Check answers here:
Modules 20 – 22: ASA Group Exam Answers Full
Quiz-summary
0 of 21 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
Information
Network Security (Version1.0) Modules 20 – 22: ASA Group Test Online
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 21 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Average score |
|
Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- Answered
- Review
-
Question 1 of 21
1. Question
1 pointsA network analyst wants to monitor the activity of all new interns. Which type of security testing would track when the interns sign on and sign off the network?Correct
Incorrect
Hint
An integrity checking system can report login and logout activities. Network scanning can detect user names, groups, and shared resources by scanning listening TCP ports. Password cracking is used to test and detect weak passwords. Vulnerability scanning can detect potential weaknesses in a system, such as misconfigurations, default passwords, or DoS attack targets. -
Question 2 of 21
2. Question
1 pointsWhat are three characteristics of SIEM? (Choose three.)Correct
Incorrect
Hint
Security Information Event Management (SIEM) is a technology that provides real-time reporting and long-term analysis of security events. SIEM provides the ability to search logs and events from disparate systems or applications to detect threats. SIEM aggregates duplicate events to reduce the volume of event data. SIEM can be implemented as software or as a managed.service. SuperScan is a Microsoft Windows port scanning tool that runs on most versions of Windows.Tools, such as Nmap and SuperScan, can provide effective penetration testing on a network and determine network vulnerabilities while helping to anticipate possible attack mechanisms. -
Question 3 of 21
3. Question
1 pointsWhat testing tool is available for network administrators who need a GUI version of Nmap?Correct
Incorrect
Hint
Nmap and Zenmap are low-level network scanners available to the public. Zenmap is the GUI version of Nmap. SuperScan is a Microsoft port scanning software that detects open TCP and UDP ports on systems. Nessus can scan systems for software vulnerabilities. SIEM is used to provide real-time reporting of security events. -
Question 4 of 21
4. Question
1 pointsWhat is the goal of network penetration testing?Correct
Incorrect
Hint
There are many security tests that can be used to assess a network. Penetration testing is used to determine the possible consequences of successful attacks on the network. Vulnerability scanning can detect potential weaknesses in systems. Password cracking can detect weak passwords. Integrity checkers can detect and report configuration changes. -
Question 5 of 21
5. Question
1 pointsHow does network scanning help assess operations security?Correct
Incorrect
Hint
Network scanning can help a network administrator strengthen the security of the network and systems by identifying open TCP and UDP ports that could be targets of an attack. -
Question 6 of 21
6. Question
1 pointsWhat are three characteristics of the ASA routed mode? (Choose three.)Correct
Incorrect
Hint
Routed mode is the traditional mode for deploying a firewall where there are two or more interfaces that separate Layer 3 networks. The ASA is considered to be a router hop in the network and can perform NAT between connected networks. Routed mode supports multiple interfaces. Each interface is on a different subnet and requires an IP address on that subnet. -
Question 7 of 21
7. Question
1 pointsIn which two instances will traffic be denied as it crosses the ASA 5505 device? (Choose two.)Correct
Incorrect
Hint
When an ASA 5505 device is being utilized, traffic is denied as it travels from a lower security zone to a higher security zone. The highest security zone is the internal network, the DMZ is usually the next highest, and the outside network is the lowest. Traffic is only allowed to move from a lower security level to a higher if it is in response to originating traffic within the higher security zone. -
Question 8 of 21
8. Question
1 pointsRefer to the exhibit. Based on the security levels of the interfaces on the ASA, what statement correctly describes the flow of traffic allowed on the interfaces?Correct
Incorrect
Hint
When traffic moves from an interface with a higher security level to an interface with a lower security level, it is considered outbound traffic. Conversely, traffic that moves from an interface with a lower security level to an interface with a higher security level is considered inbound traffic. -
Question 9 of 21
9. Question
1 pointsRefer to the exhibit. A network administrator is configuring the security level for the ASA. Which statement describes the default result if the administrator tries to assign the Inside interface with the same security level as the DMZ interface?Correct
Incorrect
Hint
Multiple interfaces in an ASA can be assigned the same security level. To allow connectivity between interfaces with the same security levels, the same-security-traffic permit inter-interface global configuration command is required. Traffic from the higher level network to the lower level network is allowed by default. However, traffic initiated on the lower level network is denied access to the higher level network by default. -
