SANS - SEC 301 and CCNA FINAL
EXAM QUESTIONS WITH CORRECT
SOLUTIONS||100% GUARANTEED
PASS|| UPDATED 2026/2027
SYLLABUS||ALREADY A+
GRADED||<<RECENT VERSION>>
Which of the following commands is recommended to disable debugging? -
ANSWER ✓ no debug all
When you disable debugging, use the no debug all command so that you can be
sure that all levels of debugging are disabled. Debugging places extra processing
load on the router, which means you do not want it running if it is not needed.
Which wireless encryption protocol uses AES for encryption? - ANSWER ✓
WPA2 is the more secure encryption protocol of the three major protocols (WEP,
WPA, and WPA2) and uses the Advanced Encryption Standard (AES).
Your manager asks you which service is responsible for translating the source IP
address of a packet to the IP address of the public interface on the router. -
ANSWER ✓ NAT is responsible for translating the source IP address of a packet
to use the IP of the public interface on the NAT device.
What is the administrative distance of RIP? - ANSWER ✓ 120
You wish to see how RIP has been configured on the router. What command
would you use? - ANSWER ✓ RouterA#show ip protocols
Which of the following identifies additional port roles used by RSTP? - ANSWER
✓ Rapid Spanning Tree Protocol designates a backup port known as an alternate
port should the root port go down.
, Which VTP mode allows the creation of VLANs but does not accept changes
from other VTP systems and does forward VTP messages on to other devices? -
ANSWER ✓ VTP transparent mode allows a switch to create its own VLANs and
will forward VTP messages on to other switches it is connected to.
Blowfish is a high security encryption alogorithm designed by Bruce Schneier, the
author of Applied Cryptography and owner of the company Counterpane. It is very
fast, is considered secure and is resistant to linear and differential analysis. This is
my personal cipher of choice. - ANSWER ✓ Blowfish
Data Encryption Standard was designed in the early 1970s by IBM with input
from NSA. It is OK, but a single key can be broken in three days by the Electronic
Frontier Foundation, a poorly funded organization. This algorithm was provided
for completeness. - ANSWER ✓ DES
The conversion of data into a secret code for transmission over a public network.
Today, most cryptography is digital, and the original text ("plaintext") is turned
into a coded equivalent called "ciphertext" via an encryption algorithm. The
ciphertext is decrypted at the receiving end and turned back into plaintext.
Keys Are the Key
The encryption algorithm uses a "key," which is a binary number that is typically
from 40 to 256 bits in length. The greater the number of bits in the key (cipher
strength), the more possible key combinations and the longer it would take to break
the code. The data are encrypted, or "locked," by combining the bits in the key
mathematically with the data bits. At the receiving end, the key is used to "unlock"
the code and restore the original data.
Secret Vs. Public Key
Secret key cryptography and public key cryptography are the two major
cryptographic architectures.
Secret Keys - Symm - ANSWER ✓ cryptography
The validity of a transmitted message. It deals with methods that ensure that the
contents of a message have not been tampered with and altered. The most common
approach is to use a one-way hash function that combines all the bytes in the
message with a secret key and produces a message digest that is impossible to
reverse. Integrity checking is one component of an information security program.
,See one-way hash function, security protocol, Parkerian Hexad and data integrity. -
ANSWER ✓ message integrity
A condensed text string that has been distilled from the contents of a text message.
Its value is derived using a one-way hash function and is used to create a digital
signature. See digital signature and MD5. - ANSWER ✓ message digest
An IEEE standard security protocol for 802.11 wireless networks that was
developed to replace the original WEP protocol. Also known as "Robust Security
Network" (RSN), 802.11i provides sophisticated authentication using a variety of
protocols (802.1X, EAP and RADIUS) and strong security with the AES-CCMP
encryption protocol. However, in order to allow in-place upgrading of older WEP
hardware, 802.11i also supports the TKIP protocol, which is less robust than AES-
CCMP, but far superior to WEP (see WPA for more details).
Wi-Fi Certification
The Wi-Fi Alliance provides certification for 802.11i-compliant products with its
Wi-Fi Protected Alliance (WPA) logo program. The WPA and WPA2 logos certify
compliance with a subset of 802.11i or the full 802.11i protocol. See WPA. -
ANSWER ✓ 802.11i
(2) See Windows Product Activation.
(1) (Wi-Fi Protected Access) A security protocol for wireless 802.11 networks
from the Wi-Fi Alliance that was developed to provide a migration from WEP. The
WPA logo certifies that devices are compliant with a subset of the IEEE 802.11i
protocol. WPA2 certifies full support for 802.11i.
