CCSP SECUR FAQ : Secure Router Administration

CCSP SECUR FAQ : Secure Router Administration

Q1. What are some of the steps that can be taken to secure the console interface on a router or switch device?
A. Administratively shut down the console interface.
B. Physically secure the device.
C. Apply an access list using the access-class command.
D. Configure a console password.

Answer: A, C, D

Q2. How many characters can you have in an enable password?
A. 256
B. 32
C. 25
D. 12

Answer: C

Q3. Which of the following is the least restrictive privilege level?
A. 0
B. 22
C. 15
D. 17

Answer: C

Q4. The service password-encryption command does which of the following?
A. Encrypts the configuration on the router
B. Stores passwords in an encrypted manner in the router configuration
C. Only encrypts the telnet password in the Cisco IOS configuration
D. Is only available on PIX Firewall

Answer: B

Q5. Which of the following choices has the correct configuration for encrypting the enable password?
A. Router(config)#enable secret gr3twhite
B. Router#enable encryption gr3twhite
C. Router#enable secret gr3twhite
D. Router#(config)enable encryption t gr3twhite

Answer: A

Q6. Which of the following commands are associated with privilege level 0?
A. disable
B. configure terminal
C. enable
D. logout

Answer: A, C, D

Q7. Which of the following configurations displays a login banner when a router is accessed?
A. Router# banner exec d If you are not an authorized user disconnect immediately message d

B. Router(config)# banner login d If you are not an authorized user disconnect immediately d

C. Router(config)#banner exec d If you are not an authorized user disconnect immediately d

D. Router# banner login d If you are not an authorized user disconnect immediately d

Answer: B

Q8. For maintaining confidentiality and integrity in accessing a router, is recommended over telnet.
C. Secure telnet

Answer: A

Q9. How do you secure the Ethernet port on a switch? (Select two.)
A. Disable unused ports.
B. Configure port security.
C. Set access list.
D. Security cannot be configured on the port.

Answer: A, D

Q10. In the event of a security violation, what is the default response of the port?
A. Switches into restrictive mode
B. Switches into a temporary shutdown mode
C. Switches into permanent shutdown mode
D. Switches into a temporary restrictive mode

Answer: C

Q11. How many levels of command access does the CLI have?

Answer: Cisco IOS Software has two levels of access to commands by default: user EXEC mode (level 1) and privileged EXEC mode (level 15).

Q12. What are some of the characteristics of the enable password?

Answer: It must contain from 1 to 25 uppercase and lowercase alphanumeric characters. It must not have a number as the first character. It can have leading spaces, but they are ignored. However, intermediate and trailing spaces are recognized. And it can contain the question mark (?) character.

Q13. What are the commands associated with privileged level 0?

Answer: There are five commands associated with privilege level 0: disable, enable, exit, help, and logout.

Q14. What is the banner login command used for?

Answer: The banner login command is used for informational messages displayed when the users log in to a router or switch. The banner could inform the users that if they are unauthorized users accessing the device, they could be disconnected immediately or could face legal actions by the owners of the device.

Q15. Give one example of telnet vulnerability?

Answer: Passwords sent over a telnet session are in clear text. This makes it an insecure method for remote access, especially over public networks.

Q16. Give two advantages of using SSH for connecting to your device?

Answer: By using SSH one can mitigate against spoofing, man-in-the-middle attacks, and session hijacking.

Q17. What is maximum number of MAC addresses allowed on a port?

Answer: The total number of MAC addresses on any port cannot exceed 1025

Q18. What does the service password-encryption command do?

Answer: The service password-encryption command stores passwords in an encrypted manner in the router configuration.

Q19. What is the advantage of using the enable secret command over enable password command?

Answer: The enable secret command provides better security by storing the enable secret password using a nonreversible cryptographic function.

Q20. What are the steps required to configure SSH on a Cisco IOS router?

Answer: The four steps required to enable SSH support on a Cisco IOS router are as follows:

  1. Configure the hostname command.
  2. Configure the DNS domain.
  3. Generate the SSH key to be used.
  4. Enable SSH transport for vty lines.

More Resources

About the author


Leave a Comment