Question 10 of 21
10. Question
1 pointsWhat can be configured as part of a network object?Correct
Incorrect
Hint
There are two types of objects that can be configured on the Cisco ASA 5505: network objects and service objects. Network objects can be configured with an IP address and mask. Service objects can be configured with a protocol or port ranges. -
Question 11 of 21
11. Question
1 pointsWhat is the function of a policy map configuration when an ASA firewall is being configured?Correct
Incorrect
Hint
Policy maps are used to bind class maps with actions Class maps are configured to identify Layer 3 and 4 traffic. Service policies are configured to attach the policy map to an interface. -
Question 12 of 21
12. Question
1 pointsWhat is the purpose of configuring an IP address on an ASA device in transparent mode?Correct
Incorrect
Hint
An ASA device configured in transparent mode functions like a Layer 2 device and does not support dynamic routing protocols, VPNs, QoS, or DHCP. -
Question 13 of 21
13. Question
1 pointsWhich license provides up to 50 IPsec VPN users on an ASA 5506-X device?Correct
Incorrect
Hint
The ASA 5506-X commonly has a pre-installed Base license that has the option to upgrade to the Security Plus license. The Security Plus license supports a higher connection capacity and up to 50 IPsec VPN users. -
Question 14 of 21
14. Question
1 pointsWhat mechanism is used by an ASA device to allow inspected outbound traffic to return to the originating sender who is on an inside network?Correct
Incorrect
Hint
Stateful packet inspection allows return traffic that is sourced on the outside network to be received by the originating sender on the internal network. -
Question 15 of 21
15. Question
1 pointsWhen configuring interfaces on an ASA, which two pieces of information must be included? (Choose two.)Correct
Incorrect
Hint
When configuring an ASA, each operational interface must have a name and a security level from 0 (lowest) to 100 (highest) assigned. -
Question 16 of 21
16. Question
1 pointsRefer to the exhibit. A network administrator is verifying the security configuration of an ASA. Which command produces the exhibited output?Correct
Incorrect
Hint
Use the show interface ip brief command to verify IP address assignment and interface status on an ASA. -
Question 17 of 21
17. Question
1 pointsWhat interface configuration command is used on an ASA to request an IP address from an upstream DSL device?Correct
Incorrect
Hint
Configuring IP addresses on interfaces can be done manually using the ip address command. It can also be accomplished by using DHCP when an interface is connecting to an upstream device providing DHCP services. PPPoE is used when an interface is connecting to an upstream DSL device providing point-to-point connectivity over Ethernet services. The dhcpd address IP_address1 [ -IP_address2 ] if_name command is used to establish the IP address pool on a DHCP server. -
Question 18 of 21
18. Question
1 pointsRefer to the exhibit. What kind of NAT is configured on the ASA device?Correct
Incorrect
Hint
From the configuration, the source of IP address translation is the subnet 192.168.5.0/27 and the mapped address is the outside interface. This is an example of dynamic PAT. Dynamic NAT, dynamic PAT, and static NAT are referred to as “network object NAT” because the configuration requires network objects to be configured. Twice NAT identifies both the source and destination address in a single rule ( nat command), and it is used when configuring remote-access IPsec and SSL VPNs. -
Question 19 of 21
19. Question
1 pointsWhat is the purpose of the Tripwire network testing tool?Correct
Incorrect
Hint
The Nesus tool provides remote vulnerability scanning that focuses on remote access, password misconfiguration, and DoS against the TCP/IP stack. L0phtcrack provides password auditing and recovery. Metasploit provides information about vulnerabilities and aids in penetration testing and IDS signature development. -
Question 20 of 21
20. Question
1 pointsA network analyst is testing the security of the systems and networks of a corporation. What tool could be used to audit and recover passwords?Correct
Incorrect
Hint
Some of the software tools that can be used to perform network testing include:- SuperScan – port scanning software designed to detect open TCP and UDP ports and to determine what services are running on those ports
- Nessus – vulnerability scanning software that focuses on remote access, misconfigurations, and DoS against the TCP/IP stack
- L0phtCrack – a password auditing and recovery application
- Metasploit – provides information about vulnerabilities and aids in penetration testing and IDS signature development
-
Question 21 of 21
21. Question
1 pointsIn which two instances will traffic be denied as it crosses the ASA 5506-X device? (Choose two.)Correct
Incorrect
Hint
When an ASA 5506-X device is being utilized, traffic is denied as it travels from a lower security zone to a higher security zone. The highest security zone is the internal network, the DMZ is usually the next highest, and the outside network is the lowest. Traffic is only allowed to move from a lower security level to a higher if it is in response to originating traffic within the higher security zone.