Answer CCNA Security Chapter 4 Test – CCNAS v1.1 | Invisible Algorithm

http://www.invialgo.com/2012/answer-ccna-security-chapter-4-test-ccnas-v1-1/[11/1/2012 1:17:14 AM]

RECENTLY WRITTEN

Disable w3 TotalCache PluginCompletelyUnable to Connectto Internet EsetSmart SecurityAtheros AR5007EGWindows 7 DriverNetwork SecurityChapter 4 PacketTracer Activity AAnswerAnswer CCNASecurity Chapter 10Test – CCNAS v1.1

COFFEE FOR ME

SEARCH

Answer CCNA SecurityChapter 4 Test –CCNAS v1.1

This post is regarding questions and answer for CCNA SecurityChapter 4 Test. The questions show here are based on CCNAS v1.1.All the answers has been verified to be 100% correct. I wish with

Posted on August 3, 2012

VMware Courses-Free ExamsVMware and Zimbra training coursesRegister today and become a VCP

www.alfavad.com

Home Category Search Sitemap Contact Us About

Answer CCNA Security Chapter 4 Test – CCNAS v1.1 | Invisible Algorithm

http://www.invialgo.com/2012/answer-ccna-security-chapter-4-test-ccnas-v1-1/[11/1/2012 1:17:14 AM]

InvisibleAlgorithmonFacebook

105 peoplelike

Like

Facebook social plugin

+6

Follow

Find us on Google+

CCNA SECURITY

Chapter 1Chapter 2Chapter 3Chapter 4Chapter 5

all these questions and answers provided here will be a good guideand reference to all of us.

Refer to the exhibit. The ACL statement is the only one explicitlyconfigured on the router. Based on this information, which twoconclusions can be drawn regarding remote access networkconnections? (Choose two.)

SSH connections from the 192.168.1.0/24 network to the192.168.2.0/24 network are allowed.

Telnet connections from the 192.168.1.0/24 network to the192.168.2.0/24 network are allowed.

SSH connections from the 192.168.2.0/24 network to the192.168.1.0/24 network are allowed.

Telnet connections from the 192.168.1.0/24 network to the192.168.2.0/24 network are blocked.

SSH connections from the 192.168.1.0/24 network to the192.168.2.0/24 network are blocked.

Telnet connections from the 192.168.2.0/24 network to the192.168.1.0/24 network are allowed.

Which two are characteristics of ACLs? (Choose two.)

Extended ACLs can filter on destination TCP and UDP ports.

Standard ACLs can filter on source TCP and UDP ports.

Extended ACLs can filter on source and destination IPaddresses.

Standard ACLs can filter on source and destination IP addresses.

Standard ACLs can filter on source and destination TCP and UDP

Answer CCNA Security Chapter 4 Test – CCNAS v1.1 | Invisible Algorithm

http://www.invialgo.com/2012/answer-ccna-security-chapter-4-test-ccnas-v1-1/[11/1/2012 1:17:14 AM]

Chapter 6Chapter 7Chapter 8Chapter 9Chapter 10Final Exam

RANDOM TERMS

android computernamesk17i firmware 2 3 6how to connect testpc to cloud in gns3how to make packettracer 100%when windows 7 isconfigured toconnect to a remotevpn server it isreferred to as a

ports.

Which zone-based policy firewall zone is system-defined andapplies to traffic destined for the router or originating from therouter?

self zone

system zone

local zone

inside zone

outside zone

Refer to the exhibit. If a hacker on the outside network sends anIP packet with source address 172.30.1.50, destination address10.0.0.3, source port 23, and destination port 2447, what does theCisco IOS firewall do with the packet?

The packet is forwarded, and an alert is generated.

The packet is forwarded, and no alert is generated.

The initial packet is dropped, but subsequent packets areforwarded.

The packet is dropped.

Which two parameters are tracked by CBAC for TCP traffic butnot for UDP traffic? (Choose two.)

X.25 NetworkConversionBest Value for X.25-TCP/IP GatewaysSupports XOT, SVC,PVC, SNMP & LAPBwww.microtronix.com

Free CNA ExamQuestionsExam Questions PracticeFlash Cards MedicalAssistant VocabularyCardswww.cnatutor.org

CCNA ExamSimulator300+ challenging CCNAQuestions Only $19.95or Try it Freewww.MyPowerPass.com/

Free IPv6CertificationGet started in minutes!Become an IPv6 Guruipv6.he.net

DELE exampreparation95% pass rate. Smallgroups. Cervantesaccredited centerwww.madridplus.es

Answer CCNA Security Chapter 4 Test – CCNAS v1.1 | Invisible Algorithm

http://www.invialgo.com/2012/answer-ccna-security-chapter-4-test-ccnas-v1-1/[11/1/2012 1:17:14 AM]

source port

protocol ID

sequence number

destination port

SYN and ACK flags

What is the first step in configuring a Cisco IOS zone-basedpolicy firewall using the CLI?

Create zones.

Define traffic classes.

Define firewall policies.

