Cisco Certified Security Professional (CCSP) Interview Questions

 
1.
Explain What are the two types of traffic policies that apply to user roles? (Choose two.)
A. IP-based
B. peer-based
C. host-based
D. manager-based
E. server-based
F. VLAN-based
2.
Tell me What is the result when the condition statement in a Cisco NAA check for
required software evaluates to false on a client machine?
A. The required software is automatically downloaded to the user device.
B. The required software is made available after the user is quarantined.
C. The user is put in the unauthenticated role and the software is considered missing.
D. The user is placed in the temporary role and the software is made available.
3.
How to ensure that the Cisco NAS has the most recent version of the
Cisco NAA to install on user devices?
A. Each time the Cisco NAA is upgraded, the Cisco NAM automatically downloads the new version of Cisco
NAA to all Cisco NAS servers.
B. From the Cisco NAS Web Admin Console, enable Cisco NAA autoupdate on the Administration >
Software Update form.
C. The Cisco NAA is upgraded directly to each Cisco NAS using the Upgrade Server form available on the
Cisco NAM web console GUI.
D. Configure the Cisco NAS by selecting which Cisco NAA to upgrade in the Cisco NAA Upgrade form.
4.
Tell me Which three components comprise a Cisco NAC Appliance solution? (Choose
three.)
A. a NAC-enabled Cisco router
B. a Linux server for in-band or out-of-band network admission control
C. a Linux server for centralized management of network admission servers
D. a Cisco router to provide VPN services
E. a read-only client operating on an endpoint device
F. a NAC-enabled Cisco switch
5.
Tell me After you implement a network scan and view the report, you notice that a
plug-in did not access any of its dependent plug-ins. What did you forget to do?
A. enable the Dependent Plug-in check box on the General Tab form
B. configure dependent plug-in support when you mapped the Nessus scan check to the Nessus plug-in rule
C. install dependent plug-ins when you updated the Cisco NAC Appliance plug-in library
D. load the dependent plug-ins for that plug-in in the Plug-in Updates form
6.
A client has a network with wireless and wired users. The wired users run
mission-critical bandwidth-sensitive applications. The wireless users access web-based support portals
within the central office.
Given only this information, which Cisco NAC Appliance solution would provide the most fault-tolerant
option for this client?
A. one Cisco NAM and one in-band highly available Cisco NAS cluster
B. one load-balanced highly available Cisco NAM cluster and one out-of-band highly available Cisco NAS
cluster
C. one highly available Cisco NAM cluster, one out-of-band highly available Cisco NAS cluster, and one
in-band Cisco NAS
D. one highly available Cisco NAM cluster and one in-band highly available Cisco NAS cluster
7.
The NAS is configured to autogenerate an IP address pool of 30 subnets with a netmask of /30, beginning at address 192.168.10.0. Which IP address is leased to the end-user host on
the second subnet?
A. 192.168.10.4
B. 192.168.10.5
C. 192.168.10.6
D. 192.168.10.7
8.
Explain When configuring the Cisco NAM to implement Cisco NAA requirement
checking on client machines, what is the next step after configuring checks and rules?
A. retrieve updates
B. require the use of the Cisco NAA
C. configure session timeout and traffic policies
D. map rules to requirement
E. configure requirements
9.
Based on a Boolean order of precedence, how would Cisco NAC Appliance evaluate the following rule?
AdAwareLogRecent&(NorAVProcessIsActiveymAVProcessIsActive)
A. (The Norton Antivirus is active and there is a recent Ad Aware log entry) or (the Symantec antivirus
process is active).
B. There is a recent Ad Aware log entry, the Norton Antivirus is active, and the Symantec antivirus process is
active.
C. (Either the Norton Antivirus or the Symantec antivirus process is active) and (there is a recent Ad Aware
log entry).
D. There is a recent Ad Aware log entry or the Norton Antivirus is active, or the Symantec antivirus process is
active.
10.
Which default administrator group has delete permission?
A. admin
B. help-desk
C. add-edit
D. full-control