SecTools_complete
What is a requirement to use the Secure Copy Protocol feature? -The Telnet protocol has to be configured on the SCP server side. -A transfer can only originate from SCP clients that are routers. -A command must be issued to enable the SCP server side functionality. -At least one user with privilege level 1 has to be configured for local authentication.
-A command must be issued to enable the SCP server side functionality. 2 The Secure Copy Protocol feature relies on SSH and requires that AAA authentication and authorization be configured so that the router can determine whether the user has the correct privilege level. For local authentication, at least one user with privilege level 15 has to be configured. Transfers can originate from any SCP client whether that client is another router, switch, or workstation. The ip scp server enable command has to be issued to enable the SCP server side functionality.
Which statement describes a difference between RADIUS and TACACS+? -RADIUS uses TCP whereas TACACS+ uses UDP. -RADIUS is supported by the Cisco Secure ACS software whereas TACACS+ is not. -RADIUS encrypts only the password whereas TACACS+ encrypts all communication. -RADIUS separates authentication and authorization whereas TACACS+ combines them as one process.
-RADIUS encrypts only the password whereas TACACS+ encrypts all communication. 3.3.2 TACACS+ uses TCP, encrypts the entire packet (not just the password), and separates authentication and authorization into two distinct processes. Both protocols are supported by the Cisco Secure ACS software.
What are two reasons to enable OSPF routing protocol authentication on a network? (Choose two.) -to ensure more efficient routing -to ensure faster network convergence -to provide data security through encryption -to prevent data traffic from being redirected and then discarded -to prevent redirection of data traffic to an insecure link
-to prevent data traffic from being redirected and then discarded -to prevent redirection of data traffic to an insecure link 2 The reason to configure OSPF authentication is to mitigate against routing protocol attacks like redirection of data traffic to an insecure link, and redirection of data traffic to discard it. OSPF authentication does not provide faster network convergence, more efficient routing, or encryption of data traffic.
What is a significant characteristic of virus malware? A. A virus is triggered by an event on the host system. B. Once installed on a host system, a virus will automatically propagate itself to other systems. C. A virus can execute independently of the host system. D. Virus malware is only distributed over the Internet.
A. A virus is triggered by an event on the host system. Refer to curriculum topic: 1.2.3 A virus is malicious code that is attached to a legitimate program or executable file, and requires specific activation, which may include user actions or a time-based event. When activated, a virus can infect the files it has not yet infected, but does not automatically propagate itself to other systems. Self-propagation is a feature of worms. In addition to being distributed over the Internet, viruses are also spread by USB memory sticks, CDs, and DVDs.
f AAA is already enabled, which three CLI steps are required to configure a router with a specific view? (Choose three.) A. Assign a secret password to the view. B . Assign commands to the view. C. Assign users who can use the view. D. Associate the view with the root view. E. Create a superview using the parser view view-name command. F. Create a view using the parser view view-name command.
A. Assign a secret password to the view. B . Assign commands to the view. F. Create a view using the parser view view-name command. 2.2.2 There are five steps involved to create a view on a Cisco router. 1) AAA must be enabled. 2) the view must be created. 3) a secret password must be assigned to the view. 4) commands must be assigned to the view. 5) view configuration mode must be exited.
f AAA is already enabled, which three CLI steps are required to configure a router with a specific view? (Choose three.) A. Assign a secret password to the view. B. Assign commands to the view. C. Assign users who can use the view. D. Associate the view with the root view. E. Create a superview using the parser view view-name command. F. Create a view using the parser view view-name command
A. Assign a secret password to the view. B. Assign commands to the view. F. Create a view using the parser view view-name command 2 There are five steps involved to create a view on a Cisco router. 1) AAA must be enabled. 2) the view must be created. 3) a secret password must be assigned to the view. 4) commands must be assigned to the view. 5) view configuration mode must be exited.
What is the first step in the risk management process specified by the ISO/IEC? A. Conduct a risk assessment. B. Create a security policy. C. Inventory and classify IT assets. D. Create a security governance model
A. Conduct a risk assessment. 1 There are 12 network security domains in the security framework specified by the ISO/IEC. The first task in this framework is to conduct a risk assessment. This assessment will enable an organization to quantify risks and threats.
An administrator defined a local user account with a secret password on router R1 for use with SSH. Which three additional steps are required to configure R1 to accept only encrypted SSH connections? (Choose three.) A. Configure the IP domain name on the router. B. Enable inbound vty Telnet sessions. C. Generate the SSH keys. D. Configure DNS on the router. E. Enable inbound vty SSH sessions. F. Generate two-way pre-shared keys.
A. Configure the IP domain name on the router. C. Generate the SSH keys. E. Enable inbound vty SSH sessions. 2 There are four steps to configure SSH support on a Cisco router: Step 1: Set the domain name. Step 2: Generate one-way secret keys. Step 3: Create a local username and password. Step 4: Enable SSH inbound on a vty line.
FW# debug aaa authentication <output omitted> 6:50:12: AAA/AUTHEN: create_user user='' ruser='' port='tty19 rem_addr='172.31.60.15' authen_type=1 service=1 priv=1 6:50:12: AAA/AUTHEN/START (0): port='tty19' list="" action=LOGIN service=LOGIN 6:50:12: AAA/AUTHEN/START (0): using "default" list 6:50:12: AAA/AUTHEN/START (50996740): Method=TACACS+ 6:50:12: TAC+ (50996740): received authen response status = GETUSER 6:50:12: AAA/AUTHEN (50996740): status = GETUSER 6:50:15: AAA/AUTHEN/CONT (50996740): continue_login 6:50:15: AAA/AUTHEN (50996740) : status = GETUSER 6:50:15: AAA/AUTHEN (50996740): Method=TACACS+ 6:50:15: TAC+: send AUTHEN/CONT packet 6:50:15: TAC+ (50996740): received authen response status = GETPASS 6:50:15: AAA/AUTHEN (50996740): status = GETPASS 6:50:20: AAA/AUTHEN/CONT (50996740): continue_login 6:50:20: AAA/AUTHEN (50996740): status = GETPASS 6:50:20: AAA/AUTHEN (50996740): Method=TACACS+ 6:50:20: TAC+: send AUTHEN/CONT packet 6:50:20: TAC+ (50996740): received authen response status = PASS 6:50:20: AAA/AUTHEN (50996740): status = PASS What part of the AAA status message helps a network administrator determine which method list is being referenced? A. GETUSER B. AAA/AUTHEN/START C. create_user D. received authen response status
A. GETUSER 3.2.2 The GETUSER and GETPASS are useful status messages to look for in the output in order to quickly identify which method list is being used.
