Home > CCNA – Security Questions

CCNA – Security Questions

March 23rd, 2015 Go to comments

Question 1

Explanation

We only enable PortFast feature on access ports (ports connected to end stations). But if someone does not know he can accidentally plug that port to another switch and a loop may occur when BPDUs are being transmitted and received on these ports.

With BPDU Guard, when a PortFast receives a BPDU, it will be shut down to prevent a loop -> D is correct.

Question 2

Explanation

We can verify whether port security has been configured by using the “show running-config” or “show port-security interface ” for more detail. An example of the output of “show port-security interface ” command is shown below:

show_port-security_interface.jpg

Question 3

Explanation

The full syntax of the second command is:

switchport port-security mac-address sticky [MAC]

If we don’t specify the MAC address (like in this question) then the switch will dynamically learn the attached MAC Address and place it into your running-configuration -> B is correct.

Question 4

Explanation

Please read the explanation at http://www.9tut.net/icnd2/icnd2-operations

Question 5

Explanation

Port security is only used on access port (which connects to hosts) so we need to set that port to “access” mode, then we need to specify the maximum number of hosts which are allowed to connect to this port -> C is correct.

Note: If we want to allow a fixed MAC address to connect, use the “switchport port-security mac-address ” command.

Question 6

Explanation

As we see in the output, the “Port Security” is in “Disabled” state (line 2 in the output). To enable Port security feature, we must enable it on that interface first with the command:

SwitchA(config-if)#switchport port-security

-> B is correct.

Also from the output, we learn that the switch is allowing 2 devices to connect to it (switchport port-security maximum 2) but the question requires allowing only PC_A to access the network so we need to reduce the maximum number to 1 -> D is correct.

Question 7

Explanation

Follow these guidelines when configuring port security:
+ Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports. -> A is not correct.
+ A secure port cannot be a dynamic access port.
+ A secure port cannot be a destination port for Switched Port Analyzer (SPAN).
+ A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group. -> D is not correct
+ You cannot configure static secure or sticky secure MAC addresses on a voice VLAN. -> B is not correct.
+ When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.
+ If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.
+ When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses.
+ The switch does not support port security aging of sticky secure MAC addresses.
+ The protect and restrict options cannot be simultaneously enabled on an interface.

(Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swtrafc.html#wp1038546)

Note: Dynamic access port or Dynamic port VLAN membership must be connected to an end station. This type of port can be configured with the “switchport access vlan dynamic” command in the interface configuration mode. Please read more about Dynamic access port here: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swvlan.html#wp1103064

Question 8

Explanation

One of the most widely deployed network security technologies today is IPsec over VPNs. It provides high levels of security through encryption and authentication, protecting data from unauthorized access.

Comments (46) Comments
Comment pages
1 12 13 14 1768
  1. Devanshu
    January 11th, 2018

    Hie there is anyone giving exam for CCSA Checkpoint please do contact me also we can help eachother out…

  2. Devanshu
    January 11th, 2018

    My mail is is devanshusolanki75 at gmail dot com

  3. BigRon
    January 13th, 2018

    First of all, this site has enabled me to become CCNA certified. I am A+, Network + and CCNA certified. I am scared because I have yet to fail a certification exam due to always over studying and making sure I understand in theory what I am doing. I am 53 years old, worked 23 years for the federal courts (small retirement coming soon), lost 3 houses, family, 100 grand in 401K savings, and the only hope I had left in my life was to rebuild or be standing on the corner with a sign. After I lost my job, my wife wanted a divorce, someone who I help get off welfare and start her own career. Today, my new wife and I make approx 170 grand a yr combined income and I do not have a degree (only certs), twice as much as me and my previous wife made. My question today is I have ordered the CCNA Security book, I have packet tracker and want to know any angles I need, including sims to pass this test. I want to always stay relevant.

