Cisco CCNA

Security fundamentals

30 free practice questions with explanations

PassNova has 30 free Cisco CCNA practice questions on Security fundamentals, each with a clear explanation. Practise them in the browser with instant feedback — 100% free, no sign-up, on any device. Updated for 2026.

Sample questions

Security fundamentals: example questions & answers

Here are 6 example questions from this topic. Practise the full set of 30 free in the browser.

  1. What is the maximum number of MAC addresses port security allows by default on a switchport when enabled?

    • A 1
    • B 2
    • C 8
    • D 16

    Answer: By default, port security allows a maximum of 1 MAC address per secured port.

  2. Which port-security violation mode drops offending traffic, logs the event, and increments the violation counter without disabling the port?

    • A protect
    • B restrict
    • C shutdown
    • D disable

    Answer: Restrict mode drops traffic, generates a log/SNMP message, and increments the counter; protect drops silently and shutdown err-disables.

  3. Which type of access control list can match on both source and destination IP addresses, protocols, and port numbers?

    • A Standard ACL
    • B Extended ACL
    • C Reflexive ACL only
    • D Named standard ACL

    Answer: Extended ACLs filter on source and destination addresses, protocol, and port numbers; standard ACLs match source only.

  4. Which numbered range is valid for a standard IPv4 ACL?

    • A 1-99
    • B 100-199
    • C 200-299
    • D 300-399

    Answer: Standard IPv4 ACLs use 1-99 (and the expanded 1300-1999); extended ACLs use 100-199 and 2000-2699.

  5. What is the implicit rule at the end of every Cisco ACL?

    • A permit ip any any
    • B deny ip any any
    • C permit tcp any any
    • D log all

    Answer: Every ACL ends with an implicit 'deny any', so at least one permit statement is required to pass traffic.

  6. In an ACL, what does the wildcard mask 0.0.0.255 match?

    • A A single host
    • B All hosts in a /24 network
    • C All hosts in a /16 network
    • D Any address

    Answer: A wildcard of 0.0.0.255 matches the first three octets exactly and any value in the last octet, i.e., a /24.

Start practising Security fundamentals →