Which statement accurately characterizes the evolution of threats to network security? A. Internal threats can cause even greater damage than external threats. B. Internet architects planned for network security from the beginning. C. Early Internet users often engaged in activities that would harm other users. D. Threats have become less sophisticated while the technical knowledge needed by an attacker has grown.
A. Internal threats can cause even greater damage than external threats. 1 Internal threats can be intentional or accidental and cause greater damage than external threats because the internal user has direct access to the internal corporate network and corporate data.
Which statement describes a characteristic of authorization in an AAA solution? A. It works similarly to privilege levels and role-based CLI. B. It only applies to packet mode AAA and not character mode AAA. C. It requires users to perform an additional step after authentication. D. It accepts usernames and passwords to determine if users are who they say they are.
A. It works similarly to privilege levels and role-based CLI. 3.1.2 The authorization process is similar to CLI privilege levels and role-based CLI. It happens automatically after a user authenticates, and does not require the user to perform any additional steps.
What is a characteristic of a Trojan horse as it relates to network security? A. Malware is contained in a seemingly legitimate executable program. B. Extreme quantities of data are sent to a particular network device interface. C. An electronic dictionary is used to obtain a password to be used to infiltrate a key network device. D. Too much information is destined for a particular memory block, causing additional memory areas to be affected
A. Malware is contained in a seemingly legitimate executable program. 1 A Trojan horse carries out malicious operations under the guise of a legitimate program. Denial of service attacks send extreme quantities of data to a particular host or network device interface. Password attacks use electronic dictionaries in an attempt to learn passwords. Buffer overflow attacks exploit memory buffers by sending too much information to a host to render the system inoperable.
R1(config)# enable algorithm-type scrypt R1 (config)# enable secret 9 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqy R1(config)# username Admin algorithm-type scrypt secret Strong5rPa55word R1 (config)# aaa new-model R1(config)# aaa authentication login default local-case ena R1(config)# aaa local authentication attempts max-fail R1 (config)# exit R1# Apr 26 22:37:32.259: SYS-5-CONFIG_1: Configured from console by Admin on console R1# Apr 26 22:44:05.971: $AAA-5-USER_LOCKED: User Admin locked out on authentication failure R1# Router R1 has been configured as shown, with the resulting log message. On the basis of the information that is presented, which two statements describe the result of AAA authentication operation? (Choose two.) A. The locked-out user failed authentication. B. The locked-out user is locked out for 10 minutes by default. C. The locked-out user stays locked out until the interface is shut down then re-enabled. D. The locked-out user should have used the username admin and password Str0ngPa55w0rd. E. The locked-out user stays locked out until the clear aaa local user lockout username Admin command is issued
A. The locked-out user failed authentication. E. The locked-out user stays locked out until the clear aaa local user lockout username Admin command is issued 3 The aaa local authentication attempts max-fail <number-of-unsuccessful-attempts> command secures AAA user accounts by locking out accounts that have too many failed attempts. After the <number-of-unsuccessful-attempts> condition is reached, the user account is locked. The user account in effect stays locked out until the status is cleared by an administrator.
Which three statements describe limitations in using privilege levels for assigning command authorization? (Choose three.) A. There is no access control to specific interfaces on a router. B. The root user must be assigned to each privilege level that is defined. C. Commands set on a higher privilege level are not available for lower privilege users. D. Views are required to define the CLI commands that each user can access. E. Creating a user account that needs access to most but not all commands can be a tedious process. F. It is required that all 16 privilege levels be defined, whether they are used or not
A. There is no access control to specific interfaces on a router. C. Commands set on a higher privilege level are not available for lower privilege users. E. Creating a user account that needs access to most but not all commands can be a tedious process. 2 An administrator can create customized privilege levels and assign different commands to each level. However, this method of controlling he level of access to the router has limitations. Using privilege levels access to specific interfaces or ports cannot be controlled and availability of commands cannot be customized across levels.
What is a ping sweep? A. a network scanning technique that indicates the live hosts in a range of IP addresses. B. a software application that enables the capture of all network packets that are sent across a LAN. C. a scanning technique that examines a range of TCP or UDP port numbers on a host to detect listening services. D. a query and response protocol that identifies information about a domain, including the addresses that are assigned to that domain.
A. a network scanning technique that indicates the live hosts in a range of IP addresses. 1 A ping sweep is a tool that is used during a reconnaissance attack. Other tools that might be used during this type of attack include a ping sweep, port scan, or Internet information query. A reconnaissance attack is used to gather information about a particular network, usually in preparation for another type of network attack.
What are the three major components of a worm attack? (Choose three.) A. an enabling vulnerability B. an infecting vulnerability C. a payload D. a penetration mechanism E. a probing mechanism F. a propagation mechanism
A. an enabling vulnerability C. a payload F. a propagation mechanism 1 A computer can have a worm installed through an email attachment, an executable program file, or a Trojan Horse. The worm attack not only affects one computer, but replicates to other computers. What the worm leaves behind is the payload-the code that results in some action.
What is the primary means for mitigating virus and Trojan horse attacks? A. antivirus software B. encryption C. antisniffer software D. blocking ICMP echo and echo-replies
A. antivirus software Refer to curriculum topic: 1.3.4 Antivirus software is the primary means of mitigating both virus and Trojan horse attacks. By using up-to-date antivirus software, the spread of viruses and Trojan horse attacks can be reduced.
What method can be used to mitigate ping sweeps? A. blocking ICMP echo and echo-replies at the network edge B. deploying antisniffer software on all network devices C. using encrypted or hashed authentication protocols D. installing antivirus software on hosts
A. blocking ICMP echo and echo-replies at the network edge 1 To mitigate ping sweeps, ICMP echo and echo-reply messages can be blocked on network edge routers. This does come at a cost. Because ICMP is also used for network diagnostic data, this diagnostic data will be blocked as well.
What are the three components of information security ensured by cryptography? (Choose three.) A. confidentiality B. integrity C. availability D. authorization E. threat prevention F. countermeasures
A. confidentiality B. integrity C. availability 1 There are three components of information security that are ensured by cryptography: Confidentiality, which uses encryption algorithms to encrypt and hide data Integrity, which uses hashing algorithms to ensure that data arrives at the destination unaltered Availability, which ensures that data is accessible
Which three items are prompted for a user response during interactive AutoSecure setup? (Choose three.) A. content of a security banner B. interfaces to enable C. enable secret password D. enable password E. IP addresses of interfaces F. services to disable
A. content of a security banner C. enable secret password D. enable password 2 During AutoSecure setup, the following steps occur: - The auto secure command is entered. - The wizard gathers information about the outside interfaces. - AutoSecure secures the management place by disabling unnecessary services. - AutoSecure prompts for a security banner. - AutoSecure prompts for passwords and enables password and login features. - Interfaces are secured. - The forwarding plane is secured.
