1.

Basic Concepts SW1(config-line)# password cisco

🔄 Switch SW1(config-line)# login

 Layer: Operates at OSI Layer 2 (Data SW1(config-line)# exit

Link).
Set IP Address (for management VLAN):
 Function: Connects devices within a
SW1(config)# interface vlan 1
LAN; forwards frames using MAC
addresses.

 Types: Managed and unmanaged SW1(config-if)# ip address 192.168.1.2

switches. 255.255.255.0

🌐 Router SW1(config-if)# no shutdown

 Layer: Operates at OSI Layer 3 Save Configuration:

(Network).
SW1# copy running-config startup-config
 Function: Connects different
3. Basic Router Configuration (Cisco IOS)
networks; routes packets using IP
addresses. Accessing the Router:

 Additional Features: NAT, DHCP, Router> enable

firewall, VPN, etc.
Router# configure terminal
 Basic Switch Change Hostname:
Configuration (Cisco Router(config)# hostname R1
IOS)
Assign IP to Interface:
 Accessing the Switch:
R1(config)# interface GigabitEthernet0/0
Switch> enable
R1(config-if)# ip address 192.168.1.1
Switch# configure terminal 255.255.255.0

R1(config-if)# no shutdown
Change Hostname: Configure Routing:
Switch(config)# hostname SW1 a. Static Routing:
Set Passwords: R1(config)# ip route 192.168.2.0
SW1(config)# enable password cisco 255.255.255.0 192.168.1.2

SW1(config)# line console 0 Dynamic Routing (RIP example):

R1(config)# router rip R1(config-subif)# ip address 192.168.20.1
255.255.255.0
R1(config-router)# version 2
6. Backup and Restore Configuration
R1(config-router)# network 192.168.1.0
Backup Running Config:
R1(config-router)# network 192.168.2.0
Router# copy running-config tftp
4. VLAN Configuration on Switch
Restore Configuration:
Create VLANs:
Router# copy tftp running-config
SW1(config)# vlan 10
7. Useful Show Commands
SW1(config-vlan)# name Sales
Command Description
SW1(config)# vlan 20

SW1(config-vlan)# name IT show ip interface Show interface status

brief and IPs
Assign Ports to VLANs:
Show VLAN
SW1(config)# interface fa0/1 show vlan brief
configuration
SW1(config-if)# switchport mode access show running- Show current
SW1(config-if)# switchport access vlan 10 config configuration

5. Inter-VLAN Routing (Router-on-a-Stick) Show device

show version
information
Switch Side:
show mac address- Show learned MAC
SW1(config)# interface fa0/1
table addresses
SW1(config-if)# switchport mode trunk
show ip route Show routing table
Router Side:
Advanced Networking Switches and
R1(config)# interface g0/0.10 Routers Configuration Notes
R1(config-subif)# encapsulation dot1Q 10 A. OSPF (Open Shortest Path First)
R1(config-subif)# ip address 192.168.10.1 Purpose: Link-state routing protocol used in
255.255.255.0 large networks.

Example Configuration:
R1(config)# interface g0/0.20 R1(config)# router ospf 1
R1(config-subif)# encapsulation dot1Q 20 R1(config-router)# router-id 1.1.1.1
R1(config-router)# network 192.168.1.0 Purpose: Filter traffic based only on source
0.0.0.255 area 0 IP.

R1(config-router)# network 10.10.10.0 Example Configuration:

0.0.0.255 area 0
R1(config)# access-list 10 deny
192.168.1.100

Explanation: R1(config)# access-list 10 permit any

router-id: Manually assigns a unique ID to R1(config)# interface g0/0

the router.
R1(config-if)# ip access-group 10 in
network: Specifies interfaces participating
in OSPF. Wildcard mask 0.0.0.255 is the
inverse of the subnet mask. Explanation:

B. EIGRP (Enhanced Interior Gateway Blocks traffic from IP 192.168.1.100

Routing Protocol) coming into interface g0/0.

Purpose: Cisco proprietary advanced permit any allows all others.

distance-vector protocol.
B. Extended ACL
Example Configuration:
Purpose: Filter traffic based on source IP,
R1(config)# router eigrp 100 destination IP, and protocol.

R1(config-router)# network 192.168.1.0 Example Configuration:

0.0.0.255
R1(config)# access-list 100 deny tcp
R1(config-router)# no auto-summary 192.168.1.0 0.0.0.255 any eq 80

R1(config)# access-list 100 permit ip any any

Explanation: R1(config)# interface g0/0

100: Autonomous System (AS) number. R1(config-if)# ip access-group 100 out

no auto-summary: Disables automatic Explanation:

route summarization for better VLSM
Denies HTTP (port 80) traffic from
support.
192.168.1.0/24 to any destination.

Applied outbound on g0/0.

2. Access Control Lists (ACLs)
NAT (Network Address Translation)
🛑 A. Standard ACL
Purpose: Translate private IPs to public IPs mode desirable: Enables PAgP (Port
for internet access. Aggregation Protocol).

Static NAT Configuration: Makes the link a trunk for VLAN tagging.

5. VTP (VLAN Trunking Protocol)

R1(config)# interface g0/1 Purpose: Centralized VLAN management

across switches.
R1(config-if)# ip address 203.0.113.1
255.255.255.0 Server Switch:

R1(config)# ip nat inside source static SW1(config)# vtp domain NetworkLab

192.168.10.10 203.0.113.10
SW1(config)# vtp mode server
R1(config)# interface g0/0
SW1(config)# vtp password cisco123
R1(config-if)# ip nat inside
Client Switch:
R1(config)# interface g0/1
SW2(config)# vtp domain NetworkLab
R1(config-if)# ip nat outside
SW2(config)# vtp mode client
Explanation:
SW2(config)# vtp password cisco123
Maps a single private IP to a public IP.
Explanation:
Interface roles are defined (inside and
All switches in the same VTP domain
outside).
share VLAN info.
EtherChannel (Switch)
Password ensures secure VTP
Purpose: Combine multiple links into one communication.
logical link to increase bandwidth and
6. DHCP Configuration on Router
provide redundancy.
Purpose: Assign IP addresses automatically
Example Configuration (Using PAgP):
to clients.
SW1(config)# interface range fa0/1 - 2
Example Configuration:
SW1(config-if-range)# channel-group 1
R1(config)# ip dhcp pool LAN1
mode desirable
R1(dhcp-config)# network 192.168.10.0
SW1(config-if-range)# switchport mode
255.255.255.0
trunk
R1(dhcp-config)# default-router
Explanation:
192.168.10.1
channel-group 1: Creates port channel 1.
R1(dhcp-config)# dns-server 8.8.8.8

R1(config)# ip dhcp excluded-address Network Security – MCQs with Answers

192.168.10.1 192.168.10.10

Explanation:
🔸 Basic Concepts
 Excludes addresses for static
1. Which of the following is the
devices.
primary goal of network security?
 DHCP clients will receive addresses A. Speed
starting from .11. B. Confidentiality, Integrity, and
Availability
C. Usability
7. Port Security (Switch) D. Data compression
✅ Answer: B
Purpose: Restrict access to switch ports
based on MAC address. 2. Which device is used to control the
flow of data between networks
Example Configuration:
with different security levels?
SW1(config)# interface fa0/1 A. Switch
B. Repeater
SW1(config-if)# switchport mode access
C. Firewall
SW1(config-if)# switchport port-security D. Router
SW1(config-if)# switchport port-security ✅ Answer: C
maximum 1 3. What is the process of converting
SW1(config-if)# switchport port-security data into unreadable code called?
mac-address sticky A. Encoding
B. Compression
SW1(config-if)# switchport port-security C. Encryption
violation shutdown D. Translation
Explanation: ✅ Answer: C

