Cisco CCNA Security Exam: Topology Question

Cisco CCNA Security Exam: Topology Question

Welcome to our blog post on Cisco CCNA Security Exam and a challenging topology question to test your knowledge and skills. In this post, we will discuss a comprehensive scenario that will require you to analyze, troubleshoot, and apply security practices using a specific network topology. Let’s dive in!


You are a network security engineer tasked with designing a secure network infrastructure for a medium-sized company. The company has two main offices located in different cities, each with 100 employees. Additionally, there are three remote branch offices, each with 50 employees.

The company requires secure communication between all locations and wants to prevent unauthorized access to their resources. They have also requested VPN connectivity for their employees when working remotely.

Topology Question

Your task is to design a secure network topology that fulfills the company’s requirements. Consider the following:

  • Identify and list the necessary network devices and their roles.
  • Specify the types of connections between devices.
  • Explain how you will implement secure communication between all locations.
  • Discuss the VPN solution you will use for remote employees.
  • Provide a comprehensive justification for your design choices.

Answer and Explanation

To ensure a secure network infrastructure, the following design can be implemented:

In the main offices, it is recommended to use Cisco ASA (Adaptive Security Appliance) firewalls to provide a secure perimeter. These firewalls will handle the access control policies, VPN termination, and site-to-site VPN connectivity. Inside the offices, Cisco Catalyst switches will be used for local network connectivity and distributing the Internet connection.

For the remote branch offices, a combination of Cisco routers and switches can be used. The routers will establish VPN tunnels with the main offices, while the switches will connect the local devices to the network.

To ensure secure communication between all locations, site-to-site VPN tunnels will be established between the main offices and remote branch offices. The Cisco ASAs will handle the VPN termination, encryption, and authentication. This will provide secure data transmission over the public internet.

For remote employees, Cisco AnyConnect Secure Mobility Client can be deployed. AnyConnect provides a secure VPN connection for remote access, allowing employees to connect to the company’s network and access resources securely. It supports advanced encryption and authentication methods to ensure data confidentiality and integrity.

Justification: The chosen design fulfills the company’s requirements by providing a secure network infrastructure. The use of Cisco ASA firewalls ensures a robust perimeter defense, preventing unauthorized access. The site-to-site VPN tunnels guarantee secure communication between all locations, allowing the company to transmit data without exposing it to potential attackers. Finally, the deployment of Cisco AnyConnect provides a secure remote access solution for employees, ensuring they can work remotely without compromising the network’s security.

Remember, this is just one possible solution, and different design choices may exist. It’s important to understand the concepts and principles behind each technology to adapt the design to specific needs and constraints.


In this blog post, we presented a topology question for the Cisco CCNA Security Exam. We discussed a scenario where a company required a secure network infrastructure and VPN connectivity. We explored the design choices, necessary devices, and connections. Additionally, we explained the implementation of secure communication and the VPN solution for remote employees. By understanding and applying these concepts, you can successfully design a secure network topology.

Keep practicing and expanding your knowledge to ace the CCNA Security Exam. Best of luck!

Leave a Comment