CCSP SECUR FAQ : Securing the Network with a Cisco Router
Q1. Which of the following versions of SNMP does Cisco IOS Software support?
Q2. Which of the following is (are) true about SNMP version 1?
A. Very secure
B. Used very widely
C. Uses a very weak authentication scheme based on “community string”
D. All of the above
Q3. Why is it important to secure the SNMP management station? Select the best answer.
A. The concentration of large information on the SNMP management station makes it a target.
B. Because there could be only a single SNMP management station.
C. SNMP management stations only operate older versions of the UNIX operating system.
D. None of the above.
Q4. Which of the following is true about the HTTP server on the Cisco IOS Software?
A. The HTTP server is on by default.
B. The HTTP server uses MD5 for authentication by default.
C. The HTTP server is off by default.
D. The HTTP server requires authentication to provide access to the router.
Q5. To what type of attack does running ip directed broadcast expose the router?
A. Smurf attack
B. SMTP attack
C. SPAM attack
D. All of the above
Q6. Which of the following is the best answer in securing routing updates from routing protocols?
A. Routing updates cannot be secure
B. Increase physical security
C. Disable the routing protocols
D. Configure neighbor authentication
Q7. Which of the following are part of the small server services?
8. Which of the following is true regarding the IP directed-broadcast service?
A. The no ip directed-broadcast command is the default in Cisco IOS Software Release 12.0 and later.
B. Reduces HTTP vulnerabilities.
C. Increases security.
D. Only A and C
Q9. What is the command to disable CDP on a particular interface?
A. no cdp neighbor
B. no cdp running
C. no cdp
D. no cdp enable
Q10. What is the command to enable the HTTPS server on the Cisco IOS router?
A. ip https server
B. ip server https
C. ip http secure-server
D. ip secure-server
Q11. Name the two types of routing protocol authentication (neighbor authentication)?
Q12. Name one weakness of SNMPv1.
Q13. How do you enable the HTTP service on the Cisco IOS router?
Q14. What are the security features that are provided by SNMPv3?
Answer: SNMPv3 provides the following security features:
- Message integrity
Q15. What is an IP directed broadcast?
Q16. What is the default password when accessing the router via the HTTP service?
Q17. What are the symptoms on the router when an attacker exploits the “small server services” that have been enabled on the router?