Net Auth & Security Exam 2 Ch. 4-8

¡Supera tus tareas y exámenes ahora con Quizwiz!

What command will prevent all unencrypted passwords from displaying in plain text in a configuration file?

(config)# service password-encryption

A network administrator establishes a connection to a switch via SSH. What characteristic uniquely describes the SSH connection?

Remote access to a switch where data is encrypted during the session.

Which technology allows syslog messages to be filtered to different devices based on event importance?

Syslog severity levels

What is one difference between using Telnet or SSH to connect to a network device for management purposes?

Telnet sends data in plain text, where as SSH encrypts the data.

Which range of custom privilege levels can be configured on Cisco routers?

2 though 14

When SNMPv1 or SNMPv2 is being used, which feature provides secure access to MIB objects?

Community strings

A company is planning to use a DMZ for their servers and is concerned about securing the network infrastructure. Which device should the network security team use for the edge router?

Firewall.

Which protocol or service is used to automatically synchronize the software clocks on Cisco routers?

NTP

At what point in the enterprise network are packets arriving from the internet examined prior to entering the network?

Network Edge.

What statement described a difference between RADIUS and TACACS+?

RADIUS encrypts only the password whereas TACACS+ encrypts all communication

What method is used to apply an IPv6 ACL to a router interface?

The use of the ipv6 traffic-filter command.

Which two router commands can a user issue when granted privilege level 0?

disable and help

A network engineer wants to synchronize the time of a router with an NTP server at the IPv4 address 209.165.200.225. The exit interface of the router is configured with an IPv4 address of 192.168.212.11. Which global configuration command should be used to configure the NTP server as the time source for this router?

ntp server 209.165.200.225

What are three network enhancements achieved by implementing the Cisco IOS software role-based CLI access feature?

security, operational efficiency, and availability

What wild card mask will match networks 172.16.0.0 through 172.19.0.0?

0.3.255.255

What is the default privilege level of user accounts created on Cisco routers?

1

Which statement describes SNMP operation?

A set request is used by the NMS to change configuration variables in the agent device

What is a characteristic of the Cisco IOS Resilient Configuration feature?

A snapshot of the router running configuration can be taken and securely archived in persistent storage

What three configuration steps must be performed to implement SSH access to a router?

A user account. A unique hostname. An IP domain name.

A network administrator is issuing the login block-for 180 attempts 2 within 30 command on a router. Which threat is the network administrator trying to prevent?

A user who is trying to guess a password to access the router or a brute force attack.

What service or protocol does the Secure Copy Protocol rely on to ensure that secure copy transfers are from authorized users?

AAA

What term describes the ability of a web server to keep a log of the users who access the server, as well as the length of time they use it?

Accounting

Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack?

CDP

What scenario would cause an ACL misconfiguration and deny all traffic?

Apply an ACL that has all deny ACE statements

Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform?

Authorization

What does TACACS+ protocol provide in a AAA deployment?

Authorization on a per-user or per-group basis

Which three statements describe limitations in using privilege levels for assigning command authorization?

Creating a user account that needs access to most but all commands can be a tedious process There is no access control to specific interfaces on a router Commands set on higher level privileges are not available to lower privilege users

Which functionality does the TACACS single-connection keyword provide to AAA services?

Enhances the performance of the TCP connection

Which operator is used in an ACL statement to match packets of a specific application?

Eq

What type of ACL offers greater flexibility and control over network access?

Extended

When password recovery on a router is being performed and the settings in NVRAM have been bypassed, which step should be taken next?

Copy the contents of the NVRAM to the RAM

Which ICMP message type should be stopped inbound?

Echo

What is the first required task when configuring server-based AAA authentication?

Enable AAA globally

What must be done before any role-based CLI views can be created?

Issue the aaa new-model command

When a method list for AAA authentication is being configured, what is the effect of the keyword local?

It accepts a locally configured username, regardless of case

What is the purpose of using a banner message on a Cisco network device?

It can protect an organization from a legal perspective.

What is a feature of the TACACS+ protocol?

It encrypts the entire body of the packet for more secure communications.

Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode?

Locate the router in a secure locked room that is accessible only to authorized personel.

Which type of access is secured on a Cisco router or switch with the enable secret command?

Log and account for all access.

Which three areas of router security must be maintained to secure an edge router at the network perimeter?

Physical Security. Router Hardening. Operating System Security.

What is a characteristic of AAA accounting?

Possible triggers for the aaa accounting exec default command include start-stop and stop-only

Which type of access is secured on a Cisco router or switch with the enable secret command?

Privleged EXEC.

Which service should be disabled on a router to prevent a malicious host from falsely responding to ARP requests with the intent to redirect the Ethernet frames?

Proxy ARP

A network administrator wants to create a new view so that a user only has access to certain configuration commands. In role-based CLI, which view should the administrator use to create the new view?

Root view

What command will move the show interface command to privilege level 10?

Router(config)# privilege exec level 10 show interface

What does level 5 in the following enable secret global configuration mode command indicate? Router(config)# enable secret level 5 csc5io.

The enable password grants access to privileged EXEC level 5

What is the purpose of issuing the ip ospf message-digest-key key md5 password command and the area area-id authentication message-digest command on a router?

To configure OSPF MD5 authentication globally on the router

A network administrator enters the command R1# enable view adminview. What is the purpose of this command?

To enter a CLI view named adminview

What is the purpose of the network security accounting function?

To keep track of the actions of a user

What are two reasons to enable OSPF routing protocol authentication on a network?

To prevent data traffic from being redirected and then discarded To prevent redirection of data traffic to an insecure link

What are three functions provided by the syslog service?

To specify the destinations of captured messages To gather logging information for monitoring and troubleshooting To select the type of logging information that is captured

In applying an ACL to a router interface, which traffic is designated as outbound?

Traffic that is leaving the router and going toward the destination host.

Which statement describes a typical security policy for a DMZ firewall configuration?

Traffic that originates from the DMZ interface is selectively permitted to the outside interface.

What are SNMP trap messages?

Unsolicited messages that are sent by the SNMP agent and alert the NMS to a condition on the network

What is a good password recommendation for a Cisco router?

Use one or more spaces within a multiword passphrase.

What is the quickest way to remove a single ACE from a named ACL?

Use the no keyword and the sequence number of the ACE to be removed.

A user complains about not being able to gain access to a network device configured with AAA. How would the network administrator determine if login access for the user account is disabled?

Use the show aaa local user lockout command


Conjuntos de estudio relacionados

Diagnostic Imaging, CervicoThoracic, Supine ALIF, XLIF Quiz, Biologics, iOS - NVM5 & Bendini, iGA, Spine Fundamentals, NVM5 Troubleshooting, TL Fixation, MAS Midline / TLIF

View Set

Adult Health II Musculoskeletal Assessment Chapter 35 PREP U

View Set

Sociology Final Exam Chapter 1-3

View Set