Security test 2

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What command will prevent all unencrypted passwords from displaying in plain text in a configuration file?

(config)# service password-encryption

What wild card mask will match networks 172.16.0.0 through 172.19.0.0?

0.3.255.255

What is the default privilege level of user accounts created on Cisco routers?

1

Which range of custom privilege levels can be configured on Cisco routers?

2 through 14

Which statement describes SNMP operation?

A set request is used by the NMS to change configuration variables in the agent device.

What is a characteristic of the Cisco IOS Resilient Configuration feature?

A snapshot of the router running configuration can be taken and securely archived in persistent storage.

A network administrator is issuing the login block-for 180 attempts 2 within 30 command on a router. Which threat is the network administrator trying to prevent?

A user who is trying to guess a password to access the router or a brute force attack.

What service or protocol does the Secure Copy Protocol rely on to ensure that secure copy transfers are from authorized users?

AAA

Which term describes the ability of a web server to keep a log of the users who access the server, as well as the length of time they use it?

Accounting

Which scenario would cause an ACL misconfiguration and deny all traffic?

Apply an ACL that has all deny ACE statements.

Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform?

Authorization

What does the TACACS+ protocol provide in a AAA deployment?

Authorization on a per-user or per-group basis.

Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack?

CDP

When SNMPv1 or SNMPv2 is being used, which feature provides secure access to MIB objects?

Community strings

When password recovery on a router is being performed and the settings in NVRAM have been bypassed, which step should be taken next?

Copy the contents of the NVRAM to the RAM.

Which three statements describe limitations in using privilege levels for assigning command authorization? (Choose three.)

Creating a user account that needs access to most but not all commands can be a tedious process. Commands set on a higher privilege level are not available for lower privilege users. There is no access control to specific interfaces on a router.

Which two router commands can a user issue when granted privilege level 0? (Choose two.)

Disable Help

Which ICMP message type should be stopped inbound?

Echo

What is the first required task when configuring server-based AAA authentication?

Enable AAA globally.

What type of ACL offers greater flexibility and control over network access?

Extended

A company is planning to use a DMZ for their servers and is concerned about securing the network infrastructure. Which device should the network security team use for the edge router?

Firewall

What must be done before any role-based CLI views can be created?

Issue the aaa new-model command.

When a method list for AAA authentication is being configured, what is the effect of the keyword local?

It accepts a locally configured username, regardless of case.

What is the purpose of using a banner message on a Cisco network device?

It can protect an organization from a legal perspective.

What is a feature of the TACACS+ protocol?

It encrypts the entire body of the packet for more secure communications.

Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode?

Locate the router in a secure locked room that is accessible only to authorized personel.

What is a common security task performed when securing administrative access to a network infrastructure device? type of access is secured on a Cisco router or switch with the enable secret command?

Log and account for all access

Which protocol or service is used to automatically synchronize the software clocks on Cisco routers?

NTP

At what point in the enterprise network are packets arriving from the internet examined prior to entering the network?

Network Edge

What are three network enhancements achieved by implementing the Cisco IOS software role-based CLI access feature? (Choose three.)

Operational efficiency security availability

What is a characteristic of AAA accounting?

Possible triggers for the aaa accounting exec default command include start-stop and stop-only.

Which type of access is secured on a Cisco router or switch with the enable secret command?

Privileged EXEC

Refer to the exhibit. A network administrator wants to create a standard ACL to prevent Network 1 traffic from being transmitted to the Research and Development network. On which router interface and in which direction should the standard ACL be applied?

R2 Gi0/0 outbound

Which statement describes a difference between RADIUS and TACACS+?

RADIUS encrypts only the password whereas TACACS+ encrypts all communication.

A network administrator establishes a connection to a switch via SSH. What characteristic uniquely describes the SSH connection?

Remote access to a switch where data is encrypted during the session.

A network administrator wants to create a new view so that a user only has access to certain configuration commands. In role-based CLI, which view should the administrator use to create the new view?

Root view

Which technology allows syslog messages to be filtered to different devices based on event importance?

Syslog severity levels.

What is one difference between using Telnet or SSH to connect to a network device for management purposes?