What functional area of the Cisco Network Foundation Protection framework is responsible for device-generated packets required for network operation, such as ARP message exchanges and routing advertisements? A. control plane B. management plane C. data plane D. forwarding plane
A. control plane 1 There are three functional areas of the Cisco Network Foundation Protection (NFP) framework: Control plane: Responsible for routing functions. Consists of the traffic generated by network devices to operate the network. Management plane: Responsible for managing network devices. Data (Forwarding) plane: Responsible for forwarding user data.
Which packet type is user-generated and forwarded by a router? A. data plane packet B. control plane packet C. management plane packet D. routing protocol update packet
A. data plane packet 2.5.2 Data plane packets are user generated. Control plane packets and management plane packets are generated by the network devices. Routing protocol update packets are network device generated to keep the network converged and operating properly.
What is the role of an IPS? A. detecting and blocking of attacks in real time B. connecting global threat information to Cisco network security devices C. authenticating and validating traffic D. filtering of nefarious websites
A. detecting and blocking of attacks in real time 1 An intrusion prevention system (IPS) provides real-time detection and blocking of attacks.
Which two options can be configured by Cisco AutoSecure? (Choose two.) A. enable secret password B. SNMP C. syslog D. security banner E. interface IP address
A. enable secret password D. security banner 2 AutoSecure executes a script that first makes recommendations for fixing security vulnerabilities and then modifies the security configuration of the router. AutoSecure can lock down the management plane functions and the forwarding plane services and functions of a router, and this includes setting an enable password, and a security banner.
What role does the Security Intelligence Operations (SIO) play in the Cisco SecureX architecture? A. identifying and stopping malicious traffic B. authenticating users C. identifying applications D. enforcing policy
A. identifying and stopping malicious traffic 1 Security Intelligence Operations (SIO) are able to distinguish legitimate traffic from malicious traffic. SIO uses a monitoring database for the sole purpose of identifying and stopping malicious traffic.
A network engineer is implementing security on all company routers. Which two commands must be issued to force authentication via the password 1A2b3C for all OSPF-enabled interfaces in the backbone area of the company network? (Choose two.) A. ip ospf message-digest-key 1 md5 1A2b3C B. area 1 authentication message-digest C. username OSPF password 1A2b3C D. enable password 1A2b3C E. area 0 authentication message-digest
A. ip ospf message-digest-key 1 md5 1A2b3C E. area 0 authentication message-digest 2 The two commands that are necessary to configure authentication via the password 1A2b3C for all OSPF-enabled interfaces in the backbone area (Area 0) of the company network would be ip ospf message-digest-key 1 md5 1A2b3C and area 0 authentication message-digest. The option area 1 authentication message-digest is incorrect because it refers to Area 1, not Area 0. The option enable password 1A2b3C is incorrect because it would set the privileged EXEC mode password instead of the OSPF authentication password. The option username OSPF password 1A2b3C is required to create a username database in a router, which is not required with OSPF authentication.
Which authentication method stores usernames and passwords in the router and is ideal for small networks? A. local AAA B. local AAA over RADIUS C. local AAA over TACACS+ D. server-based AAA E. server-based AAA over RADIUS F. server-based AAA over TACACS+
A. local AAA 3 In a small network with a few network devices, AAA authentication can be implemented with the local database and with usernames and passwords stored on the network devices. Authentication using the TACACS+ or RADIUS protocol will require dedicated ACS servers although this authentication solution scales well in a large network.
What command must be issued to enable login enhancements on a Cisco router? A. login block-for B. banner motd C. login delay D. privilege exec level
A. login block-for 2 Cisco IOS login enhancements can increase the security for virtual login connections to a router. Although login delay is a login enhancement command, all login enhancements are disabled until the login block-for command is configured.
Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.) A. physical security B. flash security C. operating system security D. remote access security E. router hardening F. zone isolation
A. physical security C. operating system security E. router hardening 2 There are three areas of router security to maintain: 1) physical security 2) router hardening 3) operating system security
What is hyperjacking? A. taking over a virtual machine hypervisor as part of a data center attack B. overclocking the mesh network which connects the data center servers C. adding outdated security software to a virtual machine to gain access to a data center server D. using processors from multiple computers to increase data processing power
A. taking over a virtual machine hypervisor as part of a data center attack Refer to curriculum topic: 1.1.2 Hyperjacking occurs when an attacker hijacks a virtual machine (VM) hypervisor and then uses that VM to launch an attack on other data center devices.
What is an objective of a state-sponsored attack? A. to right a perceived wrong B. to sell operating system vulnerabilities to other hackers C. to gain financial prosperity D. to gain attention
A. to right a perceived wrong 1 State-sponsored attacks are government-funded and guided operations motivated by objectives of the government.
What port state is used by 802.1X if a workstation fails authorization? A. unauthorized B. down C. disabled D. blocking
A. unauthorized 3.5.3 With 802.1X implementation, workstations (clients) are required to be authenticated before they are allowed to connect to a LAN. The authenticator in 802.1X is the switch that the workstation connected to. If the workstation fails authentication, the switch port that the workstation connects to remains in the unauthorized state.
What type of malware has the primary objective of spreading across the network? A. worm B. virus C. Trojan horse D. botnet
A. worm Refer to curriculum topic: 1.2.3 The main purpose of a worm is to self-replicate and propagate across the network. A virus is a type of malicious software that needs a user to spread. A Trojan horse is not self-replicating and disguises itself as a legitimate application when it is not. A botnet is a series of zombie computers working together to wage a network attack.
What is the default privilege level of user accounts created on Cisco routers? A. 0 B. 1 C. 15 D. 16
B. 1 2 There are 16 privilege levels that can be configured as part of the username command, ranging from 0 to 15. By default, if no level is specified, the account will have privilege level 1
Router1# debug tacacs TACACS access control debugging is on Router1# 14:00:09: TAC+: Opening TCP/IP connection to 192.168.60.15 using source 10.116.0.79 14:00:09: TAC+: Sending TCP/IP packet number 383258052-1 to 192.168.60.15 (AUTHEN/START) 14:00:09: TAC+: Receiving TCP/IP packet number 383258052-2 from 192.168.60.15 14:00:09: TAC+ (383258052): received authen response status = GETUSER 14:00:10: TAC+: send AUTHEN/CONT packet 14:00:10: TAC+: Sending TCP/IP packet number 383258052-3 to 192.168.60.15 (AUTHEN/CONT) 14:00:10: TAC+: Receiving TCP/IP packet number 383258052-4 from 192.168.60.15 14:00:10: TAC+ (383258052): received authen response status = GETPASS 14:00:14: TAC+: send AUTHEN/CONT packet 14:00:14: TAC+: Sending TCP/IP packet number 383258052-5 to 192.168.60.15 (AUTHEN/CONT) 14:00:14: TAC+: Receiving TCP/IP packet numoer 383258052-6 from 192.168.60.15 14:00:14: TAC+ (383258052): received authen response status = PASS 14:00:14: TAC+: Closing TCP/IP connection to 192.168.60.15 Which statement describes the output of the debug? A. An incorrect password was used. B. A user was successfully authenticated. C. A proper username was not provided to the TACACS+ server. D. The secret key used by the router to authenticate to the TACACS+ server is incorrect
B. A user was successfully authenticated. 3.4.2 The "authen response status = PASS" line in the debug output indicates that the login attempt was successful.
