CertHead

Security Fundamentals — CCNA practice questions

Domain 5 of the Cisco CCNA (200-301) exam. 27 questions on this domain in the full bank — here are four free samples with answers and explanations.

Question 1 · Difficulty 2/5

What is a vulnerability in cybersecurity?
  1. A type of malware
  2. A weakness that can be exploited
  3. A security policy
  4. A mitigation technique
Show answer & explanation

Correct answer: B

A weakness that can be exploited
A vulnerability is a weakness in a system that can be exploited by a threat actor. Malware is a type of threat, not a weakness. Policies and mitigations are used to protect against vulnerabilities, not define them.

Question 2 · Difficulty 3/5

What is the difference between a threat and a vulnerability?
  1. Threat is a weakness, vulnerability is an attack
  2. Threat is potential danger, vulnerability is a weakness
  3. Both are the same
  4. Threat is mitigation, vulnerability is policy
Show answer & explanation

Correct answer: B

Threat is potential danger, vulnerability is a weakness
A threat is a potential danger that can exploit a vulnerability, while a vulnerability is a weakness in the system. The two are related but distinct concepts. Threats act upon vulnerabilities to cause harm.

Question 3 · Difficulty 2/5

Which sequence of commands correctly secures console line access with a password on a Cisco router?
  1. enable secret <password>
  2. line console 0password <password>login
  3. line console 0login local (without configuring a line password)
  4. line vty 0 4password <password>login
Show answer & explanation

Correct answer: B

line console 0password <password>login
To secure console access, you enter line console 0, set a password with password <password>, and enable password checking with login. The enable secret command protects privileged EXEC mode, not the console line. Configuring login local without a line password causes authentication to fail unless local usernames are defined. The line vty command secures remote (Telnet/SSH) sessions, not the physical console port.

Question 4 · Difficulty 3/5

Which IPsec component provides encryption?
  1. AH
  2. ESP
  3. IKE
  4. SSL
Show answer & explanation

Correct answer: B

ESP
ESP provides encryption and optional authentication in IPsec. AH provides authentication only. IKE handles key exchange. SSL is a different protocol.

More CCNA domains

Ready to test yourself for real?

The free quiz pulls live questions from the same banks — no account required.

Start the free quiz