Strong Security
WPA and WPA2 use a sophisticated key hierarchy that generates new encryption
keys each time a mobile device establishes itself with an access point. Protocols
including 802.1X, EAP and RADIUS are used for strong authentication. A
RADIUS server provides automatic key generation and enterprise-wide
authentication.
For home and small business users who do not have an authentication server, WPA
can be used in preshared keys (PSK) mode, which requires that a shared secret key
be manually entered into the access points and each user's computer. The shared
secret is used to automaticall - ANSWER ✓ WPA
, (Wired Equivalent Privacy) An IEEE standard security protocol for wireless
802.11 networks. Introduced in 1997, WEP was found to be very inadequate and
was superseded by WPA, WPA2 and 802.11i. Its authentication method was
extremely weak and even helped an attacker decipher the secret encryption key. As
a result, WEP authentication was dropped from the Wi-Fi specification.
Passwords Are Required
WEP uses passwords that are entered manually at both ends (see preshared keys).
Using the RC4 encryption algorithm, WEP originally specified a 40-bit key, but
was later boosted to 104 bits. Combined with a 24-bit initialization vector, WEP is
often touted as having a 128-bit key. See WPA, 802.11i and initialization vector. -
ANSWER ✓ WEP
(Extensible Authentication Protocol) A protocol that acts as a framework and
transport for other authentication protocols. EAP uses its own start and end
messages, but then carries any number of third-party messages between the client
(supplicant) and access control node such as an access point in a wireless network.
EAP and LANs
EAP originated with the dial-up PPP protocol in order to support protocols beyond
PAP and CHAP. For use on packet networks, EAP Over LAN (EAPOL) was
created. EAPOL added new message types and allowed an Ethernet header to be
prefixed onto EAP messages so they could be transmitted via Ethernet. Following
are various EAP methods used mostly in wireless networks, but also in wired
networks. See 802.1X, WPA and 802.11i.
EAP-TLS (EAP-Transport Layer Security)
Uses the handshake protocol in TLS, not its encryption method. Client and server
authenticate each other using digital certificates. Clie - ANSWER ✓ EAP
(2) (Secure Sockets Layer) The leading security protocol on the Internet prior to
TLS. Developed by Netscape, SSL has been widely used to validate the identity of
a Web site, to create an encrypted connection for credit card and personal data and
to ensure the transmission is without error.
HTTPS and Port Number 443
EXAM QUESTIONS WITH CORRECT
SOLUTIONS||100% GUARANTEED
PASS|| UPDATED 2026/2027
SYLLABUS||ALREADY A+
GRADED||<<RECENT VERSION>>
Which of the following commands is recommended to disable debugging? -
ANSWER ✓ no debug all
When you disable debugging, use the no debug all command so that you can be
sure that all levels of debugging are disabled. Debugging places extra processing
load on the router, which means you do not want it running if it is not needed.
Which wireless encryption protocol uses AES for encryption? - ANSWER ✓
WPA2 is the more secure encryption protocol of the three major protocols (WEP,
WPA, and WPA2) and uses the Advanced Encryption Standard (AES).
Your manager asks you which service is responsible for translating the source IP
address of a packet to the IP address of the public interface on the router. -
ANSWER ✓ NAT is responsible for translating the source IP address of a packet
to use the IP of the public interface on the NAT device.
What is the administrative distance of RIP? - ANSWER ✓ 120
You wish to see how RIP has been configured on the router. What command
would you use? - ANSWER ✓ RouterA#show ip protocols
Which of the following identifies additional port roles used by RSTP? - ANSWER
✓ Rapid Spanning Tree Protocol designates a backup port known as an alternate
port should the root port go down.
, Which VTP mode allows the creation of VLANs but does not accept changes
from other VTP systems and does forward VTP messages on to other devices? -
ANSWER ✓ VTP transparent mode allows a switch to create its own VLANs and
will forward VTP messages on to other switches it is connected to.
Blowfish is a high security encryption alogorithm designed by Bruce Schneier, the
author of Applied Cryptography and owner of the company Counterpane. It is very
fast, is considered secure and is resistant to linear and differential analysis. This is
my personal cipher of choice. - ANSWER ✓ Blowfish
Data Encryption Standard was designed in the early 1970s by IBM with input
from NSA. It is OK, but a single key can be broken in three days by the Electronic
Frontier Foundation, a poorly funded organization. This algorithm was provided
for completeness. - ANSWER ✓ DES
The conversion of data into a secret code for transmission over a public network.
Today, most cryptography is digital, and the original text ("plaintext") is turned
into a coded equivalent called "ciphertext" via an encryption algorithm. The
ciphertext is decrypted at the receiving end and turned back into plaintext.