Users report to the helpdesk that icons usually seen on the menu bar are randomly appearing on their computer screens. What could be a reason that computers are displaying these random graphics? A. An access attack has occurred. B. A virus has infected the computers. C. A DoS attack has been launched against the network. D. The computers are subject to a reconnaissance attack.
B. A virus has infected the computers. Refer to curriculum topic: 1.2.3 A virus such as this is harmless, but still needs to be removed. Other viruses can be destructive in that they modify or delete files on the local computer and possibly other computers on the network.
What is the significant characteristic of worm malware? A. Worm malware disguises itself as legitimate software. B. A worm can execute independently of the host system. C. A worm must be triggered by an event on the host system. D. Once installed on a host system, a worm does not replicate itself.
B. A worm can execute independently of the host system. 1 Worm malware can execute and copy itself without being triggered by a host program. It is a significant network and Internet security threat.
Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack? A. HTTP B. CDP C. FTP D. LLDP
B. CDP 2.4.1 CDP is a Cisco proprietary protocol that gathers information from other connected Cisco devices, and is enabled by default on Cisco devices. LLDP is an open standard protocol which provides the same service. It can be enabled on a Cisco router. HTTP and FTP are Application Layer protocols that do not collect information about network devices.
What is the first required task when configuring server-based AAA authentication? A. Configure the type of AAA authentication. B. Enable AAA globally. C. Specify the type of server providing the authentication. D. Configure the IP address of the server.
B. Enable AAA globally. 3.4.1 When server-based AAA authentication is being configured, AAA must be globally enabled to allow the use of all AAA elements. This step is a prerequisite for all other AAA commands.
R1 (config)# privilege exec level 4 ping R1 (config)# privilege exec level 8 reload R1 (config)# privilege exec level 12 show R1 (config)# username JR-Admin privilege 10 secret cisco10 Which statement about the JR-Admin account is true? A. JR-Admin can issue show, ping, and reload commands. B. JR-Admin can issue ping and reload commands. C. JR-Admin can issue only ping commands. D. JR-Admin can issue debug and reload commands. E. JR-Admin cannot issue any command because the privilege level F. does not match one of those defined.
B. JR-Admin can issue ping and reload commands. 2 When the username name privilege 10 command is issued, access to commands with a privilege level of 10 or less (0-10) is permitted to the user.
Which two statements describe access attacks? (Choose two.) A. Port redirection attacks use a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN. B. Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers. C. Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code. D. To detect listening services, port scanning attacks scan a range of TCP or UDP port numbers on a host. E. Trust exploitation attacks often involve the use of a laptop to act as a rogue access point to capture and copy all network traffic in a public location, such as a wireless hotspot.
B. Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers. C. Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code. 1 An access attack tries to gain access to a resource using a hijacked account or other means. The five types of access attacks include the following: password - a dictionary is used for repeated login attempts trust exploitation - uses granted privileges to access unauthorized material port redirection - uses a compromised internal host to pass traffic through a firewall man-in-the-middle - an unauthorized device positioned between two legitimate devices in order to redirect or capture traffic buffer overflow - too much data sent to a memory location that already contains data
What is a characteristic of the MIB? A. Information is organized in a flat manner so that SNMP can access it quickly. B. The OIDs are organized in a hierarchical structure. C. A separate MIB tree exists for any given device in the network. D. Information in the MIB cannot be changed
B. The OIDs are organized in a hierarchical structure. 2 SNMP set, get, and trap messages are used to access and manipulate the information contained in the MIB. This information is organized hierarchically so that SNMP can access it quickly. Each piece of information within the MIB is given an object ID (OID), that is organized based on RFC standards into a hierarchy of OIDs. The MIB tree for any given device includes branches with variables common to many networking devices and branches with variables specific to that device or vendor.
Which two statements characterize DoS attacks? (Choose two.) A. They always precede access attacks. B. They attempt to compromise the availability of a network, host, or application. C. They are difficult to conduct and are initiated only by very skilled attackers. D. They are commonly launched with a tool called L0phtCrack. E. Examples include smurf attacks and ping of death attacks.
B. They attempt to compromise the availability of a network, host, or application. E. Examples include smurf attacks and ping of death attacks. 1 DoS attacks can be launched using free software downloaded from the Internet. The software is designed to consume resources in order to disrupt network operations for legitimate network users and network devices. The L0phtCrack or LC5 application is used to perform a brute-force attack to obtain a Windows server password.
Which two characteristics apply to role-based CLI access superviews? (Choose two.) A. CLI views have passwords, but superviews do not have passwords. B. Users logged in to a superview can access all commands specified within the associated CLI views. C. A single superview can be shared among multiple CLI views. D. A specific superview cannot have commands added to it directly. E. Deleting a superview deletes all associated CLI views.
B. Users logged in to a superview can access all commands specified within the associated CLI views. D. A specific superview cannot have commands added to it directly. 2 By using a superview an administrator can assign users or groups of users to CLI views which contain a specific set of commands those users can access. Commands cannot be added directly to a superview but rather must be added to a CLI view and the CLI view added to the superview.
Which component of AAA allows an administrator to track individuals who access network resources and any changes that are made to those resources? A. accessibility B. accounting C. authentication D. authorization
B. accounting 3 One of the components in AAA is accounting. After a user is authenticated through AAA, AAA servers keep a detailed log of exactly what actions the authenticated user takes on the device.
What three configuration steps must be performed to implement SSH access to a router? (Choose three.) A. a password on the console line B. an IP domain name C. a user account D. an enable mode password E. a unique hostname F. an encrypted password
B. an IP domain name C. Answer a user account E. a unique hostname 2.1.4 To implement SSH on a router the following steps need to be performed: Configure a unique hostname. Configure the domain name of the network. Configure a user account to use AAA or local database for authentication. Generate RSA keys. Enable VTY SSH sessions.
How does a DoS attack take advantage of the stateful condition of target systems? A. by executing code that corrupts or deletes system files B. by continuously sending packets of unexpected size or unexpected data C. by using a dictionary of passwords to attempt to access the system D. by intercepting and analyzing or manipulating data as it is sent across the network
B. by continuously sending packets of unexpected size or unexpected data Refer to curriculum topic: 1.2.4 A dictionary of passwords is used by a brute force password attack. Viruses and other malware execute code that corrupts or deletes system files. A man-in-the-middle attack intercepts and analyzes or manipulates data as it is sent across the network.
