Certification Exam Prep Questions For Cisco Certified Network Associate
QuickStart is now offering assessment questions for Cisco Certified Network Associate. Whether you are deciding which exam to sign up for, or simply want to practice the materials necessary to complete certification for this course, we have provided a practice assessment to better aid in certification. 100% of the questions are real questions; from a recent version of the test you will take forCisco Certified Network Associate
If the next hop specified is the IP address of a neighboring router, what is the (default) administrative distance of a static route?
An IPv4address is comprised of how many bits?
Which of the following are classless protocols?(Select 3 answers)
How many subnets and hosts per subnet are possible with 172.16.1.0 as the network address with 255.255.255.224 as the subnet mask?
- A. 30 hosts per subnet and 8 subnets
-
Correct!
- B. 30 hosts per subnet and 32 subnets
-
Incorrect.
- C. 64 hosts per subnet and 8 subnets
-
Incorrect.
- D. 8 hosts per subnet and 30 subnets
-
Incorrect.
IPv4 and IPv6 use how many bits for addressing?
Cisco Next Generation Intrusion Prevention System (NGIPS) devices include global correlation capabilities that utilize real-world data from Cisco Talos. To leverage global correlation in blocking traffic, what should be configured on the NGIPS?
- A. Reputation filtering
-
Correct!
- B. Policy-based IPS
-
Incorrect.
- C. Signature-based IPS
-
Incorrect.
- D. Anomaly-based IPS
-
Incorrect.
Which of the following tool or method can be used to validate the identity of other organizations based on their domain name when receiving and sending email?
Cisco offers a cloud-based service for IPS correlation. What is this service better known as?
Network Address Translation (NAT) offers translation of addresses from internal addresses (private) to external address (public) space. Which form of NAT offers multiple inside devices communication with the Internet, yet optimizes the number of global addresses required?
Cisco WSA can be deployed in which two modes?(Select 2 answers)
- A. Standalone
-
Incorrect.
- B. Combined proxy
-
Incorrect.
- C. Transparent proxy
-
Correct!
- D. Explicit proxy
-
Correct!
In an organization dealing with financial transactions, as a result of a latest risk assessment exercise, the recommendation is to upgrade the perimeter security at the data center. The cost of upgrading security is inline with the security budget, and the organization’s stakeholders have decided go ahead with the recommendation. Which risk control best describes the decision taken by the stakeholders?
- A. Transfer the risk
-
Incorrect.
- B. Avoid the risk
-
Incorrect.
- C. Mitigate the risk
-
Correct!
- D. Accept the risk
-
Incorrect.
CIA triad defines the cornerstone for information security. Which of the following constitutes the CIA triad?
- A. Coincidence, integrity, availability
-
Incorrect.
- B. Confidentiality, integrity, avoidance
-
Incorrect.
- C. Confidentiality, instinct, availability
-
Incorrect.
- D. Confidentiality, integrity, availability
-
Correct!
As a result of the latest risk assessment exercise, an organization that deals with financial transactions receives the recommendation to upgrade access security at the data center. The cost of upgrading security, however, outweighs the cost to benefit factor, and the organization’s stakeholders have decided not to go ahead with the recommendation. Which of the following options describes the decision taken by the stakeholders?
- A. Transfer the risk
-
Incorrect.
- B. Avoid the risk
-
Incorrect.
- C. Mitigate the risk
-
Incorrect.
- D. Accept the risk
-
Correct!
What is the process of removing superfluous programs and/or services installed on an operating system (OS) known as?
- A. Patching
-
Incorrect.
- B. Exploit scanning
-
Incorrect.
- C. Vulnerability management
-
Incorrect.
- D. Hardening
-
Correct!
What best describes the situation where there is a probability of adverse effects from an apparent threat?
Who is ultimately responsible for the security of data?
- A. The data custodian
-
Incorrect.
- B. Executives and Senior Management
-
Correct!
- C. Chief Information Security Officer (CISO)
-
Incorrect.
- D. InfoSec auditor
-
Incorrect.
Which of the following Mandatory Access Control (MAC) labels is appropriate for ordinarily available data?
What does CER, FAR, and FRR in the following figure signify?
What type of security controls are used to thwart possible threats and attacks, even before they can be realized by the perpetrator?
What type of access control allows the owner of a file to grant other users access to it using an access control list?
- A. Role based
-
Incorrect.
- B. Nondiscretionary
-
Incorrect.
- C. Attribute based
-
Incorrect.
- D. Discretionary
-
Correct!
Which of the following are commercially available Security Incident and Event Management (SIEM) systems?
- C. NetApp, Cisco Prime, Log Rhythm, NetIQ, Google Chromium
-
Incorrect.
What type of PKI trust model is portrayed by following figure?
An organization wants to set up the wireless network using Cisco gear. The IT director wants to leverage the existing database for authenticating internal users. Which authentication mechanisms can be used to set up secure authentication and allow leveraging Single Sign-On (SSO) for a wireless network?(Select 2 answers)
Security Assertion Markup Language (SAML) is most commonly used in cloud and web-based environments. In the context of SSO capability, which of the following statements is true?
- A. SAML with SSO is used to authorize a specific subject
-
Incorrect.
- C. SAML with SSO exchanges UDP protocol messages
-
Incorrect.
Which of the following is based on a client/server protocol aimed to allow network access servers to authenticate remote and local users by sending access request messages to a central server?
Which of the following statements correctly describes the functions of CRL and OCSP in the context of revocation of certificate(s)?
- C. CRL is an efficient approach compared to OCSP.
-
Incorrect.
In an organization, a CA has been deployed with multiple subordinate CAs. What would be the best PKI trust model to be adopted by this organization?
What PKI model does the following figure signify?
- A. Meshed
-
Incorrect.
- B. Bridged
-
Incorrect.
- C. Hierarchical
-
Correct!
- D. This is not a valid PKI trust model.
-
Incorrect.
In a PKI setup, which of the following operations are accurate?
- A. The CA creates and signs the certificate.
-
Correct!
- B. The user creates the certificate, and the CA signs it.
-
Incorrect.
- C. The user signs the certificate after the CA creates it
-
Incorrect.
Which of the following are most commonly used protocols or mechanisms to protect data in motion?
- A. TLS, IPsec, HTTPS, FTP
-
Incorrect.
- B. SSL, TLS, IPsec, HTTPS
-
Correct!
- C. HTTPS, FTPS, IPsec, Telnet
-
Incorrect.
- D. IPsec, HTTP, SSL, TLS
-
Incorrect.
- Home
- Cisco Certified Network Associate
Cisco Certified Network Associate
More Information:
- Learning Style: On Demand
- Learning Style: Practice Exam
- Difficulty: Beginner
- Course Duration: 1 Hour
- Course Info: Download PDF
- Certificate: See Sample
Contact a Learning Consultant
Need Training for 5 or More People?
Customized to your team's need:
- Annual Subscriptions
- Private Training
- Flexible Pricing
- Enterprise LMS
- Dedicated Customer Success Manager
Course Information