CCNA

Security Top 50 Interview Questions

and Answers
Ques 1. What is the difference between IPS and a firewall?
The primary function of a Firewall is to prevent/control traffic flow from an
untrusted network (outside). A firewall is not able to detect an attack in which
the data is deviating from its regular pattern, whereas an IPS can detect and
reset that connection as it has inbuilt anomaly detection.
Another key difference being that firewall preforms actions such
as blocking and filtering of traffic while and IPS prevent the attack as per
configuration.

Furthermore, below table enumerates the difference between Firewall and
IPS in detail –

Ques 2. What is meant by Annual Loss expectancy? How is ALE
calculated?
Annualized loss expectancy (ALE) is loss expectancy from single threat in a
given year in dollars. The formula for calculation of ALE = SLE * ARO,
where
SLE = Single Loss expectancy
ARO = Annualized rate of occurrence

Ques 3. What do we call a computer virus that combines several different
technologies?
Blended Threat

Ques 4. Which global configuration mode command is used to encrypt
any plaintext passwords in a Cisco configuration?
The correct answer is “service password-encryption”

Ques 5. What is difference between Tacacs and Tacacs+?
Below table enumerates the difference between both TACACS and
 TACACS+

Ques 6. When an IPsec VPN tunnel is configured, how does the router
determine what traffic is to traverse the VPN tunnel?
VPN uses the concept of Interesting traffic. An access list is used to define
interesting traffic, which is the traffic that is allowed to traverse the VPN
tunnel.

Ques 7. Which IPsec protocol does both encryption and authentication?
ESP (Encapsulating Security Payload) does both encryption and
authentication.
Note - AH does only the authenticating and no encryption.

Ques 8. If you were working in the IOS command - line interface and
needed to check on the status of a VPN tunnel, what command would you
enter?
The command you would enter is “show crypto ipsec sa”. The command
is used to display IPsec security associations. Further, error conditions can
also be shown via this command.

Ques 9. After configuring VPN tunnel, a security administrator issues
“show crypto isakmp sa” and notices the message MM_NO_STATE.
What might be the problem?
The most common reasons for MM_NO_STATE output is either one -
Preshared keys don't match at both ends
Access list that defines interesting traffic doesn't match
Both of those don't match.

Ques 10. What is the “peer address “when discussing a VPN tunnel?
The peer address is the remote endpoint of the VPN device to which you
 are connecting .

Ques 11. What is split tunneling?
Split tunneling is the ability for a remote VPN client to be able to access
resources across the VPN tunnel and also those on the local network.

Ques 12. Name debug command that's commonly used when

troubleshooting VPN connectivity.
The Commands used to debug VPN connectivity are -
debug crypto isakmp
debug crypto ipsec

Ques 13. What is the name of the set of both the encryption algorithm and
the integrity protocol used in the crypto map?
The Transform set denotes the encryption protocol to use and then the
integrity protocol.

Ques 14. Which of the following mode encrypts the entire packet and adds
a new header for IPsec?
IPsec tunnel mode encrypts the entire packet but adds another header on
top of the packet.

Ques 15. What purpose does the preshared key serve?
 The preshared key is used for authentication between the two parties of
the VPN tunnel. If they do not match on both sides, the tunnel will not be
formed.

Ques 16. What minimum key length is recommended when implementing

asymmetric encryption?
2048 should be the minimum key length used. 1024 is considered too
weak for computing power today.

Ques 17. What is difference between asymmetric and Symmetric
encryption?


Ques 18. What is the most widely used standard for digital certificates?
 X.509 is the most widely used standard. It originated in the X.500 class
but is not considered part of the class anymore.

Ques 19. What is the main use for asymmetric encryption?
Because of its speed, asymmetric encryption is used for small amounts of
data for short periods of time. Generating a shared secret key for
symmetric encryption is the main use.

Ques 20. What is IP Spoofing?
An attack where a system attempts to illicitly impersonate another system
by using its IP network address is called IP Spoofing. In technical terms,
IP address spoofing refers to the creation of Internet Protocol (IP) packets
with a forged source IP address, called spoofing, with the purpose of
concealing the identity of the sender or impersonating another computing
system.

Ques 21. What is Defense in Depth?
The security approach whereby each system on the network is
secured to the greatest possible degree. This term may be used in
conjunction with firewalls.

