CCNA SECURITY

Description

CCNA (Security) Interview Q & A Vol 1.0

Questions 50

Check the complete list of questions:

1. What is the difference between IPS and a firewall?
2. What is meant by Annual Loss expectancy? How is ALE calculated?
3. What is the difference between IPS and a firewall?
4. Which of the following is the global configuration mode command to encrypt any plaintext passwords in a Cisco configuration?
5. What is difference between Tacacs and Tacacs+?
6. When an IPsec VPN tunnel is configured, how does the router determine what traffic is to traverse the VPN tunnel?
7. Which IPsec protocol does both encryption and authentication?
8. If you were working in the IOS command – line interface and needed to check on the status of a VPN tunnel, what command would you enter?
9. What is the “peer address “when discussing a VPN tunnel?
10. What is split tunneling?
11. Name a debug command that’s commonly used when troubleshooting VPN connectivity.
12. What is the name of the set of both the encryption algorithm and the integrity protocol used in the crypto map?
13. What purpose does the preshared key serve?
14. What minimum key length is recommended when implementing asymmetric encryption?
15. What is difference between asymmetric and Symmetric encryption?
16. What is the most widely used standard for digital certificates?
17. What is the main use for asymmetric encryption?
18. What is IP Spoofing?
19. What is the Public Key Encryption?
20. What is Worm?
21. Define the term DMZ as it pertains to network security, and name 4 different common network devices that are typically found there?
22. What are major components of IOS Firewall Set?
23. What is CIA?
24. What are the meaning of threat, vulnerability, and risk?
25. What protocol is responsible to synchronize clocks in a network using syslog?
26. Which one of the following is the port used in NTP?
27. Which CLI command is similar to the SDM One-Step Lockdown wizard?
28. What is difference between networks based Firewall and host based Firewall?
29. What is difference between VPN and proxy?
30. What global configuration command secures the startup configuration from being erased from NVRAM?
31. There are two protocols used by the SDM to retrieve IPS alerts from an ISR. What are these protocols?
32. What should be done with services that are not being used on devices? This is a best practice under attack mitigation.
33. Which IOS command is used to verify that Cisco IOS images have been properly backed up?
34. What is difference between Router and Firewall?
35. What are the 2 types of Object groups in Cisco ASA?
36. What global config command takes a copy of the running config and securely archives it in storage?
37. When does an IDS react to an attack?
38. What software utility stealthily scans and sweeps to identify services running on systems in a specified range of IP addresses?
39. What IOS command shows real-time detailed information about IKE Phase 1 and IKE Phase 2 negotiations?
40. How do you check the status of the tunnel’s phase 1 & 2?
41. What product can be considered to be part of the threat containment architecture?
42. What is SSL and why is it not enough when it comes to encryption?
43. What is the difference between encryption and hashing?
44. What is Site to Site and remote access VPN?
45. How is traditional firewall different from Next generation Firewall?
46. What components are required for a PKI to be successful?
47. Which are examples of asymmetric encryption algorithms?
48. What do we call a computer virus that combines several different technologies?
49. You’ve just configured a VPN tunnel with a remote site. When looking at the output from the show crypto isakmp sa, you notice the message MM_NO_STATE . What might be the probable problem?
50. Which modes encrypts the entire packet and adds a new header for IPsec?