  4. BigBilly
    January 13th, 2018

    First of all, this site has enabled me to become CCNA certified. I am A+, Network + and CCNA certified. I am scared because I have yet to fail a certification exam due to always over studying and making sure I understand in theory what I am doing. I am 53 years old, worked 23 years for the federal courts (small retirement coming soon), lost 3 houses, family, 100 grand in 401K savings, and the only hope I had left in my life was to rebuild or be standing on the corner with a sign. After I lost my job, my wife wanted a divorce, someone who I help get off welfare and start her own career. Today, my new wife and I make approx 170 grand a yr combined income and I do not have a degree (only certs), twice as much as me and my previous wife made. My question today is I have ordered the CCNA Security book, I have packet tracker and want to know any angles I need, including sims to pass this test. I want to always stay relevant.

  5. AtlantaBorn
    January 13th, 2018

    First of all, this site has enabled me to become CCNA certified. I am A+, Network + and CCNA certified. I am scared because I have yet to fail a certification exam due to always over studying and making sure I understand in theory what I am doing. I am 53 years old, worked 23 years for the federal courts (small retirement coming soon), lost 3 houses, family, 100 grand in 401K savings, and the only hope I had left in my life was to rebuild or be standing on the corner with a sign. After I lost my job, my wife wanted a divorce, someone who I help get off welfare and start her own career. Today, my new wife and I make approx 170 grand a yr combined income and I do not have a degree (only certs), twice as much as me and my previous wife made. My question today is I have ordered the CCNA Security book, I have packet tracker and want to know any angles I need, including sims to pass this test. I want to always stay relevant.

  6. Anonymous
    January 14th, 2018

    Hi Guys,
    I have got the latest CCNA Security 210-260 VCE Dump Files. Can you share the tool to view the VCE File and convert it into PDF.

  7. AtlantaBorn
    January 16th, 2018

    Hi AtlantaBorn,
    Take this advice from me, don’t use Packet Tracer for exam preparing. its limited and confuse. try to build a lap with the following:
    1- Use a good PC or Laptop with more than 8Gb ram, better is start with 16Gb.
    2- Install GNS3 and VMware with all appliances you need. such as ASAv and VMhost and Web_Java.
    3- build your 1st topology and start with (outside/inside/DMZ) network and go done to routers and switches and VM’s.
    4. practicing this you will have more and more experience and confident.

    vmware must be prepared with GNS3 vm, windows 7 and in short time you will need windows server vm and win10.

    GNS3 will give you all what you need to practise and be ready for real world.
    for ASAv cisco firewall check this out
    https://gns3.com/discussions/gns3-cisco-asa-and-asdm-config-4
    http://www.bernhard-ehlers.de/blog/2017/10/23/gns3-configure-asa-asdm.html

    Firewall is most important for CCNA security, so practice on it thru CLI and GUI.
    note: GNS3 some time take long time to prepared it but when you get it done you will be amaze.

  8. Anonymous
    January 19th, 2018

    Anyone with the latest CCNA Security 210-260 VCE Dump Files or PDF. Please share them with me on tonykarera @ gmail . com

  9. Akhi
    January 27th, 2018

    Hello All,

    Please help me to download the latest dump for CCNA security. If anyone of you has the latest dump please email me at {email not allowed})

  10. Akhi
    January 27th, 2018

    Please help me to download the latest dump for CCNA security. If anyone of you has the latest dump please email me at mcaakhi @ gm ail . co m

  11. Osilama
    February 2nd, 2018

    Good Moerning. Can I please have the latest CCNA Security Dumps sent to me. My email is aliuosilama @ gmail . com (remove the spaces). Thanks

  12. Anonymous
    February 5th, 2018

    can someone send me the newest dump randogs170 (@) yahoo . com

  13. CCNA Seeker
    February 7th, 2018

    Hello Guys, anyone have the CCNA security 210-260 IINS VCE Dump Files or PDF please chare. My eail is chrskantai at gmail dot com.

  14. Ahne
    February 7th, 2018

    Hi can anyone share please share latest security

    unga.bunga3196 (at) yahoo(dot)com

  15. Ombiaz
    February 12th, 2018

    Does anyone have the latest 210-260 dumps they could send me, please? {email not allowed}

  16. Ombiaz
    February 12th, 2018

    Does anyone have the latest 210-260 dumps they could send me please? Ombiaz2001 (@) yahoo.com

  17. Zacksnyder
    February 14th, 2018

    These guys have helped me pass the Cisco 300-206 Dumps PDF Implementing Cisco Edge Network Security Solutions exam in the first attempt. It was very hard for me to manage preparations along with my job and my new baby, which is why I was not at all fully prepared for the exam. Thanks to God Almighty that I passed the exam with an amazing 85% score on my first attempt. Once again, thank you very much guys, it couldn’t have been possible without your help.