Telnet sends data in plain text, where as SSH encrypts the data.

Refer to the exhibit. A network administrator is configuring an IPv6 ACL to allow hosts on the 2001:DB8:CAFE:10::/64 network to access remote web servers, except for PC1. However, a user on PC1 can successfully access the web server PC2. Why is this possible?

The IPv6 ACL Deny_WEB is permitting all web traffic before the specific host is blocked.

What does level 5 in the following enable secret global configuration mode command indicate? Router(config)# enable secret level 5 csc5io.

The enable secret password grants access to privileged EXEC level 5.

An administrator assigned a level of router access to the user ADMIN using the commands below.t are three network enhancements achieved by implementing the Cisco IOS software role-based CLI access feature? (Choose three.) Router(config)# privilege exec level 14 show ip route Router(config)# enable algorithm-type scrypt secret level 14 cisco-level-10 Router(config)# username ADMIN privilege 14 algorithm-type scrypt secret cisco-level-10

The user can issue the show version command. The user can execute all subcommands under the show ip interfaces command.

Refer to the exhibit. Which statement describes the function of the ACEs?

These ACEs allow for IPv6 neighbor discovery traffic.

What is the purpose of issuing the ip ospf message-digest-key key md5 password command and the area area-id authentication message-digest command on a router?

To configure OSPF MD5 authentication globally on the router.

A network administrator enters the command R1# enable view adminview. What is the purpose of this command?

To enter a CLI view named adminview.

What is the purpose of the network security accounting function?

To keep track of the actions of a user.

What are two reasons to enable OSPF routing protocol authentication on a network? (Choose two.)

To prevent data traffic from being redirected and then discarded. To prevent redirection of data traffic to an insecure link.

What are three functions provided by the syslog service? (Choose three.)

To specify the destinations of captured messages. To gather logging information for monitoring and troubleshooting. To select the type of logging information that is captured.

Which statement describes a typical security policy for a DMZ firewall configuration?

Traffic that originates from the DMZ interface is selectively permitted to the outside interface.

What is a good password recommendation for a Cisco router?

Use one or more spaces within a multiword passphrase.

What is the quickest way to remove a single ACE from a named ACL?

Use the no keyword and the sequence number of the ACE to be removed.

A user complains about not being able to gain access to a network device configured with AAA. How would the network administrator determine if login access for the user account is disabled?

Use the show aaa local user lockout command.

What three configuration steps must be performed to implement SSH access to a router? (Choose three.)

an ip domain name a unique hostname a user account

Which functionality does _the TACACS single-connection keyword provide to AAA services?

enhances the performance of the TCP connection

Which operator is used in an ACL statement to match packets of a specific application?

eq

A network engineer wants to synchronize the time of a router with an NTP server at the IPv4 address 209.165.200.225. The exit interface of the router is configured with an IPv4 address of 192.168.212.11. Which global configuration command should be used to configure the NTP server as the time source for this router?

ntp server 209.165.200.225

Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.)

operating system security physical security router hardening

Which service should be disabled on a router to prevent a malicious host from falsely responding to ARP requests with the intent to redirect the Ethernet frames?

proxy ARP

Which command will move the show interface command to privilege level 10?

router(config)# privlege exec level 10 show interface

What method is used to apply an IPv6 ACL to a router interface?

the use of the ipv6 traffic-filter command

In applying an ACL to a router interface, which traffic is designated as outbound?

traffic that is leaving the router and going toward the destination host

What are SNMP trap messages?

unsolicited messages that are sent by the SNMP agent and alert the NMS to a condition on the network


Ensembles d'études connexes

MKTG 4562: Marketing Strategy Mid-term (Ch. 1-7)

View Set

Chapter 29: Introduction to the Autonomic Nervous System

View Set

Essentials of Networking Modules 7, 8, 9

View Set

Ch 01 QUIZ - WHO ARE AMERICANS? An Increasingly Diverse Nation

View Set

Unit 2 Homework (Chapters 6, 5, and 7)

View Set

Prospective and Retrospective Studies

View Set

Financial Management Ch. 13 Leverage and Capital Structure

View Set

Evolve HESI Leadership/Management

View Set