 Only 1 device allowed per port. 4. Which term refers to the protection
against unauthorized access?
 Sticky learns and saves MAC A. Authentication
address. B. Availability
 Port shuts down if another device is C. Authorization
connected. D. Confidentiality
✅ Answer: D
 5. Which protocol is used to securely C. Physical
transfer files over a network? D. Proxy
A. FTP ✅ Answer: C
B. HTTP
10. Which network security component
C. SFTP
can act as a middleman for requests
D. SNMP
from clients?
✅ Answer: C
A. IDS
B. Switch
C. Proxy server
🔸 Firewalls & Intrusion Prevention
D. Router
6. What type of firewall tracks the ✅ Answer: C
state of active connections?
A. Packet-filtering
B. Stateful inspection 🔸 Security Attacks
C. Proxy
11. Which attack floods a network with
D. Application gateway
traffic to deny service?
✅ Answer: B
A. Phishing
7. Which firewall rule action denies all B. Man-in-the-middle
unspecified traffic? C. DoS
A. Accept D. Replay
B. Drop ✅ Answer: C
C. Reject
12. In which attack does the hacker
D. Forward
intercept communication between
✅ Answer: B
two parties?
8. Which of the following can detect A. Spoofing
and respond to suspicious activity B. Man-in-the-middle
in real-time? C. DoS
A. IDS D. Social Engineering
B. IPS ✅ Answer: B
C. Firewall
13. Phishing is a type of:
D. Proxy Server
A. Malware
✅ Answer: B
B. Social engineering attack
9. Which of these is NOT a type of C. Physical attack
firewall? D. Brute-force attack
A. Stateless ✅ Answer: B
B. Stateful
 14. Which of these is used to guess C. RSA
passwords by trying every possible D. Blowfish
combination? ✅ Answer: C
A. SQL Injection
19. Which of these provides
B. Brute-force attack
confidentiality, integrity, and
C. Phishing
authentication over IP networks?
D. Ransomware
A. SSL
✅ Answer: B
B. IPsec
15. Which attack involves injecting C. FTP
malicious code into a web form? D. HTTP
A. XSS ✅ Answer: B
B. DoS
20. Which protocol is used to securely
C. Spoofing
connect to remote machines?
D. VPN
A. Telnet
✅ Answer: A
B. FTP
C. SSH
D. SMTP
🔸 Encryption & Protocols
✅ Answer: C
16. Which protocol is used to encrypt
web communication?
A. HTTP 🔸 Authentication & Access Control
B. FTP
21. What does 2FA stand for?
C. HTTPS
A. Two Fast Authentication
D. DNS
B. Two-Factor Authorization
✅ Answer: C
C. Two-Factor Authentication
17. Which algorithm is symmetric D. Trusted File Authentication
encryption? ✅ Answer: C
A. RSA
22. Which is a biometric authentication
B. ECC
method?
C. DES
A. Password
D. DSA
B. OTP
✅ Answer: C
C. Fingerprint
18. Which algorithm uses a public and D. Security Question
private key pair? ✅ Answer: C
A. AES
23. In AAA, what does the second 'A'
B. DES
stand for?
 A. Access D. Nessus
B. Authentication ✅ Answer: A
C. Authorization
28. Which tool is best for vulnerability
D. Accounting
scanning?
✅ Answer: C
A. Wireshark
24. Which method is used to verify B. Telnet
identity? C. Nessus
A. Integrity D. Notepad++
B. Authentication ✅ Answer: C
C. Encryption
29. What is the function of a honeypot?
D. Hashing
A. Encrypt data
✅ Answer: B
B. Lure attackers
25. What kind of access control restricts C. Detect viruses
actions based on roles (e.g. admin, D. Backup data
user)? ✅ Answer: B
A. DAC
30. Which of the following is used to
B. RBAC
detect open ports on a device?
C. MAC
A. Traceroute
D. PAC
B. Nmap
✅ Answer: B
C. Ping
D. Netstat
✅ Answer: B
🔸 Network Devices & Security Tools

26. Which device isolates internal

networks from external access? 🔸 Policies, Frameworks & Best Practices
A. Hub
31. What is the principle of least
B. Repeater
privilege?
C. Firewall
A. Giving users full access
D. Bridge
B. Giving users no access
✅ Answer: C
C. Giving users only necessary access
27. Which tool is used to analyze D. Blocking all users
packet-level data on a network? ✅ Answer: C
A. Wireshark
32. What is a strong password policy?
B. Nmap
A. No password required
C. Metasploit
B. Same password for all users
C. Complex and unique passwords
 D. Easy-to-remember passwords A. Brute-force
✅ Answer: C B. Phishing
C. ARP Spoofing
33. Which of the following is a
D. SYN Flood
framework for information
✅ Answer: B
security?
A. OSI Model 38. What is hashing primarily used for
B. NIST in security?
C. HTML A. Compression
D. SMTP B. Authentication
✅ Answer: B C. Data integrity
D. Encryption
34. Which of the following should be
✅ Answer: C
included in an incident response
plan? 39. Which device prevents broadcast
A. Physical security storms in a network?
B. Printer settings A. Hub
C. Steps to handle breaches B. Switch
D. Marketing materials C. Router
✅ Answer: C D. Firewall
✅ Answer: C
35. Which type of malware locks files
and demands payment? 40. Which command checks if a host is
A. Worm reachable in a network?
B. Ransomware A. ping
C. Trojan B. tracert
D. Rootkit C. nslookup
✅ Answer: B D. arp
✅ Answer: A

🌐 Networking Concepts – MCQs with

🔸 Miscellaneous
Answers
36. Which port does HTTPS use?
A. 20
B. 21 🧠 1. Basic Networking Concepts
C. 443
1. What does LAN stand for?
D. 23
A. Local Area Network
✅ Answer: C
B. Large Access Network
37. Which of these is a social C. Long Area Network
engineering attack?
 D. Limited Access Network C. 7
✅ Answer: A D. 4
✅ Answer: C
2. Which of the following is NOT a
type of network? 7. Which OSI layer is responsible for
A. LAN routing?
B. WAN A. Data Link
C. MAN B. Network
D. SANITARY C. Transport
✅ Answer: D D. Application
✅ Answer: B
3. What is the purpose of a network?
A. Data backup 8. Which layer ensures error-free
B. Software development delivery of data?
C. Sharing resources A. Physical
D. Image editing B. Session
✅ Answer: C C. Transport
D. Network
4. Which of the following is a wireless
✅ Answer: C
communication technology?
A. Ethernet 9. Which protocol operates at the
B. Wi-Fi application layer?
C. Coaxial A. TCP
D. DSL B. IP
✅ Answer: B C. HTTP
D. ICMP
5. Which topology has a central device
✅ Answer: C
that connects all other nodes?
A. Bus 10. The physical address is also known
B. Ring as:
C. Mesh A. IP address
D. Star B. Hostname
✅ Answer: D C. MAC address
D. URL
✅ Answer: C
🔄 2. OSI & TCP/IP Models

