CISCO CCNA I - Modules 16 & 17 - Building and Securing a Small Network (Exam Notes)
Which command can an administrator issue on a Cisco router to send debug messages to the vty lines? A. logging console B. logging buffered C. terminal monitor D. logging synchronous
terminal monitor (C) Explanation: Debug messages, like other IOS log messages, are sent to the console line by default. Sending these messages to the terminal lines requires the terminal monitor command.
What is the role of an IPS? A. authenticating and validating traffic B. detecting and blocking of attacks in real time C. connecting global threat information to Cisco network security devices D. filtering of nefarious websites
detecting and blocking of attacks in real time (B) Explanation: An intrusion prevention system (IPS) provides real-time detection and blocking of attacks.
A user is redesigning a network for a small company and wants to ensure security at a reasonable price. The user deploys a new application-aware firewall with intrusion detection capabilities on the ISP connection. The user installs a second firewall to separate the company network from the public network. Additionally, the user installs an IPS on the internal network of the company. What approach is the user implementing? A. attack based B. layered C. structured D. risk based
layered (B) Explanation: Using different defenses at various points of the network creates a layered approach.
When applied to a router, which command would help mitigate brute-force password attacks against the router? A. service password-encryption B. banner motd $Max failed logins = 5$ C. login block-for 60 attempts 5 within 60 D. exec-timeout 30
login block-for 60 attempts 5 within 60 (C) Explanation: The login block-for command sets a limit on the maximum number of failed login attempts allowed within a defined period of time. If this limit is exceeded, no further logins are allowed for the specified period of time. This helps to mitigate brute-force password cracking since it will significantly increase the amount of time required to crack a password. The exec-timeout command specifies how long the session can be idle before the user is disconnected. The service password-encryption command encrypts the passwords in the running configuration. The banner motd command displays a message to users who are logging in to the device.
What feature of SSH makes it more secure than Telnet for a device management connection? A. stronger password requirement B. random one-time port connection C. confidentiality with IPsec D. login information and data encryption
login information and data encryption (D) Explanation: Secure Shell (SSH) is a protocol that provides a secure management connection to a remote device. SSH provides security by providing encryption for both authentication (username and password) and the transmitted data. Telnet is a protocol that uses unsecure plaintext transmission. SSH is assigned to TCP port 22 by default. Although this port can be changed in the SSH server configuration, the port is not dynamically changed. SSH does not use IPsec.
Which network service automatically assigns IP addresses to devices on the network? A. traceroute B. DNS C. DHCP D. Telnet
DHCP (C) Explanation: Dynamic Host Configuration Protocol (DHCP) can be used to allow end devices to automatically configure IP information, such as their IP address, subnet mask, DNS server, and default gateway. The DNS service is used to provide domain name resolution, mapping hostnames to IP addresses. Telnet is a method for remotely accessing a CLI session of a switch or router. Traceroute is a command used to determine the path a packet takes as it traverses the network.
Which firewall feature is used to ensure that packets coming into a network are legitimate responses to requests initiated from internal hosts? A. packet filtering B. application filtering C. stateful packet inspection D. URL filtering
stateful packet inspection (C) Explanation: Stateful packet inspection on a firewall checks that incoming packets are actually legitimate responses to requests originating from hosts inside the network. Packet filtering can be used to permit or deny access to resources based on IP or MAC address. Application filtering can permit or deny access based on port number. URL filtering is used to permit or deny access based on URL or on keywords.
Which statement is true about Cisco IOS ping indicators? A. A combination of '.' and '!' indicates that a router along the path did not have a route to the destination address and responded with an ICMP unreachable message. B. ' . ' indicates that the ping was successful but the response time was longer than normal. C. '!' indicates that the ping was unsuccessful and that the device may have issues finding a DNS server. D. 'U' may indicate that a router along the path did not contain a route to the destination address and that the ping was unsuccessful.