Assign policy maps to zone pairs.

Assign router interfaces to zones.

Class maps identify traffic and traffic parameters for policyapplication based on which three criteria? (Choose three.)

access group

access class

policy map

protocol

interface pairs

subordinate class map

Answer CCNA Security Chapter 4 Test – CCNAS v1.1 | Invisible Algorithm

http://www.invialgo.com/2012/answer-ccna-security-chapter-4-test-ccnas-v1-1/[11/1/2012 1:17:14 AM]

Which statement describes the characteristics of packet-filteringand stateful firewalls as they relate to the OSI model?

Both stateful and packet-filtering firewalls can filter at theapplication layer.

A stateful firewall can filter application layer information, while apacket-filtering firewall cannot filter beyond the network layer.

A packet-filtering firewall typically can filter up to thetransport layer, while a stateful firewall can filter up to thesession layer.

A packet-filtering firewall uses session layer information to trackthe state of a connection, while a stateful firewall uses applicationlayer information to track the state of a connection.

For a stateful firewall, which information is stored in the statefulsession flow table?

TCP control header and trailer information associated with aparticular session

TCP SYN packets and the associated return ACK packets

inside private IP address and the translated inside global IPaddress

outbound and inbound access rules (ACL entries)

source and destination IP addresses, and port numbers andsequencing information associated with a particular session

What is a limitation of using object groups within an access controlentry?

It is not possible to append additional objects to a preexistingobject group.

It is not possible to delete an object group or make an objectgroup empty if the object group is already applied to an ACE.

Answer CCNA Security Chapter 4 Test – CCNAS v1.1 | Invisible Algorithm

http://www.invialgo.com/2012/answer-ccna-security-chapter-4-test-ccnas-v1-1/[11/1/2012 1:17:14 AM]

To append additional objects to a preexisting object group that isapplied to an ACE, the original object group must be removed usingthe no object group command, and then recreated and reapplied tothe ACE.

To append additional objects to a preexisting object group that isapplied to an ACE, the access control list must be removed usingthe no access-list command, and then reapplied.

When using CCP to apply an ACL, the administrator received aninformational message indicating that a rule was already associatedwith the designated interface in the designated direction. Theadministrator continued with the association by selecting themerge option. Which statement describes the effect of the optionthat was selected?

Two separate access rules were applied to the interface.

A new combined access rule was created using the new accessrule number. Duplicate ACEs were removed.

A new combined access rule was created using the new access rulenumber. Duplicate ACEs and overriding ACEs were highlighted toallow the administrator to make adjustments

The existing rule was placed in a preview pane to allow theadministrator to select specific ACEs to move to the new accessrule.

Which statement correctly describes how an ACL can be used withthe access-class command to filter vty access to a router?

It is only possible to apply a standard ACL to the vty lines.

An extended ACL can be used to restrict vty access based onspecific source addresses, destination addresses, and protocol.

An extended ACL can be used to restrict vty access based onspecific source and destination addresses but not on protocol.

Answer CCNA Security Chapter 4 Test – CCNAS v1.1 | Invisible Algorithm

http://www.invialgo.com/2012/answer-ccna-security-chapter-4-test-ccnas-v1-1/[11/1/2012 1:17:14 AM]

An extended ACL can be used to restrict vty access based onspecific source addresses and protocol but the destination canonly specify the keyword any.

To facilitate the troubleshooting process, which inbound ICMPmessage should be permitted on an outside interface?

echo request

echo reply

time-stamp request

time-stamp reply

router advertisement

Which command is used to activate an IPv6 ACL named ENG_ACLon an interface so that the router filters traffic prior to accessingthe routing table?

access-group ipv6_ENG_ACL in

access-group ipv6_ENG_ACL out

ipv6 access-class ENG_ACL in

ipv6 access-class ENG_ACL out

ipv6 traffic-filter ENG_ACL in

ipv6 traffic-filter ENG_ACL out

Which statement describes a typical security policy for a DMZfirewall configuration?

Traffic that originates from the outside interface is permitted totraverse the firewall to the inside interface with little or norestrictions.

Answer CCNA Security Chapter 4 Test – CCNAS v1.1 | Invisible Algorithm

http://www.invialgo.com/2012/answer-ccna-security-chapter-4-test-ccnas-v1-1/[11/1/2012 1:17:14 AM]

Traffic that originates from the DMZ interface is permittedto traverse the firewall to the outside interface with little orno restrictions.

Traffic that originates from the inside interface is generallyblocked entirely or very selectively permitted to the outsideinterface.

Return traffic from the outside that is associated with trafficoriginating from the inside is permitted to traverse from theoutside interface to the DMZ interface.

Return traffic from the inside that is associated with trafficoriginating from the outside is permitted to traverse from theinside interface to the outside interface.

When configuring a Cisco IOS zone-based policy firewall, whichtwo actions can be applied to a traffic class? (Choose two.)

log

hold

drop

inspect

copy

forward

Refer to the exhibit. Which statement describes the function ofthe ACEs?

