Answer CCNA Security Chapter 9 Test CCNAS v. Invisible Algorithm. CCNA Security Chapter 9 question and answers will be shared in this post. Hopefully this question and answer will be helpful to you guys in your test. If you find any additional question or incorrect answer, do left your comment at the bottom of the page. Refer to the exhibit. An administrator creates three zones A, B, and C in an ASA that filters traffic. Traffic originating from Zone A going to Zone C is denied, and traffic originating from Zone B going to Zone C is denied. What is a possible scenario for Zones A, B, and C A DMZ, B Inside, C Outside. A Inside, B DMZ, C Outside. A Outside, B Inside, C DMZA DMZ, B Outside, C Inside. What is one of the drawbacks to using transparent mode operation on an ASA device IP addressingno support for managementno support for using an ASA as a Layer 2 switchno support for Qo. SWhat is a characteristic of ASA security levels An ACL needs to be configured to explicitly permit traffic from an interface with a lower security level to an interface with a higher security level. Each operational interface must have a name and be assigned a security level from 0 to 2. The lower the security level on an interface, the more trusted the interface. Inbound traffic is identified as the traffic moving from an interface with a higher security level to an interface with a lower security level. Refer to the exhibit. Two types of VLAN interfaces were configured on an ASA 5. Base license. The administrator wants to configure a third VLAN interface with limited functionality. Which action should be taken by the administrator to configure the third interfaceBecause the ASA 5. VLAN. The administrator must enter the no forward interface vlan command before the nameif command on the third interface. The administrator configures the third VLAN interface the same way the other two were configured, because the Base license supports the proposed action. The administrator needs to acquire the Security Plus license, because the Base license does not support the proposed action. What command defines a DHCP pool that uses the maximum number of DHCP client addresses available on an ASA 5. Base license CCNAS ASAconfig dhcpd address 1. CCNAS ASAconfig dhcpd address 1. CCNAS ASAconfig dhcpd address 1. CCNAS ASAconfig dhcpd address 1. Which two statements are true about ASA standard ACLs Choose two. They are the most common type of ACL. They are applied to interfaces to control traffic. They are typically only used for OSPF routes. They specify both the source and destination MAC address. They identify only the destination IP address. Refer to the exhibit. A network administrator is configuring the security level for the ASA. What is a best practice for assigning the security level on the three interfaces Outside 4. Psle Past Year Papers. Inside 1. DMZ 0. Outside 0, Inside 3. DMZ 9. 0Outside 1. Inside 1. 0, DMZ 4. Outside 0, Inside 1. DMZ 5. 0Refer to the exhibit. A network administrator is configuring the security level for the ASA. Which statement describes the default result if the administrator tries to assign the Inside interface with the same security level as the DMZ interface The ASA allows inbound traffic initiated on the Internet to the DMZ, but not to the Inside interface. The ASA console will display an error message. The ASA will not allow traffic in either direction between the Inside interface and the DMZ. Pix-configuration-on-GNS3.png' alt='Cisco Asa 5505 Ios For Gns3' title='Cisco Asa 5505 Ios For Gns3' />The ASA allows traffic from the Inside to the DMZ, but blocks traffic initiated on the DMZ to the Inside interface. What is a difference between ASA IPv. ACLs and IOS IPv. ACLs ASA ACLs are always named, whereas IOS ACLs are always numbered. Multiple ASA ACLs can be applied on an interface in the ingress direction, whereas only one IOS ACL can be applied. ASA ACLs use the subnet mask in defining a network, whereas IOS ACLs use the wildcard mask. ASA ACLs do not have an implicit deny any at the end, whereas IOS ACLs do. SettingupAS4.png' alt='Cisco Asa 5505 Ios For Gns3 Routers' title='Cisco Asa 5505 Ios For Gns3 Routers' />ASA ACLs use forward and drop ACEs, whereas IOS ACLs use permit and deny ACEs. What is the purpose of the webtype ACLs in an ASA ASDMto monitor return traffic that is in response to web server requests that are initiated from the inside interfaceto filter traffic for clientless SSL VPN users. Refer to the exhibit. A network administrator has configured NAT on an ASA device. What type of NAT is used NATstatic NATbidirectional NAToutside NATRefer to the exhibit. A network administrator is configuring an object group on an ASA device. Pet Vet 3D Animal Hospital Full. Which configuration keyword should be used after the object group name SERVICE1 When dynamic NAT on an ASA is being configured, what two parameters must be specified by network objectsChoose two. NAT interfacethe outside NAT interface. What function is performed by the class maps configuration object in the Cisco modular policy framework Refer to the exhibit. Based on the security levels of the interfaces on ASA1, what traffic will be allowed on the interfaces Traffic from the Internet and DMZ can access the LAN. Traffic from the Internet and LAN can access the DMZ. Cisco Asa 5505 Ios For Gns3' title='Cisco Asa 5505 Ios For Gns3' />Traffic from the Internet can access both the DMZ and the LAN. Traffic from the LAN and DMZ can access the Internet. What are three characteristics of the ASA routed mode Choose three. This mode is referred to as a bump in the wire. In this mode, the ASA is invisible to an attacker. IPSEC is a standardized protocol IETF standard which means that it is supported by many different vendors. Therefore if you want to create a VPN between. How to add ASA Firewall to GNS3 Download initrd and kernel here http QEMU options noquit no. What is one of the drawbacks to using transparent mode operation on an ASA device no support for IP addressing. Prepare the CCNA and CCNP exams with our Cisco Packet Tracer tutorials. Download free Packet Tracer 6. Packet Tracer 7. 1 has been released by Cisco on netacad. August 2017. This is a major version including updated IOS 15. Question and answers for CCNA Security Final Exam Version 2. Below is compile list for all questions Final Exam CCNA Secur. The interfaces of the ASA separate Layer 3 networks and require different IP addresses in different subnets. It is the traditional firewall deployment mode. This mode does not support VPNs, Qo. S, or DHCP Relay. NAT can be implemented between connected networks. Refer to the exhibit. An administrator has configured an ASA 5. What is the cause of this problem The no shutdown command should be entered on interface Ethernet 01. VLAN 1 should be the outside interface and VLAN 2 should be the inside interface. VLAN 1 should be assigned to interface Ethernet 00 and VLAN 2 to Ethernet 01. The security level of the inside interface should be 0 and the outside interface should be 1. An IP address should be configured on the Ethernet 00 and 01 interfaces. Refer to the exhibit. According to the command output, which three statements are true about the DHCP options entered on the ASA 5. Choose three. The dhcpd address start of pool end of pool inside command was issued to enable the DHCP client. The dhcpd auto config outside command was issued to enable the DHCP server. The dhcpd address start of pool end of pool inside command was issued to enable the DHCP server. The dhcpd auto config outside command was issued to enable the DHCP client. The dhcpd enable inside command was issued to enable the DHCP client. The dhcpd enable inside command was issued to enable the DHCP server. Refer to the exhibit. What will be displayed in the output of the show running config object command after the exhibited configuration commands are entered on an ASA 5. What must be configured on a Cisco ASA device to support local authentication AAAthe IP address of the RADIUS or TACACS serverencrypted passwords. SSHv. 2RSA keys. Which statement describes a difference between the Cisco ASA IOS CLI feature and the router IOS CLI feature ASA uses the command whereas a router uses the help command to receive help on a brief description and the syntax of a command.