Keys Are the Key
The encryption algorithm uses a "key," which is a binary number that is typically
from 40 to 256 bits in length. The greater the number of bits in the key (cipher
strength), the more possible key combinations and the longer it would take to break
the code. The data are encrypted, or "locked," by combining the bits in the key
mathematically with the data bits. At the receiving end, the key is used to "unlock"
the code and restore the original data.
Secret Vs. Public Key
Secret key cryptography and public key cryptography are the two major
cryptographic architectures.
Secret Keys - Symm - ANSWER ✓ cryptography
The validity of a transmitted message. It deals with methods that ensure that the
contents of a message have not been tampered with and altered. The most common
approach is to use a one-way hash function that combines all the bytes in the
message with a secret key and produces a message digest that is impossible to
reverse. Integrity checking is one component of an information security program.
,See one-way hash function, security protocol, Parkerian Hexad and data integrity. -
ANSWER ✓ message integrity
A condensed text string that has been distilled from the contents of a text message.
Its value is derived using a one-way hash function and is used to create a digital
signature. See digital signature and MD5. - ANSWER ✓ message digest
An IEEE standard security protocol for 802.11 wireless networks that was
developed to replace the original WEP protocol. Also known as "Robust Security
Network" (RSN), 802.11i provides sophisticated authentication using a variety of
protocols (802.1X, EAP and RADIUS) and strong security with the AES-CCMP
encryption protocol. However, in order to allow in-place upgrading of older WEP
hardware, 802.11i also supports the TKIP protocol, which is less robust than AES-
CCMP, but far superior to WEP (see WPA for more details).
Wi-Fi Certification
The Wi-Fi Alliance provides certification for 802.11i-compliant products with its
Wi-Fi Protected Alliance (WPA) logo program. The WPA and WPA2 logos certify
compliance with a subset of 802.11i or the full 802.11i protocol. See WPA. -
ANSWER ✓ 802.11i
(2) See Windows Product Activation.
(1) (Wi-Fi Protected Access) A security protocol for wireless 802.11 networks
from the Wi-Fi Alliance that was developed to provide a migration from WEP. The
WPA logo certifies that devices are compliant with a subset of the IEEE 802.11i
protocol. WPA2 certifies full support for 802.11i.
Strong Security
WPA and WPA2 use a sophisticated key hierarchy that generates new encryption
keys each time a mobile device establishes itself with an access point. Protocols
including 802.1X, EAP and RADIUS are used for strong authentication. A
RADIUS server provides automatic key generation and enterprise-wide
authentication.
For home and small business users who do not have an authentication server, WPA
can be used in preshared keys (PSK) mode, which requires that a shared secret key
be manually entered into the access points and each user's computer. The shared
secret is used to automaticall - ANSWER ✓ WPA
, (Wired Equivalent Privacy) An IEEE standard security protocol for wireless
802.11 networks. Introduced in 1997, WEP was found to be very inadequate and
was superseded by WPA, WPA2 and 802.11i. Its authentication method was
extremely weak and even helped an attacker decipher the secret encryption key. As
a result, WEP authentication was dropped from the Wi-Fi specification.
Passwords Are Required
WEP uses passwords that are entered manually at both ends (see preshared keys).
Using the RC4 encryption algorithm, WEP originally specified a 40-bit key, but
was later boosted to 104 bits. Combined with a 24-bit initialization vector, WEP is
often touted as having a 128-bit key. See WPA, 802.11i and initialization vector. -
ANSWER ✓ WEP
(Extensible Authentication Protocol) A protocol that acts as a framework and
transport for other authentication protocols. EAP uses its own start and end
messages, but then carries any number of third-party messages between the client
(supplicant) and access control node such as an access point in a wireless network.
EAP and LANs
EAP originated with the dial-up PPP protocol in order to support protocols beyond
PAP and CHAP. For use on packet networks, EAP Over LAN (EAPOL) was
created. EAPOL added new message types and allowed an Ethernet header to be
prefixed onto EAP messages so they could be transmitted via Ethernet. Following
are various EAP methods used mostly in wireless networks, but also in wired
networks. See 802.1X, WPA and 802.11i.
EAP-TLS (EAP-Transport Layer Security)
Uses the handshake protocol in TLS, not its encryption method. Client and server
authenticate each other using digital certificates. Clie - ANSWER ✓ EAP
(2) (Secure Sockets Layer) The leading security protocol on the Internet prior to
TLS. Developed by Netscape, SSL has been widely used to validate the identity of
a Web site, to create an encrypted connection for credit card and personal data and
to ensure the transmission is without error.
HTTPS and Port Number 443
