CCNA Security

CCNA Security practice exam

1. Name two security features which are used by both Cisco IOS firewall and ASA appliance

a. NAT
b. ACL
d. TCP mitigate

2. What type of firewall should be used to block packets originating from a specific source address.

a. Proxy firewalls
b. Packet filter firewalls
c. Application firewall
d. Personal firewall.

3. Which of the following protocols can be used effectively with stateful firewalls

a. http
b. ftp
c. telnet
d. All of the above

4. What type of firewall should be used for protection against web based attacks on a network server

a. Application firewall
b. Packet filter firewall
c. Stateful firewall
d. None of the above.

5. Which feature can be used to mitigate Cam overflows on a switch

b. ACL
c. Cam security
d. Port-security

6. How many keys are used in asymmetric encryption technology between two peers

a. 1
b. 2
c. 3
d. 4

7. Which IPSEC protocol does not encrypt the data which is sent from the sender to receiver.

a. IKE
b. AH
c. ESP
d. MD5


1. A&B – Both NAT and ACL’s are available on both platforms

2. B – Packet filter firewalls can be used for the purpose. Cisco IOS firewall with standard ACL can be used.

3. D- All of them can be used. Every protocol in the list uses TCP which can be used in a stateful firewalling environment

4. C – Web based attacks are based on applications like http, ftp. So firewalls which are aware of application layer threats should be used.

5. D – Port security can be configured to restrict the number of allowed mac-addresses on a switch port which would act as defense for cam overflows.

6. D – The sender uses a private / public key pair and the reciever uses another private/public key pair, which makes the total 4.

7. B – AH does encrypt the contents of data exchanged between IPSEC peers

Video Course – CCNA Security Real World Labs – Cisco ASA, Network Security