CCNP Security exam questions and answers

SPOTO Cisco Dumps
CCNP Security exam questions and answers

CCNP Security Exam Introduction:

The Cisco Certified Network Professional Security shortly known as the CCNP Security Examination, certification program that are aligned specifically to the job role of the Cisco Network Security Engineer who would have the responsibility for CCNP Security in Routers & Switches, Networking devices and appliances, as well as they are responsible for choosing, deploying, supporting and troubleshooting Firewalls, VPNs, and IDS/IPS solutions for their networking environments.


Cisco 300-206 or SENSS Sample Questions:


01. Which is true regarding Cisco Secure-X architecture?

1.    It is a design guide for security deployment

2.    It is a context-aware access solution

3.    It is based upon an appliance-based approach to network security

4.    It is a network-based solution that is context-aware


02. While authenticating users and when implementing the Cisco IOS Zone-Based Policy Firewall, which three methods are used by the authentication proxy feature to perform inline authentication of users traversing the firewall?

(Choose three.)

1.    HTTP

2.    POP

3.    LDAP

4.    Telnet

5.    FTP

6.    TACACS+


03. Which type of firewall would be best to provide a rich set of application layer inspection capabilities?

1.    MPF based

2.    C3PL based

3.    Cisco IOS router

4.    Cisco ASA


Cisco 300-210 or SITCS Sample Questions:



01. Which element of design methodology is important for identification of the organizational goals?

1.    Existing network and sites characterization

2.    Design of the network topology and solutions

3.    Conceptual architecture examination

4.    Customer requirements identification

5.    Design validation


02. Which two tasks are the parts of differentiating of an existing network?

(Choose two)

1.    Using design tools to create a framework for the design

2.    Collecting information using the existing documentation and direct organizational input

3.    Using tools for automated auditing of the network

4.    Identifying the business objectives of the organization


03. Which two of these reasons are going to explain why you would be modularized?

(Choose two)

1.    Reducing the amount of data that the network device needs to process

2.    Increasing the amount of data that the network device needs to process

3.    Reducing the amount of data that the engineer must manage

4.    Increasing the amount of data that the engineer must manage

5.    Making it easier to have multiple routing protocols running in the network


Cisco 300-209 or SIMOS Sample Questions:

01. Which of the following two is going to provide you to protect against man-in-the-middle attacks?

(Choose two.)

1.    TCP initial sequence number randomization?

2.    TCP sliding-window checking

3.    Network Address Translation

4.    IPsec VPNs

5.    Secure Sockets Layer


02. Which of the following VPN technologies would be utilized for the non-tunneled IPsec as its encapsulation mode?

1.    Individual IPsec tunnels

2.    Cisco Easy VPN

3.    Dynamic Multipoint VPN (DMVPN)

4.    Group Encrypted Transport (GET) VPN


03. Which of the following is going to provide you with valid characterizations of key encryption protocols?

(Choose all that apply.)

1.    Asymmetric

2.    Bidirectional

3.    Symmetric

4.    One-Way


Cisco 300-208 or SISAS Sample Questions:


01. What would be the shortcoming of the original RADIUS specification does CoA address?

1.    It allows the AAA server to provide the unsolicited authorization policy updates to AAA clients.

2.    It allows co-authenticating of the user and the endpoint.

3.    It allows co-authorizing on ingress device and egress device in the Cisco TrustSec domain.

4.    Also, the change of address is too allowed policy to follow user if they roam between wireless access points.

5.    It also allows the RADIUS to be transported using TCP.


02. Which 802.1X mode would be utilized a static pre-authentication ACL with a dynamically applied downloadable ACL after authentication?

1.    Dynamic mode

2.    Monitor mode

3.    Multi-auth mode

4.    Flexible enforcement mode

5.    Low impact mode


03. What are three methods that Cisco ISE can utilize so as to perform authentication?

(choose 3)

1.    802.1X

2.    MAB

3.    CoA

4.    EAP

5.    Active Directory

6.    Web Authentication.


These were some sample questions from each of the exams of the CCNP Security Exam, if you want further more help, you could have it by joining the SPOTO CCIE Club.