CCNA Security FAQ: Implementing Secure Management and Hardening the Router
Q1. Which of the following is not a consideration for setting up technical controls in support of secure logging?
A. How can the confidentiality of logs as well as communicating log messages be assured?
B. How do you log events from several devices in one central place?
C. What are the most critical events to log?
D. What are the most important logs?
E. None of the above.
Q2. Fill in the blank with the correct term from the choices.
One communication path between management hosts and the devices they manage is __________, meaning that the traffic flows within a network separate from the production network.
Q3. True or false. A general management guideline is to ensure that clocks on network devices are not synchronized with an external time source because this is a known vulnerability.
Q4. Indicate the number for each logging level:
- Debugging: ____
- Alerts: ____
- Emergencies: ____
- Notifications: ____
- Critical: ____
- Informational: ____
- Warnings: ____
Answer: The logging levels are the following:
- Debugging: 7
- Alerts: 1
- Emergencies: 0
- Notifications: 5
- Critical: 2
- Informational: 6
- Warnings: 4
Q5. To what menus do you have to navigate to setup logging in the SDM?
A. Configure->Router Management->Additional Tasks->Logging
B. Configure->Additional Tasks->Router Properties->Logging
C. Monitor->System Properties->Configure->Syslog
D. Configure->Additional Tasks->Router Properties->Syslog
E. Monitor->Logging Options->Syslog Setup
represent real choices..
Q6. Match the following SNMP terms with their definitions:
- MIB: ___
- Agent: ___
- NMS: ___
A. Responds to sets and gets
B. Sends sets and gets
C. Information database
Q7. True or false. Secure Network Time Protocol (SNTP) is more secure than regular NTP as it requires authentication.
8Q. Which of the following is part of Cisco’s list of seven categories of vulnerable router services and interfaces? (Choose all that apply.)
A. Disable unnecessary services and interfaces.
B. Disable commonly configured management services.
C. Ensure path integrity.
D. Disable probes and scans.
E. All of the above.
Answer: E is correct. The complete list is as follows:
- Disable unnecessary services and interfaces.
- Disable commonly configured management services.
- Ensure path integrity.
- Disable probes and scans.
- Ensure terminal access security.
- Disable gratuitous and proxy ARP.
- Disable IP directed broadcasts.
Q9. Fill in the blank with the correct term from the choices.
The Cisco SDM Security Audit Wizard and One-Step Lockdown tools are based on the Cisco _________ feature.
E. None of the above
Q10. True or false. SNMPv3 is implemented in the Cisco SDM Security Audit Wizard but not in the auto secure CLI command.
TABLE 4.2 SNMP Security Models and Levels