CCNA - Cisco Certified Network Associate Practice Questions: Security Fundamentals Domain

Published: June 22, 2025 | 20 min read

Test your CCNA - Cisco Certified Network Associate knowledge with 10 practice questions from the Security Fundamentals domain. Includes detailed explanations and answers.

CCNA - Cisco Certified Network Associate Practice Questions

Master the Security Fundamentals Domain

Test your knowledge in the Security Fundamentals domain with these 10 practice questions. Each question is designed to help you prepare for the CCNA - Cisco Certified Network Associate certification exam with detailed explanations to reinforce your learning.

Question 1

What is the purpose of a firewall in a network?

A) To provide a backup power supply for network devices.

B) To convert private IP addresses to public IP addresses.

C) To control incoming and outgoing network traffic based on predetermined security rules.

D) To connect multiple networks together.

Show Answer & Explanation

Correct Answer: C

Explanation: Firewalls control access to a network by applying security rules to incoming and outgoing traffic.

Question 2

Which of the following is a primary benefit of implementing 802.1X on a network?

A) Increased network speed.

B) Enhanced network security through port-based authentication.

C) Simplified network management.

D) Reduced network congestion.

Show Answer & Explanation

Correct Answer: B

Explanation: CORRECT: 802.1X provides enhanced security by requiring authentication before network access. 802.1X does not affect network speed. It complicates management due to additional configuration. 802.1X does not reduce congestion.

Question 3

A network administrator wants to segment the network and secure the segments by controlling access between them. Which feature should the administrator configure to limit access to certain segments based on IP addresses?

A) Access Control Lists (ACLs)

B) Port Security

C) Spanning Tree Protocol (STP)

D) VLAN Trunking Protocol (VTP)

Show Answer & Explanation

Correct Answer: A

Explanation: Access Control Lists (ACLs) are used to filter network traffic and control access to network segments based on IP addresses and other criteria. Port Security controls access based on MAC addresses, STP prevents loops in network topology, and VTP manages VLAN configuration across switches, but neither of these provides IP-based access control.

Question 4

An engineer needs to configure a router to allow only SSH connections for remote management. Which command should be used to achieve this?

A) transport input telnet

B) transport input ssh

C) transport input all

D) transport input none

Show Answer & Explanation

Correct Answer: B

Explanation: CORRECT: The 'transport input ssh' command allows only SSH connections for remote management. The 'transport input telnet' command allows only Telnet connections. The 'transport input all' command allows all types of connections, including Telnet and SSH. The 'transport input none' command disables all remote access.

Question 5

A company needs to implement a secure remote access solution for network management. They have decided on using VPNs. Which technology should be implemented to provide secure remote management of devices?

A) GRE tunnels

B) SSL VPN

C) PPTP VPN

D) L2TP VPN

Show Answer & Explanation

Correct Answer: B

Explanation: SSL VPN provides a secure method for remote access to network devices over a web browser, offering strong encryption and ease of access. GRE tunnels don't provide encryption by themselves. PPTP VPN is outdated and considered insecure. L2TP VPN requires IPsec for encryption, but alone it's not a complete solution for secure remote access.

Question 6

Which of the following is a benefit of using a VPN for remote access?

A) It provides faster internet speeds.

B) It allows secure access to a private network over the internet.

C) It reduces the need for network firewalls.

D) It simplifies network configuration.

Show Answer & Explanation

Correct Answer: B

Explanation: A VPN allows secure access to a private network over the internet by encrypting data and maintaining privacy, making it ideal for remote access.

Question 7

A network administrator wants to ensure that all unused switch ports are disabled to enhance security. Which command should be used?

A) shutdown

B) port-security

C) disable

D) no switchport

Show Answer & Explanation

Correct Answer: A

Explanation: CORRECT: 'shutdown' is used to disable unused switch ports. This is the correct command to disable ports. 'port-security' is used to configure security features, not disable ports. 'disable' is not a valid command in this context. 'no switchport' converts a port to a routed port, not disabling it.

Question 8

An organization wants to improve its network security posture by implementing multi-factor authentication (MFA). What is the primary benefit of MFA?

A) Increased network speed.

B) Reduced bandwidth consumption.

C) Enhanced security by requiring multiple forms of authentication.

D) Simplified user login process.

Show Answer & Explanation

Correct Answer: C

Explanation: MFA adds multiple layers of security, making it significantly harder for unauthorized users to access the network, even if they obtain a password.

Question 9

During an audit, it was found that Telnet access to network devices is still enabled, which violates the security policy. What secure access method should replace Telnet?

A) SSH

B) FTP

C) HTTP

D) TFTP

Show Answer & Explanation

Correct Answer: A

Explanation: Option A is correct because SSH (Secure Shell) provides encrypted and secure remote access to network devices, unlike Telnet, which is unencrypted. Option B, FTP, is used for file transfers and does not secure remote access. Option C, HTTP, is used for web traffic and is not secure for management access. Option D, TFTP, is also used for transfers and does not provide secure access.

Question 10

In a network with multiple VLANs, which feature can be used to prevent VLAN hopping attacks?

A) Port Security

B) BPDU Guard

C) DTP

D) VLAN Trunking Protocol

Show Answer & Explanation

Correct Answer: A

Explanation: CORRECT: Port Security can be configured to limit the number of MAC addresses on a port, preventing VLAN hopping. This is the correct feature to prevent VLAN hopping by securing port access. BPDU Guard is used to protect against STP attacks, not VLAN hopping. DTP can be exploited for VLAN hopping, not prevent it. VLAN Trunking Protocol manages VLAN configurations but does not prevent VLAN hopping.

Ready to Accelerate Your CCNA - Cisco Certified Network Associate Preparation?

Join thousands of professionals who are advancing their careers through expert certification preparation with FlashGenius.

✅ Unlimited practice questions across all CCNA - Cisco Certified Network Associate domains
✅ Full-length exam simulations with real-time scoring
✅ AI-powered performance tracking and weak area identification
✅ Personalized study plans with adaptive learning
✅ Mobile-friendly platform for studying anywhere, anytime
✅ Expert explanations and study resources

Start Free Practice Now

Already have an account? Sign in here

About CCNA - Cisco Certified Network Associate Certification

The CCNA - Cisco Certified Network Associate certification validates your expertise in security fundamentals and other critical domains. Our comprehensive practice questions are carefully crafted to mirror the actual exam experience and help you identify knowledge gaps before test day.