6. How many layers are in the OSI

🌐 3. IP Addressing and Subnetting
model?
A. 5 11. Which class of IP address is
B. 6 192.168.1.1?
 A. Class A 16. Which device operates at Layer 2
B. Class B and forwards frames using MAC
C. Class C addresses?
D. Class D A. Router
✅ Answer: C B. Switch
C. Hub
12. How many bits are in an IPv4
D. Modem
address?
✅ Answer: B
A. 16
B. 32 17. Which device connects different
C. 64 networks together?
D. 128 A. Hub
✅ Answer: B B. Switch
C. Router
13. Which IP address is reserved for
D. Repeater
loopback?
✅ Answer: C
A. 127.0.0.1
B. 0.0.0.0 18. What is the function of a DNS
C. 255.255.255.0 server?
D. 192.168.0.1 A. Sends emails
✅ Answer: A B. Assigns IP addresses
C. Resolves domain names
14. What is the purpose of a subnet
D. Blocks viruses
mask?
✅ Answer: C
A. Encrypt data
B. Define network & host parts 19. Which device is used to regenerate
C. Assign MAC address signals in a network?
D. Provide DNS services A. Router
✅ Answer: B B. Switch
C. Repeater
15. Which of the following is a private
D. Proxy
IP address?
✅ Answer: C
A. 8.8.8.8
B. 172.16.5.4 20. A modem is used to:
C. 192.0.2.1 A. Connect LAN to WAN
D. 150.1.1.1 B. Amplify wireless signals
✅ Answer: B C. Assign IP addresses
D. Block malware
✅ Answer: A
🔧 4. Networking Devices
🧪 5. Protocols and Ports

21. Which protocol is used to transfer 📡 6. Wireless & Network Models

web pages?
26. Which standard is used for wireless
A. FTP
LANs?
B. HTTP
A. IEEE 802.3
C. SMTP
B. IEEE 802.5
D. DNS
C. IEEE 802.11
✅ Answer: B
D. IEEE 802.15
22. Which port is used by HTTPS? ✅ Answer: C
A. 20
27. What is the maximum number of
B. 80
hosts in a /24 network?
C. 443
A. 254
D. 21
B. 512
✅ Answer: C
C. 126
23. Which protocol is used to send D. 1024
emails? ✅ Answer: A
A. HTTP
28. Which of these is a Layer 3
B. POP3
protocol?
C. SMTP
A. Ethernet
D. FTP
B. IP
✅ Answer: C
C. MAC
24. Which of the following protocols is D. Frame Relay
connection-oriented? ✅ Answer: B
A. UDP
29. Which of these is NOT a valid IPv6
B. IP
address format?
C. TCP
A. 2001:0db8:85a3::8a2e:0370:7334
D. ICMP
B. 192.168.1.1
✅ Answer: C
C. fe80::1ff:fe23:4567:890a
25. Which protocol maps IP addresses D. ::1
to MAC addresses? ✅ Answer: B
A. DNS
30. What is the main advantage of a
B. DHCP
mesh topology?
C. ARP
A. Cheapest
D. FTP
B. Easy to install
✅ Answer: C
C. High redundancy
 D. Least cabling C. Wireshark
✅ Answer: C D. Chrome
✅ Answer: C

7. Troubleshooting and Tools

🔐 8. Security and Best Practices
31. Which command is used to test
network connectivity? 36. Which of the following is used to
A. ping hide internal IP addresses?
B. mkdir A. DNS
C. ipconfig B. NAT
D. shutdown C. DHCP
✅ Answer: A D. ARP
✅ Answer: B
32. Which command shows IP
configuration on Windows? 37. What is a common symptom of a
A. netstat broadcast storm?
B. tracert A. Internet speed increases
C. ipconfig B. Network becomes very slow
D. arp C. Switches become faster
✅ Answer: C D. DNS failures
✅ Answer: B
33. What does the 'tracert' command
do? 38. Which command displays the ARP
A. Tests firewall table?
B. Shows MAC addresses A. arp -a
C. Traces path to a host B. netstat -r
D. Connects to FTP C. ping
✅ Answer: C D. tracert
✅ Answer: A
34. What does DNS stand for?
A. Direct Network Setup 39. What is the function of DHCP in
B. Domain Name System networking?
C. Digital Network Service A. Provides email service
D. Distributed Name Set B. Assigns IP addresses
✅ Answer: B C. Encrypts data
D. Blocks viruses
35. Which tool is used for packet
✅ Answer: B
sniffing?
A. Notepad 40. Which of the following ensures that
B. Telnet data is not changed during
 transmission? 4. Default domain controller functions
A. Confidentiality such as authentication are provided
B. Availability by:
C. Integrity A. DNS
D. Encryption B. Kerberos
✅ Answer: C C. NTLM
D. DHCP
Answer: B
Windows Server Management & Active
5. Which utility maps hostnames to IP
Directory
addresses?
1. What does Active Directory use to A. FTP
group and manage related objects? B. DNS
A. Domain C. DHCP
B. Organizational Unit (OU) D. ARP
C. Site Answer: B
D. Workgroup
Answer: B ProProfs
🌐 Networking & DNS
2. Which command displays group
membership and access 6. What protocol maps IP addresses to
information? MAC addresses?
A. net user A. HTTP
B. net localgroup B. DNS
C. File properties – Advanced C. ARP
Security D. SMTP
D. net share Answer: C scribd.com
Answer: C ProProfs
7. What does IGMP do in a network?
3. Which mode helps recover a A. Manages DHCP leases
problematic display configuration? B. Manages multicast group
A. Safe Mode membership
B. Last Known Good Configuration C. Supports token ring
C. Recovery Console D. Provides file sharing
D. Debug Mode Answer: B scribd.com
Answer: B
8. What is ‘default gateway’?
ITExams+9ProProfs+9ProProfs+9SPO
A. DNS server
TO
B. Router forwarding outside traffic
C. DHCP option
 D. Proxy host D. Telnet
Answer: B Answer: A scribd.com

9. What is RSVP in networking context? 14. NNTP is mainly used for:

A. Email protocol A. File transfer
B. Resource Reservation Protocol for B. Newsgroup messages
QoS C. Remote login
C. File sharing service D. Security logging
D. Domain Replication utility Answer: B scribd.com+1
Answer: B scribd.com
15. NetBIOS allows applications on
10. IGMP messages let routers learn separate machines to communicate
which hosts belong to a multicast via:
group: True or False? A. Token ring only
Answer: True scribd.com B. TCP/IP stack
C. ICMP only
D. Proxy servers
🔄 Server Roles, Services & Features Answer: B scribd.com