'U' may indicate that a router along the path did not contain a route to the destination address and that the ping was unsuccessful. (D) Explanation: The most common indicators of a ping issued from the Cisco IOS are "!", ".", and "U". The "!" indicates that the ping completed successfully, verifying connectivity at Layer 3. The "." may indicate that a connectivity problem, routing problem, or device security issue exists along the path and that an ICMP destination unreachable message was not provided. The "U" indicates that a router along the path may not have had a route to the destination address, and that it responded with an ICMP unreachable message.
Match the description to the type of firewall filtering. (Not all options are used.) Types of Firewall Filtering: • stateful packet inspection • URL filtering • application filtering • packet filtering Descriptions: • 1) prevents or allows access based on the operating system of the source or destination device • 2) prevents or allows access based on the port numbers used in the request • 3) prevents or allows access based on whether the traffic is in response to requests from internal hosts • 4) prevents or allows access based on web addresses or keywords • 5) prevents or allows access based on the IP or MAC addresses of the source and destination
2) prevents or allows access based on the port numbers used in the request - application filtering 3) prevents or allows access based on whether the traffic is in response to requests from internal hosts - stateful packet inspection 4) prevents or allows access based on web addresses or keywords - URL filtering 5) prevents or allows access based on the IP or MAC addresses of the source and destination - packet filtering Explanation: Stateful packet inspection: Prevents or allows access based on whether the traffic is in response to requests from internal hosts. URL filtering: Prevents or allows access based on web addresses or keywords. Application filtering: Prevents or allows access based on the port numbers used in the request. Packet filtering: Prevents or allows access based on the IP or MAC addresses of the source and destination.
Refer to the exhibit. (https://prnt.sc/CX7ztaq8Zc0b) • Exhibit is from a Cisco switch's CLI. ---------- Switch# ping 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: UUUUU Success rate is 0 percent (0/5) ---------- An administrator is testing connectivity to a remote device with the IP address 10.1.1.1. What does the output of this command indicate? A. A ping packet is being blocked by a security device along the path. B. A router along the path did not have a route to the destination. C. Connectivity to the remote device was successful. D. The connection timed out while waiting for a reply from the remote device.
A router along the path did not have a route to the destination. (B) Explanation: In the output of the ping command, an exclamation mark (!) indicates a response was successfully received, a period (.) indicates that the connection timed out while waiting for a reply, and the letter "U" indicates that a router along the path did not have a route to the destination and sent an ICMP destination unreachable message back to the source.
When configuring SSH on a router to implement secure network management, a network engineer has issued the login local and transport input ssh line vty commands. What three additional configuration actions have to be performed to complete the SSH configuration? (Choose three.) A. Configure the correct IP domain name. B. Create a valid local username and password database. C. Manually enable SSH after the RSA keys are generated. D. Configure role-based CLI access. E. Set the user privilege levels. F. Generate the asymmetric RSA keys.
Configure the correct IP domain name. Create a valid local username and password database. Generate the asymmetric RSA keys. (A, B, & F) Explanation: SSH is automatically enabled after the RSA keys are generated. Setting user privilege levels and configuring role-based CLI access are good security practices but are not a requirement of implementing SSH.
What is considered the most effective way to mitigate a worm attack? A. Ensure that AAA is configured in the network. B. Download security updates from the operating system vendor and patch all vulnerable systems. C. Change system passwords every 30 days. D. Ensure that all systems have the most current virus definitions.
Download security updates from the operating system vendor and patch all vulnerable systems. (B) Explanation: Because worms take advantage of vulnerabilities in the system itself, the most effective way to mitigate worm attacks is to download security updates from the operating system vendor and patch all vulnerable systems.
Which method is used to send a ping message specifying the source address for the ping? A. Issue the ping command without specifying a destination IP address. B. Issue the ping command without extended commands. C. Issue the ping command after shutting down un-needed interfaces. D. Issue the ping command from within interface configuration mode.
Issue the ping command without specifying a destination IP address. (A) Explanation: By issuing the ping command without a destination IP address in privileged EXEC mode, the Cisco IOS enters extended ping mode. This allows the user to implement extended commands which include source IP address.
