CCSP SECUR FAQ : Basic Router Management


CCSP SECUR FAQ : Basic Router Management

Q1. What router configuration mode do you enter by default when connecting to a router?
A. Console
B. ROM monitor
C. User EXEC
D. Privileged EXEC
E. None of the above

Answer: C

Q2. Which IOS firewall feature enables you to inspect traffic at multiple layers of the ISO model?
A. Multilayer inspection
B. Context-based access control
C. Stateful inspection
D. Extended access control lists
E. Connection-based access control

Answer: B

Q3. Which configuration mode is considered the path to the global configuration mode?
A. User EXEC
B. Line configuration
C. Interface configuration
D. Subinterface configuration
E. None of the above

Answer: E

Q4. What configuration mode are you in when you see the following prompt on RouterA? RouterA%
A. User EXEC
B. Global configuration
C. Privileged EXEC
D. Unable to determine because the prompt has been changed
E. None of the above

Answer: D

Q5. What configuration mode must you be in to configure telnet access?
A. Line configuration
B. Interface configuration
C. Telnet configuration
D. Global configuration
E. Connection configuration
F. None of the above

Answer: A

Q6. What is the default symbol for the global configuration mode?
A. hostname#
B. hostname(config)%
C. router(config)>
D. hostname (global)>
E. hostname(config)#

Answer: E

Q7. What command do you use to exit the privileged EXEC mode?
A. Ctrl-Z
B. disable
C. enable
D. exit
E. end

Answer: B

Q8. What are you most likely doing in the subinterface configuration mode?
A. Changing the telnet password
B. Binding additional IP addresses to an interface
C. Changing the system password
D. Configuring system monitoring
E. Adding the default gateway

Answer: B

Q9. What access port would you use when connecting a modem?
A. Console port
B. Telnet port
C. Dialup port
D. Secure Shell
E. Auxiliary port

Answer: E

Q10. What clear-text protocol is not recommended for managing routers from external network segments?
A. Telnet
B. Secure Shell

Answer: F

Q11. You have just started work at a new facility and need to configure an old unused router. Unfortunately you cannot find the current password for the router. What router configuration mode would you need to enter to change the password?

Answer: You need to be in the ROM monitor mode to change the password.

Q12. Place the following configuration modes in the correct order:
A. Privilege EXEC
B. Global configuration
C. User EXEC
D. Subinterface configuration
E. Interface configuration

Answer: C, A, B, E, D

Q13. What is the best way to ensure that your configuration changes are not lost if the router is rebooted?

Answer: Copy the running configuration to the startup configuration.

Q14. If it has not been changed using the prompt command, what will the prompt for RouterA look like in the global configuration mode?

Answer: RouterA(config)#

Q15. What is the difference between the end and the exit commands?

Answer: The end command returns you to the privileged EXEC mode, and the exit command returns you to the global configuration mode.

Q16. What command enables you to see the available commands in your current configuration mode?

Answer: ?

Q17. How do you configure CBAC to implement reflexive access lists?

Answer: Reflexive ACLs cannot be used with CBAC.

Q18. What type of cable is required to complete a telnet connection to the router via Ethernet 0/0 interface.

Answer: The connection is completed via the router’s Ethernet interface. This requires that the router be connected to the network using an Ethernet cable (RJ-45).

Q19. What type of router management is considered to be the most secure, yet the most difficult to use for enterprise networks? (Explain your answer.)

Answer: The console connection is considered the most secure because it requires physical access to the router. It can also be the most difficult to maintain in a large enterprise network because the routers may be installed all over the world.

Q20. What command generates the key used for SSH on the IOS router?

Answer: crypto key generate rsa [key-length]

Q21. What Cisco IOS firewall feature enables administrators to configure access to services on nonstandard ports?

Answer: Port-to-application mapping

Q22. What AAA server types can interact with the IOS firewall?

Answer: TACACS+, RADIUS, Kerberos

Q23. How does the Cisco IOS firewall ensure that routing updates are valid?

Answer: It validated the source by using peer authentication.

More Resources

About the author


Leave a Comment