Home > Security Questions

Security Questions

October 27th, 2017 Go to comments

Question 1

Question 2


The service password-encryption command will encrypt all current and future passwords so any password existed in the configuration will be encrypted.

Question 3


Usually we enter a command like this:

username bill password westward

And the system display this command as follows:

username bill password 7 21398211

The encrypted version of the password is 21398211. The password was encrypted by the Cisco-defined encryption algorithm, as indicated by the “7”.
However, if you enter the following command: “username bill password 7 21398211”, the system determines that the password is already encrypted and performs no encryption. Instead, it displays the command exactly as you entered it.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfpass.html#wp1001412

Question 4

Question 5

Question 6


This configuration will let someone telnet to that router without the password (so the line “password c1sco” is not necessary).

Question 7


TACACS+ is an AAA protocol developed by Cisco. TACACS+ separates the authentication, authorization, and accounting steps. This architecture allows for separate authentication solutions while still using TACACS+ for authorization and accounting. For example, it is possible to use the Kerberos Protocol for authentication and TACACS+ for authorization and accounting. After an AAA client passes authentication through a Kerberos server, the AAA client requests authorization information from a TACACS+ server without the necessity to re-authenticate the AAA client by using the TACACS+ authentication mechanism.

Authentication and authorization are not separated in a RADIUS transaction. When the authentication request is sent to a AAA server, the AAA client expects to have the authorization result sent back in reply.

Reference: http://www.cisco.com/c/dam/en/us/products/collateral/security/secure-access-control-server-windows/prod_white_paper0900aecd80737943.pdf

Question 8


802.1x is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN.

Question 9


TACACS+ (and RADIUS) allow users to be authenticated against a remote server -> E is correct.

TACACS+ encrypts the entire body of the packet but leaves a standard TACACS+ header -> C is correct.

TACACS+ supports access-level authorization for commands. That means you can use commands to assign privilege levels on the router -> F is correct.


By default, there are three privilege levels on the router.
+ privilege level 1 = non-privileged (prompt is router>), the default level for logging in
+ privilege level 15 = privileged (prompt is router#), the level after going into enable mode
+ privilege level 0 = seldom used, but includes 5 commands: disable, enable, exit, help, and logout

Question 10


There are three authentication and authorization modes for 802.1x:
+ Monitor mode
+ Low impact mode
+ High security mode

Monitor mode allows for the deployment of the authentication methods IEEE 802.1X without any effect to user or endpoint access to the network. Monitor mode is basically like placing a security camera at the door to monitor and record port access behavior.

With AAA RADIUS accounting enabled, you can log authentication attempts and gain visibility into who and what is connecting to your network with an audit trail. You can discover the following:
+ Which endpoints such as PCs, printers, cameras, and so on, are connecting to your network
+ Where these endpoints connected
+ Whether they are 802.1X capable or not
+ Whether they have valid credentials
+ In the event of failed MAB attempts, whether the endpoints have known, valid MAC addresses

Monitor mode is enabled using 802.1X with the open access and multiauth mode Cisco IOS Software features enabled, as follows:
sw(config-if)#authentication open
sw(config-if)#authentication host-mode multi-auth

For more information about each mode, please read this article: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/Phased_Deploy/Phased_Dep_Guide.html

Question 11


All other answers are not recommended for a network security plan so only B is the correct answer.

Question 12


The “enable secret” password is always encrypted (independent of the “service password-encryption” command) using MD5 hash algorithm.

Note: The “enable password” does not encrypt the password and can be view in clear text in the running-config. In order to encrypt the “enable password”, use the “service password-encryption” command. In general, don’t use enable password, use enable secret instead.

Comments (24) Comments
  1. Leaks
    February 21st, 2017

    New Update, My student passed today. Latest 100% VALID CCNA Security 210-260 Exam Questions Dumps at below page including all labs in Packet Tracer format. Working VCE player also included in package
    INSTANT Download at below page:


  2. datsmyaggro@yahoo.com
    March 13th, 2017

    looking for the latest dumps for CCNA Security Certification. Looking to take the test soon. Thanks.

    email is the name

  3. SlimShaddy
    March 23rd, 2017

    How come exec mode user privilage is achieved by setting privilage to 1 in the indicated answer A for question 3? Can someone explain please?

  4. jojo
    May 24th, 2017

    Question 14. Really SSH? because ssh is used for secure remote login to device, not for encrypted traffic. SSH doesnt carry data. I would say VPN – see http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/14106-how-vpn-works.html

  5. froggen
    June 8th, 2017

    @jojo Q14 is a bad question for the CCNA. SSH is capable of tunneling traffic over a leased line. Putting a VPN into a Leased Line would be like putting a tunnel into an already existing tunnel.

  6. Becky
    June 29th, 2017

    How come the following statement:
    device-administration packets are encrypted in their entirely

    is true in Q9 but false in Q1.

  7. Josiah
    June 30th, 2017

    Passed today, Labs are same as the one here. Questions were all from this dumps https://twitter.com/premiumdumps1/status/873975372563566594

  8. osman
    July 4th, 2017

    i need ccna security dumps please share it here. my exam in august.

  9. @Anon
    July 9th, 2017

    User EXEC mode — privilege level 1
    Privileged EXEC mode — privilege level 15


  10. aleon
    August 23rd, 2017


    in question 3 it says “configure a local username with an encrypted password and EXEC mode user privileges”

    and you elected option A, but if it says in the reference that if you type the kind of password as A the system consider the password allready encrypted, isnt the answer B?

  11. Anonymous
    September 8th, 2017

    There is a new question with drag and drop regarding TACACS+ and RADIUS, with 2 answers each:

    TACACS+ had something like: – port on which operates;
    – TACACS+ encrypts the entire body of the packet but leaves a standard header
    RADIUS: – RADIUS encrypts only the password and the rest of the packet is unencrypted.
    – RADIUS uses UDP

    I hope it helps at something.

  12. anon
    September 10th, 2017

    Q3. Explanation does not match question.

    Answer supposedly is A but I think it is D.

  13. Mack
    October 6th, 2017

    For all of you looking for the dumps, I used this ones and they were good enough https://drive.google.com/open?id=0B5mAFqgydmCzUWJPTTFkemFuQTA

    good luck

  14. noney12
    November 17th, 2017

    question 3 relevant piece is “with an encrypted password”
    the only relevant answer contains “password 7 [encrypted password]”
    exec level is irrelevant and a distraction

  15. fujitsu sakamura
    November 22nd, 2017

    searching for the latest dumps + vce simulator. 210-260 many thanks. email: {email not allowed}

  16. mohamed
    December 6th, 2017

    if anybody wants anything for the exam 300-210 send me mail

  17. nick
    December 18th, 2017

    please I would be writing my ccna 200-125 exam soon. pls any latest dump would be most appreciated. email waley azeez at gmail dot com.

  18. Dekker
    March 8th, 2018

    i can not see the questions. Why is that?

  19. T
    May 23rd, 2018

    Is there a way to subscribe for CCNA security only? I dont find the subsciption option on the CCNA security website? I love these dumps

  20. Cesar
    July 23rd, 2018

    Why is the answer “B” not correct?
    Please help me

  21. mirzaumar8714@yahoo.com
    July 24th, 2018

    Ccna security updated dump’ required plz ?

  22. Elias
    September 19th, 2018

    guys im about to write my ccna secutity so pls help with the website for dumps

  23. Anonymous
    October 21st, 2018

    can someone explain the question Q1?

Add a Comment