Ques 22. What is the Public Key Encryption?
Public key encryption uses public and private key for encryption and
decryption. In this mechanism, public key is used to encrypt messages and
only the corresponding private key can be used to decrypt them. To
encrypt a message, a sender has to know recipient’s public key.
 Ques 23. What is Worm?
Worm is a standalone program that, when run, copies itself from one host
to another, and then runs itself on each newly infected host. The widely
reported 'Internet Virus' of 1988 was not a virus at all, but actually a
worm.

Ques 24. Define the term DMZ as it pertains to network security and name
3-4 different common network devices that are typically found there?
DMZ is abbreviation for Demilitarized Zone. DMZ Zone refers to part of
network that is exposed to outside networks. Following devices can be
found in a DMZ Zone -
Email server
DNS servers
Web servers
Proxy Server

Ques 25. What are major components of IOS Firewall Set?

There are three major components to the IOS Firewall feature set are -
Firewall
Intrusion Prevention System (IPS)
Authentication Proxy
Ques 26. What is CIA?
CIA stands for Confidentiality, Integrity, and Availability. CIA is a
model designed to guide the policies for information security in
organizations.

Confidentiality is almost equivalent to privacy and is ensured by
implementing access control. Confidentiality is to ensure user privacy in
the system.

Integrity refers to maintaining consistency, accuracy, and trust of data
over its entire lifecycle. There are many methods to ensure data integrity
like using cryptographic checksums etc. to ensure data integrity.

Availability refers to the entire infrastructure is available to authorized
users. It is also important to perform necessary upgrades, software
patches, and security patches as and when they are available from the
vendor.

Ques 27. What are the meaning of threat, vulnerability, and risk?
In security terminology, Threat refers to event which has the potential to
cause harm or critical damage to computer systems or networks like a
virus attack. Threats are caused by attackers who attempt to make use of
weaknesses in computers in the network.

Vulnerability refers to a weakness in the computer network or any device
on the network. A device here refers to routers, modems, or switches etc.
Every device on the network can have one or more vulnerabilities which
must be understood and adequate measures must be implemented to close
the weakness.

Risk is defined as the potential or possibility of compromise, loss, injury
or other adverse consequence. Hence, we may say that Risk is a function
of threats exploiting vulnerabilities to obtain, damage or destroy assets.
Below diagram defines the relation between threat, vulnerability, and
risk –


 Ques 28. What protocol is responsible to synchronize clocks in a network
using syslog?
NTP

Ques 29. Which is the port used in NTP?
NTP uses UDP port 123 to communicate.

Ques 30. Which CLI command is similar to the SDM One-Step Lockdown
wizard?
Autosecure is a CLI command executed in privilege exec mode

Ques 31. What is difference between networks based Firewall and host
based firewall?
Below table enumerates difference between networks based Firewall and
host based firewall -

Ques 32. What is difference between Internet and Intranet?
Below table shares how Internet and Extranet differ in terms of various
parameters -
Ques 33. What is difference between VPN and proxy?
Both Proxy and VPN connect to remote system for communication and
also both forward traffic on behalf of a client.
Below table enlists the dissimilarities between both VPN and Proxy as
below –

Ques 34. What global configuration command secures the startup

 configuration from being erased from NVRAM?
Secure boot-config

Ques 35. What is the procedure of password recovery on cisco ASA
Firewall?
To recover passwords, perform the following steps:
Console into the ASA.
Reboot the ASA
Press the escape key during reboot to enter ROMMON.
configure the firewall to ignore the startup config on next
reload:
rommon #1>
confreg
The following will be displayed:
Current Configuration Register: 0x00000011
Configuration Summary:
boot TFTP image, boot default image from Flash on netboot failure

Do you wish to change this configuration? y/n [n]:
Note down the config register value for later use
Enter y to say yes.
Hit enter at each prompt to accept the default. When you get to
“disable system configuration” hit y.
Reboot the ASA
rommon #2>
boot
At this point the ASA should reload and completely bypass the
configuration.
When the firewall reboots it will not prompt a console user for
a username and the enable password is blank. Go into enable
mode.
Restore the old config
copy startup-config running-config
Enter config mode and reset the password
configure terminal
password NEW_PASSWORD
enable password NEW_PASSWORD
 username USER password NEW_PASSWORD
Restore the config registry to where it was to begin with. This
is the number you wrote down earlier.
config-register 0x0000###
Save your config
copy running-config startup-config
Now, you have gained access to the firewall and restored the config file
and registry to where it before the password reset.

