Last Updated on July 3, 2019 by Admin
Implementing Network Security ( Version 2.0) – CCNAS Chapter 10 Exam Online
CCNAS – Chapter 10 Exam
Quiz-summary
0 of 26 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
Information
CCNAS – Chapter 10 Exam
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 26 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Average score |
|
Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- Answered
- Review
-
Question 1 of 26
1. Question
1 pointsWhich statement describes the function provided to a network administrator who uses the Cisco Adaptive Security Device Manager (ASDM) GUI that runs as a Java Web Start application?Correct
Incorrect
Cisco Adaptive Security Device Manager (ASDM) is a Java-based GUI tool that facilitates the management of Cisco ASAs. Cisco ASDM can be used to manage multiple ASAs that run the same ASDM version. ASDM can be run as a Java Web Start application that allows an administrator to configure and monitor that ASA device. Otherwise ASDM can also be downloaded from flash and installed locally on a host as an application; which allows an administrator to use ASDM (local application) to manage multiple ASA devices.
Hint
Cisco Adaptive Security Device Manager (ASDM) is a Java-based GUI tool that facilitates the management of Cisco ASAs. Cisco ASDM can be used to manage multiple ASAs that run the same ASDM version. ASDM can be run as a Java Web Start application that allows an administrator to configure and monitor that ASA device. Otherwise ASDM can also be downloaded from flash and installed locally on a host as an application; which allows an administrator to use ASDM (local application) to manage multiple ASA devices. -
Question 2 of 26
2. Question
1 pointsWhat is one benefit of using ASDM compared to using the CLI to configure the Cisco ASA?Correct
Incorrect
Cisco ASDM facilitates configuration of Cisco ASAs because it hides the complexity of the configuration commands. The ASA is required to have a minimum configuration before accessing the ASDM. ASDM is accessed using a web browser connection or local application which provides no more security than being consoled into the device.
Hint
Cisco ASDM facilitates configuration of Cisco ASAs because it hides the complexity of the configuration commands. The ASA is required to have a minimum configuration before accessing the ASDM. ASDM is accessed using a web browser connection or local application which provides no more security than being consoled into the device. -
Question 3 of 26
3. Question
1 pointsWhich type of security is required for initial access to the Cisco ASDM by using the local application option?Correct
Incorrect
ASDM is accessed using an SSL local application connection.
Hint
ASDM is accessed using an SSL local application connection. -
Question 4 of 26
4. Question
1 pointsWhich minimum configuration is required on most ASAs before ASDM can be used?Correct
Incorrect
Before an ASA can be accessed using ASDM, the ASA must have a management interface configured. On an ASA 5505 , a logical VLAN interface and Ethernet port other than 0/0 must be configured. All other ASAs must have a dedicated Layer 3 management interface that is assigned an IP address and appropriate security level.
Hint
Before an ASA can be accessed using ASDM, the ASA must have a management interface configured. On an ASA 5505 , a logical VLAN interface and Ethernet port other than 0/0 must be configured. All other ASAs must have a dedicated Layer 3 management interface that is assigned an IP address and appropriate security level. -
Question 5 of 26
5. Question
1 pointsWhat must be configured on an ASA before it can be accessed by ASDM?Correct
Incorrect
Before an ASA can be accessed using ASDM, the ASA must have access permissions and the ASA web server enabled. Furthermore, a management interface must be configured. On an ASA 5505, a logical VLAN interface and Ethernet port other than 0/0 must be configured. All other ASAs must have a dedicated Layer 3 management interface that is assigned an IP address and appropriate security level.
Hint
Before an ASA can be accessed using ASDM, the ASA must have access permissions and the ASA web server enabled. Furthermore, a management interface must be configured. On an ASA 5505, a logical VLAN interface and Ethernet port other than 0/0 must be configured. All other ASAs must have a dedicated Layer 3 management interface that is assigned an IP address and appropriate security level. -
Question 6 of 26
6. Question
1 pointsHow is an ASA interface configured as an outside interface when using ASDM?Correct
Incorrect
To configure an ASA interface using ASDM, select the desired interface and click Add. In the Interface Name textbox, enter outside. Assign the security level, IP address, and subnet mask. Do not forget to enable the Enable Interface check box.
