Chapter 8
standards-based protocol that can perform the same functions (user authentication)
RADIUS
An engineer wants to set up simple password protection with no usernames for some switches in a lab, for the purpose of keeping curious co-workers from logging into the lab switches from their desktop PCs. Which of the following commands would be a useful part of that configuration?
A login vty mode subcommand
An engineer had formerly configured a Cisco 2960 switch to allow Telnet access so that the switch expected a password of mypassword from the Telnet user. The engineer then changed the configuration to support Secure Shell. Which of the following commands could have been part of the new configuration? (Choose two answers.)
A username name secret password global configuration command A login local vty mode subcommand
Which two of the following actions provide the best security for accessing a router's privileged mode remotely?
Configuring the enable secret command Enabling SSH and disabling Telnet access using the transport input ssh VTY line subcommand
correct order, allow Telnet into the switch's user mode, using a password of whatever?
Line vty 0 4 login password whatever
inherited encoding used by the enable secret command
MD5
A network engineer was tasked with helping build a new Cisco network. As part of this implementation, one of the requirements is to have a central database of authorized users that is used by the deployed network devices. Which protocols could the engineer use that would provide these capabilities?
RADIUS TACACS+
Prevents users from sending clear-text passwords over Telnet connections
SSH
a proprietary protocol that is typically used only on Cisco devices
TACACS+
A Layer 2 switch configuration places all its physical ports into VLAN 2. The IP addressing plan shows that address 172.16.2.250 (with mask 255.255.255.0) is reserved for use by this new LAN switch, and that 172.16.2.254 is already configured on the router connected to that same VLAN. The switch needs to support SSH connections into the switch from any subnet in the network. Which of the following commands are part of the required configuration in this case? (Choose two answers.)
The ip address 172.16.2.250 255.255.255.0 command in interface vlan 2 configuration mode The ip default-gateway 172.16.2.254 command in global configuration mode
An engineer's desktop PC connects to a switch at the main site. A router at the main site connects to each branch office through a serial link, with one small router and switch at each branch. Which of the following commands must be configured on the branch office switches, in the listed configuration mode, to allow the engineer to telnet to the branch office switches? (Choose three answers.)
The ip address command in interface configuration mode The ip default-gateway command in global configuration mode The password command in vty line configuration mode
What password does the router use for privileged mode when both enable password blue and enable secret red are configured?
The password red
Command used to disable Telnet altogether
Transport input ssh
transport input ssh command
disables Telnet SSH does not work when using passwords only
A user opens a terminal emulator after connecting their PC physically to the console port of a router. The user logs in to the router's user mode, and then continues the process to reach privileged mode. Assume that the router is configured to use the strongest security options. Which command must be configured to support that last step of reaching privileged mode?
enable secret
Imagine that you have configured the enable secret command, followed by the enable password command, from the console. You log out of the switch and log back in at the console. Which command defines the password that you had to enter to access privileged mode?
enable secret
Which of the following line subcommands tells a switch to wait until a show command's output has completed before displaying log messages on the screen?
logging synchronous
You are in the process of troubleshooting a network problem on a Cisco device, but you are having a problem getting the right commands entered on the device to fix it. The reason is that every time you attempt to configure the commands, the console generates another message, your command gets split, and you lose your place in the command. What command could you configure on the device to have it automatically place the commands that are entered onto a fresh line and redrawn up to the point where the command entry was interrupted?
logging synchronous
command alters the way that console messages are printed onto a screen
logging synchronous
tells the router to encrypt the enable password
service password-encryption
login local command
switch should use the local list of configured usernames/passwords
