Chapter 4 HW Quiz

Which type of access is secured on a Cisco router or switch with the enable secret command? -AUX port. -Console Line. -Virtual Terminal. -PuTTY. -Privleged EXEC.

-Privleged EXEC.

What command will prevent all unencrypted passwords from displaying in plain text in a configuration file? - (config-line)# password secret - (config)# enable secret Secret_Password - (config)# enable password secret - (config)# service password-encryption - (config)# enable secret Encrypted_Password

- (config)# service password-encryption

What is the purpose of using a banner message on a Cisco network device? - It will stop attackers dead in their tracks. - It can provide more security by slowing down attacks. - It can protect an organization from a legal perspective. - It can be used to create a quiet period where remote connections are refused.

- It can protect an organization from a legal perspective.

At what point in the enterprise network are packets arriving from the internet examined prior to entering the network? - campus core - internet edge - network edge - WAN edge

network edge

A network administrator establishes a connection to a switch via SSH. What characteristic uniquely describes the SSH connection? - Direct access to the switch through the use of a terminal emulation program. - Remote access to a switch where data is encrypted during the session. - Out-of-band access to a switch through the use of a terminal with password authentication. - Remote access to the switch through the use of a telephone dialup connection. - On-site access to a switch through the use of a directly connected PC and a console cable.

- remote access to a switch where data is encrypted during the session

A company is planning to use a DMZ for their servers and is concerned about securing the network infrastructure. Which device should the network security team use for the edge router? -Cisco Nexus switch -VPN gateway -firewall -Layer 2 switch with port security features enabled

-firewall

What three configuration steps must be performed to implement SSH access to a router? (Choose three.) - A user account. - A unique hostname. - An IP domain name. - A password on the console line. - An encrypted password. - An enable mode password. - Standard ACLs can filter on source and destination TCP and UDP ports.

- an IP domain name - a unique hostname - a user account

Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.) - operating system security - physical security - router hardening - zone isolation - flash security - remote access security

- operating system security - physical security - router hardening

Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode? - Configure secure administrative control to ensure that only authorized personnel can access the router. Locate the router in a secure locked room that is accessible only to authorized personnel. - Provision the router with the maximum amount of memory possible. - Keep a secure copy of the router Cisco IOS image and router configuration file as a backup. - Disable all unused ports and interfaces to reduce the number of ways that the router can be accessed.

- Locate the router in a secure locked room that is accessible only to authorized personnel.

What is one difference between using Telnet or SSH to connect to a network device for management purposes? - Telnet uses UDP as the transport protocol whereas SSH uses TCP. - Telnet sends a username and password in plain text, whereas SSH encrypts the username and password. - Telnet does not provide authentication whereas SSH provides authentication. - Telnet supports a host GUI whereas SSH only supports a host CLI.

- Telnet sends data in plain text, where as SSH encrypts the data.

Which statement describes a typical security policy for a DMZ firewall configuration? - Traffic that originates from the DMZ interface is selectively permitted to the outside interface. - Return traffic from the inside that is associated with traffic originating from the outside is permitted to traverse from the inside interface to the outside interface. - Return traffic from the outside that is associated with traffic originating from the inside is permitted to traverse from the outside interface to the DMZ interface. - Traffic that originates from the inside interface is generally blocked entirely or very selectively permitted to the outside interface. - Traffic that originates from the outside interface is permitted to traverse the firewall to the inside interface with few or no restrictions.

- Traffic that originates from the DMZ interface is selectively permitted to the outside interface.

What is a good password recommendation for a Cisco router? - Use the service password-encryption command to protect a password used to log into a remote device across the network. - Use a minimum of 7 characters. - Zeroize all passwords used. - Use one or more spaces within a multiword phrase.

- Use one or more spaces within a multiword phrase.

A network administrator is issuing the login block-for 180 attempts 2 within 30 command on a router. Which threat is the network administrator trying to prevent? - a user who is trying to guess a password to access the router - a worm that is attempting to access another part of the network - an unidentified individual who is trying to access the network -equipment room - a device that is trying to inspect the traffic on a link

- a user who is trying to guess a password to access the router

Which type of access is secured on a Cisco router or switch with the enable secret command? - Enable at least two ports for remote access. - Console Line. - Disable discovery protocols for all user-facing ports. - Block local access. - Log and account for all access.

?