A network technician issues the C:\> tracert -6 www.cisco.com command on a Windows PC. What is the purpose of the -6 command option? A. It sets a 6 milliseconds timeout for each replay. B. It sends 6 probes within each TTL time period. C. It limits the trace to only 6 hops. D. It forces the trace to use IPv6.
It forces the trace to use IPv6. (D) Explanation: The -6 command option in the "tracert" command is used to specify that the trace route should be conducted using IPv6. Therefore, the correct answer is "It forces the trace to use IPv6." When a network technician issues the command "tracert -6 www.cisco.com" on a Windows PC, they are explicitly instructing the system to trace the route to the specified destination (www.cisco.com) using IPv6. This is particularly useful in situations where a network supports both IPv4 and IPv6, and the technician wants to diagnose or analyze the path taken by IPv6 packets to reach the destination.
An administrator decides to use "pR3s!d7n&0" as the password on a newly installed router. Which statement applies to the password choice? A. It is strong because it uses a passphrase. B. It is weak since it is a word that is easily found in the dictionary. C. It is strong because it uses a minimum of 10 numbers, letters, and special characters. D. It is strong because it contains 10 numbers and special characters.
It is strong because it uses a minimum of 10 numbers, letters and special characters. (C) Explanation: The password "pR3s!d7n&0" is considered strong because it adheres to the best practices of creating a secure password. It is strong because it uses a minimum of 10 numbers, letters, and special characters" is the correct answer. This password meets the recommended criteria for a strong password by incorporating a mix of uppercase and lowercase letters, numbers, and special characters. The length of 10 characters also adds to its strength, making it more resistant to various password-cracking techniques. This diversity and complexity make it a robust choice for enhancing the security of the router.
A user reports a lack of network connectivity. The technician takes control of the user machine and attempts to ping other computers on the network and these pings fail. The technician pings the default gateway and that also fails. What can be determined for sure by the results of these tests? A. Nothing can be determined for sure at this point. B. The TCP/IP protocol is not enabled. C. The NIC in the PC is bad. D. The router that is attached to the same network as the workstation is down.
Nothing can be determined for sure at this point. (A) Explanation: In networks today, a failed ping could mean that the other devices on the network are blocking pings. Further investigation such as checking network connectivity from other devices on the same network is warranted.
Identify the steps needed to configure a switch for SSH. The answer order does not matter. (Not all options are used.) Possible steps: • Create a local user. • Generate RSA keys. • Use the login command. • Configure a domain name. • Use the login local command. • Use the password cisco command. • Use the transport input ssh command. Required steps for SSH configuration: 1) ... 2) ... 3) ... 4) ... 5) ...
Required steps for SSH configuration: 1) Create a local user. 2) Generate RSA keys. 3) Configure a domain name. 4) Use the login local command. 5) Use the transport input ssh command. Explanation: The login and password cisco commands are used with Telnet switch configuration, not SSH configuration.
A technician is to document the current configurations of all network devices in a college, including those in off-site buildings. Which protocol would be best to use to securely access the network devices? A. HTTP B. SSH C. FTP D. Telnet
SSH (B) Explanation: Telnet sends passwords and other information in clear text, while SSH encrypts its data. FTP and HTTP do not provide remote device access for configuration purposes.
What is the advantage of using SSH over Telnet? A. SSH provides secure communications to access hosts. B. SSH operates faster than Telnet. C. SSH is easier to use. D. SSH supports authentication for a connection request.
SSH provides secure communications to access hosts. (A) Explanation: SSH provides a secure method for remote access to hosts by encrypting network traffic between the SSH client and remote hosts. Although both Telnet and SSH request authentication before a connection is established, Telnet does not support encryption of login credentials.
Refer to the exhibit. (https://prnt.sc/_k2G6uK47cqB) ---------- Routers R1 & R2 are joined by serial connection. Under R1 are two switches. • Connected under Switch1/R1 is a host named H1. • Connected under Switch2/R1 is an unnamed host. Under R2 is one switch. • Connected under Switch/R2 is a host named H3. ---------- Baseline documentation for a small company had ping round trip time statistics of 36/97/132 between hosts H1 and H3. Today the network administrator checked connectivity by pinging between hosts H1 and H3 that resulted in a round trip time of 1458/2390/6066. What does this indicate to the network administrator? A. Something is causing interference between H1 and R1. B. H3 is not connected properly to the network. C. Performance between the networks is within expected parameters. D. Something is causing a time delay between the networks. E. Connectivity between H1 and H3 is fine.
