CCNAS Chapter 2

  • 格式:docx
  • 大小:216.28 KB
  • 文档页数:11

An administrator defined a local user account with a secret password on router R1 for use with SSH. Which three additional s required to configure R1 to accept only encrypted SSH connections? (Choose three.)configure the IP domain name on the routerenable inbound vty Telnet sessionsgenerate the SSH keysconfigure DNS on the routerenable inbound vty SSH sessionsgenerate two-way pre-shared keysWhich set of commands are required to create a username of admin, hash the password using MD5, and force the router to acc internal username database when a user attempts to access the console?R1(config)# username admin password Admin01pa55R1(config)# line con 0R1(config-line)# login localR1(config)# username admin password Admin01pa55R1(config)# line con 0R1(config-line)# login internalR1(config)# username admin Admin01pa55 encr md5R1(config)# line con 0R1(config-line)# login localR1(config)# username admin secret Admin01pa55R1(config)# line con 0R1(config-line)# login localR1(config)# username admin secret Admin01pa55R1(config)# line con 0R1(config-line)# login internalRefer to the exhibit. Which statement regarding the JR-Admin account is true?JR-Admin can issue show, ping, and reload commands.JR-Admin can issue ping and reload commands.JR-Admin can issue only ping commands.JR-Admin can issue debug and reload commands.JR-Admin cannot issue any command because the privilege level does not match one of those defined.Refer to the exhibit. What two pieces of information can be gathered from the generated message? (Choose two.)This message is a level five notification message.This message appeared because a minor error occurred requiring further investigation.This message appeared because a major error occurred requiring immediate action.This message indicates that service timestamps have been globally enabled.This message indicates that enhanced security was configured on the vty ports.Refer to the exhibit. Routers R1 and R2 are connected via a serial link. One router is configured as the NTP master, and the oth client. Which two pieces of information can be obtained from the partial output of the show ntp associations detail command o (Choose two.)Both routers are configured to use NTPv2.Router R1 is the master, and R2 is the client.Router R2 is the master, and R1 is the client.The IP address of R1 is 192.168.1.2.The IP address of R2 is 192.168.1.2.Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.)physical securityflash securityoperating system securityremote access securityrouter hardeningzone isolationBy default, how many seconds of delay between virtual login attempts is invoked when the login block-for command is configuonetwothreefourfiveWhich two statements describe the initial deployed services of Cisco routers and recommended security configuration changes? two.)CDP is disabled by default and should be enabled on all interfaces, even when the service is not required.Configuration autoloading is disabled by default but should be enabled, even when the service is not required.ICMP mask reply is disabled by default but should be enabled on untrusted interfaces.ICMP unreachable notifications are enabled by default but should be disabled on untrusted interfaces.FTP is enabled by default and should be disabled.TCP keepalives are disabled by default but should be enabled globally to prevent certain DoS attacks.What are two characteristics of SNMP community strings? (Choose two.)A vulnerability of SNMPv1, SNMPv2, and SNMPv3 is that they send the community strings in plaintext.Commonly known community strings should be used when configuring secure SNMP. If the manager sends one of the correct read-only community strings, it can get information and set information in an agent SNMP read-only community strings can be used to get information from an SNMP-enabled device.SNMP read-write community strings can be used to set information on an SNMP-enabled device.Why is the username name secret password command preferred over the username name password password command?It uses the MD5 algorithm for encrypting passwords.It uses the standard type 7 algorithm for encrypting passwords. It allows the administrator to configure passwords of any length.It does not require the login local command to enable the local database for authentication.Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purp access to the privileged EXEC mode?Keep a secure copy of the router Cisco IOS image and router configuration file as a backup.Disable all unused ports and interfaces to reduce the number of ways that the router can be accessed.Configure secure administrative control to ensure that only authorized personnel can access the router.Locate the router in a secure locked room that is accessible only to authorized personnel.Provision the router with the maximum amount of memory possible.Which command is used to verify the existence of a secure Cisco IOS image file?show versiondirshow flashshow secure bootsetRefer to the exhibit. Based on the output of the show running-config command, which type of view is SUPPORT?secret view, with a level 5 encrypted passwordroot view, with a level 5 encrypted secret passwordsuperview, containing SHOWVIEW and VERIFYVIEW viewsCLI view, containing SHOWVIEW and VERIFYVIEW commandsWhat are three requirements that must be met if an administrator wants to maintain device configurations via secure in-band ma (Choose three.)network devices configured to accommodate SSHa separate network segment connecting all management devicesat least one router acting as a terminal serverencryption of all remote access management trafficconnection to network devices through a production network or the Internetdirect access to the console ports of all network devicesWhich three options can be configured by Cisco AutoSecure? (Choose three.)CBACSNMPsyslogsecurity bannerinterface IP addressenable secret passwordWhich two characteristics apply to Role-Based CLI Access superviews? (Choose two.)CLI views have passwords, but superviews do not have passwords.Users logged in to a superview can access all commands specified within the associated CLI views.A single superview can be shared among multiple CLI views.Commands cannot be configured for a specific superview.Deleting a superview deletes all associated CLI views.Which statement describes the operation of the CCP Security Audit wizard?The wizard compares a router configuration against recommended settings.The wizard monitors network data and logs possible unauthorized or malicious traffic.The wizard logs the effectiveness of network security measures for baseline comparisons.The wizard performs an analysis of implemented security measures based on a saved baseline.Which three services does CCP One-Step Lockdown enable? (Choose three.)SNMPTCP interceptsSSH access to the routerCisco Discovery Protocolpassword encryptionfirewall on all outside interfacesWhich three types of views are available when configuring the Role-Based CLI Access feature? (Choose three.)superuser viewroot viewsuperviewCLI viewadmin viewconfig viewIf AAA is already enabled, which three CLI steps are required to configure a router with a specific view? (Choose three.)Assign a secret password to the view.Assign commands to the view.Assign users who can use the view.Associate the view with the root view.Create a superview using the parser view view-name command.Create a view using the parser view view-name command.Which three options can be configured by Cisco AutoSecure? (Choose three.)CBACSNMPsyslogsecurity bannerinterface IP addressenable secret password。