CCNA Security V2

CCNA Security Version 2.0 Chapter 2 Exam Answers

  1. Which three types of views are available when configuring the role-based CLI access feature? (Choose three.)
    • superview
    • admin view
    • root view
    • superuser view
    • CLI view
    • config view
  2. Which three statements describe limitations in using privilege levels for assigning command authorization? (Choose three.)
    • Creating a user account that needs access to most but not all commands can be a tedious process.
    • Views are required to define the CLI commands that each user can access.
    • Commands set on a higher privilege level are not available for lower privilege users.
    • It is required that all 16 privilege levels be defined, whether they are used or not.
    • There is no access control to specific interfaces on a router.
    • Refer to the exhibit. Which statement about the JR-Admin account is true?

      CCNA Security Chapter 2 Exam Answer v2 001

      CCNA Security Chapter 2 Exam Answer v2 001

      • JR-Admin can issue only ping commands.
      • JR-Admin can issue show, ping, and reload commands.
      • JR-Admin cannot issue any command because the privilege level does not match one of those defined.
      • JR-Admin can issue debug and reload commands.
      • JR-Admin can issue ping and reload commands
    • Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.)
      • remote access security
      • zone isolation
      • router hardening
      • operating system security
      • flash security
      • physical security
    • Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode?
      • Locate the router in a secure locked room that is accessible only to authorized personnel.
      • Configure secure administrative control to ensure that only authorized personnel can access the router.
      • Keep a secure copy of the router Cisco IOS image and router configuration file as a backup.
      • Provision the router with the maximum amount of memory possible.
      • Disable all unused ports and interfaces to reduce the number of ways that the router can be accessed.
    • Refer to the exhibit. Based on the output of the show running-config command, which type of view is SUPPORT?

