CCNA Security Final v1.1 part 9
Which three statements describe SSL-based VPNs? (Choose three.) - A symmetric algorithms are used for authentication and key exchange. - It is impossible to configure SSL and IPsec VPNs concurrently on the same router. - Special-purpose client software is required on the client machine. - Symmetric algorithms are used for bulk encryption. - The authentication process uses hashing technologies. - The application programming interface is used to extensively modify the SSL client software. - The primary restriction of SSL VPNs is that they are currently supported only in hardware.
- A symmetric algorithms are used for authentication and key exchange. - Symmetric algorithms are used for bulk encryption. - The authentication process uses hashing technologies.
Which two guidelines relate to in-band network management? (Choose two.) - Apply in-band management only to devices that must be managed on the production network. - Implement separate network segments for the production network and the management network. - Attach all network devices to the same management network. - Use IPSec, SSH,or SSL
- Apply in-band management only to devices that must be managed on the production network. - Use IPSec, SSH,or SSL
Refer to the exhibit. When configuring SSH on a router using SDM from the Configure menu, which two steps are required? (Choose two.) - Choose Additional Tasks > Router Access > SSH to generate the RSA keys. - Choose Additional Tasks > Router Access > VTY to specify SSH as the input and output protocol. - Choose Additional Tasks > Router Properties > Netflow to generate the RSA keys. - Choose Additional Tasks > Router Properties > Logging to specify SSH as the input and output protocol. - Choose Additional Tasks > Router Access > AAA to generate the RSA keys. - Choose Additional Tasks > Router Access > Management Access to specify SSH as the input and output protocol
- Choose Additional Tasks > Router Access > SSH to generate the RSA keys. - Choose Additional Tasks > Router Access > VTY to specify SSH as the input and output protocol.
Which two Cisco IPS management and monitoring tools are examples of GUI-based, centrally managed IPS solutions? (Choose two.) - Cisco Adaptive Security Device Manager - Cisco IPS Device Manager - Cisco Router and Security Device Manager - Cisco Security Manager - Cisco Security Monitoring, Analysis, and Response System.
- Cisco Security Manager - Cisco Security Monitoring, Analysis, and Response System.
Refer to the exhibit.Which AAA function and protocol is in use in the network? - The client is authorizing commands using the TACACS+ protocol. - The client is authorizing commands using the RADIUS protocol. - The client is authenticating using the RADIUS protocol. - The client is authenticating using the TACACS+ protocol
- The client is authenticating using the TACACS+ protocol
Which type of SDM rule is created to govern the traffic that can enter and leave the network based on protocol and port number? - NAC rule - NAT rule - IPsec rule - access rule
- access rule
Which three principles are enabled by a Cisco Self-Defending Network? (Choose three.) - adaptability - collaboration - insulation - integration - mitigation - scalability
- adaptability - collaboration - integration
Which three commands are required to configure SSH ona Cisco router? (Choose three.) - ip domain-name name in global configuration mode - transport input ssh on a vty line - no ip domain-lookup in global configuration mode - password password on a vty line - service password-encryption in global configuration mode - crypto keygenerate rsa in global configuration mode
- ip domain-name name in global configuration mode - transport input ssh on a vty line - crypto keygenerate rsa in global configuration mode
An administrator needs to create a user account with custom access to most privileged EXEC commands. Which privilege command is used to create this custom account? - privilege exec level 0 - privilege exec level 1 - privilege exec level 2 - privilege exec level 15
- privilege exec level 2
An organization has mobile workers who use corporate-owned laptops at customer sites to view inventory and place orders.Which type of VPN allows these workers to securely access all of the client/server applications of the organization? - clientless SSL VPN - remote-access IPsec VPN - site-to-site IPsec VPN - HTTPS-enabled SSL VPN
- remote-access IPsec VPN