11. What role does DHCP play?

A. Assigns IP dynamically
Security & Administration
B. Resolves DNS names
C. Routes network traffic 16. What helps to prevent IP spoofing
D. Handles directory replication on a network?
Answer: A scribd.com A. Disable DHCP
B. Packet filtering on
12. To reserve IP addresses permanently
routers/firewalls
for devices, you use:
C. Use static routing
A. Static DNS
D. Use TFTP
B. DHCP reservation
Answer: B scribd.com
C. ARP cache
D. WINS server 17. What is an application gateway in
Answer: B firewall architecture?
A. A DNS server
13. Which service is used to manage and
B. A proxy that filters traffic at
secure email transport across
application layer
servers?
C. A tunneling protocol
A. SMTP
D. A DHCP client
B. FTP
Answer: B scribd.com
C. HTTP
 18. Which backup component is NOT C. DHCP redundancy
typically part of a disaster recovery D. VPN access
plan? Answer: B
A. Regular backups
23. Shadow copies on Windows volumes
B. RAID mirroring
provide:
C. UPS
A. File encryption
D. Wallpaper configuration
B. Version snapshots for data
Answer: D ProProfs
recovery
19. The principle of least privilege C. Compression
means: D. Virus protection
A. Full admin rights only Answer: B
B. Minimal necessary access
24. To manage quotas and file screens in
C. No access at all
a shared folder, use:
D. Shared power-user privileges
A. Disk Management
Answer: B
B. File Server Resource Manager
20. To view effective NTFS permissions (FSRM)
for a user, you should open: C. Task Scheduler
A. Summary tab D. IIS Manager
B. General tab Answer: B
C. Advanced Security settings
25. A SAN is primarily used to provide:
D. Previous Versions tab
A. Remote desktop services
Answer: C ProProfs
B. Centralized block-level storage
C. DNS resolution
D. File sharing over HTTP
📁 File Services & Storage
Answer: B
21. To replicate SYSVOL among domain
controllers, use:
A. FTP Virtualization & High Availability
B. DFS-R or FRS
26. Which technology enables live
C. SMTP
migration between hosts?
D. LDAP
A. Hyper-V Replica
Answer: B
B. Quick Migration
22. A DFS Namespace helps provide: C. Storage Migration
A. Email server organization D. Virtual Switch
B. Unified folder view across Answer: B
multiple servers
 27. Failover clustering provides: C. ipconfig
A. Load balancing for web D. nslookup
applications Answer: B
B. Continuous availability during SPOTOProProfs+1scribd.com
hardware faults
32. What does tracert show?
C. DNS caching
A. MAC addresses
D. Remote access protocol
B. DNS names
Answer: B
C. Path (hops) to destination
28. Storage Spaces Direct (S2D) requires: D. DHCP leases
A. Only local disks Answer: C scribd.com
B. Shared storage or direct-attached
33. Which command shows DHCP lease
drives
information?
C. Cloud storage only
A. ipconfig /all
D. External USB disks
B. net view
Answer: B
C. ping
29. Nano Server is: D. traceroute
A. GUI-based edition Answer: A
B. Minimal footprint headless
34. To see routing table entries on
deployment
Windows server, use:
C. Legacy XP support environment
A. route print
D. Linux VM target
B. netstat -r
Answer: B
C. ipconfig
30. A virtual switch in Hyper-V operates D. dnscmd
at which OSI layer? Answer: A
A. Layer 1
35. Which shows DNS client cache
B. Layer 2
entries?
C. Layer 3
A. nslookup
D. Layer 4
B. ipconfig /flushdns
Answer: B
C. ipconfig /displaydns
D. route print
Answer: C
✅ Troubleshooting & Diagnostics
CCNA Routing & Switching MCQs
31. Which command tests network
latency and reachability? 1. **Which layer of the OSI model
A. tracert ensures end-to-end delivery and
B. ping error recovery?**
 A. Network addresses and the most subnets?**
B. Transport A. /29
C. Data Link B. /28
D. Physical C. /27
✅ Answer: B (Transport) — It D. /26
handles reliability, error detection ✅ Answer: C (/27) — Provides 30
and acknowledgments. Reddit+5CBT addresses (28 usable). JobsJaano
Nuggets+5JobsJaano+5
6. **To configure a default route on a
2. **Which command assigns VLAN 10 Cisco router, you should use:**
to a switch port in Cisco IOS?** A. ip route 0.0.0.0 0.0.0.0 [next-hop]
A. vlan 10 B. ip default-route [next-hop]
B. switchport access vlan 10 C. route 0.0.0.0
C. switchport mode trunk D. default-gateway [address]
D. ip vlan 10 ✅ Answer: A
✅ Answer: B — Used in interface Udemy+6JobsJaano+6The
configuration mode. CBT Nuggets+1 MasterMinds Notes | Motasem
Hamdan+6
3. **Which routing protocol uses hop
count as its metric?** 7. **What is the primary purpose of
A. RIP VLANs?**
B. OSPF A. Increase bandwidth
C. EIGRP B. Create separate broadcast
D. BGP domains
✅ Answer: A (RIP) — Uses hop C. Enhance speed
count, max of 15. D. Simplify routing
networkjourney.com+13JobsJaano+ ✅ Answer: B — Segregates broadcast
13webasha.com+13 domains. JobsJaano+1Udemy+2The
MasterMinds Notes | Motasem
4. **What is the default administrative
Hamdan+2
distance of OSPF?**
A. 90 8. **Which command saves the
B. 100 running configuration to startup
C. 110 config on Cisco IOS?**
D. 120 A. copy running-config startup-
✅ Answer: C (110) config
Reddit+7JobsJaano+7JobsJaano+7 B. write memory
C. save config
5. **Which subnet mask (/27, /26, /28)
D. Both A and B
gives at least 14 usable host
✅ Answer: D JobsJaano
9. **Which routing protocol uses cost ✅ Answer: B The MasterMinds
(based on bandwidth) as its metric? Notes | Motasem Hamdan
**
13. **Which ACL type filters only based
A. RIP
on source IP address?**
B. OSPF
A. Standard ACL
C. EIGRP
B. Extended ACL
D. BGP
C. Named ACL
✅ Answer: B (OSPF) — Cost metric
D. Reflexive ACL
derived from link bandwidth. The
✅ Answer: A (Standard ACL) The
MasterMinds Notes | Motasem
MasterMinds Notes | Motasem
Hamdan
Hamdan+2CBT Nuggets+2CBT
10. **To start OSPF process on a Cisco Nuggets
router, use:**
14. **What happens if no ACL rule
A. router ospf 1
matches a packet?**
B. enable ospf
A. Packet is permitted
C. ospf enable
B. Packet is logged
D. ip ospf 1
C. Packet is denied (implicit deny all)
✅ Answer: A The MasterMinds
D. Packet is forwarded to fallback
Notes | Motasem Hamdan+1
rule
11. **Which NAT type provides a one- ✅ Answer: C The MasterMinds Notes
to-one mapping of private to public | Motasem Hamdan
IPs?**
15. **Which encryption is used by
A. Dynamic NAT
WPA3?**
B. PAT (Overload)
A. TKIP
C. Static NAT
B. AES
D. NAT64
C. WEP
✅ Answer: C (Static NAT)
D. DES
IPCisco+5The MasterMinds Notes |
✅ Answer: B (AES) The MasterMinds
Motasem
Notes | Motasem Hamdan
Hamdan+5webasha.com+5JobsJaan
o 16. **Which interface counters indicate
a frame failed its FCS check?**
12. **To create a DHCP pool on a Cisco
(Choose two)
router, you use:**
A. runts
A. dhcp server pool
B. giants
B. ip dhcp pool LAN
C. CRC
C. ip pool dhcp
D. frame
D. dhcp enable
 E. input errors confirms user; authorization limits
✅ Answer: C & E — CRC errors services. CertiMaan
increment and input errors.
20. **Which RSTP port state is the
CertiMaan+1
combination of disabled, blocking,
17. **When OSPF learns multiple paths and listening states?**
to a destination, it selects based A. Listening
on:** B. Discarding
A. Hop count C. Learning
B. Cost D. Forwarding
C. Metric × 256 ✅ Answer: B (Discarding) — RSTP
D. Administrative distance merges states.
✅ Answer: B (Cost) — Lowest OSPF
CCNA Security – Sample MCQs
cost chosen. CertiMaanJobsJaano+1
1. **Which security feature helps
18. **To generate RSA keys for SSH
prevent unauthorized devices using
access, which configuration is
spoofed IP addresses from
required on a router?**
communicating on your network?**
A. Version command
A. UDLD
B. VTY access
B. BPDU Guard
C. Local user account
C. Unicast Reverse Path Forwarding
D. Domain name assignment
(uRPF)
✅ Answer: D — Domain name is
D. TrustSec
required before generating keys.
✅ Answer: C — uRPF discards
freeccnaworkbook.com+3CertiMaan
packets with source IPs that fail
+3CBT Nuggets+3
reverse-path validation.
19. **What is the difference between Reddit+15CBT Nuggets+15Reddit+15
AAA authentication and
2. **In Zone-Based Firewall (ZBF),
authorization?**
which special zone is created
A. Auth verifies credentials;
automatically on Cisco routers?**
authorization defines allowed
A. in-out
actions
B. inside
B. Auth controls access to system
C. dmz
processes only
D. outside
C. Authorization verifies user
E. self
identity
✅ Answer: E — The Self Zone
D. They are the same
controls traffic to/from the router
✅ Answer: A — Authentication
itself. CBT Nuggets+1
3. **Which protocol allows secure C. switch port port-security
device administration via SSH or D. switch port port-security enable
SNMP?** ✅ Answer: C — The command
A. Telnet activates port-security feature. CBT
B. SNMPv2c Nuggets+1
C. SSH
7. **Which two security features
D. SNMPv3
protect network access on a Cisco
✅ Answer: C & D — Both SSH and
IOS router via AAA?** (Choose two)
SNMPv3 offer encryption for secure
A. Traffic filtering
management. CBT Nuggets
B. Authentication
4. **On ASA 8.2, which command C. Anti-replay
enforces NAT before traffic can exit D. IPSec network security
from inside to outside?** ✅ Answer: A & B — AAA provides
A. nat-control authentication and traffic filtering
B. nat enable via access control.
C. nat enforce PUPUWEB+2mcq24x7.com+2
D. nat enable yes
