Drag and Drop Questions
Here you will find answers to Drag and Drop Questions
Notice: In the exam, some Drag and Drop Questions may be represented as multiple-choice questions.
Question 1
On the basis of the description of SSL-based VPN, place the correct descriptions in the proper locations.
Answer:
+ The authentication process uses hashing technologies.
+ Asymmetric algorithms are used for authentication and key exchange.
+ Symmetric algorithms are used for bulk encryption.
Question 2
Which three common examples are of AAA implementation on Cisco routers? Please place the correct descriptions in the proper locations.
Answer:
+ performing router commands authorization using TACACS+
+ authenticating remote users who are accessing the corporate LAN through IPSec VPN connections
+ authenticating administrator access to the router console port, auxiliary port, and vty ports
Question 3
Drag two characteristics of the SDM Security Audit wizard on the above to the list on the below.
Answer:
+ requires users to first identify which router interfaces connect to the inside network and which connect to the outside network
+ displays a screen with Fix-it check boxes to let you choose which potential security-related configuration changes to implement
Question 4
On the basis of the Cisco IOS Zone-Based Policy Firewall, by default, which three types of traffic are permitted by the router when some interfaces of the routers are assigned to a zone?
Drag three proper characterizations on the above to the list on the below.
Answer:
+ traffic flowing among the interfaces that are members of the same zone
+ traffic flowing among the interfaces that are not assigned to any zone
+ traffic flowing to and from the router interfaces (the self zone)
Question 5
Drag three proper statements about the IPsec protocol on the above to the list on the below.
Answer:
Three correct statements are:
+ IPsec is a framework of open standards.
+ IPsec ensures data integrity by using checksums.
+ IPsec authenticates users and devices that can carry out communication independently.
got exam on 1st of oct. hope I pass.
1st of October too. thanks a million tut
Good luck! Don’t forget to comment this at 2nd october
Q.4 .. The answer is wrong. It must be the first 3 options.
Refer to OFFICIAL EXAM GUIDE by Kevin Wallace & Michael Watkins.
Pg. 376. Below Fig 10.24 . Return traffic is always allowed by default, whether a policy is configured or not!!
And , btw, when you configure a zone based firewall, all traffic FROM the self zone is allowed by policy map “sdm-permit-icmpreply” and all traffic TO the self zone is denied by “sdm-permit” policy map.
PLEASE CORRECT THE ANSWER!!
Whats withc Q4?? Ist the securitytut answer true or not????
Tomorrow I have my exam!
Thanks in advance for the clarification of the answer
Patrick, did you took the exam?
Q4 {2,3,4} seems to be OK. In the book commented by Saurabh Bassi is the explanation (pages 371-372):
“The only exception to the default deny-all policy is the self zone. Traffic to any router interface is allowed until traffic is explicitly denied.”
“The one exception to the preceding deny-by-default approach is traffic to and from the router, which is permitted by default.”
I’ve taken the exam today scoring a 1000. Question 4 is OK.
Also got 1000 on 29 Oct. All answers are correct.
I passed the exam last week scoring a 1000! Question 4 is correct! I agree that Return traffic is always allowed by default, but only if you have an inspect policy (e.g. from inside to outside) configured first for that kind of traffic! I think you need to read the question carefully! Cisco only said that some interfaces of the router are assigned to a zone and nothing else! And so there can not be a returning traffic that’s allowed by default.
new drag and drop on 8/12/2010
Q129 from link below
http://www.scribd.com/doc/32103017/640-553-CCNAS-Certification-Tests
Hey all…i passed this exam today scoring 1000 marks…thnks securitytut…p4s 138q (4.38)dumps are still valid…
Thanks for securitytut ….i passed this exam today scoring 1000 marks…testinside ver6.11 are still valid
hi all,
what about question nº 5?
+ i asume IPsec is implemented at layer 3, not layer 4
+ i also asume digital certificates are used for authentication, not for confidentiality
+ and i asume data integrity is implemented by using hashing algorithms, not checksums
therefore i guess the remaining answers are the good ones:
** IPsec is a framework of open standards
** IPsec is bound to specific encryption algorithms, such as 3DES and AES
** IPsec authenticates users and devices that can carry out communication independently.
What do you all think?
@unnamed,
Hashing uses checksums for integrity.
@umar
thanks umar. just one more question?
i cannot understand why the statement: “IPsec is bound to specific encryption algorithms, such as 3DES and AES” is not true, as the confidentiality part is implemented by using simmetric algorithms, such as DES, 3DES, AES, or SEAL. can you tell me why?
requires users to first identify which router interfaces connect to the inside network and which connect to the outside network. On the basis of the Cisco IOS Zone-Based Policy Firewall by default which three types of traffic are permitted by the router when some interfaces of the routers are assigned to a zone?.
In CCNA Security exam, is there any LAB to design VPN on routers???
Please confirm
Thanks
Ladak
Am going to write the exam on May 11th . Hope i’ll pass the exam.
Hi Experts,
just to know, has any1 cleared this paper on April-may 2011 ? p4s 138q (4.38)dumps are still valid…?
to Unnamed regarding Q.5
“Because IPsec is not bound to specific algorithms, IPsec allows newer and better algorithms
to be implemented without patching the existing IPsec standards.”
“IPsec ensures data integrity by using checksums, which are a simple redundancy check.
The IPsec protocol adds up the basic components of a message, typically the number
of bytes, and stores the total value. IPsec performs a checksum operation on received
data and compares the result to the authentic checksum. If the sums match, the assumption
is that the data has not been manipulated.”
CCNA Security exam 640-553 Authorized Self-Study Guide. page 382
So upper answers is correct.
Hi All,
I have given exam and passed with 1000/1000. Studied as follows-
1. Simlets and lab – used securitytut (100 % valid)
2. Questions- Testinside Ver 6.12 (Q.137)
3. CISCO Official certification guide/CCNA Security Authorized Self-Study Guide.
Passing score – 804/1000
Time- 120 mins (India)
Hi Rohan
Ver 6.12 is still valid or not, I want to give the exam next week
Hi, I’ve my exam on 19th august 2011. Is P4S 4.38 still valid? Questions shown here are still valid? Has anyone given exam recently?
questions are still good
Hi Admin,
Please share something about CCNP Security exam……
Need help from the community,
would you mind if any one have some exam questions for the SANS – GSEC exam
Thanks a lot for securitytut.com.. I request to up date the questions.. wish u an all success..
woohoo got them all right first try
dont undestand how to start …?
am ccnp certified and more intrested toward security…
please guide me through this ..
Hi Guys! Am busy preparing my IINS, can anyone help where to download IOS for GNS3. My e-mail: nissy357@yahoo.com