  18. Gabriel
    February 19th, 2018

    Hi there!!!
    Thanks is advance.
    Can anyone please email me the latest PDF dumps?
    Thanks a lot

    gabrielkratosmiami (at) gmail (dot) com

  19. Anonymous
    February 19th, 2018

    Anyone with the latest CCNA Security 210-260 VCE Dump Files or PDF. Please share them with me on gabrielkratosmiami (at) gmail (dot) com

  20. Herry Potter
    February 20th, 2018

    Do you intend to take Cisco 300-206 Braindumps exam? Realbraindumps would be your best option to ensure you get Implementing Cisco Edge Network Security Solutions Certification easily. We have Best 300-206 Dumps Questions Answers to assist you in passing your exam successfully in first attempt. We also offer Free trial and Demo for our 300-206 Real Braindumps. They are all guaranteed by Famous Expert Professionals.

  21. Vlad
    February 21st, 2018

    Hi,
    Can enyone send me a book for CNA Security Study Guide: Exam 210-260 in PDF on mail pavlovic_vlado81@ y a h o o. com

    Thanks

  22. Anonymous
    February 28th, 2018

    Hi,
    Can anyone send me a dump for CNA Security Exam 210-260. my email is {email not allowed}

    Thanks

  23. Anonymous
    February 28th, 2018

    Hi,
    Can anyone send me a dump for CNA Security Exam 210-260. my email is parado_nix@
    y a h o o. com

    Thanks

  24. Anonymous
    February 28th, 2018

    Download 210-260 exam file question and answer dumps and are prepared from our study material. https://youtu.be/QU27LssU7ho

  25. biju
    March 11th, 2018

    Hi
    Can anyone send me a dump for CNA Security Exam 210-260. my email
    bijugems at gmail dot com

  26. un
    March 22nd, 2018

    is securitytut down for others as well?

  27. SecurityCrush
    March 22nd, 2018

    It was down but its up now!!!

  28. Niel
    March 27th, 2018

    Hi,
    Can anyone send me a dump for CNA Security Exam 210-260.
    {email not allowed}.
    Thanks in advance.

    Regards,
    Nirav.

  29. Niel
    March 27th, 2018

    Hi,
    Can anyone send me a dump for CNA Security Exam 210-260.
    nirav_lancer2002 at yahoo dot com.
    Thanks in advance.
    Regards,
    Nirav.

  30. loveyouciscoloveyoucisco
    March 28th, 2018

    Can anyone send me a dump for CCNA Security Exam 210-260 (loveyouciscoloveyoucisco @ g m a i l . c o m )
    thank you in advance
    regards
    Ichi Ichi

  31. Anonymous
    April 8th, 2018

    i need some one to guide me through out the cisco training,thanks and my email is {email not allowed}

  32. lauraccna
    April 9th, 2018

    Is there any configuration on this exam 210-260, like NTP on previous exams?

  33. Jahangir Alam
    April 9th, 2018

    passed on 9th April, 2018
    -some questions i can remember.
    Drag and drop question:
    drag drop question #1 answer is
    Put the following in Avoid ( Des, Md5)
    put the following in legacy (3des,sha-1,HMAC-MD5)
    Drag drop question #2 answer is
    put the following in insecure (des,md5)
    put the following in secure (3des,sha-1,hmac-md5)
    Something about distribution platform for BYOD.
    A. on prime
    B. cloud
    C. hybrid cloud
    D. dont remember
    ANSWER: AB
    What are characteristics of the Radius Protocol? choose Two

    A:Uses TCP port 49
    B:Uses UDP Port 49
    C:Uses TCP 1812/1813
    D:Uses UDP 1812/1813
    E:Comines authentication and authorization

    which command is to make sure that AAA authentication is configured and to make sure that user can access the exec level to configure?