8. **Which AAA protocol encrypts only
✅ Answer: A — nat-control
the password versus all
mandates NAT rules before traffic is
communication?**
allowed out. Reddit+9CBT
A. TACACS+
Nuggets+9ITExamAnswers.net+9
B. RADIUS
5. **What key exchange elements are C. SNMPv3
negotiated during IKE Phase 1?** D. PAP
A. Authentication and load balancing ✅ Answer: B — RADIUS encrypts
B. Authorization and lifetime only passwords; TACACS+ encrypts
C. Authentication and lifetime the entire session.
D. Authorization and load balancing ITExamAnswers.netITExamAnswers.
✅ Answer: C — IKE Phase 1 net
negotiates authentication method
9. **Which IEEE standard enforces
and SA lifetime. Reddit+3CBT
port-based access control before
Nuggets+3ITExamAnswers.net+3
granting switch connectivity?**
6. **To enable Port Security on a Cisco A. 802.1d
switch port, which command is B. 802.11
required?** C. 802.1w
A. switch port port-security D. 802.1x
maximum 2 ✅ Answer: D — 802.1X requires
B. switch port port-security on authentication (e.g., RADIUS) before
 granting access. CBT CCNA Security – 50 MCQs
Nuggets+9ITExamAnswers.net+9ITEx
1. **What does Port Security protect
amAnswers.net+9
against?**
10. **Which Layer 2 mitigations include A. VLAN hopping
spoofing attacks such as VLAN B. MAC spoofing
hopping or ARP poisoning?** C. IP spoofing
A. 802.1X D. ARP poisoning
B. DHCP Snooping ✅ Answer: B — Limits allowed MAC
C. ARP Attacks addresses per port. Dadon
D. VLAN Hopping Cybersecurity
✅ Answer: C & D — ARP spoofing TipsITExamAnswers.net+5ITExamAns
and VLAN hopping are common L2 wers.net+5Medium+5ITExamAnswer
threats. s.net+1
ITExamAnswers.net+2ITExamAnswer
2. **Which command enables SSH on
s.net+2CBT Nuggets
a Cisco IOS device?**
11. **What are three possible Cisco IOS A. transport input ssh
firewall IPS responses upon B. enable ssh
detecting an intrusion?** C. ip domain-ssh
A. alert D. ssh enable
B. drop ✅ Answer: A — Under line vty
C. inoculate configuration.
D. isolate ITExamAnswers.net+7Dadon
E. reset TCP connection Cybersecurity Tips+7Medium+7
F. reset UDP connection
3. **Default privilege level for a user in
✅ Answer: A, B & E/F — IOS IPS can
EXEC mode is:**
alert, drop traffic, or reset TCP/UDP
A. 0
sessions. ITExamAnswers.net
B. 1
12. **Which encryption algorithm is C. 15
commonly used by IPsec to provide D. 10
data confidentiality?** ✅ Answer: B — Normal user (non-
A. MD5 privileged). Dadon Cybersecurity
B. AES TipsMedium+6CertiMaan+6Reddit+6
C. SHA
4. **Which protocol encrypts all
D. Diffie-Hellman
management traffic?**
✅ Answer: B — AES is used for
A. Telnet
encrypting packet payloads in IPsec.
B. HTTP
ITExamAnswers.net+2
 C. SSH 8. **Command to create a numbered
D. SNMPv2c ACL:**
✅ Answer: C — Provides encrypted A. ip access-list extended X
CLI sessions. CBT Nuggets+4Dadon B. access-list X
Cybersecurity Tips+4Exam C. standard-access X
Gecko+4Reddit+1 D. ip acl numbered X
✅ Answer: B (access-list 10
5. **Command to secure console
permit…). Dadon Cybersecurity
access with a password:**
TipsExam Cisco
A. enable password
B. line console 0; password 9. **ACL type filtering only by source
C. login local IP?**
D. userpass line A. Standard ACL
✅ Answer: B — Requires password B. Extended ACL
login on console. C. Reflexive ACL
ITExamAnswers.net+5Dadon D. Named ACL
Cybersecurity Tips+5Medium+5 ✅ Answer: A — Matches source only.
ITExamAnswers.net+7Dadon
6. **Command to disable unused
Cybersecurity Tips+7Exam
switch ports:**
Cisco+7Medium+1CBT Nuggets
A. no shutdown
B. no switchport 10. **Command to apply ACL to
C. shutdown interface:**
D. port block A. ip filter
✅ Answer: C — Shuts down unused B. ip acl attach
interfaces. Reddit+9Dadon C. ip access-group
Cybersecurity Tips+9Medium+9CBT D. access-list apply
Nuggets ✅ Answer: C — e.g., ip access-group
10 in. Dadon Cybersecurity Tips
7. **Primary purpose of an ACL?**
A. NAT 11. **Purpose of the login command
B. QoS under line config:**
C. Traffic filtering A. Enable login
D. DHCP B. Enforce password check
✅ Answer: C — Defines permitted or C. Disable login
denied traffic. D. Enable auto-login
ITExamAnswers.net+8Dadon ✅ Answer: B — Ensures password
Cybersecurity prompt. Dadon Cybersecurity
Tips+8ITExamAnswers.net+8 Tips+1CCNA Tutorials+4CBT
Nuggets+4Reddit+4
12. **Difference between standard and A. CBAC
extended ACLs?** B. Reflexive ACL
A. Ports vs IP only C. Lock-and-key
B. Source vs source/dest/protocol D. Zone-Based Firewall
C. GUI vs CLI ✅ Answer: D — Modern stateful
D. Applied inbound vs outbound solution. CBT Nuggets+1
✅ Answer: B — Extended filters
17. **uRPF helps guard against which
more details. Dadon Cybersecurity
threat?**
Tips
A. DHCP spoofing
13. **Default port for SSH?** B. MAC spoofing
A. 21 C. IP spoofing
B. 22 D. VLAN hopping
C. 23 ✅ Answer: C — Reverse Path Filter.
D. 25 CBT
✅ Answer: B — Encrypted remote Nuggets+2ITExamAnswers.net+2Dad
access. Dadon Cybersecurity Tips on Cybersecurity
Tips+3ITExamAnswers.net+3ITExam
14. **Command to encrypt plain-text
Answers.net+3
passwords in config:**
A. service password-encryption 18. **Command to enable Port Security
B. enable secret feature:**
C. password encryption enable A. switchport port-security
D. encrypt passwords maximum 2
✅ Answer: A — Obfuscates plain- B. switchport port-security on
text entries. Exam Gecko C. switchport port-security
D. switchport security enable
✅ Answer: C — Activates default
15. **In ZBF configuration, which zone is port-security. CBT Nuggets
auto-created?**
19. **Layer 2 mitigations for VLAN
A. inside
hopping or ARP attacks?** (Choose
B. outside
two)
C. dmz
A. 802.1X
D. self
B. DHCP Snooping
✅ Answer: D — The Self zone for
C. ARP Attacks
router-generated traffic. CBT
D. VLAN Hopping
Nuggets+1
✅ Answer: B & C — DHCP Snooping
16. **Most advanced stateful firewall and DAI mitigate ARP/VLAN threats.
CLI option on IOS?** CertiMaanCBT
 Nuggets+2ITExamAnswers.net+2ITEx 24. **Attack disrupting DHCP leasing?**
amAnswers.net+1 A. ARP spoofing
B. VLAN hopping
20. **Three IOS IPS responses
C. DHCP starvation
include:**
D. DNS poisoning
A. alert
✅ Answer: C — Exhausts DHCP pool.
B. drop
Exam
C. inoculate
Gecko+15ITExamAnswers.net+15ITE
D. reset TCP
xamAnswers.net+15
E. isolate
✅ Answer: A, B & D — Alerts, drops, 25. Root Guard is used to:
resets TCP/UDP. ITExamAnswers.net A. Enable BPDU processing
B. Prevent unauthorized root
21. **Which algorithm is used by IPsec
bridging
for confidentiality?**
C. Allow host ports
A. MD5
D. Filter VLAN traffic
B. AES
✅ Answer: B — Protects STP
C. SHA
topology integrity.
D. Diffie-Hellman
ITExamAnswers.net+2ProProfs+2ITE
✅ Answer: B — AES encrypts IPsec
xamAnswers.net+2ITExamAnswers.n
payloads. ITExamAnswers.net+1
et+2
22. IDS vs IPS operation difference?
26. Symmetric key encryption requires:
A. IDS blocks, IPS alerts
A. Public/private key pairs
B. IPS blocks, IDS alerts
B. Shared secret key ahead of time
C. IDS encrypts, IPS filters
C. RSA
D. Same function
D. Diffie-Hellman
✅ Answer: B — IDS detects offline;
✅ Answer: B — Same key used both
IPS blocks inline. ITExamAnswers.net
ends. ITExamAnswers.net+1
23. **VLAN hopping mitigation includes
27. **TACACS+ attributes include:**
disabling:**
(Choose two)
A. STP
A. Encryption of only password
B. DTP
B. Separate auth & authorization
C. CDP
C. UDP transport
D. LLDP
D. Encryption of entire session
✅ Answer: B — Disabling DTP limits
✅ Answer: B & D — TACACS+
trunk vulnerability.
encrypts all, separates auth/authz.
ITExamAnswers.net
Reddit+4ITExamAnswers.net+4CBT
Nuggets+4Reddit
 28. **Role-based CLI view: which is ✅ Answer: B — Privilege level 1 is
true?** the default for standard users.
A. Hierarchical views
14. Which protocol is used to encrypt
B. Deletes superview cascades views
the entire authentication process in
C. One view can be shared by many
AAA?
superviews
A. RADIUS
D. Any user can create views
B. SNMPv3
✅ Answer: C — Shared CLI views
C. TACACS+
permitted. ITExamAnswers.net
D. HTTP
29. **SCP protocol relies on which for ✅ Answer: C — TACACS+ encrypts
authentication?** the full content of the
A. AAA authentication exchange.
B. Telnet
15. Which command enables SSH
C. FTP
access on a Cisco router?
D. SNMP
A. enable ssh
✅ Answer: A — SCP over SSH
B. ip ssh version 2
authenticated via AAA.
C. ssh enable
ITExamAnswers.net
D. ssh access enable
30. **Which mitigation relies on DHCP ✅ Answer: B — SSH version 2 is the
Snooping DB?** recommended secure management
A. DAI protocol.
B. BPDU Guard
16. Which feature prevents MAC
C. NAT
address spoofing on a switch port?
D. Port Channel
A. BPDU Guard
✅ Answer: A — Dynamic ARP
B. PortFast
Inspection uses DHCP Snooping.
C. Port Security
D. DHCP Snooping
✅ Answer: C — Port Security limits
CCNA Security MCQs (Questions 13–32)
MAC addresses allowed on a port.
13. What is the default privilege level
17. What does the login local command
for users on a Cisco router when
do on a Cisco device?
they log in?
A. Enables console access
A. 0
B. Authenticates with local
B. 1
username and password
C. 5
C. Enables SSH
D. 15
D. Assigns privilege level
 ✅ Answer: B — It tells the device to ✅ Answer: C — Routing updates can
use locally stored credentials. be authenticated using MD5.