Ques 36. What should be done as a best practice with services that are not
being used on devices?
It is best to disable unused services.

Ques 37. What is difference between Router and Firewall?
Router and Firewall may overlap sometimes in some features
/functionalities however both are developed to meet different objective.
While Router is a layer 3 and Layer 4 device responsible for routing
packets across different networks. Router supports reachability between
source and destination in LAN and WAN environment. Routers utilize
IGP protocols (like static, RIP, EIGRP, OSPF) and BGP for reachability to
remote networks
Firewall on the other hand is responsible for controlling and screening
traffic flow across different networks or zones. Firewall keeps a Flow
table (State table) unlike Router and is responsible for keeping
information regarding state of communication between endpoints.
Below table will provide comparison between Router and Firewall –
Ques 38. What are the 2 types of Object groups in Cisco ASA?
Object Groups supports two types of object groups for grouping ACL
parameters –
1. Network object groups
2. Service object groups

A Network object group is a group of any of the following objects:
Any IP address
Host IP addresses
Hostnames
Other network object groups
Ranges of IP addresses
Subnets

A Service Object Group is a group of any of the following objects:
Source and destination protocol ports (Like telnet , SNMP etc)
ICMP types (such as echo, echo-reply etc)
Top-level protocols (such as TCP, UDP etc)
Other service object groups




Ques 39. What global config command takes a copy of the running config
and securely archives it in storage?
Secure boot-config

Ques 40. When does an IDS react to an attack?
IDS reacts after network is compromised. IDS is not in traffic path and
hence can’t prevent the attack. However, it detects and notifies the
administrator once network is compromised.

Ques 41. From point of view of the corporate network you are securing,
ICMP echos should be permitted in what direction on the untrusted
interface?
Outbound direction.

 Ques 42. What software utility stealthily scans and sweeps to identify
services running on systems in a specified range of IP addresses?
NMAP stealthily scan snd sweeps to identify services running on systems
in specified range of ip addresses.

Ques 43. What IOS command shows real-time detailed information about
IKE Phase 1 and IKE Phase 2 negotiations?
Debug crypto isakmp

Ques 44. How do you check the status of the tunnel’s phase 1 & 2?
Use following commands to check the status of tunnel phases:
Phase 1 : show crypto isakmp and State: MM_ACTIVE
Phase 2 : show crypto ipsec sa

Ques 45. What product can be considered to be part of the threat
containment architecture?
Cisco Security Agent is the closest device because it is a host intrusion
prevention system and is built so it can contain a threat, even if
encountered.

Ques 46. What is the difference between encryption and hashing?
1) Encryption is reversible whereas hashing is irreversible. Hashing
can be cracked using rainbow tables and collision attacks but is not
reversible.
2) Encryption ensures confidentiality whereas hashing ensures
Integrity.

Ques 47. What is difference between Site to Site and remote access VPN?
A Site-to-Site VPN allows offices in multiple locations to establish secure
connections with each other over a public network such as the Internet.
Site-to-site VPN is different from remote-access VPN as it eliminates the
need for each computer to run VPN client software as if it were on a
remote-access VPN. Further, below table differentiates between both Site
to Site VPN and Remote Access VPN -

Ques 48. How is traditional firewall different from Next generation
Firewall?
While Standard firewall features had features like packet filtering,
network address translation and VPN, NGFW has been made
“Application Aware” i.e. capable of identifying applications and applying
controls at the application layer.NGFW has also gone step ahead by
improved decision making like using reputation services or identity
services such as Active Directory. Another major driver for the adoption
of NGFW is the benefit of reducing the complexity of managing disparate
security products.
Below table shares the difference between Traditional firewall and Next
generation firewall -

Ques 49. Which are examples of asymmetric encryption algorithms?
Diffie - Hellman (DH) and RSA are two examples of asymmetric
encryption.

Ques 50. Where can SDM be installed?
An SDM can be installed on administrators PC or routers flash memory.