Hint
To configure an ASA interface using ASDM, select the desired interface and click Add. In the Interface Name textbox, enter outside. Assign the security level, IP address, and subnet mask. Do not forget to enable the Enable Interface check box. -
Question 7 of 26
7. Question
1 pointsRefer to the exhibit. Which Device Management menu item would be used to access the ASA command line from within Cisco ASDM?Correct
Incorrect
To access the command line, expand the Management Access option, expand the Command Line (CLI) section, and select CLI Prompt.Hint
To access the command line, expand the Management Access option, expand the Command Line (CLI) section, and select CLI Prompt. -
Question 8 of 26
8. Question
1 pointsWhich ASDM configuration option is used to configure the ASA enable secret password?Correct
Incorrect
The two main ASDM options used to configure an ASA are Device Setup and Device Management. Within Device Setup are the Startup Wizard, Interfaces, Routing, Device Name/Password, and System Time options.
Hint
The two main ASDM options used to configure an ASA are Device Setup and Device Management. Within Device Setup are the Startup Wizard, Interfaces, Routing, Device Name/Password, and System Time options. -
Question 9 of 26
9. Question
1 pointsRefer to the exhibit. Which Device Setup ASDM menu option would be used to configure the ASA for an NTP server?Correct
Incorrect
The System Time option is used to manually configure the time zone, date, and time or to configure the system to obtain the date and time from an NTP server.
Hint
The System Time option is used to manually configure the time zone, date, and time or to configure the system to obtain the date and time from an NTP server. -
Question 10 of 26
10. Question
1 pointsTrue or False? The ASA can be configured through ASDM as a DHCP server.Correct
Incorrect
Use the Device Management configuration option to select DHCP and configure DHCP inside and outside settings.
Hint
Use the Device Management configuration option to select DHCP and configure DHCP inside and outside settings. -
Question 11 of 26
11. Question
1 pointsWhich ASDM interface option would be used to configure an ASA as a DHCP server for local corporate devices?Correct
Incorrect
ASDM supports DHCP server and relay settings. From the DHCP Server menu option, select the inside interface and enable the DHCP server option to provide addresses for devices attached through the inside ASA interface. The DMZ commonly contains servers that have statically assigned IP addresses. The outside interface connects to the WAN and would not have devices that would use corporate-provided DHCP.
Hint
ASDM supports DHCP server and relay settings. From the DHCP Server menu option, select the inside interface and enable the DHCP server option to provide addresses for devices attached through the inside ASA interface. The DMZ commonly contains servers that have statically assigned IP addresses. The outside interface connects to the WAN and would not have devices that would use corporate-provided DHCP. -
Question 12 of 26
12. Question
1 pointsWhich ASDM configuration option re-encrypts all shared keys and passwords on an ASA?Correct
Incorrect
The master passphrase is used to reversibly encrypt shared keys and passwords.
Hint
The master passphrase is used to reversibly encrypt shared keys and passwords. -
Question 13 of 26
13. Question
1 pointsWhich type of encryption is applied to shared keys and passwords when the master passphrase option is enabled through ASDM for an ASA?Correct
Incorrect
The master passphrase is used to reversibly encrypt shared keys and passwords. Once enabled, AES encryption is used for the password encryption.
Hint
The master passphrase is used to reversibly encrypt shared keys and passwords. Once enabled, AES encryption is used for the password encryption. -
Question 14 of 26
14. Question
2 pointsWhen the CLI is used to configure an ISR for a site-to-site VPN connection, which two items must be specified to enable a crypto map policy? (Choose two.)Correct
Incorrect
After the crypto map command in global configuration mode has been issued, the new crypto map will remain disabled until a peer and a valid access list have been configured.Hint
After the crypto map command in global configuration mode has been issued, the new crypto map will remain disabled until a peer and a valid access list have been configured. -
Question 15 of 26
15. Question
1 pointsWhat is the purpose of the ACL in the configuration of an ISR site-to-site VPN connection?Correct
Incorrect
An ACL is used in the ISR configuration of a site-to-site VPN connection to define traffic that will be permitted. This traffic is referred to as interesting traffic.
Hint
An ACL is used in the ISR configuration of a site-to-site VPN connection to define traffic that will be permitted. This traffic is referred to as interesting traffic. -
Question 16 of 26
16. Question
1 pointsWhen ASDM is used to configure an ASA site-to-site VPN, what can be customized to secure traffic?Correct
Incorrect
When selected traffic is being secured during ASDM site-to-site VPN configuration, both IKE and ISAKMP parameters can be set. The authentication options are a preshared key or the use of a digital certificate.
Hint
When selected traffic is being secured during ASDM site-to-site VPN configuration, both IKE and ISAKMP parameters can be set. The authentication options are a preshared key or the use of a digital certificate. -
Question 17 of 26
17. Question
1 pointsWhich VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA?Correct
Incorrect
When a web browser is used to securely access the corporate network, the browser must use a secure version of HTTP to provide SSL encryption. A VPN client is not required to be installed on the remote host, so a clientless SSL connection is used.
