Network Auth & Security Chapter 2
If AAA is already enabled, which three CLI steps are required to configure a router with a specific view (Choose three.) Question options: Assign a secret password to the view. Assign commands to the view. Assign users who can use the view. Associate the view with the root view. Create a superview using the parser view view-name command. Create a view using the parser view view-name command.
Assign a secret password to the view. Assign commands to the view. Create a view using the parser view view-name command.
Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack? Question options: HTTP CDP FTP LLDP LMNOP
CDP
What tool is available through the Cisco IOS CLI to initiate security audits and to make recommended configuration changes with or without administrator input? Question options: Cisco ACS Control Plane Policing Cisco AutoSecure Simple Network Management Protocol Cisco CLI Secure Plus
Cisco AutoSecure
Which two options provide secure remote access to a router? (Choose two.) Question options: CHAP HTTP HTTPS SSH Telnet
HTTPS SSH
Why is the username name algorithm-type scrypt secret password command preferred over the username name secret password command? Question options: It uses the MD5 algorithm for encrypting passwords. It uses the standard type 7 algorithm for encrypting passwords. It uses the SCRYPT algorithm for encrypting passwords. It does not require the login local command to enable the local database for authentication. It requires an already encrypted password to be accepted.
It uses the SCRYPT algorithm for encrypting passwords.
Which of the following can be used to falsify routing information, cause DoS attacks, or cause traffic to be redirected? Question options: Spooing Routing Protocol (SRP) Routing Protocol Flooding Spoofing Protocol Routing (SPR) Routing Protocol Spoofing Routing Protocol Detour
Routing Protocol Spoofing
Which OSPF authentication should be used wherever possible, because MD5 authentication is considered vulnerable to attacks? Question options: SHA The MC5 WEP SSH There is no authentication is OSPF
SHA
Which element of an SNMP implementation can be configured to respond to requests as well as to forward notifications? Question options: MIB SNMP manager SNMP agent OID O-SNMP
SNMP agent
What three configuration steps must be performed to implement SSH access to a router? (Choose three.) Question options: a password on the console line an IP domain name a user account an enable mode password a unique hostname an encrypted password
an IP domain name a user account a unique hostname
Which packet type is user-generated and forwarded by a router? Question options: data plane packet control plane packet management plane packet routing protocol update packet HTTPS packet
data plane packet
What IOS privilege levels are available to assign for custom user-level privileges? Question options: levels 1 through 15 levels 0, 1, and 15 levels 2 through 14 levels 0 and 1 five
levels 2 through 14
A network administrator needs to protect a router against brute force login attempts. What is the correct login-block-for command syntax to disable login for 3 minutes if more than 3 failed attempts are made within a 2 minute period? Question options: Login block-for 3 min 3 att 2 min login block-for within 180 attempts 3, 120 login block-for within 120 attempts 3, 180 login block-for 180 attempts 3 within 120 login block-for attempts 180 3 120
login block-for 180 attempts 3 within 120
Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.) Question options: physical security flash security operating system security remote access security router hardening zone isolation
physical security operating system security router hardening
Which two tasks are associated with router hardening? (Choose two.) Question options: installing the maximum amount of memory possible placing the router in a secure room using uninterruptible power supplies disabling unused ports and interfaces securing administrative access Installing the Cisco Steel Router protocol
disabling unused ports and interfaces securing administrative access
When role-based CLI is used, which view is the only view that has the ability to add or remove commands from existing views? Question options: admin super user root sudo commander Cisco
root
