CCNP SECURITY

Description

CCNP Security Interview Q&A Vol 1.0

Questions 50

Check the complete list of questions:

1. What is VPN?
2. Which functions can be performed with the “packet-tracer” command in ASA?
3. What does Cisco ISE stands for?
4. When configuring policy-based NAT, which type of access control list should be configured to match both the source and destination IP addresses?
5. Which command encrypts all the password on a Cisco device?
6. What are the pre-requisites for configuring IP SSH version 2 on a Cisco device?
7. What is DMZ?
8. Describe the functionality of product Cisco ISE?
9. What are the three Violation Actions?
10. What are the two modes in which Cisco ASA can be configured?
11. Which command is the first that you enter to check whether or not ASDM is installed on the ASA?
12. Which two features does Cisco Security Manager provide?
13. Your company is replacing a high-availability pair of Cisco ASA 5550 firewalls with the newer Cisco ASA 5555X models. Due to budget constraints, one Cisco ASA 5550 will be replaced at a time. Can 5550 and 5555x firewall be setup in failover mode?
14. Which kind of Layer 2 attack targets the STP root bridge election process and allows an attacker to control the flow of traffic?
15. A switch is being configured at a new location that uses statically assigned IP addresses. Which will feature ensure that ARP inspection works as expected?
16. At which level does firewall severity level will debugs appear on a Cisco ASA?
17. A network printer has a DHCP server service that cannot be disabled. How can a layer 2 switch be configured to prevent the printer from causing network issues?
18. You have installed a web server on a private network. Which type of NAT must you implement to enable access to the web server for public Internet users?
19. What happens when violation mode is set to Shutdown?
20. Which ISE feature is used to facilitate a BY0D deployment?
21. Which RADIUS attribute is used primarily to differentiate an IEEE 802.1x request from a Cisco MAB request?
22. After an endpoint has completed authentication with MAB, a security violation is triggered because a different MAC address was is detected. Which host mode must be active on the port?
23. Which CLI command is used to register a Cisco FirePOWER sensor to Firepower Management Center?
24. What is penetration attack?
25. What are stateful inspection firewalls?
26. What is Site-to-Site VPN?
27. What is Remote-Access VPN?
28. What is Signature Based Detection?
29. Which Switchport security violation occurs if it comes to MAC address?
30. What is Half Open TCP Connection?
31. Which VPN would be established in below mentioned diagram?
32. What happens when violation mode is set to protect?
33. What is EtherType ACL?
34. What are Time-based ACLs?
35. What are the two different type of time restrictions in time-based ACLs?
36. Which NAT/PAT type example is implemented in below diagram?
37. What NAT/PAT type example is implemented in below diagram?
38. Explain Anomaly-based Intrusion Detection System?
39. Which devices can be managed by Cisco Security Manager?
40. What are the two modes in which Cisco ASA Firewall can be configured?
41. In what scenario would you configure twice NAT?
42. Which command can you use to verify access-list implemented on all interfaces in Cisco ASA?
43. What can be configured to mitigate ARP poisoning attacks?
44. The Cisco ASA 5500-X Series Next-Generation Firewalls provide four main remote access protocols to access the adaptive security appliance management functions. Name them?
45. What does AAA stands for?
46. Define the usage and purpose of AAA?
47. What are Security Contexts in ASA?
48. What is the System Execution Space in ASA when it comes to multiple contexts?
49. Which command enables the multiple-context mode on the Cisco ASA?
50. What is the difference between Site-to-Site VPN and Remote-Access VPN?