Network Auth Quiz 4
Which range of custom privilege levels can be configured on Cisco routers? 2 through 14 0 through 15 1 through 15 1 through 16
2 through 14
A network administrator wants to create a new view so that a user only has access to certain configuration commands. In role-based CLI, which view should the administrator use to create the new view? CLI view. Admin view. Root view. Superview. Superuser.
Root view.
An administrator assigned a level of router access to the user ADMIN using the commands below.t are three network enhancements achieved by implementing the Cisco IOS software role-based CLI access feature? (Choose three.) Router(config)# privilege exec level 14 show ip route Router(config)# enable algorithm-type scrypt secret level 14 cisco-level-10 Router(config)# username ADMIN privilege 14 algorithm-type scrypt secret cisco-level-10 The user can issue the show version command. The user can issue the ip route command. The user can only execute the subcommands under the show ip route command. The user can issue all commands because this privilege level can execute all Cisco IOS commands. The user can execute all subcommands under the show ip interfaces command.
The user cannot issue any commands. The user can issue the show version command. The user can execute all subcommands under the show ip interfaces command.
Which two router commands can a user issue when granted privilege level 0? (Choose two.) disable enable ping show help configure
help
What command will prevent all unencrypted passwords from displaying in plain text in a configuration file? (config)# service password-encryption (config)# enable secret Secret_Password (config)# enable password-secret (config)# password secret (config)# secret-encrypt all 0 15
(config)# service password-encryption
What is the default privilege level of user accounts created on Cisco routers? 16 0 1 15
1
What three configuration steps must be performed to implement SSH access to a router? (Choose three.) A user account. A unique hostname. An IP domain name. A password on the console line. An encrypted password. An enable mode password. Standard ACLs can filter on source and destination TCP and UDP ports.
A user account. A unique hostname. An IP domain name.
A network administrator is issuing the login block-for 180 attempts 2 within 30 command on a router. Which threat is the network administrator trying to prevent? A device that is trying to inspect the traffic on a link. An unidentified individual who is trying to access the network equipment room. A worm that is attempting to propagate the network. A user who is trying to guess a password to access the router or a brute force attack.
A user who is trying to guess a password to access the router or a brute force attack.
Which three statements describe limitations in using privilege levels for assigning command authorization? (Choose three.) Creating a user account that needs access to most but all commands can be a tedious process. It is required that all 16 privlege levels be defined whether they are used of not. Views are required to define the CLI commands that each user can access. The root user must be assigned to each privlege that is defined. There is no access control to specific interfaces on a router. Commands set on higher level privleges are not available to lower privlege users.
Creating a user account that needs access to most but all commands can be a tedious process. Commands set on higher level privleges are not available to lower privlege users. There is no access control to specific interfaces on a router.
A company is planning to use a DMZ for their servers and is concerned about securing the network infrastructure. Which device should the network security team use for the edge router? Firewall. VPN gateway. Cisco Nexus Switch. An intrusion prevention device (IPS).
Firewall.
disable What must be done before any role-based CLI views can be created? Costumes must be purchased. Configure user names and passwords. Issue the aaa new-model command. Create a secret password for the root user. Assign Multiple privlege levels.
Issue the aaa new-model command.
What is the purpose of using a banner message on a Cisco network device? It will stop attackers dead in their tracks. It can provide more security by slowing down attacks. It can protect an organization from a legal perspective. It can be used to create a quiet period where remote connections are refused.
It can protect an organization from a legal perspective.
Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode? Provision the router with the maximum amount of RAM possible. Keep a secure copy of the router Cisco IOS image and router configuration file as a backup. Ensure that users on the 192.168.10.0/24 network are not allowed to transmit traffic to any other destination. Locate the router in a secure locked room that is accessible only to authorized personel.
Locate the router in a secure locked room that is accessible only to authorized personel.
Which type of access is secured on a Cisco router or switch with the enable secret command? Enable at least two ports for remote access. Console Line. Disable discovery protocols for all user-facing ports. Block local access. Log and account for all access.
Log and account for all access.
At what point in the enterprise network are packets arriving from the internet examined prior to entering the network? Network Edge. WAN Edge. Core Router. On a third-party server one hop off-site
Network Edge.
Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.) Physical Security. Zone Isolation. Router Hardening. Opertaing System Security. Flash Security. Remote Access Security.
Opertaing System Security. Physical Security. Router Hardening.
Which type of access is secured on a Cisco router or switch with the enable secret command? AUX port. Console Line. Virtual Terminal. PuTTY. Privleged EXEC.
Privleged EXEC.
A network administrator establishes a connection to a switch via SSH. What characteristic uniquely describes the SSH connection? Direct access to the switch through the use of a terminal emulation program. Remote access to a switch where data is encrypted during the session. Out-of-band access to a switch through the use of a terminal with password authentication. Remote access to the switch through the use of a tlephone dialup connection. On-site access toa switch through the use of a directly connected PC and a console cable.
Remote access to a switch where data is encrypted during the session.
It is recommended that in addition to using FileVault to encrypt the drive: Selecting Create a password. Set the EFI chip password. All removable drive are encrypted. Create a passphrase for FileVault.
Set the EFI chip password.
What is one difference between using Telnet or SSH to connect to a network device for management purposes? Telnet sends data in plain text, where as SSH encrypts the data. If you are consoled in to the router locally, there is no difference. Telnet uses UDP and SSH uses HTTPS. Telnet does not provide authentication whereas SSH provides authentication.
Telnet sends data in plain text, where as SSH encrypts the data.
What does level 5 in the following enable secret global configuration mode command indicate? Router(config)# enable secret level 5 csc5io. The enable secret password is hashed using SHA. The enable secret password grants access to privleged EXEC level 5. The enable secret password can only be enabled by individuals for EXEC level 5. The enable secret passwrod is hashed using MD5.
The enable secret password grants access to privleged EXEC level 5.
A network administrator enters the command R1# enable view adminview. What is the purpose of this command? To create a CLI view named adminview. To enter the root view. To enter a superview named adminview. To enter a CLI view named adminview.
To enter a CLI view named adminview.
Which statement describes a typical security policy for a DMZ firewall configuration? Traffic that originates from the outside interface is permitted to traverse the firewall to the inside interface with little or no restrictions. Traffic that originates from the DMZ interface is selectively permitted to the outside interface. Traffic that originates from the inside interface is generally blocked entirely or very selectively permitted to the outside interface. Return traffic from the outside that is associated with traffic originating from the inside is permitted to traverse from the outside interface to the DMZ interface. Return traffic from the inside that is associated with traffic originating from the outside is permitted to traverse from the inside interface to the outside interface.
Traffic that originates from the DMZ interface is selectively permitted to the outside interface.
What is a good password recommendation for a Cisco router? Use the service password-encryption command to protect a password used to log into a remote device across the network. Use a minimum of 7 characters. Leave it blank, no one would guess that and the brute force attacks don't try that. Use one or more spaces within a multiword passphrase. Zeroize all passwords used (like they showed in the video).
Use one or more spaces within a multiword passphrase.
What are three network enhancements achieved by implementing the Cisco IOS software role-based CLI access feature? (Choose three.) security scalability fault tolerance cost reduction operational efficiency availability
operational efficiency security availability
Which command will move the show interface command to privilege level 10? router(config)# privlege exec level 10 show interface router(config)# privlege level 10 show interface router(config)# show interface level 10 router(config-if)# privlege exec level 10 show interface
router(config)# privlege exec level 10 show interface