    A.AAA Authentication enable default local
    B.AAA Authentication enable local
    C.AAA Authentication enable tacacs+ defualt
    D. ………….

    correct answer is : A
    What are two options for running Cisco SDM? (Choose two.)

    a. Running SDM from a router’s flash
    b. Running SDM from the Cisco web portal
    c. Running SDM from within CiscoWorks
    d. Running SDM from a PC

    the answer is A and D.

    Which statement about zone-based firewall configuration is true?

    A. Traffic is implicitly denied by default between interfaces the same zone
    B. Traffic that is desired to or sourced from the self-zone is denied by default
    C. The zone must be configured before a can be assigned
    D. You can assign an interface to more than one interface

    Correct Answer: C
    What are two challenges faced when deploying host-level IPS? (Choose Two)

    A. The deployment must support multiple operating systems.
    B. It does not provide protection for offsite computers.
    C. It is unable to provide a complete network picture of an attack.
    D. It is unable to determine the outcome of every attack that it detects.
    E. It is unable to detect fragmentation attacks.
    Which aaa accounting command is used to enable logging of the start and stop records for user terminal sessions on the router?

    A. aaa accounting network start-stop tacacs+
    B. aaa accounting system start-stop tacacs+
    C. aaa accounting exec start-stop tacacs+
    D. aaa accounting connection start-stop tacacs+
    E. aaa accounting commands 15 start-stop tacacs+

    Correct Answer: C
    QUESTION 20 Which IDS/IPS is used for monitoring system and something ?

    A. HIPS
    B. …
    C. …
    D. …

    Correct Answer: A
    what are the quantifiable things you would verify before introducing new technology in your company?

    A. exploit
    B. risk
    C. vulnerability
    D. virus

    Correct Answer: B
    QUESTION 13 Dos attack difficult to discover

    A. Syn-flood attack
    B. Peer-to-peer attacks
    C. Low-rate dos attack
    D. Trojan

    Correct Answer: C
    QUESTION 2 Phishing method on the phone.
    A.
    B. vishing
    C. phishing
    D. mishing

    Correct Answer: B

    New Question
    1. what is private key?
    2. what is PAT?

  34. mp20
    April 11th, 2018

    Hi everyone.

    Please send me an updated dump for the CCNA security
    my email is gundamwingproto0 at gmail dot com

    thank you

  35. Saumya
    April 12th, 2018

    Hello Everyone,
    Please send me CCNA Security dumps at {email not allowed}

    Thanks

  36. Saumya
    April 12th, 2018

    Hello Everyone,
    Please send me CCNA security dumps. My email address is : saumyashrivastava dot ss at gmail dot com
    Thanks

  37. Anonymous
    April 12th, 2018

    Can someone send me the ccna security 210 – 260 dumps at pratiksmt at gmail dot com

  38. Anonymous
    April 12th, 2018

    Can any one update us whats in the exam pls. Am about to take my exam next of next week pls guys. and where can i download the ASDM sim for practize

  39. Please send me a valid ccna security dump
    April 14th, 2018

    Please send me a valid ccna security dump omar . agrebi23 @ gmail .com

  40. milan
    April 17th, 2018

    Please can someone send me latest dums banjola @ gmail. com

  41. 0.0.0.0/32
    April 22nd, 2018

    hi guys

    please for me ccna security syllabus to colkuya “at” gmail.com

  42. Nono
    April 22nd, 2018

    Can someone send me latest valid ccna security dump : {email not allowed}
    To pass end of April.
    Thanks

  43. Umair
    April 24th, 2018

    Can anyone send me valid dumps?? muk-25 hotmail com
    TIA

  44. Rudy
    April 24th, 2018

    can someone please send me latest dump ccna security, my exam is next week friday. may 4th-2018
    rudtec2 at gmail dot com

  45. Anonymous
    April 25th, 2018

    Exact 31 Days Before I start practice for CCNA Security Exam. My CCNA coach Mr. James suggest me 210-260 dumps pdf. I practice all 210-260 exam questions available in this pdf and not only pass CCNA security exam in first attempt as well as get high marks. So I suggest all my friends this 210-260 braindumps to clear their exam in first try.

  46. farid
    April 25th, 2018

    Hi All

    Kindly send me latest CCNA security dumps .I have a exams in next week.My email: faridhashmi86 gmail.com

Comment pages
1 12 13 14 1768
Add a Comment