Network Auth and Security Chapter 4
Which type of access is secured on a Cisco router or switch with the enable secret command? -AUX port. -Console Line. -Virtual Terminal. -PuTTY. -Privleged EXEC.
Privleged EXEC.
A network administrator is issuing the login block-for 180 attempts 2 within 30 command on a router. Which threat is the network administrator trying to prevent? -A device that is trying to inspect the traffic on a link. -An unidentified individual who is trying to access the network equipment room. -A worm that is attempting to propagate the network. -A user who is trying to guess a password to access the router or a brute force attack.
A user who is trying to guess a password to access the router or a brute force attack.
A company is planning to use a DMZ for their servers and is concerned about securing the network infrastructure. Which device should the network security team use for the edge router? -Firewall. -VPN gateway. -Cisco Nexus Switch. -An intrusion prevention device (IPS).
Firewall.
What is the purpose of using a banner message on a Cisco network device? -It will stop attackers dead in their tracks. -It can provide more security by slowing down attacks. -It can protect an organization from a legal perspective. -It can be used to create a quiet period where remote connections are refused.
It can protect an organization from a legal perspective.
Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode? -Provision the router with the maximum amount of RAM possible. -Keep a secure copy of the router Cisco IOS image and router configuration file as a backup. -Ensure that users on the 192.168.10.0/24 network are not allowed to transmit traffic to any other destination. -Locate the router in a secure locked room that is accessible only to authorized personel.
Locate the router in a secure locked room that is accessible only to authorized personel.
Which type of access is secured on a Cisco router or switch with the enable secret command? -Enable at least two ports for remote access. -Console Line. -Disable discovery protocols for all user-facing ports. -Block local access. -Log and account for all access.
Log and account for all access.
What is one difference between using Telnet or SSH to connect to a network device for management purposes? -Telnet sends data in plain text, where as SSH encrypts the data. -If you are consoled in to the router locally, there is no difference. -Telnet uses UDP and SSH uses HTTPS. -Telnet does not provide authentication whereas SSH provides authentication.
Telnet sends data in plain text, where as SSH encrypts the data.
Which statement describes a typical security policy for a DMZ firewall configuration? -Traffic that originates from the outside interface is permitted to traverse the firewall to the inside interface with little or no restrictions. -Traffic that originates from the DMZ interface is selectively permitted to the outside interface. -Traffic that originates from the inside interface is generally blocked entirely or very selectively permitted to the outside interface. -Return traffic from the outside that is associated with traffic originating from the inside is permitted to traverse from the outside interface to the DMZ interface. -Return traffic from the inside that is associated with traffic originating from the outside is permitted to traverse from the inside interface to the outside interface.
Traffic that originates from the DMZ interface is selectively permitted to the outside interface.
What command will prevent all unencrypted passwords from displaying in plain text in a configuration file? -(config)# service password-encryption -(config)# enable secret Secret_Password -(config)# enable password-secret -(config)# password secret -(config)# secret-encrypt all 0 15
(config)# service password-encryption
What three configuration steps must be performed to implement SSH access to a router? (Choose three.) -A user account. -A unique hostname. -An IP domain name. -A password on the console line. -An encrypted password. -An enable mode password. Standard ACLs can filter on source and destination TCP and UDP ports.
-A user account. -A unique hostname. -An IP domain name.
Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.) -Physical Security. -Zone Isolation. -Router Hardening. -Opertaing System Security. -Flash Security. -Remote Access Security.
-Physical Security. -Router Hardening. -Opertaing System Security.
What is a good password recommendation for a Cisco router? -Use the service password-encryption command to protect a password used to log into a remote device across the network. -Use a minimum of 7 characters. -Leave it blank, no one would guess that and the brute force attacks don't try that. -Use one or more spaces within a multiword passphrase. -Zeroize all passwords used (like they showed in the video).
Use one or more spaces within a multiword passphrase.
At what point in the enterprise network are packets arriving from the internet examined prior to entering the network? -Network Edge. -WAN Edge. -Core Router. -On a third-party server one hop off-site
Network Edge.
A network administrator establishes a connection to a switch via SSH. What characteristic uniquely describes the SSH connection? -Direct access to the switch through the use of a terminal emulation program. -Remote access to a switch where data is encrypted during the session. -Out-of-band access to a switch through the use of a terminal with password authentication. -Remote access to the switch through the use of a tlephone dialup connection. -On-site access toa switch through the use of a directly connected PC and a console cable.
Remote access to a switch where data is encrypted during the session.