What commonly motivates cybercriminals to attack networks as compared to hactivists or state-sponsored hackers? A. fame seeking B. financial gain C. political reasons D. status among peers
B. financial gain 1 Cybercriminals are commonly motivated by money. Hackers are known to hack for status. Cyberterrorists are motivated to commit cybercrimes for religious or political reasons.
Which three functions are provided by the syslog logging service? (Choose three.) A. authenticating and encrypting data sent over the network B. gathering logging information C. specifying where captured information is stored D. setting the size of the logging buffer E. distinguishing between information to be captured and information to be ignored F. retaining captured messages on the router when a router is rebooted
B. gathering logging information C. specifying where captured information is stored E. distinguishing between information to be captured and information to be ignored 2 Syslog operations include gathering information, selecting which type of information to capture, and directing the captured information to a storage location. The logging service stores messages in a logging buffer that is time-limited, and cannot retain the information when a router is rebooted. Syslog does not authenticate or encrypt messages.
What is the primary method for mitigating malware? A. blocking ICMP echo and echo-replies at the network edge B. installing antivirus software on all hosts C. using encrypted or hashed authentication protocols D. deploying intrusion prevention systems throughout the network
B. installing antivirus software on all hosts 1 Antivirus software installed on hosts is the most effective mitigation method to prevent the spread of malware. Automatic updates to antivirus software ensure that hosts are protected from the most current forms of malware.
What functional area of the Cisco Network Foundation Protection framework uses protocols such as Telnet and SSH to manage network devices? A. data plane B. management plane C. control plane D. forwarding plane
B. management plane Refer to curriculum topic: 1.3.5 There are three functional areas of the Cisco Network Foundation Protection (NFP) framework: Control plane: Responsible for routing functions. Consists of the traffic generated by network devices to operate the network Management plane: Responsible for managing network devices Data (Forwarding) plane: Responsible for forwarding user data
What is the Control Plane Policing (CoPP) feature designed to accomplish? A. manage services provided by the control plane B. prevent unnecessary traffic from overwhelming the route processor C. disable control plane services to reduce overall traffic D. direct all excess traffic away from the route processor
B. prevent unnecessary traffic from overwhelming the route processor 2 Control Plane Policing (CoPP) does not manage or disable any services. It does not direct traffic away from the route processor, but rather it prevents unnecessary traffic from getting to the route processor.
Which three types of views are available when configuring the role-based CLI access feature? (Choose three.) A. superuser view B. root view C. superview D. CLI view E. admin view F. config view
B. root view C. superview D. CLI view 2 There are three types of Role-based CLI views: 1) root view 2) CLI view 3) superview
Which three actions are produced by adding Cisco IOS login enhancements to the router login process? (Choose three.) A. permit only secure console access B. slow down an active attack C. create syslog messages D. create password authentication E. automatically provide AAA authentication F. disable logins from specified hosts
B. slow down an active attack C. create syslog messages F. disable logins from specified hosts 2 Cisco IOS login enhancements provide increased security in three ways: 1. Implement delays between successive login attempts 2. Enable login shutdown if DoS attacks are suspected 3. Generate system-logging messages for login detection Banners and password authentication are disabled by default and must be enabled by command. Virtual login enhancements do not apply to console connections.
What are two purposes of launching a reconnaissance attack on a network? (Choose two.) A. to retrieve and modify data B. to scan for accessibility C. to escalate access privileges D. to gather information about the network and devices E. to prevent other users from accessing the system
B. to scan for accessibility D. to gather information about the network and devices Refer to curriculum topic: 1.2.4 Gathering information about a network and scanning for access is a reconnaissance attack. Preventing other users from accessing a system is a denial of service attack. Attempting to retrieve and modify data, and attempting to escalate access privileges are types of access attacks.
What are the three core components of the Cisco Secure Data Center solution? (Choose three.) A. servers B. visibility C. infrastructure D. mesh network E. threat defense F. secure segmentation
B. visibility E. threat defense F. secure segmentation 1 Secure segmentation is used when managing and organizing data in a data center. Threat defense includes a firewall and intrusion prevention system (IPS). Data center visibility is designed to simplify operations and compliance reporting by providing consistent security policy enforcement.
Which statement describes phone freaking? A. A hacker uses password-cracking programs to gain access to a computer via a dialup account. B. A hacker gains unauthorized access to networks via wireless access points. C. A hacker mimics a tone using a whistle to make free long-distance calls on an analog telephone network. D. A hacker uses a program that automatically scans telephone numbers within a local area, dialing each one in search of computers, bulletin board systems, and fax machines.
C. A hacker mimics a tone using a whistle to make free long-distance calls on an analog telephone network. Refer to curriculum topic: 1.2.1 The reason phone phreaking worked was because AT&T introduced digital phone switches to their network. These switches used various tones or tone dialing, to perform functions such as dialing or call termination. Today voice over IP (VoIP) calls can be hacked by sniffing the network.
What tool is available through the Cisco IOS CLI to initiate security audits and to make recommended configuration changes with or without administrator input? A. Cisco ACS B. Control Plane Policing C. Cisco AutoSecure D. Simple Network Management Protocol
C. Cisco AutoSecure 2.4.2 Control Plane Policing is designed to prevent unnecessary traffic from overwhelming the route processor. SNMP allows administrators to manage devices on an IP network. Cisco ACS is an access control server. Cisco AutoSecure is available through the CLI and can initiate security audits and make configuration changes.
Which task is necessary to encrypt the transfer of data between the ACS server and the AAA-enabled router? A. Specify the single-connection keyword. B. Create a VPN tunnel between the server and the router. C. Configure the key exactly the same way on the server and the router. D. Use identical reserved ports on the server and the router.
C. Configure the key exactly the same way on the server and the router. 3.4.1 The key command is used to configure the shared secret key that is used for encryption. The key must be configured the exact same way on the router and on the ACS server. The creation of a VPN tunnel is unnecessary. Neither the configuration of ports nor the use of the single-connection command has any effect on encryption.
What is the meaning of the principle of minimum trust when used to design network security? A. All network and internetwork data communications should be encrypted. B. Accounts should be disabled after a specific number of unsuccessful logins. C. Devices in networks should not access and use one another unnecessarily and unconditionally. D. Encrypted and one-time passwords should be used at all times. E. Network access should be controlled by multifactor authentication.
C. Devices in networks should not access and use one another unnecessarily and unconditionally. Refer to curriculum topic: 1.3.4 The principle of minimum trust means that network systems should not access and use one another unnecessarily and unconditionally. The other options are valid network security access protections but do not relate to the principle of minimum trust.