Something is causing a time delay between the networks. (D) Explanation: Ping round trip time statistics are shown in milliseconds. The larger the number the more delay. A baseline is critical in times of slow performance. By looking at the documentation for the performance when the network is performing fine and comparing it to information when there is a problem, a network administrator can resolve problems faster.
An employee complains that a Windows PC cannot connect to the Internet. A network technician issues the ipconfig command on the PC and is shown an IP address of 169.254.10.3. Which two conclusions can be drawn? (Choose two.) A. The default gateway address is not configured. B. The PC cannot contact a DHCP server. C. The DNS server address is misconfigured. D. The enterprise network is misconfigured for dynamic routing. E. The PC is configured to obtain an IP address automatically.
The PC cannot contact a DHCP server. The PC is configured to obtain an IP address automatically. (B & E) Explanation: When a Windows PC is configured to obtain an IP address automatically, the PC will try to obtain an IP address from a DHCP server. When the PC cannot contact a DHCP server, Windows will automatically assign an address belonging to the 169.254.0.0/16 range.
A ping fails when performed from router R1 to directly connected router R2. The network administrator then proceeds to issue the show cdp neighbors command. Why would the network administrator issue this command if the ping failed between the two routers? A. The network administrator wants to determine if connectivity can be established from a non-directly connected network. B. The network administrator suspects a virus because the ping command did not work. C. The network administrator wants to verify Layer 2 connectivity. D. The network administrator wants to verify the IP address configured on router R2.
The network administrator wants to verify Layer 2 connectivity. (C) Explanation: The show cdp neighbors command can be used to prove that Layer 1 and Layer 2 connectivity exists between two Cisco devices. For example, if two devices have duplicate IP addresses, a ping between the devices will fail, but the output of show cdp neighbors will be successful. The show cdp neighbors detail could be used to verify the IP address of the directly connected device in case the same IP address is assigned to the two routers.
Which statement describes the ping and tracert commands? A. Both ping and tracert can show results in a graphical display. B. Ping shows whether the transmission is successful; tracert does not. C. Tracert uses IP addresses; ping does not. D. Tracert shows each hop, while ping shows a destination reply only.
Tracert shows each hop, while ping shows a destination reply only. Explanation: The ping utility tests end-to-end connectivity between the two hosts. However, if the message does not reach the destination, there is no way to determine where the problem is located. On the other hand, the traceroute utility (tracert in Windows) traces the route a message takes from its source to the destination. Traceroute displays each hop along the way and the time it takes for the message to get to that network and back.
What is the difference between a virus and a worm? A. Viruses self-replicate but worms do not. B. Worms require a host file but viruses do not. C. Worms self-replicate but viruses do not. D. Viruses hide in legitimate programs but worms do not.
Worms self-replicate but viruses do not. (C) Explanation: Worms are able to self-replicate and exploit vulnerabilities on computer networks without user participation.
A network engineer is analyzing reports from a recently performed network baseline. Which situation would depict a possible latency issue? A. a change in the amount of RAM according to the show version output B. a change in the bandwidth according to the show interfaces output C. an increase in host-to-host ping response times D. a next-hop timeout from a traceroute
an increase in host-to-host ping response times (C) Explanation: While analyzing historical reports an administrator can compare host-to-host timers from the ping command and depict possible latency issues.
On which two interfaces or ports can security be improved by configuring executive timeouts? (Choose two.) A. Fast Ethernet interfaces B. console ports C. vty ports D. loopback interfaces E. serial interfaces
console ports vty ports (B & C) Explanation: Executive timeouts allow the Cisco device to automatically disconnect users after they have been idle for the specified time. Console, vty, and aux ports can be configured with executive timeouts.