Hint
When a web browser is used to securely access the corporate network, the browser must use a secure version of HTTP to provide SSL encryption. A VPN client is not required to be installed on the remote host, so a clientless SSL connection is used. -
Question 18 of 26
18. Question
1 pointsWhich remote-access VPN connection allows the user to connect by using a web browser?Correct
Incorrect
When a web browser is used to securely access the corporate network, the browser must use a secure version of HTTP to provide SSL encryption. A VPN client is not required to be installed on the remote host, so a clientless SSL connection is used.
Hint
When a web browser is used to securely access the corporate network, the browser must use a secure version of HTTP to provide SSL encryption. A VPN client is not required to be installed on the remote host, so a clientless SSL connection is used. -
Question 19 of 26
19. Question
1 pointsWhich remote-access VPN connection allows the user to connect using Cisco AnyConnect?Correct
Incorrect
Cisco AnyConnect is used to create an IPsec (IKEv2) VPN connection. A web browser is used for a clientless SSL VPN. A Cisco VPN client uses IPsec (IKEv1).
Hint
Cisco AnyConnect is used to create an IPsec (IKEv2) VPN connection. A web browser is used for a clientless SSL VPN. A Cisco VPN client uses IPsec (IKEv1). -
Question 20 of 26
20. Question
1 pointsWhich statement describes available user authentication methods when using an ASA 5505 device?Correct
Incorrect
Authentication on an ASA 5505 device can be accomplished by using a AAA server and indicating the location of the server. Alternatively, a local database can be used by entering the appropriate username and password.
Hint
Authentication on an ASA 5505 device can be accomplished by using a AAA server and indicating the location of the server. Alternatively, a local database can be used by entering the appropriate username and password. -
Question 21 of 26
21. Question
1 pointsWhich remote-access VPN connection needs a bookmark list?Correct
Incorrect
The clientless SSL VPN uses a web browser for access and uses a set of URLs that are configured to be used with the web portal.
Hint
The clientless SSL VPN uses a web browser for access and uses a set of URLs that are configured to be used with the web portal. -
Question 22 of 26
22. Question
1 pointsWhat occurs when a user logs out of the web portal on a clientless SSL VPN connection?Correct
Incorrect
When a user logs out, he or she loses access to the VPN. The user does receive a message advising to clear the browser cache, delete the downloaded files, and close the browser window for added security. If the user does not log out, the connection will eventually time out.
Hint
When a user logs out, he or she loses access to the VPN. The user does receive a message advising to clear the browser cache, delete the downloaded files, and close the browser window for added security. If the user does not log out, the connection will eventually time out. -
Question 23 of 26
23. Question
1 pointsIf an outside host does not have the Cisco AnyConnect client preinstalled, how would the host gain access to the client image?Correct
Incorrect
If an outside host does not have the Cisco AnyConnect client preinstalled, the remote user must initiate a clientless SSL VPN connection via a compliant web browser, and then download and install the AnyConnect client on the remote host.
Hint
If an outside host does not have the Cisco AnyConnect client preinstalled, the remote user must initiate a clientless SSL VPN connection via a compliant web browser, and then download and install the AnyConnect client on the remote host. -
Question 24 of 26
24. Question
1 pointsWhat is an optional feature that is performed during the Cisco AnyConnect Secure Mobility Client VPN establishment phase?Correct
Incorrect
During the process of establishing a VPN connection, a posture assessment can be performed in order to identify the client operating system, antivirus, antispyware, and firewall software. Once identified, a determination can be made whether remote access is allowed.
Hint
During the process of establishing a VPN connection, a posture assessment can be performed in order to identify the client operating system, antivirus, antispyware, and firewall software. Once identified, a determination can be made whether remote access is allowed. -
Question 25 of 26
25. Question
1 pointsWhich item describes secure protocol support provided by Cisco AnyConnect?Correct
Incorrect
Both IPsec and SSL are supported by Cisco AnyConnect.
Hint
Both IPsec and SSL are supported by Cisco AnyConnect. -
Question 26 of 26
26. Question
1 pointsWhat is the purpose of configuring an IP address pool to be used for client-based SSL VPN connections?Correct
Incorrect
The IP address pool is assigned to clients when they connect. The IP address pool configuration is required for successful client-based SSL VPN connectivity. Without an available IP address pool, the connection to the security appliance fails.
Hint
The IP address pool is assigned to clients when they connect. The IP address pool configuration is required for successful client-based SSL VPN connectivity. Without an available IP address pool, the connection to the security appliance fails.