Which two options provide secure remote access to a router? (Choose two.) A. CHAP B. HTTP C. HTTPS D. SSH E. Telnet
C. HTTPS D. SSH 2.1.1 For security, all traffic between the administrator computer and the router should be encrypted by using HTTPS or SSH instead of HTTP or Telnet.
Why is authentication with AAA preferred over a local database method? A. It uses less network bandwidth. B. It requires a login and password combination on the console, vty lines, and aux ports. C. It provides a fallback authentication method if the administrator forgets the username or password. D. It specifies a different password for each line or port.
C. It provides a fallback authentication method if the administrator forgets the username or password. 3 The local database method of authentication does not provide a fallback authentication method if an administrator forgets the username or password. Password recovery will be the only option. When authentication with AAA is used, a fallback method can be configured to allow an administrator to use one of many possible backup authentication methods.
Why is the username name algorithm-type scrypt secret password command preferred over the username name secret password command? A. It uses the MD5 algorithm for encrypting passwords. B. It uses the standard type 7 algorithm for encrypting passwords. C. It uses the SCRYPT algorithm for encrypting passwords. D. It does not require the login local command to enable the local database for authentication. E. It requires an already encrypted password to be accepted.
C. It uses the SCRYPT algorithm for encrypting passwords. 2.1.2 The username name algorithm-type scrypt secret password command encrypts the user password using SHA scrypt hash algorithm. The result is called Type 9 password. The username name secret password command encrypts the user password using MD5 hash algorithm. MD5 hashes are no longer considered secure because attackers can reconstruct valid certificates. Type 9 passwords are stronger than MD5 and Type 7 passwords. This command can accept a plain text user password and then encrypt it to show in the running-config file.
A network administrator notices that unsuccessful login attempts have caused a router to enter quiet mode. How can the administrator maintain remote access to the networks even during quiet mode? A. Quiet mode behavior will only prevent specific user accounts from attempting to authenticate. B. Quiet mode behavior can be disabled by an administrator by using SSH to connect. C. Quiet mode behavior can be overridden for specific networks by using an ACL. D. Quiet mode behavior can be enabled via an ip access-group command on a physical interface.
C. Quiet mode behavior can be overridden for specific networks by using an ACL. 2 Quiet mode prevents any further login attempts for a period of time. Quiet mode is enabled via the login quiet-mode access-class command. Quiet mode behavior can be overridden for specific networks by building and implementing an access control list (ACL).
Which element of an SNMP implementation can be configured to respond to requests as well as to forward notifications? A. MIB B. SNMP manager C. SNMP agent D. OID
C. SNMP agent 2.3.4 An SNMP agent implements actions directed by an SNMP manager. These actions can include polling, applying configuration changes, or forwarding of traps and other notifications. An SNMP manager runs the SNMP management software and directly accesses the information collected. The MIB is the Management Information Base, which is a hierarchically-organized database of information collected by SNMP. An OID is an object ID given to each piece of information within the MIB.
Which Cisco network security tool is a cloud-based service that provides alerts to network professionals about current network attacks? A. IPS B. Snort IDS C. Security Intelligence Operations D. zone-based policy firewall
C. Security Intelligence Operations Refer to curriculum topic: 1.1.1 The Cisco Security Intelligence Operations (SIO) arrived in 2010 and is a cloud-based service that connects global threat information, reputation-based services, and sophisticated analysis to Cisco network security devices to provide stronger protection with faster response times
A user complains about being locked out of a device after too many unsuccessful AAA login attempts. What could be used by the network administrator to provide a secure authentication access method without locking a user out of a device? A. Use the none keyword when configuring the authentication method list. B. Use the aaa local authentication attempts max-fail global configuration mode command with a higher number of acceptable failures. C. Use the login delay command for authentication attempts. D. Use the login local command for authenticating user access.
C. Use the login delay command for authentication attempts. 3 The login delay command introduces a delay between failed login attempts without locking the account. This provides a user with unlimited attempts at accessing a device without causing the user account to become locked and thus requiring administrator intervention.
A user complains about not being able to gain access to a network device configured with AAA. How would the network administrator determine if login access for the user account is disabled? A. Use the show aaa user command. B. Use the show aaa sessions command. C. Use the show aaa local user lockout command. D. Use the show running-configuration command.
C. Use the show aaa local user lockout command. 3 The show aaa local user lockout command provides an administrator with a list of the user accounts that are locked out and unable to be used for authentication. This command also provides the date and timestamp of the lockout occurrence.
Which two network security solutions can be used to mitigate DoS attacks? (Choose two.) A. virus scanning B. data encryption C. antispoofing technologies D. intrusion protection systems E. applying user authentication
C. antispoofing technologies D. intrusion protection systems 1 Antivirus software is used to protect a system against viruses. Encryption helps with reconnaissance and man-in-the-middle attacks. The most important components that are used to deal with DoS attacks are firewalls and IPSes.
What causes a buffer overflow? A. launching a security countermeasure to mitigate a Trojan horse B. downloading and installing too many software updates at one time C. attempting to write more data to a memory location than that location can hold D. sending too much information to two or more interfaces of the same device, thereby causing dropped packets E. sending repeated connections such as Telnet to a particular device, thus denying other data sources
C. attempting to write more data to a memory location than that location can hold 1 By sending too much data to a specific area of memory, adjacent memory locations are overwritten, which causes a security issue because the program in the overwritten memory location is affected.
How is a smurf attack conducted? A. by sending a large number of packets to overflow the allocated buffer memory of the target device B. by sending an echo request in an IP packet larger than the maximum packet size of 65,535 bytes C. by sending a large number of ICMP requests to directed broadcast addresses from a spoofed source address on the same network D. by sending a large number of TCP SYN packets to a target device from a spoofed source address
C. by sending a large number of ICMP requests to directed broadcast addresses from a spoofed source address on the same network 1 With a smurf attack, a large number of ICMP requests are sent using a spoofed source IP address of an intended target. All echo replies will be forwarded to the targeted host on the same network in an attempt to overwhelm it. A ping of death DoS attack sends an echo request in an IP packet that is larger than the maximum packet of 65,535 bytes. A TCP SYN flood attack sends a large number of packets with the TCP SYN flag set from a forged source address.
What IOS privilege levels are available to assign for custom user-level privileges? A. levels 1 through 15 B. levels 0, 1, and 15 C. levels 2 through 14 D. levels 0 and 1
C. levels 2 through 14 2.2.1 There are 16 privilege levels that can be applied to user accounts. Levels 0, 1, and 15 have predefined settings. This leaves levels 2 through 14 available for creating custom levels of access.