A user wants to know the IP address of the PC. What is the best command to use to accomplish the task? A. ipconfig B. copy running-config startup-config C. show interfaces D. show ip nat translations
ipconfig (A) Explanation: The best command for finding the IP address of a PC is "ipconfig" because it specifically provides information about the IP configuration of the device. Running "ipconfig" in the command prompt (for Windows) will display details such as the IP address, subnet mask, and default gateway. This command is designed to retrieve network-related information, making it the most appropriate choice for the user's inquiry.
Which example of malicious code would be classified as a Trojan horse? A. malware that attaches itself to a legitimate program and spreads to other programs when launched B. malware that requires manual user intervention to spread between systems C. malware that was written to look like a video game D. malware that can automatically spread from one system to another by exploiting a vulnerability in the target
malware that was written to look like a video game (C) Explanation: A Trojan horse is malicious code that has been written specifically to look like a legitimate program. This is in contrast to a virus, which simply attaches itself to an actual legitimate program. Viruses require manual intervention from a user to spread from one system to another, while a worm is able to spread automatically between systems by exploiting vulnerabilities on those devices.
Users are complaining that they are unable to browse certain websites on the Internet. An administrator can successfully ping a web server via its IP address, but cannot browse to the domain name of the website. Which troubleshooting tool would be most useful in determining where the problem is? A. tracert B. nslookup C. netstat D. ipconfig
nslookup (B) Explanation: The nslookup command can be used to look up information about a particular DNS name in the DNS server. The information includes the IP address of the DNS server being used as well as the IP address associated with the specified DNS name. This command can help verify the DNS that is used and if the domain name to IP address resolution works.
Which type of attack involves an adversary attempting to gather information about a network to identify vulnerabilities? A. dictionary B. DoS C. man-in-the-middle D. reconnaissance
reconnaissance (D) Explanation: Reconnaissance is a type of attack where the intruder is looking for wireless network vulnerabilities.
A network engineer is troubleshooting connectivity issues among interconnected Cisco routers and switches. Which command should the engineer use to find the IP address information, host name, and IOS version of neighboring network devices? A. show ip route B. show interfaces C. show cdp neighbors detail D. show version
show cdp neighbors detail (C) Explanation: The show cdp neighbors detail command reveals much information about neighboring Cisco devices, including the IP address, the capabilities, host name, and IOS version. The show interfaces and show version commands display information about the local device.
Which command can an administrator execute to determine what interface a router will use to reach remote networks? A. show protocols B. show ip route C. show arp D. show interfaces
show ip route (B) Explanation: The show ip route command is used to display the IP routing table of the router. The IP routing table will show a list of known local and remote networks and the interfaces that the router will use to reach those networks.
Which command should be used on a Cisco router or switch to allow log messages to be displayed on remotely connected sessions using Telnet or SSH? A. logging synchronous B. debug all C. terminal monitor D. show running-config
terminal monitor (C) Explanation: The terminal monitor command is very important to use when log messages appear. Log messages appear by default when a user is directly consoled into a Cisco device, but require the terminal monitor command to be entered when a user is accessing a network device remotely.
What information about a Cisco router can be verified using the show version command? A. the routing protocol version that is enabled B. the value of the configuration register C. the operational status of serial interfaces D. the administrative distance used to reach networks
the value of the configuration register (B) Explanation: The value of the configuration register can be verified with the show version command.
Open the PT Activity. Perform the tasks in the activity instructions and then answer the question. (https://prnt.sc/Bmpt8FAYrbjb) ---------- Activity Instructions: Use the Terminal application from the Desktop tab on PCO to access Router0. Note that all passwords are configured as cisco. Determine the current partial SSH configuration on Router0. ---------- Which command has to be configured on the router to complete the SSH configuration? A. ip domain-name cisco.com B. service password-encryption C. transport input ssh D. enable secret class
transport input ssh (C) Explanation: The missing command to complete the SSH configuration is transport input ssh in line vty 0 4 mode. The commands service password-encryption and enable secret class do configure secure features on the router, but are not required to configure SSH. The command ip domain-name cisco.com is not required because the command ip domain-name span.com has been used.