      CCNA Security Chapter 2 Exam Answer v2 002

      CCNA Security Chapter 2 Exam Answer v2 002

      • CLI view, containing SHOWVIEW and VERIFYVIEW commands
      • superview, containing SHOWVIEW and VERIFYVIEW views
      • secret view, with a level 5 encrypted password
      • root view, with a level 5 encrypted secret password
    • Which two characteristics apply to role-based CLI access superviews? (Choose two.)
      • A specific superview cannot have commands added to it directly.
      • An administrator defined a local user account with a secret password on router R1 for use with SSH. Which three additional steps are required to configure R1 to accept only encrypted SSH connections? (Choose three.)
        • Enable inbound vty SSH sessions.
        • Generate two-way pre-shared keys.
        • Configure DNS on the router.
        • Configure the IP domain name on the router.
        • Enable inbound vty Telnet sessions.
        • Generate the SSH keys.
      • Which set of commands are required to create a username of admin, hash the password using MD5, and force the router to access the internal username database when a user attempts to access the console?
        • R1(config)# username admin password Admin01pa55
          R1(config)# line con 0
          R1(config-line)# login local
        • R1(config)# username admin secret Admin01pa55
          R1(config)# line con 0
          R1(config-line)# login local
        • R1(config)# username admin Admin01pa55 encr md5
          R1(config)# line con 0
          R1(config-line)# login local
        • R1(config)# username admin password Admin01pa55
          R1(config)# line con 0
          R1(config-line)# login
        • R1(config)# username admin secret Admin01pa55
          R1(config)# line con 0
          R1(config-line)# login
      • CLI views have passwords, but superviews do not have passwords.
      • A single superview can be shared among multiple CLI views.
      • Deleting a superview deletes all associated CLI views.
      • Users logged in to a superview can access all commands specified within the associated CLI views.
    • If AAA is already enabled, which three CLI steps are required to configure a router with a specific view? (Choose three.)
      • Create a superview using the parser view view-name command.
      • Associate the view with the root view.
      • Assign users who can use the view.
      • Create a view using the parser view view-name command.
      • Assign a secret password to the view.
      • Assign commands to the view.
    • What occurs after RSA keys are generated on a Cisco router to prepare for secure device management?
      • The keys must be zeroized to reset Secure Shell before configuring other parameters.
      • All vty ports are automatically configured for SSH to provide secure management.
      • The general-purpose key size must be specified for authentication with the crypto key generate rsa general-keys moduluscommand.
      • The generated keys can be used by SSH.
    • The root user must be assigned to each privilege level that is defined.
  3. What command must be issued to enable login enhancements on a Cisco router?
    • privilege exec level
    • login delay
    • login block-for
    • banner motd
  4. What is the default privilege level of user accounts created on Cisco routers?
    • 0
    • 1
    • 15
    • 16
  5. A network administrator notices that unsuccessful login attempts have caused a router to enter quiet mode. How can the administrator maintain remote access to the networks even during quiet mode?
    • Quiet mode behavior can be enabled via an ip access-group command on a physical interface.
    • Quiet mode behavior will only prevent specific user accounts from attempting to authenticate.
    • Quiet mode behavior can be overridden for specific networks by using an ACL.
    • Quiet mode behavior can be disabled by an administrator by using SSH to connect.
  6. What is a characteristic of the Cisco IOS Resilient Configuration feature?
    • It maintains a secure working copy of the bootstrap startup program.
    • Once issued, the secure boot-config command automatically upgrades the configuration archive to a newer version after new configuration commands have been entered.
    • A snapshot of the router running configuration can be taken and securely archived in persistent storage.
    • The secure boot-image command works properly when the system is configured to run an image from a TFTP server.
  7. What is a requirement to use the Secure Copy Protocol feature?
    • At least one user with privilege level 1 has to be configured for local authentication.
    • A command must be issued to enable the SCP server side functionality.
    • A transfer can only originate from SCP clients that are routers.
    • The Telnet protocol has to be configured on the SCP server side.
  8. What is a characteristic of the MIB?
    • The OIDs are organized in a hierarchical structure.
    • Information in the MIB cannot be changed.
    • A separate MIB tree exists for any given device in the network.
    • Information is organized in a flat manner so that SNMP can access it quickly.
  9. Which three items are prompted for a user response during interactive AutoSecure setup? (Choose three.)
    • IP addresses of interfaces
    • content of a security banner
    • enable secret password
    • services to disable
    • enable password
    • interfaces to enable
  10. A network engineer is implementing security on all company routers. Which two commands must be issued to force authentication via the password 1A2b3C for all OSPF-enabled interfaces in the backbone area of the company network? (Choose two.)
    • area 0 authentication message-digest
    • ip ospf message-digest-key 1 md5 1A2b3C
    • username OSPF password 1A2b3C
    • enable password 1A2b3C
    • area 1 authentication message-digest
  11. What is the purpose of using the ip ospf message-digest-key key md5 password command and the area area-id authentication message-digest command on a router?
    • to configure OSPF MD5 authentication globally on the router
    • to enable OSPF MD5 authentication on a per-interface basis
    • to facilitate the establishment of neighbor adjacencies
    • to encrypt OSPF routing updates
  12. What are two reasons to enable OSPF routing protocol authentication on a network? (Choose two.)
    • to provide data security through encryption
    • to ensure faster network convergence
    • to ensure more efficient routing
    • to prevent data traffic from being redirected and then discarded
    • to prevent redirection of data traffic to an insecure link
  13. Which two options can be configured by Cisco AutoSecure? (Choose two.)
    • enable secret password
    • interface IP address
    • SNMP
    • security banner
    • syslog
  14. Which three functions are provided by the syslog logging service? (Choose three.)
    • setting the size of the logging buffer
    • specifying where captured information is stored
    • gathering logging information
    • authenticating and encrypting data sent over the network
    • distinguishing between information to be captured and information to be ignored
    • retaining captured messages on the router when a router is rebooted
  15. What is the Control Plane Policing (CoPP) feature designed to accomplish?
    • disable control plane services to reduce overall traffic
    • prevent unnecessary traffic from overwhelming the route processor
    • direct all excess traffic away from the route process
    • manage services provided by the control plane
  16. Which three actions are produced by adding Cisco IOS login enhancements to the router login process? (Choose three.)
    • permit only secure console access
    • create password authentication
    • automatically provide AAA authentication
    • create syslog messages
    • slow down an active attack
    • disable logins from specified hosts

Related Articles

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
Back to top button