An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this? A. trust exploitation B. buffer overflow C. man in the middle D. port redirection
C. man in the middle 1 An access attack tries to gain access to a resource using a hijacked account or other means. The five types of access attacks include the following: password - a dictionary is used for repeated login attempts trust exploitation - uses granted privileges to access unauthorized material port redirection - uses a compromised internal host to pass traffic through a firewall man-in-the-middle - an unauthorized device positioned between two legitimate devices in order to redirect or capture traffic buffer overflow - too much data sent to a memory location that already contains data
A disgruntled employee is using Wireshark to discover administrative Telnet usernames and passwords. What type of network attack does this describe? A. denial of service B. port redirection C. reconnaissance D. trust exploitation
C. reconnaissance 1 Wireshark is a free download that allows network packet inspection. Someone using this tool for malicious intent would be performing a reconnaissance attack. Through the capture of network packets, weak security network connectivity protocols such as Telnet can be caught, inspected, and then analyzed for detailed network information, including passwords.
Router# show running-config <output omitted> ! Par ser view SUPPORT superview secret 5 $1$Vp 10 $BBB1N 68 Z2 ekr/alHledts. view SHOWVIEW view VERIFYVIEW Based on the output of the show running-config command, which type of view is SUPPORT? A. secret view, with a level 5 encrypted password B. root view, with a level 5 encrypted secret password C. superview, containing SHOWVIEW and VERIFYVIEW views D. CLI view, containing SHOWVIEW and VERIFYVIEW commands
C. superview, containing SHOWVIEW and VERIFYVIEW views 2 The superview role-based CLI view named SUPPORT has been configured on the router. The SUPPORT suerview consists of two CLI views called SHOWVIEW and VERIFYVIEW.
What is the purpose of using the ip ospf message-digest-key key md5 password command and the area area-id authentication message-digest command on a router? A. to encrypt OSPF routing updates B. to enable OSPF MD5 authentication on a per-interface basis C. to configure OSPF MD5 authentication globally on the router D. to facilitate the establishment of neighbor adjacencies
C. to configure OSPF MD5 authentication globally on the router 2 To configure OSPF MD5 authentication globally, the ip ospf message-digest-key key md5 password interface configuration command and the area area-id authentication message-digest router configuration command are issued. To configure OSPF MD5 authentication per interface, the ip ospf message-digest-key key md5 password interface configuration command and the ip ospf authentication message-digest interface configuration command are issued. Authentication does not encrypt OSPF routing updates. The requirements to establish OSPF router neighbor adjacencies are separate from authentication.
What worm mitigation phase involves actively disinfecting infected systems? A. quarantine B. inoculation C. treatment D. containment
C. treatment 1 The four phases of worm mitigation are: Containment Inoculation Quarantine Treatment Disinfecting systems is accomplished in the treatment phase and involves terminating the worm process, removing infected files, and patching vulnerabilities exploited by the worm.
Which condition describes the potential threat created by Instant On in a data center? A. when the primary IPS appliance is malfunctioning B. when the primary firewall in the data center crashes C. when a VM that may have outdated security policies is brought online after a long period of inactivity D. when an attacker hijacks a VM hypervisor and then launches attacks against other devices in the data center
C. when a VM that may have outdated security policies is brought online after a long period of inactivity 1 The phrase Instant On describes a potential threat to a VM when it is brought online after it has not been used for a period of time. Because it is offline for a while, it may have outdated security policies that deviate from the baseline security and can introduce security vulnerabilities.
What is a characteristic of the Cisco IOS Resilient Configuration feature? A. It maintains a secure working copy of the bootstrap startup program. B. The secure boot-image command works properly when the system is configured to run an image from a TFTP server. C. Once issued, the secure boot-config command automatically upgrades the configuration archive to a newer version after new configuration commands have been entered. D. A snapshot of the router running configuration can be taken and securely archived in persistent storage.
D. A snapshot of the router running configuration can be taken and securely archived in persistent storage. 2 The Cisco IOS Resilient Configuration feature maintains a secure working copy of the router IOS image file and a copy of the running configuration file. The secure boot-image command functions properly only when the system is configured to run an image from a flash drive with an ATA interface. The secure boot-config command has to be used repeatedly to upgrade the configuration archive to a newer version after new configuration commands have been issued. A snapshot of the router running configuration can be taken and securely archived in persistent storage using the secure boot-config command.
What is the purpose of the none keyword in an AAA authentication configuration? A. It completely disables AAA authentication on the device. B. It prevents users from logging in to the device remotely. C. It only allows users with privilege level 15 to log in to the device. D. It allows users to log into the device without credentials if all other authentication methods fail.
D. It allows users to log into the device without credentials if all other authentication methods fail. 3.2.1 The none keyword allows a user to log in without credentials, and provides a backup in case all other authentication methods fail. A failure occurs if the authentication method is not working, for example if a server is unreachable, or a local database has not been configured.
What is the biggest issue with local implementation of AAA? A. Local implementation cannot provide secure authentication. B. Local implementation supports only RADIUS servers. C. Local implementation supports only TACACS+ servers. D. Local implementation does not scale well.
D. Local implementation does not scale well. 3.3.1 One of the purposes of AAA is to provide secure authentication to network devices. Local implementation does not use RADIUS or TACACS+ servers. It relies on a local database to authenticate all users. This can be a problem in a network that has many devices with hundreds of users or more.
Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode? A. Keep a secure copy of the router Cisco IOS image and router configuration file as a backup. B. Disable all unused ports and interfaces to reduce the number of ways that the router can be accessed. C. Configure secure administrative control to ensure that only authorized personnel can access the router. D. Locate the router in a secure locked room that is accessible only to authorized personnel. E. Provision the router with the maximum amount of memory possible.
D. Locate the router in a secure locked room that is accessible only to authorized personnel. 2 Of the three areas of router security, physical security, router hardening, and operating system security, physical security involves locating the router in a secure room accessible only to authorized personnel who can perform password recovery.
Router1# username admin algorithm-type scrypt secret ci$COROCKS! Router1# aaa new-model Router1# aaa authentication login default group radius local none What configuration would need to be applied to the vty lines in order to use this AAA policy? A. login authentication admin B. login authentication radius C. Answered login authentication local D. No configuration is necessary.
D. No configuration is necessary. 3.2.1 The special named list "default" is enabled automatically on all interfaces and lines. No extra configuration is necessary to make the configuration work. If the default list is replaced with another list on the vty line, it can be put back again with the login authentication default command.