18. Which VPN protocol is used to 22. Which method is used to prevent
create secure tunnels and supports ARP spoofing attacks?
encryption and authentication? A. Static ARP entries
A. GRE B. PortFast
B. IPsec C. Access Control List
C. PPPoE D. VLAN tagging
D. PPTP ✅ Answer: A — Static ARP entries
✅ Answer: B — IPsec provides can prevent dynamic spoofing.
encryption and authentication.
23. Which type of attack exploits the
19. Which security feature allows an trust between devices on the same
administrator to block packets with VLAN?
spoofed source IPs on Cisco A. IP Spoofing
routers? B. VLAN Hopping
A. ACL C. SYN Flood
B. Port Security D. Port Mirroring
C. Unicast RPF ✅ Answer: B — VLAN hopping
D. Zone-based Firewall attacks manipulate VLAN tags.
✅ Answer: C — uRPF validates
24. What is the result of configuring
source IPs to prevent spoofing.
switchport port-security violation
20. What is the purpose of DHCP shutdown?
snooping? A. Port forwards traffic
A. Prevent VLAN hopping B. Port becomes error-disabled on
B. Prevent rogue DHCP servers violation
C. Encrypt DHCP traffic C. MAC address is learned
D. Enable IP address filtering dynamically
✅ Answer: B — DHCP snooping D. Port logs only the violation
blocks DHCP offers from ✅ Answer: B — The port shuts down
unauthorized sources. upon violation.

