exam4
What command will prevent all unencrypted passwords from displaying in plain text in a configuration file? (config-line)# password secret (config)# enable secret Secret_Password (config)# enable password secret (config)# service password-encryption (config)# enable secret Encrypted_Password
(config)# service password-encryption
What is the purpose of using a banner message on a Cisco network device? It can provide more security by slowing down attacks. It can be used to create a quiet period where remote connections are refused. It is effective in deflecting threat actors from entering the device. It can protect the organization from a legal perspective.
It can protect the organization from a legal perspective.
Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode? Configure secure administrative control to ensure that only authorized personnel can access the router. Locate the router in a secure locked room that is accessible only to authorized personnel. Provision the router with the maximum amount of memory possible. Keep a secure copy of the router Cisco IOS image and router configuration file as a backup. Disable all unused ports and interfaces to reduce the number of ways that the router can be accessed.
Locate the router in a secure locked room that is accessible only to authorized personnel.
What is one difference between using Telnet or SSH to connect to a network device for management purposes? Telnet uses UDP as the transport protocol whereas SSH uses TCP. Telnet sends a username and password in plain text, whereas SSH encrypts the username and password. Telnet does not provide authentication whereas SSH provides authentication. Telnet supports a host GUI whereas SSH only supports a host CLI.
Telnet sends a username and password in plain text, whereas SSH encrypts the username and password.
A company is planning to use a DMZ for their servers and is concerned about securing the network infrastructure. Which device should the network security team use for the edge router? Cisco Nexus switch VPN gateway firewall Layer 2 switch with port security features enabled
firewall
Which type of access is secured on a Cisco router or switch with the enable secret command? virtual terminal AUX port privileged EXEC console line
privileged EXEC
What three configuration steps must be performed to implement SSH access to a router? (Choose three.) a password on the console line an IP domain name an encrypted password an enable mode password a unique hostname a user account
an IP domain name a unique hostname a user account
At what point in the enterprise network are packets arriving from the internet examined prior to entering the network? campus core internet edge network edge WAN edge
network edge
Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.) operating system security physical security router hardening zone isolation flash security remote access security
operating system security physical security router hardening
A network administrator establishes a connection to a switch via SSH. What characteristic uniquely describes the SSH connection? direct access to the switch through the use of a terminal emulation program out-of-band access to a switch through the use of a virtual terminal with password authentication remote access to the switch through the use of a telephone dialup connection on-site access to a switch through the use of a directly connected PC and a console cable remote access to a switch where data is encrypted during the session
remote access to a switch where data is encrypted during the session
What is a common security task performed when securing administrative access to a network infrastructure device? Disable discovery protocols for all user-facing ports. Enable at least two ports for remote access. Log and account for all access. Block local access.
Log and account for all access.
What is a good password recommendation for a Cisco router? Use the service password-encryption command to protect a password used to log into a remote device across the network. Use a minimum of 7 characters. Zeroize all passwords used. Use one or more spaces within a multiword phrase.
Use one or more spaces within a multiword phrase.
A network administrator is issuing the login block-for 180 attempts 2 within 30 command on a router. Which threat is the network administrator trying to prevent? a user who is trying to guess a password to access the router a worm that is attempting to access another part of the network an unidentified individual who is trying to access the network equipment room a device that is trying to inspect the traffic on a link
a user who is trying to guess a password to access the router