CCNA Security v2.0 Practice Exam Simulator Online

Refer to the exhibit.

Based on the output generated by the show monitor session 1 command, how will SPAN operate on the switch?

Refer to the exhibit.

The ISAKMP policy for the IKE Phase 1 tunnel was configured, but the tunnel does not yet exist. Which action should be taken next before IKE Phase 1 negotiations can begin?

What is the function of the Hashed Message Authentication Code (HMAC) algorithm in setting up an IPsec VPN?

On what switch ports should PortFast be enabled to enhance STP stability?

What ports can receive forwarded traffic from an isolated port that is part of a PVLAN?

What is the next step in the establishment of an IPsec VPN after IKE Phase 1 is complete?

Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.)

What is the purpose of AAA accounting?

What service or protocol does the Secure Copy Protocol rely on to ensure that secure copy transfers are from authorized users?

Which statement accurately describes Cisco IOS Zone-Based Policy Firewall operation?

Which two statements describe the use of asymmetric algorithms? (Choose two.)

What are three characteristics of the RADIUS protocol? (Choose three.)

What algorithm is used with IPsec to provide data confidentiality?

When configuring SSH on a router to implement secure network management, a network engineer has issued the login local and transport input ssh line vty commands. What three additional configuration actions have to be performed to complete the SSH configuration? (Choose three.)

What is an advantage of HIPS that is not provided by IDS?

Which interface setting can be configured in ASDM through the Device Setup tab?

A security technician uses an asymmetric algorithm to encrypt messages with a private key and then forwards that data to another technician. What key must be used to decrypt this data?

A network administrator is configuring an AAA server to manage TACACS+ authentication. What are two attributes of TACACS+ authentication? (Choose two.)

What technology is used to separate physical interfaces on the ASA 5505 device into different security zones?

How are Intrusion Prevention System (IPS) and Intrusion Detection System (IDS) components used conjunctively?

What is the result of a DHCP starvation attack?

Which router component determines the number of signatures and engines that can be supported in an IPS implementation?

What can be used as an alternative to HMAC?

How can DHCP spoofing attacks be mitigated?

A network administrator is configuring an AAA server to manage RADIUS authentication. Which two features are included in RADIUS authentication? (Choose two.)

A syslog server has received the message shown.

*Mar 1 00:07:18.783: %SYS-5-CONFIG_I: Configured from console by vty0 (172.16.45.1)

What can be determined from the syslog message?

What is the default preconfigured security level for the outside network interface on a Cisco ASA 5505?

What term describes a set of rules used by an IDS or IPS to detect typical intrusion activity?

Which type of VLAN-hopping attack may be prevented by designating an unused VLAN as the native VLAN?

Which statement describes the Cisco Cloud Web Security?

Why is Diffie-Hellman algorithm typically avoided for encrypting data?

What information does the SIEM network security management tool provide to network administrators?

What can be configured as part of a network object?

A user complains about not being able to gain access to the network. What command would be used by the network administrator to determine which AAA method list is being used for this particular user as the user logs on?

What is a limitation to using OOB management on a large enterprise network?

A company deploys a network-based IPS. Which statement describes a false negative alarm that is issued by the IPS sensor?

What type of ACL offers greater flexibility and control over network access?

Which security document includes implementation details, usually with step-by-step instructions and graphics?

What is a characteristic of a DMZ zone?

Which type of ASDM connection would provide secure remote access for remote users into corporate networks?

Which three forwarding plane services and functions are enabled by the Cisco AutoSecure feature?​ (Choose three.)

Which feature of the Cisco Network Foundation Protection framework prevents a route processor from being overwhelmed by unnecessary traffic?

What three tasks can a network administrator accomplish with the Nmap and Zenmap security testing tools? (Choose three.)

Which two end points can be on the other side of an ASA site-to-site VPN configured using ASDM? (Choose two.)

A company deploys a hub-and-spoke VPN topology where the security appliance is the hub and the remote VPN networks are the spokes. Which VPN method should be used in order for one spoke to communicate with another spoke through the single public interface of the security appliance?

Which two types of hackers are typically classified as grey hat hackers? (Choose two.)

Which security implementation will provide management plane protection for a network device?

A security technician is evaluating a new operations security proposal designed to limit access to all servers. What is an advantage of using network security testing to evaluate the new proposal?

Which feature is specific to the Security Plus upgrade license of an ASA 5505 and provides increased availability?

What is a characteristic of an ASA site-to-site VPN?

What is a result of enabling the Cisco IOS image resilience feature?

What does the keyword default specify when used with the aaa authentication login command?

What are two protocols that are used by AAA to authenticate users against a central database of usernames and password? (Choose two.)

Which service should be disabled on a router to prevent a malicious host from falsely responding to ARP requests with the intent to redirect the Ethernet frames?

What is a characteristic of asymmetric algorithms?

What are two drawbacks in assigning user privilege levels on a Cisco router? (Choose two.)