21. Which technology is used to secure 25. Which protocol uses port 49 and is
routing protocol updates? used for AAA?
A. NAT A. SSH
B. SSH B. RADIUS
C. MD5 Authentication C. TACACS+
D. Port Security D. FTP
 ✅ Answer: C — TACACS+ uses TCP ✅ Answer: B — Intrusion Prevention
port 49. Systems (IPS) block threats actively.

26. What does a standard ACL filter 30. Which of the following provides
traffic by? confidentiality in IPsec?
A. Source and destination IP A. SHA
B. Source IP only B. HMAC
C. Source MAC C. MD5
D. Source port number D. AES
✅ Answer: B — Standard ACLs only ✅ Answer: D — AES encrypts data to
filter by source IP. ensure confidentiality.

27. Which command is used to verify 31. Which feature allows filtering of
SSH configuration on a Cisco traffic based on Layer 3 and Layer 4
router? info?
A. show ssh A. VLAN
B. ssh status B. VTP
C. show ip ssh C. ACL
D. debug ssh D. Port Security
✅ Answer: C — show ip ssh displays ✅ Answer: C — ACLs can filter by IP
SSH configuration and version. addresses and ports.

28. What is the function of the enable 32. What does the transport input ssh
secret command? command do on vty lines?
A. Sets Telnet password A. Enables SSH and Telnet
B. Secures the console B. Enables only Telnet
C. Sets encrypted privileged EXEC C. Enables only SSH
password D. Disables remote access
D. Enables SSH ✅ Answer: C — It limits access to
✅ Answer: C — enable secret sets an SSH only.
encrypted privileged mode
Firewall MCQs (Multiple Choice Questions)
password.
🧠 Basic to Intermediate (1–25)
29. Which tool can help detect and
block intrusion attempts in real 1. What is the main purpose of a
time? firewall?
A. IDS A. To manage IP addresses
B. IPS B. To block spam emails
C. NAT C. To control traffic between
D. Firewall networks
 D. To assign MAC addresses 6. Which firewall type keeps track of
✅ Answer: C active connections?
A. Stateless
2. Which type of firewall filters traffic
B. Packet filtering
based on IP address, port, and
C. Stateful inspection
protocol?
D. Proxy
A. Circuit-level
✅ Answer: C
B. Application-layer
C. Packet-filtering 7. Which command is used to view
D. Proxy firewall rules on a Linux system
✅ Answer: C using iptables?
A. iptables -l
3. Which firewall works at the
B. iptables -n
Application Layer of the OSI model?
C. iptables -S
A. Packet-filtering
D. iptables -L
B. Stateful
✅ Answer: D
C. Proxy Firewall
D. Circuit-level 8. In Cisco ASA, what does ACL stand
✅ Answer: C for?
A. Application Control List
4. Which of the following is a
B. Active Control List
disadvantage of packet filtering
C. Access Control List
firewalls?
D. Allowed Connection List
A. Slow speed
✅ Answer: C
B. Cannot detect spoofed IPs
C. Difficult to configure 9. Which protocol is typically blocked
D. Inability to block TCP packets by firewalls by default?
✅ Answer: B A. HTTPS
B. FTP
5. What is a DMZ (Demilitarized
C. ICMP
Zone)?
D. DNS
A. An isolated server
✅ Answer: C
B. A secure area within the internal
network 10. Which command in Cisco IOS is
C. A network segment that sits used to create a firewall ACL?
between internal and external A. firewall permit
networks B. access-list
D. A VPN C. set acl
✅ Answer: C D. enable firewall
✅ Answer: B
11. What is the default policy in most 16. Which device combines firewall,
firewalls for inbound traffic? VPN, antivirus, and intrusion
A. Allow all prevention?
B. Deny all A. IDS
C. Allow if encrypted B. UTM
D. Deny if external C. Router
✅ Answer: B D. Load Balancer
✅ Answer: B — Unified Threat
12. Which term refers to unauthorized
Management.
traffic trying to pass through a
firewall? 17. How are firewall rules processed?
A. Legitimate flow A. Randomly
B. Firewall exception B. Top to bottom
C. Intrusion attempt C. Based on IP order
D. Spoofed request D. By protocol priority
✅ Answer: C ✅ Answer: B

13. Which layer does a stateful firewall 18. In Cisco ASA, which mode inspects
operate on primarily? traffic before encryption?
A. Layer 1 A. Transparent mode
B. Layer 2 B. Routed mode
C. Layer 3 and 4 C. Pre-inspection mode
D. Layer 7 D. Bridge mode
✅ Answer: C ✅ Answer: A

14. What is a firewall rule composed 19. Which feature prevents repeated
of? login attempts through a firewall?
A. Time, protocol, port A. SYN flood guard
B. IP, port, action B. Port scan detection
C. MAC, time, port C. Brute-force mitigation
D. Only IP D. Lockout policy
✅ Answer: B ✅ Answer: D

15. Which action would a firewall NOT 20. Which of these is a host-based
perform? firewall?
A. Packet filtering A. pfSense
B. Deep packet inspection B. UFW
C. Virus scanning C. Cisco ASA
D. NAT translation D. Palo Alto NGFW
✅ Answer: C
 ✅ Answer: B — UFW is for Linux D. Used for testing
systems. ✅ Answer: A

