Chapter 4 HW Quiz

Ace your homework & exams now with Quizwiz!

Which type of access is secured on a Cisco router or switch with the enable secret command? -AUX port. -Console Line. -Virtual Terminal. -PuTTY. -Privleged EXEC.

-Privleged EXEC.

Which type of access is secured on a Cisco router or switch with the enable secret command? - Enable at least two ports for remote access. - Console Line. - Disable discovery protocols for all user-facing ports. - Block local access. - Log and account for all access.

?

What command will prevent all unencrypted passwords from displaying in plain text in a configuration file? - (config-line)# password secret - (config)# enable secret Secret_Password - (config)# enable password secret - (config)# service password-encryption - (config)# enable secret Encrypted_Password

- (config)# service password-encryption

What is the purpose of using a banner message on a Cisco network device? - It will stop attackers dead in their tracks. - It can provide more security by slowing down attacks. - It can protect an organization from a legal perspective. - It can be used to create a quiet period where remote connections are refused.

- It can protect an organization from a legal perspective.

What is one difference between using Telnet or SSH to connect to a network device for management purposes? - Telnet uses UDP as the transport protocol whereas SSH uses TCP. - Telnet sends a username and password in plain text, whereas SSH encrypts the username and password. - Telnet does not provide authentication whereas SSH provides authentication. - Telnet supports a host GUI whereas SSH only supports a host CLI.

- Telnet sends data in plain text, where as SSH encrypts the data.

At what point in the enterprise network are packets arriving from the internet examined prior to entering the network? - campus core - internet edge - network edge - WAN edge

network edge

Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode? - Configure secure administrative control to ensure that only authorized personnel can access the router. Locate the router in a secure locked room that is accessible only to authorized personnel. - Provision the router with the maximum amount of memory possible. - Keep a secure copy of the router Cisco IOS image and router configuration file as a backup. - Disable all unused ports and interfaces to reduce the number of ways that the router can be accessed.

- Locate the router in a secure locked room that is accessible only to authorized personnel.

Which statement describes a typical security policy for a DMZ firewall configuration? - Traffic that originates from the DMZ interface is selectively permitted to the outside interface. - Return traffic from the inside that is associated with traffic originating from the outside is permitted to traverse from the inside interface to the outside interface. - Return traffic from the outside that is associated with traffic originating from the inside is permitted to traverse from the outside interface to the DMZ interface. - Traffic that originates from the inside interface is generally blocked entirely or very selectively permitted to the outside interface. - Traffic that originates from the outside interface is permitted to traverse the firewall to the inside interface with few or no restrictions.

- Traffic that originates from the DMZ interface is selectively permitted to the outside interface.

What is a good password recommendation for a Cisco router? - Use the service password-encryption command to protect a password used to log into a remote device across the network. - Use a minimum of 7 characters. - Zeroize all passwords used. - Use one or more spaces within a multiword phrase.

- Use one or more spaces within a multiword phrase.

A network administrator is issuing the login block-for 180 attempts 2 within 30 command on a router. Which threat is the network administrator trying to prevent? - a user who is trying to guess a password to access the router - a worm that is attempting to access another part of the network - an unidentified individual who is trying to access the network -equipment room - a device that is trying to inspect the traffic on a link

- a user who is trying to guess a password to access the router

What three configuration steps must be performed to implement SSH access to a router? (Choose three.) - A user account. - A unique hostname. - An IP domain name. - A password on the console line. - An encrypted password. - An enable mode password. - Standard ACLs can filter on source and destination TCP and UDP ports.

- an IP domain name - a unique hostname - a user account

Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.) - operating system security - physical security - router hardening - zone isolation - flash security - remote access security

- operating system security - physical security - router hardening

A network administrator establishes a connection to a switch via SSH. What characteristic uniquely describes the SSH connection? - Direct access to the switch through the use of a terminal emulation program. - Remote access to a switch where data is encrypted during the session. - Out-of-band access to a switch through the use of a terminal with password authentication. - Remote access to the switch through the use of a telephone dialup connection. - On-site access to a switch through the use of a directly connected PC and a console cable.

- remote access to a switch where data is encrypted during the session

A company is planning to use a DMZ for their servers and is concerned about securing the network infrastructure. Which device should the network security team use for the edge router? -Cisco Nexus switch -VPN gateway -firewall -Layer 2 switch with port security features enabled

-firewall


Related study sets

Cost Management Final (god bless)

View Set

Brit Lit: mastery test units 1-3 review

View Set