Which set of commands are required to create a username of admin, hash the password using MD5, and force the router to access the internal username database when a user attempts to access the console? A. R1(config)# username admin password Admin01pa55 R1(config)# line con 0 R1(config-line)# login local B. R1(config)# username admin password Admin01pa55 R1(config)# line con 0 R1(config-line)# login C. R1(config)# username admin Admin01pa55 encr md5 R1(config)# line con 0 R1(config-line)# login local D. R1(config)# username admin secret Admin01pa55 R1(config)# line con 0 R1(config-line)# login local E. R1(config)# username admin secret Admin01pa55 R1(config)# line con 0 R1(config-line)# login
D. R1(config)# username admin secret Admin01pa55 R1(config)# line con 0 R1(config-line)# login local 2 To configure a user account with an encrypted password, the username secret command is used. The line con 0 command defines the console line as configured for login and the login local command tells the router to look in the local database for the user credentials.
R1(config)# enable algorithm-type scrypt R1 (config)# enable secret 9 tnhtc92DXBhelxjYk8LWJrPV36S2 i 4ntXrpb4RFmfqy R1(config)# username Admin algorithm-type scrypt secret Strong5rPa55word R1(config)# aaa new-model R1(config)# aaa authentication login default local-case enable ________________________________________________________________________________________ R2# telnet 10.10.10.1 Trying 10.10.10.1 ... Open User Access Verification Username: admin Password: StrongPa55wOrd $ Authentication failed [Connection to 10.10.10.1 closed by foreign host] R2# Router R1 is configured as shown. An administrative user attempts to use Telnet from router R2 to router R1 using the interface IP address 10.10.10.1. However, Telnet access is denied. Which option corrects this problem? A. The R1 10.10.10.1 router interface must be enabled. B. The vty lines must be configured with the login authentication default command. C. The aaa local authentication attempts max-fail command must be set to 2 or higher. D. The administrative user should use the username Admin and password Str0ngPa55w0rd.
D. The administrative user should use the username Admin and password Str0ngPa55w0rd. 3.2.1 The AAA authentication is defined with the list default with two methods. The first method is to use the local database and the second method is to use the enable password. The keyword local-case indicates that both the username and password are case-sensitive.
What occurs after RSA keys are generated on a Cisco router to prepare for secure device management? A. All vty ports are automatically configured for SSH to provide secure management. B. The general-purpose key size must be specified for authentication with the crypto key generate rsa general-keys modulus command. C. The keys must be zeroized to reset Secure Shell before configuring other parameters. D. The generated keys can be used by SSH.
D. The generated keys can be used by SSH. 2 Once RSA keys are generated, SSH is automatically enabled.
What is a drawback of the local database method of securing device access that can be solved by using AAA with centralized servers? A. There is no ability to provide accountability. B. It is very susceptible to brute-force attacks because there is no username. C. The passwords can only be stored in plain text in the running configuration. D. User accounts must be configured locally on each device, which is an unscalable authentication solution.
D. User accounts must be configured locally on each device, which is an unscalable authentication solution. 3.1.1 The local database method of securing device access utilizes usernames and passwords that are configured locally on the router. This allows administrators to keep track of who logged in to the device and when. The passwords can also be encrypted in the configuration. However, the account information must be configured on each device where that account should have access, making this solution very difficult to scale.
Which two tasks are associated with router hardening? (Choose two.) A. installing the maximum amount of memory possible B. placing the router in a secure room C. using uninterruptible power supplies D. disabling unused ports and interfaces E. securing administrative access
D. disabling unused ports and interfaces E. securing administrative access 2.1.1 A critical step in securing a router is to harden it against attack. Two tasks that can be done to harden a router are disabling unused ports and interfaces and securing administrative access to the router. Installing maximum memory in a router will help protect the operating system from DoS attacks but is not a hardening task. Placing the router in a secure room with an uninterruptible power supply provides physical security but is not hardening the router.
A network administrator needs to protect a router against brute force login attempts. What is the correct login-block-for command syntax to disable login for 3 minutes if more than 3 failed attempts are made within a 2 minute period? A. login block-for 180 attempts 120 within 3 B. login block-for 3 attempts 120 within 3 C. login block-for 3 attempts 3 within 2 D. login block-for 180 attempts 3 within 120
D. login block-for 180 attempts 3 within 120 2.1.3 The correct syntax for the command is login block-for seconds attempts tries within seconds. So for a 3 minute login delay, 180 seconds are needed. The failed attempts are 3 within 2 minutes which is 120 seconds:login block-for 180 attempts 3 within 120.
What is a main purpose of launching an access attack on network systems? A. to prevent other users from accessing the system B. to gather information about the network C. to scan for accessible networks D. to retrieve data
D. to retrieve data Refer to curriculum topic: 1.2.4 Gathering information about a network and scanning for access is a reconnaissance attack. Preventing other users from accessing a system is a denial of service attack.
Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this? A. accessibility B. accounting C. auditing D. authentication E. authorization
E. authorization 3 One of the components in AAA is authorization. After a user is authenticated through AAA, authorization services determine which resources the user can access and which operations the user is allowed to perform.
Which security measure is typically found both inside and outside a data center facility? A. a gate B. exit sensors C. security traps D. biometrics access E. continuous video surveillance
E. continuous video surveillance Refer to curriculum topic: 1.1.2 Continuous video surveillance is a security measure found both inside and outside a data center facility. A gate provides outside perimeter security. Security traps, biometrics access, and exit sensors provide inside perimeter security.
When 802.1X port-based authentication is enabled, only ___________ traffic will be allowed through the switch port that a workstation is connected to until the workstation is authenticated.
Extensible Authentication Protocol over LAN (EAPOL) or EAP 3.5.3 Until a workstation has been authenticated, the switch port to which the workstation is connected will not allow any traffic except EAPOL traffic.
Antivirus software can prevent viruses from entering the network. True or False?
False Refer to curriculum topic: 1.3.4 Although antivirus software is the primary means of mitigating viruses and Trojan horses, it cannot prevent viruses from entering the network.
Cisco _______ is an identity and access control policy technology that protects assets such as data applications and mobile devices from unauthorized access.
ISE 3.3.2
The _____ is a Layer 2 open standard network discovery protocol.
LLDP 2.4.1 The Link Layer Discovery Protocol, or LLDP, is an open standard version of Cisco Discovery Protocol, or CDP, which is proprietary.
The Cisco Network Foundation Protection framework has three functional areas. The _________ plane of a router is responsible for routing packets correctly.
data Refer to curriculum topic: 1.3.5 The data plane of a router is responsible for routing traffic. The other two planes defined by the Cisco Network Foundation Protection (NFP) framework are the control plane and the management plane.
When role-based CLI is used, only the ______ view has the ability to add or remove commands from existing views.
root 2.2.2 There are three role-based CLI views that can be configured: (1) root view, (2) CLI view, and (3) superview. Only a user with root view can create new views or add and remove commands from existing views.
Routing protocol __________ can be used to falsify routing information, cause DoS attacks, or cause traffic to be redirected.
spoofing 2.5.1
OSPF __________ authentication should be used wherever possible, because MD5 authentication is considered vulnerable to attacks.
SHA 2.5.1