These ACEs allow for IPv6 neighbor discovery traffic.

Answer CCNA Security Chapter 4 Test – CCNAS v1.1 | Invisible Algorithm

http://www.invialgo.com/2012/answer-ccna-security-chapter-4-test-ccnas-v1-1/[11/1/2012 1:17:14 AM]

These ACEs must be manually added to the end of every IPv6 ACLto allow IPv6 routing to occur.

These ACEs automatically appear at the end of every IPv6 ACL toallow IPv6 routing to occur.

These are optional ACEs that can be added to the end of an IPv6ACL to allow ICMP messages that are defined in object groupsnamed nd-na and nd-ns.

When implementing an inbound Internet traffic ACL, what shouldbe included to prevent the spoofing of internal networks?

ACEs to prevent HTTP traffic

ACEs to prevent ICMP traffic

ACEs to prevent SNMP traffic

ACEs to prevent broadcast address traffic

ACEs to prevent traffic from private address spaces

Which statement describes one of the rules governing interfacebehavior in the context of implementing a zone-based policyfirewall configuration?

An administrator can assign an interface to multiple securityzones.

An administrator can assign interfaces to zones, regardless ofwhether the zone has been configured.

By default, traffic is allowed to flow among interfaces thatare members of the same zone.

By default, traffic is allowed to flow between a zone memberinterface and any interface that is not a zone member.

Answer CCNA Security Chapter 4 Test – CCNAS v1.1 | Invisible Algorithm

http://www.invialgo.com/2012/answer-ccna-security-chapter-4-test-ccnas-v1-1/[11/1/2012 1:17:14 AM]

Refer to the exhibit. Which statement is true about the effect ofthis Cisco IOS zone-based policy firewall configuration?

The firewall will automatically drop all HTTP, HTTPS, and FTPtraffic.

The firewall will automatically allow HTTP, HTTPS, and FTP trafficfrom s0/0 to fa0/0 and will track the connections. Tracking theconnection allows only return traffic to be permitted through thefirewall in the opposite direction.

The firewall will automatically allow HTTP, HTTPS, and FTPtraffic from fa0/0 to s0/0 and will track the connections.Tracking the connection allows only return traffic to bepermitted through the firewall in the opposite direction.

The firewall will automatically allow HTTP, HTTPS, and FTP trafficfrom fa0/0 to s0/0, but will not track the state of connections. Acorresponding policy must be applied to allow return traffic to bepermitted through the firewall in the opposite direction.

The firewall will automatically allow HTTP, HTTPS, and FTP trafficfrom s0/0 to fa0/0, but will not track the state of connections. Acorresponding policy must be applied to allow return traffic to bepermitted through the firewall in the opposite direction.

As i did mention above, the answers given should be 100% correct.If you find and error, mistake or wrong answers which you havedoubt, please do comment below to share with all of us the correctanswer. Invisible Algorithm also do appreciate any new questions orlatest version of any test that you might want to share will allpeople. Do contact me for that purpose. Hopefully, everyone can

Answer CCNA Security Chapter 4 Test – CCNAS v1.1 | Invisible Algorithm

http://www.invialgo.com/2012/answer-ccna-security-chapter-4-test-ccnas-v1-1/[11/1/2012 1:17:14 AM]

get benefits from what we share.

Credit: This CCNA Security Chapter 4 Test is a contribution ofXase. All credits goes to him

This entry was posted in Data Network, Network Security and tagged 2012,Answer, CCNA Security, CCNA Security Chapter 4 Answer, CCNASecurity Chapter 4 Test, CCNAS Chapter 4 Test, CCNAS v1.1, Chapter4 Test, Solution, Solution CCNA Security Chapter 4 by InviAlgo. Bookmarkthe permalink.

Water Filter Equibase horse racing Cisco Ccna Access Classes

Leave a ReplyYour email address will not be published. Requiredfields are marked *

All

Notify me of followup

comments via e-mail. You

can also subscribe without commenting.

Name *

Email *

Website

Comment

Answer CCNA Security Chapter 4 Test – CCNAS v1.1 | Invisible Algorithm

http://www.invialgo.com/2012/answer-ccna-security-chapter-4-test-ccnas-v1-1/[11/1/2012 1:17:14 AM]

Search Invisible Algorithm:ccnas chapter 4, ccna security chapter 4, which zone-based policyfirewall zone is system-defined and applies to traffic destined for therouter or originating from the router?, ccna security v1 1 chapter4,Which statement describes the characteristics of packet-filtering andstateful firewalls as they relate to the OSI model?, which twoparameters are tracked by cbac for tcp traffic but not for udp traffic?(choose two ), Refer to the exhibit Which statement is true about theeffect of this Cisco IOS zone-based policy firewall configuration?, referto the exhibit if a hacker on the outside network sends an ip packetwith source address 172 30 1 50 destination address 10 0 0 3 sourceport 23 and destination port 2447 what does the cisco ios firewall dowith the packet?, ccnas chapter 4 answers, ccna chapter 4 testquestions