21. What does UFW stand for in Linux 26. Firewall

firewalling?
A. Unified Firewall
Configuration
27.🔐 Cisco IOS Basic Firewall
B. Uncomplicated Firewall
(Access Control List)
C. Universal Firewall
D. User-Facing Firewall
✅ Answer: B
Router> enable
22. What port is typically used for
Router# configure terminal
firewall SSH remote management?
A. 21
B. 22
! Define an ACL to block HTTP traffic
C. 23
D. 25 Router(config)# access-list 100 deny tcp any
✅ Answer: B any eq 80
23. Which of the following firewalls is Router(config)# access-list 100 permit ip any
open-source? any
A. Cisco ASA
B. Palo Alto
C. pfSense ! Apply ACL to interface
D. Fortinet
Router(config)# interface g0/0
✅ Answer: C
Router(config-if)# ip access-group 100 in
24. What is the main goal of a firewall
log? Router(config-if)# exit
A. Increase bandwidth
B. Record blocked and allowed traffic
C. Reduce routing time ! Save configuration
D. Encrypt packets
Router# write memory
✅ Answer: B
Cisco ASA Basic Configuration
25. What is the benefit of a firewall rule
with “deny any any”? ASA(config)# interface GigabitEthernet0/1
A. Blocks all traffic ASA(config-if)# nameif inside
B. Allows all traffic
C. Logs everything ASA(config-if)# security-level 100
ASA(config-if)# ip address 192.168.1.1
255.255.255.0

ASA(config-if)# no shutdown

ASA(config)# access-list outside_access_in

extended permit tcp any host 192.168.1.10
eq 80

ASA(config)# access-group
outside_access_in in interface outside

Linux UFW (Ubuntu Firewall)

# Enable UFW

sudo ufw enable # Allow HTTP from LAN

iptables -A INPUT -p tcp --dport 80 -s

192.168.1.0/24 -j ACCEPT
# Allow SSH
🪟 Microsoft Windows Operating System –
sudo ufw allow ssh
20 MCQs

1. What is the core of the Windows

# Deny HTTP operating system?
A. BIOS
sudo ufw deny http
B. Kernel
C. Shell
D. Registry
# Allow custom port
✅ Answer: B
sudo ufw allow 8080/tcp
2. Which file system is used by default
in Windows 10 and later?
# Show status A. FAT32
B. EXT4
sudo ufw status verbose C. NTFS
iptables (Advanced Linux Firewalling) D. exFAT
✅ Answer: C
# Flush all rules
3. Which key opens the Windows
iptables -F Start menu?
A. Ctrl
B. Alt
# Set default policies C. Windows key
iptables -P INPUT DROP D. Shift
✅ Answer: C
iptables -P FORWARD DROP
4. What is the purpose of the
iptables -P OUTPUT ACCEPT Windows Task Manager?
A. Format hard drive
B. Manage startup
# Allow SSH
C. Monitor system processes and
iptables -A INPUT -p tcp --dport 22 -j performance
ACCEPT D. Update BIOS
✅ Answer: C
5. Which command is used to check 10. Which Windows tool allows
disk for errors in Windows? partition management?
A. scan A. CMD
B. diskpart B. Device Manager
C. chkdsk C. Disk Management
D. defrag D. Regedit
✅ Answer: C ✅ Answer: C

6. The Windows OS stores system 11. Which Windows feature allows

settings in: running older applications?
A. Config file A. Compatibility Mode
B. Windows log B. Safe Mode
C. Registry C. Boot Manager
D. Kernel D. Hyper-V
✅ Answer: C ✅ Answer: A

7. Which of the following is a 12. Which is NOT a valid file system in

Windows GUI shell? Windows?
A. bash A. FAT16
B. explorer.exe B. FAT32
C. cmd.exe C. EXT3
D. sh D. NTFS
✅ Answer: B ✅ Answer: C

8. Which Windows edition supports 13. To take a screenshot in Windows,

joining a domain? you press:
A. Windows 10 Home A. Alt + S
B. Windows 10 Pro B. Print Screen
C. Windows 10 Starter C. Ctrl + Shift
D. Windows 10 S D. Esc
✅ Answer: B ✅ Answer: B

9. What is the function of the ipconfig 14. What does the 'System Restore'
command? utility do?
A. Manage DNS A. Restore files from recycle bin
B. Format disk B. Reinstall OS
C. Display network configuration C. Restore system settings to an
D. Scan devices earlier date
✅ Answer: C D. Restore deleted partitions
✅ Answer: C
15. Which command is used to view 20. Which tool is used to edit Windows
shared resources in Windows? registry?
A. net share A. regedit
B. net use B. regmgr
C. ipconfig /all C. regscan
D. dir /s D. reglist
✅ Answer: A ✅ Answer: A

16. Which key opens the Windows Run

dialog?
🐧 Linux Operating System – 20 MCQs
A. Ctrl + R
B. Windows + R 1. Which of the following is a Linux
C. Alt + F2 shell?
D. Ctrl + Alt + R A. bash
✅ Answer: B B. cmd
C. explorer
17. Which Windows component is
D. winsh
responsible for updates?
✅ Answer: A
A. Defender
B. Update Manager 2. The command ls -l in Linux is used
C. Windows Update Service to:
D. Scheduler A. List users
✅ Answer: C B. Launch terminal
C. List files in long format
18. The default file explorer in
D. Login
Windows is called:
✅ Answer: C
A. File Manager
B. FileZilla 3. Which directory contains Linux
C. Windows Explorer system configuration files?
D. Command Prompt A. /home
✅ Answer: C B. /etc
C. /var
19. To lock your Windows session, you
D. /opt
press:
✅ Answer: B
A. Ctrl + Shift + L
B. Windows + L 4. Which command is used to change
C. Alt + F4 file permissions?
D. Ctrl + L A. chmod
✅ Answer: B B. chperm
C. setperm
 D. chown 10. Which Linux command is used to
✅ Answer: A switch users?
A. change
5. Which command updates the
B. su
package index in Ubuntu?
C. usermod
A. apt get
D. root
B. apt update
✅ Answer: B
C. yum update
D. pkg update 11. What is the default port for SSH?
✅ Answer: B A. 21
B. 22
6. Which of the following is NOT a
C. 23
Linux distro?
D. 80
A. Fedora
✅ Answer: B
B. Debian
C. Ubuntu 12. Which command is used to search
D. Windows 11 text in a file in Linux?
✅ Answer: D A. find
B. locate
7. The Linux equivalent of Task
C. grep
Manager is:
D. search
A. tasklist
✅ Answer: C
B. systemctl
C. top 13. Which Linux command is used to
D. regedit show current directory?
✅ Answer: C A. dir
B. where
8. Which of these users has the
C. pwd
highest privilege in Linux?
D. path
A. user
✅ Answer: C
B. sudo
C. admin 14. What does sudo stand for?
D. root A. Substitute user
✅ Answer: D B. Superuser do
C. System user do
9. The command df -h is used to:
D. Secure user
A. Display disk usage
✅ Answer: B
B. Format disks
C. Delete files 15. Which command is used to install
D. Hide directories software in RedHat-based systems?
✅ Answer: A A. apt
 B. pkg C. poweroff
C. yum D. All of the above
D. pacman ✅ Answer: D
✅ Answer: C

16. What is the Linux file that stores

user information?
A. /etc/passwd
B. /etc/shadow
C. /etc/users
D. /etc/system
✅ Answer: A

17. Which Linux command is used to

display contents of a file?
A. dir
B. show
C. cat
D. open
✅ Answer: C

18. Which filesystem is most commonly

used in modern Linux systems?
A. FAT32
B. NTFS
C. EXT4
D. exFAT
✅ Answer: C

19. Which of the following is a GUI

desktop environment in Linux?
A. KDE
B. Ubuntu
C. CLI
D. bash
✅ Answer: A

20. Which command shuts down a

Linux system immediately?
A. halt
B. shutdown now