack responses by blocking malicious traffic with Gbps line rates?
a. Network Analysis Module
b. Anomaly Guard Module
c. Content Switch Module
d. Traffic Anomaly Detector Module
Q12. Which of the following are identity and access control protocols and mechanisms? (Select all that apply.)
a. 802.1X
b. ACLs
c. NAC
d. NetFlow
Q13. Which two of the following are Cisco security management tools?
a. CS-MARS
b. IDS module
c. ACS
d. NAC
Q14. True or false: NetFlow is used for threat detection and mitigation.
Q15. True or false: Cisco ASAs, PIX security appliances, FWSM, and IOS firewall are part of infection containment.
Q16. What IOS feature offers inline deep packet inspection to successfully diminish a wide range of network attacks?
a. IOS SSH
b. IOS SSL VPN
c. IOS IPsec
d. IOS IPS
Q17. The Cisco 4200 ___________ sensor appliances can identify, analyze, and block unwanted traffic from flowing on the network.
Q18. What provides centralized control for administrative access to Cisco devices and security applications?
a. CSM
b. ACS
c. CS-MARS
d. ASDM
Q19. True or false: IPS 4255 delivers 10000 Mbps of performance and can be used to protect partially utilized gigabit-connected subnets.
Q20. Match each protocol, mechanism, or feature with its security grouping:
i. CSM
ii. IGP/EGP MD5
iii. NetFlow
iv. NAC
a. Identity and access control
b. Threat detection and mitigation
c. Infrastructure protection
d. Security management
Q21. Which of the following are benefits of using Cisco SAFE Architecture? (Select all that apply.)
a. SAFE eases the development, implementation, and management of secure networks.
b. SAFE provides for an open, modular, and expandable structure.
c. SAFE is the basis for the design of highly available secure networks.
d. SAFE provides for self-healing of network devices.
Q22. What network security platform combines a high-performance firewall with an IPS, antivirus, IPsec, and an SSL VPN in a single unified architecture?
a. Integrated Services Routers
b. Cisco Catalyst switches
c. Adaptive Security Appliances
d. NAC
Q23. Which media-level access control standard developed by IEEE permits and denies access to the network and applies traffic policy based on identity?
a. AES
b. 802.1X
c. NAC
d. FWSM
Q24. What mechanism protects networks from threats by enforcing security compliance on all devices attempting to access the network?
a. NAC
b. SNMP
c. ASDM
d. SDM
Q25. Which of the following can be used to perform firewall filtering with the use of ACLs? (Select all that apply.)
a. ASA
b. IPS
c. FWSM
d. All of the above
Q26. What Cisco security appliance acts as an SMTP gateway for the enterprise?
a. Cisco NAC Appliance
b. Cisco IronPort ESA
c. Cisco ASA
d. Cisco IronPort WSA
Q27. Which security management solution integrates the configuration management of firewalls, VPNs, routers, switch modules, and IPS devices?
a. CSM
b. SDM
c. ASDM
d. ACS
Q28. When integrating security into the network, which of the following can be used? (Select all that apply.)
a. RMON
b. ASA
c. Cisco IOS IPS
d. Syslog
Q29. Which of the following technologies is used to detect and mitigate threats in network traffic?
a. 802.1X
b. NetFlow
c. NAC
d. SSH
Q30. What Cisco security management platform is used to control the TACACS and RADIUS protocols?
a. SSH
b. NIPS
c. ACS
d. IDM